| ghidra | ||
| go | ||
| ida | ||
| profile/3.3.5a-windows-386 | ||
| script | ||
| .gitattributes | ||
| .gitignore | ||
| go.mod | ||
| go.sum | ||
| Makefile | ||
| README.md | ||
binana
This repository hosts some work related to studying the original game binaries.
You can use the information here to get a headstart when working on the Whoa project.
Dependencies (optional)
This project can be utilized immediately using files we have already generated. However, if you wish to make modifications to the C header and symbol files, it may be necessary to refresh the generated files that are based on them.
You'll need:
- Go >= 1.22
- git
- Make
- Bash shell
You can regenerate everything to include your changes with:
make dependencies
make
Header files
To make looking at the binary easier, C header files to match the original executable's memory layout are provided. They aim to be lightweight and self-contained, so that many tools can make use of them.
Symbol files
Symbol files are text files that map addresses to functions and variables/data labels.
The format is based on the one used in the stock Ghidra script ImportSymbolsScript.py:
DataLabel 00DDAA77AA l
FunctionName 00CC00DDEE f
To improve the call stack view in x64dbg, you should append an end field to every function, with the address where this function ends and another begins (i.e. after the last instruction of the function):
FunctionName 00CC00DDEE f end=00CC00DDFF
In this repo, script/compile-symbols is used to concatenate our organized symbol files into one big file (<game version>/symbol/main.sym).
To refresh the gigantic main.sym file after changing one of the source symbol files:
script/compile-symbols <game version>
Or just
make
Debugging files
The best way to know what a particular routine does is to use a debugger.
With our x64dbg files, you can easily navigate to various functions, read the call stack, play with variables, and explore data structures.
These files are autogenerated from the C header and symbol files, using our binana tool written in Go. You can install it like so:
make dependencies
To regenerate:
make
Ghidra
Importing C headers
To import the main header file into your Ghidra project,
- go to
File🡒Parse C Source.... - Select
clib.prfas your parse configuration, and clear all source files and input paths. - Add the header
profile/<game version>/include/main.hto theSource files to parsecombo box. - Add the path to
profile/<game version>/includeto theInclude pathscombo box. - Add
-DGHIDRAto a new line inParse Options. - press
Parse to Program.
If all goes well, Data Type Manager will now contain the data structures from the headers.
Importing symbols
To import the symbol file into your Ghidra project,
- go to
Window🡒Script Manager - In the table view, lookup
ImportSymbolsScript.py - Run the script
- Enter the path to
profile/<game version>/symbol/main.sym
IDA
Importing C headers
To import the main header file into your IDA database,
- Go to
Options🡒Compiler - Add
IDAto the semicolon-separatedPredefined macroslist. - Go to
File🡒Load file🡒Parse C Header file - Enter the path to
profile/<game version>/include/main.h
Importing symbols
To use the IDC script,
- Go to
File🡒Script file... - Navigate to
profile/<game version>/ida/import_all.idc - Wait for everything to be reanalyzed
x64dbg
For ease of debugging, we provide x64dbg databases (generated by the Go tool from symbol maps), as well as x64dbg type information (generated by the same Go tool from the C headers).
Importing database
To load the database information into x64dbg:
- Open x96dbg.exe or x32dbg.exe directly
- Load your game binary
- Go to
File🡒Database🡒Import database - Navigate to
profile/<game version>/x64dbg/game.dd32.
Importing types
To load the type information JSON file:
- Open the binary in x32dbg.exe
- in the console, type:
LoadTypes <full path to local binana repository>\profile\<game version>\x32dbg\types.json