Alright so since someone asked me to post it here we go.
I used an old bin (with symbols) to look at the function/vtable.
The vtable we want is CCSPlayer, so I dumped the old one and here is the part that matters...
PHP Code:
484 483 CBasePlayer::Hints(void)
485 484 CBasePlayer::IsReadyToPlay(void)
486 485 CBasePlayer::IsReadyToSpawn(void)
487 486 CBasePlayer::ShouldGainInstantSpawn(void)
488 487 CBasePlayer::ResetPerRoundStats(void)
489 488 CBasePlayer::ResetScores(void)
490 489 CCSPlayer::IncrementFragCount(int, int)
Now I looked at the first one that wasnt from CBasePlayer (CCSPlayer::IncrementFragCount(int, int))
The function contains the string "Player '%s'[%08X] got first kill of the round.\n". After finding the function i look at the xrefs to get to the vtable. In the vtable I subtracted 4 functions and boom i got the function address.
Now i jump to the start of the vtable and using the original ida script
https://github.com/alliedmodders/sou...table_dump.idc I dump the vtable making sure to set "Number of vtable entries to ignore for indexing:" to 0 when asked.
Windows is a bit easier to find the vtable, but to find the function is much harder (although in this case i already knew it was 1 off from linux).
To find the function I could use the same method as I did for linux but I'll explain the other method.
Using
http://www.openrce.org/blog/view/134...er_IDA_plug-in you can get the vtable list from RTTI.
Next you jump to the vtable you want and using the same script as above i dumped the vtable.
Now windows optimizes the vtable when functions are identical, since this one and many others simply do return 1; The function name appears a multitude of times in the vtable. So what you can do is compare the entries in the old to the new. I see that the new one has 2 more than the old. So I know it is between 0-2 from the old one (this is a brave assumption but a pretty safe one)
Here is what it looked like after I (stupidly) renamed the function.
PHP Code:
473 IsReadyToSpawn
474 nullsub_2
475 sub_102EFAC0
476 sub_1041DA70
477 nullsub_49
478 sub_103F1DA0
479 IsReadyToSpawn
480 sub_102F1100
481 nullsub_2
482 sub_1011B360
483 sub_103F5130
484 sub_101E72E0
485 sub_1011B370
486 IsReadyToSpawn
487 IsReadyToSpawn
488 sub_1011B360
489 nullsub_1
490 sub_101E1230
491 IncrementFragCount
Now i know that there is 2 consecutive ones so i found the 2 together and its the bottom one.
I should point out we arent 100% sure its the CCSPlayer but it is either CCSPlayer, CCSBot and CBot<CCSPlayer> so it doesnt really matter but the using the vtable length method may lead to errors if one has more functions