[panparapet]

Hi i am tyrying to find a signature for a function for csgo but in every tutorial ida is displaying normal function names but it does not do that for me it shows something like sub_somenumbers. I am trying to do that for linux binary server.so.

[Bacardi]

What you are looking for ?

Function can be in found either server.so or engine.so.

One hint could help like any text output happen on that function.

[panparapet]

I am looking for function IsInWorld because this plugin uses it https://forums.alliedmods.net/showthread.php?p=2629927 and it stopped working after latest csgo update. In its .games.txt i saw "library" "server" so i was looking for it in server.so but i was unable to do it because IDA was not showing any normal function names other than imported ones. I also found something called like this in here https://github.com/ValveSoftware/hal...dlls/cbase.cpp and it seems that it does not have any text output and i am preety sure that this is what i am looking for because it looks like it is some kind of speed limit and this plugin removes it.

Maybe it is worth to mention that IDA gives me this warning when i start it gnulnx_x86: No such file or directory

[Zynda]

As far as I know server.so is used only by the client when hosting listenservers.
Dedicated servers use server_srv.so or server_i486.so.

[panparapet]

you are right server_i486.so was the thing i was looking for but how can i find a signature for a function with no strings

[Zynda]

I'm assuming you're looking for the windows signature.

There are many ways even if the target has no strings, you can of course look for strings in functions that calls the target or are called by the target and use that to close in your search.

In this case what I did was taking a closer look at some of the constant float values. I looked at the float value:

Code:

-16384.0

because it looked pretty unique to me, and sure enough it's only referenced from the IsInWorld function. Looking at the hex view I saw it was stored as:

Code:

00 00 80 C6

Next I searched for those bytes in server.dll and got one match in the .rdata section. In the windows library this value was used by more than one function, but it was referenced the same amount of times as the linux library in one particular function.
At this point I compared the two functions, they both have similar amount of calls (5 v 6), they both reference the same floating point values (16384.0, -16384.0, 2000). They both have the amount of parameters.

These factors gives me confidence that they are the same function. In this case the function was

Spoiler

sub_101F4E70

In this case you can also use the old signature:

Code:

\x56\x8B\xF1\x83\x7E\x1C\x00\x75\x2A

Which is the sequence of bytes:

Code:

56 8B F1 83 7E 1C 00 75 ?

To find 4 matching functions, one of which is the target.

[Bacardi]

...I have old "source" files.

I looked that sub_101F4E70

And found one callback what have this sub and a string "Disabling motion on phys prop". It lead here.

PHP Code:

void CPhysicsProp::VPhysicsUpdate( IPhysicsObject *pPhysics ) 


There is this part before string

Code:

	if ( !IsInWorld() )
	{
		m_OnOutOfWorld.FireOutput( this, this );
	}

I have found FireOutput before (sub_10226B20).


On Linux it goes difficult so I randomly looked again.
There is callback C4Think with "show_clips", "hide_clips" stinrgs.
Very top of function it have IsInWorld.

So

PHP Code:

// bool CBaseEntity::IsInWorld( void ) const

//Windows Signature for sub_101F4E70:
//56 8B F1 83 7E 1C 00 75 ? B0 01 
//\x56\x8B\xF1\x83\x7E\x1C\x00\x75\x2A\xB0\x01

//Linux Signature for sub_5E6840:
//55 89 E5 53 83 EC 14 8B 5D 08 8B 43 24 85 C0 0F 84 ? ? ? ? 
//\x55\x89\xE5\x53\x83\xEC\x14\x8B\x5D\x08\x8B\x43\x24\x85\xC0\x0F\x84\x2A\x2A\x2A\x2A 


[panparapet]

Thank you that linux signature was what i was looking for. Now i have to figure out why is this plugin still failing on startup

[Bacardi]

Maybe it is still wrong what I have found...


*why I did not look inside server_i486.so (post #4)
It gave right answer

Code:

// E8 B9 43 DD FF                call    _ZNK11CBaseEntity9IsInWorldEv ; CBaseEntity::IsInWorld(void)
//Signature for _ZNK11CBaseEntity9IsInWorldEv:
//55 B8 01 00 00 00 89 E5 83 EC 18 89 5D F8 8B 5D 08 89 75 FC 8B B3 80 01 00 00 
//\x55\xB8\x01\x00\x00\x00\x89\xE5\x83\xEC\x18\x89\x5D\xF8\x8B\x5D\x08\x89\x75\xFC\x8B\xB3\x80\x01\x00\x00

"linux" "@_ZNK11CBaseEntity9IsInWorldEv"

[panparapet]

Thank you for helping me with signature but now i am getting this error what can i do to fix it Exception reported: Failed to load IsInWorld signature from gamedata