Пользователь
Пользователь
- Статус
- Оффлайн
- Регистрация
- 3 Янв 2020
- Сообщения
- 140
- Реакции
- 150
Hey guys, this is a basic IDA Pro tutorial. Here, I'm just going to teach some basic things for CS2. Bear with me, as I'm a beginner to
we need
ida pro: ps can get cracked ida pro but it can be risky
plugins
we need class informer
and string associate plugins
there are free alrtanatives but we just using these
There are tons of great YouTube tutorials out there that can help you get started from scratch. Here are a few I found really helpful:
how Find createmove 1
We'll start off by finding CreateMove1. We'll use Class Informer by clicking Alt+Shift+I or by going to the plugin window via the Edit menu at the top left.
Next, we're going to click Ctrl+F and search for "Input". We'll get some results, but we want to click on the highlighted CCSGOInput with CCSGOInput CCSGOInput: CClientInput, IKeybindChangeListener, IInputHandler;
Inside the IDA View, you'll usually see generic names like sub_12345. I've already renamed them to something more helpful, like CreateMove1. Each function's position here corresponds to its index in the virtual table. So, for CreateMove1, its position at index 5 is how you'll find it. You can also see some comments to the side / strings. Those come from our plugin string associate that links strings to functions, giving you some good info and hints about what each function does. now we have found createmove1, After that, we can click on the highlighted function and then hit F5. This will show us the pseudo-code for it. I've got some stuff reversed at the moment, but this is all related to the get_cmd we need if we're going to hook into index 5.
Now let's move on to something else. What if you have a signature and you want to check if it's still valid or use it to find a function? This is how you can update a signature later on or just help with reversing.
We're going to use the Binary search function in IDA. You can open it by clicking Alt+B. We'll put our signature in, and you don't really need to change any of the other settings at the moment. Then, just click ok,
For this example, I'm searching for the on_render_start signature. In this case, we only got one result, but sometimes you might find more than one.
Once the search is complete, click on the result. This will take us back to our IDA View. From there, we'll click F5 again to get into the pseudo-code view.
Now we're in the pseudo code view for on_render_start. The one and only parameter here is cviewrender, but normally you wouldn't know that right away.
We see a lot of useful information here, just like with the comments and strings we saw before. This info is actually super handy. If, for example, the game updates and on_render_start changes enough to break our signature, we can use this information and our old saved IDA file to re find on_render_start and generate a new signature.
So, even if you don't plan on doing a lot of reversing with IDA, it's still a good idea to save your work and rename functions. That way, you can easily update your signatures in the future if you need to. I'd definitely recommend learning to reverse engineer, though
thats enough info for here but oh wait what if we wanna make our own signature theres a plugin called sig maker we can use that to make out new signature i have not done that much
But first you need to find the function you want to make a signature for in ida view at the very start of the function, select a decent chunk of bytes. You want to grab a few instructions that are unlikely to change, maybe the first 5 to 10 lines of code. After you've highlighted the bytes, you can use sig maker to generate a new signature once you have your new sig its a good ida to test it less results it gives you the better If it gives you a lot of hits, you might need to go back and select a different set of bytes to get a more unique pattern.
here a helpfull video
we need
ida pro: ps can get cracked ida pro but it can be risky
plugins
we need class informer
and string associate plugins
there are free alrtanatives but we just using these
There are tons of great YouTube tutorials out there that can help you get started from scratch. Here are a few I found really helpful:
how Find createmove 1
We'll start off by finding CreateMove1. We'll use Class Informer by clicking Alt+Shift+I or by going to the plugin window via the Edit menu at the top left.
Next, we're going to click Ctrl+F and search for "Input". We'll get some results, but we want to click on the highlighted CCSGOInput with CCSGOInput CCSGOInput: CClientInput, IKeybindChangeListener, IInputHandler;
Inside the IDA View, you'll usually see generic names like sub_12345. I've already renamed them to something more helpful, like CreateMove1. Each function's position here corresponds to its index in the virtual table. So, for CreateMove1, its position at index 5 is how you'll find it. You can also see some comments to the side / strings. Those come from our plugin string associate that links strings to functions, giving you some good info and hints about what each function does. now we have found createmove1, After that, we can click on the highlighted function and then hit F5. This will show us the pseudo-code for it. I've got some stuff reversed at the moment, but this is all related to the get_cmd we need if we're going to hook into index 5.
Checking a Signature if still valid
Now let's move on to something else. What if you have a signature and you want to check if it's still valid or use it to find a function? This is how you can update a signature later on or just help with reversing.
We're going to use the Binary search function in IDA. You can open it by clicking Alt+B. We'll put our signature in, and you don't really need to change any of the other settings at the moment. Then, just click ok,
For this example, I'm searching for the on_render_start signature. In this case, we only got one result, but sometimes you might find more than one.
Once the search is complete, click on the result. This will take us back to our IDA View. From there, we'll click F5 again to get into the pseudo-code view.
Now we're in the pseudo code view for on_render_start. The one and only parameter here is cviewrender, but normally you wouldn't know that right away.
We see a lot of useful information here, just like with the comments and strings we saw before. This info is actually super handy. If, for example, the game updates and on_render_start changes enough to break our signature, we can use this information and our old saved IDA file to re find on_render_start and generate a new signature.
So, even if you don't plan on doing a lot of reversing with IDA, it's still a good idea to save your work and rename functions. That way, you can easily update your signatures in the future if you need to. I'd definitely recommend learning to reverse engineer, though
thats enough info for here but oh wait what if we wanna make our own signature theres a plugin called sig maker we can use that to make out new signature i have not done that much
But first you need to find the function you want to make a signature for in ida view at the very start of the function, select a decent chunk of bytes. You want to grab a few instructions that are unlikely to change, maybe the first 5 to 10 lines of code. After you've highlighted the bytes, you can use sig maker to generate a new signature once you have your new sig its a good ida to test it less results it gives you the better If it gives you a lot of hits, you might need to go back and select a different set of bytes to get a more unique pattern.
here a helpfull video
