"Games" { "csgo" { "Signatures" { // Called from Host_Say "UTIL_SayTextFilter" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x74\x24\x2A\x48\x89\x7C\x24\x2A\x55\x41\x56\x41\x57\x48\x8D\x6C\x24\x2A\x48\x81\xEC\x2A\x2A\x2A\x2A\x45\x33\xFF\x48\x89\x4D\x2A\x49\x8B\xF8" "linux" "\x55\x48\x8D\x05\x2A\x2A\x2A\x2A\x48\x89\xE5\x41\x57\x49\x89\xD7\x31\xD2" } // Called from Host_Say "UTIL_SayText2Filter" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x74\x24\x2A\x48\x89\x7C\x24\x2A\x55\x41\x56\x41\x57\x48\x8D\x6C\x24\x2A\x48\x81\xEC\x2A\x2A\x2A\x2A\x45\x33\xFF\x48\x89\x4D\x2A\x41\x0F\xB6\xF0" "linux" "\x55\x48\x8D\x05\x2A\x2A\x2A\x2A\x48\x89\xE5\x41\x57\x4C\x8D\x7D\x80" } "IsHearingClient" { "library" "engine" "windows" "\x40\x53\x48\x83\xEC\x20\x48\x8B\xD9\x3B\x51\x48" "linux" "\x55\x48\x89\xE5\x41\x55\x41\x54\x53\x48\x89\xFB\x48\x83\xEC\x08\x3B\x77\x58" } // idk a good way to find this again, i just brute forced the vtable. offset is 136 on CTriggerPush "TriggerPush_Touch" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x7C\x24\x2A\x55\x48\x8D\xAC\x24\x2A\x2A\x2A\x2A\xB8\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x48\x2B\xE0\x48\x8B\x02\x48\x8B\xF9" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x49\x89\xF5\x41\x54\x49\x89\xFC\x53\x48\x81\xEC\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\x2A\x41\x80\xBC\x24" } // this is called in CTriggerPush::Touch, using IDA pseudocode look in an `if ( ( v & 0x80 ) != 0 )` and then `if ( v > 0.0 ) SetGroundEntity()` "SetGroundEntity" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x6C\x24\x2A\x56\x57\x41\x56\x48\x83\xEC\x2A\x33\xED\x4C\x89\x7C\x24" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x49\x89\xF5\x41\x54\x49\x89\xFC\x53\x48\x89\xD3\x48\x83\xEC\x2A\x8B\x97" } // Check vauff's pin in #scripting "ServerMovementUnlock" { "library" "server" "windows" "\x76\x2A\xF2\x0F\x10\x4F\x2A\x41\x0F\x28\xC1\x0F\x28\xD1\xF3\x0F\x59\xC0" "linux" "\x0F\x87\x2A\x2A\x2A\x2A\x49\x8B\x7C\x24\x2A\xE8\x2A\x2A\x2A\x2A\x66\x0F\xEF\xED\x66\x0F\xD6\x85" } // Check vauff's pin in #scripting "ClientMovementUnlock" { "library" "client" "windows" "\x76\x2A\xF2\x0F\x10\x4F\x2A\x41\x0F\x28\xC1\x0F\x28\xD1\xF3\x0F\x59\xC0" "linux" "\x0F\x87\x2A\x2A\x2A\x2A\x49\x8B\x7D\x30\xE8\x2A\x2A\x2A\x2A\x66\x0F\xEF\xED\x66\x0F\xD6\x85\x2A\x2A\x2A\x2A" } // String: "Noise removal", there should be 3 customermachine checks "HammerNoCustomerMachine" { "library" "hammer" "windows" "\xFF\x15\x2A\x2A\x2A\x2A\x84\xC0\x0F\x85\x2A\x2A\x2A\x2A\xB9" "linux" "" } // String: "CCSPlayerPawnBase::SwitchTeam", just keep in mind this is actually CCSPlayerController::SwitchTeam "CCSPlayerController_SwitchTeam" { "library" "server" "windows" "\x40\x56\x57\x48\x81\xEC\x2A\x2A\x2A\x2A\x48\x8B\xF9\x8B\xF2\x8B\xCA" "linux" "\x55\x48\x89\xE5\x41\x55\x49\x89\xFD\x89\xF7" } // String: "player_jump", then find 42C80000h or in pseudocode "*(a2 + 68) = 1120403456;", changing from 100 to 145 "CheckJumpButtonWater" { "library" "server" "windows" "\xC8\x42\xEB\x2A\x48\x8B\x4B\x30" "linux" "\xC8\x42\x66\x0F\xEF\xFF\x0F\x2F\x7B\x5C" } // String: "StartGravity", a function call in the function with startgravity in ends with "return (sub_XXX( a1 + 48) > 1);", change the 1 to 2 "WaterLevelGravity" { "library" "server" "windows" "\x3C\x01\x49\x8B\x5B\x10\x49\x8B\x7B\x18\x0F\x97\xC0\x41\x0F\x28" "linux" "\x3C\x01\x0F\x97\xC0\x48\x81\xC4\x50\x01" } // Called right after "Removed %s(%s)\n" "UTIL_Remove" { "library" "server" "windows" "\x48\x85\xC9\x74\x2A\x48\x8B\xD1\x48\x8B\x0D\x2A\x2A\x2A\x2A" "linux" "\x48\x89\xFE\x48\x85\xFF\x74\x2A\x48\x8D\x05\x2A\x2A\x2A\x2A\x48" } // "SetPosition" is passed to this "CEntitySystem_AddEntityIOEvent" { "library" "server" "windows" "\x48\x89\x5C\x24\x08\x48\x89\x74\x24\x18\x57\x48\x83\xEC\x40\x49\x8B\xF1" "linux" "\x55\x41\xBA\xFF\xFF\xFF\xFF" } // "Explode" is passed to this "CEntityInstance_AcceptInput" { "library" "server" "windows" "\x48\x89\x5C\x24\x10\x48\x89\x74\x24\x18\x57\x48\x83\xEC\x40\x49\x8B\xF0" "linux" "\x55\x48\x89\xE5\x41\x57\x49\x89\xFF\x41\x56\x48\x8D\x7D\xC0" } "CEntityIdentity_AcceptInput" { "library" "server" "windows" "\x48\x89\x54\x24\x2A\x48\x89\x4C\x24\x2A\x55\x53\x56\x57\x41\x55\x41\x56\x41\x57\x48\x8D\x6C\x24" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x4C\x8D\xBD\xD0\xFE\xFF\xFF\x49\x89\xD6\x41\x55\x49\x89\xF5\x41\x54\x49\x89\xCC" } // func_pushable inside CTriggerBrush::Use calls CEntityIOOutput::FireOutputInternal // Windows - https://imgur.com/a/A3zcxQm // Linux doesn't inline it so you need to find any of the xrefs and the proper function is right after it. // You can tell it apart by the arguments: (a1 + 2616, v4, a1, &v6, 0.0); "CEntityIOOutput_FireOutputInternal" { "library" "server" "windows" "\x4C\x89\x4C\x24\x20\x53\x55\x57\x41\x54\x41\x56\x48\x81\xEC" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x54\x49\x89\xD4\x53\x48\x89\xF3\x48\x83\xEC\x58" } // "multi_manager" is passed to this "CGameEntitySystem_FindEntityByClassName" { "library" "server" "windows" "\x48\x83\xEC\x68\x45\x33\xC9" "linux" "\x55\x45\x31\xC0\x31\xC9\x48\x89\xE5\x41\x54" } // "commentary_semaphore" is passed to this "CGameEntitySystem_FindEntityByName" { "library" "server" "windows" "\x48\x81\xEC\x88\x2A\x2A\x2A\x4D\x85\xC0" "linux" "\x48\x85\xD2\x74\x2A\x55\x48\x89\xE5\x41\x54" } // "CBaseEntity::TakeDamageOld" "CBaseEntity_TakeDamageOld" { "library" "server" "windows" "\x48\x89\x74\x24\x2A\x57\x48\x81\xEC\x2A\x2A\x2A\x2A\x48\x8B\x41\x2A\x48\x8B\xFA" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x83\xEC\x2A\x4C\x8D\x3D\x2A\x2A\x2A\x2A\x49\x8B\x3F" } // "Game System %s is defined twice!\n" // Note that this signature points to the instruction with sm_pFirst which is the first qword referenced in the function. "IGameSystem_InitAllSystems_pFirst" { "library" "server" "windows" "\x48\x8B\x3D\x2A\x2A\x2A\x2A\x48\x85\xFF\x0F\x84\x2A\x2A\x2A\x2A\xBE" "linux" "\x4C\x8B\x35\x2A\x2A\x2A\x2A\x4D\x85\xF6\x75\x2A\xE9" } "CBasePlayerController_SetPawn" { "library" "server" "windows" "\x48\x89\x74\x24\x2A\x55\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\x6C\x24\x2A\x48\x81\xEC\x2A\x2A\x2A\x2A\x4C\x8B\xF9" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x49\x89\xFD\x41\x54\x45\x89\xC4" } // String: "CNavMesh::GetNearestNavArea" "CNavMesh_GetNearestNavArea" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x54\x24\x2A\x48\x89\x4C\x24\x2A\x55\x56\x57\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\xAC\x24\x2A\x2A\x2A\x2A" "linux" "\x55\x48\x89\xE5\x41\x57\x49\x89\xFF\x41\x56\x48\x8D\x3D\x2A\x2A\x2A\x2A\x41\x89\xCE" } // Search "Changes's player's model", look for a function containing 'models/%s.vmdl'. Below V_snprintf is the one // This matches 2 functions on linux, however they're literally identical "CBaseModelEntity_SetModel" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x7C\x24\x2A\x55\x48\x8B\xEC\x48\x83\xEC\x50\x48\x8B\xF9\x4C\x8B\xC2" "linux" "\x55\x48\x89\xF2\x48\x89\xE5\x41\x54\x49\x89\xFC\x48\x8D\x7D\xE0\x48\x83\xEC\x18\x48\x8D\x05\x2A\x2A\x2A\x2A\x48\x8B\x30\x48\x8B\x06" } "CGameRules_TerminateRound" { "library" "server" "windows" "\x48\x8B\xC4\x4C\x89\x48\x2A\x48\x89\x48\x2A\x55\x41\x55" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x81\xEC\x88\x00\x00\x00\x48\x8D\x05\x2A\x2A\x2A\x2A" } "CCSPlayer_WeaponServices_CanUse" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x6C\x24\x2A\x56\x57\x41\x56\x48\x83\xEC\x2A\x48\x8B\x01\x48\x8B\xFA" "linux" "\x55\x48\x8D\x15\x2A\x2A\x2A\x2A\x48\x89\xE5\x41\x55\x49\x89\xFD\x41\x54\x49\x89\xF4" } "CreateEntityByName" { "library" "server" "windows" "\x48\x83\xEC\x48\xC6\x44\x24\x30\x00" "linux" "\x48\x8D\x05\x2A\x2A\x2A\x2A\x55\x48\x89\xFA" } "DispatchSpawn" { "library" "server" "windows" "\x48\x89\x5C\x24\x10\x57\x48\x83\xEC\x30\x48\x8B\xDA\x48\x8B\xF9\x48\x85\xC9" "linux" "\x48\x85\xFF\x74\x2A\x55\x48\x89\xE5\x41\x56" } // Look for "SetEntityName", that will be the vscript binding definition // Scroll a bit down and you'll find something like this (note the offset): *(_QWORD *)(v453 + 64) = sub_1807B0350; // that function is just a jump to the one we want "CEntityIdentity_SetEntityName" { "library" "server" "windows" "\x48\x89\x5C\x24\x10\x57\x48\x83\xEC\x20\x48\x8B\xD9\x4C\x8B\xC2" "linux" "\x55\x48\x89\xF2\x48\x89\xE5\x41\x54\x49\x89\xFC\x48\x8D\x7D\xE0\x48\x83\xEC\x18\x48\x8D\x05\x2A\x2A\x2A\x2A\x48\x8B\x30\xE8\x2A\x2A\x2A\x2A\x48\x8B\x45\xE0" } // "Error - cannot add bots after game is over." "BotNavIgnore" { "library" "server" "windows" "\x0F\x84\x2A\x2A\x2A\x2A\x80\xB8\x2A\x2A\x2A\x2A\x00\x0F\x84\x2A\x2A\x2A\x2A\x80\x3D\x2A\x2A\x2A\x2A\x00\x74\x15" "linux" "\x48\x85\xC0\x74\x2E\x80\xB8\x2A\x2A\x2A\x2A\x00\x74\x25" } // next to "soundname", in windows it's the last referenced sub while in linux it's right after // this is a vscript binding though so it may be removed in the future? "CBaseEntity_EmitSoundParams" { "library" "server" "windows" "\x48\x8B\xC4\x48\x89\x58\x10\x48\x89\x70\x18\x55\x57\x41\x56\x48\x8D\xA8\x08\xFF\xFF\xFF" "linux" "\x48\xB8\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x55\x48\x89\xE5\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x89\xF3" } // Called right after this in windows "Entity %s(%s) is ambiguously parented