Posted 04 February 2015 - 06:16 PM
Hello,
I've made some progress thankfully on decompiling/decrypting original game.dat
So far i've managed to get diassembler to show me 40593 functions...
There should be 80558 of them total tho (Knowledge from no-dvd game.dat)
So around 50% of data is currently shown...
Unfortunely some debugger detection stuff prevents me from going further in code currently...
Hopefully i'il manage to get things in full shape soon 
- Cheers
Edited by Oshizu, 04 February 2015 - 06:21 PM.
-
Posted 04 February 2015 - 06:23 PM
keep up the great work 
. Really interesting.
"To know what question we may reasonably propose is in itself a strong evidence of sagacity or intelligence. For if a question be in itself incongruous and begs for uncalled-for answers, it holds, sometimes, besides embarrassing the proposer, the disadvantage to seduce the unguarded listener into giving absurd answers, and we are presented with the ridiculous spectacle of one (as the ancients said) milking the he-goat, and the other holding a sieve beneath."
Posted 06 February 2015 - 01:25 PM
Hello Again,
As for recent progress it seems like i've understood why original game.dat crashed on launch even though i've updated addresses, offsets in BFME2X to ones i've got from it's partially decompiled version. Though game ran quite fine when i've started BFME2X after it loaded instead of before...
I've misunderstood how BFME Games file encryption works.
Now it seems like it is more than simply being protected from decompiling/diassembling. Game.dat is encrypted and decrypts itself on the run. After it's done with decrypting itself it shall proceed to game running and such.
I guess i'il have to rewrite BFME2X in that case.
Detect somehow when game is done with decrypting itself and when that happens activate modifications within BFME2X itself
- Cheers
Force Majeure
Posted 19 February 2015 - 08:57 PM
The self-decrypting behaviour you see is SafeDisc v. 4.0. What it does is create another executable ~exxxxxx.tmp that is then launched as a process. This process attaches to game.dat as a debugger and modifies parts of game.dat's memory. Here's a link: http://www.reversing...061030193245121
My Political Compass
Sieben Elefanten hatte Herr Dschin
Und da war dann noch der achte.
Sieben waren wild und der achte war zahm
Und der achte war's, der sie bewachte.
Posted 27 February 2015 - 12:48 PM
The self-decrypting behaviour you see is SafeDisc v. 4.0. What it does is create another executable ~exxxxxx.tmp that is then launched as a process. This process attaches to game.dat as a debugger and modifies parts of game.dat's memory. Here's a link: http://www.reversing...061030193245121
Woah that's really lots of userful info, thanks 
Since i'm currently busy with some stuff i can't work on BFME2X . Tho atleast now i've got some hints on the future...
The best solution so far would seem to be hooking the moment when SafeDisc v. 4.0 is done decrypting stuff and then activate BFME2X Modifying Code...
Edit:
Anyways some progress happened today... With help of my coder/hacker friend's assistance i've managed to find some method which may let me to hook moment when game is done decrypting... Basicly make loop function that will search game.dat for static value that exists in non-decrypted game.dat and when it finds it then it's a sign that game has been decrypted and it's time to mod stuff...
it seems way simplier than i though it would be
- Peace
Edited by Oshizu, 27 February 2015 - 03:56 PM.
Posted 30 March 2015 - 09:46 AM
Hey,
did you make any new progress with this?
Posted 31 March 2015 - 05:03 PM
Hi Again Guys,
Sorry for my absence... Been doing various other stuff aswell as having some school things going on, but here i am
I've been back on BFME2X project since yesterday and i've managed to get it to work on original game.dat file
Sadly i just found out that i used v2.00 of game rather than latest patch v2.01, so i need to update BFME2X to v2.01 before releasing it...
But so far everything seems to work,
You can add up to 5 custom factions to CaH while 6th will replace unused Neutral Faction and 7th will replace Arnor faction (For testing purposes or for people who don't have arnor in their modification playable and need more faction slots...)
- Peace
Edited by Oshizu, 31 March 2015 - 09:21 PM.
Posted 31 March 2015 - 08:31 PM
Sorry for double post but i've eventually decided to release alpha v0.2 of BFME2X Today afterall
Instructions are located in .zip file aswell as example files and where to put them info...
I haven't figured out yet way to check which bfme2 rotwk version user has so there are currently two seperate files... One for v2.00 other for v2.01 of RoTWK
If it eventually works out quite well i might create seperate thread for BFME2X perhaps...
Edit:
Oh and also if you'd encounter any errors from BFME2X rather than game.dat or BFME2 RoTWK then try running it with Administrator's Privilege/Access,
BFME2X v04 (RoTWK H).zip 19.22KB
147 downloads
Edited by Oshizu, 02 April 2015 - 07:05 PM.
Posted 01 April 2015 - 03:12 PM
Actually scratch that. When I ran the program after it gave me an error (I didnt read the read me at first saying where to put the files). But thats not my main issue, my main issue is that literally right after (roughly 10min after) running it my entire computer bottlenecked basically.... :(
I deleted the program on reboot and have been fine since. could it be a memory leak or something? or just a coincidence...
Edited by Elric, 01 April 2015 - 03:13 PM.
Posted 01 April 2015 - 03:16 PM
Any ideas what error was it?
Turin Turumbar has been testing BFME2X and ran onto error 'OpenProcess() failed: 5
The issue was resolved by turning program by 'Run As Administrator' thingy.
I've attempted to resolve the issue in v0.3 of BFME2X... I'm waiting for tester to tell me whether it fixes it or not..
And relating to your computer crash, i'm not sure about this
So far there's been no such issues on three computers including mine, friend's and Turin's
Edit:
I've included updated version at my above post (v0.3) which may resolve issues with Administrator Rights
- Peace
Edited by Oshizu, 01 April 2015 - 03:52 PM.
Developer & Composer
Posted 30 May 2015 - 10:23 AM
So how is this going? Any updates?
~ Former "Rise of the Witch-king Patch 2.02" Project Coordinator, Developer and Sound Artist (version 5.0.0 & 5.0.1) ~
~ Former GameReplays.org Events Manager, Advisor, Senior Referee (2x), Strategy Specialist (2x) and Replay Reviewer ~
~ Former Clanwars.cc Rise of the Witch-king section Administrator (2x) ~
~ Can't run Rise of the Witch-king on Windows 10 without the CD? Try my No-DVD Maxi-image files! ~
Download The Battle for Middle-earth
Posted 20 June 2015 - 11:29 PM
Hey Oshizu,
Thanks a lot for making this happen, it really has made the impossible plausible!
Just ran into an issue where starting BFME2X does not allow ROTWK to start: the process ends after a few seconds without even getting to the splashscreen; Without BFME2X, the game launches, but of course, crashes as a result of the missing create a hero factions. I'm running both as administrator on a windows 8 system.
Any suggestions?
Posted 19 July 2015 - 04:08 AM
I would actually suggest reverting back to the nocd version of Game.dat. The reason for this is simple, the copy-protection they use in securorom will make it exponentially harder to attach your functions without issue. Also, as securorom is an active protection scheme, it could cause periodically random crashes. Securorom and it's kin are the scourge of the gaming industry, the behaviour and the damage these software applications can do are as bad as most malignant computer viruses. Furthermore, there are many of us in your situation, with a broken cd drive, or a shattered disk. Since EA refuses to digitally distribute the game, many of us have to use less than savoury means to have an install medium to use our rightful license keys. I would also point out, hacking into game.dat is typically an action that is regarded as a step to far by EA when it comes to modding. It is essentially modding the executable, which through their bioware subsidiary they have slammed as breaching their copyright. As you are already slipping into grey land, why not just go all the way?
Posted 28 July 2015 - 04:52 PM
I would actually suggest reverting back to the nocd version of Game.dat. The reason for this is simple, the copy-protection they use in securorom will make it exponentially harder to attach your functions without issue. Also, as securorom is an active protection scheme, it could cause periodically random crashes. Securorom and it's kin are the scourge of the gaming industry, the behaviour and the damage these software applications can do are as bad as most malignant computer viruses. Furthermore, there are many of us in your situation, with a broken cd drive, or a shattered disk. Since EA refuses to digitally distribute the game, many of us have to use less than savoury means to have an install medium to use our rightful license keys. I would also point out, hacking into game.dat is typically an action that is regarded as a step to far by EA when it comes to modding. It is essentially modding the executable, which through their bioware subsidiary they have slammed as breaching their copyright. As you are already slipping into grey land, why not just go all the way?
Yeah,
Indeed, securom might be messing with my detours of functions
I've though of making dynamic 'Create A Hero' system instead of .ini one...
So if program detects custom faction that is not in cah faction table then it would add it to faction table before program crashes.
But sadly on original game.dat i wasn't able to do so since hooked function caused game to crash after it was done with execution of code within the hook...
Detouring and hooks worked fine on nocd version of game.dat tho
Edited by Oshizu, 28 July 2015 - 04:54 PM.
0 members, 0 guests, 0 anonymous users
