Server Help

General Questions - SubGame2.exe / fix.dll Analysis
cycad - Sat Nov 21, 2009 11:45 am
Post subject: SubGame2.exe / fix.dll Analysis
Hi.

I am mostly inactive now but from time to time over the last few years I have reversed relevent portions of SubGame2.exe in order to get something done, usually for my botcore OpenCore but also for curiosity as well.

When I saw L.C.'s post on dumping strings from fix.dll and subgame2.exe, then his question on 'pulled.dat', I realized I can help. String dumps are nice but we can do a lot better.

I can't give a lesson here, but IDA Pro is the industry standard tool for reverse engineering software. You can get it from http://www.hex-rays.com/idapro/idadownfreeware.htm. My subgame2.exe & fix.dll analysis is at 75rw.net/subgame2_analysis.zip. Load it up with IDA Pro. In it you will find disassembled subgame2.exe, with some functions labeled and prototyped. I also mapped fix.dll into the address space. If you right click the address column in the disassembly view you can see areas I've bookmarked, probably because they are interesting for one reason or another. If you hit ctrl+L you can see all labeled functions and data values. The structure view also has partial definitions for structures/classes.

The analysis is quick, dirty and pretty incomplete -- I only looked in areas I found interesting. As with most things I do, it was done for the challenge and not outward presentation or attention. In fact, I can't stand people who seek attention by publicizing information that should be private. I will help and answer questions - you can contact me directly - but if you are one of those people please don't bother me. :) In a client-authoritative game publicizing information that can be used against the client is just silly.

Some key points about the analysis:
* It's pretty incomplete
* I did not analyze much of fix.dll because if PriitK recompiles it will change
* It may not be correct, a lot of reversing is working with assumptions, and there are a lot of assumptions here

I have also unpacked and defeated protections on continuum40.exe but I will not release that here because I have a sense of appropriateness and don't want to help cheaters. I will answer benign questions regarding the client though, if I am able (and I very well may not be able to, because the program is very complex).

Alright, hope this helps.

Keep it interesting,
cycad / cycad at 75rw dot net
L.C. - Sat Nov 21, 2009 12:12 pm
Post subject:
I get an error when trying to open the ZIP.
Quote:
! D:\Incoming\subgame2_analysis.zip: Unexpected end of archive


These are the errors I get when I try to extract:
Quote:
! D:\Incoming\subgame2_analysis.zip: The archive is corrupt
! D:\Incoming\subgame2_analysis.zip: The archive is corrupt
! D:\Incoming\subgame2_analysis.zip: CRC failed in subgame2.idb. The file is corrupt
cycad - Sat Nov 21, 2009 12:37 pm
Post subject:
GoDaddy's free hosting is playing tricks on me. Try the above link again, I put it on 75rw.net instead of greencams.net.

Also, check http://forums.minegoboom.com/viewtopic.php?t=8593.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group