0
What I reverse :
    Old 4~8mb games compiled with vc++ 2006~2008(depends on version), whose source code is lost.
    It(they) has the mixtures of their custom structures, classes and directX sdk classes.

What I did with an IDA:
    Clumsy way - find some functions(subroutines) do some roles in gameplaying.
    Searching - find some structures which helps analyzing their settings.
    Class informer - Helped a lot finding class hierarchy but was no use without knowing size of class member.

Question :

  1. I am currently trying new way: compiling old directX sdk examples with old compiler(vc++ 2008) to extract symbols for helping reversing. The RTTI clues say that the game uses directX classes(DxSurface, DxImageBase...) So I think it will help organizing classes from the bottom.

1-1. For acquiring vtable and struct info of compiled directx class, I planned to compile some sample codes with directx library.

1-2. With compiled PDB symbol, I expect to measure the size of some class, and more precise class information(that the class will implemented into struct and struct_vtbl).

1-3. After successive 1-2, I'll apply this result to original project, reversing the old game.

  1. Does this plan valid for reversing the game?

  2. I did the way mentioned above with libjpeg, but the compiled function call was usercall and the one in the actual game use cdecl call. How can I change calling convention in a whole project?

CANNON_LCK
  • 1
  • 1
  • Generally speaking any pdb file you can find will improve readability of the reversed solution. It will provide the original naming for the functions it can find. Even if they are not the ones you are interested in, still nice to have some of the code using proper naming. – Irbis77 Oct 17 '21 at 12:20
  • Are you going to reverse the entire code base? Even if you do, then you probably want to start building your reversed project from few functions. At that point, it doesn't matter which definition the individual function has as you can always change it later and then decide whether you need it for entire project. – Irbis77 Oct 17 '21 at 12:25
  • Thxs for commenting. I am reversing an entire portable executable from base. I've done the way starting from a few functions(what you suggested). How I felt something's wrong because there were bunches of big class governing the functions. To reverse the project from a function to bunches of class, I'm designing the way to easily reconstruct a class. – CANNON_LCK Oct 17 '21 at 14:10
  • 1
    Do you actually have the PDB for the game or not? The question is kinda unclear on that part – Igor Skochinsky Oct 17 '21 at 16:09
  • Didn't consider clearing that. :( The game does not have pdb symbols, nor source code. In that situation, I am trying an attempt to create some pdb file using a library which the game uses, by compiling some dx8 sample codes with an old compiler. – CANNON_LCK Oct 17 '21 at 16:40
  • could you edit the question and describe specifically what you want/plan to do? You ask "does this will help reversing" but it's not cleat what 'this' refers to. – Igor Skochinsky Oct 17 '21 at 16:58
  • Okey, I revised the question. 'this' means the plan I wrote newly above. Understand me kindly, I've acquired only picemeal knowledge so I still don't know what is right and what is wrong. – CANNON_LCK Oct 17 '21 at 17:25
  • I was thinking that one of the ways of how to know, whether the function signatures are correct would be to create a dll and hook or inject it. That way you could try running some of these functions before the entire project is reversed and would be easy to check, how they should look like. Most probably this is not the best method, but it works. – Irbis77 Oct 17 '21 at 20:06
  • This sounds more like you want to create your own FLIRT signature using the tools that come with the IDA SDK, no? No need for creating a PDB if you use the tools IDA provides already. – 0xC0000022L Oct 17 '21 at 20:27

0 Answers0