Raised This Month: $ Target: $400
 0% 

Reverse Engineering in a .amxx


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
S34Qu4K3
Veteran Member
Join Date: Jan 2010
Location: Galicia
Old 03-17-2011 , 18:13   Reverse Engineering in a .amxx
Reply With Quote #1

Hi, I´m reading the amazing tuts made by BAILOPAN to decompile a plugin
I´ve take a random .amxx from my plugins folder, but I need some help, there are some things that I don´t understand well

Here´s a portion of code:
PHP Code:
0x140       PROC                        SV_ConnectClient
 0x144       
BREAK     
 
0x148       BREAK     
 
0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK     
 
0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     
 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK     
 
0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008   ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009   ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010   ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK     
 0x2D0       CONST.pri               0x2
 0x2D8       STACK                 0x320
 0x2E0       RETN      
 0x2E4       BREAK      ; target:jump_0005
 0x2E8       ZERO.pri  
 0x2EC       STACK                 0x320
 0x2F4       RETN 
I´ve already reconstructed something:
1) First, the plugin creates two arrays(i´ve named it variable_1 and variable_2) with 100 cells each one
PHP Code:
 0x14C       STACK                -0x190
 0x154       ZERO
.pri  
 0x158       ADDR
.alt             -0x190
 0x160       FILL                  0x190
 0x168       STACK                
-0x190
 0x170       ZERO
.pri  
 0x174       ADDR
.alt             -0x320
 0x17C       FILL                  0x190
 0x184       
BREAK 

PHP Code:
new variable_1[100]  
new 
variable_2[100
I think that this part is well decompiled

2)The next part of code makes two read_argv native calls to parse the first two params and store it in variable_1 and variable_2
PHP Code:
 0x188       PUSH.C                 0x63
 0x190       PUSHADDR             
-0x190
 0x198       PUSH
.C                  0x4
 0x1A0       PUSH
.C                  0xC
 0x1A8       SYSREQ
.C          read_argv
 0x1B0       STACK                  0x10
 0x1B8       
BREAK     

 
0x1BC       PUSH.C                 0x63
 0x1C4       PUSHADDR             
-0x320
 0x1CC       PUSH
.C                  0x3
 0x1D4       PUSH
.C                  0xC
 0x1DC       SYSREQ
.C          read_argv
 0x1E4       STACK                  0x10
 0x1EC       
BREAK 

PHP Code:
read_argv(1,variable_199)
read_argv(2,variable_299
I think thath the first parameter is bad but I couldn´t get anything else :/

3) In this part, I have my principal problems, there are a conditional structure with 3 equal native calls:
-First: I´m not sure with the if, else if structure
-Second: I don´t know what I should put in the first parameter of the equals
-Third: I don´t know how mean this =( :
PHP Code:
      0x2B0       ZERO.pri  
      0x2B4       JUMP              jump_0004
      0x2BC       
CONST.pri               0x1 target:jump_0001
      0x2C4       JZER              jump_0005 
target:jump_0004
      0x2CC       
BREAK 
So, I have:
PHP Code:
0x1F0       PUSH.C                  0x6
 0x1F8       PUSH
.C                0xDB8   str_008      ("\name\")
 0x200       PUSHADDR             -0x190
 0x208       PUSH.C                  0xC
 0x210       SYSREQ.C              equal
 0x218       STACK                  0x10
 0x220       JNZ               jump_0001
 0x228       PUSH.C                  0x1
 0x230       PUSH.C                0xDD4   ; str_009      ("
0")
 0x238       ADDR.pri             -0x320
 0x240       ADD.C                  0x3C
 0x248       PUSH.pri  
 0x24C       PUSH.C                  0xC
 0x254       SYSREQ.C              equal
 0x25C       STACK                  0x10
 0x264       JNZ               jump_0001
 0x26C       PUSH.C                  0x1
 0x274       PUSH.C                0xDDC   ; str_010       ("
4")
 0x27C       ADDR.pri             -0x320
 0x284       ADD.C                  0x18
 0x28C       PUSH.pri  
 0x290       PUSH.C                  0xC
 0x298       SYSREQ.C              equal
 0x2A0       STACK                  0x10
 0x2A8       JNZ               jump_0001
 0x2B0       ZERO.pri  
 0x2B4       JUMP              jump_0004
 0x2BC       CONST.pri               0x1 ; target:jump_0001
 0x2C4       JZER              jump_0005 ; target:jump_0004
 0x2CC       BREAK 

PHP Code:
        if (equal( ,"\name\", variable_1)) 
    {
        
    }
    //jump_0001
    
    //2º equal
    else if (equal( ,"
0", variable_2)) 
    
    //3º equal
    else if (equal( ,"
4", variable_2)) 
I hope thath someone help me to understand this, I have a little mess in my head
__________________

- ASM2SMA: Experimental AMXX Assembly encoder

- Defuse Bar Fix

Quote:
Originally Posted by Arkshine
I DON'T WANT TO SEE NOOOOOOOOOOOOOOO AHHHHH. MY EYES ARE ALREADY HURT.
S34Qu4K3 is offline
ConnorMcLeod
Veteran Member
Join Date: Jul 2006
Location: France (95)
Old 03-18-2011 , 02:14   Re: Reverse Engineering in a .amxx
Reply With Quote #2

Rewrite the plugin would be faster.
__________________
- tired and retired -

- my plugins -
ConnorMcLeod is offline
S34Qu4K3
Veteran Member
Join Date: Jan 2010
Location: Galicia
Old 03-18-2011 , 10:57   Re: Reverse Engineering in a .amxx
Reply With Quote #3

I want to learn how to decompile plugins xD
I know that is faster rewrite the whole plugin, but if I find a plugin and if I don´t know how to make a determinated function I think that this knowledgement will help me
__________________

- ASM2SMA: Experimental AMXX Assembly encoder

- Defuse Bar Fix

Quote:
Originally Posted by Arkshine
I DON'T WANT TO SEE NOOOOOOOOOOOOOOO AHHHHH. MY EYES ARE ALREADY HURT.
S34Qu4K3 is offline
ConnorMcLeod
Veteran Member
Join Date: Jul 2006
Location: France (95)
Old 03-18-2011 , 12:27   Re: Reverse Engineering in a .amxx
Reply With Quote #4

You would have better to learn to write plugins.
__________________
- tired and retired -

- my plugins -
ConnorMcLeod is offline
S34Qu4K3
Veteran Member
Join Date: Jan 2010
Location: Galicia
Old 03-18-2011 , 12:32   Re: Reverse Engineering in a .amxx
Reply With Quote #5

I know, but also I want to know how to decompile plugins (this won´t hurt me ), this is the reason beacause I´m asking

EDIT: Fixed the equals
PHP Code:
 if (equal( ,"\name\", variable_1)) 
 {
        
 }
 //jump_0001
    
 //2º equal
 else if (equal( ,"
0", variable_2)) 
    
//3º equal
 else if (equal( ,"
4", variable_2)) 
To
PHP Code:
if (equal(variable_1,"\name\")) 
{
        
}
//jump_0001
    
//2º equal
else if (equal( variable_2,"
0")) 
    
//3º equal
else if (equal( variable_2,"
4")) 
__________________

- ASM2SMA: Experimental AMXX Assembly encoder

- Defuse Bar Fix

Quote:
Originally Posted by Arkshine
I DON'T WANT TO SEE NOOOOOOOOOOOOOOO AHHHHH. MY EYES ARE ALREADY HURT.

Last edited by S34Qu4K3; 03-18-2011 at 13:33.
S34Qu4K3 is offline
ConnorMcLeod
Veteran Member
Join Date: Jul 2006
Location: France (95)
Old 03-18-2011 , 15:51   Re: Reverse Engineering in a .amxx
Reply With Quote #6

May be you could try to learn with some small plugin you know the sources so you could make relation between decompiled plugin and sources ?
__________________
- tired and retired -

- my plugins -
ConnorMcLeod is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 03-18-2011 , 18:25   Re: Reverse Engineering in a .amxx
Reply With Quote #7

It just going to take practice. As Connor said, you should write small plugins with the functions/structures in which you are interested then study how it looks when decompiled with the disassembler.
__________________
fysiks is offline
S34Qu4K3
Veteran Member
Join Date: Jan 2010
Location: Galicia
Old 03-18-2011 , 19:45   Re: Reverse Engineering in a .amxx
Reply With Quote #8

Yeah, thanks guys, I´ve made a new plugin, make some if, else if, etc statements, funcions, vars, natives, etc and you´re right, helps a lot ^^

Thank you
__________________

- ASM2SMA: Experimental AMXX Assembly encoder

- Defuse Bar Fix

Quote:
Originally Posted by Arkshine
I DON'T WANT TO SEE NOOOOOOOOOOOOOOO AHHHHH. MY EYES ARE ALREADY HURT.
S34Qu4K3 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 14:38.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode