mirror of
https://github.com/shavitush/bhoptimer.git
synced 2025-12-16 03:17:18 +00:00
349 lines
11 KiB
Plaintext
349 lines
11 KiB
Plaintext
"Games"
|
|
{
|
|
// A guide to find most of these signatures and offsets: https://www.youtube.com/watch?v=ekyLf6hu4qI and another https://www.youtube.com/watch?v=J7eHgK_UYOk
|
|
|
|
"#default"
|
|
{
|
|
"Keys"
|
|
{
|
|
"IGameMovement" "GameMovement001"
|
|
}
|
|
|
|
"Signatures"
|
|
{
|
|
"CreateInterface_Server"
|
|
{
|
|
"library" "server"
|
|
"windows" "@CreateInterface"
|
|
"linux" "@CreateInterface"
|
|
}
|
|
|
|
"CreateInterface_Engine"
|
|
{
|
|
"library" "engine"
|
|
"windows" "@CreateInterface"
|
|
"linux" "@CreateInterface"
|
|
}
|
|
}
|
|
|
|
"Offsets"
|
|
{
|
|
"OS"
|
|
{
|
|
"windows" "1"
|
|
"linux" "2"
|
|
}
|
|
|
|
"ProcessMovement"
|
|
{
|
|
"windows" "1"
|
|
"linux" "2"
|
|
}
|
|
}
|
|
}
|
|
|
|
"csgo"
|
|
{
|
|
"Addresses"
|
|
{
|
|
"m_surfaceFriction"
|
|
{
|
|
"signature" "CBasePlayer->m_surfaceFriction"
|
|
"read" "4" // skip the first 4 bytes
|
|
}
|
|
}
|
|
"Offsets"
|
|
{
|
|
// search string: "func_pushable" and you can find CBaseTrigger::PassesTriggerFilters / CBaseVPhysicsTrigger::PassesTriggerFilters. Follow references to these functions to find the vtable and then calculate the offset...
|
|
"CBaseTrigger::PassesTriggerFilters"
|
|
{
|
|
"windows" "210"
|
|
"linux" "211"
|
|
}
|
|
// search string: "start %f %f %f" and then check the function call offsets above it and convert them to vtable offsets (divide by 4 most likely or whatever)
|
|
"CCSPlayer::GetPlayerMaxSpeed"
|
|
{
|
|
"windows" "506"
|
|
"linux" "507"
|
|
"mac" "507"
|
|
}
|
|
// add 1 to the css offset and hope it works (or look around the references to "Invalid counterterrorist spawnpoint")
|
|
"CGameRules::IsSpawnPointValid"
|
|
{
|
|
"windows" "77"
|
|
"linux" "78"
|
|
"mac" "78"
|
|
}
|
|
// search string: "Can't find specific footstep sound!" to find CBasePlayer::PlayStepSound.
|
|
// then find the vtable from references and CBasePlayer::UpdateStepSound is right before PlayStepSound
|
|
"CBasePlayer::UpdateStepSound"
|
|
{
|
|
"windows" "409"
|
|
"linux" "410"
|
|
}
|
|
// TODO
|
|
"m_surfaceFriction"
|
|
{
|
|
"windows" "8"
|
|
"linux" "8"
|
|
}
|
|
// TODO
|
|
"GetClusterForOrigin"
|
|
{
|
|
"windows" "12"
|
|
"linux" "12"
|
|
}
|
|
// TODO
|
|
"GetArea"
|
|
{
|
|
"windows" "65"
|
|
"linux" "65"
|
|
}
|
|
}
|
|
|
|
"Signatures"
|
|
{
|
|
// search string: "silencer_detach" and then check the function calls above it
|
|
"Player::DoAnimationEvent"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x56\x8B\xF1\x57\x80\xBE\x2A\x2A\x2A\x2A\x00\x74\x2A\x51"
|
|
"linux" "\x55\x89\xE5\x57\x56\x53\x83\xEC\x0C\x8B\x5D\x2A\x8B\x75\x2A\x8B\x7D\x2A\x80\xBB\x2A\x2A\x2A\x2A\x00\x75"
|
|
}
|
|
// search string: "-nobots". On Linux this leads to `AreBotsAllowed()`, which can check the references to find MaintainBotQuota
|
|
"BotManager::MaintainBotQuota"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x14\x89\x4D\x2A\xFF\x15"
|
|
"linux" "\x55\x89\xE5\x57\x56\x53\x83\xEC\x2C\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\x2A\xA1"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s" to find PhysicsRemoveToucher.
|
|
// Find PhysicsCheckForEntityUntouch by checking the functions that call PhysicsRemoveToucher.
|
|
// This sucks to find.
|
|
"PhysicsCheckForEntityUntouch"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x56\x8B\xF1\x8B\x86\xD0\x00\x00\x00"
|
|
"linux" "\x55\x89\xE5\x57\x56\x53\x83\xEC\x24\x8B\x75\x2A\x6A\x01\x56"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s (%d-%d) [%d in play, %d max]\n".
|
|
// function with one argument is PhysicsRemoveTouchedList
|
|
// Also, this function is referenced (at least on linux) by `CPhysicsPropRespawnable::Event_Killed()` (which includes the string "PROP_CLEARFLAGS"
|
|
"PhysicsRemoveTouchedList"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x0C\x57\x8B\xF9\x8B\x87\x2A\x2A\x2A\x2A\xD1\xE8\xA8\x01\x0F\x84"
|
|
"linux" "\x55\x89\xE5\x57\x56\x53\x83\xEC\x34\x6A\x01\xFF\x75\x2A\xE8\x2A\x2A\x2A\x2A\x83\xC4\x10"
|
|
}
|
|
// search string: "sv_friction", look for instruction like this: "mov some_register, offset sv_friction_cvar"
|
|
// xref sv_friction_cvar, look for the place that it gets called and has this:
|
|
// *(float*)(a1[1] + some_offset) * (float(__thiscall)(void*))(*(uintptr_t*)sv_friction + GetFloatIndex*sizeof(void*))(sv_friction)
|
|
// make a signature for some_offset
|
|
// if it's unclear: https://youtu.be/xiNQ00X4R_I
|
|
// On Ghidra + Windows CSGO, the references are sometimes missing.
|
|
// You can find a variable/memory-location holding -25.0 with a memory search.
|
|
// This variable is referenced in the same function as where you can find this signature.
|
|
"CBasePlayer->m_surfaceFriction"
|
|
{
|
|
"windows" "\xF3\x0F\x10\x80\x2A\x2A\x2A\x2A\xF3\x0F\x59\x45\x2A\xF3\x0F\x11\x45"
|
|
"linux" "\xF3\x0F\x10\xB8\x2A\x2A\x2A\x2A\xA1"
|
|
}
|
|
}
|
|
}
|
|
|
|
"cstrike"
|
|
{
|
|
"Addresses"
|
|
{
|
|
"m_surfaceFriction"
|
|
{
|
|
"signature" "CBasePlayer->m_surfaceFriction"
|
|
"read" "2" // skip the first 2 bytes
|
|
}
|
|
}
|
|
|
|
"Offsets"
|
|
{
|
|
// https://asherkin.github.io/vtable/
|
|
"CBaseTrigger::PassesTriggerFilters"
|
|
{
|
|
"windows" "197"
|
|
"linux" "198"
|
|
}
|
|
// https://asherkin.github.io/vtable/
|
|
"CCSPlayer::GetPlayerMaxSpeed"
|
|
{
|
|
"windows" "438"
|
|
"linux" "439"
|
|
"mac" "439"
|
|
}
|
|
// https://asherkin.github.io/vtable/
|
|
"CGameRules::IsSpawnPointValid"
|
|
{
|
|
"windows" "76"
|
|
"linux" "77"
|
|
"mac" "77"
|
|
}
|
|
// https://asherkin.github.io/vtable/
|
|
"CBasePlayer::UpdateStepSound"
|
|
{
|
|
"windows" "358"
|
|
"linux" "359"
|
|
}
|
|
// find in CCSGameMovement::CheckForLadders which references CCSPlayer::CanGrabLadder
|
|
"CCSPlayer::m_lastStandingPos"
|
|
{
|
|
"windows" "5684"
|
|
"linux" "5704" // +20 wow that's easy!
|
|
}
|
|
// find CCSPlayer::CanGrabLadder via 4096.0f or symbols on linux...
|
|
"CCSPlayer::m_ladderSurpressionTimer"
|
|
{
|
|
"windows" "5700"
|
|
"linux" "5720" // +20 wow that's easy!
|
|
}
|
|
// find CCSPlayer::CanGrabLadder via 4096.0f or symbols on linux...
|
|
"CCSPlayer::m_lastLadderNormal"
|
|
{
|
|
"windows" "5712"
|
|
"linux" "5732" // +20 wow that's easy!
|
|
}
|
|
// find CCSPlayer::CanGrabLadder via 4096.0f or symbols on linux...
|
|
"CCSPlayer::m_lastLadderPos"
|
|
{
|
|
"windows" "5724"
|
|
"linux" "5744" // +20 wow that's easy!
|
|
}
|
|
// TODO
|
|
"GetClusterForOrigin"
|
|
{
|
|
"windows" "11"
|
|
"linux" "11"
|
|
}
|
|
// TODO
|
|
"GetArea"
|
|
{
|
|
"windows" "64"
|
|
"linux" "64"
|
|
}
|
|
}
|
|
|
|
"Signatures"
|
|
{
|
|
// search string: "ReloadEffect" to find CWeaponCSBase::SendReloadEvents and then DoAnimationEvent is probably the second to last function called there.
|
|
"Player::DoAnimationEvent"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x10\x89\x4D\xFC\x83\x7D\x08\x02"
|
|
"linux" "@_ZN9CCSPlayer16DoAnimationEventE17PlayerAnimEvent_ti"
|
|
}
|
|
// search string: "-nobots"
|
|
"BotManager::MaintainBotQuota"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x14\xFF\x15"
|
|
"linux" "@_ZN13CCSBotManager16MaintainBotQuotaEv"
|
|
}
|
|
// search string: "Server is hibernating" to find SetHibernating and then go its references
|
|
"CGameServer::UpdateHibernationState"
|
|
{
|
|
"library" "engine"
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x57\x8B\xF9\x8B\x07\x8B\x40\x2A\xFF\xD0\x84\xC0\x0F\x84"
|
|
"linux" "@_ZN11CGameServer22UpdateHibernationStateEv"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s" to find PhysicsRemoveToucher.
|
|
// Find PhysicsCheckForEntityUntouch by checking the functions that call PhysicsRemoveToucher.
|
|
"PhysicsCheckForEntityUntouch"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x56\x8B\xF1\x8B\x86"
|
|
"linux" "@_ZN11CBaseEntity28PhysicsCheckForEntityUntouchEv"
|
|
}
|
|
// search string: "Could not add bot to the game: Team is full"
|
|
// protip: on csgo we just use mp_randomspawn instead.
|
|
"CCSGameRules::TeamFull"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x8B\x45\x2A\x83\xE8\x02"
|
|
"linux" "@_ZN12CCSGameRules8TeamFullEi"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s (%d-%d) [%d in play, %d max]\n".
|
|
// function with one argument is PhysicsRemoveTouchedList
|
|
"PhysicsRemoveTouchedList"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x57\x8B\x7D\x08\x8B\x87\x2A\x2A\x2A\x2A\xD1\xE8\xA8\x01\x0F\x84"
|
|
"linux" "@_ZN11CBaseEntity24PhysicsRemoveTouchedListEPS_"
|
|
}
|
|
// look for function CGameMovement::CategorizePosition
|
|
// and you will see something something *(_DWORD*)(a1[1] + some_offset) = 0x3F800000
|
|
// make a signature at "mov dword ptr[eax+some_offset], 3F800000h"
|
|
"CBasePlayer->m_surfaceFriction"
|
|
{
|
|
"windows" "\xC7\x80\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x8B\x07\xFF\x90"
|
|
"linux" "\xC7\x80\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x8B\x03\x89\x1C\x24\xFF\x90\x2A\x2A\x2A\x2A\x8B\x53\x04"
|
|
}
|
|
}
|
|
}
|
|
|
|
"tf"
|
|
{
|
|
"Offsets"
|
|
{
|
|
// https://asherkin.github.io/vtable/
|
|
"CBaseTrigger::PassesTriggerFilters"
|
|
{
|
|
"windows" "207"
|
|
"linux" "208"
|
|
}
|
|
// https://asherkin.github.io/vtable/
|
|
"CGameRules::IsSpawnPointValid"
|
|
{
|
|
"windows" "76"
|
|
"linux" "77"
|
|
}
|
|
// https://asherkin.github.io/vtable/
|
|
"CBasePlayer::UpdateStepSound"
|
|
{
|
|
"windows" "368"
|
|
"linux" "369"
|
|
}
|
|
}
|
|
|
|
"Signatures"
|
|
{
|
|
// search string: "BumperCar.Jump" to find CTFGameMovement::CheckJumpButton.
|
|
// Then the call to PreventBunnyJumping is right above the string reference somewhere...
|
|
// Update 2024-04-18: This fucking bitch got inlined on Windows so this signature is now to the first jump instruction of it to gtfo of doing the velocity stuff. https://i.imgur.com/LDq6Ubo.png
|
|
"CTFGameMovement::PreventBunnyJumping"
|
|
{
|
|
"windows" "\x75\x2A\x8B\x47\x2A\x8D\x77\x2A\x0F\x57\xC0"
|
|
"linux" "@_ZN15CTFGameMovement19PreventBunnyJumpingEv"
|
|
}
|
|
// search string: "Usage: setang_exact pitch yaw" to find setang_exact's handler. Then the last function call in the handler is DoAnimationEvent.
|
|
"Player::DoAnimationEvent"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x51\x53\x56\x8B\x35\x2A\x2A\x2A\x2A\x8B\xD9\x8B\xCE"
|
|
"linux" "@_ZN9CTFPlayer16DoAnimationEventE17PlayerAnimEvent_ti"
|
|
}
|
|
// search string: "match"
|
|
"BotManager::MaintainBotQuota"
|
|
{
|
|
"windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x81\xEC\x10\x01\x00\x00\x83\xB8\x2A\x2A\x2A\x2A\x00"
|
|
"linux" "@_ZN13CTFBotManager16MaintainBotQuotaEv"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s" to find PhysicsRemoveToucher.
|
|
// Find PhysicsCheckForEntityUntouch by checking the functions that call PhysicsRemoveToucher.
|
|
"PhysicsCheckForEntityUntouch"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x57\x8B\xF9\x8B\x87\x2A\x2A\x2A\x2A\xD1\xE8"
|
|
"linux" "@_ZN11CBaseEntity28PhysicsCheckForEntityUntouchEv"
|
|
}
|
|
// search string: "scoreboard_minigame"
|
|
"CTFGameRules::CalcPlayerScore"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x57\x8B\x7D\x2A\x85\xFF\x75\x2A\x33\xC0\x5F\x5D\xC3\x8B\x57"
|
|
"linux" "@_ZN12CTFGameRules15CalcPlayerScoreEP12RoundStats_tP9CTFPlayer"
|
|
}
|
|
// search string: "remove 0x%p: %s-%s (%d-%d) [%d in play, %d max]\n".
|
|
// function with one argument is PhysicsRemoveTouchedList
|
|
"PhysicsRemoveTouchedList"
|
|
{
|
|
"windows" "\x55\x8B\xEC\x83\xEC\x08\x53\x8B\x5D\x2A\x8B\x83"
|
|
"linux" "@_ZN11CBaseEntity24PhysicsRemoveTouchedListEPS_"
|
|
}
|
|
}
|
|
}
|
|
}
|