Flag: Tornado! Hurricane!

 Forums >>  Target Specific - General  >>  Reversing member of a class?

Topic created on: May 23, 2011 18:50 CDT by Dougfunny .

So I found a class for a video game which holds my player info. To uncover some of it's member I went in game and jumped around to find is jumping variable in player struct, health, ammo. The prBlemish is there are still alot of unknown members I could not discover fro
Bein in game! My question is how do I know what these members are if I can't view visual changes in game? If I view Ida"s references to these unknown members of the class I don't see how this will help me find what they are. I say this because if I follow a unknown class members xref I will most likely find myself in an unknown function and in order to understand it I will need to understand the parAmeters that were passed to it. In order to do this I will need to reverse it's caller and in order to reverse it's caller I must reverse the caller Of the caller...... And it seems like it will be impossible to uncover the true meaning of the unknown members of this class. Does anyone have any advice? Am I taking the wrong approach at finding these unknown members?

  Dougfunny   May 23, 2011 18:52.42 CDT
Same prolem arises when I pick a random function to reverse.  Firstly I know nothing about it's data members so I must understand all the callers before it!
Like I said if anyone can explain if I'm taking the wrong approah and what I should do instead thanks

  NirIzr     June 24, 2011 18:08.12 CDT
the first thing I'd do is find the CTor of the said class. you should create the structure in IDA and define names for all the members with their initial value.
the next step would be to find the basic class your class inherits, try finding more info about it and derive class members for your player class. reversing a class isn't a simple task and it takes time and effort, especially if its your first. some members will be easy to find figure out and some won't. after the CTor start with the functions that are called right after creating the object, they are more likely to be simple to analyze, if your into dynamic RE (running the app in a debugger a lot), which i find as cheating and not challenging, try break-pointing the calls to these member functions and see if you recognize the arguments passed or the events at which the break point occurs.

also, you can understand the meaning of arguments by other means rather then by reversing all the functions before it. this can be achieved by analyzing what exactly is done with them and how they are treated. also, by interactions of the members between themselves (for example, you could find out which member holds the max HP of the player by finding members that are compared to the current HP and never letting the current HP be above them).

if I may ask, what game are you reversing? i might be interested in helping you farther (by like doing some of the work) if its a good online game as i have interest in reversing big OOPed apps.

Note: Registration is required to post to the forums.

There are 31,040 total registered users.


Recently Created Topics
Ultimate Hacking Cha...
Jun/21
CreateMutex
May/31
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Immunity Debugger Re...
Aug/03


Recent Forum Posts
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack


Recent Blog Entries
crystalwade
Jul/20
test

nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit