Orpheu: Patching strings in memory

joaquimandrade · **Author**

This is a mini-tutorial to demonstrate how to use Orpheu to replace strings in memory. You can use this functionality to:

Change text to something you want
Replace models or sounds efficiently
More stuff

First, download this software:

http://www.hex-rays.com/idapro/idadownfreeware.htm

Install it and open it.

[IMG]http://img231.**************/img231/6339/45340387.png[/IMG]

Press New

[IMG]http://img12.**************/img12/8282/79514323.png[/IMG]

PE Dynamic Library
OK

Now: to see the strings of the:

engine library, open the file swds.dll of your dedicated server folder.
mod, open the file mod/dlls/mp.dll in your dedicated server folder.

For this example I will use the engine library.

[IMG]http://img191.**************/img191/5043/29492852.png[/IMG]

View
Open subviews
Strings

And you will have a list of strings that the library uses.

For this example I will use:

Code:

#      name userid uniqueid frag time ping loss adr\n

First we need to make a file to identify the memory that we are dealing with. It should look like:

Code:

{
    "name"        : "engineString",
    "library"     : "engine",
    "type"        : "string",
    "memoryType"  : "data"
}

The name is up to you, the library is where it is, the type is "string" for this tutorial and memoryType you can check it from the strings table as you have in IDA. Like:

[IMG]http://img46.**************/img46/883/71307609.png[/IMG]

data is "data"
rdata is "rodata"
text is "code"

This field is meant to ensure integrity after messing with memory but is only useful in Linux. Anyway, you have to provide a valid type.

Now, save the file with the content described above in

configs/orpheu/memory and name it as you want.

To use it now you would do something like:

PHP Code:


			
    #include <amxmodx>
    #include <orpheu_memory>
    
    public plugin_precache()
    {
        OrpheuMemoryReplace("engineString",0,"#      name userid uniqueid frag time ping loss adr^n","# Arkshine loves Connor^n")
    }

Beware that when you do this you should not use replacement strings longer than the original.

Now, when running this plugin, if your server users use the command status they will see:

[IMG]http://img205.**************/img205/184/60858560.png[/IMG]

**Arkshine** · 02-06-2010 , 09:14 Re: Orpheu: Patching strings in memory

~~Nice.~~

I hate your tutorial.

joaquimandrade · 02-06-2010 , 09:16 Re: Orpheu: Patching strings in memory

A more useful example (replaces the sound of when you press +USE without using nothing):

Code:

{
    "name"        : "modString",
    "library"     : "mod",
    "type"        : "string",
    "memoryType"  : "data"
}

PHP Code:


			
    #include <amxmodx>
    #include <orpheu_memory>
    
    public plugin_precache()
    {
        OrpheuMemoryReplace("modString",0,"common/wpn_denyselect.wav","common/bodysplat.wav")
    }

**Arkshine** · *Last edited by Arkshine; 02-06-2010 at 09:35.*

Changing weapon models is now a lot more efficient :

Code:

{
    "name"        : "weaponModels",
    "library"     : "mod",
    "type"        : "string",
    "memoryType"  : "data"
}

Code:

#include <amxmodx>
#include <orpheu_memory>
    
public plugin_precache()
{
     OrpheuMemoryReplace( "weaponModels", 0, "models/v_hegrenade.mdl", "models/v_hegrenad.mdl" );
     OrpheuMemoryReplace( "weaponModels", 0, "models/w_m4a1.mdl", "models/w_m4a2.mdl" );
}

The weapon sounds won't still work since it's handled by the client.

xPaw · 02-06-2010 , 09:34 Re: Orpheu: Patching strings in memory

Wow, thats really nice

KadiR · 02-06-2010 , 10:56 Re: Orpheu: Patching strings in memory

[/AGREE]

Quote:

Originally Posted by xPaw

Wow, thats really nice

[/AGREED]

Nice comments Arkshine

Exolent[jNr] · 02-06-2010 , 14:28 Re: Orpheu: Patching strings in memory

Quote:

Arkshine loves Connor

LOL

Will there be more tutorials about using Orpheu?
This helped me learn some about it, but I'm kind of lost as to what this module can do and how to use it.

**Arkshine** · *Last edited by Arkshine; 02-06-2010 at 15:35.*

'Quim will probably post about the use of virtual functions.
I'm writing a tuto "How find functions and make signatures". Something like.

You have to use IDA or such software to understand that you can do a lot of things, like to find that such function is called from others functions ( to block, etc.. ). HLSDK is obviously not enough for CS functions. Or you need to block/replace a specific thing in one function, so you see the disassembled code, then you could for example find a constant value you could change and making a patch. Like the plugin 'infinite round' I nop a check so the whole if() is ignored.

You have to know how are done the funtions so you can do almost what you want. For example, using IDA by decompiling and changing some things, you can see for example what does exactly PM_Jump : http://paste.ak-team.com/f87e7065 ; then you see there are constants, you could change easily, or ignoring.

What I say is for the game dll, but you can do more things with other library like "engine", so much interesting functions there to alter.
Anyway above is very specific, you can also change param/param of struct of a function on-the-fly easily and such.

01101101 · 02-06-2010 , 15:58 Re: Orpheu: Patching strings in memory

So I could do something like

PHP Code:


			
    #include <amxmodx>
    #include <orpheu_memory>
    
    public plugin_precache()
    {
        OrpheuMemoryReplace("engineString",0,"Connection accepted by %s^n","Welcome %s to porn server !!!^n")
    }

Code:

{
    "name"        : "engineString",
    "library"     : "engine",
    "type"        : "string",
    "memoryType"  : "data"
}

DarkGod · 02-06-2010 , 15:59 Re: Orpheu: Patching strings in memory

This is very interesting. Thanks.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode