You should always try to open the linux binary in IDA first, because generally, it contains the functions symbols and if you're lucky some debug information.
EDIT: As KliPPy said, if you know the binary contains DWARF informations, then you should use
pahole.
TSSpace is a game event. I did not understand at first why you were talking about an offset but I got it once you check out the references.
Usually, when you don't know where to look, you try to find reference of a string related to what you want to search.
Here, it's
TSSpace, luckily it exists in the strings list:
Once you double-click on it, you see if there are references of it.
Here, there is only one reference in the
LinkUserMessages() function.
Once you double-click on it, you will jump to the disassembled code from where it's referenced:
If you have the decompiler available, you can hit
f5 and you will get a pseudo-C code, more easy to understand.
Note: It's possible to improve decompiler output by providing structures, I think there is a tuto about it.
At this point, if you don't understand what does this
LinkUserMessages, you should always try to see if such function exists in the original HLSDK.
Here, you can find it:
https://github.com/alliedmodders/hls....cpp#L193-L240
You understand this function is about registering game events and save an handle into a global variable, here
gmsgTSSpace.
A game message looks like this (begin + arguments + end):
Code:
MESSAGE_BEGIN(MSG_ONE, gmsgScoreInfo, NULL, edict());
WRITE_BYTE(i);
WRITE_SHORT(static_cast<int>(pev->frags));
WRITE_SHORT(m_iDeaths); // This is a member of class
WRITE_SHORT(pev->team);
MESSAGE_END();
From that, what you want to do now, is to find reference of
gmsgTSSpace, because you have likely a member of class used as argument that you want to retrieve its offset.
From the disassembled code, click on
gmsgTSSpace_ptr to select it, then to get the references, you either hit the
X key or you click right.
Note: Depending how it's compiled, you might get a pointer to a global variable. That's why you see "_ptr". If you try to get references from the decompiled output with gmsgTSSpace, it will give you gmsgTSSpace_ptr first, then you need to repeat the operation to get the actual references.
You get two references, one from where it's registered and the other where it's actually used.
Double-click on
CBasePlayer::UpdateClientData().
Again, check on HLSDK how game messages are handled.
You can be sure
TSSpace is handled similar to
https://github.com/alliedmodders/hls...pp#L3977-L3984.
What you're looking for:
- From the disassembled code, it's not easy if you don't have a bit of experience. You want ebp+54Ch and ebp+548h. You can click right (or hit H key) on the number to get the decimal value. The real byte-based offsets are 1352 and 1356. The int-based are 338 and 339 (int = 4 bytes usually, so you divide by 4).
- From the decompiled code, it's much more easy. You see code is similar to the link above. You want *(this + 338) and *(this + 339). A class member offset will be always in the form *(base + offset). this is the object, a pointer to CBasePlayer class. You notice that the decompiled code gives already the int-based offset value, it's because IDA had already the information that this is a pointer of a class. If you want the byte-based offset, you can click right on this and select reset pointer type.
What you got is the linux offset.
Usually, for most of mods, from a windows-based offset to get the linux one, you would need to add some extra offset.
It's because of the
pfn* members, like
m_pfnThink which takes 8 bytes under linux.
You have 4
pfn defined in
CBaseEntity:
https://github.com/alliedmodders/hls...se.h#L210-L213
You have 1
pfn defined in
CBaseAnimating:
https://github.com/alliedmodders/hls...s/cbase.h#L528
This means any offset defined after
m_pfnBlocked and any offsets of classes derivated from
CBaseEntity, you need to add +16 (byte-based) or +4 (int-based).
This means any offset defined after
m_pfnCallWhenMoveDone and any offsets of classes derivated from
CBaseAnimating, you need to add +20 (bytečbased) or +5 (int-based).
In our situation, we're working with a player's offset.
CBasePlayer is derivated from
CBaseMonster > CBaseToggle > CBaseAnimating. This means +20 or +5.
Since we got the linux offset, the windows offset will be: 1352 - 20 = 1332 (or 338 - 5 = 333) and 1356 - 20 = 1336 (or 339 - 5 = 334).
Code:
windows linux
m_iSomething 333 (1332) 338 (1352)
m_iClientSomething 334 (1336) 339 (1356)
Looking the decompiled code and HLSDK, you can imagine the code would looks like:
Code:
if (m_iSomething != m_iClientSomething)
{
m_iClientSomething = m_iSomething;
MESSAGE_BEGIN(MSG_ONE, gmsgTSSpace, NULL, pev);
WRITE_BYTE(m_iSomething);
MESSAGE_END();
}
There is likely thing you won't understand at first because not everything is explained properly, so don't hesitate to ask.
__________________