Openkore.com

OpenKore Forums
It is currently 16 Aug 2018, 05:45

All times are UTC - 5 hours [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 38 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 22:02 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1301
Technology wrote:
I suppose becoming intermediate-advanced in C also helps a lot, since it is pretty close to the metal?


Well. That's True. It's good to know, where your code will be placed.
For the starters. For you to see RE internals or any other Ragrarok rated knowledge, you will need some source ("book" for example, or some dictionary). For myself, it's High Pries Game and some old sakexe. Both have .PDB files, so you can see their insides, and how each function is called, what params are given to it, etc. etc.

There is about 30~40 asm opcodes that are wide used, most of the others are just a quick implementation of something or some Math related things (Personally I do not remember all of them, only need the base part).

IDA is good, to forget about Frame pointers and structure offsets if you use it properly (cast a structure or something on local stack var, name the var). Plus it also have HexRays (Pretty good on small and clean functions, but it gives bullshit when used on function with something like "for (int i = 0; i < N; i++) k[i] = l[a][i];").

Technology: Do you remember my HEX patters? the one used to locate Local parsing functions? That should be the start. For today they changed, so I must remake them. For the time being, it's better to locate "OnUpdate" using Jump to XREF technique.
It's when you know some function is using some string, you locate the function that uses that string constant, and jump to code that Call that function.
Then you check if it looks "like" the same (HexRays output can differ a lot) sequence of asm opcodes. You name it, and jum back to XREF.
Once you Reach .data Section, you are saved. Because there, you will land on an array of pointers that are "virtual" functions of class.

It's Like solving a RLY Big Puzzle.
When you start solving it, you will see nothing. But once you get some pieces together, you will be able to solve almost everything around that piece, and so on.

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 22:09 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
Quote:
array of pointers that are "virtual" functions of class

Thats a vtable right? (as used in C++ to do dynamic dispatch)

I like your puzzle analogy, now I need to find the right box that holds the pieces I need.

Anyways time for me to sleep, going to dream about RE I assume after all this lol.

And if i may ask, when did you start learning about RE and why?
I hadn't seen the use of it until I saw what you were capable of doing with it.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 22:40 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1301
Technology wrote:
And if i may ask, when did you start learning about RE and why?
I hadn't seen the use of it until I saw what you were capable of doing with it.

It's was just a hobby.

Well. I started Writing applications when I was 7 (back in 1992). There was some options: Basic, Pascal and ASM.
Once, I've seen a Pro coder writing some application using just HEX Editor.
And Then I just asked myself? why I can easily code Basic and Pascal. But do not even understand what that guy did, and everybody was running around him, like around some god.

So I asked a few people, and one guy told me, that he was writing some RLY complicated Application. And no Hi level language could match the speed and efficiency of what was guy doing.

But yet, nobody told me, on where to find documentation on that.

After digging around in PC, I found a tool called Disasm, and started learning from examples that I found all around.
When I went to middle school, i've started learning C and C++. and it seemed to me, that, with it, i can simply write something effective by speed and memory usage, as on asm.

From that point of time, it started to be rly easy, on tasks. Like improving someone works without even completely rewriting it. Or just checking around to find the encryption and key check, etc, etc.

For Today, It's still my hobby. And I want to improve my skills more and more.
And, I don't care, that they are not fully used. It does not meter to me.

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 22:47 
Offline
Developers
Developers

Joined: 05 Oct 2011, 09:21
Posts: 60
Location: Brazil
Technology wrote:
Quote:
array of pointers that are "virtual" functions of class

Thats a vtable right? (as used in C++ to do dynamic dispatch)

I like your puzzle analogy, now I need to find the right box that holds the pieces I need.

Anyways time for me to sleep, going to dream about RE I assume after all this lol.

And if i may ask, when did you start learning about RE and why?
I hadn't seen the use of it until I saw what you were capable of doing with it.


This is called "VMT", Virtual Method Table

In c++ you would build it, by abstracting from a base class, into a child class with virtual methods, so it will build up the VMT :) !


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 22:57 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
kLab, thats an awesome story!
Wow, i never knew you already started coding at age seven, I was just only just learning about multiplication when I was that old and we didn't even have a computer at home. :oops:
Its amazing what people can accomplish when being passionate about what they love doing.

Fr3DBr, so yea, it is a vtable. ;)
I know the concept, picked that up while studying some VM.
Like when calling a virtual method speak on a pointer of type Bird and Bird is subclassed by Parrot and Goose, then the compiler can't know at compile-time which speak to call, that of Parrot or that of Goose, so it must decide that at run-time instead.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 23:31 
Offline
Developers
Developers

Joined: 05 Dec 2008, 05:42
Posts: 1811
Technology wrote:
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)

Not very hard if needed, would be similar to patchconnect plugin but checking patch list.

On deprecated packets, we may log which alternatives are used on every server (outgoing packets - with XKore only) from openkore itself too.


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 16 Feb 2012, 03:40 
Offline
Developers
Developers

Joined: 04 Apr 2008, 13:33
Posts: 157
klab can you post the sakexe with the pdb?

Does anyone have a link to the high priest game? Preferably KR version, but JP is fine too I guess. It's ~466mb so I don't think posting it is realistic.

I might get back in to reverse engineering. It takes a lot of dedication and the learning process is kind of abstract. It's easy to just do other things instead, because you have no real clear objectives and no guarantee you are making progress if you do have some. ;)

Technology wrote:
resources

gamedeception is an okay forum, but I don't know how active it is these days

The focus is mostly on fps games with SDKs, but there are some people there who are very skilled. Anyway, there's lots of tutorials and code samples for various games. Depending on what you want to do, it's an okay resource.

I haven't really found any really great tutorials. Google, reversing your own programs, and reversing things someone else has already reversed without looking at their work until you get totally stuck are all pretty effective and don't feel hopeless. It takes dedication, effort, and time. It's not very rewarding in the short term. If you try to have any real objectives, like reversing an encryption method or a specific part of a program, you might get frustrated and quit if you make no progress after putting in a lot of time.

I usually lose interest and go toward coding other things. :oops:

_________________
Oh no.


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 16 Feb 2012, 07:50 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1301
Motivus wrote:
klab can you post the sakexe with the pdb?

http://min.us/mIThE7Iz2

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 38 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group