Raised This Month: $7 Target: $400
 1% 

Orpheu: Searching for functions in libraries


Post New Thread Reply   
 
Thread Tools Display Modes
hlstriker
Green Gaben
Join Date: Mar 2006
Location: OH-IO!
Old 04-08-2011 , 00:58   Re: Orpheu: Searching for functions in libraries
Reply With Quote #31

Thanks Arkshine,

I'm wondering though how do you know to subtract 2 in "260/4 - 2"?

The function is: CBasePlayer__TeamFortress_TakeConcussionBlast .
hlstriker is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 04-08-2011 , 12:04   Re: Orpheu: Searching for functions in libraries
Reply With Quote #32

/4 because an offset is always scaled by it's data type, since I don't know much C++ I can't explain well, but here each virtual call address is based on 4 bytes.
-2 because you have to that in linux :p, when you look at IDA, you see it starts by 2 offsets before the real list starts.

I've decompiled fastly the function CBasePlayer::TeamFortress_TakeConcussionBlast ().
It may not exact and vars may not named properly but you get the idea.
So yes, it's was pev->velocity and the virtual call TeamFortress_Concuss().

PHP Code:
CBasePlayer::TeamFortress_TakeConcussionBlastentvars_s *pVictimfloat blast )
{
    if( 
IsAlive() && pev->playerclass )
    {
        
Vector direction pev->origin pVictim->pev->origin;

        if( 
direction.length() < 16.0 )
        {
            
pev->velocity *= 0.33;
        }

        
pev->velocity *= ( blast direction.length() * 0.5 ) * 0.03;
        
pev->velocity.*= 1.5;
        
        if( !( 
gpGlobals->teamplay & ( 1<<1<<1<<1<<) ) || m_iTeamIndex <= || IsAllyCBasePlayer::InstancepVictim ) || pVictim->>owner == edict() )
        {
            
MESSAGE_BEGiNMSG_ONEgmsgDamageNULLENTpev ) );
                
WRITE_BYTE);
                
WRITE_BYTE);
                
WRITE_LONG512 );
                
WRITE_COORDpVictim->origin.);
                
WRITE_COORDpVictim->origin.);
                
WRITE_COORDpVictim->origin.);
            
MESSAGE_END();
            
            
TeamFortress_ConcusspVictim ); 

            
CBasePlayerowner CBasePlayer::InstancepVictim->owner );

            
charteamName;
            
charownerTeamName;
            
            if( 
m_iTeamIndex )
                
teamName GetTeamNamem_iTeamIndex );
            else
                
teamName "SPECTATOR";
                
            if( 
owner->m_iTeamIndex )
                
ownerTeamName GetTeamNameowner->m_iTeamIndex );
            
            
UTIL_LogPrintf"\"%s<%i><%s><%s>\" triggered \"Concussion_Grenade\" against \"%s<%i><%s><%s>\"\n"
                
STRINGpev->netname ),
                
GETPLAYERUSERIDedict() ),
                
GETPLAYERAUTHIDedict() ),
                
teamName,
                
STRINGowner->pev->netname ),
                
GETPLAYERUSERIDowner->edict() ),
                
GETPLAYERAUTHIDowner->edict() ),
                
ownerTeamName
        
}
    }

Here the vtable list of CBasePlayer :

PHP Code:
// Auto reconstructed from vtable block @ 0x00163240
// from "tfc_i386.so", by ida_vtables.idc
0    ___11CBasePlayer
1    CBasePlayer
::Spawn(void)
2    CBasePlayer::Precache(void)
3    CBaseMonster::KeyValue(KeyValueData_s *)
4    CBasePlayer::Save(CSave &)
5    CBasePlayer::Restore(CRestore &)
6    CBasePlayer::ObjectCaps(void)
7    CBaseEntity::Activate(void)
8    CBaseEntity::SetObjectCollisionBox(void)
9    CBasePlayer::Classify(void)
10    CBaseEntity::DeathNotice(entvars_s *)
11    CBasePlayer::TraceAttack(entvars_s *,float,Vector,TraceResult *,int)
12    CBasePlayer::TakeDamage(entvars_s *,entvars_s *,float,int)
13    CBasePlayer::TakeHealth(float,int)
14    CBasePlayer::Killed(entvars_s *,entvars_s *,int)
15    CBaseMonster::BloodColor(void)
16    CBaseEntity::TraceBleed(float,Vector,TraceResult *,int)
17    CBaseEntity::IsTriggered(void)
18    CBaseMonster::MyMonsterPointer(void)
19    CBaseEntity::MySquadMonsterPointer(void)
20    CBaseToggle::GetToggleState(void)
21    CBasePlayer::AddPlayerItem(CBasePlayerItem *)
22    CBasePlayer::RemovePlayerItem(CBasePlayerItem *)
23    CBasePlayer::GiveAmmo(int,char *,int,int *)
24    CBaseToggle::GetDelay(void)
25    CBaseMonster::IsMoving(void)
26    CBaseEntity::OverrideReset(void)
27    CBaseEntity::DamageDecal(int)
28    CBaseEntity::SetToggleState(int)
29    CBasePlayer::StartSneaking(void)
30    CBasePlayer::StopSneaking(void)
31    CBaseEntity::OnControls(entvars_s *)
32    CBasePlayer::IsSneaking(void)
33    CBasePlayer::IsAlive(void)
34    CBaseEntity::IsBSPModel(void)
35    CBaseEntity::ReflectGauss(void)
36    CBaseEntity::HasTarget(unsigned int)
37    CBaseEntity::IsInWorld(void)
38    CBasePlayer::IsPlayer(void)
39    CBasePlayer::IsNetClient(void)
40    CBaseEntity::DB_GetItemName(void)
41    CBaseEntity::GetNextTarget(void)
42    CBaseEntity::Think(void)
43    CBaseEntity::Touch(CBaseEntity *)
44    CBaseEntity::Use(CBaseEntity *,CBaseEntity *,USE_TYPE,float)
45    CBaseEntity::Blocked(CBaseEntity *)
46    CBaseEntity::Respawn(void)
47    CBaseEntity::UpdateOwner(void)
48    CBasePlayer::FBecomeProne(void)
49    CBaseEntity::Center(void)
50    CBaseEntity::EyePosition(void)
51    CBaseEntity::EarPosition(void)
52    CBasePlayer::BodyTarget(Vector const &)
53    CBasePlayer::Illumination(void)
54    CBaseEntity::FVisible(CBaseEntity *)
55    CBaseEntity::FVisible(Vector const &)
56    CBasePlayer::EngineerUse(CBasePlayer *)
57    CBaseEntity::Finished(void)
58    CBaseEntity::TeamFortress_EMPExplode(entvars_s *,float,float)
59    CBasePlayer::TeamFortress_CalcEMPDmgRad(float &,float &)
60    CBasePlayer::TeamFortress_TakeEMPBlast(entvars_s *)
61    CBaseEntity::TeamFortress_EMPRemove(void)
62    CBasePlayer::TeamFortress_TakeConcussionBlast(entvars_s *,float)
63    CBasePlayer::TeamFortress_Concuss(entvars_s *)
64    CBaseMonster::HandleAnimEvent(MonsterEvent_t *)
65    CBaseMonster::Look(int)
66    CBaseMonster::RunAI(void)
67    CBasePlayer::ShouldFadeOnDeath(void)
68    CBaseMonster::ChangeYaw(int)
69    CBaseMonster::MonsterThink(void)
70    CBaseMonster::IRelationship(CBaseEntity *)
71    CBaseMonster::MonsterInit(void)
72    CBaseMonster::MonsterInitDead(void)
73    CBaseMonster::BecomeDead(void)
74    CBaseMonster::StartMonster(void)
75    CBaseMonster::BestVisibleEnemy(void)
76    CBaseMonster::FInViewCone(CBaseEntity *)
77    CBaseMonster::FInViewCone(Vector *)
78    CBaseMonster::CheckLocalMove(Vector const &,Vector const &,CBaseEntity *,float *)
79    CBaseMonster::Move(float)
80    CBaseMonster::MoveExecute(CBaseEntity *,Vector const &,float)
81    CBaseMonster::ShouldAdvanceRoute(float)
82    CBaseMonster::GetStoppedActivity(void)
83    CBaseMonster::Stop(void)
84    CBaseMonster::CheckRangeAttack1(float,float)
85    CBaseMonster::CheckRangeAttack2(float,float)
86    CBaseMonster::CheckMeleeAttack1(float,float)
87    CBaseMonster::CheckMeleeAttack2(float,float)
88    CBaseMonster::ScheduleFromName(char const *)
89    CBaseMonster::StartTask(Task_t *)
90    CBaseMonster::RunTask(Task_t *)
91    CBaseMonster::GetScheduleOfType(int)
92    CBaseMonster::GetSchedule(void)
93    CBaseMonster::ScheduleChange(void)
94    CBaseMonster::CanPlaySequence(int,int)
95    CBaseMonster::CanPlaySentence(int)
96    CBaseMonster::PlaySentence(char const *,float,float,float)
97    CBaseMonster::PlayScriptedSentence(char const *,float,float,float,int,CBaseEntity *)
98    CBaseMonster::SentenceStop(void)
99    CBaseMonster::GetIdealState(void)
100    CBaseMonster::SetActivity(Activity)
101    CBaseMonster::ReportAIState(void)
102    CBaseMonster::CheckEnemy(CBaseEntity *)
103    CBaseMonster::FTriangulate(Vector const &,Vector const &,float,CBaseEntity *,Vector *)
104    CBaseMonster::SetYawSpeed(void)
105    CBaseMonster::BuildNearestRoute(Vector,Vector,float,float)
106    CBaseMonster::FindCover(Vector,Vector,float,float)
107    CBaseMonster::FValidateCover(Vector const &)
108    CBaseMonster::CoverRadius(void)
109    CBaseMonster::FCanCheckAttacks(void)
110    CBaseMonster::CheckAmmo(void)
111    CBaseMonster::IgnoreConditions(void)
112    CBaseMonster::FValidateHintType(short)
113    CBaseMonster::FCanActiveIdle(void)
114    CBaseMonster::ISoundMask(void)
115    CBaseMonster::PBestSound(void)
116    CBaseMonster::PBestScent(void)
117    CBaseMonster::HearingSensitivity(void)
118    CBasePlayer::BarnacleVictimBitten(entvars_s *)
119    CBasePlayer::BarnacleVictimReleased(void)
120    CBaseMonster::PrescheduleThink(void)
121    CBaseMonster::GetDeathActivity(void)
122    CBaseMonster::GibMonster(void)
123    CBaseMonster::HasHumanGibs(void)
124    CBaseMonster::HasAlienGibs(void)
125    CBaseMonster::FadeMonster(void)
126    CBaseMonster::RadiusDamage(entvars_s *,entvars_s *,float,int,int)
127    CBaseMonster::RadiusDamage(Vector,entvars_s *,entvars_s *,float,int,int)
128    CBasePlayer::DeathSound(void)
129    CBaseMonster::AlertSound(void)
130    CBaseMonster::IdleSound(void)
131    CBasePlayer::PainSound(void)
132    CBaseMonster::StopFollowing(int)
133    CBasePlayer::Jump(void)
134    CBasePlayer::Duck(void)
135    CBasePlayer::PreThink(void)
136    CBasePlayer::PostThink(void)
137    CBasePlayer::ImpulseCommands(void
__________________

Last edited by Arkshine; 04-09-2011 at 05:01.
Arkshine is offline
hlstriker
Green Gaben
Join Date: Mar 2006
Location: OH-IO!
Old 04-08-2011 , 16:25   Re: Orpheu: Searching for functions in libraries
Reply With Quote #33

Thanks, I now understand how to find functions and structure members How would I find class members such as m_iTeamIndex though? I looked through IDA and the decompiled code and couldn't find member variables at all.
hlstriker is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 04-08-2011 , 17:17   Re: Orpheu: Searching for functions in libraries
Reply With Quote #34

I have started to do a tutorial about that but since I want to be complete it needs some time (also things i still don't understand), anyway, it's the same way, pointer of class + offset.

Ex : m_iTeamIndex, label created by me (there is no reference, but you can guess what does the offset), you see : *(pPlayer + 308) . pPlayer being a pointer to CBasePlayer class. The data type seems to be an int, so the size is 4 bytes, then you do 308/4 = 77 for linux, 72 for windows (You need to remove -5 for windows and reversely for the CBasePlayer class, for weapon, it's generally +4 for linux).

You get the idea.
__________________
Arkshine is offline
hlstriker
Green Gaben
Join Date: Mar 2006
Location: OH-IO!
Old 04-09-2011 , 16:52   Re: Orpheu: Searching for functions in libraries
Reply With Quote #35

Alright awesome, looking forward to that tutorial
hlstriker is offline
Old 08-01-2011, 01:54
DeLiriuM
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:14
Arkshine
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:17
jim_yang
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:26
DeLiriuM
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:42
Arkshine
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:50
DeLiriuM
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:51
fysiks
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:53
Arkshine
This message has been deleted by Emp`. Reason: Irrelevant
Old 08-01-2011, 03:58
DeLiriuM
This message has been deleted by Emp`. Reason: Irrelevant
Bugsy
AMX Mod X Moderator
Join Date: Feb 2005
Location: NJ, USA
Old 08-30-2011 , 12:54   Re: Orpheu: Searching for functions in libraries
Reply With Quote #36

I am, for the first time, experimenting with orpheu and I'm having a hard time understanding how to make sense of the windows binaries. I open in IDA and have viewed the decompiled C-like code (ctrl F5?) but cannot locate specific functions. I tried to search by a string that is handled in the function but no strings appear in my decompiled code like it does in quims OP. The only way to view strings is in the strings window in IDA but I don't know how to link them with a particular function. When I view the linux library, everything is nice and each function carries its proper name and strings are in place in the code. Can anyone give me pointers? Do I have IDA configured incorrectly? My version is 6. something, paid edition.
__________________
Bugsy is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 08-30-2011 , 14:29   Re: Orpheu: Searching for functions in libraries
Reply With Quote #37

That's why you have to work with both windows and linux at the same time, because on windows there is no symbols name like in linux. To find a function under windows, you have to find string or refs first on linux for a function, then you do the same for windows. Once the function found, rename it. You should rename as much you can. At first it's a pain but once you are used to do that, it's fairly fast.
__________________
Arkshine is offline
Bugsy
AMX Mod X Moderator
Join Date: Feb 2005
Location: NJ, USA
Old 08-30-2011 , 14:41   Re: Orpheu: Searching for functions in libraries
Reply With Quote #38

But the problem is I cannot find any strings in the windows file, only linux. I decompile each to the c code and linux has strings throughout but windows has no strings. I did exactly as quim says in his OP but my windows.c file has no strings in it but my linux.c does...As explained in my post.
__________________
Bugsy is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 08-30-2011 , 14:56   Re: Orpheu: Searching for functions in libraries
Reply With Quote #39

Decompiling helps more to see if the function is or less the same.

To find a function, you should search by string using the String Sub-view.

Menu : View > Open subviews -> Strings

Then, find your strings in the list ( Alt + T ), double-click, and you should see at the right of the string, where it's referenced. You may have more than one functions, and to see all functions, you can select the symbol of the string, click right and "Jump to xref to operand..." or directly X key.

Example :
Code:
77 65 61 70 6F 6E 73 2F 70 32+    aWeaponsP2281_w db 'weapons/p228-1.wav',0
.data:101063A0 32 38 2D 31 2E 77 61 76 00                                                ; DATA XREF: sub_1000BFF0+24o
You see at the right "sub_1000BFF0", it's function where the string is referenced and you can double-click on it. If you see there are more, select "aWeaponsP2281_w" and type X, you should see a windows with all the functions.

It's possible to use too the search function : Search > text...and with "Find all references" ticked.
__________________

Last edited by Arkshine; 08-30-2011 at 14:59.
Arkshine is offline
Bugsy
AMX Mod X Moderator
Join Date: Feb 2005
Location: NJ, USA
Old 08-30-2011 , 15:14   Re: Orpheu: Searching for functions in libraries
Reply With Quote #40

Thanks for the info, I'll make another attempt when I get behind my pc tonight. Is there any reason why strings do not appear in my windows decompile .c file like they do in quims example in his OP? Linux yes, windows no. ie, I can't find "exec game.cfg" as he shows.
__________________

Last edited by Bugsy; 08-30-2011 at 15:17.
Bugsy is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:13.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode