maybe I'd be better at getting back into my reverse engineering projects if getting back into them didn't involve first figuring out which of the 13 Ghidra versions I have installed is for that project
-
this instead steps through the entire code looking for specific bytecode opcodes that it knows need relocation.
so when it sees a pvm_Jump opcode, it knows that although that opcode takes an absolute address, it interprets the current "absolute address" as an index into a jump table, which it then overwrites the current value with.
-
I'd love to do more logging on what the game is actually doing at runtime, but it turns out this interpreter is multithreaded. It's running tons of scripts at the same time, and it's really a pain to track which execution is for which script
-
plus the debug logging capabilities of the emulator are abysmal
-
oh god
please tell me you fools didn't design a bytecode VM with DELAY SLOTS
-
ahh, it uses a 24bit addressing scheme. nice.
-
or rather, it's an encoding scheme where they tag their pointers. and if the upper byte of a 32bit pointer is 1 or 0, it gets relocated.
-
so this resolveRefs function iterates through all the code and it sometimes sets a local boolean
it never, ever, reads it. WHY IS THIS HERE?
-
so, this specific bytecode looks like this:
pvm_PushConstant 0
and you might think that just pushes a zero onto the stack. Nope! it instead looks up constant #0, which according to the table for this file, is... 0. oh.
-
for (iVar2 = 0; iVar2 < (int)(uint)*(ushort *)(((uint)((PVOpCode *)pdata + 4) & 0xfffffffc) + 2); iVar2 = iVar2 + 1) {
is that enough casts, ghidra?
-
You know you've got a great decompiler when it's way easier to figure out WTF the pointers are doing by just reading the powerpc disassembly
-
okay I got most of the relocation step finished. I haven't managed the switch statement (IT'S COMPLICATED AND INVOLVES POINTERS) and the EnterFrame statement, because I'm not really sure what the fuck it's doing.
-
@foone is this. is this wheel of fortune
-
@petrapup yes
-
@foone Reminds me of a game I was looking at which used a virtual filesystem with a sidecar file containing the filenames…on one platform. They didn’t ship it on the other platform and the file sizes/orders didn’t line up.
-
@misty yikes.
-
@foone lol, I don’t use Ghidra much for a variety of reasons but a friend once sent me this tip about turning off type casting: Tool Options -> Decompiler -> Display -> Disable Printing of Type Casts
-
@blackBoxRE oooooh
-
the fixup of the switchtable is unrolled.
now, I'm looking at disassembly, so that could be the compiler, but... here's the thing: I haven't seen any unrolled loops anywhere.
I think they manually unrolled this shit.
-
I can't figure out whatever this shit is doing.
-
pdata points to the beginning of the instruction, which looks like this:
6E 7F 7F 7F 00 0C 00 00so pdata[0] is the pvm_EnterFrame, which is 6E. the 7Fs are a placeholder. So this frameptr is getting pointed at the first 00.
Then that check in the middle of the for() loop is looking at the same location but plus 2, so the 00 00?
so this loop in this case... doesn't run at all. Huh.