About Hooking Game Default Functions

claudiuhks · **Author**

Hello!

I've seen in CSDM 2.1.2 www.bailopan.net how to call a default game function like RoundRespawn__11CBasePlayer.
But I'm wondering how to hook it in a void or int to catch the game properly execution of it?

PHP Code:


			
class CPlayer
{
  // ...
  edict_t *edict;
  // ...
} CPlayers[ 33 ];

class CMisc
{
  // ...
#if defined __linux__
  void *respawn;
#endif
  // ...
} CMiscs;

// ...
#if defined __linux__
static void *ResolveSignature( const char *ccSignature )
{
    static Dl_info dInfo;
    static void *vHandle, *vAddr;

    dladdr( ( void * ) MDLL_Spawn, &dInfo );
    vHandle = dlopen( dInfo.dli_fname, RTLD_NOW );
    vAddr = dlsym( vHandle, ccSignature );
    dlclose( vHandle );

    return vAddr;
}
#endif
// ...

void OnAmxxAttach( )
{
  // ...
#if defined __linux__
  CMiscs.respawn = ( void * ) ResolveSignature( "RoundRespawn__11CBasePlayer" );
#endif
  // ...
}

void ServerActivate_Post( edict_t *eEdictList, int, int )
{
  // ...
  static unsigned int i;

  for( i = 1; i < gpGlobals -> maxClients + 1; ++i )
    CPlayers[ i ].edict = eEdictList + i;
  // ...

  RETURN_META( MRES_IGNORED );
}

void RespawnPlayer( int iPlayer )
{
  // ...
#if defined __linux__
  static CBasePlayer *CBPlayer;

  CBPlayer = ( CBasePlayer * ) CPlayers[ iPlayer ].edict -> pvPrivateData;

  typedef void ( * Respawn ) ( CBasePlayer * );

  Respawn Spawn = ( Respawn ) CMiscs.respawn;

  Spawn( CBPlayer );
#endif
  // ...
}

I'm waiting for an example, which could be made, or which already exists and someone knows where is it, and if it will contains a few comments, would be greatly appreciated!

I'm wondering how could I hook also SV_ClientDrop or SV_ReadClientMessage too.
I've seen something at Jim but I don't know how to start writting GETREALADDR custom function.
What is it?

http://forums.alliedmods.net/showthread.php?t=137283

I thank in advance!

K.K.Lv · *Last edited by K.K.Lv; 06-06-2012 at 04:31.*

the virtual function list of Class CBasePlayer:

Code:

