-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDA 7.7 database #3
Comments
Oh, nice! I'll test this out once I get my hands on IDA 7.7. Thank you! |
Labelled a bunch more functions/variables, and added lots of structs like https://mirrorace.org/m/4sK85 (use 1fichier link) |
Oh wow, just noticed RE4VR actually has descriptions for a ton of things inside:
Lots more than that too, the E: Some of the EMs that were missing from there:
|
Not sure what they use for the other QTE sections, but I wonder why they created a separate func to use here. Might be worth naming it, maybe? Edit: Seems the boulder QTE uses |
Tried checking for a proper name for that func but couldn't find much, PS2/GC seems to have inlined it into the Looks like it's only used specifically for r226_playerRunMoveXXX stuff, I guess something like (btw I sent you an email about something, probably got caught in spam though) |
Been a while since last update here, added a bunch more structs like cPlayer / cPlLeon / etc, named some more funcs, the usual: https://mirrorace.org/m/1L26i Compressed size went from ~14MB to ~37MB so I guess there was quite a bit added, huh. In case anyone here reading this missed it, I'm currently looking for any other RE4 dev builds that include symbols, might have something interesting in exchange, see #4 |
Found something interesting out, seems the RE4 engine was shared with a bunch of Capcom early-00 titles, P.N.03 & Haunting Ground both seem to use similar rXXX / EmXX / EspXX names, and God Hand (Clover Studio) also seems to share similarities too. There's a proto of PN03 that does contain a pretty detailed .map file, but a lot of functions don't seem to match addrs properly... good chance the map might be for a different build, too bad. (there is a .sym file similar to RE4 GC debug .sym, but format is slightly different so haven't checked that out yet.) God Hand seems to contain similar data to RE4 PS2 build, with a Haven't looked at Haunting Ground yet, I'll update this once I do. (E: doesn't seem like the proto has .sndata section, from the strings I can see it looks pretty different to the other RE4-engine games, so maybe this isn't actually based on it) Overall kinda interesting but not that useful, was mostly hoping to find something that contains structs with it, maybe there's other titles I didn't list here that also share the engine though, will have to try looking around some more (if anyone knows any others please let me know!) |
The Wii version of Dead Rising also uses the RE4 engine, if I'm not mistaken. (Sent you an email btw, not sure if you received it) |
Does the first Devil May Cry use the same engine? I mean, that was originally going to be RE4, so maybe there's something in it. |
Oh wow, seems Viewtiful Joe PS2 is also partly based on the same engine - and the Jul 1 2004 proto actually contains structs inside 😱 Not sure how much is similar between them though, looks like some lower level things are shared, but doesn't look like it has stuff like Here's what I got out of it, it used an ancient way of storing symbols inside
Oh yeah will try looking into that soon, probably worth checking all the early-00 PS2 Capcom games really, always a chance they left stuff in the retail versions too. E: oh sweet, viewtiful joe 2 proto also contains (E: found a later proto with more symbols: ViewtifulJoe2-2004-08-06-mdebug.zip) Haven't checked the retail of either of those yet, will look into it later. E2: if anyone wants to help look for other games, searching "tagMOTION_INFO" in the executable/ISO should be a good way to tell if symbols are included or not. |
Been a while since last update, can't remember everything that's been added, there's Named a few more funcs recently as well, here's latest IDB: https://mirrorace.org/m/15vhb PlayerTypes came from GC debug which had a table for them, not sure if later ports might have added anything to it, the ones that are here mostly seem to match up with code for those charas though.
|
Added ~346 funcs, ~108 structs/enums 😄 (bringing us up to 17466 out of 24603 funcs named) Download (use 1fichier link): https://mirrorace.org/m/59I07 |
Another update, added 1094 funcs, 61 structs/enums (and ~3200 win32/xaudio related structs) 18560/24784 funcs named (82% of in-use funcs 😄) Download (use 1fichier link): https://mirrorace.org/m/4tR98 Large part of the new names are just Criware internal stuff, but there's a couple new game func names added too, added some structs for a few The |
@emoose, how correct is the My code:
Gotta say I also don't understand the difference of the |
The keys are treated as bitfields, so I guess 0x40020 would be 0x40000 | 0x20 ( The |
Ahhh, that makes sense! Thanks! |
Another update, added ~77 structs (mostly cEmXX - almost all the cEm* structs are added now, including the awful cEm10, only 1 or 2 missing now AFAIK), and a couple extra functions, DB size increased by 60MB 😸 : https://mirrorace.org/m/16heg Should probably mention but the structs are mostly just skeletons, tried to map out the correct field types for them (short/int/pointer etc), but haven't actually named that many fields yet, if anyone works out any names for anything feel free to post it! |
Not very important, but SYSTEM_SAVE's |
BTW here's a PDB generated with https://github.com/Mixaill/FakePDB, Cheat Engine seems to load it in fine, and VS when debugging too, pretty sweet! (if it doesn't load in you might need to set relocations stripped flag so EXE always loads at 0x400000, haven't tried it without that yet) |
Ah, cool! I tried FakePDB a couple of days ago, but I wasn't aware about the stripped flag thing. Without it, functions are named incorrectly. Seems the flag is needed. |
Time for another update, massively improved a bunch of structs with actual field names now, and managed to find names for some more functions too (mostly unused ones, but even unused ones can tell us something!) Pretty much all the non-numbered cEm classes should be detailed (and luckily also cEm10), some of the cObj classes are filled too, but still a few I need to add in. 19119/24804 funcs named (83% of in-use funcs) - afaik the main parts missing now are either PC/X360 port related, or code for rooms added in PS2+ releases (sadly we don't really have good symbols for the PS2 REL files ;_;) Download: https://mirrorace.org/m/16r5b (use 1fichier for best speed) Also includes a full HexRays There are still a few mysteries I haven't figured out here though:
Many thanks to MeganGrass for huge assistance with this! |
Nice to see this good discoveries! You are inteligent asf. |
Hosting an IDArling server to help sync stuff between us, see #16 for how to set it up :) |
Been a little while since last update here, was mostly posting updates to IDArling server for a while, the way it syncs stuff can be really slow tho, so ended up going back to how I did it before (if you changed anything on IDArling in past month or so it won't be in this DB, sorry) On the bright side, managed to name a bunch more functions/structs/variables (19392/24991 funcs named), and also looked into the QLOC kb/mouse code a little too, seems they added 3 classes for handling it which weren't too hard to map out, so now PadRead and other kb/m code should be a little easier to read. Added params/sigs to a bunch of funcs from the symbols too so hex-rays should be a lot more accurate now, still a ton of functions left to update though... There's also a lot more names still to add as well, seems some of the Seperate Ways r5xx rooms (and some weird r12x rooms) almost perfectly duplicate code from earlier rooms, we don't have symbols for r5xx rooms unfortunately, but hopefully can copy the names from the original room they based it on, need to look into that some more. Anyway, latest IDB+PDB+C can be found here: https://www.mediafire.com/file/ahwu2jpremmyqdi/bio4-220918.zip/file |
Just found out something about how UDAS data gets loaded in, when you see something like:
It's actually pointing to the start of the UDAS offset table, in pl00.udas that's at 0x400, but I think it can vary between files. You'd think the [0x62] / [0x63] would mean it's loading the 0x62/0x63rd file from that table (fortunately UDAS extractors do usually include the file index in the extracted filenames too, at least SoP extractor does) - but that 0x62/0x63 is actually indexed from the exact start of the offset table, which starts with a 0x10 byte header that just includes file count inside it (AFAIK) 0x10 byte header means 4 uint32s, so to find the actual file index you need to remove 4 from the index in the code, so 0x62 - 4 = 0x5E / 94, 0x63 - 4 = 0x5F / 95 - then if you look at the extracted UDAS contents, pl00_094 & pl00_095 contains the data that the code was reading :) (alternatively, the asm that accesses it gives you the offset into the table, so you could just remove 0x10 from that and then divide by 4 to get the index - some hex rays code might also only show the offset instead of index too, so it's good to know :p) I think the 0x10 byte header could change size between UDAS files though, so you might need to check the UDAS data itself first - does seem the code that reads from the UDAS is pretty tightly coupled to each UDAS itself, since it's using actual file indexes instead of filenames, I'm guessing the tool that creates the UDAS maybe spits out a header that has all the indexes ( This could maybe be done in reverse to search for code that uses a certain file too, just multiply index by 4, add 0x10, then use alt+b to search for the result (endian-swapped), might work for some unique indexes, or maybe try searching the hex-rays .c. |
Another update, nothing too major though, mostly just been updating function prototypes with the proper names/types from PS2 symbols (processed ~140 out of ~256 .cpp files we have symbols for so far), should help clean up the decompiler output a bit. Still need to go through the extra campaign room (r5xx etc) funcs that were based on rooms in the main campaign and copy func names over though (if anyone happens to have a list of room numbers that were copied from main campaign + room number they were copied from it'd really help a lot, haven't played much of the bonus campaigns myself...) Download: (see below post) |
Very minor update, improved some stuff around cEmXX funcs: https://www.mediafire.com/file/o23w1aywz8a3cji/bio4-221007.zip/file |
Been meaning to post new update for a while, finally got through all the PS2 function prototypes (AFAIK at least, may have missed some by accident), so now the main engine parts of the EXE should mostly have full function signatures/parameters set up (along with any structs they use), also documented some of the sound engine stuff a bit more too. PS2 symbols didn't contain anything about rooms/weps/Ems/etc though, so there's still a lot of unnamed things there, was able to copy across names for R5XX/R6XX rooms which were clones of rooms we already had names for though. Also added Also was able to find some global var names from RE4VR too which filled in a few unknowns. E: read the license terms mentioned in the first post before downloading: #3 |
Got two more funcs names from Separate Ways: sub_7A1BE0 = r502_OpenCloseCover (modified version of r108_openCover, but this one also has code to close it) |
Hi, sorry if this is the wrong place, I think I got the remove unused funcs script working in ghidra, unsure if it fully worked though. I don't have IDA Pro so I'm using what I can in ghidra.
|
I know I am late to the party on this Database, but it seems all the links for this are now gone. We haven't seen or heard from you in quite some time now. Are you still lurking around? |
The links all seem to work on my side, they're on my mediafire acct so shouldn't expire any time soon, think I remember you had issues with the mediafire links before though, maybe something is blocking your access? I'm still interested in working on RE4, but think re4make & the crashing issues re4_tweaks started having have deflated a lot of the motivation around it, for me at least anyway... |
I've been a bit absent due to work, but are these crashes really caused by us? Maybe simplifying things a bit could help. Removing the entire dxvk stuff from the project, for example, isn't something I'm against if that could help make things a bit more stable. |
@emoose nice to hear you are still around! Thanks for the speedy reply. Do you mind sending a link for that on here. All the links I had weren't media fire. Cheers! |
22/11/05: latest database can be found at #3 (comment)
License:
The annotations included in the IDA database, such as names, structures, and comments, are made available to you under the following terms:
You may use the information contained in the provided database/PDB/pseudo-code files to assist with game research, game modifications, and other similar projects, provided that such projects do not involve the public release of substantial parts of the provided information in another form. This restriction includes, but is not limited to, decompilation projects based on the included information, or the conversion of the provided files into a different format.
Any improvements made to the included annotations, such as newly named functions or variables, new structures, or fixes to the existing annotations, should be forwarded back to this repository whenever it is convenient to do so.
Usage of this database is restricted to individuals who hold a legal license to the UHD edition of the game on Steam.
Please note that this license only applies to the information contained in the provided files, and does not necessarily apply to any derived works or modifications that you create using this information.
These license terms can be modified upon request, please feel free to get in contact.
Alternately you could always look through the different releases of the game to find the symbols, it's all mostly public info after all.
Creating a decompilation of the UHD version isn't a great place to start since a lot of the new UHD code is still mostly unknown, working on the GC version that has near-complete function symbols available for it would be a better idea.
Original text:
Since IDA 7.7 is available now, decided to start a new IDB with it since it might analyse things better.
Also came up with some IDAPython scripts to mark some unreferenced code as functions, since that makes it easier to compare func positions with things like CRI SDK libs & some of the console builds - unfortunately this also bloated the number of unnamed functions quite a lot, making any comparison of named vs unnamed kinda useless now since a huge amount of the unnamed funcs are never even called by the game.
(there's thousands of functions in here that are never called, the VS2010 compiler they used seems to have inlined some funcs into other functions, but then left the inlined function as it's own separate thing, not called by anything - unfortunate since we can't really name the inlined portion, and naming the unused leftover code isn't really that useful to us, oh well)
Anyway here's current ver of my DB, this should have all the func names from my 7.6 DB along with some more I found, haven't moved over all the structs like
GLOBALS
etc yet though, nor all the variable names, will add all those back later on:https://mirrorace.org/m/5Oz21 (choose 1fichier link for best speed)
The text was updated successfully, but these errors were encountered: