Raised This Month: $ Target: $400
 0% 

Help on a particular signature


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Misery
Senior Member
Join Date: Dec 2010
Old 06-10-2012 , 12:07   Help on a particular signature
Reply With Quote #1

Hi,

I'm trying to hook PF_WriteByte_I(). I've been able to hook successfully PF_MessageBegin_I() and PF_MessageEnd_I(), but I just cannot get WriteByte to work...
ANd here why: it's a relatively short, in fact very short function. It's more a wrapper than anything else, and all the other PF_Write[Type]_I() are based on the same skeleton, so it's hard to make a sig for it, since I end up with many memory refs. My only option was to use a displacement.

I've came to that sig:
Code:
{
	"name" : "PF_WriteByte_I",
	"library" : "engine",
	"arguments" :
	[
		{
			"type" : "int"
		}
	],
	"identifiers":
	[
		{
			"os" : "windows",
			"value" : [0xC3,0x90,"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",0x55,0x8B,"*",0xA1,"*","*","*","*",0x85,0xC0,0x75,"*",0x68,"*","*","*","*",0xE8,"*","*","*","*","*","*","*",0x8B,"*","*",0x50,0x68,"*","*","*","*",0xE8,"*","*","*","*",0x83,"*","*","*",0xC3],
			"displacement" : 18
		},
		{
			"os" : "linux",
			"value" : "PF_WriteByte_I"
		}
	]
}
No choice but to use a displacement. STill, the function is not working... each time my hook takes effect (i.e. when the func gets called), the server ends up crashing. Note on Linux it works perfectly, thanks to symbolic data.

I don't really know what I'm doing wrong on the windows part. I've used a 18 bytes displacement so I could make the signature unique. But, absolutely not working.

I'm posting the disasm here too.
As you can see, it just returns the return value of a called func.

Code:
.text:01D6ACAB                                                 loc_1D6ACAB:                            ; CODE XREF: sub_1D6AA40+33j
.text:01D6ACAB                                                                                         ; sub_1D6AA40+138j ...
.text:01D6ACAB 5F                                                              pop     edi             ; jumptable 01D6AC4F default case
.text:01D6ACAC 5E                                                              pop     esi
.text:01D6ACAD 5B                                                              pop     ebx
.text:01D6ACAE C3                                                              retn
.text:01D6ACAE                                                 sub_1D6AA40     endp
.text:01D6ACAE
.text:01D6ACAE                                                 ; ---------------------------------------------------------------------------
.text:01D6ACAF 90                                                              align 10h
.text:01D6ACB0 56 AC D6 01 5C AC D6 01 78 AC D6 01 93 AC D6 01 off_1D6ACB0     dd offset loc_1D6AC56   ; DATA XREF: sub_1D6AA40+20Fr
.text:01D6ACB0                                                                 dd offset loc_1D6AC5C   ; jump table for switch statement
.text:01D6ACB0                                                                 dd offset loc_1D6AC78
.text:01D6ACB0                                                                 dd offset loc_1D6AC93
.text:01D6ACC0
.text:01D6ACC0                                                 ; =============== S U B R O U T I N E =======================================
.text:01D6ACC0
.text:01D6ACC0                                                 ; Attributes: bp-based frame
.text:01D6ACC0
.text:01D6ACC0                                                 sub_1D6ACC0     proc near               ; CODE XREF: sub_1D54F80+141p
.text:01D6ACC0                                                                                         ; sub_1D55150+17Fp
.text:01D6ACC0                                                                                         ; DATA XREF: ...
.text:01D6ACC0
.text:01D6ACC0                                                 arg_0           = dword ptr  8
.text:01D6ACC0
.text:01D6ACC0 55                                                              push    ebp
.text:01D6ACC1 8B EC                                                           mov     ebp, esp
.text:01D6ACC3 A1 B4 27 03 02                                                  mov     eax, dword_20327B4
.text:01D6ACC8 85 C0                                                           test    eax, eax
.text:01D6ACCA 75 0D                                                           jnz     short loc_1D6ACD9
.text:01D6ACCC 68 C0 B3 E5 01                                                  push    offset aWrite_byteCall ; "WRITE_BYTE called with no active messag"...
.text:01D6ACD1 E8 4A 14 04 00                                                  call    sub_1DAC120
.text:01D6ACD1                                                 ; ---------------------------------------------------------------------------
.text:01D6ACD6 83                                                              db  83h ; â
.text:01D6ACD7 C4                                                              db 0C4h ; -
.text:01D6ACD8 04                                                              db    4
.text:01D6ACD9                                                 ; ---------------------------------------------------------------------------
.text:01D6ACD9
.text:01D6ACD9                                                 loc_1D6ACD9:                            ; CODE XREF: sub_1D6ACC0+Aj
.text:01D6ACD9 8B 45 08                                                        mov     eax, [ebp+arg_0]
.text:01D6ACDC 50                                                              push    eax
.text:01D6ACDD 68 FC A7 E5 01                                                  push    offset off_1E5A7FC
.text:01D6ACE2 E8 A9 AF FC FF                                                  call    sub_1D35C90
.text:01D6ACE7 83 C4 08                                                        add     esp, 8
.text:01D6ACEA 5D                                                              pop     ebp
.text:01D6ACEB C3                                                              retn
.text:01D6ACEB                                                 sub_1D6ACC0     endp
.text:01D6ACEB
.text:01D6ACEB                                                 ; ---------------------------------------------------------------------------
.text:01D6ACEC 90 90 90 90                                                     align 10h
Function starts at sub_1D6ACC0().


