[sn4k3]

Search for a Linux symbol is quite simple, the most hard part came on windows :/

how could we find a signature for a game specific functions like CSSPlayer::RoundRespawn, CSSPlayer::SwitchTeam

For get CBaseEntity sigs its more easy, since we can compare to HL2 release, but since there are no RoundRespawn to compare in HL2 how could we find such signatures?

Thanks

[Mani]

With difficulty....
You can use IDA Pro for viewing both windows libraries and linux libraries (symbols are visible in linux libs). In general they both have a similiar logic flow in the code so it's a bit of trial and error to compare the two and find the sigs. RoundRespawn is the hardest by a long way to find but I can post them both here (taken from http://code.google.com/p/maniadminpl...mani_sigscan.h ): -

Code:

#define CCSPlayer_RoundRespawn_Sig "56 8B F1 8B 06 8B 90 ? ? ? ? FF D2 8B 86 ? ? ? ? 85 C0 74 ? 8B 50 ? 85 D2 74 ? 8B 48"

Code:

#define CCSPlayer_SwitchTeam_Sig "83 EC ? 56 57 8B 7C 24 ? 57 8B F1 E8 ? ? ? ? 83 C4 04"

We recently changed our sigscan encoding so that ? symbols represent wildcards rather than the traditional 0x2A that everyone else uses. This just makes it easier to copy paste into IDA Pro as it uses the same format for search strings.

Mani

[Chrisber]

Since players get items when they spawn an idea might be to find the sig to GiveNamedItem (which is quiet easy because you can search for strings) and then check references to that function. RoundRespawn should also call GiveNamedItem.

@ Mani: I thought MAP uses the gametypes.txt to get signatures. Are they now hardcoded to the files?

Chris

[Mani]

Quote:

Originally Posted by Chrisber Since players get items when they spawn an idea might be to find the sig to GiveNamedItem (which is quiet easy because you can search for strings) and then check references to that function. RoundRespawn should also call GiveNamedItem. Chris

This is how I tend to find things using IDA Pro, by looking through the linux lib and finding functions that are used within or somewhere around a call to the function I'm interested in that have a low call count. If I can find the equivalent function in the windows lib then it's not too hard to start mapping out the function names. IDA Pro allows you to manually rename unknown functions so it's easier to visualise (especially with the code graphing enabled)

I worked out the following sigs which are all called from the function that calls RoundRespawn.

Code:

// #define CCSGameRules_GiveC4_Sig "81 EC ? ? ? ? 53 55 83 C8 FF 56 57 89 ? ? ? 89 ? ? ? A1 ? ? ? ? 33 ED 33 DB BF 01 00 00 00"
// #define CCSPlayer_CheckTKPunishment "B0 01 38 81 ? ? ? ? 75 ? 8B 15 ? ? ? ? 83 7A ? ? 74 ? 88 81 ? ? ? ? 8B 01 8B 90"
// #define UTIL_PlayerByIndex "8B 44 24 04 56 33 F6 85 C0 7E ? 8B 0D ? ? ? ? 3B 41 ? 7F ? 8B 0D ? ? ? ? 8B 11 50 8B 42"
// #define CCSGameRules_CleanUpMap "83 EC 08 80 B9 ? ? ? ? ? 0F 85 ? ? ? ? 56 6A 00 B9 ? ? ? ? E8 ? ? ? ? 8B F0 85 F6"
// #define CCSPlayer_ObserverRoundRespawn_Sig "56 57 8B F1 E8 ? ? ? ? 80 BE ? ? ? ? ? 8D BE ? ? ? ? 74 ? 57 8B CE E8"

None of these are used within the MAP code but I'm keeping them for reference incase the sig for RoundRespawn breaks again.

Quote:

Originally Posted by Chrisber @ Mani: I thought MAP uses the gametypes.txt to get signatures. Are they now hardcoded to the files? Chris

They have always been hardcoded into the source code for historical reasons that are not really valid today.
I would imagine we will get them into the gametypes.txt at some point but it's complicated by the fact that we don't always use sigscans in the same way.

For instance getting at g_pEntityList requires a sigscan for the the function IsThereABomb() and then using an index into that function to derive g_pEntityList.

Another instance is where the function you are after is very short in length. You can either have your sigscan include bytes from the previous function and provide an offset into the signature where the start of the function resides, or have a sigscan that finds a function that calls the function you are interested in and provide an offset into the function for that call.

How we would represent this in gametypes.txt I'm not sure.

Mani

[Chrisber]

So if I understand you right, you have 4 possibilities:

Code:

1.) "direct" sigs
myFunc = SigToPointer(sig);

->
"myFunc"
{
    "type"    "direct"
    "sig"        "blah"
}

2.) sig to another function + offset
myFunc = SigToPointer(sig) + offset;

->
"myFunc"
{
    "type"    "offset"
    "sig"        "blah"
    "offset"    "290"
}

3.) calling a sigged function
myFunc = ((myFunc_t*)SigToPointer(sig));

->
"myFunc"
{
    "type"    "call"
    "sig"        "blah"
    "offset"    "290"
}

4.) calling a sigged function + offset
myFunc = ((myFunc_t*)SigToPointer(sig)) + offset;

->
"myFunc"
{
    "type"    "offsetcall"
    "sig"        "blah"
    "offset"    "290"
}

I think it isn't a problem to create a parser for this.
If you (or your dev team want) I can create one for you (or extend your old ones).

Chris

[Mani]

Quote:

Originally Posted by Chrisber :I think it isn't a problem to create a parser for this. If you (or your dev team want) I can create one for you (or extend your old ones). Chris

Yep I'm sure it would look something like that. As it stands, it is not high on our priority list to update the code to use it within the code. So it's more a question of getting the time to do it.

I'm sure Keeper could chime in on this as he is the main maintainer of the codebase at the moment.

Mani

[sn4k3]

thanks for the explanation

yesterday i tried to compare linux vs windows libraries and its really hard