Raised This Month: $12 Target: $400
 3% 

Orpheu: How to make signatures (of bytes)


Post New Thread Reply   
 
Thread Tools Display Modes
Exolent[jNr]
Veteran Member
Join Date: Feb 2007
Location: Tennessee
Old 03-08-2011 , 21:12   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #11

Quote:
Originally Posted by Arkshine View Post
You're right, I've missed that. I will add later, though the method is the same.
Could I get that added some time soon?
__________________
No private work or selling mods.
Quote:
Originally Posted by xPaw View Post
I love you exolent!
Exolent[jNr] is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 03-09-2011 , 05:41   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #12

Quote:
Originally Posted by drekes View Post
...
Nice try, but that's not totally correct.

When you check if the signature is well referenced one time, you see 2 references.
You need add more bytes.

Also you use "*" wrongly. See below, in blue it's what you should use "*". It should be enough.

Code:
.text:10064C80 56                   push    esi
.text:10064C81 8B F1                mov     esi, ecx
.text:10064C83 57                   push    edi
.text:10064C84 8B 86 A4 00 00 00    mov     eax, [esi+0A4h]
.text:10064C8A 83 F8 02             cmp     eax, 2
.text:10064C8D 0F 84 FC 00 00 00    jz      loc_10064D8F
.text:10064C93 83 F8 03             cmp     eax, 3
.text:10064C96 0F 84 F3 00 00 00    jz      loc_10064D8F
.text:10064C9C 8B 44 24 0C          mov     eax, [esp+8+arg_0]
So, a final signature would be : [0x56,0x8B,0xF1,0x57,0x8B,0x86,"*","*","*","*" ,0x83,0xF8,"*",0x0F,0x84,"*","*","*","*",0x83 ,0xF8,"*",0x0F,0x84,"*","*","*","*",0x8B]

But like you can see in IDA, you see CBasePlayer::ButtonUse(CBaseEntity*,CBaseEnti ty*,USE_TYPE,float) is exported (you can see easily because you see all the arguments type), it means there is a symbol name for this function. Click right on the function at left and choose "Edit function". You will see : ?ButtonUse@CBaseButton@@QAEXPAVCBaseEntity@@0W 4USE_TYPE@@M@Z

About the signature file, you have not written properly the arg type. The 2 first should be CBaseEntity * (It's written in IDA). About "int", the type is "USE_TYPE" but it's just a tag for an enum and the value passed is anyway an "int", but since "USE_TYPE" is supported, use it.

So, the file should be like :

Code:
 {
    "name"      : "ButtonUse",
    "class"     : "CBaseButton",
    "library"   : "mod",
    "arguments" : 
    [
        {
            "type" : "CBaseEntity *",
            "info" : "pActivator"
        },
        {
            "type" : "CBaseEntity *",
            "ingo" : "pCaller"
        },
        {
            "type" : "USE_TYPE",
            "info" : "useType"
        },
        {
            "type" : "float",
            "info" : "value"
        }
    ],
    "identifiers":
    [
        {
            "os"    : "windows",
            "mod"   : "cstrike",
            "value" : "?ButtonUse@CBaseButton@@QAEXPAVCBaseEntity@@0W4USE_TYPE@@M@Z"
        },
        {
            "os"    : "linux",
            "mod"   : "cstrike",
            "value" : "ButtonUse__11CBaseButtonP11CBaseEntityT18USE_TYPEf"
        }
    ]
}
Notive I've added the linux signature. If you release a plugin with a signature file, don't forget to do for linux. You have just to open the .so, editing the function and copy-paste the symbol name.
You are encouraged to make comments if necessary by using the key "info".

Hope you will understand better. Nice to see someone trying to play with orpheu.
__________________

Last edited by Arkshine; 03-09-2011 at 05:47.
Arkshine is offline
schmurgel1983
Veteran Member
Join Date: Aug 2006
Location: Germany
Old 03-09-2011 , 07:48   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #13

Quote:
Originally Posted by Arkshine View Post
So, you found CBasePlayerWeapon::KickBack().
thanks arky for don't answer my pm
i don't found any CBasePlayerWeapon what made i wrong?
[IMG]http://img811.**************/img811/1521/neuebitmapv.png[/IMG]
__________________

Working on:
nothing
schmurgel1983 is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 03-09-2011 , 08:37   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #14

Quote:
thanks arky for don't answer my pm
I don't see the point to PM someone when you could ask in the related thread and helping others people who wanted to know the same thing. Like you see, you won't get the answer more fastly by PM me.

It's a function not exported, so without symbol name. You need to find the function and rename it. For sure, I could have said more clearly where to find the function, but the answer is already in the tutorial, either using the offset on the image, or the signatures of bytes.

Go to Search > Jump to file offset... > Type D9550 and valid.
Scroll up a bit and you will see a function name like sub_* , just click right on it, then rename it in CBasePlayerWeapon::KickBack.

@Exolent[jNr] : Will try to add today, but do you have in mind something specific ? I could base the explanation on it.
__________________

Last edited by Arkshine; 03-09-2011 at 08:44.
Arkshine is offline
drekes
Veteran Member
Join Date: Jul 2009
Location: Vault 11
Old 03-09-2011 , 09:58   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #15

Okay, i gave it another try.
I searched CArmoury::ArmouryTouch and got this as signature:

Code:
{
    "name"        : "ArmouryTouch",
    "class"        : "CArmoury",
    "library"    : "mod",
    "arguments"    :
    [
        {
            "type"    :    "CBaseEntity *",
            "info"    :    "Entity id"
        }
    ],
    "identifiers":
    [
        {
            "os"    :     "windows",
            "mod"    :    "cstrike",
            "value"    :    "?ArmouryTouch@CArmoury@@QAEXPAVCBaseEntity@@@Z"
        },
        {
            "os"    :    "linux",
            "mod"    :    "cstrike",
            "value" :    "ArmouryTouch__8CArmouryP11CBaseEntity"
        }
    ]
}
It works, but can you confirm if the signature is right this time ?
__________________

Quote:
Originally Posted by nikhilgupta345 View Post
You're retarded.
drekes is offline
Send a message via MSN to drekes
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 03-09-2011 , 11:24   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #16

It seems right.

But here it's an easy function since it's exported and you don't need to make a signature. :p
__________________
Arkshine is offline
drekes
Veteran Member
Join Date: Jul 2009
Location: Vault 11
Old 03-09-2011 , 11:36   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #17

Could you give me a harder function to find, so i can see if i got the way it works right
__________________

Quote:
Originally Posted by nikhilgupta345 View Post
You're retarded.
drekes is offline
Send a message via MSN to drekes
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 03-09-2011 , 11:56   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #18

Just look at the linux binary with IDA, pick up randomly a function which is not renamed in the windows one. But if you want a function, hmm, try to search HandleMenu_ChooseTeam() and make a signature.
__________________
Arkshine is offline
schmurgel1983
Veteran Member
Join Date: Aug 2006
Location: Germany
Old 03-09-2011 , 12:53   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #19

thanks its work
but how do u know sub_100D9550 is CBasePlayerWeapon::KickBack thats what i dosen't understand xD
__________________

Working on:
nothing
schmurgel1983 is offline
drekes
Veteran Member
Join Date: Jul 2009
Location: Vault 11
Old 03-09-2011 , 12:59   Re: Orpheu: How to make signatures (of bytes)
Reply With Quote #20

I'm having problems with that too.
I think i have the value for linux, but can't seem to find the windows value.

This is what i currently have:
Code:
{
    "name"        : "HandleMenu_ChooseTeam",
    "class"        : "CBasePlayer",
    "library"     : "mod",
    "arguments"    :
    [
        {    
            "type"     : "CBasePlayer *",
            "info"     : "Player id"
        },
        {
            "type"    : "int",
        }
    ],
    "identifiers" :
    [
        {
            "os"     : "windows",
            "mod"    : "cstrike",
            "value"    :
        },
        {
            "os"    : "linux",
            "mod"    : "cstrike",
            "value" : "HandleMenu_ChooseTeam__FP11CBasePlayeri"
        }
    ]
}
__________________

Quote:
Originally Posted by nikhilgupta345 View Post
You're retarded.
drekes is offline
Send a message via MSN to drekes
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:14.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode