Okay can I just run something by you?
I've taken the objdump from my server binary (since im on linux) and I'm trying to implement the CommitSuicide method. I find it in my dump here:
Code:
00686550 <_ZN11CBasePlayer13CommitSuicideEv>:
686550: 55 push %ebp
686551: 89 e5 mov %esp,%ebp
686553: 83 ec 78 sub $0x78,%esp
686556: 89 75 fc mov %esi,-0x4(%ebp)
686559: 8b 75 08 mov 0x8(%ebp),%esi
68655c: 89 5d f8 mov %ebx,-0x8(%ebp)
68655f: 8b 8e a0 00 00 00 mov 0xa0(%esi),%ecx
686565: 85 c9 test %ecx,%ecx
686567: 0f 85 83 00 00 00 jne 6865f0 <_ZN11CBasePlayer13CommitSuicideEv+0xa0>
68656d: d9 86 64 0a 00 00 flds 0xa64(%esi)
686573: 8b 15 00 00 00 00 mov 0x0,%edx
686579: d9 42 0c flds 0xc(%edx)
68657c: d9 c9 fxch %st(1)
68657e: dd e9 fucomp %st(1)
686580: df e0 fnstsw %ax
686582: 9e sahf
686583: 77 63 ja 6865e8 <_ZN11CBasePlayer13CommitSuicideEv+0x98>
686585: d8 05 28 c3 83 00 fadds 0x83c328
68658b: 8b 9e b0 00 00 00 mov 0xb0(%esi),%ebx
686591: 8d 86 b0 00 00 00 lea 0xb0(%esi),%eax
686597: 85 db test %ebx,%ebx
686599: d9 9e 64 0a 00 00 fstps 0xa64(%esi)
68659f: 75 59 jne 6865fa <_ZN11CBasePlayer13CommitSuicideEv+0xaa>
6865a1: 89 74 24 08 mov %esi,0x8(%esp)
6865a5: ba 00 10 00 00 mov $0x1000,%edx
6865aa: 31 c9 xor %ecx,%ecx
6865ac: 89 54 24 10 mov %edx,0x10(%esp)
6865b0: b8 00 00 00 00 mov $0x0,%eax
6865b5: 8d 5d a8 lea -0x58(%ebp),%ebx
6865b8: 89 4c 24 14 mov %ecx,0x14(%esp)
6865bc: 89 44 24 0c mov %eax,0xc(%esp)
6865c0: 89 74 24 04 mov %esi,0x4(%esp)
6865c4: 89 1c 24 mov %ebx,(%esp)
6865c7: e8 fc ff ff ff call 6865c8 <_ZN11CBasePlayer13CommitSuicideEv+0x78>
6865cc: 8b 0e mov (%esi),%ecx
6865ce: 89 5c 24 04 mov %ebx,0x4(%esp)
6865d2: 89 34 24 mov %esi,(%esp)
6865d5: ff 91 e4 00 00 00 call *0xe4(%ecx)
6865db: 8b 16 mov (%esi),%edx
6865dd: 89 34 24 mov %esi,(%esp)
6865e0: ff 92 78 03 00 00 call *0x378(%edx)
6865e6: eb 08 jmp 6865f0 <_ZN11CBasePlayer13CommitSuicideEv+0xa0>
6865e8: dd d8 fstp %st(0)
6865ea: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
6865f0: 8b 5d f8 mov -0x8(%ebp),%ebx
6865f3: 8b 75 fc mov -0x4(%ebp),%esi
6865f6: 89 ec mov %ebp,%esp
6865f8: 5d pop %ebp
6865f9: c3 ret
6865fa: 8b 80 50 ff ff ff mov -0xb0(%eax),%eax
686600: 89 34 24 mov %esi,(%esp)
686603: ff 90 98 01 00 00 call *0x198(%eax)
686609: 31 c9 xor %ecx,%ecx
68660b: 89 8e b0 00 00 00 mov %ecx,0xb0(%esi)
686611: eb 8e jmp 6865a1 <_ZN11CBasePlayer13CommitSuicideEv+0x51>
686613: 90 nop
686614: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
68661a: 8d bf 00 00 00 00 lea 0x0(%edi),%edi
If I was going to scan for it, would I scan for "\x55\x89\xE5\x83" etc. If so, how do I know which bytes I should include in the mask?