Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


The tips of reading 100 lines of assembly code?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
SupremeWolf
How do I cheat?
Reputation: 0

Joined: 02 Dec 2018
Posts: 6

PostPosted: Wed Dec 12, 2018 10:44 pm    Post subject: The tips of reading 100 lines of assembly code? Reply with quote

My intention to ask this question is to get some guidance on analyzing long pieces of assembly code.
This question stems from one of my interesting thoughts:
When playing RPG games, I want to modify the attack power of a weapon, (because it is a constant, not like the Life_Value can be directly searched), so I start from the durability of the weapon (it is a variable,can be searched) and try to analyze the function that changes the durability to find the address of the weapon structure, and then complete the modification.
You can expect that I have encountered a lot of difficulties. The first is massive code.
/* I need to explain that completing a script may only require 5 lines of code, but may need to analyze hundreds of lines of code. Many times I find that the process is interrupted in a nested function, so I need to run to 'ret', then reset the breakpoint and run to 'ret'. I believe that experienced people know what I am talking about*/
The most troublesome thing is that I have encountered a lot of 'call' instructions. I don't know what roles they play, what are their parameters and returned values,(I know 'push' and 'pop', but many times parameters are not passed this way. For example, the compiler will optimize the code.) and I don't know where the structure address I am looking for.
/* Now I have some progress, I found this pointer by repeatedly swapping two items in the backpack and repeatedly searching for values changed&unchanged; and unchanging values. But I have encountered some new troubles. I found a lot of pointers, maybe only one by one to check their content. */
About code reverse engineering:
I mentioned it when I first posted it. I did read some tutorials that taught me a lot of methods, including analyzing PE file formats, injecting DLL, hooking APIs, and so on. Anti-debugging techniques and countermeasures are also mentioned, such as adding junk code, scrambling code alignment, API redirection, adding a protective shell, and so on. I have learned a lot from it. Of course, I know that what I have learned is just a glimpse. I may only know the name of many things.
However, my doubts are:
Do I really need them? I just want to modify the game and then write a script with 5 lines of code, and I don't want to do any cracking (For example 'crackme', I don't have much interest in it). And most single-player games don't use any anti-debugging technology. Therefore, it seems that my problem is "the tips of reading 100 lines of assembly code."
Code reverse analysis requires considerable knowledge, including OS working principles, compilation principles, Windows programming, data structures, and more. I may only need to understand some of them to be able to cope with the current situation. That's why my question exists. (What knowledge&skills do I need to learn?)
Experience is a precious treasure, I hope you can share some of your wisdom with me. Thank you for reading!

-----------------------------------The following are the contents of my first post. There are many unclear descriptions in the description. Please ignore the contents below.----------------------------------------------------
--------------------------------------------------------------------------------------
Title:How to analyze 'function' flow in disassembling code
As I learned how to use the 'code injection', I met difficulties such as "dissecting the shared code" or "modifying an item's property(e.g. Weapon Damage)". Naturally, I traces the code flow but I am always missing in the ocean of assembly code.
I learned that this is a new field called 'Reversing Engineering', and found some documents on the Internet. But they are always about 'API Hook' or 'Unpacking', I am not really interested in that.

I just want to learn some tips to analyze the 'function', for example, getting to know its parameters and returned value and roughly analyzing its actions. Is there any tutorial or document for me?


Last edited by SupremeWolf on Thu Dec 13, 2018 6:13 am; edited 5 times in total
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Dec 13, 2018 1:29 am    Post subject: Reply with quote

no docs or tuts, you must have enough knowledge on how cpu/ram/windows os and their calling convention work.

otherwise you will fail, still thats not enough you need assembly in order to analyze the code.

and no one gonna teach you how to analyze, its all about your brain and how well it can understand the actions.

also i wont consider reading and understanding 5 lines of assembly code as a reverse engineering, anyhow just keep in mind lot of topics/subjects are involved in. (so you need them all)

note:
packed and virtualized code are harder to understand, and expect sh*tty google results when searching. (because most people want to crack software thats why they need winapi)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu Dec 13, 2018 1:42 am    Post subject: Re: How to analyze 'function' flow in disassembling code Reply with quote

