AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Reverse Engineering in a .amxx (https://forums.alliedmods.net/showthread.php?t=153043)

S34Qu4K3 03-17-2011 18:13

Reverse Engineering in a .amxx
 
Hi, I´m reading the amazing tuts made by BAILOPAN to decompile a plugin
I´ve take a random .amxx from my plugins folder, but I need some help, there are some things that I don´t understand well :(

Here´s a portion of code:
PHP Code:

0x140       PROC                        SV_ConnectClient
 0x144       
BREAK     
 
0x148       BREAK     
 
0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK     
 
0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     
 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK     
 
0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008   ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009   ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010   ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK     
 0x2D0       CONST.pri               0x2
 0x2D8       STACK                 0x320
 0x2E0       RETN      
 0x2E4       BREAK      ; target:jump_0005
 0x2E8       ZERO.pri  
 0x2EC       STACK                 0x320
 0x2F4       RETN 

I´ve already reconstructed something:
1) First, the plugin creates two arrays(i´ve named it variable_1 and variable_2) with 100 cells each one
PHP Code:

 0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK 

:arrow:
PHP Code:

new variable_1[100]  
new 
variable_2[100

I think that this part is well decompiled

2)The next part of code makes two read_argv native calls to parse the first two params and store it in variable_1 and variable_2
PHP Code:

 0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     

 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK 

:arrow:
PHP Code:

read_argv(1,variable_199)
read_argv(2,variable_299

I think thath the first parameter is bad but I couldn´t get anything else :/

3) In this part, I have my principal problems, there are a conditional structure with 3 equal native calls:
-First: I´m not sure with the if, else if structure
-Second: I don´t know what I should put in the first parameter of the equals
-Third: I don´t know how mean this =( :
PHP Code:

      0x2B0       ZERO.pri  
      0x2B4       JUMP              jump_0004
      0x2BC       
CONST.pri               0x1 target:jump_0001
      0x2C4       JZER              jump_0005 
target:jump_0004
      0x2CC       
BREAK 

So, I have:
PHP Code:

0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008      ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009      ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010       ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK 

:arrow:
PHP Code:

        if (equal( ,"\name\", variable_1)) 
    {
        
    }
    //jump_0001
    
    //2º equal
    else if (equal( ,"
0", variable_2)) 
    
    //3º equal
    else if (equal( ,"
4", variable_2)) 

I hope thath someone help me to understand this, I have a little mess in my head :P

ConnorMcLeod 03-18-2011 02:14

Re: Reverse Engineering in a .amxx
 
Rewrite the plugin would be faster.

S34Qu4K3 03-18-2011 10:57

Re: Reverse Engineering in a .amxx
 
I want to learn how to decompile plugins xD
I know that is faster rewrite the whole plugin, but if I find a plugin and if I don´t know how to make a determinated function I think that this knowledgement will help me :P

ConnorMcLeod 03-18-2011 12:27

Re: Reverse Engineering in a .amxx
 
You would have better to learn to write plugins.

S34Qu4K3 03-18-2011 12:32

Re: Reverse Engineering in a .amxx
 
I know, but also I want to know how to decompile plugins (this won´t hurt me ), this is the reason beacause I´m asking

EDIT: Fixed the equals :P
PHP Code:

 if (equal( ,"\name\", variable_1)) 
 {
        
 }
 //jump_0001
    
 //2º equal
 else if (equal( ,"
0", variable_2)) 
    
//3º equal
 else if (equal( ,"
4", variable_2)) 

To :arrow:
PHP Code:

if (equal(variable_1,"\name\")) 
{
        
}
//jump_0001
    
//2º equal
else if (equal( variable_2,"
0")) 
    
//3º equal
else if (equal( variable_2,"
4")) 


ConnorMcLeod 03-18-2011 15:51

Re: Reverse Engineering in a .amxx
 
May be you could try to learn with some small plugin you know the sources so you could make relation between decompiled plugin and sources ?

fysiks 03-18-2011 18:25

Re: Reverse Engineering in a .amxx
 
It just going to take practice. As Connor said, you should write small plugins with the functions/structures in which you are interested then study how it looks when decompiled with the disassembler.

S34Qu4K3 03-18-2011 19:45

Re: Reverse Engineering in a .amxx
 
Yeah, thanks guys, I´ve made a new plugin, make some if, else if, etc statements, funcions, vars, natives, etc and you´re right, helps a lot ^^

Thank you


All times are GMT -4. The time now is 14:38.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.