Second Round-More Neocron2 client.exe reversing
 RabidCicada <RabidCicada gmail com> |
Wednesday, April 2 2008 15:42.40 CDT |
Well,
So far so good. I've continued to reverse the game client but haven't made much progress recently(lack of time and complications). Remember I'm new.
I have continued trudging through the main client.exe(out of stubborness) instead of following my intuition that I should be looking else-where for the meat of the logic I want to alter(character data).
My initial thoughts were to track button presses/other character alterations while in game. The only problem is that i don't have a code coverage tool yet and am using an out of date IDA Pro(I'll be getting the newest one soon :) ). I would find where, say, UP was handled to move the character foward(and hopefully alter character data). Then start tracking things nearby(probably character data).
An additional complication is that there are multiple threads( about 5 if I remember right) and I think all the important game logic occurs in another thread(other than the main one) started as part of a "game" object (what I believe to be all the important stuff, or at least have a lot of the important stuff).
The Client loads a couple DLLs made for the game and one of them is the "game" from gamebase.dll built on top of a game engine(from another DLL). I finally left behind client.exe and am beginning to deadlist gamebase.dll. It looks like the one of interest.
My plan so far is that I'm going to deadlist a little to reverse some data structures. I'll port any gleaned information over to client.exe.
Here's where I'd appreciate some comments and advice on the blog entry.
My intention all along was to track character data alteration from keypresses. The problem is that that data is handled(I think) in something from a dll(gamebase) in another thread.
I'd like to continue with the original plan to track character data alteration but I'm now unsure as to how to track the keypress data. I'm familiar with the windows paradigm of passing messages to/from windows. I'm familiar with the peek/get, translate, dispatch loop and the WndProc callback.
One thing I'm not sure about is whether each thread will get it's own or if all that data has to go through Client.exe (only one with a window). I think it has to go through Client.exe. If thats the case then I will need to finish tracing the path of a keypress through the system in client.exe (I've already started).
From what I see they create and inputobject then I need to find out how they pass it to the other thread.
On a side note I found a funny little easteregg that I haven't tried yet. Among many other commands they accept at the commend line when calling client.exe they accept one particular switch "hubbletubblewubble". I wonder what it does?....Only one way to find out:).
~hopes for god mode in online play~
Oh,
Any advice on debugging threads in an executable would be great. I have yet to read up on it but I assume that there are some gotcha's when you want to debug some code that is run in a spawned thread off of the main executable(as is the case here with the game object).
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |