Raised This Month: $ Target: $400
 0% 

Reverse Engineering in a .amxx


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
S34Qu4K3
Veteran Member
Join Date: Jan 2010
Location: Galicia
Old 03-17-2011 , 18:13   Reverse Engineering in a .amxx
Reply With Quote #1

Hi, Iīm reading the amazing tuts made by BAILOPAN to decompile a plugin
Iīve take a random .amxx from my plugins folder, but I need some help, there are some things that I donīt understand well

Hereīs a portion of code:
PHP Code:
0x140       PROC                        SV_ConnectClient
 0x144       
BREAK     
 
0x148       BREAK     
 
0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK     
 
0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     
 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK     
 
0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008   ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009   ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010   ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK     
 0x2D0       CONST.pri               0x2
 0x2D8       STACK                 0x320
 0x2E0       RETN      
 0x2E4       BREAK      ; target:jump_0005
 0x2E8       ZERO.pri  
 0x2EC       STACK                 0x320
 0x2F4       RETN 
Iīve already reconstructed something:
1) First, the plugin creates two arrays(iīve named it variable_1 and variable_2) with 100 cells each one
PHP Code:
 0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK 

PHP Code:
new variable_1[100]  
new 
variable_2[100
I think that this part is well decompiled

2)The next part of code makes two read_argv native calls to parse the first two params and store it in variable_1 and variable_2
PHP Code:
 0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     

 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK 

PHP Code:
read_argv(1,variable_199)
read_argv(2,variable_299
I think thath the first parameter is bad but I couldnīt get anything else :/

3) In this part, I have my principal problems, there are a conditional structure with 3 equal native calls:
-First: Iīm not sure with the if, else if structure
-Second: I donīt know what I should put in the first parameter of the equals
-Third: I donīt know how mean this =( :
PHP Code:
      0x2B0       ZERO.pri  
      0x2B4       JUMP              jump_0004
      0x2BC       
CONST.pri               0x1 target:jump_0001
      0x2C4       JZER              jump_0005 
target:jump_0004
      0x2CC       
BREAK 
So, I have:
PHP Code:
0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008      ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009      ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010       ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK 

PHP Code:
        if (equal( ,"\name\", variable_1)) 
    {
        
    }
    //jump_0001
    
    //2š equal
    else if (equal( ,"
0", variable_2)) 
    
    //3š equal
    else if (equal( ,"
4", variable_2)) 
I hope thath someone help me to understand this, I have a little mess in my head
__________________

- ASM2SMA: Experimental AMXX Assembly encoder

- Defuse Bar Fix

Quote:
Originally Posted by Arkshine
I DON'T WANT TO SEE NOOOOOOOOOOOOOOO AHHHHH. MY EYES ARE ALREADY HURT.
S34Qu4K3 is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 14:38.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode