[TEC] *.exe Reverse-Engineering

[Obelix]

Yes, the question is twofold. When thinking sensibly, in this case, no immorality and illegality there. Indeed, the only benefit that we derive from reverse-engineering is the only higher quality game. Ie. Exe cracked for improving the program, which has already purchased. Discussions on how to turn off DRM is not being conducted.
But it could conceivably come to the ridiculous: in 2006 in Russia happened is that (probably Russia and abroad, the case made a splash): the headmaster had bought for school computers, which had been pre-installed pirated windows. The prosecutor's office seized the director of a stranglehold with a determination to defend the interests of Microsoft. Investigators were trying to close the deal "In the absence of a guilty person," and Bill Gates understand the situation refused to support a lawsuit against the director. Persistence prosecution is simply amazing. The first time it stopped "in connection with minor damage" but the prosecution insisted on a new consideration, the court did not want to sit for a long time Director awarded 5000 rub. (~ $ 180) against the alleged 262,000 rubles. (~ 9500 $)

I am confident of the correctness of TheDarkWraith - who no matter how he knows all the pitfalls in this process.

[TheDarkWraith]

@ Obelix - interestingly I learned the majority of my 'specialized' skills from you Russians You all have people that blow me away with their RE skills and what they can do with software No matter how many books I read on the subject I'm always two steps behind you all

@ Reaper7 - I'll look into those addresses tonight It's nice to see someone taking interest into RE. Let me warn you though that once you start down this path you'll probably never stop If you like puzzles and things that make you think then this will suit you well For me it's the whole challenge thing, the let's see if I can make it do this or that.....A great book on the subject is Hacking 2nd Edition - The Art of Exploitation by Jon Erickson. This book is more of an intermediate's book. A good beginner's book is Reversing - Secrets of Reverse Engineering by Elded Eilam After some years of this you'll see just how 'bad' windows is. It still amazes me how easy it is to take control of any process running on any computer running Windows

EDIT:
@ Reaper7 - not sure how you found that address....were you using Olly Debug? If so, what was the base address, size, and entry point of your SH5.exe?

[Anvart]

Quote:

Originally Posted by TheDarkWraith

...- interestingly I learned the majority of my 'specialized' skills from you Russians...

maybe... but I also noticed the familiar words of Jeffrey Richter from his famous book Programming Applications for Microsoft Windows... in your famous thread...

[BigBANGtheory]

Where does one start on such a vast topic?

If you read guides about it like 2 sentances in it goes off on one about pointers, assembler, hex, debuggers without actually explaining anything or worse still explaining it with even more specialist terms

[TorpX]

Quote:

Originally Posted by BigBANGtheory

Where does one start on such a vast topic?

If you read guides about it like 2 sentances in it goes off on one about pointers, assembler, hex, debuggers without actually explaining anything or worse still explaining it with even more specialist terms

I agree. Many of us did not grow up with computers, and have only learned how to use them with some difficulty. Not everyone is an expert.

[urfisch]

any constructive additions?

@tdw
i know there are books. i also know there is something called internet, which has even more sources. but as you might understand, i am not willed to spend my rare time in searching through all this complex stuff, just to change some things in a games "exe". maybe reasonable. i dont want to be an expert in RE some time in future. i am a designer and coding, hex editing and all this dry, complex logic stuff with numbers is heating up my brain to an unstandable level. beside this, i simply do not have the time to dig as deep into this topic, as you want me to do.

so i ask here, so people might post their experiences and helpful tutorials.

[reaper7]

Quote:

Originally Posted by TheDarkWraith

@ Reaper7 - not sure how you found that address....were you using Olly Debug? If so, what was the base address, size, and entry point of your SH5.exe?

Redid the entries to show all the Information I could. Values have changed due to sh5.exe using different loading memory location.

But hopefully all the relevant info is here to get the Stadimeter.


In the Following Pic You can see the Base, Size and Module name thats loaded for SH5.
I'm using Cheat Engine 6.1 to find my addresses and pointers within the sh5.exe code and memory thats used.



Also took 2 more pics to show whats happening with regards the Stadimeter and the 2 pointer branches that are used.






There are a total of 16 addresses that hold the stadimeter values (Both SH5 and Sh4) of these 2 are writeable the rest read only.
I only worked with these 2 to bac track thru all the pointers to get to the Base Address (Cheat Engine shows this value as green to show its a static address).

One thing I noticed that both code sets used are very similar except for the offsets used in the last pointers code for both.

One has its offset at 00000084 the other at 00000094 as can be seen in the Memory viewer in first pic - maybe this is the problem

Hope that this info is good to get you going TDW


EDIT: Still not Sure this is the Base Address - Need to find how to do this in Ollydbg

Here is the Op, Assembly code you can search for - maybe that will help to find it
00412FF5 - F3 0F11 81 84000000 - movss [ecx+00000084],xmm0

[reaper7]

Yes, I got it working - gave up on cheat Engine and went back to Ollydbg

Found the Memeory address via TSearch and added breakpoint on memory access to find whats writing to it.

Found the same commands I had found in Cheat Engine.

But was able to see the jumps and run routine in Olly. Could see the The offset 84 line was being jumped over to the offset 94 line.
So Manually edited the line to change the offset from 94 to 84 for both the original address and the one calling it.

What do you know it works. Now just need to figure out how to add the fix or maybe you could add it to your Reverse Engineer Patch file TDW













Next on the List has to be the Reset to Zero Bug.

[DrJones]

Quote:

Originally Posted by reaper7

Yes, I got it working - gave up on cheat Engine and went back to Ollydbg

Found the Memeory address via TSearch and added breakpoint on memory access to find whats writing to it.

Found the same commands I had found in Cheat Engine.

But was able to see the jumps and run routine in Olly. Could see the The offset 84 line was being jumped over to the offset 94 line.
So Manually edited the line to change the offset from 94 to 84 for both the original address and the one calling it.

What do you know it works. Now just need to figure out how to add the fix or maybe you could add it to your Reverse Engineer Patch file TDW













Next on the List has to be the Reset to Zero Bug.

Congratulations reaper7

Now it is still getting more and more interessting....i think i should also keep an eye on cheat Engine and Ollydbg.

Keep on your good working...

Best Regard and Wishes

DrJones

[Trevally.]

Good work Reaper7

[urfisch]

maybe this whole topic is starting to get very interesting....



smells like endless possibilities...does it?

[reaper7]

Quote:

Originally Posted by DrJones

Congratulations reaper7

Now it is still getting more and more interessting....i think i should also keep an eye on cheat Engine and Ollydbg.

Keep on your good working...

Best Regard and Wishes

DrJones

This only proves it works - still need to figure how to make the patch or else TDW can add to his current patches.
But its working with ollydbg attached to the Sh5 Process. So I'm sure its a simple thing to make the permanent edits to a patch

[urfisch]

really great news, reaper!

[TheDarkWraith]

Quote:

Originally Posted by reaper7

This only proves it works - still need to figure how to make the patch or else TDW can add to his current patches.
But its working with ollydbg attached to the Sh5 Process. So I'm sure its a simple thing to make the permanent edits to a patch

My auto patcher uses patch files. Just create a patch file with your change

[raymond6751]

quote " the SH-Series is dead, so theres nothing to come, if we are not creating it."

First of all, we all accepted but few read over the user end license agreements for the software we use - including games. RE was specifically not permitted.

Copyright ownership does not end if a company does not produce further updates or similar titles.

Google was undergoing a class action law suit representing authors (I am one of them) for displaying book contents without permission. They settled out of court and have to pay millions.

Each of us has our own opinion about the right of it, but accept that it is basically illegal to RE software for any reason. Just about every program end-user license I have encountered indicates that ownership of the program remains with the maker and the license is to use it.

That should kick up some dust in the forum !