to..." "CBaseEntity_SetParent" { "library" "server" "windows" "\x4D\x8B\xD9\x48\x85\xD2\x74\x2A" "linux" "\x48\x85\xF6\x74\x2A\x48\x8B\x47\x10\xF6\x40\x31\x02\x75\x2A\x48\x8B\x46\x10\xF6\x40\x31\x02\x75\x2A\xB8\x2A\x2A\x2A\x2A" } // "Attempted to find unknown particle system \"%s\"\n" "GetParticleSystemIndex" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x74\x24\x2A\x57\x48\x81\xEC\x2A\x2A\x2A\x2A\x48\x8B\xDA\x48\x8B\xF1\x48\x85\xD2" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x49\x89\xFD\x41\x54\x48\x81\xEC\xE0\x00\x00\x00" } // "ParticleEffect", found in a function with 9 arguments "DispatchParticleEffect" { "library" "server" "windows" "\x48\x89\x5C\x24\x08\x48\x89\x74\x24\x10\x48\x89\x7C\x24\x18\x4C\x89\x74\x24\x20\x55\x48\x8D\x6C\x24\xD1" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x49\x89\xFE\x41\x55\x45\x89\xCD\x41\x54\x49\x89\xD4\x53\x89\xCB\x48\x81\xEC\x2A\x2A\x2A\x2A" } // search for "land_%s", this is called after that string is referenced (the one with 4 parameters). // (function that calls it also contains "T_Default.SuitLand"). "CBaseEntity_EmitSoundFilter" { "library" "server" "windows" "\x48\x89\x5C\x24\x08\x48\x89\x6C\x24\x10\x48\x89\x74\x24\x18\x48\x89\x7C\x24\x20\x41\x56\x48\x83\xEC\x30\x48\x8B\xEA" "linux" "\x55\x48\x89\xE5\x41\x56\x49\x89\xD6\x41\x55\x41\x89\xF5\x41\x54\x48\x8D\x35\x2A\x2A\x2A\x2A" } // the longer function containing "___clientsideitemsplaceholder0___" "CNetworkStringTable_DeleteAllStrings" { "library" "engine" "windows" "\x40\x53\x57\x41\x57\x48\x83\xEC\x2A\x45\x33\xFF" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x54\x53\x48\x89\xFB\x48\x83\xEC\x28\x48\x8B\x87\x2A\x2A\x2A\x2A" } // "PlayerMovementTraces" "ProcessMovement" { "library" "server" "windows" "\x40\x56\x57\x48\x81\xEC\x2A\x2A\x2A\x2A\x4C\x8B\x49" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x83\xEC\x38\x48\x8B\x7F\x30" } // "env_shake %s with...", in either xref there will be a call to SetMoveType(a1, 0, 0) at the top "CBaseEntity_SetMoveType" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x48\x89\x6C\x24\x2A\x48\x89\x74\x24\x2A\x57\x48\x83\xEC\x2A\x41\x0F\xB6\xF0" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x41\x89\xD5\x41\x54\x49\x89\xFC\x53\x48\x83\xEC" } // CBaseEntity::Use is at vtable offsets 139/140 for linux/windows // This signature points directly to the instruction to patch "CPhysBox_Use" { "library" "server" "windows" "\x4C\x8B\x43\x2A\x48\x8D\x8F\x2A\x2A\x2A\x2A\x48\x8B\x13\xE8\x2A\x2A\x2A\x2A\x48\x8B\x5C\x24\x2A\x48\x83\xC4\x2A\x5F\xC3\xCC\xCC\xCC\xCC\x40\x53" "linux" "\x49\x8B\x54\x24\x08\x48\x8D\x4D\xE0\x48\xC7\x45\x2A\x2A\x2A\x2A\x2A" } "CTakeDamageInfo" { "library" "server" "windows" "\x40\x53\x48\x83\xEC\x60\x48\xC7\x41\x38\xFF\xFF\xFF\xFF" "linux" "\x55\x48\x89\xE5\x48\x83\xEC\x10\x4C\x8D\x15\x2A\x2A\x2A\x2A" } // "%sRecv usercmd %d. Margin:%5.1fms net +%2d queue =%5.1f