Reverse Engineering/Game Patching Tutorial: Full Res RollerCoaster Tycoon with Ghidra+x64dbg+Python

preview_player
Показать описание

Time Markers:
00:00:00 - Introduction
00:01:57 - Target audience and caveats note
00:03:10 - Start of tutorial
00:07:08 - Loading the file into Ghidra/First steps of RE workflow
00:14:27 - Static analysis of window creation functions (CreateWindowExA)
00:25:42 - Quick detour to learn about Window Style values
00:37:07 - Dynamic analysis of window creation functions in x32dbg
00:48:38 - Static analysis of default window height/width values
00:58:21 - Dynamic analysis of default window height/width values
01:03:30 - Static analysis of window constraints and patching for windowed mode
01:12:15 - Patching to enable full screen mode
01:15:00 - Python patching script review and wrap-up

Corrections:

00:34:30: When viewing GetSystemMetrics, 0x20 and 0x21 are seen passed into this function in Ghidra, but the MSDN page is in decimal, so those values (32 and 33 decimal) are actually specifying SM_CXSIZEFRAME and SM_CYSIZEFRAME, the sizing borders of the window. I mistakenly confused them for SM_CYVSCROLL/SM_CXHSCROLL.

Hey everyone, I appreciate you joining me for this inaugural tutorial.

I'm usually playing with malware, but I thought a game patch was a more fun and light endeavor for beginners, and I hope that this video strikes that balance of being fun and informative.

I hope to do more of these sometime, if there is an appetite.

Reach out any time with questions or feedback.

Free Learning Resources (Let me know if you have more, and I will update this list):

* Programming and Operating System Concepts:

* Reverse Engineering:

* Tools:

* Books:
  1. jeFF0Falltrades
  2. reverse engineering
  3. reverse
  4. game patching
  5. video games
  6. assembly
Рекомендации по теме
Reverse Engineering/Game Patching 1:25:42

Reverse Engineering/Game Patching Tutorial: Full Res RollerCoaster Tycoon with Ghidra+x64dbg+Python

Learn Reverse Engineering 0:07:26

Learn Reverse Engineering (for hacking games)

Hacker's Gave me 0:02:23

Hacker's Gave me a Game and I Found a Virus

How to reverse 0:12:35

How to reverse engineer & patch a Game Boy ROM

everything is open 0:13:56

everything is open source if you can reverse engineer (try it RIGHT NOW!)

Reverse Engineering and 2:50:50

Reverse Engineering and Weaponizing XP Solitaire (Mini-Course)

Self-Learning Reverse Engineering 0:09:09

Self-Learning Reverse Engineering in 2022

*PATCHING* Programs with 0:12:36

*PATCHING* Programs with IDA and GHIDRA | REVERSE ENGINEERING TUTORIAL

PRACTICAL REVERSE ENGINEERING 0:06:13

PRACTICAL REVERSE ENGINEERING

Reverse Engineering RollerCoaster 0:38:54

Reverse Engineering RollerCoaster Tycoon | How does it work?

Reverse engineering an 1:00:30

Reverse engineering an old DOS game (part 1 of N)

Reverse Engineering hidden 0:12:05

Reverse Engineering hidden game cheat codes [Game Hacking 101]

Reverse engineering Counter-Strike 0:03:42

Reverse engineering Counter-Strike 2 to play it 🛠️🧑‍💻

*EASY* Cracking and 0:16:57

*EASY* Cracking and Reverse Engineering Using X64/X32DBG | CRACKMES.ONE

File Format Reverse 0:05:44

File Format Reverse Engineering 1- Intro, target, and tools

How to reverse 0:35:09

How to reverse engineer your favourite game

How To Reverse 0:27:38

How To Reverse Engineer ANY GAME For An Internal Hack Using IDA (CreateMove In CSGO)

How to do 0:05:00

How to do reverse Engineering without searching for strings ; debugging without string references

Hacking a 25 0:11:26

Hacking a 25 Year Old Game To Make It Work

I Cracked this 0:11:39

I Cracked this Program and Generated Unlimited CD Keys (baby’s first keygenme)

Reverse engineering a 0:47:57

Reverse engineering a game on ps3 (raw footage)

A short demonstration 0:00:30

A short demonstration results of GTA 2 reverse engineering with Ghidra.

Learning Binary Ninja 0:28:26

Learning Binary Ninja for Reverse Engineering - Workflows, UI Patching and Scripting

🐉 Learn Program 0:13:54

🐉 Learn Program License Registration Patching (x64dbg) 🐉

Комментарии
Автор

I have no idea why this looks so fun to do. You feel like a damn detective

das_evoli
Автор

I LOVE that you keep your mistakes in the tutorial!! It is soo valuable for a learner to see what is difficult even for the teacher!
Wonderful tutorial, both in content and style.

siljamickeify
Автор

34:27 you forgot to convert to decimal. 0x20 corresponds to the border size (entry 32) not the scrollbars. Which also explains why the value is doubled, since borders are on both sides. It doesn't matter, though :)

StefanNoack
Автор

1 and a half year later and it is still a great video! I always wondered how patches for older games were made and this video literally answers this question on point!

tov
Автор

I have very little experience with assembler code of any kind, yet as a dev, and with the way you explained it, it was actually fairly comprehensive and mirrors a lot of typical high-level debugging, except you're dealing with unknown source code. I am likely not going to use what you demonstrated here any time soon, but knowing it is an option, and a path I could take if I feel dedicated to a goal, is very cool and exciting.

NavnikBHSilver
Автор

It was very entertaining to watch! Just one improvement suggestion: It would be good to name variables, functions and memory addresses in the moment you identify them. Then the code browsing in Ghidra is much easier.

dracenmarx
Автор

What a great video. So far this is the only RE video I've come across that showed a full and concise analysis with a working patch at the end.

Eirenband
Автор

Nice, Always wanted to get into reverse engineering. Seems like starting with videogames could be fun way to start..

naveenjkondeti
Автор

Great video! Would like to see more content like this. There's one small mistake however, the GetSystemMetrics is passed a hex value in the Ghidra overview, so instead of 20 and 21 it should be 32 and 33, which relates to the thickness of the window border and not the arrows.

govnaizmesare
Автор

Great stuff! Thanks for the video! I've been on a journey to learn RE for a project and your guide has been super helpful demonstrating logic/workflow to deduce functions. Cheers!

JeremyKingTech
Автор

The first time I am watching how an executable is debugged / patched on Windows - as opposed to Commodore 64 ROM in late 80's - and I actually understood this!
This speaks volumes on your capability to explain a fairly complex process to a 100% genuine noob in undestandable way!
Go ahead, pat yourself on the back. You truly deserve it! :)

toweri_li
Автор

Really really great content! I hope to see more in the future! Love the clear explanations

michaelhoefler
Автор

I'm really glad I found your channel! Looking forward to more sometime soon!

TakadoGaming
Автор

Hey everyone and thanks so much for watching and for all of the great feedback!

Please be sure to check out some of the other comments for tips, resources, and submitted feedback.

I hope you enjoy!

jeFFFalltrades
Автор

Exceptionally high quality videos you're making here, you have a knack for teaching clearly! I'd love to see you run through some windows kernel exploits. Time to binge watch the rest of your channel

padraiglogue
Автор

The intro montage of Roller Coaster Tycoon deserves an award.

steventwigg
Автор

Fantastic content buddy, I learned a ton about the mentality/methodology as well as the practical manner that patches are applied.

valhalla_dev
Автор

Thank you for keeping the threshold of content's quality so high

jmikhailov
Автор

Thank you for this educational video! I really learned a lot from it. You explained it well and kept pointing out your mistakes, which is essential for a good understanding (especially for beginners like me). I would really like to see more on patching/cracking games.

nola_
Автор

Very useful video, a valuable resource for sure, I was surprised to see it was the only video in the channel.

username