Raised This Month: $100 Target: $400
 25% 

[ANY-dev] Raw Entity Dump


Post New Thread Reply   
 
Thread Tools Display Modes
Author
sarysa
Senior Member
Join Date: Mar 2014
Plugin ID:
4232
Plugin Version:
0.4
Plugin Category:
Technical/Development
Plugin Game:
Any
Plugin Dependencies:
    Servers with this Plugin:
     
    Plugin Description:
    Dump raw binary entity data, diffs including float info, find values' raw offsets
    Old 06-04-2014 , 08:42   [ANY-dev] Raw Entity Dump
    Reply With Quote #1

    DO NOT INSTALL ON A LIVE SERVER

    Here's a list of commands it registers. They're documented in more detail below...
    - red_dump [entityIdx OR entityClassname] [endPosition] [filepathRelativeToServerGameDir] (startPosition)
    - red_dump_key [entityIdx OR entityClassname] [endPosition] [keyId-OR-commandName] [filepathRelativeToServerGameDir] (startPosition)
    - red_dump_floats [entityIdx OR entityClassname] [endPosition] [filepathRelativeToServerGameDir] (startPosition)
    - red_diff [filename1] [filename2]
    - red_exclude_diff [filename1] [filename2] [filename3] [excludeIdx (1-3)]
    - red_find_value [entity] [endPosition] [value] [type]
    - red_find_similar [entity] [endPosition] [knownNetProp] [type] [netClassname]

    These commands which allow you to dump the raw data of an entity (or the first instance of an entity with a specific classname) to a file, as well as allowing diffing of the files you've dumped! You can also search for values...either a known value, or a value shared by a known network variable.

    I was inspired to make this after seeing how wizards like voogru and FlaminSarge found all sorts of hidden props for various entities. Since I personally can't get a better way to do so up and running (i.e. I don't have a TF2 SDK with the sentry class) and I'm too VAC paranoid to use a program that reads memory, I figured getting a raw hex dump of entities would be the best way to go.

    This plugin is only intended for a test server and it does not even do things like safe file path checking. Misuse could possibly crash a server. So don't blame me if you failed to read the giant text at the start of this thread.

    USAGE
    red_dump [entityIdx OR entityClassname] [endPosition] [filepathRelativeToServerGameDir] (startPosition)

    EXAMPLES
    red_dump 23 8770 tfplayer.dmp
    red_dump obj_sentrygun 2832 tfsentry.dmp
    red_dump obj_sentrygun 2832 tfsentry2.dmp 1000

    Only tested in TF2 but I don't see why this wouldn't work on any Source game.
    Also only tested with SM 1.5.X but it's probably good for many older versions.

    HOW TO USE
    So first you'll want to figure out the classname (NOT net classname) of whatever entity you want to discern state changes under normal circumstances for. I'll use obj_sentrygun of TF2 and a known net prop as an example. You need to have a current dump of all net props as well, so you can determine a good limit for reading an entity's data. (I think attempting to read beyond an entity's bounds may cause an error)

    With obj_sentrygun, I saw that the highest offset was a 4-byte integer at position 2828:
    Member: m_hAutoAimTarget (offset 2828) (type integer) (bits 21)
    so I set my bytesToDump to 2832, though I could easily experiment with something higher if I wanted to. (there could be hidden props beyond 2832)

    So I bound a couple keys on a server with just bots, went as engie with the Wrangler, and these are my two keybound commands:
    red_dump obj_sentrygun 2832 tfsentry1.dmp
    red_dump obj_sentrygun 2832 tfsentry2.dmp

    I know the prop for a wrangled sentry is m_bPlayerControlled (offset 2780). I built a sentry and once it was complete, I did my first dump. Then when I wrangled the sentry, I did my second dump. I then opened both files in HxD (my favorite hex editor) and went to offset 2780. The difference couldn't be more clear:


    So if I wanted to find some hidden netprop, I could use HxD's diff feature, or a dedicated binary diff program, and figure out where my desired hidden prop is by dumping before and during the state change I want to emulate by code. :D

    An optional parameter is (startPosition), which allows you to start at a specified offset instead of zero. You do not need to subtract this from total bytes -- this is already done for you...since your entity's upper limit probably won't change except when a new version of your game is released. Makes it more convenient.

    ADDED IN VERSION 0.2
    First of all, I fixed a bug with Windows where 0x0A and/or 0x0D was being output as 0x0A0D...forgot to use the "wb" file flags. Whoops.

    Second, I've added two commands:
    RED_DUMP_KEY
    Usage
    : red_dump_key [entityIdx OR entityClassname] [endPosition] [keyId-OR-commandName] [filepathRelativeToServerGameDir] (startPosition)
    Example: red_dump_key 23 8770 IN_RELOAD tfplayer.dmp
    Example: red_dump_key 23 8770 taunt tfplayer2.dmp
    Example: red_dump_key obj_sentrygun 2832 IN_ATTACK2 tfsentry.dmp
    Example: red_dump_key obj_sentrygun 2832 IN_ATTACK tfsentry2.dmp 1000

    What it does: It's similar to the above, except it creates three dumps. The first dump is made when the command is executed and outputs to the file listed. The second dump executes before a key is pressed or command is executed by the user who calls the command and appends .1 to the filename, i.e. tfsentry.dmp.1. The third dump executes in the next frame, and appends .2 to the filename. i.e. tf2sentry.dmp.2. Since the whole point of this plugin was to emulate how hidden props were found, and the example that inspired me (FlaminSarge's force sentry fire prop) could only be found in a very tiny timing window and was dependent on user input, may as well fill this gap.

    An optional parameter is (startPosition), which allows you to start at a specified offset instead of zero. You do not need to subtract this from total bytes -- this is already done for you...since your entity's upper limit probably won't change except when a new version of your game is released. Makes it more convenient.

    RED_DIFF
    Usage
    : red_diff [filename1] [filename2]
    Example: red_diff tfsentry1.dmp tfsentry2.dmp

    What it does: It's a file differ! It'll print out diffs of bytes, shorts, ints, and floats at the current offset -and- up to three bytes before the current offset. It outputs to [filename1].cmp...so for the example it would output to tfsentry1.dmp.cmp. Here's some example output from where I just change a sentry's angle, since the big draw with this differ is getting floats (note: the forum stripped the formatting, but there is indentation in the real thing!):
    Spoiler


    Limitations: Max file size is 32kb. Also, both files must be the same size.

    ADDED IN VERSION 0.3
    Bugfixes and the addition of an optional parameter for start position for the dump commands. (edited the documentation above) Also added the following command:

    RED_EXCLUDE_DIFF
    Usage: red_exclude_diff [filename1] [filename2] [filename3] [excludeIdx (1-3)]
    Example: red_exclude_diff tfsentry1.dmp tfsentry2.dmp tfsentry3.dmp 3

    What it does: It's an unusual but useful diff involving three files. First, bytes of the files which haven't been excluded are compared. Then they're both diffed against the excluded file. If this byte is different in all three files, no analysis is made for this difference. The reason I made this was because of common spam entries like animations or position changes. If you make one dump in one state and two dumps in a different state, red_exclude_diff will get rid of a lot of entries you won't care about since it's unrelated to the state change you're trying to emulate. It makes finding the hidden props you want less time consuming.

    ADDED IN VERSION 0.4
    Bugfixes, the ability for red_dump_key to also listen for commands (edited the documentation above) and dumps with startPosition set will fill the unwanted bytes with periods so diffs have the correct offset. Also added the following command:

    RED_DUMP_FLOATS
    Usage
    : red_dump_floats [entityIdx OR entityClassname] [endPosition] [filepathRelativeToServerGameDir] (startPosition)
    Example: red_dump_floats 23 8770 tfplayer.txt
    Example: red_dump_floats obj_sentrygun 2832 tfsentry.txt
    Example: red_dump_floats obj_sentrygun 2832 tfsentry2.txt 1000

    What it does: It checks every offset from startPosition to (endPosition - 3) and writes it to a human-readable file as a float. It also shows the hex value for reference. It's useful if you have a sense of range (but not an exact value) for a hidden float you're trying to find.

    RED_FIND_VALUE
    Usage: red_find_value [entityIdx OR entityClassname] [endPosition] [value] [type]
    Example: red_find_value 23 9814 180.0 float

    What it does: It finds a specific value. Note that it obviously can't do real type checking, so it'll just find raw matches for the value and type's length. (1, 2, or 4) The result is printed to both your local console and the server console.

    RED_FIND_SIMILAR
    Usage: red_find_similar [entityIdx OR entityClassname] [endPosition] [knownNetProp] [type] [netClassname]
    Example: red_find_similar 23 9814 m_flTauntYaw float CTFPlayer

    What it does: It gets the value of a known netprop that you specify and then searches the entity for matching values. Note that it obviously can't do real type checking, so it'll just find raw matches for the value and type's length. (1, 2, or 4) The result is printed to both your local console and the server console.

    RELEASE HISTORY/SOURCES
    v0.4 (2014-06-30)
    - Added red_dump_floats
    - Added red_find_similar
    - Added red_find_value
    - red_dump_key now accepts commands as well as input keys, as the trigger for the second and third dumps.
    - Changing the start position when doing a hex dump will now fill the skipped bytes with periods, so that when you go to diff them, your offsets will be correct. (and these bytes will not be counted in diffs since both files will have them the same)
    - Minor bugfixes

    v0.3 (2014-06-25)
    - Added red_exclude_diff
    - Added optional parameter to red_dump and red_dump_key for a start position.
    - Fixed diff to print out offsets in decimal as well as hex, since sm_dump_netprops outputs in decimal.
    - Fixed the usage printouts. (was calling everything red_dump lol)

    v0.2 (2014-06-24)
    - Added red_dump_key
    - Added red_diff
    - Fixed a glitch where 0x0A and/or 0x0D would be turned into windows newlines in the dump.

    v0.1 (2014-06-04)
    - Initial release
    Attached Files
    File Type: sp Get Plugin or Get Source (raw_entity_dump.sp - 253 views - 30.6 KB)
    __________________

    Last edited by sarysa; 06-30-2014 at 21:17. Reason: version 0.4
    sarysa is offline
    Root_
    Veteran Member
    Join Date: Jan 2012
    Location: ryssland
    Old 06-14-2014 , 00:17   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #2

    I like that! I will definitely use this.
    __________________


    dodsplugins.com - Plugins and Resources for Day of Defeat
    http://twitch.tv/zadroot
    Root_ is offline
    TnTSCS
    AlliedModders Donor
    Join Date: Oct 2010
    Location: Undisclosed...
    Old 06-14-2014 , 18:10   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #3

    +1 for this, thank you
    __________________
    View my Plugins | Donate
    TnTSCS is offline
    FlaminSarge
    Veteran Member
    Join Date: Jul 2010
    Old 06-17-2014 , 03:47   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #4

    Very nice; you might extend it to use LoadFromAddress to load arbitrary addresses, though that's just as dangerous and essentially equivalent if you're using this for entities.

    I'm wondering how strange it would be to monitor changes in an entity's data for a set number of bytes at a particular offset using this. Say, I want to watch the 10 bytes after 8440 on CTFPlayer. Probably doable, I'm guessing.
    __________________
    Bread EOTL GunMettle Invasion Jungle Inferno will break everything. Don't even ask.

    All plugins: Randomizer/GiveWeapon, ModelManager, etc.
    Post in plugin threads with questions.
    Steam is for playing games.
    You will be fed to javalia otherwise.
    Psyduck likes replays.
    FlaminSarge is offline
    friagram
    Veteran Member
    Join Date: Sep 2012
    Location: Silicon Valley
    Old 06-17-2014 , 07:27   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #5

    Quote:
    Originally Posted by FlaminSarge View Post
    Very nice; you might extend it to use LoadFromAddress to load arbitrary addresses, though that's just as dangerous and essentially equivalent if you're using this for entities.

    I'm wondering how strange it would be to monitor changes in an entity's data for a set number of bytes at a particular offset using this. Say, I want to watch the 10 bytes after 8440 on CTFPlayer. Probably doable, I'm guessing.
    I mentioned something like this to sarysa, have it compare a specified range and show only diffs as it happens in game. I think it was planned fort he future. I made something simple ages ago that would monitor offset changes for an entity, but it would only watch/set specific bytes, not compare a range for finding new stuff, which is the point of this.
    __________________
    Profile - Steam Group - Plugins - Blog - Donate
    Add me on steam if you are seeking sp/map/model commissions.
    friagram is offline
    VoiDeD
    SourceMod Plugin Unapprover
    Join Date: Mar 2009
    Location: Illinois, USA
    Old 06-23-2014 , 21:42   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #6

    Sounds like a terribly efficient way to encourage awful plugin habits.

    LoadFromAddress and friends should go the way of the trash bin. You shouldn't be manipulating data at random offsets in entities, your code will never survive updates.
    __________________
    VoiDeD is offline
    sarysa
    Senior Member
    Join Date: Mar 2014
    Old 06-24-2014 , 14:37   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #7

    Released version 0.2, which now supports dumping an entity around a player's keystroke, and most importantly -- a differ! Now Floats will be a lot easier to find and manipulate. Also fixed a glitch in 0.1 with output. I added a link to the old 0.1 but it sucks, get 0.2.

    Also I'm glad people like this concept.
    __________________
    sarysa is offline
    friagram
    Veteran Member
    Join Date: Sep 2012
    Location: Silicon Valley
    Old 06-24-2014 , 14:55   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #8

    Quote:
    Originally Posted by VoiDeD View Post
    Sounds like a terribly efficient way to encourage awful plugin habits.

    LoadFromAddress and friends should go the way of the trash bin. You shouldn't be manipulating data at random offsets in entities, your code will never survive updates.
    There are a few exceptions, like setting projectile damage, that this type stuff can be ok for.
    __________________
    Profile - Steam Group - Plugins - Blog - Donate
    Add me on steam if you are seeking sp/map/model commissions.
    friagram is offline
    Powerlord
    AlliedModders Donor
    Join Date: Jun 2008
    Location: Seduce Me!
    Old 06-24-2014 , 15:12   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #9

    Quote:
    Originally Posted by VoiDeD View Post
    Sounds like a terribly efficient way to encourage awful plugin habits.

    LoadFromAddress and friends should go the way of the trash bin. You shouldn't be manipulating data at random offsets in entities, your code will never survive updates.
    Personally, I'd love it if we could get support for reading things inside CUtlVectors using GetEntProp and friends, but until we do, we may be stuck with LoadFromAddress.

    I did some work with this before, but it's messy to try to do and unfortunately I think I accidentally wiped my local copy when switching over from pointing at the hg.alliedmods.net source to the github source.
    __________________
    Am I back? Well, we'll see.
    Powerlord is offline
    VoiDeD
    SourceMod Plugin Unapprover
    Join Date: Mar 2009
    Location: Illinois, USA
    Old 06-24-2014 , 19:16   Re: [ANY-dev] Raw Entity Dump
    Reply With Quote #10

    Quote:
    Originally Posted by Powerlord View Post
    Personally, I'd love it if we could get support for reading things inside CUtlVectors using GetEntProp and friends, but until we do, we may be stuck with LoadFromAddress.
    Pull requests welcome. All of the CUtlVector code for sendprops is in the SDK.
    __________________
    VoiDeD is offline
    Reply


    Thread Tools
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off

    Forum Jump


    All times are GMT -4. The time now is 18:55.


    Powered by vBulletin®
    Copyright ©2000 - 2017, vBulletin Solutions, Inc.
    Theme made by Freecode