total\n" "ProcessUsercmds" { "library" "server" "windows" "\x48\x8B\xC4\x44\x88\x48\x20\x44\x89\x40\x18\x48\x89\x50\x10\x53" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x89\xD6\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x83\xEC\x38" } "CGamePlayerEquip_InputTriggerForAllPlayers" { "library" "server" "windows" "\x40\x55\x53\x57\x41\x56\x41\x57\x48\x8B\xEC\x48\x83\xEC" "linux" "\x55\x48\x89\xE5\x41\x56\x41\x55\x41\x54\x49\x89\xFC\x53\x48\x83\xEC\x2A\xE8\x2A\x2A\x2A\x2A\xC7\x45\x2A\x00\x00\x00\x00\x89\xC7\x66\x89\x45\x2A\x66\x83\xF8\x2A\x0F\x84\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x48\x89\xC3\x48\x85\xC0\x0F\x84\x2A\x2A\x2A\x2A\x48\x89\xC7\xE8\x2A\x2A\x2A\x2A\x48\x8D\x7D\x2A\x48\x89\xC6\xE8\x2A\x2A\x2A\x2A\x84\xC0\x0F\x84\x2A\x2A\x2A\x2A\x0F\xB7\x7D\x2A\x48\x89\x5D\x2A\x4C\x8B\x75\x2A\x4C\x8D\x6D" } "CGamePlayerEquip_InputTriggerForActivatedPlayer" { "library" "server" "windows" "\x48\x89\x5C\x24\x18\x56\x48\x83\xEC\x20\x48\x8B\x1A" "linux" "\x55\x48\x89\xE5\x41\x55\x41\x54\x48\x83\xEC\x10\x4C\x8B\x26\x4D\x85\xE4\x74\x2A" } // Return value of this function is used to determine whether "NETWORK_DISCONNECT_REJECT_SERVERFULL to %s: Cannot get free client\n" gets printed "GetFreeClient" { "library" "engine" "windows" "\x40\x53\x57\x41\x55\x41\x56" "linux" "\x55\x48\x89\xE5\x41\x57\x49\x89\xCF\x41\x56\x41\x89\xD6\x41\x55\x4D\x89\xCD" } // The only function with "weapon_shield" and does fminf with 260.0 earlier "CCSPlayerPawn_GetMaxSpeed" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x57\x48\x83\xEC\x2A\x48\x8B\xD9\xE8\x2A\x2A\x2A\x2A\x84\xC0\x0F\x84\x2A\x2A\x2A\x2A\x48\x8B\x0D" "linux" "\x55\x48\x89\xE5\x41\x55\x41\x54\x53\x48\x89\xFB\x48\x83\xEC\x2A\xE8\x2A\x2A\x2A\x2A\x84\xC0\x75" } // str: "Radial using: %s\n" "FindUseEntity" { "library" "server" "windows" "\x4C\x89\x44\x24\x2A\xF3\x0F\x11\x4C\x24\x2A\x55\x53\x56" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x41\x55\x49\x89\xFD\x41\x54\x48\x8D\x3D\x2A\x2A\x2A\x2A\x53\x48\x81\xEC\x2A\x2A\x2A\x2A\x48\x89\xB5" } "TraceFunc" { "library" "server" "windows" "\x48\x89\x5C\x24\x08\x48\x89\x6C\x24\x10\x48\x89\x74\x24\x18\x48\x89\x7C\x24\x20\x41\x54\x41\x56\x41\x57\x48\x81\xEC\x80\x00\x00\x00\x45\x33\xE4" "linux" "\x55\x4C\x8D\x4F\x08" } // str: "Physics/TraceShape (Server)" "TraceShape" { "library" "server" "windows" "\x48\x89\x5C\x24\x20\x48\x89\x4C\x24\x08\x55\x56\x41\x55" "linux" "\x55\x48\x89\xE5\x41\x57\x41\x56\x49\x89\xCE\x41\x55\x4D\x89\xC5\x41\x54\x49\x89\xD4\x53\x4C\x89\xCB" } "CBasePlayerPawn_GetEyePosition" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x57\x48\x83\xEC\x2A\x48\x8B\xF9\x48\x8B\xDA\x48\x8B\x89\x2A\x2A\x2A\x2A\x48\x85\xC9\x74\x2A\x48\x8B\x01" "linux" "\x55\x48\x89\xE5\x41\x54\x49\x89\xFC\x48\x83\xEC\x2A\x48\x8B\xBF\x2A\x2A\x2A\x2A\x48\x85\xFF\x74\x2A\x48\x8B\x07\x48\x8D\x15" } "CBasePlayerPawn_GetEyeAngles" { "library" "server" "windows" "\x48\x89\x5C\x24\x2A\x57\x48\x81\xEC\x2A\x2A\x2A\x2A\x48\x8B\xF9\x48\x8B\xDA\x48\x8B\x89" "linux" "\x55\x48\x89\xE5\x41\x55\x41\x54\x49\x89\xFC\x48\x83\xEC\x2A\x48\x8B\xBF\x2A\x2A\x2A\x2A\x48\x85\xFF\x0F\x84\x2A\x2A\x2A\x2A\x48\x8B\x07\x48\x8D\x15" } } "Offsets" { "GameEntitySystem" { "windows" "88" "linux" "80" } "CBaseEntity::Use" { "windows" "140" "linux" "139" } "Teleport" { "windows" "157" "linux" "156" } "CollisionRulesChanged" { "windows" "179" "linux" "178" } // For these two, look for the names, you'll find vscript bindings // Scroll down to where the var + 64 gets set to a function, that calls the offset we want "IsPlayerPawn" { "windows" "161" "linux" "160" } "IsPlayerController" { "windows" "162" "linux" "161" } // String: "%s<%i><%s><%s>" ChangeTeam() CTMDBG..." "CCSPlayerController_ChangeTeam" { "windows" "100" "linux" "99" } // Look for the kill command, go through its callback and you should a find call like this, with v9 being a pawn pointer: // return (*(*v9 + 2976LL))(v9, v27, 0LL); // 2976 (372 * 8) is the offset "CBasePlayerPawn_CommitSuicide" { "windows" "380" "linux" "380" } // In the function with "[%03d] Found: %s, firing\n", you'll find a call into a pointer offset just a bit higher, that's the offset * 8 "CGameRules_FindPickerEntity" { "windows" "27" "linux" "28" } "PassesTriggerFilters" { "windows" "263" "linux" "264" } "CCSPlayerController_Respawn" { "windows" "257" "linux" "259" } "GetHammerUniqueId" { "windows" "109" "linux" "108" } "CheckTransmitPlayerSlot" { "windows" "584" "linux" "584" } // engine // "tried to sprint to a non-client", there will be a check above like this: if ( a2 >= *(v5 + 632) ), note that this is a CUtlVector "CNetworkGameServer_ClientList" { "windows" "78" "linux" "80" } // Right above "mapgroup workshop;" string there is a virtual call to this on g_pGameTypes using "workshop" string "IGameTypes_CreateWorkshopMapGroup" { "windows" "37" "linux" "38" } // Long function with "player_hurt" in the middle and then inserts userid, health, priority, attacker strings "CBasePlayerPawn::OnTakeDamage_Alive" { "windows" "236" "linux" "237" } // There's no easy way to find this, but it's a function that checks entity flags (0x370) and ends by calling RemoveFlag with 0x800000 (FL_BASEVELOCITY) "CCSPlayer_MovementServices::CheckMovingGround" { "windows" "34" "linux" "35" } "CCSPlayer_WeaponServices::DropWeapon" { "windows" "22" "linux" "23" } "CCSPlayer_WeaponServices::SelectItem" { "windows" "24" "linux" "25" } "CCSGameRules_GoToIntermission" { "windows" "128" "linux" "129" } // server.dll -> xref 'sv_phys_stop_at_collision' first __fastcall "CVPhys2World::GetTouchingList" { "windows" "23" "linux" "24" } } "Patches" { // Server "ServerMovementUnlock" { "windows" "\xEB" "linux" "\x90\x90\x90\x90\x90\x90" } "FixWaterFloorJump" { "windows" "\x11\x43" "linux" "\x11\x43" } "WaterLevelGravity" { "windows" "\x3C\x02" "linux" "\x3C\x02" } // Jumping over a check for nav mesh "BotNavIgnore" { "windows" "\xE9\x2C\x00\x00\x00\x90" "linux" "\xE9\x15\x00\x00\x00" } // Make func_physbox pass itself as the caller in OnPlayerUse // pCaller = inputdata->pCaller -> pCaller = this // Windows: mov r8, [rbx+8] -> mov r8, rdi // Linux: mov rdx, [r12+8] -> mov rdx, rbx "CPhysBox_Use" { "windows" "\x49\x89\xF8\x90" "linux" "\x48\x89\xDA\x90\x90" } // Client "ClientMovementUnlock" { "windows" "\xEB" "linux" "\x90\x90\x90\x90\x90\x90" } // Hammer "HammerNoCustomerMachine" { "windows" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "linux" "" } } } }