neverlosecc / source2gen Goto Github PK

Sometimes, we're getting a bunch of invalid pointers to the SchemaClassInfoData_t instances. It happened to me only with a host scope, though, and it is also pretty random to trigger.

Are there plans to support generating ida type definitions, or typelibs?

this is an idea ive had for a while and would, for me at least, increase productivity while reversing

the general idea is that for props that are instances of classes rather than pointers we could directly embed the class implementation into the source and then add the offsets together.

the goal of this would be to make it easier to find out what variable the game is referencing.
for example: cs2 frequently accesses CSkeletonInstance::m_modelState.m_hModel with offset 0x200, now if you look up the offset 0x200 in the sdk nothing comes up because m_modelState is embedded and starts at offset 0x160 with m_hModel being at offset 0xa0.

ive whipped up a quick and (very) dirty POC to show what i mean. i didnt want to make too many changes to the code base incase this is not something that should be within the scope of this project.

if this was to be properly implemented, the class dumping could be put into its own function to allow recursively calling it or fields and their offset could be cached in some sort of list?

for my POC i decided to add a 'cached_dump_' variable to the class type which is filled up after a class is dumped with that section of the dump

// [class dumping...]
builder.end_block();

class_dump.cached_dump_ = builder.str().substr(pre_string_size);

and heres the code that modifies the actual prop dumping, hardcoded for CModelState
in a proper solution we definitley shouldnt work with regex, or any string replacing but it worked for the POC with minimal codebase changes

if (type.compare("CModelState") == 0) {
    auto prop_class = std::ranges::find_if(classes_to_dump, [type](const class_t& cls) { return cls.target_->GetName().compare(type) == 0; });

    if (prop_class != classes_to_dump.end()) {

        auto cached_dump = prop_class->cached_dump_;
        // add the prop name before the classes finishing semicolon and add offset
        cached_dump.replace(cached_dump.find_last_of(';'), 1, std::format(" {}; // {:#x}", var_info.formatted_name(), field.m_single_inheritance_offset));

        // finds all comments for offsets '// 0x??'
        std::regex offset_comment_regex("\\/\\/ 0[xX][0-9a-fA-F]+");
        std::smatch matcher;
        std::string reformatted_dump;

        while (std::regex_search(cached_dump, matcher, offset_comment_regex)) {
            reformatted_dump += matcher.prefix().str();

            reformatted_dump += [field](std::smatch matcher) -> std::string {
                auto offset = std::stoul(matcher.str().substr(3), nullptr, 16);
                return std::format("// {:#x} ({:#x})", offset, offset + field.m_single_inheritance_offset);
            }(matcher);

            cached_dump = matcher.suffix().str();
        }

        // add tail of string
        reformatted_dump += cached_dump;

        builder.push_line(reformatted_dump, false);
    }
} else {
    // @note: @es3n1n: push prop
    //
    builder.prop(var_info.m_type, var_info.formatted_name(), false);
    if (!var_info.is_bitfield())
        builder.reset_tabs_count().comment(std::format("{:#x}", field.m_single_inheritance_offset), false).restore_tabs_count();
    builder.next_line();
}

using this, the output changes from:

class CSkeletonInstance : public CGameSceneNode
{
private:
	[[maybe_unused]] uint8_t __pad0150[0x10]; // 0x150
public:
	// MNetworkEnable
	CModelState m_modelState; // 0x160	

to: (class metadata removed and indentation fixed for cosmetic purposes)

class CSkeletonInstance : public CGameSceneNode
{
private:
	[[maybe_unused]] uint8_t __pad0150[0x10]; // 0x150
public:
	// MNetworkEnable
	class CModelState
	{
	private:
		[[maybe_unused]] uint8_t __pad0000[0xa0]; // 0x0 (0x160)
	public:
		// MNetworkEnable
		// MNetworkChangeCallback "skeletonModelChanged"
		CStrongHandle< InfoForResourceTypeCModel > m_hModel; // 0xa0 (0x200)	
		// MNetworkDisable
		CUtlSymbolLarge m_ModelName; // 0xa8 (0x208)	
	private:
		[[maybe_unused]] uint8_t __pad00b0[0x38]; // 0xb0 (0x210)
	public:
		// MNetworkEnable
		bool m_bClientClothCreationSuppressed; // 0xe8 (0x248)	
	private:
		[[maybe_unused]] uint8_t __pad00e9[0x97]; // 0xe9 (0x249)
	public:
		// MNetworkEnable
		// MNetworkChangeCallback "skeletonMeshGroupMaskChanged"
		uint64_t m_MeshGroupMask; // 0x180 (0x2e0)	
	private:
		[[maybe_unused]] uint8_t __pad0188[0x9a]; // 0x188 (0x2e8)
	public:
		// MNetworkEnable
		// MNetworkChangeCallback "skeletonMotionTypeChanged"
		int8_t m_nIdealMotionType; // 0x222 (0x382)	
		// MNetworkDisable
		int8_t m_nForceLOD; // 0x223 (0x383)	
		// MNetworkDisable
		int8_t m_nClothUpdateFlags; // 0x224 (0x384)	
	} m_modelState; // 0x160

maybe an alternative solution to embedding the whole class would be to just add a few comments above the prop just like metadata?
like so

// MNetworkEnable
// m_hModel (0x200)
// m_ModelName (0x208)
CModelState m_modelState; // 0x160	

Guys can anyone help me where dumps are saving? In dir "bin" nothing
I will very thankfully who will help me
Or maybe I`m doing smth wrong because I tried to redump it and nothing is going on

that's pretty much it

Crash immediately after being injected into the game process

Basically, we need landing page which will provide latest artifacts for download.
Also, there should be selector for getting latest available generated sdk by our community (https://github.com/neverlosecc/source2sdk/tree/cs2 / https://github.com/neverlosecc/source2sdk/tree/dota2 and etc)

Design should be look-a-like neverlose.cc

E.g: https://github.com/neverlosecc/source2sdk/blob/dota/sdk/resourcesystem.hpp#L605
Related code: https://github.com/neverlosecc/source2gen/blob/main/src/sdk/sdk.cpp#L115

Tried GH Injector / and other Manual Map it just crashed.. am I missing something? what injector you guys recommend?

I just saw the

then it crash after 2 seconds. sdk folder still empty

Instead of hardcoding definitions in the header files, we could add a cmake option or something like that

Hi - what is this code licensed under? I'd like to fork it for CS2 reverse engineering purposes.

Many thanks

PR #47

My dear ladies, I bring sunshine! (And a large pull request, sorry for that)

dll -> exe

The goal of this issue is to convert source2gen from an injected library to an executable. This brings several benefits

• Ease of use, no need for an injector
• Works on headless systems (Servers), because the game does't need to be running
• No more waiting for the game to be ready, we make it ready!
  • It's fast, about 2 seconds to dump CS2, start to finish
    • makes debugging a bliss
• Single-threaded
• No manually-created console

How does it work?

• Load all libraries that we intend to dump
• Call InstallSchemaBindings() in each of those libraries
• Dump as per usual

Linux Support

This is what makes the issue a little bigger. I don't have Windows, and I can't run games, so I had to make both changes at once.

How does it work?

• Add some macros to make conditional code easier (tools/platform.h)
• Add a cross-platform module loader that uses libloaderapi on Windows and dlfcn on Linux (tools/loader.h)
• Update structs and assertions to match offsets in Linux games
• Make the code compatible with more compilers (clang++, g++)
  • Fix case-sensitive file and entity names
  • Add missing includes
  • NOP mscv macros on Linux
  • Some other minor changes

Status

This is where this issue still needs help. As I don't have Windows and there is no CI, I can't make sure I'm not breaking anything. I wrote all code with Windows in mind, it should still work, but I can't test it.

• ✔️ Runs and dumps on linux
• 🚫 Generated SDK tested on Linux - Postponed, merge in alpha quality with disclaimer in readme to avoid diverging from master
• ✔️ Compiles on Windows
  • ✔️ Update premake to build an executable instead of a library
  • ✔️ Fix loader_windows.h if necessary
  • ✔️ Fix compiler bugs that were added in the linux port, if necessary
• ✔️ Runs on Windows without crashing
• ✔️ Dumps on Windows, with no regressions
• ❌ Documentation about how to run source2gen on Windows (Need to set PATH to load libraries) (Hint: Perhaps we can use the registry to find the game path and set PATH automatically)

• Building artifacts for Windows \ Linux (After PR will be closed)
• Different branch for github pages with building on Jekyll (?) or whatever (Building is needed for providing latest artifacts) (related issue)

haven't take a closer looks about this but this changed to 0x4B8 recently

Hello, thank you for this project. It's been very helpful with its output and the references provided. Is there an option to generate the output in various formats, for example, JSON, CS, or something simpler? I've seen references in other repositories where the dump results are more straightforward. For example:

CS2: https://github.com/a2x/cs2-dumper
Dota 2: https://github.com/ikhsanprasetyo/dota2dumped
Their output includes .hpp, .cs, .json, .rs formats.

Thank you.

It doesn't work for last cs2 update

clean, good work boys

We should check the available language features, current compiler and by using this info we should define the macros for stuff like forceinline, nodiscard attr and stuff like that

hello folks. the process crashes immediately after loading the dll into the process, any fix available?