|
Module: Okapi
2 Attachment(s)
Hello. I've spent the last weeks working a new module built around a new idea to avoid using signatures. I've also took the chance to add it features based on the experience with the making of orpheu. So this module should be more funnier to use but more powerful than orpheu. The new idea, is about to identify a function, in an easy manner, hopefully resistant to game updates. It consists on the following notions: Half-Life functions are an interconnected tree around a core of engine and dll functions. Each function has a great chance of being connected to the core functions, and for each connection, there is a minimal length path between the points. The idea is to identify a function, based on a group of minimal path length between that function and the core functions. The tree is built with simple parsing of the assembly call instructions (for example, indirect calls are not parsed) in the libraries, but the results are solid, from my testing. Trees vary a great deal between mod's and operative systems but for the main purpose of providing a way of identifying a function in a manner resistant to game updates, they seem quite ok. So let's see an example. Remember that the purpose of this kind of identifier is to resist to game updates, so I will use and old version of half life dedicated server, against the latest version. This is to see if identifiers for one of them, find the same function on the other and vice-versa. I don't know if there is a legal way of testing this for an old cs server, but if you know I would like you to tell me. I had to pick a name for this identifier and I chose "treemap". From now on I will use this name to refer to them. hlds versions used: Code:
Protocol version 46, Exe version 4.1.1.1, Exe build: 10:25:33 Apr 30 2003 (2379)This is a function present in the engine library of the old HLDS server: http://oi59.tinypic.com/2vci89f.jpg Below, it has this portion that will make easy to identify it, in the other HLDS, to verify that we are dealing with the same function. http://oi58.tinypic.com/in63o4.jpg The first step now is to get it's treemap. This is done executing in the console the command: Code:
okapi desc 0x550F0This part: Code:
Map values {4,4,4,4,4,5,5,4,4,5,6,4,6,6,4,4,4,4,4,5,4,0,4,2,4,6,5,5,5,3,4,5,5,5,5,5,4,3,5,4,0,4,5,5,5,6,3,3,3,3,3,3,3,3,3,3,0,6,5,5,5,3,4,5,0,4,0,6,0,0,0,3,4,0,4,0,0,4,4,4,4,4,5,4,4,4,4,4,0,4,4,4,4,5,4,4,4,4,6,5,0,4,4,4,4,0,4,6,3,5,5,5,4,0,4,5,5,0,5,4,4,4,4,4,4,4,0,5,5,5,0,4,4,0,0,0,0,5,4,4,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0}This: Code:
"jp='.BU*&.B8u{.N#,#.Q'Z$.z=F'.uYU{.#dJ$. 2I$.T\F'.-)V{.Mp/$.RXS{.00}&.;WU{.!eu{.u~V{.UP_(.c:B.+5 &. 8u{.7,V{.*+w&.j+w&...&~3"This string is what I refer to as "treemap". Now, we will use try to use it as identifier to search it in the new hlds. Code:
okapi search "jp='.BU*&.B8u{.N#,#.Q'Z$.z=F'.uYU{.#dJ$. 2I$.T\F'.-)V{.Mp/$.RXS{.00}&.;WU{.!eu{.u~V{.UP_(.c:B.+5 &. 8u{.7,V{.*+w&.j+w&...&~3"In this image we can see a order list of the function that best match the given treemap. The wanted case is that the first one is the same function in this hlds version as 0x550F0 is in the old one. We can verify that it is the case in IDA: http://oi60.tinypic.com/29qocv5.jpg Now we can do the inverse: http://oi61.tinypic.com/aayele.jpg Now I will exemplify the use of a treemap in CS, with the InstallGameRules functions. This would be the code to use the treemap, and create and hook the function. PHP Code:
it just takes that time when the server is put on. I will extend the talk about treemaps on a later ocasion. Now, to show more of the module, I will continue from the previous code to show how to generically hook virtual functions. PHP Code:
The module supports also searching for signatures with the functions PHP Code:
The signatures should look like this: Code:
{0x51,0x56,"𐌻","𐌻",0x8B,0x86}You can hook any function that uses a combination of these types: PHP Code:
The only exceptions is that when the function return a Vector. That is because when the function returns a Vector, a pointer is passed in the beginning of the stack, so to handle that situation I would have to make a messy code so I prefered to ignore it. Still, if you really need to hook or use a function that returns a Vector, it can be made with some lines of code using some tricks. use "int" for long or for any value that you want to ignore. Other thing present in the module are natives to handle memory directly. You can use them to change any value in memory and for example to use structures not exposed via an API like playermove_s. Example of replacing a string that was painful to do with orpheu, now takes one line: PHP Code:
