Raised This Month: $64 Target: $400
 16% 

CBaseAnimating::LookupSequence


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
gubka
Veteran Member
Join Date: Jan 2012
Location: Dublin
Old 12-20-2018 , 05:33   CBaseAnimating::LookupSequence
Reply With Quote #1

Hello everyone, I am really confise with the IDA Pro scripts for extracting memsigs, I dont know why i have that problem with extracting only on CBaseAnimating::LookupSequence function, even if i use it on the old version with the proper function names, but with other function i dont have problem, so when i run script in this function i have that error : "Ran out of bytes to create unique signature.", in new .so or .dll you can find it by the string : "LookupSequence" and use the function with that string like xref to find the proper CBaseAnimating::LookupSequence function, but in even new library the script fail on this function, so anyone know why some sigs dont want to extract in CS:GO . any reason and what i can do with that? may be i have wrong IDA version ? Thanks a million, i will appreciate any help with that issue.
__________________
gubka is offline
Send a message via ICQ to gubka Send a message via Skype™ to gubka
hmmmmm
Senior Member
Join Date: Mar 2017
Location: ...
Old 12-20-2018 , 11:16   Re: CBaseAnimating::LookupSequence
Reply With Quote #2

The function is too short to generate a unique signature. You'll have to come up with a different way of getting the function address.
hmmmmm is offline
gubka
Veteran Member
Join Date: Jan 2012
Location: Dublin
Old 12-20-2018 , 16:16   Re: CBaseAnimating::LookupSequence
Reply With Quote #3

Quote:
Originally Posted by hmmmmm View Post
The function is too short to generate a unique signature. You'll have to come up with a different way of getting the function address.
Thanks for reply, Do I have any possibility of find address in different way? Which are those ?
__________________
gubka is offline
Send a message via ICQ to gubka Send a message via Skype™ to gubka
Fyren
FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren
Join Date: Feb 2106
Old 12-21-2018 , 22:33   Re: CBaseAnimating::LookupSequence
Reply With Quote #4

Finding somewhere that calls it and pulling the address from there is one possibility.
Fyren is offline
gubka
Veteran Member
Join Date: Jan 2012
Location: Dublin
Old 12-23-2018 , 13:29   Re: CBaseAnimating::LookupSequence
Reply With Quote #5

Do you have any practicle examples how i can do it ?
__________________
gubka is offline
Send a message via ICQ to gubka Send a message via Skype™ to gubka
hmmmmm
Senior Member
Join Date: Mar 2017
Location: ...
Old 12-27-2018 , 08:28   Re: CBaseAnimating::LookupSequence
Reply With Quote #6

The general steps are:
1) Find a function that calls your target function and have a look at the assembly (with opcodes enabled).
It should look something like this:
Code:
RefFunc+0x0050 XX YY YY YY YY                 call TargetFunc
The XX is the call opcode and the YY YY YY YY is the relative address of the function you're looking for.

2) Extract that YY YY YY YY bit and add it to the address of the instruction after the call to get the absolute address of your function

This is a bit convoluted and most of the time unnecessary. What exact function are you trying to get and why? If you're just trying to call the function then it's probably easier to just recreate the contents of that function yourself.

Last edited by hmmmmm; 12-27-2018 at 08:28.
hmmmmm is offline
gubka
Veteran Member
Join Date: Jan 2012
Location: Dublin
Old 01-13-2019 , 00:58   Re: CBaseAnimating::LookupSequence
Reply With Quote #7

Quote:
Originally Posted by hmmmmm View Post
The general steps are:
1) Find a function that calls your target function and have a look at the assembly (with opcodes enabled).
It should look something like this:
Code:
RefFunc+0x0050 XX YY YY YY YY                 call TargetFunc
The XX is the call opcode and the YY YY YY YY is the relative address of the function you're looking for.

2) Extract that YY YY YY YY bit and add it to the address of the instruction after the call to get the absolute address of your function

This is a bit convoluted and most of the time unnecessary. What exact function are you trying to get and why? If you're just trying to call the function then it's probably easier to just recreate the contents of that function yourself.
Thanks for help, I will try to you the lookkupseq function which only require I'd of seq, because I a, just lazy to recreate the all main function just because of one parameter difference )
__________________

Last edited by gubka; 01-13-2019 at 01:00.
gubka is offline
Send a message via ICQ to gubka Send a message via Skype™ to gubka
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 05:07.


Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Theme made by Freecode