API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 27th, 2016
551
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.45 KB | None | 0 0
raw download clone embed print report
  1. Relevant functions for smokes (as an example, other grenades work similarly)
  2. - Hooking via _ZN13CSmokeGrenade11EmitGrenadeE6Vector6QAngleS0_S0_P11CBasePlayerRK13CCSWeaponInfo
  3. - Throwing via _ZN23CSmokeGrenadeProjectile6CreateERK6VectorRK6QAngleS2_S2_P20CBaseCombatCharacterRK13CCSWeaponInfo
  4. - The last WeaponInfo arg can be gotten from calling _Z13GetWeaponInfo10CSWeaponID
  5.  
  6. What's the problem? Normally gamedata can just use the debug symbols above, but Valve removed those debug symbols late 2016. Normal sigscanning techniques on IDA with makesig.idc (https://github.com/alliedmodders/sourcemod/blob/master/tools/ida_scripts/makesig.idc) work for the *::Create functions, but not the *::EmitGrenade functions. Why? All the throw functions are similar, and differ mostly in calling another function, so the only difference is an address that has to get wildcarded to not break every update.
  7.  
  8. Take a look at the smoke emit function as an example:
  9.  
  10. .text:0044DA00 ; CSmokeGrenade::EmitGrenade(Vector, QAngle, Vector, Vector, CBasePlayer *, CCSWeaponInfo const&)
  11. .text:0044DA00 _ZN13CSmokeGrenade11EmitGrenadeE6Vector6QAngleS0_S0_P11CBasePlayerRK13CCSWeaponInfo proc near
  12. .text:0044DA00
  13. .text:0044DA00 arg_4 = byte ptr 0Ch
  14. .text:0044DA00 arg_10 = byte ptr 18h
  15. .text:0044DA00 arg_1C = byte ptr 24h
  16. .text:0044DA00 arg_28 = byte ptr 30h
  17. .text:0044DA00 arg_34 = dword ptr 3Ch
  18. .text:0044DA00 arg_38 = dword ptr 40h
  19. .text:0044DA00
  20. .text:0044DA00 55 push ebp
  21. .text:0044DA01 89 E5 mov ebp, esp
  22. .text:0044DA03 83 EC 28 sub esp, 28h
  23. .text:0044DA06 8B 45 40 mov eax, [ebp+arg_38]
  24. .text:0044DA09 89 44 24 14 mov [esp+14h], eax
  25. .text:0044DA0D 8B 45 3C mov eax, [ebp+arg_34]
  26. .text:0044DA10 89 44 24 10 mov [esp+10h], eax
  27. .text:0044DA14 8D 45 30 lea eax, [ebp+arg_28]
  28. .text:0044DA17 89 44 24 0C mov [esp+0Ch], eax
  29. .text:0044DA1B 8D 45 24 lea eax, [ebp+arg_1C]
  30. .text:0044DA1E 89 44 24 08 mov [esp+8], eax
  31. .text:0044DA22 8D 45 18 lea eax, [ebp+arg_10]
  32. .text:0044DA25 89 44 24 04 mov [esp+4], eax
  33. .text:0044DA29 8D 45 0C lea eax, [ebp+arg_4]
  34. .text:0044DA2C 89 04 24 mov [esp], eax
  35. .text:0044DA2F E8 FC E1 FD FF call _ZN23CSmokeGrenadeProjectile6CreateERK6VectorRK6QAngleS2_S2_P20CBaseCombatCharacterRK13CCSWeaponInfo ; CSmokeGrenadeProjectile::Create(Vector const&,QAngle const&,Vector const&,Vector const&,CBaseCombatCharacter *,CCSWeaponInfo const&)
  36. .text:0044DA34 C9 leave
  37. .text:0044DA35 C3 retn
  38.  
  39. The flash emit is identical but with a different address in the call instruction.
  40.  
  41. Since this clearly calls the ::Create function, I imagine you could just hook (aka create a detour) on ::Create, but I haven't managed to get that to work, so I detoured ::Emit, but getting gamedata for that isn't feasible anymore.
  42.  
  43.  
  44. FYI, the latest sigs I've gotten are:
  45. _Z13GetWeaponInfo10CSWeaponID: \x55\x89\xE5\x56\x53\x31\xDB\x83\xEC\x10\x8B\x55\x08\x85\xD2
  46. _ZN23CSmokeGrenadeProjectile6CreateERK6VectorRK6QAngleS2_S2_P20CBaseCombatCharacterRK13CCSWeaponInfo: \x55\x89\xE5\x57\x56\x53\x83\xEC\x2C\x8B\x45\x0C\xC7\x04\x24\x2A\x2A\x2A\x2A\x8B\x7D\x18
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!