It took me awhile since I just started finding sigs on my own a few days ago, but I *think* I found it.
PHP Code:
Signature for sub_103DA5D0:
55 8B EC 56 8B F1 80 BE DD 17 00 00 00 74 ?
\x55\x8B\xEC\x56\x8B\xF1\x80\xBE\xDD\x17\x00\x00\x00\x74\x2A
Here's how I did it:
1. I checked inside the function that is being returned:
PHP Code:
int __cdecl CTerrorGun::Holster(CTerrorGun *this, CBaseCombatWeapon *a2)
{
CBaseEdict *v2; // eax
if ( *((_BYTE *)this + 6113) && *((_BYTE *)this + 6112) != 1 )
{
if ( *((_BYTE *)this + 108) )
{
*((_BYTE *)this + 112) |= 1u;
*((_BYTE *)this + 6112) = 1;
}
else
{
v2 = (CBaseEdict *)*((_DWORD *)this + 12);
if ( v2 )
{
*(_DWORD *)v2 |= 0x101u;
*(_WORD *)(CBaseEdict::GetChangeAccessor(v2) + 2) = 0;
}
*((_BYTE *)this + 6112) = 1;
}
}
return CTerrorWeapon::Holster(this, a2); // Check this function...
}
2. I checked the function that is being returned in that function:
PHP Code:
int __cdecl CTerrorWeapon::Holster(CTerrorWeapon *this, CBaseCombatWeapon *a2)
{
int v2; // ecx
if ( *((_BYTE *)this + 5496) )
{
v2 = *((_DWORD *)this + 1506);
*((_BYTE *)this + 5496) = 0;
(*(void (__cdecl **)(CTerrorWeapon *, bool))(*(_DWORD *)this + 1760))(this, v2 > 0);
}
return CWeaponCSBase::Holster(this, a2); // Check this function...
}
3. I checked the function that is being returned in that function:
PHP Code:
int __cdecl CWeaponCSBase::Holster(CWeaponCSBase *this, CBaseCombatWeapon *a2)
{
CBasePlayer *v2; // eax
CCSPlayer *v3; // ebx
v2 = (CBasePlayer *)CWeaponCSBase::GetPlayerOwner(this);
v3 = v2;
if ( !v2 )
return 0;
CBasePlayer::SetFOV(v2, v2, 0, 0.0, 0);
CCSPlayer::SetShieldDrawnState(v3, 0);
return CBaseCombatWeapon::Holster(this, a2); // Check this function...
}
4. Finally... I found a unique string ("BaseCombatWeapon_HideThink") in that function:
PHP Code:
int __usercall CBaseCombatWeapon::Holster@<eax>(long double a1@<st0>, CBaseCombatWeapon *this)
{
CBaseEntity *v2; // esi
CBaseEdict *v3; // eax
int v4; // edi
float v5; // xmm0_4
int v7; // edi
CStudioHdr *v8; // eax
CBaseEdict *v9; // eax
int v11; // [esp+8h] [ebp-40h]
int v12; // [esp+Ch] [ebp-3Ch]
float v13; // [esp+10h] [ebp-38h]
const char *v14; // [esp+14h] [ebp-34h]
float v15; // [esp+20h] [ebp-28h]
float v16; // [esp+24h] [ebp-24h]
char v17[32]; // [esp+28h] [ebp-20h] BYREF
v2 = mdlcache;
(*(void (__cdecl **)(CBaseEntity *))(*(_DWORD *)mdlcache + 104))(mdlcache);
if ( *((_BYTE *)this + 5209) )
{
if ( *((_BYTE *)this + 108) )
{
*((_BYTE *)this + 112) |= 1u;
}
else
{
v3 = (CBaseEdict *)*((_DWORD *)this + 12);
if ( v3 )
{
*(_DWORD *)v3 |= 0x101u;
*(_WORD *)(CBaseEdict::GetChangeAccessor(v3) + 2) = 0;
}
}
*((_BYTE *)this + 5209) = 0;
}
CBaseCombatWeapon::QueueAttack(this, 0);
CBaseEntity::ThinkSet(v17);
(*(void (__cdecl **)(CBaseCombatWeapon *, int, _DWORD, _DWORD, _DWORD, _DWORD))(*(_DWORD *)this + 1008))(
this,
182,
0,
0,
0,
0);
v16 = 0.0;
if ( *((_DWORD *)this + 1298) == 182 )
{
v7 = *((_DWORD *)this + 293);
if ( !*((_DWORD *)this + 1272) && CBaseEntity::GetModel(this) )
CBaseAnimating::LockStudioHdr(this);
v8 = (CStudioHdr *)*((_DWORD *)this + 1272);
if ( v8 && !*(_DWORD *)v8 )
v8 = 0;
CBaseAnimating::SequenceDuration(this, v8, v7);
v16 = a1;
}
v4 = CBaseCombatWeapon::GetOwner(this);
if ( v4 )
{
v15 = v16 + *(float *)(gpGlobals + 12);
if ( v15 != *(float *)(v4 + 6108) )
{
if ( *(_BYTE *)(v4 + 108) )
{
*(_BYTE *)(v4 + 112) |= 1u;
}
else
{
v9 = *(CBaseEdict **)(v4 + 48);
if ( v9 )
{
*(_DWORD *)v9 |= 0x101u;
*(_WORD *)(CBaseEdict::GetChangeAccessor(v9) + 2) = 0;
}
}
*(float *)(v4 + 6108) = v15;
}
}
if ( v16 == 0.0 )
{
(*(void (__cdecl **)(CBaseCombatWeapon *, _DWORD))(*(_DWORD *)this + 1072))(this, 0);
}
else
{
v14 = "BaseCombatWeapon_HideThink"; // Use this unique string...
v11 = 1521;
v12 = 0;
v13 = v16 + *(float *)(gpGlobals + 12);
CBaseEntity::ThinkSet(v17);
}
v5 = *((float *)this + 1315);
if ( v5 != 0.0 && v5 > *(float *)(gpGlobals + 12) )
{
if ( *((_BYTE *)this + 5252) )
(*(void (__cdecl **)(CBaseCombatWeapon *, CBaseCombatWeapon *, int, int, float, const char *))(*(_DWORD *)this + 988))(
this,
this,
v11,
v12,
COERCE_FLOAT(LODWORD(v13)),
v14);
if ( *((_BYTE *)this + 5253) )
(*(void (__cdecl **)(CBaseCombatWeapon *))(*(_DWORD *)this + 1000))(this);
}
(*(void (__cdecl **)(CBaseEntity *))(*(_DWORD *)v2 + 108))(v2);
return 1;
}
5. Once you search for that string, just do some backtracking. Eventually, I ended up with a list of function calls and I just checked each one to see which of them shares a similar set of instructions to the one in the Linux binaries.
Linux:
PHP Code:
int __cdecl CTerrorGun::Holster(CTerrorGun *this, CBaseCombatWeapon *a2)
{
CBaseEdict *v2; // eax
if ( *((_BYTE *)this + 6113) && *((_BYTE *)this + 6112) != 1 )
{
if ( *((_BYTE *)this + 108) )
{
*((_BYTE *)this + 112) |= 1u;
*((_BYTE *)this + 6112) = 1;
}
else
{
v2 = (CBaseEdict *)*((_DWORD *)this + 12);
if ( v2 )
{
*(_DWORD *)v2 |= 0x101u;
*(_WORD *)(CBaseEdict::GetChangeAccessor(v2) + 2) = 0;
}
*((_BYTE *)this + 6112) = 1;
}
}
return CTerrorWeapon::Holster(this, a2);
}
Windows:
PHP Code:
char __thiscall sub_103DA5D0(int this, int a2)
{
_DWORD *v3; // ecx
if ( *(_BYTE *)(this + 6109) && *(_BYTE *)(this + 6108) != 1 )
{
if ( *(_BYTE *)(this + 100) )
{
*(_BYTE *)(this + 104) |= 1u;
}
else
{
v3 = *(_DWORD **)(this + 40);
if ( v3 )
{
*v3 |= 0x101u;
*(_WORD *)(sub_100EBBB0() + 2) = 0;
}
}
*(_BYTE *)(this + 6108) = 1;
}
return sub_103DF1A0((_BYTE *)this, a2);
}
__________________