"Games" { "tf" { "Offsets" { "framesnapshotmanager" { "windows" "15" } // Locate CNavMesh::Load, first dword is TheNavMesh second is TheNavAreas "TheNavMesh" { "linux" "813" "windows" "481" } "TheNavAreas" { "linux" "1201" "windows" "687" } // Locate CBaseEntity::PhysicsMarkEntitiesAsTouching, first dword is g_TouchTrace "g_TouchTrace" { "linux" "53" "windows" "10" } "g_EntityListPool" { "windows" "17" } "CNavMesh::m_isLoaded" { "linux" "52" "windows" "52" } "CBaseEntity::Spawn" { "linux" "25" "windows" "24" } "CBaseEntity::PostConstructor" { "linux" "29" "windows" "28" } "CBaseEntity::GetBaseAnimating" { "linux" "53" "windows" "52" } "CBaseEntity::IsAlive" { "linux" "68" "windows" "67" } "CBaseEntity::Event_Killed" { "linux" "69" "windows" "68" } "CBaseEntity::MyCombatCharacterPointer" { "linux" "75" "windows" "74" } "CBaseEntity::MyNextBotPointer" { "linux" "76" "windows" "75" } "CBaseEntity::Touch" { "linux" "106" "windows" "105" } "CBaseEntity::PhysicsSimulate" { "linux" "111" "windows" "110" } "CBaseEntity::UpdateOnRemove" { "linux" "112" "windows" "111" } "CBaseEntity::EyeAngles" { "linux" "139" "windows" "138" } "CBaseEntity::GetVectors" { "linux" "144" "windows" "143" } "CBaseEntity::WorldSpaceCenter" { "linux" "157" "windows" "156" } "CBaseAnimating::StudioFrameAdvance" { "linux" "202" "windows" "201" } "CBaseAnimating::DispatchAnimEvents" { "linux" "214" "windows" "213" } "CBaseAnimating::HandleAnimEvent" { "linux" "215" "windows" "214" } "CBaseAnimating::GetAttachment" { "linux" "217" "windows" "216" } "CBaseCombatCharacter::Weapon_Equip" { "linux" "273" "windows" "272" } "CBaseCombatCharacter::Weapon_Drop" { "linux" "275" "windows" "274" } "CBaseCombatCharacter::OnTakeDamage_Alive" { "linux" "284" "windows" "283" } "CBaseCombatCharacter::OnTakeDamage_Dying" { "linux" "285" "windows" "284" } "CBaseCombatCharacter::GetLastKnownArea" { "linux" "324" "windows" "323" } "CBaseCombatCharacter::UpdateLastKnownArea" { "linux" "327" "windows" "326" } "CBaseCombatCharacter::OnNavAreaChanged" { "linux" "328" "windows" "327" } "NextBotCombatCharacter::vtable_entries" { "windows" "339" "linux" "339" } "NextBotGroundLocomotion::vtable_entries" { "linux" "111" "windows" "111" } } "Signatures" { "CFrameSnapshotManager::AddExplicitDelete" { "library" "engine" "windows" "\x55\x8B\xEC\x83\xEC\x20\x53\x56\x57\x6A\x01" "linux" "@_ZN21CFrameSnapshotManager17AddExplicitDeleteEi" } "framesnapshotmanager" { "library" "engine" "windows" "\x56\xC6\x81\x06\x02\x00\x00\x00" "linux" "@framesnapshotmanager" } // Find string "Missing command string" which is used by nb_command // nb_command calls TheNextBots() "TheNextBots" { "library" "server" "windows" "\xA1\x2A\x2A\x2A\x2A\x85\xC0\x0F\x85\x2A\x2A\x2A\x2A\xA1\x2A\x2A\x2A\x2A" "linux" "@_Z11TheNextBotsv" } // Find string "or_crit_vs_playercond" "CTFGameRules::ApplyOnDamageModifyRules" { "library" "server" "windows" "\x55\x8B\xEC\x81\xEC\x8C\x00\x00\x00\x56\x8B\x75\x2A\x57\x8B\x7D" "linux" "@_ZN12CTFGameRules24ApplyOnDamageModifyRulesER15CTakeDamageInfoP11CBaseEntityb" } // Find string "mult_dmgtaken" "CTFGameRules::ApplyOnDamageAliveModifyRules" { "library" "server" "windows" "\x55\x8B\xEC\x81\xEC\xD4\x00\x00\x00\x53\x8B\x5D\x0C" "linux" "@_ZN12CTFGameRules29ApplyOnDamageAliveModifyRulesERK15CTakeDamageInfoP11CBaseEntityRNS_20DamageModifyExtras_tE" } // Find string "Invalid navigation file.\n" "CNavMesh::Load" { "library" "server" "windows" "\x55\x8B\xEC\x81\xEC\x7C\x01\x00\x00" "linux" "@_ZN8CNavMesh4LoadEv" } // Find CNavMesh::Load first, then continue until you find call to CNavArea::CheckWaterLevel() in source // CNavArea::CheckWaterLevel calls CNavMesh::GetGroundHeight "CNavMesh::GetGroundHeight" { "library" "server" "windows" "\x53\x8B\xDC\x83\xEC\x08\x83\xE4\xF0\x83\xC4\x04\x55\x8B\x6B\x2A\x89\x6C\x24\x2A\x8B\xEC\x81\xEC\xCC\x00\x00\x00\x56" "linux" "@_ZNK8CNavMesh15GetGroundHeightERK6VectorPfPS0_" } // Find data xref of string "weapon_*", should be taken to ppszIgnoredClasses static char* array in CTraceFilterValidForDecal::ShouldHitEntity // CTraceFilterSimple::ShouldHitEntity called with 2 params "CTraceFilterSimple::ShouldHitEntity" { "library" "server" "windows" "\x55\x8B\xEC\x51\x53\x56\x8B\x75\x08\x57\x8B\xF9\x8B\x0D\x2A\x2A\x2A\x2A" "linux" "@_ZN18CTraceFilterSimple15ShouldHitEntityEP13IHandleEntityi" } // Go to first data xref of string "%s has changed its model while processing AnimEvents on sequence %d. Aborting dispatch.\n", this is CBaseAnimating::DispatchAnimEvents // GetAnimationEvent is used in a loop "__GetAnimationEvent__" { "library" "server" "windows" "\x55\x8B\xEC\x53\x56\x8B\x75\x08\x57\x85\xF6\x0F\x84\x2A\x2A\x2A\x2A\x8B\xCE" "linux" "@_Z17GetAnimationEventP10CStudioHdriP11animevent_tffi" } // Search for string "%s: unknown scripted sequence \"%s\"\n" to find CAI_ScriptedSequence::StartSequence // CBaseAnimating::LookupSequence is used prior to jmp to this "Studio_LookupSequence" { "library" "server" "windows" "\x55\x8B\xEC\x56\x8B\x75\x08\x85\xF6\x0F\x84\x2A\x2A\x2A\x2A\x8B\xCE" "linux" "@_Z14LookupSequenceP10CStudioHdrPKc" } // Search for string "CBaseAnimatingOverlay::AddGesture: model %s missing activity %s\n" to find CBaseAnimatingOverlay::AddGesture // CBaseAnimating::SelectWeightedSequence(Activity) is used prior to jmp to this "Studio_SelectWeightedSequence" { "library" "server" "windows" "\x55\x8B\xEC\x56\x8B\x75\x08\x85\xF6\x74\x2A\x8B\xCE\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\x2A\x57\x56" "linux" "@_Z22SelectWeightedSequenceP10CStudioHdrii" } // Find "placementOrigin" first subroutine call below it "Studio_FindAttachment" { "library" "server" "windows" "\x55\x8B\xEC\x53\x56\x57\x8B\x7D\x08\x85\xFF\x74\x2A\x8B\xCF" "linux" "@_Z21Studio_FindAttachmentPK10CStudioHdrPKc" } // Bytes sequence search "00 00 C0 00", go to the only subroutine that uses that number with 'and' & 'cmp' "SimThink_EntityChanged" { "library" "server" "windows" "\x55\x8B\xEC\x51\x53\x8B\x5D\x08\x56\x8B\xF1\xF6\x83\x3C\x01\x00\x00\x01" "linux" "@_Z22SimThink_EntityChangedP11CBaseEntity" } // Find ".?AVCRallyPoint@@" to get to CRallyPoint's type descriptor -> complete object locator -> vtable // goto xref to vtable to enter CRallyPoint's constructor // CBaseEntity constructor is second call that takes additional argument (bServerOnly set to 0) "CBaseEntity::CBaseEntity" { "library" "server" "windows" "\x55\x8B\xEC\x83\xEC\x08\x53\x56\x8B\xF1\x57\x8D\x2A\x2A\xC7\x06" "linux" "@_ZN11CBaseEntityC2Eb" } // Find "add 0x%p: %s-%s (%d-%d) [%d in play, %d max]\n" to find CBaseEntity::PhysicsMarkEntityAsTouched // jump to the function calling this one, there can be only one and it's CBaseEntity::PhysicsMarkEntitiesAsTouching "CBaseEntity::PhysicsMarkEntitiesAsTouching" { "library" "server" "windows" "\x55\x8B\xEC\x57\xFF\x75\x2A\x8B\xF9\xB9" "linux" "@_ZN11CBaseEntity29PhysicsMarkEntitiesAsTouchingEPS_R10CGameTrace" } // Find "m_CalcAbsolutePositionMutex" to find CBaseEntity::CalcAbsolutePosition "CBaseEntity::CalcAbsolutePosition" { "library" "server" "windows" "\x55\x8B\xEC\x81\xEC\x80\x00\x00\x00\x56\x8B\xF1\x8B\x86\x3C\x01\x00\x00" "linux" "@_ZN11CBaseEntity20CalcAbsolutePositionEv" } "CBaseEntity::InvalidatePhysicsRecursive" { "library" "server" "windows" "\x55\x8B\xEC\x53\x8B\x5D\x08\x56\x8B\xF3\x83\xE6\x04" "linux" "@_ZN11CBaseEntity26InvalidatePhysicsRecursiveEi" } "CBaseEntity::SetGroundEntity" { "library" "server" "windows" "" "linux" "@_ZN11CBaseEntity15SetGroundEntityEPS_" } // Find string "CBaseEntity::TakeDamage: with inputInfo.GetDamageForce() == vec3_origin\n" "CBaseEntity::TakeDamage" { "library" "server" "windows" "\x55\x8B\xEC\x81\xEC\x98\x00\x00\x00\x53\x56\x57\x8B\xF9\x8B\x0D\x2A\x2A\x2A\x2A" "linux" "@_ZN11CBaseEntity10TakeDamageERK15CTakeDamageInfo" } // "g_EntityListPool" "g_EntityListPool" { "library" "server" "windows" "\x6A\x04\x68\x2A\x2A\x2A\x2A\x6A\x01\x68\x00\x02\x00\x00\x6A\x1C" "linux" "@g_EntityListPool" } // Go to data xref of "vehicle_wheel_fl_height" to find CFourWheelPhysics::InitializePoseParameters // CFourWheelPhysics::SetPoseParameter is called after calls to CFourWheelPhysics::LookupPoseParameter // CFourWheelPhysics::SetPoseParameter directly calls CBaseAnimating::SetPoseParameter "CBaseAnimating::SetPoseParameter" { "library" "server" "windows" "\x55\x8B\xEC\x51\x8B\x45\x2A\xD9\x45" "linux" "@_ZN14CBaseAnimating16SetPoseParameterEP10CStudioHdrif" } "CBaseAnimating::GetPoseParameter" { "library" "server" "windows" "\x55\x8B\xEC\x56\x8B\xF1\x57\x80\xBE\x69\x03\x00\x00\x00\x75\x2A\x83\xBE\x98\x04\x00\x00\x00\x75\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x74\x2A\x8B\xCE\xE8\x2A\x2A\x2A\x2A\x8B\xBE\x98\x04\x00\x00" "linux" "@_ZN14CBaseAnimating16GetPoseParameterEi" } // Go to data xref of string "move_scale", this is CMultiPlayerAnimState::SetupPoseParameters // Multiple calls to CBaseAnimating::LookupPoseParameter with different pose param names "CBaseAnimating::LookupPoseParameter" { "library" "server" "windows" "\x55\x8B\xEC\x57\x8B\x7D\x08\x85\xFF\x74\x2A\x8B\xCF\xE8\x2A\x2A\x2A\x2A\x84\xC0" "linux" "@_ZN14CBaseAnimating19LookupPoseParameterEP10CStudioHdrPKc" } // Find string "CBaseAnimating::SequenceDuration( %d ) NULL pstudiohdr on %s!\n" // This function is copied across several funcs; the right one is the one returning plain 0.1 floats, and has two parameters (CStudioHdr and int). "CBaseAnimating::SequenceDuration" { "library" "server" "windows" "\x55\x8B\xEC\x56\x8B\x75\x2A\x57\x8B\xF9\x85\xF6\x75\x2A\x8B\x47\x2A\xB9\x2A\x2A\x2A\x2A\x85\xC0\x0F\x45\xC8\x51\xFF\x75\x2A\x68\x2A\x2A\x2A\x2A\x6A\x02\xFF\x15\x2A\x2A\x2A\x2A\xD9\x05" "linux" "@_ZN14CBaseAnimating16SequenceDurationEP10CStudioHdri" } // Go to data xref of string "ResetSequence : %s: %s -> %s\n" "CBaseAnimating::ResetSequence" { "library" "server" "windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x53\x56\x57\x83\x2A\x30\x00\x8B\xD9\x8B\x7D" "linux" "@_ZN14CBaseAnimating13ResetSequenceEi" } // Go to first data xref of "simple_bot" // Go to ptr of second push instruction, this is the CEntityFactory singleton // Go to ptr, this is the vtable of CEntityFactory // Go to first vptr, this is CEntityFactory::Create // There's a call that has one parameter of around ~0x140 bytes, this is operator.new and NextBotGroundLocomotion::NextBotGroundLocomotion is below it "NextBotGroundLocomotion::NextBotGroundLocomotion" { "library" "server" "windows" "\x55\x8B\xEC\x56\xFF\x75\x2A\x8B\xF1\xE8\x2A\x2A\x2A\x2A\xC7\x06\x2A\x2A\x2A\x2A\x8B\xC6\xC7\x86\x2A\x2A\x2A\x2A\x00\x00\x80\xBF" "linux" "@_ZN23NextBotGroundLocomotionC2EP8INextBot" } // Go to CEntityFactory::Create // Second call is NextBotCombatCharacter::NextBotCombatCharacter "NextBotCombatCharacter::NextBotCombatCharacter" { "library" "server" "windows" "\x56\x57\x8B\xF9\xE8\x2A\x2A\x2A\x2A\x8D\x8F\x2A\x2A\x2A\x2A\xE8" "linux" "@_ZN22NextBotCombatCharacterC2Ev" } } "Addresses" { "GetAnimationEvent" { "windows" { "signature" "__GetAnimationEvent__" "offset" "131" } "linux" { "signature" "__GetAnimationEvent__" "offset" "204" } } } } }