offset Spawn__11CBasePlayer
offset Precache__11CBasePlayer, 
offset Restart__11CBaseEntity ;
offset KeyValue__12CBaseMonsterP14KeyValueData_s, 
offset Save__11CBasePlayerR5CSave
offset Restore__11CBasePlayerR8CRestore, 
offset ObjectCaps__11CBasePlayer
offset Activate__11CBaseEntity, 
offset SetObjectCollisionBox__11CBaseEntity
offset Classify__11CBasePlayer, 
offset DeathNotice__11CBaseEntityP9entvars_s
offset TraceAttack__11CBasePlayerP9entvars_sfG6VectorP11TraceResulti
offset TakeDamage__11CBasePlayerP9entvars_sT1fi, 
offset TakeHealth__11CBasePlayerfi
offset Killed__11CBasePlayerP9entvars_si, 
offset BloodColor__12CBaseMonster
offset TraceBleed__11CBaseEntityfG6VectorP11TraceResulti
offset IsTriggered__11CBaseEntityP11CBaseEntity, 
offset MyMonsterPointer__11CBaseEntity
offset MySquadMonsterPointer__11CBaseEntity, 
offset GetToggleState__11CBaseToggle
offset AddPoints__11CBasePlayerii, 
offset AddPointsToTeam__11CBasePlayerii
offset AddPlayerItem__11CBasePlayerP15CBasePlayerItem
offset RemovePlayerItem__11CBasePlayerP15CBasePlayerItem
offset GiveAmmo__11CBasePlayeriPci, 
offset GetDelay__11CBaseToggle
offset IsMoving__11CBaseEntity, 
offset OverrideReset__11CBaseEntity
offset DamageDecal__11CBaseEntityi, 
offset SetToggleState__11CBaseEntityi
offset StartSneaking__11CBasePlayer, 
offset StopSneaking__11CBasePlayer
offset OnControls__11CBaseEntityP9entvars_s, 
offset IsSneaking__11CBasePlayer
offset IsAlive__11CBasePlayer, 
offset IsBSPModel__11CBaseEntity
offset ReflectGauss__11CBaseEntity, 
offset HasTarget__11CBaseEntityUi
offset IsInWorld__11CBaseEntity, 
offset IsPlayer__11CBasePlayer
offset IsNetClient__11CBasePlayer, 
offset TeamID__11CBasePlayer
offset GetNextTarget__11CBaseEntity, 
offset Think__11CBaseEntity
offset Touch__11CBaseEntityP11CBaseEntity, 
offset Use__11CBaseEntityP11CBaseEntityT18USE_TYPEf
offset Blocked__11CBaseEntityP11CBaseEntity, 
offset Respawn__11CBaseEntity
offset UpdateOwner__11CBaseEntity, 
offset FBecomeProne__11CBasePlayer
offset Center__11CBaseEntity, 
offset EyePosition__11CBaseEntity
offset EarPosition__11CBaseEntity, 
offset BodyTarget__11CBasePlayerRC6Vector
offset Illumination__11CBasePlayer, 
offset FVisible__11CBaseEntityP11CBaseEntity
offset FVisible__11CBaseEntityRC6Vector, 
offset HandleAnimEvent__14CBaseAnimatingP14MonsterEvent_t
offset ChangeYaw__12CBaseMonsteri, 
offset HasHumanGibs__12CBaseMonster
offset HasAlienGibs__12CBaseMonster, 
offset FadeMonster__12CBaseMonster
offset GibMonster__12CBaseMonster, 
offset GetDeathActivity__12CBaseMonster
offset BecomeDead__12CBaseMonster, 
offset ShouldFadeOnDeath__11CBasePlayer
offset IRelationship__12CBaseMonsterP11CBaseEntity
offset PainSound__12CBaseMonster, 
offset ResetMaxSpeed__11CBasePlayer
offset ReportAIState__12CBaseMonster, 
offset MonsterInitDead__12CBaseMonster
offset Look__12CBaseMonsteri, 
offset BestVisibleEnemy__12CBaseMonster
offset FInViewCone__12CBaseMonsterP11CBaseEntity, 
offset FInViewCone__12CBaseMonsterP6Vector
offset Jump__11CBasePlayer, 
offset Duck__11CBasePlayer
offset PreThink__11CBasePlayer, 
offset PostThink__11CBasePlayer
offset GetGunPosition__11CBasePlayer, 
offset IsBot__11CBasePlayer
offset UpdateClientData__11CBasePlayer, 
offset ImpulseCommands__11CBasePlayer
offset RoundRespawn__11CBasePlayer, //offset on win = 84, linux = 86
offset GetAutoaimVector__11CBasePlayerf
offset Blind__11CBasePlayerfffi, 
offset OnTouchingWeapon__11CBasePlayerP10CWeaponBox

offset on windows start at 0, linux start at 2
you can use Orpheu to hook it !

about the GETREALADDR take a look the source of MemHack.

edited:
signature:

Code:

{
    "name" : "RoundRespawn",
    "class" : "CBasePlayer",
    "library" : "mod",
    "indexes" : 
    [
        {
            "os" : "windows",
            "mod" : "cstrike",
            "value" : 84
        },
        {
            "os" : "linux",
            "mod" : "cstrike",
            "value" : 86
        }
    ]
}

pawn code:

Code:

#include <amxmodx>
#include <orpheu>
public plugin_init()
{
    new OrpheuFunction:PlayerRoundRespawn = OrpheuGetFunctionFromClass("player", "RoundRespawn", "CBasePlayer");
    OrpheuRegisterHook(PlayerRoundRespawn, "RoundRespawn");
}
public RoundRespawn(player)//CBasePlayer::RoundRespawn(void)
{
    //code here.
}

claudiuhks · *Last edited by claudiuhks; 06-06-2012 at 07:13.*

Quote:

Originally Posted by K.K.Lv

the virtual function list of Class CBasePlayer:

Code:

offset Spawn__11CBasePlayer
offset Precache__11CBasePlayer, 
offset Restart__11CBaseEntity ;
offset KeyValue__12CBaseMonsterP14KeyValueData_s, 
offset Save__11CBasePlayerR5CSave
offset Restore__11CBasePlayerR8CRestore, 
offset ObjectCaps__11CBasePlayer
offset Activate__11CBaseEntity, 
offset SetObjectCollisionBox__11CBaseEntity
offset Classify__11CBasePlayer, 
offset DeathNotice__11CBaseEntityP9entvars_s
offset TraceAttack__11CBasePlayerP9entvars_sfG6VectorP11TraceResulti
offset TakeDamage__11CBasePlayerP9entvars_sT1fi, 
offset TakeHealth__11CBasePlayerfi
offset Killed__11CBasePlayerP9entvars_si, 
offset BloodColor__12CBaseMonster
offset TraceBleed__11CBaseEntityfG6VectorP11TraceResulti
offset IsTriggered__11CBaseEntityP11CBaseEntity, 
offset MyMonsterPointer__11CBaseEntity
offset MySquadMonsterPointer__11CBaseEntity, 
offset GetToggleState__11CBaseToggle
offset AddPoints__11CBasePlayerii, 
offset AddPointsToTeam__11CBasePlayerii
offset AddPlayerItem__11CBasePlayerP15CBasePlayerItem
offset RemovePlayerItem__11CBasePlayerP15CBasePlayerItem
offset GiveAmmo__11CBasePlayeriPci, 
offset GetDelay__11CBaseToggle
offset IsMoving__11CBaseEntity, 
offset OverrideReset__11CBaseEntity
offset DamageDecal__11CBaseEntityi, 
offset SetToggleState__11CBaseEntityi
offset StartSneaking__11CBasePlayer, 
offset StopSneaking__11CBasePlayer
offset OnControls__11CBaseEntityP9entvars_s, 
offset IsSneaking__11CBasePlayer
offset IsAlive__11CBasePlayer, 
offset IsBSPModel__11CBaseEntity
offset ReflectGauss__11CBaseEntity, 
offset HasTarget__11CBaseEntityUi
offset IsInWorld__11CBaseEntity, 
offset IsPlayer__11CBasePlayer
offset IsNetClient__11CBasePlayer, 
offset TeamID__11CBasePlayer
offset GetNextTarget__11CBaseEntity, 
offset Think__11CBaseEntity
offset Touch__11CBaseEntityP11CBaseEntity, 
offset Use__11CBaseEntityP11CBaseEntityT18USE_TYPEf
offset Blocked__11CBaseEntityP11CBaseEntity, 
offset Respawn__11CBaseEntity
offset UpdateOwner__11CBaseEntity, 
offset FBecomeProne__11CBasePlayer
offset Center__11CBaseEntity, 
offset EyePosition__11CBaseEntity
offset EarPosition__11CBaseEntity, 
offset BodyTarget__11CBasePlayerRC6Vector
offset Illumination__11CBasePlayer, 
offset FVisible__11CBaseEntityP11CBaseEntity
offset FVisible__11CBaseEntityRC6Vector, 
offset HandleAnimEvent__14CBaseAnimatingP14MonsterEvent_t
offset ChangeYaw__12CBaseMonsteri, 
offset HasHumanGibs__12CBaseMonster
offset HasAlienGibs__12CBaseMonster, 
offset FadeMonster__12CBaseMonster
offset GibMonster__12CBaseMonster, 
offset GetDeathActivity__12CBaseMonster
offset BecomeDead__12CBaseMonster, 
offset ShouldFadeOnDeath__11CBasePlayer
offset IRelationship__12CBaseMonsterP11CBaseEntity
offset PainSound__12CBaseMonster, 
offset ResetMaxSpeed__11CBasePlayer
offset ReportAIState__12CBaseMonster, 
offset MonsterInitDead__12CBaseMonster
offset Look__12CBaseMonsteri, 
offset BestVisibleEnemy__12CBaseMonster
offset FInViewCone__12CBaseMonsterP11CBaseEntity, 
offset FInViewCone__12CBaseMonsterP6Vector
offset Jump__11CBasePlayer, 
offset Duck__11CBasePlayer
offset PreThink__11CBasePlayer, 
offset PostThink__11CBasePlayer
offset GetGunPosition__11CBasePlayer, 
offset IsBot__11CBasePlayer
offset UpdateClientData__11CBasePlayer, 
offset ImpulseCommands__11CBasePlayer
offset RoundRespawn__11CBasePlayer, //offset on win = 84, linux = 86
offset GetAutoaimVector__11CBasePlayerf
offset Blind__11CBasePlayerfffi, 
offset OnTouchingWeapon__11CBasePlayerP10CWeaponBox

offset on windows start at 0, linux start at 2
you can use Orpheu to hook it !

about the GETREALADDR take a look the source of MemHack.

edited:
signature:

Code:

{
    "name" : "RoundRespawn",
    "class" : "CBasePlayer",
    "library" : "mod",
    "indexes" : 
    [
        {
            "os" : "windows",
            "mod" : "cstrike",
            "value" : 84
        },
        {
            "os" : "linux",
            "mod" : "cstrike",
            "value" : 86
        }
    ]
}

pawn code:

Code:

#include <amxmodx>
#include <orpheu>
public plugin_init()
{
    new OrpheuFunction:PlayerRoundRespawn = OrpheuGetFunctionFromClass("player", "RoundRespawn", "CBasePlayer");
    OrpheuRegisterHook(PlayerRoundRespawn, "RoundRespawn");
}
public RoundRespawn(player)//CBasePlayer::RoundRespawn(void)
{
    //code here.
}

I understand what do you want to say, I appreciate too, thanks for the information about MemHack, but I don't think to use other modules, I'm interested about the way to hook these OFFSETS (Windows starts at 0 and Linux +2). What kind of software should I use.
Really, I have no idea. On this forums I can't found the answer, yet.

How to know 84 is for RoundRespawn?
What about TraceBleed? I don't know how to obtain the number.

Any answer would be greatly appreciated.

Thanks.

**Arkshine** · *Last edited by Arkshine; 06-06-2012 at 08:07.*

Time to search ?

Quote:

How to know 84 is for RoundRespawn?
What about TraceBleed? I don't know how to obtain the number.

https://forums.alliedmods.net/showthread.php?t=118138

Quote:

I'm interested about the way to hook these OFFSETS

Look at Ham/Orpheu/Rage source code.
About CSDM, if I remember, it hooks the function, so hooking a signature/symbol name and not through the index of the virtual function.

claudiuhks · 06-06-2012 , 10:57 Re: About hooking game default functions!

Thank you so much!

K.K.Lv · 06-07-2012 , 02:06 Re: About hooking game default functions!

Quote:

but I don't think to use other modules

I have not tell you to use the other modules, I just tell you take a look at the source of MemHack to know how to get the GETREALADDR !
the main code is now here:

Code:

 
#ifdef __amd64__
typedef uint64_t maddress;
#else
typedef uint32_t maddress;
#endif
#define SAMPLE_DLLFUNC reinterpret_cast<void*>(gpGamedllFuncs->dllapi_table->pfnThink)
#define SAMPLE_ENGFUNC reinterpret_cast<void*>(g_engfuncs.pfnChangeLevel)
 
maddress gameDllAddress = NULL;//game mod
maddress gameEngAddress = NULL;//engine 
 
//code from MemHack
bool GetBaseAddress(void *pAddr, maddress &pBaseAddr)
{
#ifdef WIN32
    MEMORY_BASIC_INFORMATION mem;
    if (!VirtualQuery(pAddr, &mem, sizeof(mem)))
        return false;
    pBaseAddr = (maddress)mem.AllocationBase;
 
    IMAGE_DOS_HEADER *dos = (IMAGE_DOS_HEADER *)(mem.AllocationBase);
    IMAGE_NT_HEADERS *pe = reinterpret_cast<IMAGE_NT_HEADERS*>( (unsigned long)dos + (unsigned long)dos->e_lfanew );
    if (pe->Signature != IMAGE_NT_SIGNATURE)
        return false;
    //if (memLength)
        //*memLength = (size_t)(pe->OptionalHeader.SizeOfImage);
    return true;
#else
    Dl_info info;
    struct stat buf;
 
    if (!dladdr(pAddr, &info))
        return false;
 
    if (!info.dli_fbase || !info.dli_fname)
        return false;
 
    if (stat(info.dli_fname, &buf) != 0)
        return false;
 
    if (pBaseAddr)
        *pBaseAddr = (unsigned char *)info.dli_fbase;
    //if (memLength)
    //*memLength = buf.st_size;
 
    return true;
#endif
}

and my code usage:

Code:

void OnMetaAttach(void)
{
     if (GetBaseAddress(SAMPLE_DLLFUNC, gameDllAddress)
      && GetBaseAddress(SAMPLE_ENGFUNC, gameEngAddress))
    {
        g_CanLoad = true;
    }
    write_func(CS_RoundStart, gameDllAddress+0x97E4D);
    //other code here.
}

joropito · 06-08-2012 , 10:27 Re: About hooking game default functions!

You can use this kind of headers to easily understand and code http://forums.alliedmods.net/showthread.php?t=185936

Hooking of course should be done manually. You can see use this technique http://forums.alliedmods.net/showthread.php?t=137283