[TEC] *.exe Reverse-Engineering

urfisch · 06-14-11, 11:39 AM

TDW mentioned this method in sh3 section for using new water shaders in sh3. He said, he believes the shaders are called through the sh3.exe - so if one manages to dig into this exe file, he could reach a fundamental breakthrough in modding sh3.

I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

TDW also mentioned, if more people here would have the knowledge about software reverse engineering, we could mod the game to our needs, as nearly EVERYTHING seems to be possible.

AND...Please leave any of this bothering policy statements about licenses, forbidden things and all this unneccessary, boring and unuseful things, that made some of our great modders already leave the boat. There is simply nothing to fear, as long, as no one claims you to stop your work. By the way...the SH-Series is dead, so theres nothing to come, if we are not creating it.

raymond6751 · 06-14-11, 02:14 PM

Quote: I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

This is illegal, regardless of your opinion. It is also morally wrong, just as pirating copies of discs and hacking.

TheDarkWraith · 06-14-11, 03:12 PM

Quote:

Originally Posted by raymond6751

Quote: I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

This is illegal, regardless of your opinion. It is also morally wrong, just as pirating copies of discs and hacking.

That's an incorrect statement. The process of RE is legal as long as one does not redistribute the copyrighted software with changes. Your big name anti-virus companies, the government (US), and many large corporations use RE to learn how to use others software or to discover 'hidden' features not documented from the software manufacturer (anti-virus companies use it to learn how the virus, worm, etc. works and/or transmits itself). If this was really illegal then the US government and anti-virus companies would have thousands, if not millions, of lawsuits filed against them (not to mention those who made the virus, worm, etc. could file lawsuits against those who used RE to mitigate their creation).
Let me cite one example of RE that benefited everyone. Microsoft's Word format was a 'closed' format that only Microsoft's Word could read/create. Third party companies used RE to figure out the word format and they created software that could read/write the word format. Did you see Microsoft filing any lawsuits on this? No. There was nothing they could do about it because those third party companies created their own unique software that didn't use any of Microsoft's libraries or modules. Who was the winner in this? Everyone.
Check your local Borders, Amazon.com, etc. to see what they offer book wise on the subject. You'll see there are MANY books on it. They are EXCELLENT reading for those that have an interest in learning. Sadly the average person's knowledge in RE dwindles every day because of 'false fear' everyone tries to raise about it. Companies/corporations try to instill this 'fear' as a scare tactic and sadly it works on the majority of people.
The best defense is knowing the ways/tactics of your potential attacker/foe

reaper7 · 06-14-11, 04:39 PM

Well I've been trying to delve into this Reverse Engineering - since TDW mentioned ollydbg. Wow its complex stuff.
But I've managed to track down the stadimeter bug - locations in memorry.
I've managed to find the Base Address for the Stadimeter Range, that is the one that is linked to Sh5 memory address on loading and so is available always.
And also both of the Offset routes the stadimeter uses for that value (These use RVA address so change every time on game load - but I have the Base address and offsets).

Now of the 2 routes one is the Correct value and one is the bugged 20M value.

So I can see in the Bugged one.
That SH5 gets the range when using the stadimeter but on mouse release does not change to relflect the mast height - this value is then displayed in the XO Dialogue.

Now the working value.
Sh5 gets the range when using the stadimeter but on mouse release does update the Range to reflect the correct mast height.
(I also noticed that when I click The Stadimeter Fix icon from my Mod it - updates the incorrect value to the correct value - So this 100% confirms my fix is correct, But it would be great to fix the Stock Stadimeter bug in code.)
But the XO Dialogue does not update this value. So the correct value is never used by SH5 just sits in memory - This is most likely SH4 code

Now as my programming skills are very little - I do not know how to redirect the value from the Base Address of the correct value into the pointer of the incorrect value (That SH5 is using).
Don't know how to use Assembly to do the code inject or whatever is nedded to achieve this.

TDW any ideas on how this can be done

I can give you the address for the relevant data, but would like to learn how to do this also - by tutorial or whatever means

TheDarkWraith · 06-14-11, 04:56 PM

Quote:

Originally Posted by reaper7

Well I've been trying to delve into this Reverse Engineering - since TDW mentioned ollydbg. Wow its complex stuff.
But I've managed to track down the stadimeter bug - locations in memorry.
I've managed to find the Base Address for the Stadimeter Range, that is the one that is linked to Sh5 memory address on loading and so is available always.
And also both of the Offset routes the stadimeter uses for that value (These use RVA address so change every time on game load - but I have the Base address and offsets).

Now of the 2 routes one is the Correct value and one is the bugged 20M value.

So I can see in the Bugged one.
That SH5 gets the range when using the stadimeter but on mouse release does not change to relflect the mast height - this value is then displayed in the XO Dialogue.

Now the working value.
Sh5 gets the range when using the stadimeter but on mouse release does update the Range to reflect the correct mast height.
(I also noticed that when I click The Stadimeter Fix icon from my Mod it - updates the incorrect value to the correct value - So this 100% confirms my fix is correct, But it would be great to fix the Stock Stadimeter bug in code.)
But the XO Dialogue does not update this value. So the correct value is never used by SH5 just sits in memory - This is most likely SH4 code

Now as my programming skills are very little - I do not know how to redirect the value from the Base Address of the correct value into the pointer of the incorrect value (That SH5 is using).
Don't know how to use Assembly to do the code inject or whatever is nedded to achieve this.

TDW any ideas on how this can be done

I can give you the address for the relevant data, but would like to learn how to do this also - by tutorial or whatever means

tell me what the addresses (RVAs) are and I'll view them ingame and tell you how

I have to see if they are pointers to pointers or are the actual memory being used or if the memory is actually a stack address (temp variable) which then I'll have to track down when that value got pushed onto the stack so I can find it's true memory address.

reaper7 · 06-14-11, 06:13 PM

Quote:

Originally Posted by TheDarkWraith

tell me what the addresses (RVAs) are and I'll view them ingame and tell you how

I have to see if they are pointers to pointers or are the actual memory being used or if the memory is actually a stack address (temp variable) which then I'll have to track down when that value got pushed onto the stack so I can find it's true memory address.

These are the Addresses i found

SH5.exe+47D740 (This gave me a Base Address of 005ED740 with my game)
Sh5.exe Process was at 000014B0.

second one had a Base Address of 005EE290

Hope I've done it right and found the static ones and not false pointers.

06-14-11, 11:39 AM	#1
urfisch Sea Lord Join Date: Mar 2005 Location: Deep down in Germany Posts: 1,969 Downloads: 42 Uploads: 0	*[TEC] .exe Reverse-Engineering** TDW mentioned this method in sh3 section for using new water shaders in sh3. He said, he believes the shaders are called through the sh3.exe - so if one manages to dig into this exe file, he could reach a fundamental breakthrough in modding sh3. I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us? TDW also mentioned, if more people here would have the knowledge about software reverse engineering, we could mod the game to our needs, as nearly EVERYTHING seems to be possible. AND...Please leave any of this bothering policy statements about licenses, forbidden things and all this unneccessary, boring and unuseful things, that made some of our great modders already leave the boat. There is simply nothing to fear, as long, as no one claims you to stop your work. By the way...the SH-Series is dead, so theres nothing to come, if we are not creating it. __________________

06-14-11, 02:14 PM	#2
raymond6751 Admirable Mike Join Date: Mar 2004 Location: Canada Posts: 1,338 Downloads: 421 Uploads: 0	Don't Quote: I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us? This is illegal, regardless of your opinion. It is also morally wrong, just as pirating copies of discs and hacking. __________________ Game Designer: Close The Atlantic - World War Three https://boardgamegeek.com/boardgame/...orld-war-three

06-14-11, 04:39 PM	#4
reaper7 sim2reality Join Date: Jun 2007 Location: AM 82 Posts: 2,280 Downloads: 258 Uploads: 30	Well I've been trying to delve into this Reverse Engineering - since TDW mentioned ollydbg. Wow its complex stuff. But I've managed to track down the stadimeter bug - locations in memorry. I've managed to find the Base Address for the Stadimeter Range, that is the one that is linked to Sh5 memory address on loading and so is available always. And also both of the Offset routes the stadimeter uses for that value (These use RVA address so change every time on game load - but I have the Base address and offsets). Now of the 2 routes one is the Correct value and one is the bugged 20M value. So I can see in the Bugged one. That SH5 gets the range when using the stadimeter but on mouse release does not change to relflect the mast height - this value is then displayed in the XO Dialogue. Now the working value. Sh5 gets the range when using the stadimeter but on mouse release does update the Range to reflect the correct mast height. (I also noticed that when I click The Stadimeter Fix icon from my Mod it - updates the incorrect value to the correct value - So this 100% confirms my fix is correct, But it would be great to fix the Stock Stadimeter bug in code.) But the XO Dialogue does not update this value. So the correct value is never used by SH5 just sits in memory - This is most likely SH4 code Now as my programming skills are very little - I do not know how to redirect the value from the Base Address of the correct value into the pointer of the incorrect value (That SH5 is using). Don't know how to use Assembly to do the code inject or whatever is nedded to achieve this. TDW any ideas on how this can be done I can give you the address for the relevant data, but would like to learn how to do this also - by tutorial or whatever means