Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Pro tips for hooking up the function

  1. #11
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts
    For the research purposes:

    What this 0 ( printf("Last weapon used: %s\n", *(char**)(v3 + 0)); ) stands for ?

    Can I printf other ints (a1, a2) this way?

    I was never good at pointers, what does *(char**) do? Googling it provides only info about char itself..

  2. #12
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    *(char**)foo casts foo to a char-pointer-pointer. char-pointers are basically arrays of characters, more commonly referred to as strings. So a char-pointer-pointer is a string-pointer. The * in front of it dereferences the pointer, so it dereferences a char** into a char*.

    The +0 is probably a leftover from trying different addresses near it.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  3. The Following 3 Users Say Thank You to IzNoGoD For This Useful Post:

    kung foo man (5th May 2016),voron00 (5th May 2016),Whiskas (4th May 2016)

  4. #13
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts
    Finally(?) got seg fault with your libcod's function:

    Code:
    [45709.850790] cod2_lnxded_1_0[1722]: segfault at 0 ip b7725b42 sp bf9a7330 error 4 in libcod2_1_0_hookLessSpam.so[b7711000+20000]
    [45711.750596] UDP: bad checksum. From 197.1.146.216:28960 to 89.36.219.214:28960 ulen 45
    [45715.700044] UDP: bad checksum. From 197.1.146.216:28960 to 89.36.219.214:28960 ulen 54
    [45735.651877] UDP: bad checksum. From 197.1.146.216:28960 to 89.36.219.214:28960 ulen 77
    [45739.513702] UDP: bad checksum. From 197.1.146.216:28960 to 89.36.219.214:28960 ulen 122
    And the screen's log:

    Code:
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: enfield_scope_mp
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: kar98k_mp
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: none
    hook_BG_IsWeaponValid -- Last weapon used: kar98k_sniper_mp
    hook_BG_IsWeaponValid -- Last weapon used: webley_mp
    Segmentation fault (core dumped)
    ==854== 
    ==854== HEAP SUMMARY:
    ==854==     in use at exit: 532 bytes in 27 blocks
    ==854==   total heap usage: 33 allocs, 6 frees, 1,137 bytes allocated
    ==854== 
    ==854== 16 bytes in 1 blocks are still reachable in loss record 1 of 5
    ==854==    at 0x482A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x1140CA: ??? (in /bin/dash)
    ==854==    by 0x11B2FD: ??? (in /bin/dash)
    ==854==    by 0x11BD98: ??? (in /bin/dash)
    ==854==    by 0x10AD6F: main (in /bin/dash)
    ==854== 
    ==854== 16 bytes in 1 blocks are still reachable in loss record 2 of 5
    ==854==    at 0x482A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x48BC9C7: strdup (strdup.c:42)
    ==854==    by 0x11414A: ??? (in /bin/dash)
    ==854==    by 0x10C179: ??? (in /bin/dash)
    ==854==    by 0x11BDC3: ??? (in /bin/dash)
    ==854==    by 0x10AD6F: main (in /bin/dash)
    ==854== 
    ==854== 20 bytes in 1 blocks are still reachable in loss record 3 of 5
    ==854==    at 0x482A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x1140CA: ??? (in /bin/dash)
    ==854==    by 0x11B3E6: ??? (in /bin/dash)
    ==854==    by 0x10C1C0: ??? (in /bin/dash)
    ==854==    by 0x11BDC3: ??? (in /bin/dash)
    ==854==    by 0x10AD6F: main (in /bin/dash)
    ==854== 
    ==854== 112 bytes in 1 blocks are still reachable in loss record 4 of 5
    ==854==    at 0x482A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x482C3AF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x114112: ??? (in /bin/dash)
    ==854==    by 0x1135D9: ??? (in /bin/dash)
    ==854==    by 0x10DCD0: ??? (in /bin/dash)
    ==854==    by 0x10CA06: ??? (in /bin/dash)
    ==854==    by 0x113E37: ??? (in /bin/dash)
    ==854==    by 0x10ADEF: main (in /bin/dash)
    ==854== 
    ==854== 368 bytes in 23 blocks are still reachable in loss record 5 of 5
    ==854==    at 0x482A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
    ==854==    by 0x1140CA: ??? (in /bin/dash)
    ==854==    by 0x11B2FD: ??? (in /bin/dash)
    ==854==    by 0x11BD53: ??? (in /bin/dash)
    ==854==    by 0x10AD6F: main (in /bin/dash)
    ==854== 
    ==854== LEAK SUMMARY:
    ==854==    definitely lost: 0 bytes in 0 blocks
    ==854==    indirectly lost: 0 bytes in 0 blocks
    ==854==      possibly lost: 0 bytes in 0 blocks
    ==854==    still reachable: 532 bytes in 27 blocks
    ==854==         suppressed: 0 bytes in 0 blocks
    ==854== 
    ==854== For counts of detected and suppressed errors, rerun with: -v
    ==854== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
    ==12416== Memcheck, a memory error detector
    ==12416== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
    ==12416== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
    ==12416== Command: ./start
    ==12416== 
    > [INFO] Compiled for: CoD2 1.0
    Compiled: May  4 2016 17:05:07 using GCC 4.8.4
    > [PLUGIN LOADED]
    CoD2 MP 1.0 build linux-i386 Oct 24 2005
    ----- FS_Startup -----
    Current search path:
    I don't really think that webley is causing the problem :|. And yes it was used before without segfault.

