Amateur and back-engineering. Part 1: Paths and Files
How many of the progers did projects based on the games they played? I think a lot. You may be told that the game is so-so that you don’t have to spend time on a meaningless project, it’s still not useful to anyone, but it makes no difference to you, because it was cool, and at least somehow I want to repeat those emotions.
At one time I played a lot in “Tales of pirates” (hereinafter TOP) from Moli, more precisely in its Russian localization from Nival, Piratia. Chic, as for me, the game. Yes, not WOW, but I didn’t know anything about him either. Many years have passed, “Piratia” was closed, I grew up, but in the ocean of memory, the forgotten conqueror of the seas still floats on the ship of the 54th level.
After I learned that the Russian server was closed, and at that moment I hadn’t played for a couple of years, the excitement reawakened. After a couple of months, I got a little understanding of the world of fan servers, tried to set up my own on LAN, and began to figure out the structure of the files. And then it started. At first I decided to learn how to work with models. For a couple of hours, I found some code on Pastebin that, after a file, could open, however with problems, models. But besides the models in the game, the textures were encrypted.
')
Fortunately, there was one program, Gemini Decompiler, able to transform the texture of the game into normal and conventional pictures. Even more fortunate that this applet was written on .Net. After the decompiler, it turned out that the normal texture was broken into 3 blocks - the first 44 bytes, the last 44 bytes, and the rest - in the encrypted texture, first went the last 44 bytes, then the main part, then the first 44 bytes, and another 4 bytes is unimportant.
Based on the code from Pastebin and the texture converter, it turned out to make a model viewer. Horrible of course, but still. Here, he only read only the simplest models, like swords / staffs / daggers, characters and decor elements without animation.
And I wanted to move. And I started looking for disassemblers to sort the TOP engine library in pieces. Found a pirate IDA Pro. And he began to break ... A convenient program in general, especially because it can adequately dereference names after processing by the compiler and translates the result of the disassembly into pseudocode extremely similar to C. In the article about Caesar 3 this was remembered .
I worked with varying success for about two months. Well, how it worked, was played. I found a code with mathematical operations, started sticking structures from the model viewer into the IDA database, then I found that you can import .pdb (and it is, apparently for feedback, if there are errors), the code and structure rules that were issued by the pseudo-code designer. But it was felt that all was not right. I have .pdb, and there, as far as I knew, there is information about the project. I found a bunch of different programs, but they all gave out only general information. Then I began to consider Debug Interface Access (hereinafter referred to as DIA), if it was also delivered with the Express version of Visual studio. In short, now I'm writing on the Professional edition. Having compiled the dia2dump example, I went nuts. I had a lot of service information at hand. A little more than 30 megabytes of text. For example, there is a list of all .obj files that are fed to the linker, in addition, for each .obj file there is a list of sources that are included there. In general, the code for creating files from the TOP engine project was ready in one day. And then there will be the creation of structures and the connection of inkudov on .pdb ...
So it goes.
For a snack - additional code for dia2dump. The code for counting the number of .obj in a project, outputting files in each .obj, and creating folders and project files for .pdb.
At one time I played a lot in “Tales of pirates” (hereinafter TOP) from Moli, more precisely in its Russian localization from Nival, Piratia. Chic, as for me, the game. Yes, not WOW, but I didn’t know anything about him either. Many years have passed, “Piratia” was closed, I grew up, but in the ocean of memory, the forgotten conqueror of the seas still floats on the ship of the 54th level.
After I learned that the Russian server was closed, and at that moment I hadn’t played for a couple of years, the excitement reawakened. After a couple of months, I got a little understanding of the world of fan servers, tried to set up my own on LAN, and began to figure out the structure of the files. And then it started. At first I decided to learn how to work with models. For a couple of hours, I found some code on Pastebin that, after a file, could open, however with problems, models. But besides the models in the game, the textures were encrypted.
')
Fortunately, there was one program, Gemini Decompiler, able to transform the texture of the game into normal and conventional pictures. Even more fortunate that this applet was written on .Net. After the decompiler, it turned out that the normal texture was broken into 3 blocks - the first 44 bytes, the last 44 bytes, and the rest - in the encrypted texture, first went the last 44 bytes, then the main part, then the first 44 bytes, and another 4 bytes is unimportant.
Based on the code from Pastebin and the texture converter, it turned out to make a model viewer. Horrible of course, but still. Here, he only read only the simplest models, like swords / staffs / daggers, characters and decor elements without animation.
And I wanted to move. And I started looking for disassemblers to sort the TOP engine library in pieces. Found a pirate IDA Pro. And he began to break ... A convenient program in general, especially because it can adequately dereference names after processing by the compiler and translates the result of the disassembly into pseudocode extremely similar to C. In the article about Caesar 3 this was remembered .
I worked with varying success for about two months. Well, how it worked, was played. I found a code with mathematical operations, started sticking structures from the model viewer into the IDA database, then I found that you can import .pdb (and it is, apparently for feedback, if there are errors), the code and structure rules that were issued by the pseudo-code designer. But it was felt that all was not right. I have .pdb, and there, as far as I knew, there is information about the project. I found a bunch of different programs, but they all gave out only general information. Then I began to consider Debug Interface Access (hereinafter referred to as DIA), if it was also delivered with the Express version of Visual studio. In short, now I'm writing on the Professional edition. Having compiled the dia2dump example, I went nuts. I had a lot of service information at hand. A little more than 30 megabytes of text. For example, there is a list of all .obj files that are fed to the linker, in addition, for each .obj file there is a list of sources that are included there. In general, the code for creating files from the TOP engine project was ready in one day. And then there will be the creation of structures and the connection of inkudov on .pdb ...
So it goes.
For a snack - additional code for dia2dump. The code for counting the number of .obj in a project, outputting files in each .obj, and creating folders and project files for .pdb.
Open the result of the encoder
int total=0; bool AQLCreateDirectory(WCHAR * sPathTo) { while(CreateDirectory(sPathTo, NULL) == FALSE) { WCHAR sTemp[MAX_PATH]; int k = wcslen(sPathTo); wcscpy(sTemp, sPathTo); while(CreateDirectory(sTemp, NULL) != TRUE) { while(sTemp[--k] != L'\\') { if(k<=1) return FALSE; sTemp[k] = NULL; } } } return TRUE; }; void Process(IDiaSession *pSession, IDiaSymbol *pGlobal) { int total=0; IDiaEnumSymbols *pEnumSymbols; if (FAILED(pGlobal->findChildren(SymTagCompiland, NULL, nsNone, &pEnumSymbols))) return; IDiaSymbol *pCompiland; ULONG celt = 0; while (SUCCEEDED(pEnumSymbols->Next(1, &pCompiland, &celt)) && (celt == 1)) { pCompiland->Release(); total++; } fwprintf(pFileout,L"%i\n", total); pEnumSymbols->Release(); if (FAILED(pGlobal->findChildren(SymTagCompiland, NULL, nsNone, &pEnumSymbols))) return; celt = 0; while (SUCCEEDED(pEnumSymbols->Next(1, &pCompiland, &celt)) && (celt == 1)) { BSTR bstrName; if (pCompiland->get_name(&bstrName) == S_OK) { fwprintf(pFileout,L"%s\n", bstrName); SysFreeString(bstrName); } int num=0; IDiaEnumSourceFiles *pEnumSourceFiles; if (SUCCEEDED(pSession->findFile(pCompiland, NULL, nsNone, &pEnumSourceFiles))) { IDiaSourceFile *pSourceFile; while (SUCCEEDED(pEnumSourceFiles->Next(1, &pSourceFile, &celt)) && (celt == 1)) { num++; pSourceFile->Release(); } pEnumSourceFiles->Release(); fwprintf(pFileout,L"%i\n", num); } if (SUCCEEDED(pSession->findFile(pCompiland, NULL, nsNone, &pEnumSourceFiles))) { IDiaSourceFile *pSourceFile; while (SUCCEEDED(pEnumSourceFiles->Next(1, &pSourceFile, &celt)) && (celt == 1)) { BSTR bstrSourceName; if (pSourceFile->get_fileName(&bstrSourceName) == S_OK) { fwprintf(pFileout,L"%s\n", bstrSourceName); WCHAR *path = new WCHAR[wcslen(bstrSourceName)+8]; wcscpy(path,L"c:\\test\\"); wcscat(path,bstrSourceName+2); WCHAR *filename = new WCHAR[wcslen(path)+1]; wcscpy(filename,path); for(int k=wcslen(path)-1;k>=0&&path[k]!=L'\\';k--)path[k]=0; bool ok = AQLCreateDirectory(path); FILE *file = _wfopen(filename,L"w"); fclose(file); delete(filename); delete(path); SysFreeString(bstrSourceName); } pSourceFile->Release(); } pEnumSourceFiles->Release(); } pCompiland->Release(); } pEnumSymbols->Release(); } Source: https://habr.com/ru/post/236899/
All Articles