Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
SubGame2.exe / fix.dll Analysis

 
Post new topic   Reply to topic Printable version
 View previous topic  Turf Flag Settings Post :: Post SubGame2.exe Binary Extensions  View next topic  
Author Message
cycad
Novice


Gender:Gender:Male
Joined: Feb 12 2004
Posts: 29
Offline

PostPosted: Sat Nov 21, 2009 11:45 am    Post subject: SubGame2.exe / fix.dll Analysis Reply to topic Reply with quote

Hi.

I am mostly inactive now but from time to time over the last few years I have reversed relevent portions of SubGame2.exe in order to get something done, usually for my botcore OpenCore but also for curiosity as well.

When I saw L.C.'s post on dumping strings from fix.dll and subgame2.exe, then his question on 'pulled.dat', I realized I can help. String dumps are nice but we can do a lot better.

I can't give a lesson here, but IDA Pro is the industry standard tool for reverse engineering software. You can get it from http://www.hex-rays.com/idapro/idadownfreeware.htm. My subgame2.exe & fix.dll analysis is at 75rw.net/subgame2_analysis.zip. Load it up with IDA Pro. In it you will find disassembled subgame2.exe, with some functions labeled and prototyped. I also mapped fix.dll into the address space. If you right click the address column in the disassembly view you can see areas I've bookmarked, probably because they are interesting for one reason or another. If you hit ctrl+L you can see all labeled functions and data values. The structure view also has partial definitions for structures/classes.

The analysis is quick, dirty and pretty incomplete -- I only looked in areas I found interesting. As with most things I do, it was done for the challenge and not outward presentation or attention. In fact, I can't stand people who seek attention by publicizing information that should be private. I will help and answer questions - you can contact me directly - but if you are one of those people please don't bother me. :) In a client-authoritative game publicizing information that can be used against the client is just silly.

Some key points about the analysis:
* It's pretty incomplete
* I did not analyze much of fix.dll because if PriitK recompiles it will change
* It may not be correct, a lot of reversing is working with assumptions, and there are a lot of assumptions here

I have also unpacked and defeated protections on continuum40.exe but I will not release that here because I have a sense of appropriateness and don't want to help cheaters. I will answer benign questions regarding the client though, if I am able (and I very well may not be able to, because the program is very complex).

Alright, hope this helps.

Keep it interesting,
cycad / cycad at 75rw dot net




subgame2_analysis.zip - 1378.83 KB
File downloaded or viewed 24 time(s)


Last edited by cycad on Sat Nov 21, 2009 12:33 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Sat Nov 21, 2009 12:12 pm    Post subject: Reply to topic Reply with quote

I get an error when trying to open the ZIP.
Quote:
! D:\Incoming\subgame2_analysis.zip: Unexpected end of archive


These are the errors I get when I try to extract:
Quote:
! D:\Incoming\subgame2_analysis.zip: The archive is corrupt
! D:\Incoming\subgame2_analysis.zip: The archive is corrupt
! D:\Incoming\subgame2_analysis.zip: CRC failed in subgame2.idb. The file is corrupt
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
cycad
Novice


Gender:Gender:Male
Joined: Feb 12 2004
Posts: 29
Offline

PostPosted: Sat Nov 21, 2009 12:37 pm    Post subject: Reply to topic Reply with quote

GoDaddy's free hosting is playing tricks on me. Try the above link again, I put it on 75rw.net instead of greencams.net.

Also, check http://forums.minegoboom.com/viewtopic.php?t=8593.
Back to top
View users profile Send private message Add User to Ignore List
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> General Questions All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 659 page(s) served in previous 5 minutes.

phpBB Created this page in 0.531313 seconds : 30 queries executed (92.5%): GZIP compression disabled