From AMWiki

Contents 1 Introduction 2 The difference between SignatureScanCall and SignatureScanCall_NoIndex 3 Function Signatures 3.1 CBaseEntity::Spawn 3.2 CBaseEntity::Teleport 3.3 CBaseEntity::SetModel 3.4 CBaseEntity::SetModelIndex 3.5 CBasePlayer::DamageEffect 3.6 CBasePlayer::SetFOV 3.7 CCSPlayer::RoundRespawn 3.8 CCSPlayer::SwitchTeam (CS:S ONLY) 3.9 CBaseAnimating::Ignite 3.10 CGib::SpawnRandomGibs 3.11 UTIL_BloodDrips 3.12 UTIL_BloodStream 3.13 UTIL_BloodSpray 3.14 UTIL_Tracer (NOT CS:S) 3.15 SetMinMaxSize 3.16 CreateEntityByName 3.17 DispatchSpawn 4 Conclusion

[edit] Introduction

I have posted this page here so I can share some useful sigscan signatures. With these, and the use of PimpinJuice's SigOffset Extension you can call some very useful functions from within SourceMod plugins.

[edit] The difference between SignatureScanCall and SignatureScanCall_NoIndex

In order to truely understand the difference between the two calls, you need to know how the function you have is constructed. Lets take two functions, CBaseEntity::Teleport and CGib::SpawnRandomGibs. In the C++ code of the source engine, the teleport function is constructed as follows:

void CBaseEntity::Teleport(Vector newPosition,QAngle newAngle,Vector newVelocity);

If you look around in the source code of the source engine, you will find it called like this:

pEntity->Teleport(location,angle,velocity);

In the case that it is called by a pointer (pEntity->) then you use SignatureScanCall. Now lets take the spawn random gibs construction:

void CGib::SpawnRandomGibs(CBaseEntity *pVictim,int cGibs,GibType_e eGibType);

If you look around, it is called like this:

CGib::SpawnRandomGibs(pVictimEntity,6,0);

In the case the there is NOT a pointer, you would use SignatureScanCall_NoIndex. If you still do not understand, look below for the examples.

[edit] Function Signatures

This is the list of all of the functions that we have signatures for.

[edit] CBaseEntity::Spawn

This function is used to spawn player entities into the game. Either after creation, or re-spawn the player back to their spawn point. This function is good to call once you have changed the value of 'm_iTeamNum'. Once you have changed this value, you will need to call this function so the swapped player has the right skin and game rules associated.

The Signature

\x83\xec\x2c\x53\x55\x56\x57\x68\x2c\x2d\x49\x22\x8b\xf1\xe8\x2d\x1c\xed\xff\x8b\x06\x8b\xce\xff\x90\x28\x04\x00\x00\x80\xbe\xad\x02\x00\x00\x01\x8d\x8e\xad\x02\x00\x00\xc6\x44\x24\x10\x01\x74\x0a\x8d\x54\x24\x10\x52\xe8\x85\xa8\xed\xff\x80\xbe\xae\x02\x00\x00\x01\x8d\x8e\xae\x02\x00\x00\xc6\x44\x24\x10\x01\x74\x0a\x8d\x44\x24\x10\x50\xe8\xb7\xa8\xed\xff\x8b\x16\x8b\xce\xff\x92\x9c\x05\x00\x00\x8b\x8e\xf8\x0b\x00\x00\x8b\xd8

The Mask

xxxxxxx?????xx?????xxxxxxxxxxxxxxxxxxxxxxxxxxxx??xxxxx?????xxxxxxxxxxxxxxxxxx??xxxxx?????xxxxxxxxxxxxxxxxxx

Length 107

Linux Function

_ZN11CBaseEntity5SpawnEv

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY);

[edit] CBaseEntity::Teleport

This function will teleport an entity to a certain place in the world with a given vector. Useful for moving things across the world, or 'pushing' with a given force

