maybe I'd be better at getting back into my reverse engineering projects if getting back into them didn't involve first figuring out which of the 13 Ghidra versions I have installed is for that project
-
@foone lol, I don’t use Ghidra much for a variety of reasons but a friend once sent me this tip about turning off type casting: Tool Options -> Decompiler -> Display -> Disable Printing of Type Casts
-
@blackBoxRE oooooh
-
the fixup of the switchtable is unrolled.
now, I'm looking at disassembly, so that could be the compiler, but... here's the thing: I haven't seen any unrolled loops anywhere.
I think they manually unrolled this shit.
-
I can't figure out whatever this shit is doing.
-
pdata points to the beginning of the instruction, which looks like this:
6E 7F 7F 7F 00 0C 00 00so pdata[0] is the pvm_EnterFrame, which is 6E. the 7Fs are a placeholder. So this frameptr is getting pointed at the first 00.
Then that check in the middle of the for() loop is looking at the same location but plus 2, so the 00 00?
so this loop in this case... doesn't run at all. Huh.
-
but the next time it gets called, it's:
6E 7F 7F 00 44 00 04 02 00 00 00 00 00 00
-
ugh I think the thing that's weird here is the &0xfffffffc
It's doing alignment, adjusting pointers to only be on 4s
-
@foone is it using useless_boolean to check if the loop is run at all?
-
and that first bit of code is at 0x70, which is a multiple of 4, so 0x70+4 just equals 0x74.
but the second time, it's at 0x79!
so 0x79+4 is is 0x7D: but that turns into 0x7C when we apply the AND. -
so this is a bytecode that has variable padding in order to align to 4 bytes. ugh.
-
@nickzoic useless_boolean is never checked at any point
-
oh, I think I've got what EnterFrame is: It's a way to easily shove multiple typed variables onto the stack, so the function/script can use them.
and it's doing a fixup to know what the types are, since they're declared in the relocation header
-
yeah, it ends up looking like:
pvm_EnterFrame int, int, bool, GuiAnim
-
Ron Gilbert #KamalaHarrisreplied to Foone🏳️⚧️ last edited by
-
okay now I have a disassembler that can only disassemble the relocatable instructions (and can't fully do one of them, because it's complicated)
I now need to add the ones that don't relocate, which is a separate headache
-
Foone🏳️⚧️replied to Ron Gilbert #KamalaHarris last edited by
@grumpygamer @nickzoic it sure should, but since I'm looking at disassembly here... it didn't!
-
ugh. apparently EnterFrame also adds a frame pointer (somewhere) and then the pvm_PushLocal operates off it.
-
Food $200
Data $150
Rent $800
Stacks $3,600
Utility $150
someone who is good at interpreters please help me budget this. my scripting language is dying -
@foone reduce your stacks usage
-
@0xSim no