Source.Python forums


https://www.sourcepython.com/

[HL2DM] UTIL_ImpactTrace

https://www.sourcepython.com/viewtopic.php?f=20&t=2242

Page 1 of 1

[HL2DM] UTIL_ImpactTrace

Posted: Wed Apr 22, 2020 5:02 am
by VinciT
While working on Painkiller's request, I tried to hook UTIL_ImpactTrace, but I'm not getting anywhere.

Syntax: Select all

# ../util_impact/util_impact.py

# Source.Python
import core
import memory
from memory import Convention, DataType
from memory.hooks import PreHook


server = memory.find_binary('server')

if core.PLATFORM == 'windows':
    identifier = b'\x55\x8B\xEC\x8B\x55\x08\x8B\x4A\x4C'
else:
    identifier = '_Z16UTIL_ImpactTraceP10CGameTraceiPKc'

# void UTIL_ImpactTrace(
# trace_t *pTrace, int iDamageType, const char *pCustomImpactName = NULL);
UTIL_ImpactTrace = server[identifier].make_function(
    Convention.CDECL,
    (DataType.POINTER, DataType.INT, DataType.STRING),
    DataType.VOID
    )
    
@PreHook(UTIL_ImpactTrace)
def impact_trace_pre(stack_data):
    print(stack_data)

Nothing's being printed with the signature (I'm running this on Windows). So I tried hooking the virtual function instead:

Syntax: Select all

# CBaseEntity::ImpactTrace(CGameTrace*, int, char const*)
[[impact_trace]]
    offset_linux = 78
    offset_windows = 77
    arguments = POINTER, INT, STRING
And.. still nothing. Any idea what's going on?

Re: [HL2DM] UTIL_ImpactTrace

Posted: Fri May 01, 2020 2:16 pm
by InvisibleSoldiers
I'm sometimes faced with the fact that the offsets on https://asherkin.github.io/vtable/ seems outdated or wrong for Windows(As I know it can successfully parse only Linux binaries and for windows binares it only predicts)(I guess you used it)
You can get function address through virtual func and check what a function really does or get a signature later which will be more stable through:

Syntax: Select all

server_binary = find_binary('server')
func = pointer.get_virtual_func(offset)
print(func.address - server_binary.base)

and then find the function by address and pressing G in IDA

Probably Windows signature:
void CBaseEntity::ImpactTrace( trace_t *pTrace, int iDamageType, const char *pCustomImpactName )
\x55\x8B\xEC\x81\xEC\x8C\x00\x00\x00\x56\x8B\x75\x08\x8D\x8D\x74\xFF\xFF\xFF

Re: [HL2DM] UTIL_ImpactTrace

Posted: Fri May 01, 2020 4:11 pm
by VinciT
You're spot on. I used asherkin's vtable dumper. But turns out that the issue was my server. Don't know how or why, but it got corrupted. So I reinstalled it along with SP and now the above signature and offset seem to work.

InvisibleSoldiers wrote:You can get function address through virtual func and check what a function really does or get a signature later which will be more stable through:

Syntax: Select all

server_binary = find_binary('server')
func = pointer.get_virtual_func(offset)
print(func.address - server_binary.base)

and then find the function by address and pressing G in IDA
Thank you for sharing this, I'm not that great at working with memory/offsets yet, but this will surely make it a bit easier. :smile:
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/