Raised This Month: $12 Target: $400
 3% 

[IDA/DHooks]How to get vtable offsets


Post New Thread Reply   
 
Thread Tools Display Modes
donrevan
AlliedModders Donor
Join Date: Jul 2010
Old 03-09-2016 , 17:37   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #41

Quote:
Originally Posted by Spirit_12 View Post
Can I know how did you get to that number?
Is it even working? It's the only offset in the function which looks like it could be the "SurvivalCounter".
You can use this sig to find the value(ALT+B in IDA):
Code:
80 BC 03 ? ? ? ? 01 83 DA FF 83 C0 01 83 F8 04

Last edited by donrevan; 03-09-2016 at 17:38.
donrevan is offline
StrikerMan780
AlliedModders Donor
Join Date: Jul 2009
Location: Canada
Old 04-09-2016 , 00:07   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #42

I am trying to hook CEngineSoundServer::SetPlayerDSP...

this is the vtable result
Code:
// Auto reconstructed from vtable block @ 0x0023C740
// from "engine_srv.so", by ida_vtables.idc
0	CEngineSoundServer::IsSoundPrecached(char  const*)
1	CEngineSoundServer::PrefetchSound(char  const*)
2	CEngineSoundServer::GetSoundDuration(char  const*)
3	CEngineSoundServer::EmitSound(IRecipientFilter &,int,int,char  const*,float,float,int,int,int,Vector  const*,Vector  const*,CUtlVector<Vector,CUtlMemory<Vector,int>> *,bool,float,int)
4	CEngineSoundServer::EmitSound(IRecipientFilter &,int,int,char  const*,float,soundlevel_t,int,int,int,Vector  const*,Vector  const*,CUtlVector<Vector,CUtlMemory<Vector,int>> *,bool,float,int)
5	CEngineSoundServer::EmitSentenceByIndex(IRecipientFilter &,int,int,int,float,soundlevel_t,int,int,int,Vector  const*,Vector  const*,CUtlVector<Vector,CUtlMemory<Vector,int>> *,bool,float,int)
6	CEngineSoundServer::StopSound(int,int,char  const*)
7	CEngineSoundServer::StopAllSounds(bool)
8	CEngineSoundServer::SetRoomType(IRecipientFilter &,int)
9	CEngineSoundServer::SetPlayerDSP(IRecipientFilter &,int,bool)
10	CEngineSoundServer::EmitAmbientSound(char  const*,float,int,int,float)
11	CEngineSoundServer::GetDistGainFromSoundLevel(soundlevel_t,float)
12	CEngineSoundServer::GetGuidForLastSoundEmitted(void)
13	CEngineSoundServer::IsSoundStillPlaying(int)
14	CEngineSoundServer::StopSoundByGuid(int)
15	CEngineSoundServer::SetVolumeByGuid(int,float)
16	CEngineSoundServer::GetActiveSounds(CUtlVector<SndInfo_t,CUtlMemory<SndInfo_t,int>> &)
17	CEngineSoundServer::PrecacheSentenceGroup(char  const*)
18	CEngineSoundServer::NotifyBeginMoviePlayback(void)
19	CEngineSoundServer::NotifyEndMoviePlayback(void)
20	CEngineSoundServer::~CEngineSoundServer()
21	CEngineSoundServer::~CEngineSoundServer()
The tutorial confuses me though. I have no idea what to do. I don't know how to get DHooks to use this specific VTable, or anything...

If someone can help find the Signatures and create the gamedata, and then go over the process, I'd be grateful.

Last edited by StrikerMan780; 04-09-2016 at 00:39.
StrikerMan780 is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 04-09-2016 , 04:27   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #43

GoD-Tony and Drifter have both posted many examples of hooking functions on exported interfaces with DHooks.
__________________
asherkin is offline
StrikerMan780
AlliedModders Donor
Join Date: Jul 2009
Location: Canada
Old 04-09-2016 , 10:54   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #44

I found this: https://forums.alliedmods.net/showpo...&postcount=129
and this: https://forums.alliedmods.net/showpo...2&postcount=60

Neither make sense to me.

What does "read" and "keys" do, what do the sections mean, why doesn't the name of the interface match what it says in IDA? HOW do I find the correct name for the interface to hook? Nothing makes sense, and the lack of GameData documentation on the Wiki is pretty horrendous. (Finding VTable offsets is the only thing I could find.) I don't see how to target a specific vtable, or a specific dll/so file and what any of the syntax means.

EDIT: Found the interface by pure stroke of luck and an educated guess, but the steps I need to take to get it weren't gone over by anybody (as far as I could see). So I will.

When I was looking to hook CEngineSoundServer::SetPlayerDSP, I needed to find the interface, so I went to the base function in the class


In this case it was CEngineSoundServer::~CEngineSoundServer()

So, I clicked on it, and clicked on the first line of the function, like so:


Then, clicked "Jump", then "Jump to Cross-Reference"

Click on the global subroutine, like so, and hit OK.


Which should lead you to a page, where, if you look down a little, you can see the interface name. I highlighted it in this image:


Here is my resulting gamedata:
Code:
"Games"
{
	"#default"
	{
		"Keys"
		{
			"EngineInterface"	"IEngineSoundServer003"
		}
		"Signatures"
		{
			"CreateInterface"
			{
				"library"		"engine"
				"windows"		"@CreateInterface"
				"linux"			"@CreateInterface"
			}
		}
		"Offsets"
		{
			"SetPlayerDSP"
			{
				"windows"	"9"
				"linux"		"10"
			}
		}
	}
}

Last edited by StrikerMan780; 04-09-2016 at 11:25.
StrikerMan780 is offline
Peace-Maker
SourceMod Plugin Approver
Join Date: Aug 2008
Location: Germany
Old 04-09-2016 , 13:30   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #45

The saner way would be to have a look at the source sdk and check the public engine interfaces to find the name of the interface.

The "Keys" section in a gamedata file is just a keyvalues section to store arbitary info per game. The "read" key in an "Addresses" section would add the specified amount of bytes to the address and dereference it. You can add up to 8 "read" keys to an address to jump through memory.

https://wiki.alliedmods.net/SDKTools...ddress_lookups
__________________
Peace-Maker is offline
StrikerMan780
AlliedModders Donor
Join Date: Jul 2009
Location: Canada
Old 04-09-2016 , 13:37   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #46

Did I set my gamedata up correctly, then?
StrikerMan780 is offline
micapat
Veteran Member
Join Date: Feb 2010
Location: Nyuu, nyuu (France).
Old 11-29-2016 , 15:43   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #47

Hi everyone,

I think I'm retarded: how do you display the function names under Linux? I'm using IDA 5.0 (Free), and I got for the function names:

"sub_392890"
"sub_393230"
...
Not really useful.

Remark: I use 'server.so' from the last CS:GO update (29th November).
__________________
micapat is offline
psychonic

BAFFLED
Join Date: May 2008
Old 11-29-2016 , 15:46   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #48

You can't. They're gone now. Be sure to thank the CS:GO team.
psychonic is offline
micapat
Veteran Member
Join Date: Feb 2010
Location: Nyuu, nyuu (France).
Old 11-29-2016 , 16:24   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #49

Nice, they never cease to amaze me.

So, is there still a way to get the vtable of a class (To find the function offsets)?
__________________
micapat is offline
psychonic

BAFFLED
Join Date: May 2008
Old 11-29-2016 , 16:26   Re: [IDA/DHooks]How to get vtable offsets
Reply With Quote #50

Quote:
Originally Posted by micapat View Post
Nice, they never cease to amaze me.

So, is there still a way to get the vtable of a class (To find the function offsets)?
On Windows, you can use the Class Informer IDA plugin to find the vtables (including class names). It gets the data from the RTTI.

Last edited by psychonic; 11-29-2016 at 16:26.
psychonic is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:11.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode