API tools faq
paste
Guest User

Untitled

a guest
Jun 22nd, 2016
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 39.13 KB | None | 0 0
raw download clone embed print report
  1. "Games"
  2. {
  3. "left4dead2"
  4. {
  5. "Addresses"
  6. {
  7. "ZombieManager"
  8. {
  9. "windows"
  10. {
  11. "signature" "StartChangeLevel"
  12. "read" "293"
  13. }
  14. "linux"
  15. {
  16. "signature" "TheZombieManager"
  17. "read" "0"
  18. }
  19. }
  20. "WeaponInfoDatabase"
  21. {
  22. "windows"
  23. {
  24. "signature" "ReadWeaponDataFromFileForSlot"
  25. "read" "75"
  26. }
  27. "linux"
  28. {
  29. "signature" "WeaponInfoDatabase"
  30. }
  31. }
  32. "MeleeWeaponInfoStore"
  33. {
  34. "windows"
  35. {
  36. "signature" "CTerrorPlayer_GiveNamedItem"
  37. "read" "340"
  38. }
  39. "linux"
  40. {
  41. "signature" "CMeleeWeaponInfoStore"
  42. }
  43. }
  44.  
  45. "CDirector"
  46. {
  47. "windows"
  48. {
  49. "signature" "DirectorMusicBanks_OnRoundStart"
  50. "read" "12"
  51. }
  52. "linux"
  53. {
  54. "signature" "TheDirector"
  55. }
  56. }
  57. }
  58. "Offsets"
  59. {
  60. /* Offset into CDirector::AreWanderersAllowed */
  61. "CDirectorScavengeMode"
  62. {
  63. "windows" "11" /* mov ecx, [esi+offs] */
  64. "linux" "13" /* mov eax, [ebx+offs] */
  65. }
  66.  
  67. /* Offset from ConnectClientLobbyCheck to cmp with max players check
  68.  
  69. string #Valve_Reject_Server_Full
  70. */
  71. "ValveRejectServerFullFirst"
  72. {
  73. "windows" "30" /* cmp eax, [esi+180h] -> cmp eax, imm32 */
  74. "linux" "0" /* cmp esi, [ebx+17Ch] -> cmp esi, imm32 */
  75. }
  76.  
  77. /* Member variable offset into CTerrorGameRules
  78. *
  79. * - Look for CTerrorGameRules::GetVersusMaxCompletionScore, which is ref'd
  80. * - by CL4DGameStats::AddSurvivorStats--unique string "CharacterId"
  81. */
  82. "VersusMaxCompletionScore"
  83. {
  84. "windows" "3568"
  85. "linux" "3560"
  86. }
  87.  
  88. /* Offset into CTerrorPlayer
  89. * Is this right? How do we find it?
  90. */
  91. "SpawnTimer"
  92. {
  93. "windows" "11308"
  94. "linux" "11288"
  95. }
  96. }
  97.  
  98. "Signatures"
  99. {
  100.  
  101. /*
  102. * CTerrorGameRules::GetTeamScore(int,bool)
  103. * Find "Staying on original map %s\n"
  104. * -> CDirector::Restart(void)
  105. * -> showed up near "info_window"
  106. * -> called twice along with another function called twice (CterrorGameRules::UpdateChapterScores)
  107. */
  108. "GetTeamScore"
  109. {
  110. "library" "server"
  111. "linux" "@_ZN16CTerrorGameRules12GetTeamScoreEib"
  112. "windows" "\x55\x8B\xEC\x8B\x2A\x2A\x85\xC0\x2A\x2A\x33\xC0\x5D\xC2"
  113. /* 55 8B EC 8B ? ? 85 C0 ? ? 33 C0 5D C2 */
  114. }
  115.  
  116. /*
  117. * CTerrorGameRules::SetCampaignScores(int,int)
  118. * Search for unique string "singlechapter"
  119. * -> has two xref from same function, CTerrorGameRules::IsSingleChapterMode()
  120. * -> has two xref, one is CRestartGameIssue::ExecuteCommand() (exclude the other, CServerGameDLL::ServerHibernationUpdate(), which has string "FCVAR_NEVER_AS_STRING")
  121. * -> CRestartGameIssue::ExecuteCommand() calls CDirectorVersusMode::VoteRestartVersusLevel() (fourth call..?)
  122. * -> first call is CTerrorGameRules::SetCampaignScores()
  123. * make sure to double check uniqueness when done
  124. */
  125. "SetCampaignScores"
  126. {
  127. "library" "server"
  128. "linux" "@_ZN16CTerrorGameRules17SetCampaignScoresEii"
  129. "windows" "\x55\x8B\xEC\x56\x57\x8B\x7D\x08\x8B\xF1\x39\xBE\x2A\x2A\x2A\x2A\x74\x2A\xE8\x2A\x2A\x2A\x2A\x89\xBE\x2A\x2A\x2A\x2A\x8B"
  130. /* 55 8B EC 56 57 8B 7D 08 8B F1 39 BE ? ? ? ? 74 ? E8 ? ? ? ? 89 BE ? ? ? ? 8B */
  131. }
  132.  
  133. /*
  134. * CTerrorGameRules::ClearTeamScores(bool)
  135. */
  136. "ClearTeamScores"
  137. {
  138. "library" "server"
  139. "linux" "@_ZN16CTerrorGameRules15ClearTeamScoresEb"
  140. "windows" "\x55\x8B\xEC\x51\x0F\x57\xC0\x53\x56\x57\x33\xDB\x8B"
  141. /* 55 8B EC 51 0F 57 C0 53 56 57 33 DB 8B */
  142. }
  143.  
  144. /*
  145. * CBaseServer::SetReservationCookie(uint64_t, char*, va_list)
  146. * - clear the reservation by setting a cookie of 0
  147. */
  148. "SetReservationCookie"
  149. {
  150. "library" "engine"
  151. "linux" "@_ZN11CBaseServer20SetReservationCookieEyPKcz"
  152. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x53\x8B\x5D\x10\x56\x8B\x75\x08\x57\x8B\x7D\x0C\x3B"
  153. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 53 8B 5D 10 56 8B 75 08 57 8B 7D 0C 3B */
  154. }
  155.  
  156. /*
  157. * CTerrorPlayer::TakeOverBot
  158. * unique string "[TAKEOVER]: %s (%d) possessed %s"
  159. */
  160. "TakeOverBot"
  161. {
  162. "library" "server"
  163. "linux" "@_ZN13CTerrorPlayer11TakeOverBotEb"
  164. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x53\x56\x8D\x85"
  165. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 53 56 8D 85 */
  166. }
  167.  
  168. /*
  169. * SurvivorBot::SetHumanSpectator(CTerrorPlayer*)
  170. * Very similar to BossZombiePlayerBot::SetHumanSpectator()
  171. * SurvivorBot version has 5 xref (one of them is CTerrorPlayer::TakeOverBot), BossZombie has just 1 (CTerrorPlayer::TakeOverBot)
  172. */
  173. "SetHumanSpec"
  174. {
  175. "library" "server"
  176. "linux" "@_ZN11SurvivorBot17SetHumanSpectatorEP13CTerrorPlayer"
  177. "windows" "\x55\x8B\xEC\x56\x8B\xF1\x83\xBE\x2A\x2A\x2A\x2A\x00\x7E\x07\x32\xC0\x5E\x5D\xC2\x04\x00\x8B\x0D"
  178. /* 55 8B EC 56 8B F1 83 BE ? ? ? ? 00 7E 07 32 C0 5E 5D C2 04 00 8B 0D */
  179. }
  180.  
  181. /*
  182. * CDirectorScavengeMode::OnBeginRoundSetupTime
  183. * used to reset the setup timer during scavenge mode
  184. * has one of five references to string "ready_countdown"
  185. */
  186. "CDirectorScavengeMode_OnBeginRoundSetupTime"
  187. {
  188. "library" "server"
  189. "linux" "@_ZN21CDirectorScavengeMode21OnBeginRoundSetupTimeEv"
  190. "windows" "\x55\x8B\xEC\x83\xEC\x10\x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\x2A\xF3"
  191. /* 55 8B EC 83 EC 10 56 8B F1 E8 ? ? ? ? 84 C0 74 ? F3 */
  192. }
  193.  
  194. /* CTerrorGameRules::ResetRoundNumber
  195. * used to reset the round number during scavenge mode
  196. * Search for unique string "singlechapter"
  197. * -> has two xref from same function, CTerrorGameRules::IsSingleChapterMode()
  198. * -> has two xref, one is CRestartGameIssue::ExecuteCommand() (exclude the other, CServerGameDLL::ServerHibernationUpdate(), which has string "FCVAR_NEVER_AS_STRING")
  199. * -> calls CTerrorGameRules::GetMissionFirstMap (TODO more detail on where this is)
  200. * -> xref from CDirector::Rematch
  201. * -> CTerrorGameRules::ResetRoundNumber is called right before CTerrorGameRules::IsVersusMode
  202. */
  203. "CTerrorGameRules_ResetRoundNumber"
  204. {
  205. "library" "server"
  206. "linux" "@_ZN16CTerrorGameRules16ResetRoundNumberEv"
  207. "windows" "\x56\x8B\xF1\x83\xBE\x2A\x2A\x2A\x2A\x00\x74\x2A\xE8\x2A\x2A\x2A\x2A\xC7\x86\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x5E\xC3"
  208. /* 56 8B F1 83 BE ? ? ? ? 00 74 ? E8 ? ? ? ? C7 86 ? ? ? ? 00 00 00 00 5E C3 */
  209. }
  210.  
  211. /* CTerrorGameRules::SetRoundEndTime(float)
  212. * used to freeze the scavenge game clock
  213. * start with unique string "scavenge_round_halftime" in function CDirectorScavengeMode::EndScavengeRound
  214. * -> first call in CDirectorScavengeMode::EndScavengeRound
  215. */
  216. "CTerrorGameRules_SetRoundEndTime"
  217. {
  218. "library" "server"
  219. "linux" "@_ZN16CTerrorGameRules15SetRoundEndTimeEf"
  220. "windows" "\x55\x8B\xEC\x56\x8B\xF1\xF3\x0F\x10\x86\x2A\x2A\x2A\x2A\x0F\x2E\x45\x08\x9F\x57"
  221. /* 55 8B EC 56 8B F1 F3 0F 10 86 ? ? ? ? 0F 2E 45 08 9F 57 */
  222. }
  223.  
  224.  
  225. /* CDirector::AreWanderersAllowed(void)
  226. * Used to get offset for CDirectorScavengeMode
  227. * *(director + offset) == ptr to CDirectorScavengeMode
  228. * has unique string "AlwaysAllowWanderers"
  229. */
  230. "CDirector_AreWanderersAllowed"
  231. {
  232. "library" "server"
  233. "linux" "@_ZNK9CDirector19AreWanderersAllowedEv"
  234. "windows" "\x55\x8B\xEC\x83\xEC\x2A\x56\x8B\xF1\x8B\x8E\x2A\x2A\x2A\x2A\x8D\x45\xFF"
  235. /* 55 8B EC 83 EC ? 56 8B F1 8B 8E ? ? ? ? 8D 45 FF */
  236. }
  237.  
  238. /* Used solely to get the offset for TheDirector
  239. * CDirectorMusicBanks::OnRoundStart
  240. * Has unique string "Event.Reveal"
  241. */
  242. "DirectorMusicBanks_OnRoundStart"
  243. {
  244. "library" "server"
  245. "windows" "\x55\x8B\xEC\x83\xEC\x2A\x56\x57\x8B\xF9\x8B\x0D\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x84"
  246. /* 55 8B EC 83 EC ? 56 57 8B F9 8B 0D ? ? ? ? E8 ? ? ? ? 84 */
  247.  
  248. }
  249.  
  250. /* Find the Director/ZombieManager singleton classes */
  251.  
  252. "TheDirector"
  253. {
  254. "library" "server"
  255. "linux" "@TheDirector"
  256. }
  257.  
  258. "TheZombieManager"
  259. {
  260. "library" "server"
  261. "linux" "@TheZombieManager"
  262. }
  263.  
  264. /* Find the WeaponInfo Database dictionary */
  265. "WeaponInfoDatabase"
  266. {
  267. "library" "server"
  268. "linux" "@_ZL20m_WeaponInfoDatabase"
  269. }
  270.  
  271. /* We can find the WeaponInfoDatabase location in this sub on windows
  272. *
  273. * - Look for "scripts/%s", should be the ref that's furthest into a func.
  274. * OR
  275. * Look for unique string "scripts/weapon_manifest.txt", then look in same func for almost unique string "Expecting 'file', got %s\n", should be two calls before that string
  276. */
  277. "ReadWeaponDataFromFileForSlot"
  278. {
  279. "library" "server"
  280. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x8B\x45\x14\x53\x8B\x5D\x10"
  281. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 8B 45 14 53 8B 5D 10 */
  282. }
  283.  
  284. /* Find the Melee Weapon Info dictionary */
  285. "CMeleeWeaponInfoStore"
  286. {
  287. "library" "server"
  288. "linux" "@g_MeleeWeaponInfoStore"
  289. }
  290.  
  291. /* We can find the CMeleeWeaponInfo location in this sub on windows
  292. *
  293. * - "NULL Ent '%s' in GiveNamedItem!\n" is unique in thie function
  294. * - There are at least 3 calls using the g_MeleeWeaponInfoStore here--use some brain for offset.
  295. */
  296. "CTerrorPlayer_GiveNamedItem"
  297. {
  298. "library" "server"
  299. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x8B\x45\x14\x53\x8B\x5D\x08"
  300. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 8B 45 14 53 8B 5D 08 */
  301. }
  302.  
  303. /*
  304. * CDirector::RestartScenarioFromVote(const char*)
  305. * Search for unique string "singlechapter"
  306. * -> has two xref from same function, CTerrorGameRules::IsSingleChapterMode()
  307. * -> has two xref, one is CRestartGameIssue::ExecuteCommand() (exclude the other, CServerGameDLL::ServerHibernationUpdate(), which has string "FCVAR_NEVER_AS_STRING")
  308. * -> Last call in CRestartGameIssue::ExecuteCommand
  309. */
  310. "RestartScenarioFromVote"
  311. {
  312. "library" "server"
  313. "linux" "@_ZN9CDirector23RestartScenarioFromVoteEPKc"
  314. "windows" "\x55\x8B\xEC\x56\x8B\xF1\x8B\x0D\x2A\x2A\x2A\x2A\x57\x85"
  315. /* 55 8B EC 56 8B F1 8B 0D ? ? ? ? 57 85 */
  316. }
  317.  
  318. /*
  319. * ZombieManager::SpawnSpecial(ZombieClassType, Vector const&, QAngle const&)
  320. * Be careful, there are a few overrides for SpawnSpecial
  321. * Make sure the one you have has like 11 xrefs, 6 from CCommentaryZombieSpawner::InputSpawnZombie
  322. * To find, look for non-unique string "common_", has three refs, one ref will have strings for all classes, that's CCommentaryZombieSpawner::InputSpawnZombie
  323. */
  324. "SpawnSpecial"
  325. {
  326. "library" "server"
  327. "linux" "@_ZN13ZombieManager12SpawnSpecialE15ZombieClassTypeRK6VectorRK6QAngle"
  328. "windows" "\x55\x8B\xEC\x53\x8B\x5D\x08\x8D\x43\xFF\x56"
  329. /* 55 8B EC 53 8B 5D 08 8D 43 FF 56 */
  330. }
  331.  
  332. /*
  333. * ZombieManager::SpawnTank(Vector const&, QAngle const&)
  334. *
  335. * find by Navarea variant method and "Failed to find a tank spawn position i"
  336. * OR
  337. * To find, look for non-unique string "common_", has three refs, one ref will have strings for all classes, that's CCommentaryZombieSpawner::InputSpawnZombie
  338. * SpawnTank will be called after string "tank"
  339. */
  340. "SpawnTank"
  341. {
  342. "library" "server"
  343. "linux" "@_ZN13ZombieManager9SpawnTankERK6VectorRK6QAngle"
  344. "windows" "\x55\x8B\xEC\x57\x8B\xF9\x8B\x0D\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x78\x2A\x8B\x0D\x2A\x2A\x2A\x2A\x39"
  345. /* 55 8B EC 57 8B F9 8B 0D ? ? ? ? E8 ? ? ? ? 85 C0 78 ? 8B 0D ? ? ? ? 39 */
  346. }
  347.  
  348. /*
  349. * ZombieManager::SpawnWitch(Vector const&, QAngle const&)
  350. *
  351. * find by Navarea variant method and "Failed to find a witch spawn position i"
  352. * OR
  353. * To find, look for non-unique string "common_", has three refs, one ref will have strings for all classes, that's CCommentaryZombieSpawner::InputSpawnZombie
  354. * SpawnWitch will be called after string "witch"
  355. */
  356. "SpawnWitch"
  357. {
  358. "library" "server"
  359. "linux" "@_ZN13ZombieManager10SpawnWitchERK6VectorRK6QAngle"
  360. "windows" "\x55\x8B\xEC\x8B\x0D\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x78\x2A\x8B\x0D\x2A\x2A\x2A\x2A\x39\x81"
  361. /* 55 8B EC 8B 0D ? ? ? ? E8 ? ? ? ? 85 C0 78 */
  362. }
  363.  
  364. /*
  365. * ZombieManager::SpawnWitchBride(Vector const&, QAngle const&)
  366. * Has three xref, one is CInfoZombieSpawn::SpawnZombie (shared with SpawnWitch above)
  367. * where SpawnWitch is the third call after string "bride", and SpawnWitchBride is the second call after "bride"
  368. */
  369. "SpawnWitchBride"
  370. {
  371. "library" "server"
  372. "linux" "@_ZN13ZombieManager15SpawnWitchBrideERK6VectorRK6QAngle"
  373. "windows" "\x55\x8B\xEC\x8B\x0D\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x75"
  374. /* 55 8B EC 8B 0D ? ? ? ? E8 ? ? ? ? 85 C0 75 */
  375. }
  376.  
  377. /*
  378. * CDirectorVersusMode::OnVersusRoundStarted()
  379. * Unused? Nothing in source accesses this signature
  380. * Last call in CDirector::OnFirstSurvivorLeftSafeArea()
  381. * Also has string "versus_round_start"
  382. */
  383. "OnVersusRoundStarted"
  384. {
  385. "library" "server"
  386. "linux" "@_ZN19CDirectorVersusMode20OnVersusRoundStartedEv"
  387. "windows" "\x8B\x0D\x2A\x2A\x2A\x2A\x85\xC9\x74\x2A\xA1\x2A\x2A\x2A\x2A\xF3\x0F\x2A\x2A\x2A\x51\xF3\x0F\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x8B"
  388. /* 8B 0D ? ? ? ? 85 C9 74 ? A1 ? ? ? ? F3 0F ? ? ? 51 F3 0F ? ? ? E8 ? ? ? ? 8B */
  389. }
  390.  
  391. /*
  392. * CDirector::OnFirstSurvivorLeftSafeArea(CTerrorPlayer *)
  393. *
  394. * string "Allowing spawning - %s left safe area\n"
  395. */
  396. "OnFirstSurvivorLeftSafeArea"
  397. {
  398. "library" "server"
  399. "linux" "@_ZN9CDirector27OnFirstSurvivorLeftSafeAreaEP13CTerrorPlayer"
  400. "windows" "\x55\x8B\xEC\x83\xEC\x2A\x56\x57\x8B\x7D\x2A\x8B\xF1\x8B\x8E\x2A\x2A\x2A\x2A\x57\xE8"
  401. /* 55 8B EC 83 EC ? 56 57 8B 7D ? 8B F1 8B 8E ? ? ? ? 57 E8 */
  402. }
  403.  
  404. /*
  405. * CDirector::GetScriptValue(const char*, int)
  406. * Find CTerrorPlayer::OnRevived(), then look for string SurvivorMaxIncapacitatedCount
  407. * If you look for string "No conversion from %s to int now\n" you will be one call too deep
  408. */
  409. "CDirector_GetScriptValueInt"
  410. {
  411. "library" "server"
  412. "linux" "@_ZN9CDirector14GetScriptValueEPKci"
  413. "windows" "\x55\x8B\xEC\x8B\x81\x2A\x2A\x2A\x2A\x83\xEC\x10\x83\xF8\xFF\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x8B\x45\x2A\x8B"
  414. /* 55 8B EC 8B 81 ? ? ? ? 83 EC 10 83 F8 FF ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 8B 45 ? 8B */
  415. }
  416.  
  417. /*
  418. * CDirector::GetScriptValue(const char*, float)
  419. * Called in CDirector::OnMobRushStart
  420. */
  421. "CDirector_GetScriptValueFloat"
  422. {
  423. "library" "server"
  424. "linux" "@_ZN9CDirector14GetScriptValueEPKcf"
  425. "windows" "\x55\x8B\xEC\x8B\x81\x2A\x2A\x2A\x2A\x83\xEC\x10\x83\xF8\xFF\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\xD9"
  426. /* 55 8B EC 8B 81 ? ? ? ? 83 EC 10 83 F8 FF ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? D9 */
  427. }
  428.  
  429. /*
  430. * CDirector::GetScriptValue(const char*, const char*, char*, int)
  431. * unique string "OnChangeFinaleMusic", call right after it
  432. */
  433. "CDirector_GetScriptValueString"
  434. {
  435. "library" "server"
  436. "linux" "@_ZN9CDirector14GetScriptValueEPKcS1_Pci"
  437. "windows" "\x55\x8B\xEC\x8B\x81\x2A\x2A\x2A\x2A\x83\xEC\x2A\x56\x8B"
  438. /* 55 8B EC 8B 81 ? ? ? ? 83 EC ? 56 8B */
  439. }
  440.  
  441. /*
  442. * CDirector::IsFinaleEscapeInProgress(void)
  443. * unique string "#L4D_idle_spectator" in CTerrorPlayer::PreThink()
  444. * CDirector::IsFinaleEscapeInProgress is a couple calls before the string, and a couple calls after CountdownTimer::Now
  445. */
  446. "CDirector_IsFinaleEscapeInProgress"
  447. {
  448. "library" "server"
  449. "linux" "@_ZNK9CDirector24IsFinaleEscapeInProgressEv"
  450. "windows" "\x8B\x81\x2A\x2A\x2A\x2A\x83\x38\x2A\x75\x03\x32\xC0\xC3\x33\xC0\x83\xB9\x2A\x2A\x2A\x2A\x02\x0F\x94\xC0\xC3"
  451. /* 8B 81 ? ? ? ? 83 38 ? 75 03 32 C0 C3 33 C0 83 B9 ? ? ? ? 02 0F 94 C0 C3 */
  452. }
  453.  
  454. /*
  455. * CTerrorPlayer::CanBecomeGhost(bool areSpawnsDisabled)
  456. * unique string "ghost_spawn_time"
  457. */
  458. "CTerrorPlayer_CanBecomeGhost"
  459. {
  460. "library" "server"
  461. "linux" "@_ZN13CTerrorPlayer14CanBecomeGhostEb"
  462. "windows" "\x53\x8B\xDC\x83\xEC\x2A\x83\xE4\xF0\x83\xC4\x2A\x55\x8B\x6B\x04\x89\x6C\x24\x04\x8B\xEC\x83\xEC\x2A\x56\x57\x8B\xF1\xE8\x0E"
  463. /* 53 8B DC 83 EC ? 83 E4 F0 83 C4 ? 55 8B 6B 04 89 6C 24 04 8B EC 83 EC ? 56 57 8B F1 E8 0E */
  464. }
  465.  
  466. /*
  467. * CTerrorPlayer::OnEnterGhostState()
  468. * almost unique string spawnmode_bar has three refs, one ref has strings "zombieClass" and "data"
  469. */
  470. "CTerrorPlayer_OnEnterGhostState"
  471. {
  472. "library" "server"
  473. "linux" "@_ZN13CTerrorPlayer17OnEnterGhostStateEv"
  474. "windows" "\x55\x8B\xEC\x83\xEC\x08\x53\x56\x8B\xF1\x8B\x86\x2A\x2A\x2A\x2A\x8B"
  475. /* 55 8B EC 83 EC 08 53 56 8B F1 8B 86 ? ? ? ? 8B */
  476. }
  477.  
  478. /*
  479. * CDirector::IsFinale(void)const
  480. */
  481. "CDirector_IsFinale"
  482. {
  483. "library" "server"
  484. "linux" "@_ZNK9CDirector8IsFinaleEv"
  485. "windows" "\x8B\x81\x2A\x2A\x2A\x2A\x33\xC9\x83\x38\x2A\x0F\x95\xC0\xC3"
  486. /* 8B 81 ? ? ? ? 33 C9 83 38 ? 0F 95 C0 C3 */
  487. }
  488.  
  489. /*
  490. * CDirector::TryOfferingTankBot(void)
  491. * unique string "Tank offer: Starting the lottery\n"
  492. */
  493. "TryOfferingTankBot"
  494. {
  495. "library" "server"
  496. "linux" "@_ZN9CDirector18TryOfferingTankBotEP11CBaseEntityb"
  497. "windows" "\x55\x8B\xEC\x51\x83\x7D\x08\x00\x56\x8B\xF1\x89"
  498. /* 55 8B EC 51 83 7D 08 00 56 8B F1 89 */
  499. }
  500.  
  501. /*
  502. * CDirector::OnMobRushStart(void) - used by boomer and natural horde functions. Resets natural horde timer.
  503. *
  504. * find by String: "MobMinSize", its inlined in Windows
  505. */
  506. "OnMobRushStart"
  507. {
  508. "library" "server"
  509. "linux" "@_ZN9CDirector14OnMobRushStartEv"
  510. "windows" "\x55\x8B\xEC\x83\xEC\x08\xA1\x2A\x2A\x2A\x2A\xD9\x40\x2A\x56\x57\x51"
  511. /* 55 8B EC 83 EC 08 A1 ? ? ? ? D9 40 ? 56 57 51 */
  512. }
  513.  
  514. /*
  515. * ZombieManager::SpawnITMob(int) - used for bile hordes, increases spawn count
  516. *
  517. * search for unique strings with "SpawnITMob"
  518. */
  519. "Zombiemanager_SpawnITMob"
  520. {
  521. "library" "server"
  522. "linux" "@_ZN13ZombieManager10SpawnITMobEi"
  523. "windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\xD9\x40\x2A\x56\x57"
  524. /* 55 8B EC A1 ? ? ? ? D9 40 ? 56 57 */
  525. }
  526.  
  527. /*
  528. * ZombieManager::SpawnMob(int) - used for natural/z_spawn
  529. * hordes, increases spawn count and calls horde music, etc
  530. *
  531. * search for unique strings with "SpawnMob"
  532. */
  533. "Zombiemanager_SpawnMob"
  534. {
  535. "library" "server"
  536. "linux" "@_ZN13ZombieManager8SpawnMobEi"
  537. "windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\xD9\x40\x2A\x83\xEC\x2A\x53\x56\x57"
  538. /* 55 8B EC A1 ? ? ? ? D9 40 ? 83 EC ? 53 56 57 */
  539. }
  540.  
  541. /*
  542. * CTerrorPlayer::OnStaggered(CBaseEntity *, Vector const*) - used by L4D2 on Survivors, causes staggering (e.g. Charger Impact nearby)
  543. *
  544. * - string "PlayerShoved" has 3 refs, the one furthest into a function should be this one.
  545. */
  546. "CTerrorPlayer_OnStaggered"
  547. {
  548. "library" "server"
  549. "linux" "@_ZN13CTerrorPlayer11OnStaggeredEP11CBaseEntityPK6Vector"
  550. "windows" "\x53\x8B\xDC\x83\xEC\x2A\x83\xE4\xF0\x83\xC4\x04\x55\x8B\x6B\x04\x89\x6C\x24\x04\x8B\xEC\x83\xEC\x2A\x56\x57\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x84\xC0\x0F\x85\x6E\x08"
  551. /* 53 8B DC 83 EC ? 83 E4 F0 83 C4 04 55 8B 6B 04 89 6C 24 04 8B EC 83 EC ? 56 57 8B F1 E8 ? ? ? ? 84 C0 0F 85 6E 08
  552. * Using a long local jump as the unique portion (last few bytes of sig)
  553. */
  554. }
  555.  
  556. /*
  557. * CTerrorPlayer::OnShovedBySurvivor(CTerrorPlayer*, Vector const&) - used by L4D2 on Special Infected (got melee'd)
  558. * unique string "jockey_ride" in CTerrorPlayer::OnLeptOnSurvivor(),
  559. * look up for "JockeyZombie.Ride",
  560. * look up for var_14,
  561. * CTerrorPlayer::OnShovedBySurvivor is call after that
  562. */
  563. "CTerrorPlayer_OnShovedBySurvivor"
  564. {
  565. "library" "server"
  566. "linux" "@_ZN13CTerrorPlayer18OnShovedBySurvivorEPS_RK6Vector"
  567. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x53\x8B\x5D\x08\x56\x57\x8B\x7D\x0C\x8B\xF1"
  568. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 53 8B 5D 08 56 57 8B 7D 0C 8B F1 */
  569. }
  570.  
  571. /*
  572. * CTerrorPlayer::GetWalkTopSpeed(void)const
  573. * an xref from GetRunTopSpeed
  574. */
  575. "CTerrorPlayer_GetWalkTopSpeed"
  576. {
  577. "library" "server"
  578. "linux" "@_ZNK13CTerrorPlayer15GetWalkTopSpeedEv"
  579. "windows" "\x56\x8B\xF1\x80\x2A\x2A\x2A\x2A\x2A\x2A\x74\x2A\x5E\xE9\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x50\xE8"
  580. /* 56 8B F1 80 ? ? ? ? ? ? 74 ? 5E E9 ? ? ? ? E8 ? ? ? ? 50 E8 */
  581. }
  582.  
  583. /*
  584. * CTerrorPlayer::GetRunTopSpeed(void)const
  585. *
  586. * - Only references to float value 115.0 (00 00 E6 42) are in this func.
  587. */
  588. "CTerrorPlayer_GetRunTopSpeed"
  589. {
  590. "library" "server"
  591. "linux" "@_ZNK13CTerrorPlayer14GetRunTopSpeedEv"
  592. "windows" "\x55\x8B\xEC\x83\xEC\x2A\x56\x8B\xF1\x8B\x06\x8B\x90\x2A\x2A\x2A\x2A\xFF\xD2\x84\xC0\x74\x0D\xA1\x2A\x2A\x2A\x2A\xD9\x40\x2A\x5E"
  593. /* 55 8B EC 83 EC ? 56 8B F1 8B 06 8B 90 ? ? ? ? FF D2 84 C0 74 0D A1 ? ? ? ? D9 40 ? 5E */
  594. }
  595.  
  596. /*
  597. * CTerrorPlayer::GetCrouchTopSpeed(void)const
  598. * an xref from GetRunTopSpeed
  599. */
  600. "CTerrorPlayer_GetCrouchTopSpeed"
  601. {
  602. "library" "server"
  603. "linux" "@_ZNK13CTerrorPlayer17GetCrouchTopSpeedEv"
  604. "windows" "\x56\x8B\xF1\x80\x2A\x2A\x2A\x2A\x2A\x2A\x74\x2A\x5E\xE9\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x83\xF8"
  605. /* 56 8B F1 80 ? ? ? ? ? ? 74 ? 5E E9 ? ? ? ? E8 ? ? ? ? 83 F8 */
  606. }
  607.  
  608. /*
  609. * CTerrorPlayer::OnRevived(void)
  610. *
  611. * ->Search for string "revive_success", then open vtables window. Should be the 5th member.
  612. * Left4Downtown2 patches this function, which will prevent Sourcemod from finding it
  613. * That is why the first six bytes are wild cards (five bytes for detour + nop fill the remaining bytes of the instructions)
  614. */
  615. "CTerrorPlayer_OnRevived"
  616. {
  617. "library" "server"
  618. "linux" "@_ZN13CTerrorPlayer9OnRevivedEv"
  619. "windows" "\x2A\x2A\x2A\x2A\x2A\x2A\x53\x56\x8B\xF1\x8B\x06\x8B\x90\x2A\x2A\x2A\x2A\x57\xff\xd2\x84\xc0\x0f\x84\x2A\x2A\x2A\x2A\x8B\xCE"
  620. /* ? ? ? ? ? ? 53 56 8B F1 8B 06 8B 90 ? ? ? ? 57 ff d2 84 c0 0f 84 ? ? ? ? 8B CE */
  621. }
  622.  
  623. /*
  624. * GetDifficulty(void)
  625. * - Look for unique string "charger_impact" in ThrowImpactedSurvivor()
  626. * - Look for call whose return value is being cmp'd against 2 and 3, that's GetDifficulty
  627. */
  628. "GetDifficulty"
  629. {
  630. "library" "server"
  631. "linux" "@_Z13GetDifficultyv"
  632. "windows" "\xA1\x2A\x48\x7A\x10\xC3"
  633. /* A1 ? 48 7A 10 C3 */
  634. }
  635.  
  636. /*
  637. * CTerrorGameRules::HasConfigurableDifficultySetting(void)
  638. *
  639. * - Look for string "hasdifficulty"
  640. */
  641. "HasConfigurableDifficulty"
  642. {
  643. "library" "server"
  644. "linux" "@_ZN16CTerrorGameRules32HasConfigurableDifficultySettingEv"
  645. "windows" "\x8B\x0D\x2A\x2A\x2A\x2A\x85\xC9\x75\x1B\xE8\x2A\x2A\x2A\x2A\x84"
  646. /* 8B 0D ? ? ? ? 85 C9 75 1B E8 ? ? ? ? 84 */
  647. }
  648.  
  649. /*
  650. * CTerrorGameRules::GetSurvivorSet(void)
  651. *
  652. * - string "survivor_set"
  653. */
  654. "GetSurvivorSet"
  655. {
  656. "library" "server"
  657. "linux" "@_ZN16CTerrorGameRules14GetSurvivorSetEv"
  658. "windows" "\x55\x8B\xEC\x51\x8B\x0D\x2A\x2A\x2A\x2A\x8B\x01\x8B\x50\x2A\x53"
  659. /* 55 8B EC 51 8B 0D ? ? ? ? 8B 01 8B 50 ? 53 */
  660. }
  661.  
