Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ctkny

1
General Discussion / RGSS Reverse and Refine
January 20, 2021, 09:50:12 am
Notice:
    1.Reverse engineering violates EULA. This is for knowledge-sharing purposes only.
    2.I'm Chinese and some of my expressions may be incorrect/unprecise.

Basic Introduction:
    Assembly is built upon machine code; C/C++ is built upon assembly; RGSS is built upon C/C++. It's normally difficult to change one level's behavior from a higher level but relatively simple from a lower level.
    So, reverse engineer RGSS, figure out what's going on, and make some patches. Problem solved.

Implementation:
    First of all, Learn about IA32 assembly, WIN32API and other things. Then,
    1.Find a breach point. For example, api call, memory access, strings, ...
    2.Debug, run and test. Figure out the logic.
    3.Patch on the key location. WriteProcessMemory will do.
    Done.

Examples:
    All examples are for RMXP, but should be very similar to VX/VA.

    1.Disable what F12 does.
    Since it's triggered by F12, we can try conditional breakpoints on GetKeyState/GetAsyncKeyState, and it works. We get this:
      push 7B                              ; argument, keycode for F12
      call GetAsyncKeyState
      test ax,ax
      jge gotoreturn                    ; if F12 not triggered, return
        xxxx                                  ; Resets the game
      gotoreturn:
      ret
    Simply change jge to jmp, Reset will never be reached.

    2.Disable 10s hangup
    Search for "Hangup", ->
      push eax
      push "Hangup"
      call xxx
      mov [xxx],eax
    It's like some kind of registration in ruby, so search for references. Distinguish the results. The rest should be easy. Patch, test and run, again patch.

    3.Background running
    It's about window procedure and messages, WM_ACTIVATEAPP. Should be easy.

    4.Disable alt+enter
    Again window procedure. Accelerators. Should be easy.

    5.Load font
    RGSS called EnumFontFamiliesExA and maintained a list at startup. So if we first call AddFontResource and then call EnumFontFamiliesExA as RGSS did with the new font specified, the new font will be added and usable.

End:
    With good preparation, things should be just smooth and clear.
    Because key addresses in different versions of RGSS .dlls is different, the exact code of patching is not given. It's just the idea.
2
RMXP Script Database / Re: [XP] Memory Font Loader
January 19, 2021, 01:48:06 pm
If reverse engineering is permitted for some kind of refinement,this should be way simpler.

Similarily,functionalities such as disabling F12/10s hangup/alt+enter,background running,pausing the movieplay in VA,loading .so that requires native ruby func support,screenshot,... can all be achieved.
Some of these take nothing but one byte's hack.

With no source,the machine code level provides the most freedom.
Sadly though,this violates the EULA.

A lot of what I know about reverse engineering comes from the time when I had fun with RMXP,fixing this or that,digging.I just drifted from scripting ruby.

I'm Chinese so I have never posted here.And I don't really care about EULA for a long time.I don't make /publish games myself and people I helped did not seem that bothered.

I don't know.If it is acceptable,I'll share my way of doing this,detail it.Otherwise,well,thanks for hearing out.