PHP Code:
Notes: I tested the module alone since I wanted to make it a surprise so I expect it to need some enhancements or have some bugs. When you use signatures to use functions, after you attach the module to a function, it modifies the bytes of the functions. That means that if you use the same signature twice, the second will fail. This means that if you use the same signature in two plugins, it will fail in one. To avoid this you can as an example, just to signature search in plugin_precache and hooking in plugin_init. Again, I invite you to check the include files, I'm sure you will find there information that you will put to good use. Also check the server console commands available, within the command okapi. :twisted: |
Re: Module: Okapi
God, this name sucks. So weird I was hesitating to continue to read. :twisted:
The idea is interesting, but I'm rather skeptical on the reliability, as I remember depending binaries version, calls order are not always the same ; though this should be ok for most of things (probably!). I'm not sure to like having a plugin more verbose, hardcoded and less readable. Also, even if dealing with config files is a pain, you can easily share them and build references index ; losing this might not a good point. I think it would be worth to add a parser for those whom want to use a config file ; something where we could use specify an alias for a treemap for example. Same for virtual functions offsets ; that's really not something which should be hardcoded. Another thing, in your example with InstallGameRules, you're using "_Z16InstallGameRulesv", but that's not going to work for older binaries. So either you need to check x symbols name, or you need to use a treemap like you do ; but for the latter is it going to work properly for windows/linux/osx ? Oh, where is the OSX support ? :twisted: Except that, I guess it could be useful ; I like the idea to have something more 'universal' but I hate it will be stucked like Orpheu to some structures. Well, I guess there is Rage for that. It's promising, and I would wish you improve usability in a more friendly way to have plugin more easy to maintain and more readable. Well, good job, anyway, eheh. :) |
Re: Module: Okapi
Just, amazing.
I think that we would need to see some examples of many natives (I've read them :mrgreen:) with some kind of explanations, I'm just impressed :D |
Re: Module: Okapi
Hi, can you write a tutorial how to patch value in mod dll using this module?
Ok i try to patch max roundtime: PHP Code:
Server/client details
|
Re: Module: Okapi
Quote:
PHP Code:
You would do PHP Code:
PHP Code:
After you patch the value by using a signature, remember that after map restart, the signature will be searched again, but now will not be found in the same memory location since it was altered. So be sure to check if the result from okapi_mod_find sig is not null, and be sure to confirm that your signature is unique. |
Re: Module: Okapi
Another userfriendly module.
|
Re: Module: Okapi
Doesn't this work in listen server?
Quote:
|
Re: Module: Okapi
You mf, I like it. :twisted:
|
Re: Module: Okapi
nice module; too bad i can use it or undrestand it.
|
Re: Module: Okapi
Quote:
Quote:
Quote:
|
Re: Module: Okapi
Quote:
PHP Code:
|
Re: Module: Okapi
yokomo, add support for Linux :fox: And update your build :crab:
|
Re: Module: Okapi
There is nothing wrong having extra files, and this is wrong to hardcode things in a plugin. Config file allows to organize and group together static data. Way more easy to maintain and to share.
Working with offset directly could be fine if you know you will never update your server, which is probably only for non-steam server. Otherwise it will break most likely at each update, so it may appear more simple but it's just an horrible way. |
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Quote:
You can hardcode thing for yourself if it makes you happy, but when a community is involved, it should be avoid as much as possible (for reasons said above). Instead of trying the easy way, using a smart one would be more appropriate. It's quite some common sense here. |
Re: Module: Okapi
Outdated signatures also needs new files, where's the problem?
|
Re: Module: Okapi
Signatures are more reliable than offsets, for your information.
Offsets change at each update. Signatures are based on bytes, and won't change by magic unless code has been changed in this area. If the current known signatures have changed, it's because Valve has updated their compiling tools recently and because the jump was big (gcc v2 -> v4), a lot of changes have happened. That's something which happens one time. Offsets are generally for testing purpose only. |
Re: Module: Okapi
Quote:
**Edit** Okapi also support signature scan, the only different is it located in .sma file. |
Re: Module: Okapi
I'm thinking community, you're thinking for yourself or the easiest way. If you don't understand, well, I can do nothing about it. Trying to argue based on Valve "possible" update is irrelevant. The point is to decide intelligently whether hardcoding is necessary from the context. Well, could you imagine how would be AMXX without configuration files ? It would be hell to maintain and to configure. Generally, like you would want to separate CSS from HTML, you would want to separate static datas/customization from AMXX code for the sake of flexibility, shareability, and maintainability. At least for AMXX plugins, it's really useful, and even if you need to deal with files, at the end it will be become helpful. Also it's more easy for an user to modify a configuration file than recompiling a plugin.
About orpheu signatures, we need someone to create a thread regrouping all known signatures; then it would be more easy to deal with updates and having a more consistent use. But, the problem is all people are lazy or/and busy as hell, ahah. Anyway you do what you want, it's fine (but don't use offset, tree and signatures are fine :P), just depending the context, it won't be a recommended way. |
Re: Module: Okapi
O-kapi or Ok-api?
|
Re: Module: Okapi
The reason I decided not to use configuration files is that changing an sma and compiling is very easy and actually makes it faster for someone to: notice that a plugin was updated, updating by replacing files (you just have one file to update), see signatures that are being used in a plugin just by looking at a sma.
But what Arkshine said about centralizing signatures makes sense. And it can be added to okapi without changing it's way of working just like an extra feature. I may make it one day. :twisted: Emp, it's just the animal name :twisted: Anyone already have tried to work with treemaps? |
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Quote:
Quote:
Win / Linux / OSX cross treemaps compatibility should be awesome (I know, it's impossible but...) |
Re: Module: Okapi
1 Attachment(s)
Anyone knows about this error? (if traduction needed, tell me)
|
Re: Module: Okapi
You can put the translation, but I think it says basically it doesn't found such function in Kernel32.dll, right ?
Do you have win XP or 2003 ? |
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
1 Attachment(s)
What about this.
|
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
In s_library.cpp, where it uses GetModuleInformation, I've added :
#pragma comment(lib, "Psapi.lib") #pragma comment(lib, "Kernel32.lib") #define PSAPI_VERSION 1 So, it will use Psapi.lib instead. With windows 7, some changes have been done around this function and to keep compatibility with XP, you need to laod Psapi and define PSAPI version to 1. |
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Any way to reproduce OrpheuSetParamStructMember? By some way orpheu no longer works on my linux machine, and I don't wanna keep arguing with it and I changed to okapi.
|
Re: Module: Okapi
Does it is wrong? It just crashes
PHP Code:
|
Re: Module: Okapi
Why it show nothing when trying to get a treemap ?
Code:
Code:
] okapi search "[TG.;nC'.pbG.sXQ.J=g(.;OS'.ueA.1/.*K}.`/F'. 8u{.s9s{.Ohi(.,lm{.s9s{.2/#&.*0J.lE>'.1`}&.-]}&.vMa(.zp='.<cN'.=j12" |
Re: Module: Okapi
meTaLiCroSS, i don't found your signature.
Try: PHP Code:
|
Re: Module: Okapi
Quote:
EDIT: It's strange. https://forums.alliedmods.net/showpo...postcount=1267 |
Re: Module: Okapi
Quote:
I don't know what build you're using but for me, signature of packPlayerItem is more: Code:
83 ? ? 53 57 8B ? ? ? 33 ? 3B |
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Quote:
|
Re: Module: Okapi
Arkshine you must wait 14 days to bump, read rules :mrgreen:
Btw I know that Quim quited amxx coding, but does he still supporting his plugins/modules? |
| All times are GMT -4. The time now is 16:27. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.