Using Offset or Signature of a function?

steambob · **Author**

Do I understand right that a virtual function can be found and then called either by an offset or by using a signature? Can these two methods be applied to any function or are there limits for one of the methods? Which way is the best and the easiest?

And how do I find an offset for a function for a certain mod? Is there any plugin that could do that?

Thanks.

Nican · 09-27-2007 , 15:19 Re: Using Offset or Signature of a function?

http://wiki.alliedmods.net/Signature_Scanning

http://forums.alliedmods.net/showthread.php?t=53893

http://wiki.alliedmods.net/Useful_Si...s_%28Source%29

steambob · *Last edited by steambob; 09-27-2007 at 16:35.*

Thanks for the links.

But what I really mean is how it is possible to find offsets for functions. Such that you can put, like for example in sdktools.games.txt,

Code:

"Offsets"
        {
            "CommitSuicide"
            {
                "windows"    "360"
                "linux"        "361"
            }
        }

Such offsets are often used in many plugins.
My questions are:
1) are there functions that can be called only via offsets and not sigscanning or vice versa,
or both ways are in principle applicable to the same function;
2) how do I find the function offsets?

Or may be I miss something fundamental?

pRED* · 09-27-2007 , 16:50 Re: Using Offset or Signature of a function?

1) Yes. I think. Well you can only find the offset for some functions. You can probably sig scan these as well if you wanted...

2) Try http://plugins.mfzb.de/offsets/http://plugins.mfzb.de/offsets/

Has text files with the list of offsets for each mod (and all the ent props for each mod)

Nican · 09-27-2007 , 18:06 Re: Using Offset or Signature of a function?

Hm.. you can by signatures or by offset
offsets are more made for plugins and game play
signatures is basically forcing to call a function within the game

You can find list of offsets here:
http://plugins.mfzb.de/offsets/

EDIT:
Dang, pRED beat me to it

steambob · 09-27-2007 , 18:09 Re: Using Offset or Signature of a function?

Thank you guys !

sumguy14 · 09-27-2007 , 18:36 Re: Using Offset or Signature of a function?

You should probably try to use vitual functions hooking if you can. If you can set a players model with a signature and a vfunc, then pick the vfunc.

Signature scanning is like engine hacking basically and are more likely to break on updates than vfuncs.

mooman2 · 09-27-2007 , 23:14 Re: Using Offset or Signature of a function?

Shouldn't vfuncs break more easily? I'm not sure how the vtable is arranged, but I think if valve decides to insert another virtual function before the one you want, the offset you used would be defunct. And signatures would be less likely to break unless valve drastically changed the content. example: the teleport function should always contain three unique instructions that involve the new coordinates.

sumguy14 · 09-27-2007 , 23:19 Re: Using Offset or Signature of a function?

Not so sure about that.

Signature scanning is finding the function by it's place in memory (i think), so if anything with the functions we hook through sigscanning is changed in the engines code, I am pretty sure it could break the signature, in which case someone would have to find the new one.

pRED* · 09-28-2007 , 05:55 Re: Using Offset or Signature of a function?

Sigscanning finds a unique pattern in memory that identifies the function you want to call.
For a signature to change, yes there'd have to be a change in the actual function, whereas vtables could change due to an extra function being added