AlliedModders - CS/CZ IDA Suite - Updated March-2013

AlliedModders (https://forums.alliedmods.net/index.php)

- Code Snippets/Tutorials (https://forums.alliedmods.net/forumdisplay.php?f=83)

- - CS/CZ IDA Suite - Updated March-2013 (https://forums.alliedmods.net/showthread.php?t=185936)

CS/CZ IDA Suite - Updated March-2013

****UPDATED for latest CS/Engine updates (2013)

----------------------
Here I'm again with some tools to help you decompile CS/CZ binaries.

First of all, this is oriented to advanced users with experience using IDA Pro, knowledge on entity offsets, memory addressing, orpheu, rage, and quantum physics is prefered.

This work was done in three weeks of really hard work (50% me, 50% ConnorMcLeod)

What can be done with this?

With few steps you can convert this

http://i.imgur.com/oiXun.jpg

to this

http://i.imgur.com/bDJ2i.jpg

How?

Just download the attached zip file, uncompress and follow steps inside README.txt

Quote:

1- Open a new project with IDA Pro
2- Load cs_i386.so library
3- Load HLSDK headers: CTRL-F9 - engine.h
4- Load CS Entities headers: CTRL-F9 - linux_entities.h
5- Wait analysis ends
6- Execute IDC script: ALT+F7 - fix_functions.idc
7- Execute IDC script: ALT+F7 - fix_types.idc (select cs_symbols.txt when asked)
8- Check that everything is working

And after this little steps, you can decompile almost every function without any problem.

What's next?

Of course there're errors.
cs_symbols.txt don't include 100% of functions/symbols. Not all classes are supported (only 211 entity classes are supported).
If you have any fix or improvement to add please post here.

Additional tools

There're some IDC scripts (for IDA) that can help you with binaries from other mods.

Quote:

fix_functions.idc
Fixes function arguments types based en mangled information
Additional adds *this as first argument when it's used inside a class (not only virtual)
* Can be called anytime

fix_types.idc
Loads symbols from custom file and set functions/objects types
* Can be called anytime

dump_savedata.idc
Dumps SaveDate fields info

dump_vtables.idc
Dumps VTABLES

dump_functions.idc
Dump functions types

Anyone testing this please post if it works or if has any problem.
Comments are very welcomed

Thanks

Re: CS/CZ IDA Suite

Quote:

Originally Posted by joropito (Post 1715178)

This work was done in three weeks of really hard work (95% me, 5% ConnorMcLeod)

Fixed.

Re: CS/CZ IDA Suite

Cool you release it. For sure, it helps greatly, especially to know the virtual function.

Re: CS/CZ IDA Suite

joropito, ConnorMcLeod, good job!

Re: CS/CZ IDA Suite

Quote:

Originally Posted by KORD_12.7 (Post 1715388)

joropito, good job!

Quote:

Originally Posted by joropito (Post 1715178)

This work was done in three weeks of really hard work (50% me, 50% ConnorMcLeod)

Connor too. Good job.

Re: CS/CZ IDA Suite

holy shit, great work.

Now re will be easier, thanks!

Re: CS/CZ IDA Suite

Code:

1- Open a new project with IDA Pro

2- Load cs_i386.so library

3- Load HLSDK headers: CTRL-F9 - engine.h

4- Load CS Entities headers: CTRL-F9 - linux_entities.h

when I click ALT-F7, Noting to be continued.
anything what I have lose ?

Re: CS/CZ IDA Suite

Quote:

Originally Posted by K.K.Lv (Post 1726627)

Code:

1- Open a new project with IDA Pro

2- Load cs_i386.so library

3- Load HLSDK headers: CTRL-F9 - engine.h

4- Load CS Entities headers: CTRL-F9 - linux_entities.h

when I click ALT-F7, Noting to be continued.
anything what I have lose ?

Click on some window inside ida (IDA-View, Output, etc).
If it doesn't work, just go to FILE menu and then SCRIPT FILE.

For the record my IDA version is 6.1

Re: CS/CZ IDA Suite

fail...
does the version of you IDA is free :mrgreen: ?
do you mind give me the link ?