Orpheu Signatures Collection - Page 4

colossus · 05-16-2015 , 02:48 Re: Orpheu Signatures Collection

Only tested in linux, no tested in windows

EndRoundMessage: to send messages in round end [EndRoundMessage(Event_Terrorists_Win, "#Terrorists_Win")]

Code:

{
    "name"      : "EndRoundMessage",
    "library"   : "mod",
    "arguments" :
    [
        {
            "type"  : "char *"
        },
        {
            "type"  : "int"
        }
    ],
    "identifiers":
    [
        {
            "os"    : "windows",
            "mod"   : "cstrike",
            "value" : [0x53,0x8b,0x44,"*","*",0x55,0x56,0x57,0x8b,0x35,"*","*","*","*",0x33,0xff,0x8d,0x68,0x01,0x57,0x57,0x57,0x57,0x50,0x6a,0x04,0xbb,0x01,0x00,0x00,0x00,0xe8]
        },
        {
            "os"    : "linux",
            "mod"   : "cstrike",
            "value" : "_Z15EndRoundMessagePKci"

        }
    ]
}

Freezo Begin · 05-18-2015 , 09:06 Re: Orpheu Signatures Collection

I found this ( untested ) :

Host_Say_f

Code:

{
    "name" : "Host_Say_f",
    "library" : "engine",
   "identifiers" :
   [
      {
         "os" : "windows",
         "value" : [0x55,0x8b,0xec,0x81,0xec,"*","*","*","*",0xa1,"*","*","*","*",0x57,0x85,0xc0,0x74,"*",0x83,0x3d,"*","*","*","*","*",0x0f,0x85,"*","*","*","*",0xe8,"*","*","*","*",0x5f,0x8b,0xe5,0x5d,0xc3,0xe8,"*","*","*","*",0x83,0xf8,"*",0x0f,0x8c,"*","*","*","*",0xe8,"*","*","*","*",0x8b,0xf8,0x85,0xff,0x89,0x7d,"*",0x0f,0x84,"*","*","*","*",0xa1,"*","*","*","*",0x89,0x45,"*",0x8a,0x07]
      },
      {
         "os" : "linux",
         "value" : "Host_Say_f"
      }
   ]
}

Host_Status_f

Code:

{
    "name" : "Host_Status_f",
    "library" : "engine",
    "identifiers" :
    [
        {
            "os" : "windows",
            "value" : [0x55,0x8B,0xEC,0x81,0xEC,"*","*","*","*",0xA1,"*","*","*","*",0x53,0x56,0x57,0xBF,"*","*","*","*",0x33,0xDB,0x8B,0xF7,0x3B,0xC7,0x89,0x5D,0xE4,0x89,0x5D,0xDC,0x89,0x5D,0xE8,0x89,0x5D,0xF8,0x89,0x75,0xFC,0xC7,0x45,0xF4,0x50,0xCF]
        },
        {
            "os" : "linux",
            "value" : "Host_Status_f"
        }
    ]
}

Host_Ping_f

Code:

{
    "name"      : "Host_Ping_f",
    "library"   : "engine",
    "identifiers" :
    [
        {
            "os"    : "windows",
            "value" : [0xA1,"*","*","*","*",0x56,0x83,"*","*",0x57,0x75,"*",0x5F,0x5E,0xE9]
        },
        {
            "os"    : "linux",
            "value" : "Host_Ping_f"
        }
    ]
}

SV_EmitPings

Code:

{
    "name"      : "SV_EmitPings",
    "library"   : "engine",
    "arguments" : 
    [
        {
            "type" : "pointer"
        },
        {
            "type" : "pointer"
        }
    ],
    "identifiers" :
    [
        {
            "os"    : "windows",
            "value" : [0x55,0x8B,"*",0x51,0x53,0x8B,"*","*",0x56,0x57,0x6A,"*",0x53]
        },
        {
            "os"    : "linux",
            "value" : "SV_EmitPings"
        }
    ]
}

CheckMapConditions

Code:

{
    "name"    : "CheckMapConditions",
    "class"   : "CHalfLifeMultiplay",
    "library" : "mod",
    "return"  :
    {
        "type" : "bool"
    },
    "identifiers" : 
    [
        {
            "os"    : "linux",
            "mod"   : "cstrike",
            "value" : "_ZN18CHalfLifeMultiplay18CheckMapConditionsEv"
        }
    ]
}

SV_SetMaxclients

Code:

{ 
    "name"      : "SV_SetMaxclients", 
    "library"   : "engine", 
    "return" :  
    { 
        "type" : "int" 
    }, 
    "identifiers": 
    [ 
        { 
            "os" : "windows", 
            "value" : [later] 
        }, 
        { 
            "os" : "linux", 
            "value" : "SV_SetMaxclients" 
        } 
    ] 
}

SV_GetIDString

Code:

{
    "name"      : "SV_GetIDString",
    "library"   : "engine",
    "arguments" : 
    [
        {
            "type" : "pointer"
        }
    ],
    "return" : 
    {
        "type" : "char *"
    },
    "identifiers":
    [
        {
            "os" : "windows",
            "value" : [0x55,0x8B,0xEC,0x83,0xEC,0x30,0x8B,0x4D,0x08,0xC6,"*","*","*","*","*","*",0x85,0xC9,0x0F,"*","*","*","*","*",0x8B,0x01,0x48,0x0F]
        },
        {
            "os" : "linux",
            "value" : "SV_GetIDString"
        }
    ]
}

FromTheFuture · 05-19-2015 , 10:14 Re: Orpheu Signatures Collection

Host_Stats_f

Spoiler

colossus · *Last edited by colossus; 07-03-2015 at 03:02.*

CGrenade::SG_Detonate

Code:

{
    "name"        : "SG_Detonate",
    "class"       : "CGrenade",
    "library"     : "mod",
    "identifiers" :
    [
        {
            "os"    : "windows",
            "mod"   : "cstrike",
            "value" : "?SG_Detonate@CGrenade@@QAEXXZ"
        },
        {
            "os"    : "linux",
            "mod"   : "cstrike",
            "value" : "SG_Detonate__8CGrenade"
        },
        {
            "os"    : "linux",
            "mod"   : "cstrike",
            "value" : "_ZN8CGrenade11SG_DetonateEv"
        }
    ]
}

**HamletEagle** · 07-26-2015 , 03:21 Re: Orpheu Signatures Collection

CBasePlayer::MakeVip

Spoiler

CHalfLifeMultiplay::ResetCurrentVIP

Spoiler

**Arkshine** · 07-26-2015 , 03:58 Re: Orpheu Signatures Collection

Bad signatures. To maximize compatibility you should keep only the first byte of each instruction as others bytes could change.

ResetCurrentVIP doesn't return something.

**HamletEagle** · *Last edited by HamletEagle; 07-26-2015 at 04:19.*

In CSSDK and linux it doesn't, but in windows decompiled code it seems it return something. IDA puts return when it shouldn't ?

Ok, this time I get it. Are this signatures better ?

For ResetCurrentVIP

Code:

[0x53,0x56,0x8B,"*",0x57,0x8B,"*","*","*","*","*",0x8B,"*","*",0x8B,"*","*","*","*","*",0x50]

For MakeVip:

Code:

[0x55,0x56,0x8B,"*",0x57,0x8B,"*","*",0xC7,"*","*","*","*","*","*","*","*","*",0x8B,"*","*",0xC7]

**HamletEagle** · *Last edited by HamletEagle; 07-29-2015 at 08:45.*

Some signatures for rcon functions.

SV_Rcon

Code:

{
    "name" : "SV_Rcon",
    "library" : "engine",
    "arguments" :
    [
        {
            "type" : "int"
        }
    ],
    "identifiers":
    [
        {
            "os" : "windows",
            "value" : [0x55,0x8B,"*",0x81,"*","*","*","*","*",0x53,0x56,0x57,0xE8,"*","*","*","*",0x8B,"*",0x68,"*","*","*","*",0x89]
        },
        {
            "os" : "linux",
            "value" : "SV_Rcon"
        }
    ]
}

SV_AddFailedRcon

Code:

{
    "name" : "SV_AddFailedRcon",
    "library" : "engine",
    "arguments" :
    [
        {
            "type" : "int"
        }
    ],
    "identifiers":
    [
        {
            "os" : "windows",
            "value" : [0x55,0x8B,"*",0x83,"*","*",0xD9,"*","*","*","*","*",0x53,0x56,0x57,0x33,"*",0x89]
        },
        {
            "os" : "linux",
            "value" : "SV_AddFailedRcon"
        }
    ]
}

SV_Rcon_Validate

Code:

{
    "name" : "SV_Rcon_Validate",
    "library" : "engine",
    "return" :
    {
        "type" : "int"
    },
    "identifiers":
    [
        {
            "os" : "windows",
            "value" : [0x56,0x57,0xE8,"*","*","*","*",0x83,"*","*",0x7D,"*",0xB8,"*","*","*","*",0x5F,0x5E,0xC3]
        },
        {
            "os" : "linux",
            "value" : "SV_Rcon_Validate"
        }
    ]
}

SV_CheckRconFailure

Code:

{
    "name" : "SV_CheckRconFailure",
    "library" : "engine",
    "arguments" :
    [
        {
            "type" : "int"
        }
    ],
    "return" :
    {
        "type" : "int"
    },
    "identifiers":
    [
        {
            "os" : "windows",
            "value" : [0x55,0x8B,"*",0x53,0x56,0x57,0xBB,"*","*","*","*",0x8B,"*","*",0x85,"*",0x74,"*",0x83]
        },
        {
            "os" : "linux",
            "value" : "SV_CheckRconFailure"
        }
    ]
}

**Arkshine** · 07-29-2015 , 08:11 Re: Orpheu Signatures Collection

SV_Rcon and SV_AddFailedRcon have no return.
Finishing signature by unknown bytes doesn't make sense.
qboolean = int. NOT bool.

IDA can't know return type, it's only wild guess and most of time it puts int by default. Check reHLDS project on github next time.

**HamletEagle** · *Last edited by HamletEagle; 07-29-2015 at 08:46.*

Quote:

Originally Posted by Arkshine

SV_Rcon and SV_AddFailedRcon have no return.
Finishing signature by unknown bytes doesn't make sense.
qboolean = int. NOT bool.

IDA can't know return type, it's only wild guess and most of time it puts int by default. Check reHLDS project on github next time.

I have not put return at SV_Rcon and SV_AddFailedRcon, look again please.
Ok, will remove the unknown bytes, didn't think at that.

Ah, saw that it return true/false and didn't look more. How you know that qboolean is int and not bool ? I have checked the project already, it's very useful.