  662. /*
  663. * CTerrorGameRules::FastGetSurvivorSet(void)
  664. *
  665. * - Should be 2 calls after "DistToMechanic" in CTerrorPlayer::ModifyOrAppendCriteria
  666. */
  667. "FastGetSurvivorSet"
  668. {
  669. "library" "server"
  670. "linux" "@_ZN16CTerrorGameRules18FastGetSurvivorSetEv"
  671. "windows" "\xA1\x2A\x2A\x2A\x2A\x85\xC0\x75\x0A\xE8"
  672. /* A1 ? ? ? ? 85 C0 75 0A E8 */
  673. }
  674.  
  675. /*
  676. * CDirectorVersusMode::GetMissionVersusBossSpawning(float&, float&, float&, float&)
  677. *
  678. * - string "versus_boss_spawning" hits in 2 functions: This short func and the much longer InitVersusBossSpawning
  679. */
  680.  
  681. "GetMissionVersusBossSpawning"
  682. {
  683. "library" "server"
  684. "linux" "@_ZN19CDirectorVersusMode28GetMissionVersusBossSpawningERfS0_S0_S0_"
  685. "windows" "\x55\x8B\xEC\x6A\x00\xE8\x2A\x2A\x2A\x2A\x83\xC4\x04\x85"
  686. /* 55 8B EC 6A 00 E8 ? ? ? ? 83 C4 04 85 */
  687. }
  688.  
  689. /*
  690. * CTerrorGameRules::GetMissionCurrentMap(KeyValues **)
  691. *
  692. * - Look for string "chapter" (unique on windows only) in CDirector:OnMapLoaded.
  693. * - Function called right before that with 0 as arg.
  694. * NOTE/WARNING: This function is incredibly non-unique!!!! Replace with a native implementation!!
  695. */
  696. "GetMissionCurrentMap"
  697. {
  698. "library" "server"
  699. "linux" "@_ZN16CTerrorGameRules20GetMissionCurrentMapEPP9KeyValues"
  700. "windows" "\x55\x8B\xEC\x56\x57\x8B\x7D\x08\x85\xFF\x74\x06\xC7\x07\x00\x00\x00\x00\x8B\x0D\x2A\x2A\x2A\x2A\x8B\x01\x8B\x50\x28\xFF\xD2\x8B\x10\x8B\xC8\x8B\x42\x04\x6A\x00\xFF\xD0\x8B\xF0\x85\xF6\x75\x04\x5F\x5E\x5D\xC3\x8B\x0D\x2A\x2A\x2A\x2A\x8B\x11\x8B\x42\x08\x57\x56\xFF\xD0\x8B"
  701. /*
  702. * 68 byte signature. Fuck me.
  703. * 55 8B EC 56 57 8B 7D 08 85 FF 74 06 C7 07 00 00 00 00 8B 0D ? ? ? ? 8B 01 8B 50 28 FF D2 8B 10 8B C8 8B 42 04 6A 00 FF D0 8B F0 85 F6 75 04 5F 5E 5D C3 8B 0D ? ? ? ? 8B 11 8B 42 08 57 56 FF D0 8B
  704. */
  705. }
  706.  
  707. /*
  708. * CThrow::ActivateAbililty()
  709. * Start a tank rock throw
  710. *
  711. * - "HulkZombie.Throw.Fail" has 2 refs in this function. Should be easy to find.
  712. */
  713. "CThrowActivate"
  714. {
  715. "library" "server"
  716. "linux" "@_ZN6CThrow15ActivateAbilityEv"
  717. "windows" "\x55\x8B\xEC\x51\x53\x8B\xD9\x8B\x83\x2A\x2A\x2A\x2A\x83"
  718. /* 55 8B EC 51 53 8B D9 8B 83 ? ? ? ? 83 */
  719. }
  720.  
  721. /*
  722. * CTerrorMeleeWeapon::StartMeleeSwing(CTerrorPlayer *, bool)
  723. *
  724. * find "melee attack failed - !IsWeaponVisible" in CTerrorWeapon::PrimaryAttack and look for a call (being passed ptr and float) followed by some sse xmm0 calls.
  725. */
  726. "StartMeleeSwing"
  727. {
  728. "library" "server"
  729. "linux" "@_ZN18CTerrorMeleeWeapon15StartMeleeSwingEP13CTerrorPlayerb"
  730. "windows" "\x55\x8B\xEC\x53\x56\x8B\xF1\x8B\x86\x2A\x2A\x2A\x2A\x50\xB9"
  731. /* 55 8B EC 53 56 8B F1 8B 86 ? ? ? ? 50 B9 */
  732. }
  733.  
  734. /*
  735. * CDirectorScriptedEventManager::SendInRescueVehicle(void)
  736. *
  737. * find by String "FinaleEscapeStarted"
  738. */
  739. "SendInRescueVehicle"
  740. {
  741. "library" "server"
  742. "linux" "@_ZN29CDirectorScriptedEventManager19SendInRescueVehicleEv"
  743. "windows" "\x55\x8B\xEC\x83\xEC\x18\x56\x68\x2A\x2A\x2A\x2A\x8B\xF1"
  744. /* 55 8B EC 83 EC 18 56 68 ? ? ? ? 8B F1 */
  745. }
  746.  
  747. /*
  748. * CDirectorScriptedEventManager__ChangeFinaleStage(int, char arg, int)
  749. * or CDirectorScriptedEventManager::ChangeFinaleStage(CDirectorScriptedEventManager::FinaleStageType,char const*)
  750. *
  751. * find by String "CHANGEFINALESTAGEOVERRIDE: %s\n"
  752. */
  753. "ChangeFinaleStage"
  754. {
  755. "library" "server"
  756. "linux" "@_ZN29CDirectorScriptedEventManager17ChangeFinaleStageENS_18ScriptedEventStageEPKc"
  757. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x00\x00\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x53\x8B\x5D\x08\x56\x8B\x75\x0C\x57\x53"
  758. /* 55 8B EC 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 45 FC 53 8B 5D 08 56 8B 75 0C 57 53 */
  759. }
  760.  
  761. /*
  762. * CDirectorVersusMode::EndVersusModeRound(bool)
  763. * Updates scores using a bunch of CTerrorGameRules calls and triggers the fullscreen_vs_scoreboard viewport panel
  764. *
  765. * find by String "fullscreen_vs_scoreboard", and look for a func which also creates a "scores" kv and sets values for "t1", "t2", "c1", "c2", and "tiebreak"
  766. */
  767. "EndVersusModeRound"
  768. {
  769. "library" "server"
  770. "linux" "@_ZN19CDirectorVersusMode18EndVersusModeRoundEb"
  771. "windows" "\x55\x8B\xEC\x83\xEC\x2A\x57\x8B\xF9\xE8\x2A\x2A\x2A\x2A\x84\xC0\x0F\x84"
  772. /* 55 8B EC 83 EC ? 57 8B F9 E8 ? ? ? ? 84 C0 0F 84 */
  773. }
  774.  
  775. /*
  776. * int CBaseAnimating::SelectWeightedSequence(int Activity)
  777. *
  778. * - Called at the end of CTerrorPlayer::SelectWeightedSequence() (found via string "Hulk_RunAttack1_Gesture")
  779. * NOTE - WARNING - This function should probably be hooked using vtable methods!!!!!!!! DEPRECATE
  780. */
  781. "SelectWeightedSequence"
  782. {
  783. "library" "server"
  784. "linux" "@_ZN14CBaseAnimating22SelectWeightedSequenceE8Activity"
  785. "windows" "\x55\x8B\xEC\x56\x8B\xF1\x83\xBE\x2A\x2A\x2A\x2A\x00\x57\x8B\xBE"
  786. /* 55 8B EC 56 8B F1 83 BE ? ? ? ? 00 57 8B BE */
  787. }
  788.  
  789. /*
  790. * InfoChangelevel::StartChangeLevel(Checkpoint const*)
  791. *
  792. * Used for finding ZombieManager on Windows
  793. * - String "Would change level, but not going to!\n" is unique to this function
  794. */
  795. "StartChangeLevel"
  796. {
  797. "library" "server"
  798. "linux" "@_ZN15InfoChangelevel16StartChangeLevelEPK10Checkpoint"
  799. "windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\x78\x30\x00\x56\x8B\xF1\x74"
  800. /* 55 8B EC A1 ? ? ? ? 83 78 30 00 56 8B F1 74 */
  801. }
  802.  
  803. /*
  804. * SurvivorBot::UseHealingItems(Action<SurvivorBot> *)
  805. * Called by the game when deciding whether the bots should use any healing items
  806. * unique string "Trying to heal a friend"
  807. */
  808. "UseHealingItems"
  809. {
  810. "library" "server"
  811. "linux" "@_ZN11SurvivorBot15UseHealingItemsEP6ActionIS_E"
  812. "windows" "\x55\x8B\xEC\x83\xEC\x20\x53\x56\x8B\xD9\x57\x8D\x8B"
  813. /* 55 8B EC 83 EC 20 53 56 8B D9 57 8D 8B */
  814. }
  815.  
  816. /*
  817. * SurvivorBot::FindScavengeItem(float)
  818. * Called by the game when deciding what items a bot should attempt to pick up
  819. * Despite name, has nothing to do with scavenge game mode
  820. * SurvivorBot::ScavengeNearbyItems(Action<SurvivorBot>*) has almost unique string "Scavenging something"
  821. * FindScavengeItem(float) is called with 420.0 (0x43D20000) as its argument
  822. */
  823. "FindScavengeItem"
  824. {
  825. "library" "server"
  826. "linux" "@_ZNK11SurvivorBot16FindScavengeItemEf"
  827. "windows" "\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A\x33\xC5\x89\x45\xFC\x53\x56\x57\x8B\xF9\x8B\x97\x2A\x2A\x2A\x2A\x8D\x85"
  828. /* 55 8B EC 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 FC 53 56 57 8B F9 8B 97 ? ? ? ? 8D 85 */
  829. }
  830.  
  831. /*
  832. * CTerrorWeapon::OnHit(CGameTrace &, Vector const&, bool)
  833. */
  834. "CTerrorWeapon__OnHit"
  835. {
  836. "library" "server"
  837. "linux" "@_ZN13CTerrorWeapon5OnHitER10CGameTraceRK6Vectorb"
  838. "windows" ""
  839. }
  840. /*
  841. * CBasePlayer::WaterMove(void)
  842. */
  843. "WaterMove"
  844. {
  845. "library" "server"
  846. "linux" "@_ZN11CBasePlayer9WaterMoveEv"
  847. "windows" ""
  848. }
  849.  
  850. /*
  851. * KeyValues *CTerrorGameRules::GetMissionInfo(void)
  852. */
  853. "CTerrorGameRules__GetMissionInfo"
  854. {
  855. "library" "server"
  856. "linux" "@_ZN16CTerrorGameRules14GetMissionInfoEv"
  857. "windows" ""
  858. }
  859.  
  860. /*********************************************************************
  861. ********************* ADDONS DISABLER ********************************
  862. *********************************************************************/
  863. /*
  864. * CBaseServer::FillServerInfo(SVC_ServerInfo *)
  865. */
  866. "CBaseServer__FillServerInfo"
  867. {
  868. "library" "engine"
  869. "linux" "@_ZN11CBaseServer14FillServerInfoER14SVC_ServerInfo"
  870. "windows" ""
  871. }
  872. /*
  873. * mov esi+[19h]
  874. */
  875. "VanillaModeOffset"
  876. {
  877. "library" "engine"
  878. "linux" "\xC6\x46\x1B\x4C\x88\x46\x19"
  879. "windows" ""
  880. }
  881.  
  882. /*********************************************************************
  883. ****************** PLAYER SLOTS PATCHING *****************************
  884. *********************************************************************/
  885.  
  886. /*
  887. * CTerrorGameRules::GetMaxHumanPlayers(void)
  888. * We just override the return value to our own
  889. *
  890. * This method is called for max players when viewing server info
  891. * Overriding this on Linux changes the server browser maxplayers
  892. *
  893. * On Windows overriding it doesn't fix the server browser,
  894. * but it does break scavenge mode (like the map doesn't support scavenge)
  895. *
  896. * Find via string "playercontrolledzombies", unique in Linux, inlined a few times in Windows
  897. * look for an inline that is very short and returns either 8 or 4 as a result
  898. * Commented out since the note above suggests it breaks scavenge?
  899. * Since it is inlined, its signature will look a LOT like CTerrorGameRules::HasPlayerControlledZombies()
  900. * this sig is probably also excessively wild carded (lots of very short local jumps that are probably safe)
  901. */
  902. "GetMaxHumanPlayers"
  903. {
  904. "library" "server"
  905. "linux" "@_ZNK16CTerrorGameRules18GetMaxHumanPlayersEv"
  906. // "windows" "\xF7\x05\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x74\x2A\xB8\x2A\x2A\x2A\x2A\xEB\x2A\xA1\x2A\x2A\x2A\x2A\x8B\x40\x2A\x85\xC0\x75\x2A\xB8\x2A\x2A\x2A\x2A\x8B\x2A\x2A\x2A\x2A\x2A\x8B\x11\x50\x8B\x2A\x2A\xFF\xD0\x85\xC0\x74\x2A\x6A\x00\x68\x2A\x2A\x2A\x2A\x8B\xC8\xE8\x2A\x2A\x2A\x2A\x85\xC0\xB8"
  907. /* F7 05 ? ? ? ? ? ? ? ? 74 ? B8 ? ? ? ? EB ? A1 ? ? ? ? 8B 40 ? 85 C0 75 ? B8 ? ? ? ? 8B ? ? ? ? ? 8B 11 50 8B ? ? FF D0 85 C0 74 ? 6A 00 68 ? ? ? ? 8B C8 E8 ? ? ? ? 85 C0 B8 */
  908. }
  909.  
  910. /*
  911. * Total Number of Players Supported (Steam Group/Lobby)
  912. * Currently disabled - SourceMod unable to look up other libraries.
  913. *
  914. "GetTotalNumPlayersSupported"
  915. {
  916. "library" "matchmaking_ds"
  917. "linux" "@_ZN11CMatchTitle27GetTotalNumPlayersSupportedEv"
  918. }
  919. */
  920.  
  921. /* CServerGameClients::GetPlayerLimits(int& , int&, int&)
  922. * Sig is still broken, cannot find in Windows
  923. */
  924. "GetPlayerLimits"
  925. {
  926. "library" "server"
  927. "linux" "@_ZNK18CServerGameClients15GetPlayerLimitsERiS0_S0_"
  928. // "windows" "\x8B\x44\x24\x04\x8B\x4C\x24\x08\xC7\x00\x2A\x2A\x2A\x2A\xC7\x01\x2A\x2A\x2A\x2A\x8B\x10"
  929. /* 8B 44 24 04 8B 4C 24 08 C7 00 ? ? ? ? C7 01 ? ? ? ? 8B 10 */
  930. }
  931.  
  932. /*
  933. * int CBaseServer::GetMasterServerPlayerCounts(int &, int &, int &)
  934. *
  935. * Used to override server browser maxplayers reporting (Windows)
  936. * Search for string: "increased_maxplayers", call is just before the string
  937. */
  938. "GetMasterServerPlayerCounts"
  939. {
  940. "library" "engine"
  941. "linux" "@_ZN11CBaseServer27GetMasterServerPlayerCountsERiS0_S0_"
  942. "windows" "\x55\x8B\xEC\x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x8B\x4D\x2A\x89\x01\x8B\x0D\x2A\x2A\x2A\x2A\x85\xC9\x74"
  943. /* windows: 55 8B EC 56 8B F1 E8 ? ? ? ? 8B 4D ? 89 01 8B 0D ? ? ? ? 85 C9 74 */
  944. }
  945.  
  946. /* Not an actual function,
  947. this is inside CBaseServer::ConnectClient (a jz instruction)
  948.  
  949. use it to remove skippable code when sv_allow_lobby_connect 0
  950. */
  951. "ConnectClientLobbyCheck"
  952. {
  953. /* look for jz between "#Valve_Reject_Server_Full" and "#Valve_Reject_Bad_Password" in Windows
  954. * On Linux, this points directy at the cmp for "#Valve_Reject_Server_Full" instead of the jz for the lobby
  955. * For 2.1.2.5 this offset was ebx+17Ch on Linux and esi+180h on Windows */
  956. "library" "engine"
  957. "linux" "\x3B\xB3\x2A\x2A\x2A\x2A\x0F\x8E\x2A\x2A\x2A\x2A\x8B\x03\xC7\x44\x24\x08\x2A\x2A\x2A\x2A\x89"
  958. /* 3B B3 ? ? ? ? 0F 8E ? ? ? ? 8B 03 C7 44 24 08 ? ? ? ? 89 */
  959.  
  960. "windows" "\x74\x2A\x8B\x55\x2A\x8B\x06\x8B\x7A\x2A\x8B\x50"
  961. /* windows: 74 ? 8B 55 ? 8B 06 8B 7A ? 8B 50 */
  962. }
  963.  
  964.  
  965. /* Not an actual function,
  966. This rejects players when there are all full human players
  967.  
  968. jl just before string "Human player limit reached (%d/%d)"
  969.  
  970. deprecated on linux: This function checks GetMaxHumanPlayers
  971. on linux, so patching this to an unconditional jump
  972. removes a check on maxplayers.
  973. */
  974. "HumanPlayerLimitReached"
  975. {
  976. "library" "server"
  977. // "linux" "\x7E\x2A\x8B\x2A\x2A\x89\x2A\x2A\x2A\x8B\x2A\x2A\x89\x2A\x2A\x2A\x8B\x2A\x2A\x89\x2A\x2A\x2A\x8B\x2A\x2A\x89\x2A\x2A\x2A\x8B\x2A\x2A\x89\x2A\x2A\x2A\x8B\x2A\x2A"
  978. /* linux: 7E ? 8B ? ? 89 ? ? ? 8B ? ? 89 ? ? ? 8B ? ? 89 ? ? ? 8B ? ? 89 ? ? ? 8B ? ? 89 ? ? ? 8B ? ? */
  979. "windows" "\x7C\x2A\x8B\x4D\x2A\x8B\x55\x2A\x50\x57\x68"
  980. /* windows: 7C ? 8B 4D ? 8B 55 ? 50 57 68 */
  981. }
  982.  
  983. /*********************************************************************
  984. ****************** MISC USEFUL NATIVES *******************************
  985. *********************************************************************/
  986.  
  987. /* CTerrorGameRules::IsMissionFinalMap()
  988. Uses campaign mission file to determine if the current map
  989. is a Final(e) map.
  990. Called from CDirectorVersusMode::EndVersusModeRound(), look near string "versus_match_finished"
  991. */
  992. "IsMissionFinalMap"
  993. {
  994. "library" "server"
  995. "linux" "@_ZN16CTerrorGameRules17IsMissionFinalMapEv"
  996. "windows" "\x8B\x0D\x2A\x2A\x2A\x2A\x8B\x01\x8B\x50\x28\x56\xFF\xD2\x8B\x10\x8B\xC8\x8B\x42\x04\x6A\x00\xFF\xD0\x8B\xF0\x85\xF6\x75\x04\xB0"
  997. /* 8B 0D ? ? ? ? 8B 01 8B 50 28 56 FF D2 8B 10 8B C8 8B 42 04 6A 00 FF D0 8B F0 85 F6 75 04 B0 */
  998. }
  999. /* CDirector::ResetMobTimer()
  1000. Resets the Director's natural horde timer. Normally this
  1001. is called when a horde is spawned naturally or by boomer.
  1002. Small function, nearly hits another segment in the file.
  1003.  
  1004. - Find it through only xref, which is setting up ScriptDesc structures: string "Trigger a mob as soon as possible when"
  1005. - If you go past the first call, you should hit unique bytes in sig making
  1006. */
  1007. "ResetMobTimer"
  1008. {
  1009. "library" "server"
  1010. "linux" "@_ZN9CDirector13ResetMobTimerEv"
  1011. "windows" "\x55\x8B\xEC\x51\x56\x57\x8D\xB9\x2A\x2A\x2A\x2A\x8B\xCF\xE8\x2A\x2A\x2A\x2A\xD9"
  1012. /* 55 8B EC 51 56 57 8D B9 ? ? ? ? 8B CF E8 ? ? ? ? D9 */
  1013. }
  1014. /* CGameRulesProxy::NotifyNetworkStateChanged()
  1015. This function is called before changing a variety of
  1016. pieces of networked data (data which is reflected in network
  1017. game states).
  1018.  
  1019. - Find "Going to intermission...\n" in CGameRules::GoToIntermission
  1020. - Last call in the func
  1021. */
  1022. "NotifyNetworkStateChanged"
  1023. {
  1024. "library" "server"
  1025. "linux" "@_ZN15CGameRulesProxy25NotifyNetworkStateChangedEv"
  1026. "windows" "\xA1\x2A\x2A\x2A\x2A\x85\xC0\x74\x2A\x80\x78"
  1027. /* A1 ? ? ? ? 85 C0 74 ? 80 78 */
  1028. }
  1029. }
  1030. }
  1031. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!