The Signature

\x83\xEC\x18\x53\x56\x8B\xD9\x8B\x0D\x78\xB2\x46\x22\x33\xF6\x33\xC0\x3B\xCE\x7E\x21\x8B\x15\x6C\xB2\x46\x22\xEB\x03\x8D\x49\x00\x39\x1C\x82\x74\x09\x83\xC0\x01\x3B\xC1\x7C\xF4\xEB\x08\x3B\xC6\x0F\x8D\x17\x01\x00\x00\x55\x57\x8D\x44\x24\x10\x50\x51\xB9\x6C\xB2\x46\x22\x89\x5C\x24\x18\xE8\xB4\x88\xF9\xFF\x8D\x4C\x24\x14\x51\x53\x89\x44\x24\x18\x89\x74\x24\x1C\x89\x74\x24\x20\x89\x74\x24\x24\x89\x74\x24\x28\x89\x74\x24\x2C

The Mask

xxxxxxx??????xxxxxx?????????????xxx?????xx????xx??????x?????xx?????xxxx?????????xxxxxxxxxxxxxxxxxxxxxxxxxx

Length 106

Linux Function

_ZN11CBaseEntity8TeleportEPK6VectorPK6QAngleS

Function Paramaters

• Vector newPosition
  • The place to teleport to
• QAngle newAngles
  • The new angle of the entity
• Vector newVelocity
  • Directional vector for velocity

Example Call

new Float:Pos[3];
new Float:Vel[3];
SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_VECTOR, Pos, PARAM_QANGLE, -1, PARAM_VECTOR, Vel);

[edit] CBaseEntity::SetModel

This function will set the model of the entity to the model that you specify. (Yes even player models ;))

The Signature

\x56\x8b\x74\x24\x08\x57\x8b\xf9\x8b\x0d\x8c\x69\x5f\x22\x8b\x01\x56\xff\x50\x08\x8b\x0d\x8c\x69\x5f\x22\x8b\x11\x50\xff\x52\x04\x85\xc0\x74\x20\x8b\x0d\x8c\x69\x5f\x22\x8b\x11\x50\xff\xf2\x24\x83\xf8\x01

The Mask

xxxxxxxx??????xxx?????????xxx???xx????????xxx??xxxx

Length 51

Linux Function

_ZN11CBaseEntity8SetModelEPKc

Function Paramaters

• const char *szModelName
  • The model to set to

Example Call

PrecacheModel("models/Alyx.mdl");
SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_CONST_CHAR_PTR, "models/Alyx.mdl");

[edit] CBaseEntity::SetModelIndex

This function will set the model of the entity to the model index that you specify. To see a list of models currently cached and their id's type this into server console

sv_cheats 1;listmodels;sv_cheats 0

The Signature

\x53\x8b\x5c\x24\x08\x56\x57\x8b\xf9\x66\x8b\x4f\x1e\x8d\x77\x1e\x8d\x44\x24\x10\x66\x3b\x08\x74\x0c\x56\x8d\x4e\xe2\xe8\x4a\xe9\xfd\xff\x66\x89\x18\x8b\xcf

The Mask

xxxxxxxxxxxxxxxxxxx????????????????????

Length 39

Linux Function

_ZN11CBaseEntity13SetModelIndexEi

Function Paramaters

• int index
  • The model index to set to

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_INT, 123);

[edit] CBasePlayer::DamageEffect

This function shows an effect like you would get if you got damaged. Some options dont do anything, but others look kinda cool

The Signature

\x8b\x44\x24\x08\x83\xec\x14\xa8\x01\x56\x57\xeb\xf1\x74\x36\x6a\x01\xb0\x80\x68\xcd\xcc\xcc\x3d\x88\x44\x24\x2c\x88\x44\x24\x2f\x68\x00\x00\x80\x3f\x8d\x44\x24\x30\x50\x56\xc6\x44\x24\x39\x00\xc6\x44\x24\x3a\x00\xe8\x46\x6d\x09\x00\x83\xc4\x14\x5f

The Mask

xxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxx

Length 62

Linux Function

_ZN11CBasePlayer12DamageEffectEfi

Function Paramaters

• Float flDamage
  • [not used]
• int fDamageType
  • DMG_CRUSH (1<<0)
  • DMG_DROWN (1<<14)
  • DMG_SLASH (1<<2)
  • DMG_PLASMA (1<<24)
  • DMG_SONIC (1<<9)
  • MG_BULLET (1<<1)

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_FLOAT, 0, PARAM_INT, (1<<24));

[edit] CBasePlayer::SetFOV

This function will change the players Field of View (FOV) with a given zoom rate

The Signature

\x53\x57\x8b\x7c\x24\x03\x85\xff\x8b\xd9\x75\x07\x5f\x32\xc0\x5b\xc2\x0c\x00\x8b\x83\x08\x0a\x00\x00\x83\xf8\xff\x56\x8d\xb3\x08\x0a\x00\x00

The Mask

xxxxx????????xxxxxxxxx??????xxxxxxx

Length 35

Linux Function

_ZN11CBasePlayer13SetDefaultFOVEi

Function Paramaters

• CBaseEntity pRequester
  • The entity of the player to change FOV of
• int FOV
  • The FOV value (0-360) anything over 180 goes foobar (default 90)
• Float zoomRate
  • Time it takes for the new FOV to zoom in/out

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_CBASEENTITY, client, PARAM_INT, 95, PARAM_FLOAT, 2.0);

[edit] CCSPlayer::RoundRespawn

This function causes a dead player in CS:S to respawn at a spawn point, we all love this one.

The Signature

\x56\x8B\xF1\x8B\x06\xFF\x90\xB8\x04\x00\x00\x8B\x86\xE8\x0D\x00\x00\x85\xC0\x74\x0E\x8B\x50\x18\x85\xD2\x74\x07\x8B\x48\x1C\x03\xCE\xFF\xD2

The Mask

xxxxxxxxxxxxxxxxxxx??xxxxx??xxxxxxx

Length 35

Linux Function

_ZN9CCSPlayer12RoundRespawnEv

Example Call

SignatureScanCall(sigSpawn,client,SIGTYPE_CCSPLAYER);

[edit] CCSPlayer::SwitchTeam (CS:S ONLY)

This function will switch team of the player entity. It wont re-spawn the player, but it will switch the player to the new team without them dyeing.

The Signature

\x83\xEC\x10\x56\x57\x8B\x7C\x24\x1C\x57\x8B\xF1\xE8\x7F\xE8\xF9\xFF\x83\xC4\x04\x85\xC0\x0F\x84\xEA\x00\x00\x00\x83\xFF\x03\x74\x09\x83\xFF\x02\x0F\x85\xDC\x00\x00\x00\x8B\xCE\xE8\xAF\x22\xE1\xFF\x3B\xF8\x0F\x84\xDC\x00\x00\x00\x57\x8B\xCE\xC6\x86\x14\x0E

The Mask

xxxxxxxxxxxxx????xxxxxxxxxxxxxxxxxxxxxxxxxxxx????xxxxxxxxxxxxx??

Length 64

Linux Function

_ZN9CCSPlayer10SwitchTeamEi

Function Paramaters

• int iTeamIndex
  • The new team index of the player

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEENTITY, PARAM_INT, 2);

[edit] CBaseAnimating::Ignite

This function will ignite the entity (duh)

The Signature

\x56\x8B\xF1\x8B\x86\xBC\x00\x00\x00\xC1\xE8\x1B\xA8\x01\x0F\x85\x9A\x00\x00\x00\x8B\x16\xFF\x92\xF0\x00\x00\x00\x80\x7C\x24\x0C\x00\x74\x08\x84\xC0\x0F\x84\x83\x00\x00\x00\x3C\x01\x75\x20\x80\x7C\x24\x14\x00\x75\x19\x8B\xCE\xE8\x83\x1A\x01\x00\x85\xC0\x74\x0E\x8B\x10\x8B\xC8\xFF\x92\x08\x05\x00\x00\x84\xC0\x74\x5F\x57\x6A\x01\x56\xE8\x48\xEA\x07\x00\x8B\xF8\x83\xC4\x08\x85\xFF\x74\x3D\x8B\x44\x24\x0C\x50\x8B\xCF\xE8\x83\xE5\x07\x00\x68\x00\x00\x00\x08\x8B\xCE

The Mask

xxx?????????????????xxx????????????xx??????xx??xxxxx??xxx????????xxxxx?????xx??xxxxx????xxxxxxx??xxxxxxxx????xxxxxxx

Length 116

Linux Function

_ZN14CBaseAnimating6IgniteEfbfb

Function Paramaters

• Float flFlameLifetime
  • The time the fire should burn
• bool bNPCOnly
  • I assume only NPC's get burnt
• float flSize
  • Size of the flames
• bool bCalledByLevelDesigner
  • Dont know what this is; I suggest setting to 0 because you are not the level designer :P

Example Call

SignatureScanCall(sig_id, client, SIGTYPE_CBASEANIMATING, PARAM_FLOAT, 25.0, PARAM_INT, 0, PARAM_FLOAT, 100.0, PARAM_INT, 0);

[edit] CGib::SpawnRandomGibs

This function will spawn head gibs from the entity. Even though the signature says 'RandomGibs' the code is only setup to spawn head gibs. NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x51\x8b\x44\x24\x0c\x85\xc0\x0f\x8e\x30\x01\x00\x00\x53\x55\x56\x57\x89\x44\x24\x1c\xbb\x01\x00\x00\x00\xed\x9b\x00\x00\x00\x00\x6a\x00\x68\xd8\xeb\x58\x22\x68\x20\x73\x57\x22\x6a\x00\x6a\xff\x68\xdc\x57\x4c\x22\xe8\x46\x55\x01\x00\x83\xc4\x08

The Mask

xxxxxxx??????xxxxxxxxxxxx???????????????????xxxx??????????xxx

Length 61

Linux Function

_ZN4CGib15SpawnRandomGibsEP11CBaseEntityi9Gib

Function Paramaters

• CBaseEntity pVictim
  • The entity to spawn gibs from
• int cGibs
  • The amount of gibs to spawn, I suggest anything over 1000000 ^^
• GibType_e eGibType
  • GIB_HUMAN = 0 (Head gib)
  • GIB_ALIEN = 1 (Head gib with some blood splatter) MUST PRECACHE "models/gibs/agibs.mdl"

Example Call

SignatureScanCall_NoIndex(sig_id, PARAM_CBASEENTITY, client, PARAM_INT, 10, PARAM_INT, 1);

[edit] UTIL_BloodDrips

This function will spawn a small 'splash' of blood under the entity. NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x57\x8b\x7c\x24\x10\x83\xff\xff\x0f\x84\xe5\x00\x00\x00\x81\xff\xf7\x00\x00\x00\x75\x0b\xa1\x18\xa6\x61\x22\x83\x78\x2c\x00\xeb\x0a\x8b\x0d\xa8\xa6\x61\x22\x83\x79\x2c\x00\x0f\x95\xc0

The Mask

xxxxxxxx??????xxxxxx???????xxxx????????xxxxxxx

Length 46

Linux Function

_Z15UTIL_BloodDripsRK6VectorS1_ii

Function Paramaters

• Vector origin
  • The location to spawn the effect
• Vector direction
  • Dont know what this is, i set it same as origin
• int color
  • BLOOD_COLOR_RED = 247 (Wont work on German games :S)
  • BLOOD_COLOR_YELLOW = 195
  • BLOOD_COLOR_MECH = 20 (Makes smoke and sparks too)

Example Call

new Float:origin[3];
SignatureScanCall_NoIndex(sig_id, PARAM_VECTOR, origin, PARAM_VECTOR, origin, PARAM_INT, 247);

[edit] UTIL_BloodStream

Creates a moving stream of blood (like someone threw a bucket of water). Only shows pink/black (missing texture) still fun though. NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x8b\x44\x24\x0c\x83\xec\x20\x50\xe8\x53\x5c\x00\x00\x83\xc4\x04\x84\xc0\x74\x61\x56\x8d\x4c\x24\x04\xe8\x42\x0b\xfa\xff\x8b\x74\x24\x28\x56\x8d\x4c\x24\x08\xc7\x44\x24\x08\x7c\x99\x4b\x22\xe8\x4c\x12\xfa\xff\x8b\x44\x24\x34\x3d\xff\x00\x00\x00

The Mask

xxxxxxxx?????xxxxx??xxxxx?????xxxxxxxxx?????????????xxxxxxxxx

Length 61

Linux Function

_Z16UTIL_BloodStreamRK6VectorS1_ii

Function Paramaters

• Vector origin
  • The place the blood starts
• Vector direction
  • The place the blood lands (close to)
• int color
  • BLOOD_COLOR_RED = 247 (Wont work on German games :S)
  • BLOOD_COLOR_YELLOW = 195
  • BLOOD_COLOR_MECH = 20 (Makes smoke and sparks too)
• int amount
  • Dunno what this is (alpha?) set to 255

Example Call

new Float:origin[3];
new Float:direction[3];
SignatureScanCall_NoIndex(sig_id, PARAM_VECTOR, origin, PARAM_VECTOR, direction, PARAM_INT, 247, PARAM_INT, 255);

[edit] UTIL_BloodSpray

Makes a blood spray (duh!)NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x8b\x4c\x24\x0c\x83\xec\x60\x83\xf9\xff\x0f\x84\xa7\x00\x00\x00\x33\xc0\xdb\x44\x24\x70\x89\x44\x24\x34\x89\x44\x24\x44\x66\x89\x44\x24\x48\xd9\x5c\x24\x38\x89\x44\x24\x3c\x89\x44\x24\x40\x89\x44\x24\x4c

The Mask

xxxxxxxxxx??????xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Length 51

Linux Function

_Z15UTIL_BloodSprayRK6VectorS1_iii

Function Paramaters

• Vector origin
  • The place the blood starts
• Vector direction
  • The place the blood lands (close to)
• int color
  • BLOOD_COLOR_RED = 247 (Wont work on German games :S)
  • BLOOD_COLOR_YELLOW = 195
  • BLOOD_COLOR_MECH = 20 (Makes smoke and sparks too)
• int amount
  • Dunno what this is (alpha?) set to 255
• int flags
  • 0 nothing
  • 1 makes a baseball bat like blood spray
  • 2 makes a ring of blood mist
  • 3 makes an upward spray
  • 4 makes clouds of blood mist
  • 5 seems to be a mixture of the above
  • 6 seems to be a thicker cloud of dust
  • (i cant be bothered to check any more. go experament)

Example Call

new Float:origin[3];
new Float:direction[3];
SignatureScanCall_NoIndex(sig_id, PARAM_VECTOR, origin, PARAM_VECTOR, direction, PARAM_INT, 247, PARAM_INT, 255, PARAM_INT, 5);

[edit] UTIL_Tracer (NOT CS:S)

Uhh.. dont know i assume its for tracer stuff ^^ i guess someone will have a use for it :P NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x83\xec\x60\x8b\x44\x24\x64\x8b\x10\x89\x54\x24\x0c\x8b\x50\x04\x8b\x40\x08\x89\x44\x24\x14\x8b\x44\x24\x68\x89\x54\x24\x10\x8b\x10\x33\xc9\x38\x4c\x24\x78\x89\x14\x24\x8b\x50\x04\x8b\x40\x08\x89\x44\x24\x08\x8b\x44\x24\x97\x89

The Mask

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Length 54

Linux Function

_Z11UTIL_TracerRK6VectorS1_iifbPKc

Function Paramaters

• Vector vecStart
  • Starting Vector (duh)
• Vector vecEnd
  • Ending Vector
• int EntIndex
  • Entity index using the tracer
• int iAttachment
  • Dont know (-1 for no attachement)
• float flVelocity
  • Velocity the tracer moves at (m/s?)
• bool bWhiz
  • I assume it emmits a sound?
• char ptr pCustomTracerName
  • A nice name for your tracer

Example Call

new Float:start[3];
new Float:end[3];
SignatureScanCall_NoIndex(sig_id, PARAM_VECTOR, start, PARAM_VECTOR, end, PARAM_INT, client, PARAM_INT, -1, PARAM_FLOAT, 10.0, PARAM_INT, 1, PARAM_CONST_CHAR_PTR, "OLLY");

[edit] SetMinMaxSize

Sets the size of the collision box around a Physics entity NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x53\x8b\x5c\x24\x0c\x55\x8b\x6c\x24\x14\x56\x57\x8b\xf5\x2b\xdd\xbf\x03\x00\x00\x00\xd9\x04\x33\xd8\x1e\xdf\xe0\xf6\xc4\x41\x75\x23\x8b\x4c\x24\x14\x85\xc9

The Mask

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx??xxxxxx

Length 39

Linux Function

 [cant find someone help me out?]

Function Paramaters

• CBaseEntity pEnt
  • The entity ptr of the entity you are working with
• Vector mins
  • The minimum size the box will 'squash' to when you run into it
• Vector max
  • The maximum size

Example Call

new Float:min[3];
new Float:max[3];
SignatureScanCall_NoIndex(sig_id, PARAM_CBASEENTITY, client, PARAM_VECTOR, min, PARAM_VECTOR, max);

[edit] CreateEntityByName

Creates a new entity from the classname specified (Does NOT spawn the entity) NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x56\x8b\x74\x24\x0c\x83\xfe\xff\x57\x8b\x7c\x24\x0c\x74\x25\x8b\x0d\x68\x69\x5f\x22\x8b\x01\x56\xff\x50\x54\x85\xc0\xa3\x9c\xfa\x5c\x22\x75\x10\x56\x57\x68\x08\x6d\x4e\x22\xff\x15\xfc\xb1\x48\x22\x83\xc4\x0c

The Mask

xxxxxxxxxxxxx??xxxxxxxxx???xx???????xx???????????xxx

Length 52

Linux Function

_Z18CreateEntityByNamePKci

Function Paramaters

• char ptr classname
  • The classname of the entity to make
• int iForceEdictIndex
  • Manually set the edict ID (dont set for auto) (MUST BE > 64)

Example Call

SignatureScanCall_NoIndex(sig_id, PARAM_CONST_CHAR_PTR, "hostage_entity");

Result

[edit] DispatchSpawn

Used to spawn created entities, or to respawn players NOTE: This function requires no pointer, check the Example Call to see how to get round this

The Signature

\x53\x55\x56\x8b\x74\x24\x10\x85\xf6\x57\x0f\x84\x3a\x01\x00\x00\x8b\x1d\xa4\x69\x5f\x22\x8b\x03\x8b\xcb\xff\x50\x60\x8b\x16\x8b\xce\xff\x52\x08\x8b\x0d\xa4\x69\x5f\x22\x8b\x28

The Mask

xxxxxxxxxx????????????xxxxxxxxxxxxxxxxxxxxxx

Length 44

Linux Function

_Z13DispatchSpawnP11CBaseEntity

Function Paramaters

• CBaseEntity pEntity
  • The entity to spawn

Example Call

SignatureScanCall_NoIndex(sig_id, PARAM_CBASEENTITY, client);

[edit] Conclusion

//Yarrrr!