Raised This Month: $13 Target: $400
 3% 

Signature Request Thread


Post New Thread Reply   
 
Thread Tools Display Modes
fbef0102
Senior Member
Join Date: Sep 2017
Location: TW
Old 11-21-2019 , 08:20   Re: Signature Request Thread
Reply With Quote #341

Quote:
Originally Posted by TheDS1337 View Post
Well, I tried to find it for you but unfortunately without any success, it's complicated in windows...

But after a long, I just noticed that the function you are looking for itself is easily reproducible, here's the code from SourceSDK 2013
I'm sry, a litte confused, how can I call or hook "bool PassServerEntityFilter( const IHandleEntity *pTouch, const IHandleEntity *pPass ) " in sp code?

I am trying to use CollisionHook: https://forums.alliedmods.net/showthread.php?t=197815
but windows signature broken.
I try to get what two entities are colliding and make them pass through each other (ex. player collisions Disable)
__________________

Last edited by fbef0102; 11-21-2019 at 08:23.
fbef0102 is offline
TheDS1337
Veteran Member
Join Date: Jun 2012
Old 11-22-2019 , 06:45   Re: Signature Request Thread
Reply With Quote #342

Quote:
Originally Posted by fbef0102 View Post
I'm sry, a litte confused, how can I call or hook "bool PassServerEntityFilter( const IHandleEntity *pTouch, const IHandleEntity *pPass ) " in sp code?

I am trying to use CollisionHook: https://forums.alliedmods.net/showthread.php?t=197815
but windows signature broken.
I try to get what two entities are colliding and make them pass through each other (ex. player collisions Disable)
Well, in that case, I've looked for functions signatures similar to the old one and I came down to these 4, you might wanna try them one by one, maybe one of them works.

