Raised This Month: $235 Target: $400
 58% 

[EXTENSION] NPCs in CS:S (extended)


Post New Thread Reply   
 
Thread Tools Display Modes
Bearfade
New Member
Join Date: Jan 2020
Location: South Korea
Old 07-31-2021 , 22:54   Re: [EXTENSION] NPCs in CS:S (extended)
Reply With Quote #21

since this update, extensions no more works.
it looks need to update signature.

Bearfade is offline
kadet.89
Veteran Member
Join Date: Nov 2012
Old 08-09-2021 , 16:32   Re: [EXTENSION] NPCs in CS:S (extended)
Reply With Quote #22

Bearfade, I can try to find the signatures, PM me the latest versions of server.so, server.dll, engine.so and engine.dll

Last edited by kadet.89; 08-09-2021 at 16:32.
kadet.89 is offline
Send a message via Skype™ to kadet.89
Bearfade
New Member
Join Date: Jan 2020
Location: South Korea
Old 08-17-2021 , 10:31   Re: [EXTENSION] NPCs in CS:S (extended)
Reply With Quote #23

kadet.89 here is the latest file

engine.dll : https://www.mediafire.com/file/5l5iv...ngine.dll/file
server.dll : https://www.mediafire.com/file/qv4s3...erver.dll/file
server.so : https://www.mediafire.com/file/0ceso...server.so/file

Last edited by Bearfade; 08-30-2021 at 07:57.
Bearfade is offline
kadet.89
Veteran Member
Join Date: Nov 2012
Old 09-04-2021 , 16:27   Re: [EXTENSION] NPCs in CS:S (extended)
Reply With Quote #24

Here are windows signatures for the functions:
SetEnemy
CAI_ScriptedSchedule::StartSchedule -> "Scripted schedule %s specified an invalid enemy %s\n" -> CAI_BaseNPC::SetEnemy

PHP Code:
.text:1004EC70 55                                                  push    ebp
.text:1004EC71 8B EC                                               mov     ebpesp
.text:1004EC73 53                                                  push    ebx
.text:1004EC74 56                                                  push    esi
.text:1004EC75 8B F1                                               mov     esiecx
.text:1004EC77 57                                                  push    edi
.text:1004EC78 8B 96 48 09 00 00                                   mov     edx, [esi+948h]
.
text:1004EC7E 83 FA FF                                            cmp     edx0FFFFFFFFh
.text:1004EC81 74 23                                               jz      short loc_1004ECA6
.text:1004EC83 A1 78 46 4A 10                                      mov     eaxoff_104A4678
.text:1004EC88 8B CA                                               mov     ecxedx
.text:1004EC8A 81 E1 FF 0F 00 00                                   and     ecx0FFFh
.text:1004EC90 83 C0 04                                            add     eax4
.text:1004EC93 C1 E1 04                                            shl     ecx4
.text:1004EC96 03 C1                                               add     eaxecx
.text:1004EC98 74 0C                                               jz      short loc_1004ECA6
.text:1004EC9A C1 EA 0C                                            shr     edx0Ch
.text:1004EC9D 39 50 04                                            cmp     [eax+4], edx
.text:1004ECA0 75 04                                               jnz     short loc_1004ECA6
.text:1004ECA2 8B 00                                               mov     eax, [eax]
.
text:1004ECA4 EB 02                                               jmp     short loc_1004ECA8
.text:1004ECA6                                     ; ---------------------------------------------------------------------------
.
text:1004ECA6
.text:1004ECA6                                     loc_1004ECA6:                           ; CODE XREFsub_1004EC70+11↑j
.text:1004ECA6                                                                             sub_1004EC70+28↑j ...
.text:1004ECA6 33 C0                             loc_1004ECA8:                           ; CODE XREFsub_1004EC70+34↑j 

CineCleanup
"Script failed for %s\n" -> CAI_BaseNPC::CineCleanup

PHP Code:
.text:1003E270 55                                                  push    ebp
.text:1003E271 8B EC                                               mov     ebpesp
.text:1003E273 83 EC 48                                            sub     esp48h
.text:1003E276 53                                                  push    ebx
.text:1003E277 8B D9                                               mov     ebxecx
.text:1003E279 8B 0D 78 46 4A 10                                   mov     ecxoff_104A4678
.text:1003E27F 56                                                  push    esi
.text:1003E280 57                                                  push    edi
.text:1003E281 8B 93 54 0A 00 00                                   mov     edx, [ebx+0A54h]
.
text:1003E287 83 FA FF                                            cmp     edx0FFFFFFFFh
.text:1003E28A 74 1D                                               jz      short loc_1003E2A9
.text:1003E28C 8B C2                                               mov     eaxedx
.text:1003E28E 8D 71 04                                            lea     esi, [ecx+4]
.
text:1003E291 25 FF 0F 00 00                                      and     eax0FFFh
.text:1003E296 C1 E0 04                                            shl     eax4
.text:1003E299 03 F0                                               add     esieax
.text:1003E29B 74 0C                                               jz      short loc_1003E2A9
.text:1003E29D C1 EA 0C                                            shr     edx0Ch
.text:1003E2A0 39 56 04                                            cmp     [esi+4], edx
.text:1003E2A3 75 04                                               jnz     short loc_1003E2A9
.text:1003E2A5 8B 36                                               mov     esi, [esi]
.
text:1003E2A7 EB 02                                               jmp     short loc_1003E2AB
.text:1003E2A9                                     ; ---------------------------------------------------------------------------
.
text:1003E2A9
.text:1003E2A9                                     loc_1003E2A9:                           ; CODE XREFsub_1003E270+1A↑j
.text:1003E2A9                                                                             sub_1003E270+2B↑j ...
.text:1003E2A9 33 F6                                               xor     esiesi 
You will have to set wildcards to use them. There are 3 ways to do it:
1) Compare the signatures from two different builds of the library. The bytes which don't match should be replaced with 2A
2) Find an ASM book/document where the commands are described and replace all bytes which change with 2A
3) Replace all but first bytes in each line with 2A (not a very beautiful way, but should work). It will look like: "\x55\x8B\x2A....

What about the variables, I see them in the *.so, but it is not clear what the result signatures should be. If it should be the places where the variables are stored, then there are only zeros around which makes it hardly possible to create unique segnatures. If it a sort of reference from a function, then it's not clear what should be the start of the signature.
For g_AIFriendliesTalkSemaphore there are 3 references, here is a signature of one of them:

PHP Code:
.text:100A9AAE BF BC 60 49 10                                      mov     edioffset dword_104960BC
.text:100A9AB3 B9 C4 60 49 10                                      mov     ecxoffset dword_104960C4
.text:100A9AB8 0F 44 F9                                            cmovz   ediecx
.text:100A9ABB 85 FF                                               test    ediedi
.text:100A9ABD 74 5D                                               jz      short loc_100A9B1C
.text:100A9ABF 8B 56 40                                            mov     edx, [esi+40h]
.
text:100A9AC2 83 FA FF                                            cmp     edx0FFFFFFFFh
.text:100A9AC5 74 23                                               jz      short loc_100A9AEA
.text:100A9AC7 A1 78 46 4A 10                                      mov     eaxoff_104A4678
.text:100A9ACC 8B CA                                               mov     ecxedx
.text:100A9ACE 81 E1 FF 0F 00 00                                   and     ecx0FFFh
.text:100A9AD4 83 C0 04                                            add     eax4
.text:100A9AD7 C1 E1 04                                            shl     ecx4
.text:100A9ADA 03 C8                                               add     ecxeax
.text:100A9ADC 74 0C                                               jz      short loc_100A9AEA
.text:100A9ADE C1 EA 0C                                            shr     edx0Ch
.text:100A9AE1 39 51 04                                            cmp     [ecx+4], edx
.text:100A9AE4 75 04                                               jnz     short loc_100A9AEA
.text:100A9AE6 8B 09                                               mov     ecx, [ecx]
.
text:100A9AE8 EB 02                                               jmp     short loc_100A9AEC 
Here 104960BC (BC 60 49 10) is the address of the variable. You could try these two signatures:
Quote:
\xBF\xBC\x60\x49\x10...
\xBC\x60\x49\x10\xB9... (1 byte shifted)
If it works, I'll try to find signatures for the other variables.
kadet.89 is offline
Send a message via Skype™ to kadet.89
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 23:15.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode