![how much is ida pro how much is ida pro](https://www.fireeye.com/content/dam/fireeye-www/blog/images/ida-simplifying-graphs/Fig13.png)
Now right click on 3003D3E0 and click Rename. For further reversing, let's keep a backup of our CG_Init offset. Scroll up a bit until you get to start of CG_Init, you will see a line saying: Okay, so that's the CG_Init offset, now let's get what we were originally looking for, offsets of cgame structs. If you were gonna hook CG_Init in a hook, the address of function you're going to hook would be:ĭWORD CG_Init_add = (DWORD) GetModuleHandle("cgame_mp_x86.dll") + 0x3D3E0 However, default base address of cgame is 0x30000000 so you need to subtract it because cgame might not always load at the default address, so the offset you're looking for is: 0x3D3E0 0x1D0 is just the real place it's referenced from (function + 0x1D0), but inside the function which starts at 0x3003D3E0. Which means: It's referenced from function 0x3003D3E0. Up o sub_3003D3E0+1D0 push* * offset aClientServerGa "Client/Server game mismatch: '%s/%s'" And you get a list of places it is referenced from:.rdata section where that string is stored. It will now jump to the first tab, named IDA View-A and will show you.If string is found, it will jump to it.Paste: Client/Server game mismatch: '%s/%s' and press OK.Let's open etmain's cgame_mp_x86.dll in ida now, this is what you will have on your screen: To me this line looks very good for start:ĬG_Error( "Client/Server game mismatch: '%s/%s'", GAME_VERSION, s ) So let's take a look at strings in CG_Init, preferably ones that are most likely used only in our function. One thing that should interest you are strings - if a function has a string inside, it'll be very easy to find it's offset because IDA has a nice feature which gives you a big list of all strings used and also allows you to check where it's being referenced from. However, to find those offsets first we have to locate CG_Init.
![how much is ida pro how much is ida pro](https://www.hex-rays.com/wp-content/uploads/2021/03/decompiler_buffers1.png)
Memset( cg_entities, 0, sizeof(cg_entities) ) If you ever looked into ET sdk, you probably noticed how those structs are being memsetted to 0 on CG_Init: It's nothing different, but probably the easiest thing to start with. So for start, let's find offsets of most used cgame's structs: cg, cgs and cg_entities - this was probably explained million times already, but let's show it the IDA way.
![how much is ida pro how much is ida pro](https://images-na.ssl-images-amazon.com/images/I/51hLYj71m5L.jpg)
In this text I'll try to explain some basics of offset searching and also point out to some things IDA has, but are very rarely used because people aren't aware of them.