You are viewing our Forum Archives. To view or take place in current topics click here.
Useful?
YES
71.43% (5 votes)
71.43% (5 votes)
NO
28.57% (2 votes)
28.57% (2 votes)
Total Votes: 7
#21. Posted:
Status: Offline
Joined: Mar 05, 201410Year Member
Posts: 5
Reputation Power: 0
Another program for skids to use. If you can't update your own offsets or find them you houldnt need to have them you shouldn't be coding then this is a disgrace to real coders that spend time finding their own offsets not have them spoon fed to them
- 0useful
- 2not useful
#22. Posted:
Status: Offline
Joined: Feb 18, 201212Year Member
Posts: 773
Reputation Power: 32
unhosting wrote Another program for skids to use. If you can't update your own offsets or find them you houldnt need to have them you shouldn't be coding then this is a disgrace to real coders that spend time finding their own offsets not have them spoon fed to them
What are you talking about?
A lot of people use this method because it literally takes one second to find many important offsets that "real coders" need to update their tools.
If you want to search for PowerPC instructions one by one and update it by that, be my guess. (If you know how to)
How about instead of being a two faced liar, you say thank you for something you secretly used...
- 0useful
- 0not useful
#23. Posted:
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
unhosting wrote Another program for skids to use. If you can't update your own offsets or find them you houldnt need to have them you shouldn't be coding then this is a disgrace to real coders that spend time finding their own offsets not have them spoon fed to them
I don't think you get the main purpose off the script. The purpose is to update something again with ease. Why spend 2 hours+ updating 200+ functions, when you can update it in 5 seconds?
- 0useful
- 0not useful
#24. Posted:
Status: Offline
Joined: Mar 06, 201410Year Member
Posts: 15
Reputation Power: 0
Bitwise wroteF64_Rx wroteBitwise wroteF64_Rx wrote nice tool should help alot with people making ghost tools and so
You clearly have no idea what this is. Why post? "Nice tool" bahahahaha.
Also, I like this script#sokewl
#include<idc.idc>
static LabelFunction(name,binary)
{
auto function;
for(function=0;function != BADADDR;function = function + 0x04)
{
function = FindBinary(function,SEARCH_DOWN,binary);
if(function == BADADDR)
{
Message("%s could not be found in memory (%08X)\n", name, BADADDR);
break;
}
else
{
auto math = GetFunctionAttr(function, FUNCATTR_START);
MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
MakeCode(math);
MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
MakeNameEx(math, name, 0x00);
auto fgt;
for(fgt = math;fgt != GetFunctionAttr(math, FUNCATTR_END);fgt = fgt + 0x04)
{
MakeComm(fgt, sprintf("%04X #OpBitwise", DecodeInstruction(fgt).ea));
}
Jump(math);
Message("%s found in memory (%08X)\n", name, math);
break;
}
}
}
static main()
{
LabelFunction("SV_GameSendServerCommand", " 7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14");
LabelFunction("SV_DropClient", "60 E6 FA 00 7D 69 40 2E 7D 43 31 D6 7C 6A 5A 14");
}
Pretty cool! You know how IW like to update functions alot? There for, increasing size? With this function you don't have to input the length, gets it for you ;). Also made it get the start off the function too , only 2 params needed
What it looks like;
[ Register or Signin to view external links. ]
well it clearly is a tool that helps you find offsets
No it isn't you ******. Why would you even reply trying to correct me on something you know nothing about? A "tool" is an application. I an not be bother to type out the difference's...shouldn't really ever have it, its common sense?
[ Register or Signin to view external links. ] is the definition off an application.
[ Register or Signin to view external links. ] is the definition off a script.
You can write a script to create an application, yes. But in this case it's not. This here is a script (created in the scripting language IDC) to be loaded into an application for use. IDA comes with 2 plugins, an IDC plugin and a Python plugin. You can do what you can in the IDC script with a Python script (In IDA I am talking about here...)
you go bitwise! give him the d
- 0useful
- 0not useful
#25. Posted:
Status: Offline
Joined: Mar 05, 201410Year Member
Posts: 5
Reputation Power: 0
I would rather do it manually... Have you not noticed when offsets are not posted on se7ensins no tools are out because people leech the code. With this out people can just load the IDC and get 38 offsets no work. Yes this helps you update with ease and much faster but if you were really smart you would have autoupdating offsets already implemented into your tool. No I do not have it in mine nor claim to.
- 0useful
- 0not useful
#26. Posted:
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
unhosting wrote I would rather do it manually... Have you not noticed when offsets are not posted on se7ensins no tools are out because people leech the code. With this out people can just load the IDC and get 38 offsets no work. Yes this helps you update with ease and much faster but if you were really smart you would have autoupdating offsets already implemented into your tool. No I do not have it in mine nor claim to.
Why do It manually, it's bare effort, and takes a while where as in like 3 clicks, 5 seconds later, BOOM!!! ..... 38 useful offsets labelled
- 0useful
- 0not useful
#27. Posted:
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
unhosting wrote I would rather do it manually... Have you not noticed when offsets are not posted on se7ensins no tools are out because people leech the code. With this out people can just load the IDC and get 38 offsets no work. Yes this helps you update with ease and much faster but if you were really smart you would have autoupdating offsets already implemented into your tool. No I do not have it in mine nor claim to.
Auto updating is easy, about 1/2 off the IDC script code for it is used...But yeah, I don't know how you can complain when you have no idea how to do anything yourself? I made this because people like BLiNDzZ, XeXGolden and more didn't know how to create an IDC script. This "project" was at 1st just simple highlighting. But I went abit mad with it lmfao
- 0useful
- 0not useful
#28. Posted:
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Updated script, more functions , ps, StatEntry getity
- 0useful
- 0not useful
#29. Posted:
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
#include<idc.idc>
extern function, byte, address, value;
static LabelFunction(name,binary,functionname)
{
for(function=0;function != BADADDR;function = function + 0x04)
{
function = FindBinary(function,SEARCH_DOWN,binary);
Message(".::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.\n\nTrying to find function %s with binary ['%s']...\n", name, binary);
Sleep(250);
if(function == BADADDR)
{
Warning("%s could not be found in memory (%08X)\n", name, BADADDR);
Message("%s failed...\n", name);
break;
}
else
{
//Message("%s\n", GetDisasm(function));
auto math = GetFunctionAttr(function, FUNCATTR_START);
MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
SetStatus(1);
MakeCode(math);
MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
MakeNameEx(math, name, 0x00);
SetStatus(0);
MakeRptCmt(math, sprintf("%s found in memory at %08X #bitwisehax", name, DecodeInstruction(math).ea));
if(GetCharPrm(INF_COMPILER) != COMP_MS) // Thanks to Dwack
{
SetCharPrm(INF_COMPILER, COMP_MS);
}
SetType(math, sprintf("%s;", functionname));
Jump(math);
SetStatus(1);
Message("%s found in memory (%08X)\nDeclariation:\n\t%s\n\n\n", name, math, GetType(math));
SetStatus(0);
break;
}
}
}
#define ADD 1
#define MINUS 2
#define TRUE 1
#define FALSE 0
#define FIRST_OPERAND 0
#define SECOND_OPERAND 1
#define THIRD_OPERAND 2
#define FORTH_OPERAND 3
#define FITH_OPERAND 4
static test()
{
auto test;
for(test=0;test!=BADADDR;test=test+0x04)
{
test = FindBinary(test,SEARCH_DOWN,"%c %i");
Message("crap found at %08X " + atoa(GetCharPrm(INF_XREFS)) + "\n", test);
break;
}
}
static EPTest(start, id, print)
{
auto gay;
for(gay=start;gay!=BADADDR;gay=gay+0x04)
{
Message("Trying to find the ep...");
if(start == BADADDR || gay == BADADDR)
{
Message("EP not found\n");
break;
}
else
{
gay = FindText(gay,SEARCH_DOWN,0,0,id);
if(print == TRUE)
{
Message("EP Found!\n\t0x%08X\n\n", gay);
return gay;
break;
}
else
{
return gay;
break;
}
}
}
}
static GetValue(binary, oper, aom, offset, print)
{
for(value=0;value!=BADADDR;value=value+0x04)
{
value = FindBinary(value,SEARCH_DOWN,binary);
if(value == BADADDR || GetOperandValue((aom == ADD) ? value + offset : value - offset, oper) == BADADDR)
{
Message("Value could not be grabbed!\n");
break;
}
else
{
auto math = (aom == ADD ? value + offset : value - offset);
if(print == TRUE)
{
if(GetOpType(math,oper) == 1) { Message("Operand %i is a GPR! Register is r%i\n", oper + 1, GetOperandValue(math, oper)); }
if(GetOpType(math,oper) == 2) { Message("Operand %i is a Memory Referance! Referance is %08X\n", oper + 1, GetOperandValue(math, oper)); }
if(GetOpType(math,oper) >= 5) { Message("Operand %i is an Immediate! Value is %08X\n", oper + 1, GetOperandValue(math, oper)); }
if(GetOpType(math,oper) == 8) { Message("Operand %i is a FPR! Register is fp%i\n", oper + 1, GetOperandValue(math, oper)); }
return GetOperandValue(math,oper);
break;
}
else
{
return GetOperandValue(math,oper);
break;
}
}
}
}
static LabelEP(name, binary, aom, offset)
{
for(byte=0;byte != BADADDR;byte = byte + 0x04)
{
byte = FindBinary(byte,SEARCH_DOWN,binary);
if(byte == BADADDR)
{
Warning("%s not found in memory (%08X)\n", name, BADADDR);
Message("%s failed...\n", name);
break;
}
else
{
auto addr = (aom == 1) ? byte + offset : byte - offset;
if(CheckBpt(addr) == -1 || CheckBpt(addr) == 0)
{
AddBptEx(addr, 0x00, BPT_SOFT);
}
Message("%s found in memory. Jump to %08X and %s will be highlighted with a bp!\n", name, addr, name);
Jump(addr);
MakeRptCmt(addr, sprintf("%s EP found at %08X (%s is the dword_address or qword_address ect...) #bitwisehax", name, addr, name));
break;
}
}
}
static getStructureSize(ps)
{
auto test;
for(test=0;test != BADADDR;test = test + 0x04)
{
test = FindBinary(test,SEARCH_DOWN,(ps == "ps") ? "7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34" : "55 07 38 30 38 CB 01 64 7C 67 30 2E 2B 03 00 00");
auto ret = (ps == "ps") ? GetOperandValue(test + 0x60, 2) : atol(sprintf("%X%X0", GetOperandValue(test + 0x8, 2), GetOperandValue(test + 0x12, 2)));
return ret;
}
}
static main()
{
Message("IDC Script created by Bitwise has been executed!\n\nCurrent file that has been disassembled ['%s']\n\n", GetInputFile());
Sleep(1000);
LabelFunction("SV_GameSendServerCommand", " 7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", "void __cdecl SV_GameSendServerCommand(__int32 clientIndex, unsigned __int32 type, const char*fmt)");
LabelFunction("SV_DropClient", "60 E6 FA 00 7D 69 40 2E 7D 43 31 D6 7C 6A 5A 14", "void __cdecl SV_GameDropClient(__int32 clientIndex, const char*fmt)");
LabelFunction("SV_SendServerCommand", "61 6A 7E 8C 7F FF 8A 14 7D 38 50 2E 7F 13 48 00", "void __cdecl SV_SendServerCommand(__int32 client_s, unsigned int type, const char*fmt)");
LabelFunction("AntiCheat_reportConsoleDetails", "7C 78 1B 78 90 7F 00 F4 7C 94 23 78 7C BD 2B 78", "void __cdecl AntiCheat_reportConsoleDetails(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
LabelFunction("AntiCheat_awnserChallenges", "7C 7C 1B 78 90 7F 00 A4 7C 9B 23 78 7C BD 2B 78", "void __cdecl AntiCheat_awnserChallenges(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)");
LabelFunction("AntiCheat_consoleID", "94 21 FF 90 39 60 00 08 7C 7F 1B 78 7C 9E 23 78", "void __cdecl AntiCheat_consoleID(int r3, int r4)");
LabelFunction("GScr_Earthquake", "38 21 00 90 81 81 FF F8 7D 88 03 A6 CB A1 FF D8", "void __cdecl GScr_Earhtquake(float*scale, int duration, float*source, int radius)");
LabelEP("gentity_s", "55 07 38 30 38 CB 01 64 7C 67 30 2E 2B 03 00 00", MINUS, 0x14);
Message("Structure size: 0x280\n");
LabelEP("playerState_s", "7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34", MINUS, 0x18);
Message("Structure size: 0x%04X\n", getStructureSize("ps"));
