Do your own SA:MP command's.

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,045
Likes
18
Points
88
#1
Many of you probably C+P'ed the "addClientCommand" out of mod_sa, it's easy to use and has one annoying thing to it.. It is the internal SA:MP limit of commands, you can actually bypass this pretty easy and do your own "command handler" which will also classify you as !337 l33t hax0r.

First you need to know how SA:MP handles commands, basically if the input text of the editcontrol on the chatgui contains a "/" it scans through the internal list of commands and if it can't find one it'll send the request to the server.
This is where we come in, it's actually pretty easy to go between the call and do your own magic.

Today I will present you how, you should have a little experience tho I won't bother explaining everything here.

Step one - acquiring offsets)

 
Last edited:
OP
OP
0x688

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,045
Likes
18
Points
88
#2
RE: [HOW TO] Do your own SA:MP command's.

I'll do a shameless bump.
/e: There's a minor fail in one of my explanations.
 
Joined
May 26, 2013
Messages
20
Likes
0
Points
51
#5
You can improve it by registering commands like:

Code:
std::map <string, std::function<string>> g_CmdMap;
void registerCommand(std::string strCmd, std::function<string> funcCmd)
{
g_CmdMap.insert(std::pair<std::string,std::function<std::string>>(strCmd, funcCmd) );
}

int __stdcall SendCommandToServer(const char *szCmd)
{

// PROCESS MAP HERE
//
//

   /* push the parameter back to the stack and call original function  */
   __asm push ebx
   __asm call [origSendCommandToServer]
   return 1;
}
 
OP
OP
0x688

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,045
Likes
18
Points
88
#6
btw, I forgot to mention you can also easily redirect the call of samp.dll+0x6492A to receive every message and then do the normal recall stuff this will allow you to make your own command specifier or stuff.
 

monday

Well-Known Member
Joined
Jun 23, 2014
Messages
921
Likes
4
Points
68
#7
Could anyone help me with olydbg usage for this guide?

What I do is:
-open samp, login to server, minimize the game
-open odbg200
-click on File -> Attach -> gta_sa (GTA:SA:MP)
-click on View -> Executable modules and double click on samp (samp.dll)
-right click on CPU window -> Search for -> All referenced strings

And I get the following view:



In the list of strings there is no desired "I don't know this command".


Do you know what I'm doing wrong?
Also what does it mean that in the main post the string references has "samp:.text" title? (mine has "samp" only)
 

DavidRO99

Well-Known Member
Joined
Nov 5, 2017
Messages
57
Likes
1
Points
13
#8
Believe it or not, SAMP doesnt actually contain an unknown command string by default, if you load up a default gamemode downloaded from sa-mp.com, and type a random invalid command, you wont get any text back. To actually change the unknown command text you would have to hook the chat message receive RPC and rewrite the string.

Edit: Nvm, im just dumb and forget stuff quickly.
 

y0mike

Well-Known Member
Joined
May 10, 2014
Messages
65
Likes
0
Points
6
5
#9
monday said:
I haven't used OllyDbg in a minute, but your interest is not in the gta_sa executable, its in samp.dll. You can open up the dll in OllyDbg, then search for the string there.

Better yet, you should be using IDA, as it is extremely simple to do it from there.

In IDA, the steps are as followed:
1) SHIFT+F12 to Open Strings
2) Search for `I don't k`
3) Double click on the string, then press X to open the xrefs
[img=815x423]https://i.gyazo.com/6b8ba11f445d4fbcdf49ba3b2fa51fed.png[/img]


Jump to the first one, and you will see this code.

[shcode=cpp]
.text:00065DEC                             loc_65DEC:                              ; CODE XREF: sub_65D30+AEj
.text:00065DEC 098 A1 F8 A0 21 00                          mov     eax, dword_21A0F8
.text:00065DF1 098 85 C0                                   test    eax, eax
.text:00065DF3 098 74 0A                                   jz      short loc_65DFF
.text:00065DF5 098 53                                      push    ebx
.text:00065DF6 09C 8B CE                                   mov     ecx, esi
.text:00065DF8 09C E8 63 FE FF FF                          call    sub_65C60
.text:00065DFD 098 EB 61                                   jmp     short loc_65E60
.text:00065DFF                             ; ---------------------------------------------------------------------------
.text:00065DFF
.text:00065DFF                             loc_65DFF:                              ; CODE XREF: sub_65D30+C3j
.text:00065DFF 098 A1 E4 A0 21 00                          mov     eax, dword_21A0E4
.text:00065E04 098 68 70 7F 0D 00                          push    offset aIDonTKnowThatC ; "I don't know that command."
.text:00065E09 09C 50                                      push    eax
.text:00065E0A 0A0 EB 4C                                   jmp     short loc_65E58
[/shcode]

If you insist on using OllyDby, as I said just open up samp.dll and you will get it
https://i.gyazo.com/35a8dabebd36359d7939ceef5e74b9ac.png
 

monday

Well-Known Member
Joined
Jun 23, 2014
Messages
921
Likes
4
Points
68
#10
thanks but I thought 0x688 executed the game and then loaded it because he added a breakpoint to show the "/hellougbase" command he typed...

When I try to open samp.dll it shows "Unable to start file: path/samp.dll" error
 

y0mike

Well-Known Member
Joined
May 10, 2014
Messages
65
Likes
0
Points
6
5
#11
monday said:
thanks but I thought 0x688 executed the game and then loaded it because he added a breakpoint to show the "/hellougbase" command he typed...

When I try to open samp.dll it shows "Unable to start file: path/samp.dll" error
I had issues attaching to gta with ollydbg. I usually use x64dbg -> https://x64dbg.com/#start

Anyway, I just used x64dbg, attached to GTA:SA, then, right click, Search For -> All Modules -> String References

[img=656x406]https://i.gyazo.com/802812733f6b5435435a1cb29b32bafc.png[/img]


Then you can right click -> follow in disassembler, and do what you want.
 

monday

Well-Known Member
Joined
Jun 23, 2014
Messages
921
Likes
4
Points
68
#12
Thanks, btw it turned out that with odbg110 version it works fine (instead of odgb200 I used before)
 
Top