Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/moyamejiasr/nosreverse

Reverse-Engineering of the NosTale client by injection
https://github.com/moyamejiasr/nosreverse

Last synced: 17 days ago
JSON representation

Reverse-Engineering of the NosTale client by injection

Host: GitHub
URL: https://github.com/moyamejiasr/nosreverse
Owner: moyamejiasr
Created: 2022-02-27T22:30:27.000Z (almost 3 years ago)
Default Branch: master
Last Pushed: 2023-04-25T10:17:29.000Z (almost 2 years ago)
Last Synced: 2024-11-10T09:12:35.573Z (2 months ago)
Language: C
Homepage:
Size: 128 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: ReadMe.md

Awesome Lists containing this project

README

# Reverse Engineering Project: Nostale

This project is the culmination of many years of studying computer architecture, compiler standards, and data structures. It is an effort to reverse engineer part of the original program, a binary game by the name of Nostale. Using professional tools like IDA Pro (used by malware analysts), assembly instructions and C++ pseudocode were reviewed and analyzed.

Here is an example of what a typical analysis of a binary program with IDA Pro looks like:
![IDA Pro](https://hex-rays.com/wp-content/themes/hx2021/dist/img/ida-pro.png)

## Project Process

The entire process can be broken down into several steps:

1. **Studying the binary**: By contrasting standard program behavior and content inside the binary, the compiler used was narrowed down to Borland's Delphi, probably version 2006, and the language was identified as Pascal.
2. **Understanding Pascal and Borland compiler**: Studied how Pascal behaves and how the Borland compiler creates memory structures, which led to the successful reverse engineering of the entire set of standard libraries inside the program binary.
3. **Building an injector**: Created an injector that launches the game, stops it, and replaces game functions with hooks to a custom-made library. The original functions were then reversed, rewritten in C++, and tested on runtime.

### Emphasis on Modern C++

The project uses modern C++ to write clean code that resembles how the original game source code should have looked like. A variety of tools were utilized, including IDA Pro, Microsoft Visual Studio, and an open-source Borland compiler compatible with Borland Delphi calling convention.

## Particularities and Problems

During the course of this project, a few particularities and problems were encountered:

- **Borland Fastcall calling convention**: Pascal Delphi uses Borland Fastcall calling convention for functions, which is not supported by any other implementation of C++. Switching to a Borland C++ compiler resolved this issue.
- **Assembly optimizations**: Sometimes the standard library made assembly optimizations that broke the language logic, causing crashes or stack pollution. To deal with these issues, the entire standard library was read and C++ keywords were used to alter the compiler behavior.

## How to Use

*This project is not meant to be used, but only acts as a public display of the results archived after my analysis.*