Well. That's True. It's good to know, where your code will be placed.Technology wrote:I suppose becoming intermediate-advanced in C also helps a lot, since it is pretty close to the metal?
For the starters. For you to see RE internals or any other Ragrarok rated knowledge, you will need some source ("book" for example, or some dictionary). For myself, it's High Pries Game and some old sakexe. Both have .PDB files, so you can see their insides, and how each function is called, what params are given to it, etc. etc.
There is about 30~40 asm opcodes that are wide used, most of the others are just a quick implementation of something or some Math related things (Personally I do not remember all of them, only need the base part).
IDA is good, to forget about Frame pointers and structure offsets if you use it properly (cast a structure or something on local stack var, name the var). Plus it also have HexRays (Pretty good on small and clean functions, but it gives bullshit when used on function with something like "for (int i = 0; i < N; i++) k = l[a];").
Technology: Do you remember my HEX patters? the one used to locate Local parsing functions? That should be the start. For today they changed, so I must remake them. For the time being, it's better to locate "OnUpdate" using Jump to XREF technique.
It's when you know some function is using some string, you locate the function that uses that string constant, and jump to code that Call that function.
Then you check if it looks "like" the same (HexRays output can differ a lot) sequence of asm opcodes. You name it, and jum back to XREF.
Once you Reach .data Section, you are saved. Because there, you will land on an array of pointers that are "virtual" functions of class.
It's Like solving a RLY Big Puzzle.
When you start solving it, you will see nothing. But once you get some pieces together, you will be able to solve almost everything around that piece, and so on.