Raised This Month: $12 Target: $400
 3% 

sigscanner


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
vancelorgin
Senior Member
Join Date: Dec 2004
Location: san frandisco
Old 01-12-2005 , 15:28   sigscanner
Reply With Quote #1

If you don't know what this is, press back now. I'm posting this for people who wanted to see it earlier, and figured anybody who wanted to do this type of dev should have one. It's a horribly easy concept, but whatever - here's mine:

See Attachments

standard ranges (win32 only - this whole thing is unnecessary on linux)

Code:
#define SERVERDLLSTART		0x22001000
#define SERVERDLLEND		0x22631FFE
#define SERVERDLLRANGE		SERVERDLLEND - SERVERDLLSTART
#define SIGRANGESERVERDLL	SERVERDLLSTART, SERVERDLLRANGE
in your plugin load:

Code:
	if(!CSigScanner::FindAll()){
		LOG("^1^bSig scans failed: Aborting");

		return false;
	}

Some sample sigs:

Code:
typedef CBaseEntity* (__cdecl* CBaseEntity_CreateFunc)( const char *szName, const Vector &vecOrigin, const QAngle &vecAngles, CBaseEntity *pOwner );
CBaseEntity_CreateFunc CBaseEntity_Create = NULL; 
CSigScanner SigCBaseEntity_Create("SigCBaseEntity_Create", SIGRANGESERVERDLL, &CBaseEntity_Create, "xxxxxxxxxxxxxxxxxxxxxx????xxxx????xxxxxxx", "\x8B\x44\x24\x10\x8B\x4C\x24\x0C\x8B\x54\x24\x08\x56\x50\x8B\x44\x24\x0C\x51\x52\x50\xE8\xFF\xFF\xFF\xFF\x8B\xF0\x56\xE8\xFF\xFF\xFF\xFF\x83\xC4\x14\x8B\xC6\x5E\xC3", -1, false, 1);

CEntityFactoryDictionary* pEntityFactoryDictionary = NULL;
CSigScanner SigEntityFactoryDictionary("SigEntityFactoryDictionary", SIGRANGESERVERDLL, &pEntityFactoryDictionary, "xx????xxxxxxxxxxx????xx????x????x????x????xxxx????x", "\x8A\x0D\x58\x16\x5A\x22\xB0\x01\x84\xC8\x75\x21\x8A\xD1\x0A\xD0\xB9\x08\x16\x5A\x22\x88\x15\x58\x16\x5A\x22\xE8\x60\x00\x00\x00\x68\x30\xD9\x3A\x22\xE8\x2F\x99\x01\x00\x83\xC4\x04\xB8\x08\x16\x5A\x22\xC3", 17, false, 2);

CSigScanner SigCAI_Navigator_SetDirectGoal("SigCAI_Navigator_SetDirectGoal", SIGRANGESERVERDLL, NULL, "x????xxxxxxxxxxxxxxxxxxx????xxxxx????xx????xxxxxx????xxxxxxxxxxxxx????xxxxxx????xxx????x????xxxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxxxxx", "\xA1\x38\x79\x55\x22\x81\xEC\x00\x01\x00\x00\x53\x56\x8B\xF1\x8B\x48\x2C\x85\xC9\x57\x74\x21\x68\xDC\xE4\x4D\x22\x8D\x4C\x24\x10\x68\x24\x14\x4B\x22\x51\xE8\xF5\xC3\xED\xFF\x8B\x56\x04\x50\x52\xE8\x6B\x47\xFC\xFF\x83\xC4\x14\x8B\x06\x8B\xCE\xFF\x50\x2C\x8B\xCE\xE8\xBA\x58\x00\x00\x8B\x4E\x24\x6A\x04\xE8\x10\x39\x02\x00\x6A\x30\xB9\xC0\x97\x55\x22\xE8\x54\xD2\x10\x00\x85\xC0\x8B\x9C\x24\x10\x01\x00\x00\x74\x18\x8B\x8C\x24\x14\x01\x00\x00\x6A\xFF\x6A\x08\x51\x6A\x00\x53\x8B\xC8\xE8\x83\x69\x03\x00\xEB\x02\x33\xC0\x8B\x4E\x24\x6A\x00\x50\xE8\x74\x31\x02\x00\x8B\x4E\x04\x8B\x11\x8B\x7E\x24\xFF\x92\x90\x06\x00\x00\xD9\x5F\x04\x8B\x4E\x24\x53\xE8\x9A\x37\x02\x00\x5F\x5E\xB0\x01\x5B\x81\xC4\x00\x01\x00\x00\xC2\x08\x00", -1, false, 1);

typedef void (__cdecl* UTIL_RemoveFunc)(IServerNetworkable *oldObj);
UTIL_RemoveFunc UTIL_Remove_;
CSigScanner SigUtil_Remove("SigUtil_Remove", SIGRANGESERVERDLL, &UTIL_Remove_, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxx????x????xxx", "\x56\x8B\x74\x24\x08\x85\xF6\x74\x49\x8B\x06\x8B\xCE\xFF\x50\x08\xA8\x01\x75\x3E\x8B\x16\x57\x6A\x01\x8B\xCE\xFF\x52\x0C\x8B\x06\x8B\xCE\xFF\x50\x24\x8B\xF8\x85\xFF\x74\x1B\xC6\x05\x32\x8E\x43\x22\x00\x8B\x17\x8B\xCF\xFF\x92\x60\x01\x00\x00\xC7\x87\xC0\x00\x00\x00\x00\x00\x00\x00\x56\xB9\x38\x19\x40\x22\xE8\xEF\x3A\xED\xFF\x5F\x5E\xC3", -1, false, 1);

void UTIL_Remove(CBaseEntity *oldObj){
	if(!oldObj)
		return;
	
	UTIL_Remove_(oldObj->NetworkProp());
}
If I accidentally left a static addr in one of those, no big deal - I'd just find it again. They were generated with my sig gen, so I wouldn't trust them with my life. I recommend you hand roll yours

Also included siggen2 - copy olly disasm dump into it, and it should make a sig. It's nowhere near 'good', but it's decent
Attached Files
File Type: zip siggen2.zip (20.7 KB, 599 views)
File Type: h csigscanner.h (911 Bytes, 489 views)
File Type: cpp csigscanner.cpp (3.1 KB, 476 views)
__________________
Avoid like the plague.
vancelorgin is offline
BAILOPAN
Join Date: Jan 2004
Old 01-12-2005 , 15:31  
Reply With Quote #2

Nice!

God willing, someday I'll be able to actually find sigs...

btw, you may want to attach that as a file instead of a code block...
__________________
egg
BAILOPAN is offline
vancelorgin
Senior Member
Join Date: Dec 2004
Location: san frandisco
Old 01-12-2005 , 15:35  
Reply With Quote #3

probably woulda been a good idea
__________________
Avoid like the plague.
vancelorgin is offline
Geesu
Veteran Member
Join Date: Mar 2004
Location: Cincinnati, OH
Old 01-12-2005 , 16:05  
Reply With Quote #4

You wouldn't want to say what this is would ya?
__________________
Need war3ft help? DO NOT PM ME... Check the forums
Geesu is offline
Send a message via AIM to Geesu Send a message via MSN to Geesu
vancelorgin
Senior Member
Join Date: Dec 2004
Location: san frandisco
Old 01-12-2005 , 16:07  
Reply With Quote #5

What's the first sentence of the thread? Honestly..

If you insist on knowing, it's just a class that looks through the server module for a function using a signature that won't change when they release a new version of the module.
__________________
Avoid like the plague.
vancelorgin is offline
Manip
Senior Member
Join Date: Jan 2004
Old 01-12-2005 , 16:53  
Reply With Quote #6

Code:
CSigScanner SigCAI_Navigator_SetDirectGoal("SigCAI_Navigator_SetDirectGoal", SIGRANGESERVERDLL, NULL, "x????xxxxxxxxxxxxxxxxxxx????xxxxx????xx????xxxxxx????xxxxxxxxxxxxx????xxxxxx????xxx????x????xxxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxxxxx", "\xA1\x38\x79\x55\x22\x81\xEC\x00\x01\x00\x00\x53\x56\x8B\xF1\x8B\x48\x2C\x85\xC9\x57\x74\x21\x68\xDC\xE4\x4D\x22\x8D\x4C\x24\x10\x68\x24\x14\x4B\x22\x51\xE8\xF5\xC3\xED\xFF\x8B\x56\x04\x50\x52\xE8\x6B\x47\xFC\xFF\x83\xC4\x14\x8B\x06\x8B\xCE\xFF\x50\x2C\x8B\xCE\xE8\xBA\x58\x00\x00\x8B\x4E\x24\x6A\x04\xE8\x10\x39\x02\x00\x6A\x30\xB9\xC0\x97\x55\x22\xE8\x54\xD2\x10\x00\x85\xC0\x8B\x9C\x24\x10\x01\x00\x00\x74\x18\x8B\x8C\x24\x14\x01\x00\x00\x6A\xFF\x6A\x08\x51\x6A\x00\x53\x8B\xC8\xE8\x83\x69\x03\x00\xEB\x02\x33\xC0\x8B\x4E\x24\x6A\x00\x50\xE8\x74\x31\x02\x00\x8B\x4E\x04\x8B\x11\x8B\x7E\x24\xFF\x92\x90\x06\x00\x00\xD9\x5F\x04\x8B\x4E\x24\x53\xE8\x9A\x37\x02\x00\x5F\x5E\xB0\x01\x5B\x81\xC4\x00\x01\x00\x00\xC2\x08\x00", -1, false, 1);
There is no god...
Manip is offline
Send a message via AIM to Manip
c0ldfyr3
AlliedModders Donor
Join Date: Aug 2005
Location: Ireland
Old 10-17-2005 , 12:25  
Reply With Quote #7

So instead of scanning for a sig on linux, how do I do it ?
Got it all to work in windows.

Pls dont flame the tardedness, im just learning =)
__________________
c0ldfyr3 is offline
Send a message via MSN to c0ldfyr3 Send a message via Yahoo to c0ldfyr3
XAD
Senior Member
Join Date: Mar 2004
Location: Sweden
Old 10-17-2005 , 12:40  
Reply With Quote #8

Quote:
Originally Posted by c0ldfyr3
So instead of scanning for a sig on linux, how do I do it ?
Got it all to work in windows.

Pls dont flame the tardedness, im just learning =)
Can I flame just for fun??

In linux it's so much simplier as you only need to link in the "$(GAME_DIR)/cstrike/bin/server_i486.so" file... the only trick is how you link it in as it has to found both when you compile and when you run it...

To get the functions you can call, you can use the debugger gdb and list them...

Example of plugin code:
Code:
#if defined SERVER_LINK && defined _LINUX
((CCSPlayer*)baseplayer)->SwitchTeam( iNewTeam );

#if defined _WIN
CCSPlayer_SwitchTeam_( (CBasePlayer*)baseplayer, iNewTeam );
The call code is very similar but you don't have to mess with the sigscanner stuff... and as long as they don't change the function name or class name it doesn't matter if they recode the function...

/X
XAD is offline
c0ldfyr3
AlliedModders Donor
Join Date: Aug 2005
Location: Ireland
Old 10-17-2005 , 13:13  
Reply With Quote #9

In the makefile..
Code:
ln -sf $(SRCDS)/server_i486.so server_i486.so
Would that link it ?
__________________
c0ldfyr3 is offline
Send a message via MSN to c0ldfyr3 Send a message via Yahoo to c0ldfyr3
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:05.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode