Nowadays Zombie Plague become a huge CS:GO server-side modification with API, developed as an source mod plugin based on new SourcePawn 1.7,
which completely revamps the gameplay, turning the game into an intense "Humans vs Zombies" survival experience.
Even though it's strongly based on the classic zombie infection mods, it takes the concept to a new level by introducing:
Gameplay Modes System: allowing add new game modes
Weapons System: allowing add new custom/standart weapons
Zombie Classes System: allowing add new zombie classes with unique models for knife and grenades
Human Classes System: allowing add new human classes with unique hands for all weapons
Account System: awarded killing, damaging or infecting players, can be exchanged for goods
Extra Items System: allows adding unlimited custom items to buy
Deathmatch Mode: where zombies or humans can continually respawn
Admin Menu: to easily manage gamemodes and players
Special Effects: from the HL2 Engine, such as dark lighting, infection effects, fog, screen shake and etc
Level System: awarded by killing, damaging or infecting, increase damage, speed, gravity
Restoring System: allow to restore health, if you are zombie
Main Features
_____________________________________________
Weapons Support (+Custom)
Custom Models Support
Extra Items Support
Zombie Classes Support
Human Classes Support
Gameplay Modes Support
Customizable Market & Arsenal
Flashlight and Nightvision
Custom Lighting, Fog, Sky, Sun
Default Game Modes:
Normal Infection
Multi Infection
Swarm Mode
Nemesis Mode
Survivor Mode
Sniper Mode
Plague Mode
Armageddon
Default Human Classes:
Red tank: Skill = Armorup ~ Activation on button: F4
Blue tank: Skill = Regeneration ~ Activation on button: F4
Red Alice: Skill = Fast running ~ Activation on button: F4
Blue Alice: Skill = Invisibility ~ Activation on button: F4
And many others
Default Zombie Classes:
Classic: Passive skill = Randomly dazzles the assailant
Fast: Passive skill = Very fast
Explosive: Skill = Infection gas ~ Activation on death
Phys: Skill = Scream ~ Activation on button: G
Deimos: Skill = Sting shot ~ Activation on button: G
Healer: Skill = Healing for money rewards ~ Activation on button: G
Smoker: Skill = Toxic cloud ~ Activation on button: G
Hunter: Skill = Fast running ~ Activation on button: G
Witch: Skill = Bats flock ~ Activation on button: G
Tesla: Skill = Hallucination blast ~ Activation on button: G
Stamper: Skill = Explosive coffin ~ Activation on button: G
Ghost: Skill = Invisibility ~ Activation on button: G
Heavy: Skill = Traping for money rewards ~ Activation on button: G
Tank: Skill = Invulnerability ~ Activation on button: G
Deathmatch System
Restoring System
Sounds System
Hitbox System
Logging System
Ragdoll System
Menu System
Skills System
Money System
Market System
Hands/Submodel System
Level System with MySQL and SQLite Support
Leap/Boost Jumps
Freeze, Fire, Flare, Infection, Jump and Molotov Nades
Objective removals (C4/Hostage/Buyzone/Doors)
Kill & Infection Rewards
More than 100 Natives and Forwards
Multi-Lanugage Support (All messages)
English Supported
Russian Supported
Chinese Supported
Romanian Supported
Main settings
_____________________________________________
Cfg file can be find here ../csgo/cfg/sourcemod/zombieplague.cfg
Spoiler
PHP Code:
// ==================================================================================
//
// ZOMBIE PLAGUE
// Main configuration
//
// ==================================================================================
// * Each uncommented line will be initialize a convar object during 'OnPluginStart'.
// ==================================================================================
// Defaults:
// ----------------------------------------------------------------------------------
// < Basic >
// ----------
zp_gamemode "30" // Time before any game mode starts in seconds [0-disabled]
zp_database "1" // Enable auto saving of players data in the database [0-off // 1-always // 2-map]
zp_antistick "1" // Enable auto unstick players when stuck within each others' collision hull [0-no // 1-yes]
zp_hitgroup "1" // Enable hitgroups module, disabling this will disable hitgroup-related features [0-no // 1-yes] (Hitgroup knockback multipliers, hitgroup damage control)
zp_knockback "1" // Enable push-knocknack system, disabling this will enable stamina-based slowdown features [0-no // 1-yes] (Knockback/slowdown for the players)
zp_extraitems "1" // Enable extraitems module, disabling this will disable e-related features [0-no // 1-yes]
zp_costume "1" // Enable costumes module, disabling this will disable costumes-related features [0-no // 1-yes] (Hats/costumes on the players)
// ----------
// < Logs >
// ----------
zp_log "1" // Enable logging of events in the plugin. Fatal errors are always logged [0-no // 1-yes]
zp_log_module_filter "0" // Enable module filtering. Only events from listed modules will be logged [0-no // 1-yes]
zp_log_ignore_console "1" // Don't log events triggered by console commands that are executed by the console itself, like commands in configs [0-no // 1-yes]
zp_log_error_override "1" // Always log error messages no matter what logging flags or modules filters that are enabled [0-no // 1-yes]
zp_log_print_chat "0" // Print log events to public chat in addition to the log file [0-no // 1-yes]
// ----------
// < Jump Boost >
// ----------
zp_jumpboost "1" // Enable jump boost [0-no // 1-yes]
zp_jumpboost_multiplier "1.0" // Multiplier with power of jump [1.0 = normal jump // 2.0 = double jump]
zp_jumpboost_max "300.0" // Maximum speed, which allow to increse jump
// ----------
// < Level System >
// ----------
zp_level_system "1" // Enable level system [0-no // 1-yes]
// ----------
zp_level_health_ratio "1.0" // Health multiplier for each level [health += health_ratio*level]
zp_level_speed_ratio "0.001" // Speed multiplier for each level [speed += speed_ratio*level]
zp_level_gravity_ratio "0.001" // Gravity multiplier for each level [gravity += gravity_ratio*level]
zp_level_damage_ratio "0.01" // Damage multiplier for each level [damage *= damage_ratio*level+1.0]
// ----------
zp_level_hud "1" // Enable level hud [0-no // 1-yes]
zp_level_hud_zombie_R "255" // Color of zombie hud (Red)
zp_level_hud_zombie_G "0" // Color of zombie hud (Green)
zp_level_hud_zombie_B "0" // Color of zombie hud (Blue)
zp_level_hud_zombie_A "255" // Alpha of zombie hud
zp_level_hud_human_R "0" // Color of human hud (Red)
zp_level_hud_human_G "255" // Color of human hud (Green)
zp_level_hud_human_B "0" // Color of human hud (Blue)
zp_level_hud_human_A "255" // Alpha of human hud
zp_level_hud_spectator_R "255" // Color of spectator hud (Red)
zp_level_hud_spectator_G "255" // Color of spectator hud (Green)
zp_level_hud_spectator_B "255" // Color of spectator hud (Blue)
zp_level_hud_spectator_A "255" // Alpha of spectator hud
zp_level_hud_X "0.02" // x coordinate, from 0 to 1. -1.0 is the center
zp_level_hud_Y "0.885" // y coordinate, from 0 to 1. -1.0 is the center
// ----------
// < Account >
// ----------
zp_account_money "1" // Enable money hud [0-off // 1-classic // 2-custom]
zp_account_connect "50" // The money amount on the first connection
zp_account_bet "50" // The donate amount (also staring amount)
zp_account_commision "0.2" // Starting commision in %
zp_account_decrease "0.005" // Commision decrease in % (each increasing of bet)
zp_account_hud_R "255" // Color of custom money hud (Red)
zp_account_hud_G "255" // Color of custom money hud (Green)
zp_account_hud_B "255" // Color of custom money hud (Blue)
zp_account_hud_A "255" // Alpha of custom money hud
zp_account_hud_X "0.02" // x coordinate, from 0 to 1. -1.0 is the center
zp_account_hud_Y "0.01" // y coordinate, from 0 to 1. -1.0 is the center
// ----------
// < Visual Effects >
// ----------
zp_veffects_infect "1" // Visual effects on infect [0-no // 1-yes]
zp_veffects_infect_fade "1" // Screen fade for infection of player [0-no // 1-yes]
zp_veffects_infect_fade_time "0.6" // Holding time of fade effect
zp_veffects_infect_fade_duration "0.2" // Duration of fade effect
zp_veffects_infect_fade_R "255" // Color of infect fade (Red)
zp_veffects_infect_fade_G "0" // Color of infect fade (Green)
zp_veffects_infect_fade_B "0" // Color of infect fade (Blue)
zp_veffects_infect_fade_A "30" // Alpha of infect fade
zp_veffects_infect_shake "1" // Screen shake for infected player [0-no // 1-yes]
zp_veffects_infect_shake_amp "15.0" // Amplitude of shaking effect
zp_veffects_infect_shake_frequency "1.0" // Frequency of shaking effect
zp_veffects_infect_shake_duration "4.0" // Duration of shaking effect
// ----------
zp_veffects_humanize "1" // Visual effects on humanize [0-no // 1-yes]
zp_veffects_humanize_fade "1" // Screen fade for humanize of player [0-no // 1-yes]
zp_veffects_humanize_fade_time "0.6" // Holding time of fade effect
zp_veffects_humanize_fade_duration "0.2" // Duration of fade effect
zp_veffects_humanize_fade_R "0" // Color of infect fade (Red)
zp_veffects_humanize_fade_G "0" // Color of infect fade (Green)
zp_veffects_humanize_fade_B "255" // Color of infect fade (Blue)
zp_veffects_humanize_fade_A "30" // Alpha of infect fade
// ----------
zp_veffects_respawn "1" // Visual effect on re-spawn [0-no // 1-yes]
zp_veffects_respawn_name "spiral_spiral_akskkk" // Name of partical effect (Not a path, each '.pcf' have a name inside) For standart particles. Look here: https://developer.valvesoftware.com/wiki/List_of_CS_GO_Particles
zp_veffects_respawn_attachment "" // Attachment of re-spawn effect [""-client position // "eholster"-model attachment name]
zp_veffects_respawn_duration "1.0" // Duration of re-spawn effect
// ----------
zp_veffects_heal "1" // Visual effect on healing [0-no // 1-yes]
zp_veffects_heal_name "heal_ss" // Name of partical effect (Not a path, each '.pcf' have a name inside) For standart particles. Look here: https://developer.valvesoftware.com/wiki/List_of_CS_GO_Particles
zp_veffects_heal_attachment "" // Attachment of healing effect [""-client position // "eholster"-model attachment name]
zp_veffects_heal_duration "1.0" // Duration of healing effect
// ----------
zp_veffects_heal_fade "1" // Screen fade for healing of player [0-no // 1-yes]
zp_veffects_heal_fade_time "0.3" // Holding time of fade effect
zp_veffects_heal_fade_duration "0.15" // Duration of fade effect
zp_veffects_heal_fade_R "0" // Color of infect fade (Red)
zp_veffects_heal_fade_G "255" // Color of infect fade (Green)
zp_veffects_heal_fade_B "0" // Color of infect fade (Blue)
zp_veffects_heal_fade_A "25" // Alpha of infect fade
// ----------
zp_veffects_leap "1" // Visual effect on leap-jump [0-no // 1-yes]
zp_veffects_leap_name "block_trail_xzaa" // Name of partical effect (Not a path, each '.pcf' have a name inside) For standart particles. Look here: https://developer.valvesoftware.com/wiki/List_of_CS_GO_Particles
zp_veffects_leap_attachment "" // Attachment of leap-jump effect [""-client position // "eholster"-model attachment name]
zp_veffects_leap_duration "1.5" // Duration of leap-jump effect
zp_veffects_leap_shake "1" // Screen shake for leap-jump [0-no // 1-yes]
zp_veffects_leap_shake_amp "10.0" // Amplitude of shaking effect
zp_veffects_leap_shake_frequency "1.0" // Frequency of shaking effect
zp_veffects_leap_shake_duration "2.0" // Duration of shaking effect
// ----------
zp_veffects_health "1" // Showing health sprite for an attacker player [0-no // 1-yes]
zp_veffects_health_sprite "animated/hpbar5s.vmt" // The health sprite path (This material files/textures will be automatically precache)
zp_veffects_health_scale "1.0" // Scale multiplier of the sprite
zp_veffects_health_var "$frame" // Sets the chosen material parameter to the specified value
zp_veffects_health_frames "21.0" // Total amount of frames in the sprite
zp_veffects_health_duration "5.0" // Duration of sprite showing
zp_veffects_health_height "80.0" // Vector height from the origin
// ----------
// < Fog >
// ----------
zp_veffects_fog "1" // Enable fog rendering on the map [0-no // 1-yes]
zp_veffects_fog_color "200 200 200" // Primary and secondary color of the fog
zp_veffects_fog_density "0.2" // Density (thickness) of the fog
zp_veffects_fog_startdist "300" // Distance from player to start rendering foremost fog
zp_veffects_fog_enddist "1200" // Distance from player to stop rendering fog
zp_veffects_fog_farz "4000" // Vertical clipping plane. Look here: https://developer.valvesoftware.com/wiki/Env_fog_controller
// ----------
// < Ragdoll (Bodies) >
// ----------
zp_veffects_ragdoll_remove "0" // Remove players' ragdolls from the game after a delay [0-no // 1-yes]
zp_veffects_ragdoll_dissolve "-1" // The ragdoll removal effect. [-2 = effectless removal // -1 = random effect // 0 = energy dissolve // 1 = heavy electrical dissolve // 2 = light electrical dissolve // 3 = core dissolve]
zp_veffects_ragdoll_delay "0.5" // Time to wait before removing the ragdoll
// ----------
// < Sound Effects >
// ----------
zp_seffects_voice "1" // Manipulating of sv_alltalk to obey zombie/human teams instead of t/ct [0-no // 1-yes]
zp_seffects_voice_zombies_mute "0" // Only allow humans to communicate, block verbal zombie communication [0-no // 1-yes]
// ----------
zp_seffects_infect "1" // Emit a infect sound when a human become zombie [0-no // 1-yes]
zp_seffects_comeback "1" // Emit a comeback sound (to all humans) when a zombie respawn [0-no // 1-yes]
zp_seffects_moan "60.0" // Max time between emission of a moan sound from a zombie
zp_seffects_burn "1" // Emit a burn sound when a zombie on fire [0-no // 1-yes]
zp_seffects_death "1" // Emit a death sound when a zombie dies [0-no // 1-yes]
zp_seffects_footsteps "1" // Emit a footstep sound when a zombie walks [0-no // 1-yes]
// ----------
//zp_seffects_player_flashlight "flash_light_sounds" // The key block for player flashlight sounds
//zp_seffects_player_nvgs "night_vision_sounds" // The key block for player nightvision sounds
//zp_seffects_player_ammunition "ammunition_buy_sounds" // The key block for player ammunition sounds
//zp_seffects_player_level "level_up_sounds" // The key block for player levelup sounds
//zp_seffects_player_item "item_buy_sounds" // The key block for player item buy sounds
//zp_seffects_player_armor "armor_buy_sounds" // The key block for player armor buy sounds
//zp_seffects_player_info "info_tips_sounds" // The key block for player info tips sounds
//zp_seffects_player_buy "buy_success_sounds" // The key block for player buy success sounds
//zp_seffects_player_fail "buy_fail_sounds" // The key block for player buy failed sounds
// ----------
zp_seffects_round_start "round_start_sounds" // The key block for round start sounds
zp_seffects_round_count "round_counter_sounds" // The key block for round counter sounds
zp_seffects_round_blast "gamemode_blast_sounds" // The key block for round blast sounds
// ----------
// < Teleport >
// ----------
zp_teleport_escape "0" // Allow teleport on escape modes only [0-no // 1-yes]
zp_teleport_zombie "1" // Allow zombies to use ZTele [0-no // 1-yes]
zp_teleport_human "1" // Allow humans to use ZTele [0-no // 1-yes]
zp_teleport_delay_zombie "3.0" // Time between using ZTele command and teleportation for zombies
zp_teleport_delay_human "3.0" // Time between using ZTele command and teleportation for humans
zp_teleport_max_zombie "3" // Max number of times a zombie is allowed to use ZTele per round
zp_teleport_max_human "1" // Max number of times a human is allowed to use ZTele per round
zp_teleport_autocancel "1" // Automatically cancel ZTele if player moves out of a set boundary [0-no // 1-yes]
zp_teleport_autocancel_distance "150.0" // Maximum distance, player is allowed to travel before teleport is cancelled
// ----------
// < Market >
// ----------
zp_market "1" // Enable market menu [0-no // 1-yes]
zp_market_buymenu "0" // Enable default (standart) buy menu [0-no // 1-yes]
zp_market_button "1" // Enable hook of button "B" for the market menu [0-no // 1-yes]
zp_market_reopen "2" // Enable reopening menu after purchasing [0-no // 1-yes // 2-main]
zp_market_favorites "1" // Enable favorites menu [0-no // 1-yes]
zp_market_zombie_open_all_menu "0" //If disabled then the zombie immediately opens the equipment (if enabled then all menu sections will be visible) [0-no // 1-yes]
zp_market_human_open_all_menu "0" // If disabled then the humans immediately opens the equipment (if enabled then all menu sections will be visible) [0-no // 1-yes]
zp_market_off_menu_when_mode_started "1" // If enabled and the infection has started, all menu sections except equipment become inactive [0-no // 1-yes]
zp_market_buytime "15.0" //If zp_market_off_menu_when_mode_started enabled, this is the time until all menus are available after spawn
// ----------
// < Arsenal >
// ----------
zp_arsenal "1" // Enable free arsenal on the spawing [0-no // 1-yes]
zp_arsenal_random_weapons "0" // Whether players should get weapons randomly instead of selecting them
zp_arsenal_primary "mp9, mac10, bizon" // Primary weapons list ['m4a1, ...'] = in the string divided by ',' from weapons.ini (Only for weapons with human class)
zp_arsenal_secondary "p250, fiveseven, hpk" // Secondary weapons list ['usp, ...'] = in the string divided by ',' from weapons.ini (Only for weapons with human class)
zp_arsenal_melee "knife, axe, spanner, hammer" // Melee weapons list ['knife, ...'] = in the string divided by ',' from weapons.ini (Only for weapons with human class)
zp_arsenal_additional "holy grenade, freeze grenade" // Addition weapons list ['nade, ...'] = in the string divided by ',' from weapons.ini (Only for weapons with human class)
// ----------
// < Messages >
// ----------
zp_messages_objective "1" // Enable objective messages [0-no // 1-yes]
zp_messages_counter "1" // Enable counter messages [0-no // 1-yes]
zp_messages_blast "1" // Enable blast messages [0-no // 1-yes]
zp_messages_damage "0" // Enable damage messages [0-no // 1-yes]
zp_messages_donate "1" // Enable donate messages [0-no // 1-yes]
zp_messages_class_info "1" // Enable class info messages [0-no // 1-yes]
zp_messages_class_choose "1" // Enable class choose messages [0-no // 1-yes]
zp_messages_class_dump "0" // Enable class dump messages [0-no // 1-yes]
zp_messages_item_info "1" // Enable item info messages [0-no // 1-yes]
zp_messages_item_all "1" // Enable item buy messages (for all players) [0-no // 1-yes]
zp_messages_weapon_info "1" // Enable weapon info messages [0-no // 1-yes]
zp_messages_weapon_drop "1" // Enable weapon drop messages [0-no // 1-yes]
// ----------
zp_messages_welcome_hud_time "3.0" // Number of seconds to hold the message [0-disabled]
zp_messages_welcome_hud_fadein "2.0" // Number of seconds to spend fading in
zp_messages_welcome_hud_fadeout "1.0" // Number of seconds to spend fading out
zp_messages_welcome_hud_R "0" // Color of welcome hud (Red)
zp_messages_welcome_hud_G "125" // Color of welcome hud (Green)
zp_messages_welcome_hud_B "200" // Color of welcome hud (Blue)
zp_messages_welcome_hud_A "255" // Alpha of welcome hud
zp_messages_welcome_hud_X "-1.0" // x coordinate, from 0 to 1. -1.0 is the center
zp_messages_welcome_hud_Y "0.17" // y coordinate, from 0 to 1. -1.0 is the center
// ----------
zp_messages_block "Player_Cash_Award_Team_Cash_Award_Player_Point_Award_Match_Will_Start_Chat_SavePlayer"
//! List of standart engine messages and notifications for blocking
// ----------
// < Weapons >
// ----------
zp_weapons_buyammo "1" // Enable hook of buyammo buttons ",." for weapons [0-no // 1-yes]
zp_weapons_pickup_range "125.0" // The distance a player can be to allow pickup non-pickupable weapons
zp_weapons_pickup_level "1" // Allows to pickup weapons only when player has the required level
zp_weapons_pickup_online "1" // Allows to pickup weapons only when online amount more or equal to the required limit
zp_weapons_pickup_group "0" // Allows to pickup weapons only when player has an access to a provided admin group
zp_weapons_default_melee "fists" // The default melee weapon which gives to human after dropping the last knife
zp_weapons_remove_dropped "0.0" // Time before removing dropped weapons in seconds [0-disabled]
// ----------
// < Menus & Buttons >
// ----------
zp_menu_button "+lookatweapon" // Bind of the button for the menu open. Look here: https://www.reddit.com/r/GlobalOffensive/comments/36cjph/default_binds/
zp_menu_button_block "1" // Block hooked command execution. Commands like "drop" probably need to have this turn off.
zp_skill_human_button "rebuy" // Bind of the button for the human skill usage. Look here: https://www.reddit.com/r/GlobalOffensive/comments/36cjph/default_binds/
zp_skill_human_button_block "1" // Block hooked command execution. Commands like "drop" probably need to have this turn off.
zp_skill_zombie_button "drop" // Bind of the button for the zombie skill usage. Look here: https://www.reddit.com/r/GlobalOffensive/comments/36cjph/default_binds/
zp_skill_zombie_button_block "1" // Block hooked command execution. Commands like "drop" probably need to have this turn off.
zp_light_button "autobuy" // Bind of the button for the flashlight trigger. Look here: https://www.reddit.com/r/GlobalOffensive/comments/36cjph/default_binds/
zp_light_button_block "1" // Block hooked command execution. Commands like "drop" probably need to have this turn off.
zp_human_menu "0" // Enable human class menu on a humanize with instant class change for 10 seconds [0-no // 1-yes]
zp_zombie_menu "0" // Enable zombie class menu on an infection with instant class change for 10 seconds [0-no // 1-yes]
// ----------
// < Additional Settings >
// ----------
zp_icon_infect "zombie_walking_csgo" // The infection icon name (This icon will be automatically precache) (Custom icons should be in equipment folder. Look here: 'materials/panorama/images/icons/equipment/*.svg')
zp_icon_head "1" // Headshot icon on the infection [0-no // 1-yes]
// ----------
zp_blast_time "3.6" // Delay before blast (after round end)
zp_knockback_air "0.75" // Multiplier for knockback reduction when victim off the ground
zp_knockback_crouch "0.8" // Multiplier for knockback reduction when victim is crouching
zp_remove_weapons_when_mode_started "1" // Removal of all dropped weapons after gamemode starts [0-no // 1-yes]
// ----------
zp_night_time_min "2300" // Min time for night state in format HHMM, where HH is the hour and MM is the minute (23:00pm)
zp_night_time_max "0630" // Max time for night state in format HHMM, where HH is the hour and MM is the minute (6:30am)
// ----------
_____________________________________________
Modification use some virtual addresses and offsets ../csgo/addons/sourcemod/gamedata/plugin.zombieplague
Hi! I've gotten a few requests for a dhooks tutorial so I decided to write this tutorial. This is (hopefully) Part I of II (can’t promise I’ll ever get to do Part II). This tutorial will give you a basic breakdown of how to use Dynamic Hooks (While also providing other useful information!).
Note for bigger version of the images click on them!
What you need:
IDA Free 5.0+ (Used in this tutorial is 5.0 Free. Normally I use 6.X)
linux_vtable_dump.idc
Downloads: IDA Free 5.0 Download link is at the bottom of the page. Install before proceeding. linux_vtable_dump.idc To save this file either click the link then right click and click Save As. Or Right click the link and click Save As. Save the file in the idc folder where you installed IDA.
Default on x86: C:\Program Files\IDA\idc
Default on x64: C:\Program Files (x86)\IDA\idc Notepad ++ This isn’t a requirement.
Now that you have everything installed grab a copy of the server.so for your game. Normally this will already download when you install a server. If it does not download you can force it by forcing hldsupdatetool to download the linux binary. To do so just add "-linux" to the game param when using the hldsupdatetool. For example to download the linux binaries for CS:S I would use these options.
Now that you have the server.so, launch IDA and open the server.so file. It should something like this. I usually like to keep a cleaner workspace so I close most of the tabs so it looks like this :P
After opening the file it will take a while to analyze (On 5.0 it takes about 45 minutes while 6.0 is about 10-20) But we can finish setting everything up while we wait! Let’s start by enabling the opcodes on each line. This isn’t as useful for this but is for finding signatures. Click on Options->General. This will bring up a box like below. Change "Number of Opcode bytes" to 10. Next (Note I only had to do this on 5.0 Free but you can check it on all versions) Click on Options->Demangled Names. This will bring up a box like bellow. Make sure that "Assume GCC v3.x names" is checked. If it is not, check it.
Now wait for the analysis to finish after it is complete the window will go into graph view to get out of graph view hit the space bar.
For this tutorial I will be hooking CCSGameRules::GoToIntermission(void). Click inside the "Function Names" box and press ALT+T to bring up the search. Search for GoToIntermission and double click the function. It should look something like
Click on the function name inside the IDA View-A and press CTRL+X to bring up the xrefs window. You should get something like this.
This function only exists on the CCSGameRules vtable which makes it easy. Double click it to go to the vtable. This should look something like this.
Make sure you are clicked within the vtable you want. Now click File->IDC File (or File->Script File in 6.0) and select the linux_vtable_dump.idc file.
By default the input will be 1, CHANGE IT TO 0 this will dump the linux values. Click ok and save the file somewhere (with a useful name like the vtable's name) This is how mine looks.
For windows anything before the destructor (~Classname method) is the same as on linux. After that it will be -1. As we can see the Destructor is at offset 13 so 0-12 are the same offset in windows. Everything after is -1 in windows. So since the linux offset is clearly higher than 13 we subtract one and get an offset of 146 for windows.
In some cases your function will be what is known as an overloaded function. For example the KeyValue functions on CBaseEntity.
Overloaded functions are functions with the same name but different parameters. For overloaded functions the rule from above still applies but the order is reversed (The first set of offsets is windows while the second line is linux in the code above). So if you want the first function, you would get the offset for the last one and apply the -1 rule if needed! With these rules you should be able to find most offset. There is however some classes where the offsets still vary for other reasons and I will go into detail on how to get them from the windows binary in part II of the tutorial.
Now on to the plugin! As you can see the return type is not given but the params are. To get the return value you can either think of what would make sense to be returned or use hex rays and the paid version of IDA to find out more info (still not always guaranteed to be correct). I happen to know that this returns an int :P
Let’s start by creating our gamedata file.
// int CCSGameRules::GoToIntermission(void)
new Handle: hGoToIntermission;
public OnPluginStart()
{
new Handle:temp = LoadGameConfigFile("test.games");
if(temp == INVALID_HANDLE)
SetFailState("Why you no has gamedata?");
new offset = GameConfGetOffset(temp, "GoToIntermission");
if(offset == -1)
SetFailState("Failed to get offset");
CloseHandle(temp);
hGoToIntermission = DHookCreate(offset, HookType_GameRules, ReturnType_Int, ThisPointer_Ignore, GoToIntermission);
}
public OnMapStart()
{
//Hook Gamerules function in map start
//Set post to true since we don’t plan to block!
DHookGamerules(hGoToIntermission, true);
}
//Since this is set to ignore remove the this param and since it has no params remove the params param
// public MRESReturn: GoToIntermission (this, Handle:hReturn, Handle:hParams) to like so.
public MRESReturn:GoToIntermission(Handle:hReturn)
{
PrintToServer("Going to intermission");
return MRES_Ignored;
}
Compile and that is all there is to it! Hope this tutorial was useful and encourages people to use DHooks :D and get people more comfortable with IDA and vtable offsets. Feel free to correct me on anything that i might be wrong on.
Credits:
asherkin - Providing a better explanation of how -1 works on windows.
:fox:
_____________________________________________
Quote:
Originally Posted by blacklagoon
There's a plugin named bindiff for IDA, it will basically do a difference of the binaries, and show you what matched old functions symbols in a new tab.
Then you basically can do how Dr!fter does it.
NOTE: Download the old.soof CS:GO with proper nameshere
_____________________________________________
Quote:
Originally Posted by hmmmmm
I'll go through this one and try to explain how I did it, but only because it isn't as straightforward as most functions are with strings where you can directly search for inside the function. One thing that you need to understand however is that there isn't just "a way" to find the functions you're looking for. Think of it as a puzzle where all the function names are gone and you need to use your head to find out where the function you're looking for is. More often than not this is done with strings since they are the easiest to find, but it can also be done in other ways, for example using references to globals or using the vtable.
The easiest way to do this in CS:GO is to find an old binary that has symbols so you can easily find the function. You can find CS:GO binaries with symbols here: https://users.alliedmods.net/~asherk.../csgo_symbols/
In this example I'll use server.so to find the functions, then use the info I get from there to find them in an up-to-date server.dll where I'll get the signature.
So to start you open the server.so file with symbols and then click File->New Instance to open the server.dll simultaneously in another window and wait for the autoanalysis to finish. We'll be working out of server.so from here on and only using server.dll in case we need to check things. Click View->Open Subviews->Names to open the Names window. Do the same to open the Strings window. To keep things clean you can close all windows except for IDA View, Names window and Strings window, they're (usually) all you need.
I'll also be using IDA Pro which has the pseudocode view, but that isn't a must. You can find all the strings and info you need in the assembly view but it might be a bit harder to navigate. To open the pseudocode view, go to the IDA view and press Tab. You can press it again to switch back.
Next, open the Names window and press Ctrl+F to do a search for the function you want. In this case I'll do a search for CBaseAnimating::GetAttachment. This specific function has about 5 different overloads, each with a different set of parameters. Looking at the thread you linked, Pelipoika seems to use the one that takes (char *, Vector &, QAngle &) so double click on that one to go into it. Should look something like this:
The first thing you should be looking for is strings so that you can identify the function, but clearly this function doesn't have any so we'll have to find another way to do this. To do this we'll find cross-references to the function and try to find something to go off of from there. Cross-references (or xrefs for short) are places where the function or variable or string are referenced. For example if function X was used in functions Y and Z, the xrefs for X would show me Y and Z. IDA lets you see the xrefs by pressing your 'X' key on a function, variable or string. Finding xrefs is one of the tools you'll use the most in IDA so try to remember it and understand it. Let's try to use it on the CBaseAnimating::GetAttachment function.
Open the first function and you'll find that there are lots of strings that we can use here. In fact CBaseAnimating::GetAttachment is called with a string "Muzzle".
To make sure this string is unique and can be used to easily find our function, press X on it to see the xrefs. You'll see it is only used twice and both times with the GetAttachment function, so this string should work fine. Let's switch over to server.dll and open the Strings window to do a quick search for "Muzzle".
Unfortunately our "Muzzle" doesn't show up. You might think that the top result "muzzle" is the same, but the casing matters and if you look at the xrefs you'll see it's used in a different function. We still have a lot of other xrefs to GetAttachment we can look at so let's look for others in server.so again. After skimming through the list I found that it's used in CBaseServerVehicle::GetPassengerExitPoint (second last function) with the string "vehicle_driver_exit" which has only 1 xref, so it's unique. Once again, switch over to server.dll and do a string search for "vehicle_driver_exit".
There's only 1 result, so double click on it to go to it. IDA will take you to the rdata section which looks like this:
To find where the string is used click on aVehicleDriverE and press X. There's only 1 xref, go to it.
This should look familiar, it's the same CBaseServerVehicle::GetPassengerExitPoint function from server.so but without symbols. For comparison this is what it looks like in server.so with symbols.
Clearly sub_101A50D0 is CBaseAnimating::GetAttachment. To make things clearer, press N on it to rename it. This will also let you find it easily in the future in case you need it again. Now all you have to do is use the makesig.idc script (replace dtyp with dtype in the script if it fails on IDA 7 for you).
This generates the signature:
\x56\x04\x85\xC0\x74\x2A\x8B\xCF\xE8\x2A\x2A\ x2A\x2A\x8B\x8F\x9C\x04\x00\x00\x85\xC9\x74\x 2A\x83\x39\x00\x74\x2A\x8B\x55\x08
A similar process can be used to find LookupAttachment, try to find it yourself. Hope this helps.
_____________________________________________
Also, admin features integrated into the mod. Core uses groups to check user's flags.
Group information:
Spoiler
PHP Code:
Groups
{
/**
* Allowed properties for a group:
*
* "flags" - Flag string.
* "immunity" - Immunity level number, or a group name.
* If the group name is a number, prepend it with an
* '@' symbol similar to admins_simple.ini. Users
* will only inherit the level number if it's higher
* than their current value.
*/
"Default"
{
"immunity" "1"
}
Either manage the database for money/level/exp/skin/items/zombie/human.
Database information:
Spoiler
Open database config ..addons/sourcemod/configs/databases.cfg
Edit "zombiedatabase" table.
You can use MySQL or SQlite database for money, level/exp, costumes, favorite items, and human/zombie class.
You must fill out the driver, host, database, user, and pass fields.
If you do not need a field, use empty quotation marks as the value ("")
More information here
_____________________________________________
Finally, manage the config constructor for any kind of customizations.
Config information:
Spoiler
So all custom configs are in the 'maps' folder.
Where the hierarchy of folders for loading is like that
Example:
So you have a map ze_italy
You create two folders ze_ & ze_italy
1.ze_:
classes.ini
menus.ini
2.ze_italy:
weapons.ini
menus.ini
So which configs will be loaded then on ze_italy map ? Answer:
classes.ini [from ze_]
weapons.ini [from ze_italy]
menus.ini [from ze_italy]
NB: Rest of configs will be loaded from the default folder!
To make ZP suitable for ze maps:
I removed all game modes, except multi and enable escape feature. (zombies will be sent respawn)
Removed all zombie classic types and make all zombie have a custom class type. (same one) So players wouldn't be able to choose classes and all zombie will be randomly chosen.
Removed zombie class menu from the menus.ini config.
Changed zombie class types in weapons and removed non existing class types
Finally, changed default zombie type for gamemodes.ini