PHP Code:
\x55\x8B\xEC\x57\x56\x8B\x75\x0C\x8B\x4D\x10\x8B\x7D\x08\x8B\xC1\x8B\xD1\x03\xC6\x3B\xFE\x76\x2A\x3B\xF8\x0F\x82\x2A\x2A\x2A\x2A\x81\xF9\x00\x01\x00\x00\x72\x2A\x83\x3D\x2A\x2A\x2A\x2A\x00\x74\x2A\x57\x56\x83\xE7\x0F\x83\xE6\x0F\x3B\xFE\x5E\x5F\x75\x2A\x5E\x5F\x5D\xE9\x2A\x2A\x2A\x2A\xF7\xC7\x03\x00\x00\x00\x75\x2A\xC1\xE9\x02\x83\xE2\x03\x83\xF9\x08\x72\x2A\xF3\xA5\xFF\x24\x95\x2A\x2A\x2A\x2A\x90\x8B\xC7\xBA\x03\x00\x00\x00\x83\xE9\x04\x72\x2A\x83\xE0\x03\x03\xC8\xFF\x24\x85\x2A\x2A\x2A\x2A\xFF\x24\x8D\x2A\x2A\x2A\x2A\x90\xFF\x24\x8D\x2A\x2A\x2A\x2A\x90\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x23\xD1\x8A\x06\x88\x07\x8A\x46\x01\x88\x47\x01\x8A\x46\x02\xC1\xE9\x02\x88\x47\x02\x83\xC6\x03\x83\xC7\x03\x83\xF9\x08\x72\x2A\xF3\xA5\xFF\x24\x95\x2A\x2A\x2A\x2A\x8D\x49\x00\x23\xD1\x8A\x06\x88\x07\x8A\x46\x01\xC1\xE9\x02\x88\x47\x01\x83\xC6\x02\x83\xC7\x02\x83\xF9\x08\x72\x2A\xF3\xA5\xFF\x24\x95\x2A\x2A\x2A\x2A\x90\x23\xD1\x8A\x06\x88\x07\x83\xC6\x01\xC1\xE9\x02\x83\xC7\x01\x83\xF9\x08\x72\x2A\xF3\xA5\xFF\x24\x95\x2A\x2A\x2A\x2A\x8D\x49\x00\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x8B\x44\x8E\xE4\x89\x44\x8F\xE4\x8B\x44\x8E\xE8\x89\x44\x8F\xE8\x8B\x44\x8E\xEC\x89\x44\x8F\xEC\x8B\x44\x8E\xF0\x89\x44\x8F\xF0\x8B\x44\x8E\xF4\x89\x44\x8F\xF4\x8B\x44\x8E\xF8\x89\x44\x8F\xF8\x8B\x44\x8E\xFC\x89\x44\x8F\xFC\x8D\x04\x8D\x00\x00\x00\x00\x03\xF0\x03\xF8\xFF\x24\x95\x2A\x2A\x2A\x2A\x8B\xFF\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x8B\x45\x08\x5E\x5F\xC9\xC3\x90\x8A\x06\x88\x07\x8B\x45\x08\x5E\x5F\xC9\xC3\x90\x8A\x06\x88\x07\x8A\x46\x01\x88\x47\x01\x8B\x45\x08\x5E\x5F\xC9\xC3\x8D\x49\x00\x8A\x06\x88\x07\x8A\x46\x01\x88\x47\x01\x8A\x46\x02\x88\x47\x02\x8B\x45\x08\x5E\x5F\xC9\xC3\x90\x8D\x74\x31\xFC\x8D\x7C\x39\xFC\xF7\xC7\x03\x00\x00\x00\x75\x2A\xC1\xE9\x02\x83\xE2\x03\x83\xF9\x08\x72\x2A\xFD\xF3\xA5\xFC\xFF\x24\x95\x2A\x2A\x2A\x2A\x8B\xFF\xF7\xD9\xFF\x24\x8D\x2A\x2A\x2A\x2A\x8D\x49\x00\x8B\xC7\xBA\x03\x00\x00\x00\x83\xF9\x04\x72\x2A\x83\xE0\x03\x2B\xC8\xFF\x24\x85\x2A\x2A\x2A\x2A\xFF\x24\x8D\x2A\x2A\x2A\x2A\x90\x2A\x2A\x2A\x2A\x78\x2A 
PHP Code:
\x55\x8B\xEC\x57\x8B\x7D\x08 
PHP Code:
\x55\x8B\xEC\x57\x56\x8B\x75\x0C\x8B\x4D\x10\x8B\x7D\x08\x8B\xC1\x8B\xD1\x03\xC6\x3B\xFE\x76\x2A\x3B\xF8\x0F\x82\x2A\x2A\x2A\x2A\x81\xF9\x00\x01\x00\x00\x72\x2A\x83\x3D\x2A\x2A\x2A\x2A\x00\x74\x2A\x57\x56\x83\xE7\x0F\x83\xE6\x0F\x3B\xFE\x5E\x5F\x75\x2A\x5E\x5F\x5D\xE9\x2A\x2A\x2A\x2A\xF7\xC7\x03\x00\x00\x00\x75\x2A\xC1\xE9\x02\x83\xE2\x03\x83\xF9\x08\x72\x2A\xF3\xA5\xFF\x24\x95\x2A\x2A\x2A\x2A\x90\x8B\xC7\xBA\x03\x00\x00\x00\x83\xE9\x04\x72\x2A\x83\xE0\x03\x03\xC8\xFF\x24\x85\x2A\x2A\x2A\x2A\xFF\x24\x8D\x2A\x2A\x2A\x2A\x90\xFF\x24\x8D\x2A\x2A\x2A\x2A\x90\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x78\x2A 
PHP Code:
\x55\x8B\xEC\x57\x56\x53 
__________________
TheDS1337 is offline
fbef0102
Senior Member
Join Date: Sep 2017
Location: TW
Old 11-22-2019 , 15:09   Re: Signature Request Thread
Reply With Quote #343

Quote:
Originally Posted by TheDS1337 View Post
Well, in that case, I've looked for functions signatures similar to the old one and I came down to these 4...
I have tested,sry, none of them work
PHP Code:
signature "PassEntityFilter" was not found
the third signature just crash
__________________

Last edited by fbef0102; 11-23-2019 at 02:26.
fbef0102 is offline
PlayBoy31
Senior Member
Join Date: May 2011
Location: Toulouse (France)
Old 12-08-2019 , 12:55   Re: Signature Request Thread
Reply With Quote #344

Hi all can some one give me the following signatures please ?

Function "Respawn" for linux and for windows for the games:
- Day of Defeat Source
- Half-Life 2: Source
- Insurgency
- Day Of Infamy
- Fistful of Frags

Will be very helpfull!
__________________
PlayBoy31.fr www.fastpath.fr
PlayBoy31 is offline
manicogaming
AlliedModders Donor
Join Date: Aug 2014
Old 01-24-2020 , 14:52   Re: Signature Request Thread
Reply With Quote #345

What are the lastest signatures for these functions in CS:GO?

CCSBot::MoveTowardsPosition(Vector const&)
CCSBot::IncreaseMorale( void )
CCSBot:ecreaseMorale( void )
manicogaming is offline
manicogaming
AlliedModders Donor
Join Date: Aug 2014
Old 02-03-2020 , 18:22   [CS:GO] CAttributeList::SetValue
Reply With Quote #346

How can I find the signature for CAttributeList::SetValue in the up-to-date server.dll?

I've tried to search for similar strings between the server.so and server.dll and I there are no strings in the nearby functions, so how can I get the up-to-date signature for this function?
manicogaming is offline
Peace-Maker
SourceMod Plugin Approver
Join Date: Aug 2008
Location: Germany
Old 02-07-2020 , 07:02   Re: Signature Request Thread
Reply With Quote #347

Quote:
Originally Posted by manicogmaing View Post
What are the lastest signatures for these functions in CS:GO?

CCSBot::MoveTowardsPosition(Vector const&)
CCSBot::IncreaseMorale( void )
CCSBot:ecreaseMorale( void )
Most of those functions are inlined or optimized out on windows, so you'd have to emulate their logic yourself if you need windows support. I've tried to outline how to find them below:

CCSBot::MoveTowardsPosition
search for the -0.25 constant in the .rodata section: "00 00 80 BE"
select the function with the two references to that constant.
Code:
linux: \x55\x89\xE5\x57\x56\x53\x81\xEC\x9C\x00\x00\x00\x8B\x5D\x08\x8B\x75\x0C\xF6\x83\xDD\x00\x00\x00\x08\x74\x2A\x89\x1C\x24\xE8\x2A\x2A\x2A\x2A\xF3\x0F\x10\x83\xE4\x01\x00\x00
windows: \x55\x8B\xEC\x83\xE4\xF8\x81\xEC\x98\x00\x00\x00\x56\x8B\xF1\x57\x8B\x86\xD4\x00\x00\x00
CCSBot::IncreaseMorale
String "winner", select function which references that string 3 times (CCSBot::OnRoundEnd), IncreaseMorale is called if player team is equal to winning team. DecreaseMorale is called if the other team won.
Code:
linux: \x55\x89\xE5\x8B\x45\x08\x8B\x90\xC8\x3B\x00\x00\x83\xFA\x02
windows: inlined... morale at CCSBot * + 3822
CCSBot:ecreaseMorale
see above.
Code:
linux: \x55\x89\xE5\x8B\x45\x08\x8B\x90\xC8\x3B\x00\x00\x83\xFA\xFE
windows: inlined too.
Quote:
Originally Posted by manicogmaing View Post
How can I find the signature for CAttributeList::SetValue in the up-to-date server.dll?

I've tried to search for similar strings between the server.so and server.dll and I there are no strings in the nearby functions, so how can I get the up-to-date signature for this function?
CAttributeList::SetValue
Code:
CAttributeList::SetValue
 calls CAttributeList::UpdateManagerCache
  called by CAttributeList::AddAttribute
   xrefs CEconItemAttribute vtable
To find the vtable: Look for the "18CEconItemAttribute" string. xref to typeinfo of CEconItemAttribute class, starts at the offs_* reference above the string reference.
xref to vtable of CEconItemAttribute. find xrefs to vtable address within a mov instruction into [eax] like "mov dword ptr [eax], offset off_E28D60".
That's CAttributeList::AddAttribute, which calls CAttributeList::UpdateManagerCache at the bottom. Check xrefs to UpdateManagerCache, the first one should be CAttributeList::SetValue.
Code:
linux: \x55\x89\xE5\x83\xEC\x28\x89\x5D\xF4\x8B\x5D\x0C\x89\x75\xF8\x8B\x75\x10\x89\x7D\xFC\x8B\x7D\x08\x39\x73\x08
windows: couldn't find it due to UpdateManagerCache being inlined. the function is probably optimized out, since it's never called. thanks LTCG
I got stuck on CAttributeManager::ClearCache in the below chain on windows.
Code:
win: \x56\x8B\xF1\x80\x7E\x20\x00\x0F\x85\x2A\x2A\x2A\x2A
Code:
CAttributeList::SetValue
 calls CAttributeList::UpdateManagerCache -> ??? inlined into some other function.
  calls CAttributeManager::ClearCache
   called by CAttributeContainer::InitializeAttributes
    xref to CAttributeContainer vtable (index win: 4, lin: 5) (use Class Informer plugin to find vtables on windows binary in IDA)
__________________
Peace-Maker is offline
manicogaming
AlliedModders Donor
Join Date: Aug 2014
Old 02-12-2020 , 02:01   Re: Signature Request Thread
Reply With Quote #348

Then if CAttributeList::SetValue is that difficult to find how about this one:

CAttributeList::SetOrAddAttributeValueByName

Last edited by manicogaming; 02-12-2020 at 02:01.
manicogaming is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 09:37.


Powered by vBulletin®
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Theme made by Freecode