Post by kirby on Sept 3, 2016 21:02:02 GMT
The following is a guide on setting up a good environment for tackling the task of reverse engineering this game. This will mostly feature the PC version. My justification for using this version is pretty simple - a quick glance at the disassemlbly of the PC and Gamecube versions will reveal it's pretty obviously just the same code compiled for different platforms. With this in mind, it makes sense to start using the PC version simply because it exists in a format that has a lot more support in terms of tools, learning resources, etc. Once you have created a working patch on PC, moving it over to Gamecube isn't that hard. With that in mind, let's begin with...
Installing the PC version
If you decide to 'acquire' the PC version, you will likely end up with a .bin and a .cue file. These can be constructed into an ISO. This can be done on Windows with WinISO (VirusTotal for version 6.4.1.5976). Once you have the ISO, Windows 8 and above can mount it natively, otherwise WinISO can. Mount the disc and run the old-school fullscreen installer. I would suggest using the default install location.
Running the PC version windowed
After some messing about, it seems as though you can't run the PC version in windowed mode. An option exists in the config file, but to my knowledge it doesn't do anything. Running it in fullscreen is very annoying when debugging because you need to switch between th game and debugger and this process isn't very graceful. More importantly, Shrek SuperSlam PC is prone to crashing if you switch out of it while in fullscreen. Thankfully, dxwnd (VirusTotal) works great. Simply go to File -> Add and fill in the details for Shrek SuperSlam. All the default settings are fine. This should allow you to run the game in windowed mode. This works by inserting code into the binary, which could affect the analysis, however in my brief look it loads after the main Shrek code and likely only affects draw calls, which we're not really interested in. If anyone does notice any odd behaviour feel free to flag it up.
Installing tools
Now that we have the Windows version installed, we can use the standard arsenal of Windows tools. These include:
[li]Process Monitor - remember to tell it to stop logging when you don't need it or it will eat all your memory[/li]
[li]Cheat Engine - be careful, it tries to install toolbars
[/li][/ul]
These are all pretty heavy-duty and would take a lot to teach on their own (though feel free to ask for pointers!). Books are generally a very good resource, I would particularly recommend Practical Malware Analysis and the newly released Game Hacking. From here you can begin hacking away and making your patch, which probably deserves a thread in itself.
Setting Up IDA
Once we have the PC version up and going, we will want to transfer our findings to Gamecube. For this, the best static analyser around by far is IDA Pro. Unfortunately, it costs literally hundreds or thousands of dollars. ShrekBoards doesn't condone piracy by the way.
So once you've installed IDA Pro, you need to set it up to open Gamecube images. To do this, use GC-Tool to extract the .dol. Then download this file and place it in IDA's 'loaders' folder. You then need to go to IDA's 'cfg' folder, and open the file 'idagui.cfg'. Search for 'consoles', and copy the syntax of one of the lines to make a new entry for Gamecube .dol files. For eaxmple:
Next, scroll down to the bottom and find the line 'DEFAULT_FILE_FILTER', and insert the all caps name ('EXE_GCN' in my example) somewhere in the structure. Save the file, and you should be able to open Gamecube .dol files in IDA. Again, IDA is a complex beast with entire books written on it, but once you get the hang of it it's incredibly useful, and this can greatly assist in finding the addresses needed to move from PC to Gamecube. As a general hint, try looking for string constants near the area you're looking for and search from there.
Dolphin
Finally, once you have a working patch on PC and have located the equivalent address on Gamecube, fire it up in the Dolphin debugger and try it out. If it works, start transforming it into a Gecko code (this guide is alright) and try it out. If it works, congrats, you made a patch! Add it to the GitHub.
Installing the PC version
If you decide to 'acquire' the PC version, you will likely end up with a .bin and a .cue file. These can be constructed into an ISO. This can be done on Windows with WinISO (VirusTotal for version 6.4.1.5976). Once you have the ISO, Windows 8 and above can mount it natively, otherwise WinISO can. Mount the disc and run the old-school fullscreen installer. I would suggest using the default install location.
Running the PC version windowed
After some messing about, it seems as though you can't run the PC version in windowed mode. An option exists in the config file, but to my knowledge it doesn't do anything. Running it in fullscreen is very annoying when debugging because you need to switch between th game and debugger and this process isn't very graceful. More importantly, Shrek SuperSlam PC is prone to crashing if you switch out of it while in fullscreen. Thankfully, dxwnd (VirusTotal) works great. Simply go to File -> Add and fill in the details for Shrek SuperSlam. All the default settings are fine. This should allow you to run the game in windowed mode. This works by inserting code into the binary, which could affect the analysis, however in my brief look it loads after the main Shrek code and likely only affects draw calls, which we're not really interested in. If anyone does notice any odd behaviour feel free to flag it up.
Installing tools
Now that we have the Windows version installed, we can use the standard arsenal of Windows tools. These include:
[li]Process Monitor - remember to tell it to stop logging when you don't need it or it will eat all your memory[/li]
[li]Cheat Engine - be careful, it tries to install toolbars
[/li][/ul]
These are all pretty heavy-duty and would take a lot to teach on their own (though feel free to ask for pointers!). Books are generally a very good resource, I would particularly recommend Practical Malware Analysis and the newly released Game Hacking. From here you can begin hacking away and making your patch, which probably deserves a thread in itself.
Setting Up IDA
Once we have the PC version up and going, we will want to transfer our findings to Gamecube. For this, the best static analyser around by far is IDA Pro. Unfortunately, it costs literally hundreds or thousands of dollars. ShrekBoards doesn't condone piracy by the way.
So once you've installed IDA Pro, you need to set it up to open Gamecube images. To do this, use GC-Tool to extract the .dol. Then download this file and place it in IDA's 'loaders' folder. You then need to go to IDA's 'cfg' folder, and open the file 'idagui.cfg'. Search for 'consoles', and copy the syntax of one of the lines to make a new entry for Gamecube .dol files. For eaxmple:
EXE_GCN, "Gamecube Executable File", "*.dol"
Next, scroll down to the bottom and find the line 'DEFAULT_FILE_FILTER', and insert the all caps name ('EXE_GCN' in my example) somewhere in the structure. Save the file, and you should be able to open Gamecube .dol files in IDA. Again, IDA is a complex beast with entire books written on it, but once you get the hang of it it's incredibly useful, and this can greatly assist in finding the addresses needed to move from PC to Gamecube. As a general hint, try looking for string constants near the area you're looking for and search from there.
Dolphin
Finally, once you have a working patch on PC and have located the equivalent address on Gamecube, fire it up in the Dolphin debugger and try it out. If it works, start transforming it into a Gecko code (this guide is alright) and try it out. If it works, congrats, you made a patch! Add it to the GitHub.