[Chrisber]

Hi.
I currently want to learn how to search signatures.
For that I've read the text on http://wiki.alliedmods.net/Signature_Scanning more than once.
I made good process, but this text let me stuck (on "Finding the Signature of a Function -> Windows): "Try searching for part of this in the CS:S disassembly" (it's near the bottom).
What I have to search? The complete code, only opcodes, only commands? And how I can search them? Full text search? I don't think so.
All ways to find anything matching it fails for me.
I hope someone can more explain what exactly I have to search for ;)

Thanks!

~ Chris

[L. Duke]

It's difficult. There are others around here who are better to tell you how, but basically you have to disassemble the dll and so binary files with something like IDA PRO (I believe there is a free version).

Finding the linux functions is easy since the symbols are in the binary so they get properly labeled. To find the windows signatures, you need to compare to the linux binaries. For example, find a string that is used in the function on the linux version and find that same string on the windows assembly. Functions without strings can be very difficult to find, but the guys on #sourcemod were always very helpful back when I started that.

[DJ Tsunami]

I'm pretty sure you have to search for the opcodes in that example, just go to Search > Sequence of bytes (or something like that).

[Chrisber]

Hey
Thanks for the help to you, I'll have a look into this

~ Chris