  5. #14
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Based on vorons reversed function, lets just eliminate all possible segfaults (four dereferences of pointers in the if):

    PHP Code:
    int hook_BG_IsWeaponValid(int a1int a2) {
        
        
    int v3;
        
    char v4;
        
        
    signed int (*sub_80E9758)(int a1);
        *(
    int *)&sub_80E9758 0x80E9758;
        
        
    int (*sub_80D9E84)(int a1signed int a2);
        *(
    int *)&sub_80D9E84 0x80D9E84;
        
        
    int (*sub_80E9270)(int a1);
        *(
    int *)&sub_80E9270 0x80E9270;

        
    v4 1;
        if ( !(
    unsigned int8_t)sub_80E9758(a2) )
            
    v4 0;
        if ( !(
    unsigned int8_t)sub_80D9E84(a1 1348a2) )
            
    v4 0;
        
    v3 sub_80E9270(a2);
        
        if ((
    long *)(v3 132) == NULL)
        {
            
    printf("this would later crash 1\n");
            return 
    0;
        }
        if ((
    char *)(a1 1365) == NULL)
        {
            
    printf("this would later crash 2\n");
            return 
    0;
        }
        if ((
    char *)(a1 1366) == NULL)
        {
            
    printf("this would later crash 3\n");
            return 
    0;
        }
        if ((
    long *)(v3 876) == NULL)
        {
            
    printf("this would later crash 4\n");
            return 
    0;
        }
        
        if ( !*(
    long *)(v3 132) && *(char *)(a1 1365) != a2 && *(char *)(a1 1366) != a2 && *(long *)(v3 876) != a2 )
            
    v4 0;
        
        
    // printf("Testcall\n");

        
    return (unsigned int8_t)v4;

    Edit: and if nothing helps, you might even just ignore the segfault: http://stackoverflow.com/questions/8...sigsegv-signal
    timescale 0.01

  6. The Following User Says Thank You to kung foo man For This Useful Post:

    Whiskas (6th May 2016)

  7. #15
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts
    Quote Originally Posted by kung foo man View Post
    Based on vorons reversed function, lets just eliminate all possible segfaults (four dereferences of pointers in the if):

    PHP Code:
    int hook_BG_IsWeaponValid(int a1int a2) {
        
        
    int v3;
        
    char v4;
        
        
    signed int (*sub_80E9758)(int a1);
        *(
    int *)&sub_80E9758 0x80E9758;
        
        
    int (*sub_80D9E84)(int a1signed int a2);
        *(
    int *)&sub_80D9E84 0x80D9E84;
        
        
    int (*sub_80E9270)(int a1);
        *(
    int *)&sub_80E9270 0x80E9270;

        
    v4 1;
        if ( !(
    unsigned int8_t)sub_80E9758(a2) )
            
    v4 0;
        if ( !(
    unsigned int8_t)sub_80D9E84(a1 1348a2) )
            
    v4 0;
        
    v3 sub_80E9270(a2);
        
        if ((
    long *)(v3 132) == NULL)
        {
            
    printf("this would later crash 1\n");
            return 
    0;
        }
        if ((
    char *)(a1 1365) == NULL)
        {
            
    printf("this would later crash 2\n");
            return 
    0;
        }
        if ((
    char *)(a1 1366) == NULL)
        {
            
    printf("this would later crash 3\n");
            return 
    0;
        }
        if ((
    long *)(v3 876) == NULL)
        {
            
    printf("this would later crash 4\n");
            return 
    0;
        }
        
        if ( !*(
    long *)(v3 132) && *(char *)(a1 1365) != a2 && *(char *)(a1 1366) != a2 && *(long *)(v3 876) != a2 )
            
    v4 0;
        
        
    // printf("Testcall\n");

        
    return (unsigned int8_t)v4;

    Whoa, thanks. Added and waiting for potential segfault.

    Let's imagine that some of these pointers will turn null and function will return 0. What happens next? What does engine do? It pretends like nothing really happened?

    Quote Originally Posted by kung foo man View Post
    Edit: and if nothing helps, you might even just ignore the segfault: http://stackoverflow.com/questions/8...sigsegv-signal
    In case your function doesn't solve the problem, does libcod has it's own signal() function? Or shall I add signal.h to the libcod's repository?

  8. #16
    Corporal voron00's Avatar
    Join Date
    Nov 2014
    Posts
    248
    Thanks
    64
    Thanked 216 Times in 116 Posts
    Ookay..I just had the same segfaults today. And i almost know how it happens: 2 guys, with the same ip(!), GUID 0(!). 1 of them crashes with the EXE_LOSTRELIABLECOMMANDS (i didn't really get this part). Then he joins a server again with another name(!) and server crashes (lol). Need to somehow reproduce this.
    EDIT: Arrghh this is getting outta hand, and they somehow managing to do it when im not on server...
    Spoiler:
    Click image for larger version. 

Name:	?????? ?????? (9).png 
Views:	46 
Size:	93.4 KB 
ID:	1105
    Last edited by voron00; 8th May 2016 at 15:15.
    sudo apt-get rekt

  9. The Following 2 Users Say Thank You to voron00 For This Useful Post:

    kung foo man (8th May 2016),Whiskas (8th May 2016)

  10. #17
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts

  11. #18
    Corporal voron00's Avatar
    Join Date
    Nov 2014
    Posts
    248
    Thanks
    64
    Thanked 216 Times in 116 Posts
    Nah, i don't want to lose a playersbase. There are alot of people with the same ip's at this time. Will try kung's code later.
    sudo apt-get rekt

  12. #19
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts
    Quote Originally Posted by voron00 View Post
    Nah, i don't want to lose a playersbase. There are alot of people with the same ip's at this time. Will try kung's code later.
    I've already had 3 segfaults with Kungs code. Strange thing that none of these has printed "this would later crash 1\n". Going to add more prints to find out when does it crash..

  13. #20
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Do you have a new core dump? The crash should be on another address now, since the old function is overwritten (just to check if it was really hooked).
    timescale 0.01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •