[cravenge]

I'm trying to add Windows support for the Boomer Horde Equalizer plugin from the L4D2 Competitive Rework repo but I don't know how to find its offset.

PHP Code:

"Games"
{
    "left4dead2"
    {
        "Addresses"
        {
            "signature" "NextBotManager::OnCharacterVomitedUpon"
        }
        
        "Offsets"
        {
            "WanderersCondition"
            {
                "windows"    "153"
                "linux"     "475"
            }
        }
        
        "Signatures"
        {
            "library"    "server"
            "linux"        "@_ZN14NextBotManager22OnCharacterVomitedUponEP20CBaseCombatCharacter"
            "windows"    "\x55\x8B\xEC\x8B\x45\x08\x83\xEC\x0C\x56\x57"
            /* 55 8B EC 8B 45 08 83 EC 0C 56 57 */
            /* Look for unique string: "(MOB) %d wanderers grabbed for an IT mob of desired size %d.\n" */
        }
    }
} 


Thanks BHaType!

[BHaType]

The signature is still the same

153 - offset for "WanderersCondition"
3B FE 7D 0E - original bytes

[Bacardi]

nvm

hmmm...

PHP Code:

Signature for sub_1049B800:
55 8B EC 8B 45 08 83 EC 0C 56 57 
\x55\x8B\xEC\x8B\x45\x08\x83\xEC\x0C\x56\x57 


[cravenge]

Quote:

Originally Posted by BHaType The signature is still the same 153 - offset for "WanderersCondition" 3B FE 7D 0E - original bytes

Oh, I found the signature already. I was only looking for the offset and the bytes to patch the function.

Edit: I'm kinda curious how you got that offset.

[BHaType]

If you look at the source code, you can see that 4 bytes are patched at the address OnCharacterVomitedUpon + 475, now you can calculate the address and see in the IDA why they noped 4 bytes

IDA

Looking at this address in the IDA you can see that these 4 bytes are responsible for checking and if the first operand is larger than the other then the SpawnITMob function will not be called

Next, you need to find about the same thing on Windows (In your case you can simply use a unique string)

IDA

To get an offset just subtract two addresses

0x99 = 153 = 0x49B899 - 0x49B800

[cravenge]

Quote:

Originally Posted by BHaType If you look at the source code, you can see that 4 bytes are patched at the address OnCharacterVomitedUpon + 475, now you can calculate the address and see in the IDA why they noped 4 bytes IDA Looking at this address in the IDA you can see that these 4 bytes are responsible for checking and if the first operand is larger than the other then the SpawnITMob function will not be called Next, you need to find about the same thing on Windows (In your case you can simply use a unique string) IDA To get an offset just subtract two addresses 0x93 = 153 = 0x49B899 - 0x49B800

Ah, I see. Thanks for the informative guide, it helps me a lot!

[jeremyvillanueva]

Hi,
I'm looking forward to this plugin,

Because I'm understanding how does the infected spawning works,
More specifically about how does, what is the formula and why he grabs the infected from wanderers,

BW,