//Message("playerstate; %08X\n", EPTest(0x832D0000, "+3D8", FALSE));
LabelEP("client_s", "7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", MINUS, 0x20);
Message("client_s + 0x%02X%04X + (clientIndex * ", GetValue("7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", SECOND_OPERAND, MINUS, 0x1C, FALSE), GetValue("7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", THIRD_OPERAND, MINUS, 0x14, FALSE));
Message("Structure size: 0x%i%04X)\n", GetValue("7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", SECOND_OPERAND, MINUS, 0x10, FALSE), GetValue("7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14", THIRD_OPERAND, MINUS, 0x8, FALSE));
LabelEP("Unknown EP", "7D 4B 20 2E 7D 49 07 B4 F9 21 00 50 C9 81 00 50", MINUS, 0x1C);
Message("Structure size: 0x%X%04X\n", GetValue("7D 4B 20 2E 7D 49 07 B4 F9 21 00 50 C9 81 00 50", SECOND_OPERAND, MINUS, 0x68, FALSE), GetValue("7D 4B 20 2E 7D 49 07 B4 F9 21 00 50 C9 81 00 50", THIRD_OPERAND, MINUS, 0x60, FALSE));
//GetValue("7F A3 EB 78 38 80 00 00 83 6B 00 0C 93 7F 05 34",FIRST_OPERAND, MINUS, 0x18, TRUE);
}
Best IDC script I have seen yet. (I am basing everything here on the functions, not the functions/entry points found.) The output looks like this;
IDC Script created by Bitwise has been executed!
Current file that has been disassembled ['ghosts_tu10.xex']
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_GameSendServerCommand with binary [' 7D 69 40 2E 7D 43 51 D6 7C 6A 5A 14']...
SV_GameSendServerCommand found in memory (824D1498)
Declariation:
void __cdecl(__int32 clientIndex, unsigned __int32 type, const char *fmt)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_DropClient with binary ['60 E6 FA 00 7D 69 40 2E 7D 43 31 D6 7C 6A 5A 14']...
SV_DropClient found in memory (824D14E8)
Declariation:
void __cdecl(__int32 clientIndex, const char *fmt)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function SV_SendServerCommand with binary ['61 6A 7E 8C 7F FF 8A 14 7D 38 50 2E 7F 13 48 00']...
SV_SendServerCommand found in memory (824D7818)
Declariation:
void __cdecl(__int32 client_s, unsigned int type, const char *fmt)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_reportConsoleDetails with binary ['7C 78 1B 78 90 7F 00 F4 7C 94 23 78 7C BD 2B 78']...
AntiCheat_reportConsoleDetails found in memory (827B44E0)
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_awnserChallenges with binary ['7C 7C 1B 78 90 7F 00 A4 7C 9B 23 78 7C BD 2B 78']...
AntiCheat_awnserChallenges found in memory (827B4298)
Declariation:
void __cdecl(int r3, int r4, int r5, int r6, int r7, int r8, int r9, int r10)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function AntiCheat_consoleID with binary ['94 21 FF 90 39 60 00 08 7C 7F 1B 78 7C 9E 23 78']...
AntiCheat_consoleID found in memory (827B9810)
Declariation:
void __cdecl(int r3, int r4)
.::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.
Trying to find function GScr_Earthquake with binary ['38 21 00 90 81 81 FF F8 7D 88 03 A6 CB A1 FF D8']...
GScr_Earthquake found in memory (8240DAF0)
Declariation:
void __cdecl(float *scale, int duration, float *source, int radius)
gentity_s found in memory. Jump to 8215CD30 and gentity_s will be highlighted with a bp!
Structure size: 0x280
playerState_s found in memory. Jump to 823EF3A0 and playerState_s will be highlighted with a bp!
Structure size: 0x3700
client_s found in memory. Jump to 824D14B4 and client_s will be highlighted with a bp!
client_s + 0x207E90 + (clientIndex * /*Structure size: */0x6FA00
Unknown EP found in memory. Jump to 82137E30 and Unknown EP will be highlighted with a bp!
Structure size: 0xC8880
- 1useful
- 0not useful
You are viewing our Forum Archives. To view or take place in current topics click here.