SupremeWolf wrote:
I learned that this is a new field called 'Reversing Engineering'


Just pointing out, reverse engineering is not a new field at all. Its been around as long as computers have been.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Dec 13, 2018 2:40 am    Post subject: Reply with quote

atom0s wrote:
Its been around as long as computers have been.

i would add extra lines:
- the RE concept might be 100s if not 1000s of years old. (the term RE might be 10s of years)

from structural to weapon reverse engineering, from hardware to software, electrical and electronics, human body and its parts, elements and behaviors, even words and ideas reverse engineering. (and i used to RE some types)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
SupremeWolf
How do I cheat?
Reputation: 0

Joined: 02 Dec 2018
Posts: 6

PostPosted: Thu Dec 13, 2018 5:50 am    Post subject: Reply with quote

atom0s wrote:


Just pointing out, reverse engineering is not a new field at all. Its been around as long as computers have been.


Thank you! As you said, I read Eldad Eilam's 《Reversing: Secrets of Reverse Engineering》 in which he mentioned the idea.
What I meant before is that RCE is a field full of possibilities and there is a lot of room for development. It is not as mature as mathematics. (I also read this idea in some books)

OldCheatEngineUser wrote:

you need assembly in order to analyze the code.


Thank you. I may have been a bit unclear before, I have modified the question.
I have basic knowledge of assembly and Windows OS, maybe I just lack experience? Experience is an invaluable gift to me as a beginner. Can you share some of the experience of analyzing large pieces of assembly code?
In addition, RE may include mechanical reverse engineering, etc..And I mean reverse code engineering.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Dec 13, 2018 6:57 am    Post subject: Reply with quote

SupremeWolf wrote:
Can you share some of the experience of analyzing large pieces of assembly code?

depending on your needs and how you see "analyzing", each method is different.

example, you may want to:
- keep track of one value "Z" only

someone else might want to:
- see every value that can affect the value of "Z"

atom0s might want to:
- analyze the full function including every value and where it came from

Dark Byte might want to:
- fully analyze that subroutine, registers, memory addresses accesses, threads executing, how many functions calling this function, guessing every value related to what, and affected by what.

OldCheatEngineUser wrote:
each method is different.

what i usually do: (these things are needed no matter what you are trying to achieve)
- split the code
- label
- comment
- translate computer language to human language*
- snapshot**
and many more things.

*assembly to text
** useful when the function have lot of CC condition code
and remember things might get changed depending on your needs.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
SupremeWolf
How do I cheat?
Reputation: 0

Joined: 02 Dec 2018
Posts: 6

PostPosted: Thu Dec 13, 2018 7:33 pm    Post subject: Reply with quote

Thank you, I have gotten the tips. Skillfully using most of the debugger's features is my current goal. I should go through the debugger's documentation and of course the CE tutorial. For me, the next step is to practice.
In addition, I feel that my previous understanding is a bit inappropriate. Learning is never-ending. I should learn about APIs and so on. They will help one day.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Dec 14, 2018 1:55 am    Post subject: Reply with quote

SupremeWolf wrote:
Skillfully using most of the debugger's features is my current goal.

its not that important, although feature-rich debuggers can be useful. (such as CE)*
SupremeWolf wrote:
of course the CE tutorial.

maybe you can practice RE on CE's tutorial, but keep in-mind actual game's functions are much different.
SupremeWolf wrote:
I should learn about APIs and so on. They will help one day.

lets not talk about normal software (games are software too)
anyhow say you wanna RE your game save-data (which is file of unknown format)

of course you need to know where the function prepare the data to be written to that file and how they encrypt/store data, the fastest way is to locate CreateFile/WriteFile** and then go back in subroutines.

* CE's debugger is so powerful and feature-rich as well as exception handling, however CE is not a great disassembler.
** WriteFile API is kinda old most likely wont be used, so it gonna be CreateFile (there are low-level file management API's, but usually games dont use them)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites