Go Back   Savage 2: A Tortured Soul Forum > Savage 2 Modding

Notices

Savage 2 Modding Discussion of all things related to making mods of Savage 2

Reply
 
Thread Tools Display Modes
Old 04-25-2014, 11:22 AM   #1
`_o

 
Join Date: Jan 2014
Posts: 15
Thanks: 0
Thanked 2 Times in 2 Posts
Default Abadonware / Reversing / Possibilities

I saw leftiness post over at ps2 and i thought before this gets lost over there again i would post here since what he says about abadonware is pretty much spot on. This a pretty interesting and somewhat painful topic so i am making his long post into a very long post

The term abadonware has no defined legal meaning and is usually just applied to unauthorized distribution of software where the owner for some reason is unable/unwilling to enforce its rights. Concerning loopholes in international copyright i guess people should just forget about it unless they want a major headache (id recommend starting with figuring out how the international copyright treaties work) or are prepared to move their residence to one of the handful of "nice" places that did not sign any agreements. Yes, there are local flavors of copyright that might allow you to use stuff you otherwise could not but like i said look into the international treaties first and understand how they affect this since pretty much every country on earth has signed those. Also i really hope people would stop citing "fair use" since 99% of the people that do it have clearly never bothered to read its definition and just think that its very fair they are using copyrighted work x and thus "fair use" (its also an us concept so unless you are living in the usa chances are what you are saying means a whole lot of nothing). Of course there have been loopholes in the past (like large scale import of unauthorized live records due to vague wording of various european copyright laws that legalized them and made them untouchable for us customs or allofmp3 where some russian broadcast licensing organization decided they were also competent to authorize sale of mp3 files for next to nothing even though its authority was disputed and allofmp3 clearly targeted non-russian markets) but they are usually pretty specific and require a lot of resources to be actually exploited. Really, just forget it.

Reverse engineering is not generally illegal anywhere afaik besides if you are trying to circumvent copy protection schemes (which is prohibited in a couple of places) or something similar that would touch any rubberband facilate-piracy laws and even then if you are just doing it for your own enjoyment chances are very low anyone would care. Often no-reversing clauses are put into EULAs to address just that but if this is enforceable is jurisdication dependent at least afaik. Where it gets problematic is when you want to use the knowledge you gained. Simply sharing it will probably be fine but actually doing something with it will almost always make you create some kind of derivative work which you technically can not distribute without consent of the original copyright owner. Now if you are acting in good faith (like making a hotfix for a bug or something) you can usually just take consent for granted but stepping on anyones toes here is clearly not a wise idea (more on this further down). Good news: Since Stony seems have some kind of OK for distributing modified versions that might not be a problem in this case.

DISCLAIMER: I AM NOT A LAWYER AND THIS IS NOT LEGAL ADVICE. DO YOUR OWN RESEARCH.

Looking at it technically: Well, its probably not exactly difficult to figure out this or that about the engine but going as far as to have it do anything useful will be quite a bit of work (does the engine even have a clean syscall interface or is it just c++ calls which would make writing an extensive interface pain...). I guess you could build some kind of middle man mod that sits between the engine and the actual game code which is what metamod for the source engine does i think. If one would want this is an entirely different question though. From what i gathered from various people modding source it is not all smiles and flowers which of course is in part due to mods braking every time valve updates the engine and the reversers have to catch up (again something that does not apply here). Now for really rewriting any part of the game: Errr, well, i dont know... maybe its possible? I guess at least theoretically there is always someone smart enough to do it but its clear it would be a giant heap of work and if anyone has the resources to do it i would strongly advise them to look at one of the nice free engines and just build a savage 2 clone from scratch. Its not that hard and there is good base code out there already. Besides actually having an engine with support and the ability to do stuff the right way instead of losing hair over duct tape code will be invaluable in the long run. Also one should consider that the reason S2 never released a SDK might be that they dont want large scale modifications on their engine (just a possibility - there are other valid reasons for not doing so) so at the point you accomplished this they might not be very happy about it (which is the unwise idea was talking about). So if someone actually chooses to go this route it would be best to test waters first i think.
`_o is offline   Reply With Quote
The Following User Says Thank You to `_o For This Useful Post:
Annonith (04-25-2014)
Old 04-25-2014, 02:22 PM   #2
Old55

Old55's Avatar
 
Join Date: Jun 2009
Posts: 2,586
Thanks: 14
Thanked 428 Times in 209 Posts
Default

Samzor had the ability and was looking into to doing it, but decided it was more fun to use his hacks in games to piss people off than to actually help add functionality. Primarily I had asked him to look into how to add more spells/abilities so there were more things to play with. He suggested it would be possible, but it would be easiest if C++ function names were available. There was someone that worked at S2Games that had that information and was potentially willing to share it.

EDIT: I also wanted him to figure out how to get the server to not buffer the console.log output in hopes of improving how the wrapper worked.
__________________

Last edited by Old55; 04-25-2014 at 02:24 PM.
Old55 is offline   Reply With Quote
The Following User Says Thank You to Old55 For This Useful Post:
Annonith (04-25-2014)
Old 04-25-2014, 02:34 PM   #3
Annonith

Annonith's Avatar
 
Join Date: Oct 2010
Posts: 143
Thanks: 14
Thanked 23 Times in 19 Posts
Default

Holy crap, would you look at all that feedback I got out of a single question I thought of during dinner. Thank you `_o, Lefty, and everybody else that commented on this matter. I hope that in the end this will get us somewhere
__________________

Annonith is offline   Reply With Quote
Old 04-25-2014, 05:15 PM   #4
`_o

 
Join Date: Jan 2014
Posts: 15
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by Old55 View Post
Samzor had the ability and was looking into to doing it, but decided it was more fun to use his hacks in games to piss people off than to actually help add functionality. Primarily I had asked him to look into how to add more spells/abilities so there were more things to play with. He suggested it would be possible, but it would be easiest if C++ function names were available. There was someone that worked at S2Games that had that information and was potentially willing to share it.
To be honest i am not sure what he means by "c++ function names". If he just meant symbols i bet he has not looked at the linux binaries since there even stripped binaries usually contain a surprising amount of symbols. If he was talking about actual headers, well, i am not an expert there but afaik since c++ function name mangling is not consistent across different compilers or even the same compiler in different versions so even having header files might not be enough to link against libk2 unless its possible to figure out which ancient gcc/vc (no idea really - just guessing its this combination) versions were used to compile it. In any case it would be a major boost in figuring out stuff though.

Quote:
Originally Posted by Old55 View Post
EDIT: I also wanted him to figure out how to get the server to not buffer the console.log output in hopes of improving how the wrapper worked.
I guess there is a reasonable chance this would be doable (ok largely depending on what kind of buffer it is - it might be as easy as patching in a call to fsync at some easily recognizable place or it might be deadend after deadend - really hard to estimate such stuff) but if you are just after console output you might as well consider redirecting stdout if that is unbuffered. Maybe you could even use tee ( http://unixhelp.ed.ac.uk/CGI/man-cgi?tee ) to do it transparently.
`_o is offline   Reply With Quote
Old 04-25-2014, 07:21 PM   #5
Old55

Old55's Avatar
 
Join Date: Jun 2009
Posts: 2,586
Thanks: 14
Thanked 428 Times in 209 Posts
Default

Quote:
Originally Posted by `_o View Post
I guess there is a reasonable chance this would be doable (ok largely depending on what kind of buffer it is - it might be as easy as patching in a call to fsync at some easily recognizable place or it might be deadend after deadend - really hard to estimate such stuff) but if you are just after console output you might as well consider redirecting stdout if that is unbuffered. Maybe you could even use tee ( http://unixhelp.ed.ac.uk/CGI/man-cgi?tee ) to do it transparently.
That's a good idea, but I think the problem would persist. If I remember right, the server console has some weird behavior where if you get output dump (like on map change) that is larger than the buffer size, it simply doesn't write it to the console. No matter what you do, it is lost from stdout. However, it does still get written to console.log A 0 buffer console.log would at least let you poll the log file and react accordingly.
__________________
Old55 is offline   Reply With Quote
Old 04-25-2014, 07:26 PM   #6
Old55

Old55's Avatar
 
Join Date: Jun 2009
Posts: 2,586
Thanks: 14
Thanked 428 Times in 209 Posts
Default

Quote:
Originally Posted by `_o View Post
To be honest i am not sure what he means by "c++ function names". If he just meant symbols i bet he has not looked at the linux binaries since there even stripped binaries usually contain a surprising amount of symbols. If he was talking about actual headers, well, i am not an expert there but afaik since c++ function name mangling is not consistent across different compilers or even the same compiler in different versions so even having header files might not be enough to link against libk2 unless its possible to figure out which ancient gcc/vc (no idea really - just guessing its this combination) versions were used to compile it. In any case it would be a major boost in figuring out stuff though.
It has been a long time and it isn't something I know a lot about, and I lost all my old xchat logs. If I recall we was talking about ld_preloading to override existing things. Again, not something I know anything about.
__________________
Old55 is offline   Reply With Quote
Old 04-26-2014, 08:15 AM   #7
`_o

 
Join Date: Jan 2014
Posts: 15
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by Old55 View Post
That's a good idea, but I think the problem would persist. If I remember right, the server console has some weird behavior where if you get output dump (like on map change) that is larger than the buffer size, it simply doesn't write it to the console. No matter what you do, it is lost from stdout. However, it does still get written to console.log A 0 buffer console.log would at least let you poll the log file and react accordingly.
Ouch, ok, i guess it would have been to nice if it would have been that easy. Out of curiousity: How does the wrapper talk back to the server? Is there actually some kind of rcon functionality? Also is this publically available somewhere? Maybe i just did not look closely enough but it does not seem to be part of the default install.

Quote:
Originally Posted by Old55 View Post
It has been a long time and it isn't something I know a lot about, and I lost all my old xchat logs. If I recall we was talking about ld_preloading to override existing things. Again, not something I know anything about.
Ah, i see. I guess he was after headers then since i do not see why getting names would be a problem because if the function is exported the name has to be in the binary anyways (and can be easily dumped with stuff like nm -D). Headers would save you from having to figure out function parameters (which is nice but in my opinion not one of the big problems) and might at least give you a hint about memory layout of objects (which would be a major boost but to be honest i am guessing here since i hardly have to deal with c++ - i usually avoid it the be exact...).
`_o is offline   Reply With Quote
Old 04-29-2014, 04:51 AM   #8
Sintax

Sintax's Avatar
 
Join Date: Dec 2007
Posts: 188
Thanks: 15
Thanked 37 Times in 24 Posts
Default

Probably the only way to reverse engineer Savage2 is to look at the code that is loaded in memory, and change that code after it is loaded. This can be done via disassembly:

http://en.wikibooks.org/wiki/X86_Dis...nd_Decompilers

Many years ago, I worked on Multi Theft Auto, which is a multiplayer mod for the older Grand Theft Auto games ( http://mtavc.com/ ). Rockstar Games always let us continue this project, and I imagine S2 would not stop you either (no code is 'stolen' by disassembly, you have to basically rewrite the code from assembly code). This is how to do this, in a very general sense:

1.) Run S2
2.) Run a dissasembler like IDA Pro ( https://www.hex-rays.com/products/ida/index.shtml )
3.) Find the code you are looking to change while it is running in memory (I don't know how to do this)
4.) Write a C++ program that uses the assembly code from the dissasembler (rewrite the disassembled code)
5.) Use that program to inject the new code IN PLACE of the old code you are looking to change ( http://en.wikipedia.org/wiki/Hooking )

After all this is done, you will have written a program that (1)runs S2 (2)hooks into the process (3) changes the functions in memory. I do not have any more specifics about this. When I worked on MTA, I handled the C++ coding and not the dissasembly. However, the project is open source, so you can look at the code they used. This is some real hardcore stuff, and I don't think there's anyone around here that has the kind of experience necessary to pull it off, but I hope I could at least shed some light.
Sintax is offline   Reply With Quote
Old 04-29-2014, 10:46 AM   #9
`_o

 
Join Date: Jan 2014
Posts: 15
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Nice post Sintax. Definitely a good starting point for people who are actually interested in this (+1 for mentioning ida - its an amazing tool). I would add that you hardly have to write assembly code. You usually just have to read it (often its enough if you are able to follow the logic - there is also really good tools to help you with that). Assembly code is probably a bit exotic even for the average programmer but if you have at least some kind of a c background (understanding pointers will really help) you will find that (at least unoptimized) c code pretty neatly maps to machine code thus keeping its structure and being easy to analyze. Just analyze a couple of your own programs. I bet you will recognize and somewhat understand at least a couple small parts (you could also play with optimization settings here or strip the binaries to see if you can spot the differences). Some kind of assembler crash course would probably be best to help with really understanding what happens in the code but sadly i do not know any good one that just explains the interesting bits (basic operations, stack, calling conventions, ...) without actually trying to teach you to build programs but once you have a grasp of how programs work on the inside it will become way more easy to see the logic in different injection/hooking/patching techniques. Of course there is a "steep learning curve" but if you are interested in how things work under the hood and have a good bit of patience i think this can be a pretty rewarding research topic.
`_o is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT. The time now is 12:51 PM.