I was wondering if anyone could help me making it work. Note it's a tricky one... There is something I'm probably missing.

I wasnt sure about the arg type either. I know it's a WriteByte (hence it could be char), but I made an int there... I tried too with char in the sig, but not working better

Thanks!

Misery

Last edited by Misery; 06-10-2012 at 12:41.
Misery is offline
ConnorMcLeod
Veteran Member
Join Date: Jul 2006
Location: France (95)
Old 06-10-2012 , 13:03   Re: Help on a particular signature
Reply With Quote #2

1. What do you want to do ? hook messages sent from plugins ? or what ?
__________________
- tired and retired -

- my plugins -
ConnorMcLeod is offline
Misery
Senior Member
Join Date: Dec 2010
Old 06-10-2012 , 13:12   Re: Help on a particular signature
Reply With Quote #3

Exactly Connor. More specifically to recover certains messages not hookable through register_event(). The best example I have being the TeamInfo sent by cs_set_user_team().

Last edited by Misery; 06-10-2012 at 13:18.
Misery is offline
ConnorMcLeod
Veteran Member
Join Date: Jul 2006
Location: France (95)
Old 06-10-2012 , 13:32   Re: Help on a particular signature
Reply With Quote #4

Have you tried with offset to see if same crash occurs ?
__________________
- tired and retired -

- my plugins -
ConnorMcLeod is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 06-10-2012 , 13:41   Re: Help on a particular signature
Reply With Quote #5

Misery, for pfn* functions, you don't need signatures. See the first post of Orpheu module thread.
__________________
Arkshine is offline
Misery
Senior Member
Join Date: Dec 2010
Old 06-11-2012 , 05:14   Re: Help on a particular signature
Reply With Quote #6

Oh thanks Arkshine, works quite well now ^^

I have a question on the hook, and I thought it's not worth doing another topic with this...
If I hook MessageBegin() and put a variable there to check the message. such as this
Code:
public OnMessageBegin(msg_dest, msg_type, p1, p2)
{
              if (msg_type == g_msgid && dest == 2)
              {
                           bla bla
              }
}
ANd doing the same kind of thing for WriteByte... I was wondering, can it affect directly registry (i mean, on shots)? Aren't messages used to communicate the damages and stuff related to regs?
Not sure on that, I'm asking...

Thanks,
Misery

Last edited by Misery; 06-11-2012 at 05:17.
Misery is offline
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 06-11-2012 , 05:42   Re: Help on a particular signature
Reply With Quote #7

Not sure to understand what you're asking (registry?), you're doing only checks, unless you supercede at some point, there is no problem. Your second question is vague, most of game events are related to the HUD on the client and not the internal datas (I mean calculating damage and updating client hud are 2 different things).

Anyway, be more precise/clear and I will try to make a more decent answer.
__________________

Last edited by Arkshine; 06-11-2012 at 05:42.
Arkshine is offline
Misery
Senior Member
Join Date: Dec 2010
Old 06-12-2012 , 03:45   Re: Help on a particular signature
Reply With Quote #8

Well, thanks for answering Arkshin. Indeed, I do only checks in the hooks, and only one check per functions. That means if the condition is not met it stops there.

My question was about regs... Have you ever heard people complaining about "regs" on a counter-strike server?

Say Bob shoots on John, and Bob's aim is precisly, undoubtly on John's head, but the shot is not "registered" i.e. John does not get any damage, even if he was supposed to. Some servers have better "registry" than others, depending on the hardware they use...

In a more technical view. Say Misery shoots on Arkshine. Does the data related to bullets fired and angles is sent to the server through messages (i.e. the data needed so the server can calculate the damage)?

I just don't want to affect server performances...

Thanks!

Misery
Misery is offline
OvidiuS
Chillaxin'
Join Date: Dec 2009
Location: Serbia
Old 06-13-2012 , 05:12   Re: Help on a particular signature
Reply With Quote #9

Quote:
Originally Posted by Misery View Post
Well, thanks for answering Arkshin. Indeed, I do only checks in the hooks, and only one check per functions. That means if the condition is not met it stops there.

My question was about regs... Have you ever heard people complaining about "regs" on a counter-strike server?

Say Bob shoots on John, and Bob's aim is precisly, undoubtly on John's head, but the shot is not "registered" i.e. John does not get any damage, even if he was supposed to. Some servers have better "registry" than others, depending on the hardware they use...

In a more technical view. Say Misery shoots on Arkshine. Does the data related to bullets fired and angles is sent to the server through messages (i.e. the data needed so the server can calculate the damage)?

I just don't want to affect server performances...

Thanks!

Misery
I'm not sure about tehnical side, but i know that player rates/loss/choke etc.. have effect on this. Player and server settings can lead to interpolation and extrapolation.

Last edited by OvidiuS; 06-13-2012 at 05:12.
OvidiuS is offline
Send a message via Skype™ to OvidiuS
Misery
Senior Member
Join Date: Dec 2010
Old 06-14-2012 , 07:05   Re: Help on a particular signature
Reply With Quote #10

Well, thanks Ovidius, but, no offense, you don't really answer my question.

I'm asking if hooking pfnMessageBegin and other message functions (assuming I only do checks there, and execute code if needed to) can, in a situation say where multiple players shoot at the same time, it can lead to damage not taken into account i.e. If it can affects regs.
So yeah... I just want to know if messages are used for providing data necessary to damage calculations by the server.

Is this technique (i.e. using Orpheu this way) differs much from AMXX's register_event() hook?

Thanks

Misery

Last edited by Misery; 06-14-2012 at 07:07.
Misery is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 06:16.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode