@adrianman - _srv has the symbols, the other one has been stripped of symbols.
@CanadaRox - L4DT2 has a detour for CTerrorPlayer_OnRevived, and the detour patches the beginning of the function. If L4DT2 patches OnRevived before another plugin tries to find OnRevived's signature, the other plugin will fail (see the "L4D2 new custom commands" plugin thread). This is the sig I recommend for OnRevived, as it avoids checking the bytes that are modified at runtime to support the detour.
PHP Code:
/*
* CTerrorPlayer::OnRevived(void)
*
* ->Search for string "revive_success", then open vtables window. Should be the 5th member.
* Left4Downtown2 patches this function, which will prevent Sourcemod from finding it
* That is why the first six bytes are wild cards
* With so many wildcards at the start, we need many more bytes to find a unique signature
* The original signature remains commented out, for posterity
*/
"CTerrorPlayer_OnRevived"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer9OnRevivedEv"
"windows" "\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\xF1\x8B\x06\x8B\x90\x24\x01\x00\x00\x57\xff\xd2\x84\xc0\x0f\x84\x7C"
/* ? ? ? ? ? ? ? ? ? F1 8B 06 8B 90 24 01 00 00 57 ff d2 84 c0 0f 84 7C */
/* "windows" "\x55\x8B\xEC\x83\xEC\x3C\x53\x56\x8B\xF1\x8B\x06\x8B\x90\x24\x01\x00\x00\x57\xFF\xD2\x84\xC0\x0F\x84\x7C"
/* 55 8B EC 83 EC 3C 53 56 8B F1 8B 06 8B 90 24 01 00 00 57 ff d2 84 c0 0f 84 7C */
}
EDIT:
@CanadaRox - did you test your TakeOverBot signature to make sure it loads? I notice you're using part of a sequence that was giving me problems.
I've found that (some?) of the following chunk of bytes changes at runtime. I'm not sure which ones, but if I use a signature with these bytes in it, it fails to load until I wildcard these bytes. A1 58 32 7C 10 33 C5 89 45 FC. IDA says it had something to do with a __security_cookie. EDIT: it appears that only the address of the cookie needs to be wild carded; unlike other addresses which *may* be wild carded, this *must* be wild carded.
That matches the last five bytes of your TakeOverBot signature. Which is why I'm asking if you tested it.
__________________