Raised This Month: $12 Target: $400
 3% 

Solved Signature of small functions


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
quasemago
Senior Member
Join Date: Dec 2018
Location: Brazil
Old 12-16-2018 , 12:53   Signature of small functions
Reply With Quote #1

I'm trying to generate a unique signature for two small functions.

Gamedata with old symbols:
PHP Code:
"Games"
{
    
"csgo"
    
{
        
"Signatures"
        
{
            
"operator new()"
            
{
                
"library"    "server"
                "linux"    "@_Znwj"
            
}

            
"operator delete()"
            
{
                
"library"    "server"
                "linux"    "@_ZdlPv"
            
}
        }
    }

Analyzing sdk I could see that these functions call MemAlloc internally, but I could not find any related functions in binarie.
- https://github.com/alliedmodders/hl2...emalloc.h#L177

Last edited by quasemago; 01-13-2019 at 01:31. Reason: Solved
quasemago is offline
psychonic

BAFFLED
Join Date: May 2008
Old 12-17-2018 , 19:07   Re: Signature of small functions
Reply With Quote #2

What are you trying to accomplish?
psychonic is offline
quasemago
Senior Member
Join Date: Dec 2018
Location: Brazil
Old 12-21-2018 , 19:10   Re: Signature of small functions
Reply With Quote #3

Quote:
Originally Posted by psychonic View Post
What are you trying to accomplish?
Trying remove particle system from ParticleSystemDictionary tree, because csgo does not clear the cache at the end of the map. (The code worked correctly before csgo lost the symbols)

I also need the signature of another small function: "CParticleSystemDefinition::GetName"

There is another topic that deals with the same subject in more detail (so I do not need to explain): https://forums.alliedmods.net/showthread.php?t=247897

Last edited by quasemago; 12-21-2018 at 19:14.
quasemago is offline
Dr!fter
The Salt Boss
Join Date: Mar 2007
Old 12-24-2018 , 06:49   Re: Signature of small functions
Reply With Quote #4

You have two options to get the function you want. Get a sig to a function that calls the one you want then get the address of the function from there. Or just get more bytes that are not within the function. Option one is better but hardest to do, option 2 risks sig breaking often.
Dr!fter is offline
quasemago
Senior Member
Join Date: Dec 2018
Location: Brazil
Old 01-13-2019 , 01:31   Re: Signature of small functions
Reply With Quote #5

@Solved with help of the _Phoenix_.

Last edited by quasemago; 01-13-2019 at 01:31.
quasemago is offline
Bacardi
Veteran Member
Join Date: Jan 2010
Location: mom's basement
Old 01-13-2019 , 13:46   Re: Signature of small functions
Reply With Quote #6

Bacardi is offline
quasemago
Senior Member
Join Date: Dec 2018
Location: Brazil
Old 01-14-2019 , 09:00   Re: Signature of small functions
Reply With Quote #7

Quote:
Originally Posted by Bacardi View Post
Secret revealed
PHP Code:
"Games"  

    
"csgo"  
    

        
"Signatures"  
        

            
"operator new()"  
            
{
                
"library"    "server"  
                "linux"    "\x55\x89\xE5\x83\xEC\x18\xA1\x2A\x2A\x2A\x2A\x8B\x4D\x08\x8B\x10\x89\x04\x24\x89\x4C\x24\x04\xFF\x12"  
            
}
            
"operator delete()"  
            
{
                
"library"    "server"  
                "linux"    "\x55\x89\xE5\x83\xEC\x18\xA1\x2A\x2A\x2A\x2A\x8B\x4D\x08\x8B\x10\x89\x04\x24\x89\x4C\x24\x04\xFF\x52\x08\xC9\xC3\x83\xC2\x01\x89\x04\x24"  
            
}
        } 
    } 

quasemago is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 05:38.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode