- Joined
- Apr 10, 2008
- Messages
- 4,087
- Reaction score
- 1,264
Disclaimer
A lot of people lack the simple knowledge of reverse engineering for MapleStory -- so I decided to create this quick & small tutorial to cover some of the basics. The output will be a partial-named .idb file and a memory dump of the MapleStory executable.
What will this tutorial cover?
The basics of reverse engineering! First, we'll create a memory dump from the MapleStory executable using OllyDbg, and then we'll create our .idb and populate its' functions using a custom .idc script. Note that STREDIT can also read the memory dump, which is a bonus!
Downloads
Making a memory dump
There are several ways to dump the process' memory. We'll be using the easiest one, which is an external plugin made for OllyDbg called OllyDump. So, let's get started!
Open the MapleStory executable
Do this by launching GameLauncher.exe from your MapleStory folder. Do not proceed, stay at the launcher window.
Open Process Hacker
You'll see a list of all the processes running on your computer. Scroll down and you'll find MapleStory, our target. Right click it's line and select the 'Suspend' button. This makes sure we don't get detected by the client when we open up OllyDbg!
Open OllyDbg
Go to File -> Attach. A window of processes will pop up. Select the MapleStory process (named 'MapleStory') and press Attach!
Dump!
Simply go to Plugins -> OllyDump -> Dump debugged process. Press the Dump button and save the dumped executable where ever you wish!
Naming functions
In order to name the functions, you'd have to open up the dumped executable with IDA. I suggest using idag.exe for this, even if you're running 64-bit to avoid any errors.
(This part takes a while. IDA analyzes the executable).
After you're done analyzing, press ALT + F7 and select the naming .idc script. Once selected, the automated process begins. Once it's done, you'll see the named functions to the left!
... You're done! Save the .idb by pressing the save icon and you're good to go.
A lot of people lack the simple knowledge of reverse engineering for MapleStory -- so I decided to create this quick & small tutorial to cover some of the basics. The output will be a partial-named .idb file and a memory dump of the MapleStory executable.
What will this tutorial cover?
The basics of reverse engineering! First, we'll create a memory dump from the MapleStory executable using OllyDbg, and then we'll create our .idb and populate its' functions using a custom .idc script. Note that STREDIT can also read the memory dump, which is a bonus!
Downloads
You must be registered to see links
You must be registered to see links
You must be registered to see links
You must be registered to see links
Diamondo25)Making a memory dump
There are several ways to dump the process' memory. We'll be using the easiest one, which is an external plugin made for OllyDbg called OllyDump. So, let's get started!
Open the MapleStory executable
Do this by launching GameLauncher.exe from your MapleStory folder. Do not proceed, stay at the launcher window.
Open Process Hacker
You'll see a list of all the processes running on your computer. Scroll down and you'll find MapleStory, our target. Right click it's line and select the 'Suspend' button. This makes sure we don't get detected by the client when we open up OllyDbg!
Open OllyDbg
Go to File -> Attach. A window of processes will pop up. Select the MapleStory process (named 'MapleStory') and press Attach!
Dump!
Simply go to Plugins -> OllyDump -> Dump debugged process. Press the Dump button and save the dumped executable where ever you wish!
Naming functions
In order to name the functions, you'd have to open up the dumped executable with IDA. I suggest using idag.exe for this, even if you're running 64-bit to avoid any errors.
(This part takes a while. IDA analyzes the executable).
After you're done analyzing, press ALT + F7 and select the naming .idc script. Once selected, the automated process begins. Once it's done, you'll see the named functions to the left!
... You're done! Save the .idb by pressing the save icon and you're good to go.