Source.Python forums

Hello Fellows,

i am trying to figure out if there is a way to use SP ( maybe memory hook ) to clear model cache from the server and even client? ( clearing of a specific model OR even the entire cache)

lets say i am spawning many DIFFERENT models on the server and client, but are going towards the cache limit ( which for "ModelMesh" is 256MB, using cache_print in console ).
Now, some models have already faded and are technically not needed anymore on the server and client.
But now i am unable to spawn any new (DIFFERENT) models or else it will crash the game.

is there a methode to release/unload any "old"/unneeded models from the cache, so that i can keep spawning new models after old ones have faded?

right now i am looking into: https://github.com/alliedmodders/hl2sdk/blob/98fe5b5a34b3721fe4d60ec7ba3a28ade3512560/public/datacache/imdlcache.h
which shows that the engine itself has commands to do so. ( they are probably applied on mapchanges etc )

You would probably want to call IMDLCache::Flush(). We haven't exposed it, but you can easily call it with the memory module. The global pointer for IMDLCache is already available through studio.cache.

yeah, but the problem im facing is that i dont have any dissambler to find the correct function access. i could download this one:
http://x64dbg.com/#start
which looks pretty neat (like some advanced version of ollydbg, but assumingly without any community content).
also it doesn't seem to support a script engine, so customizing the program, dumping vtables etc could become a bit of a drudgery.

should i just buy ida pro?
thanks for helping

You can do all you need with the free version of ida. Don't waste 10k on that, lol.

L'In20Cible wrote:You can do all you need with the free version of ida. Don't waste 10k on that, lol.

thanks for mentioning this. looking at the program ida seems like a piece of gold. i am going to take my time and look into it!

okay, ive stumbled upon a few problems here.
first off, i am completely new to accessing machine code,using sp etc so please correct me if my assumptions are going down a wrong track.

logically, to access a function it would make sense to me to route like this : binary -> function. now, a function will probably be routed through several pointers, depending on the hierarchical complexity..
so im wondering if i have to respect all the pointers manually in and via my route or does the identifier/signature that i can dump via ida represent this pointer-squence?

now, following ayutos suggestion to use model_cache as a pointer, i have discovered that it is only the pointer to my mainclass so i am wondering if this is even the correct approach to access IMDLCache?

CMDLCache
-CTier3AppSystem<class IMDLCache,0>
--CTier2AppSystem<class IMDLCache,0>
---CTier1AppSystem<class IMDLCache,0>
----CTier0AppSystem<class IMDLCache>
-----CBaseAppSystem<class IMDLCache>
------IMDLCache
-------IAppSystem
-IStudioDataCache
--IAppSystem
-CDefaultDataCacheClient
--IDataCacheClient

following the print it looks like "IMDLCache", is something like a 6th subclass of "CMDLCache"? so cant i access it directly?
there is only one xrefs in CMDLCache::Flush(MDLCacheFlush_t) with "rodata:00097F14" as the address, so im wondering if
there is some sort of obsfuscation here since i dont have any function reference here, rather than some "datablock reference"?
how would i know how to route from this just from looking at the machinecode? do routes have to respect some sort of "classorder" or
is it possible to access my function directly with the correct pointer? ( the optimal route probably does that anyway, but how do i find it? )

so trying to use the signature of flush to route directly to it always returns me "wrong signature". im using windows and the latest bild.
is there some sort of ida script which checks the fastest route by comparing and executing different possiblities/pointers ?

also, i cant seem to find any documentation in the forum on how to execute the function after having found the correct route..
i guess memory.callback is where im heading if i want to register and execute my function later from sp?
but then im wondering, why nobody gave me any infos on how to approach this? so i assume that i am missing something and its more obvious..

thanks for help


EDIT:
i just realized, that i wrote much too hasty, im not even accessing IMDLCache, so forget that part

Actually, it's pretty much the same like this one:
http://forums.sourcepython.com/showthread.php?1066-clientside-sv_cheats-commands-and-immune-to-triggers&p=6886&viewfull=1#post6886

For CS:S I get the following output:


There are many examples here on the forums on how to call a function. The keyword you need to look for is "make_virtual_function". memory.Callback is something different. It can be used to create C++ functions which call a Python callback.

if it is that simple, that will make things very easy, but i am wondering how to execute a function? things in the forum mainly concern functions, that are used by the game and simply hook into it to modify, but i am trying to execute a function manually? am i still missing something?

edit: okay nvm i read the post now, i just have to "run" the function in python xD
my thought process is much too complicated. source python actually makes things very easy, that is great

somehow, when i flush a specific model with this code, no changes in the length of string_tables.modelprecache happen...

now my guess was, that maybe "locked" models cant be flushed away, so right now im trying to call the "endlock" function, but get this error on the line datatype.void in the below endlock() function:


what am i doing wrong in endlock() ? also, has anybody in here ever done this? flush a model from server memory? i put this issue aside a few months ago, but now it became relevant to me again. also: interestingly "cache_print" in console cuts off by ~1000 entries when i call my flush function, but no changes happen to the actual cache dictionary! so i might even be doing something wrong in that functin as well? any help is much appreciated!

for further detail. this is how i send my flush function:


and this is a nice helper for the flushflags that ayuto created for me:

equals
What you want is a tuple, and that will be


Comma creates the tuple, and parentheses are here just to give it right priority.

thank you, yes ive tried that before, but got this error "RuntimeError: Access violation while reading address '337'."
so i disregarded the try. i gotta find out what this error means exactly for now. its definately function related. maybe im calling the wrong vtable index..

yeah my index was wrong, i knew it worked before 2 months ago. endlock index is 33 in csgo. my bad
i would still like to know if anybody had any success with this or knows how to flush models from server cache!
unluckily endlock wasnt the way to go

okay, let me rephrase everything :im trying to flush a specific model from server cache.
now i have a few questions:

1) how do i call the current modelcache length/size? e.g. 102/4096 active models ("cache_print" seems to be wrong? and stringtables.modelprecache might just be a inadequate separate printer?)

2) how do i correctly flush one? ( my attempts mostly make the server crash without giving me error returns to find the reasons myself, so someone knowledgable would be much better off here with proper server/memory understanding!)

ill probaby spam this entire thread now.
but i have more thoughts..
1) why does tempentity.base have its own precache function?
2) i figured out an idea in which, maybe i can achieve my goal of the entire above process, without any big effort, it goes as follows:

can i use sendtables, to push a tempentity to my client withouth precaching its model on the server? will the client be able to cache the model on its own?

any help is much appreciated and will not be taken for granted :P