I did manage to get some work done on KPT1947, performed the tasks to end up with 0x0a 0x0d replacing the 0x00 in rdata
I am still trying to understand the next step in the process.
I must have to do something with those last replacement bytes.
Printable View
I did manage to get some work done on KPT1947, performed the tasks to end up with 0x0a 0x0d replacing the 0x00 in rdata
I am still trying to understand the next step in the process.
I must have to do something with those last replacement bytes.
I have used the old noggin to prevail..now I can proceed to the next step, changing my rdata within KPT1947..a very tedious task indeed, i should be done with the translation in a few hours of all goes well.
Translation is done!!
The hard part is now in front of me..:scared:I have added a section to PE, much like KPTTrans..the trick is how to tell the game it has a new section to look at instead of the .rdata one, I am going to need a shove in the right direction.
That's not a trick. I would personally have used the KPTTrans section it's self, because it has all (most) of the strings you need already in it, but once it's in your PE, it is allocated an address to load into. You can change that address in the Section headers.
When you know what the a Korean string means, open the client in Olly, find that Korean string, select it and "find references to selection" (or whatever), and change the addresses pointed to by every command or memory array to point to your the translated string in the new section.
I need a stiff drink..:laugh:
I have some ethical opposition to alcoholic beverages, but fortunately the traditional stimulants of choice in the nerd / geek community in which we reside are caffeine and hemp... one to keep the senses sharp, and one to get some sleep after the copious quantities of the other.
While the latter stimulant disagrees with me, I strongly recommend "Hot Lava Java", or a double espresso if the former is not available. On hot days, there is a beverage I discovered in the U.S. called "Mountain Dew"... it's very effective. :D: I can't locate it locally. :(: But we do have Red Bull. :D:
That was one of my expressions of frustration with this translation task.. My alchohol intake is limited to a glass of wine a couple of times a month. I am supporting the coffee industry single handedly:laugh:
Can I dump all the section headers and load them back in with a different ordering ie: text KPTTrans .rdata etc? This is proving more difficult than I had omagined it would...:(:
Yes you can, in my recent release ZPT Client you can see that I have correctly appended the resource section (.rsrc) to the end of the PE, after the KPTTrans section.
This task was achieved just using Daniel Pistellis' CFF Explorer. But I should point out that that will not affect the order or addresses of the sections in memory... If you examine the section table, you will see that each section is allocated a preferred start address, a physical length and a virtual one.
With a program (.exe) the preferred start address will be granted (unless it overlaps another section in the same file) but libraries (.dlls and .ocxs and such) may have their sections re-arranged to fit around the primary application in it's virtual address space.
The reason there is a virtual length and a physical one, is that a section may allocate more memory from the kernel than is recorded in the PE file, so that that memory can be used for variable data which need not be initialised with any specific data before the program starts executing.
If it doesn't matter what is in that memory before the program runs, there is no need to waste disk space recording it's state in the PE file.
So if I understand, it will not make any difference with reading the translated section, in other words just adding the KPTTrans section does nothing for me unless I do something... what that something is I dont know, what would help me, is knowing what to do after KPTTrans in added. What I do know is that the game is looking at the .rdata section and not the one i want. So with KPTTrans added, I open Olly and do what? Look for something Korean? I havent seen any Korean symbols using olly at all, I have the language packs installed. I am at a fork in the road
and not sure which one to take..I prefer detailed how to instructions...but I will take what I get and try to work with that. thanks for you patience:mellow:
You would only see Korean characters in Olly if you where debugging a Korean program written in UTF-16 (WideChar) and then, only if you told Olly to format the memory as UTF-16.
The PT game client is not UTF at all... it relies on the host system being configured to work with ANSI CodePage 51949, and Olly will never work in that codepage. I believe the characters it represents correctly are one of the IBM OEM CodePages. (437 or 850 most likely)
So, look at your translation file in Hex, and search for the Korean 949 text via it's hex reference.
I'd get you some screenies, but I'm away from my PC for a little bit. :s
I am looking forward to those screenies. They may be just the thing to get me out of this stalemate i am in:thumbup1:
Okay... so you view the EUC Korean ANSI text file we created earlier from the .rdata section as both text (to find the string you are looking for) and then Hex (to know how that text is represented in binary.
Then you search for that hex string in the .rdata section of your PE file in Olly.
It should find it pretty quick.
You can now press ":" and give that memory location a name (or Label.)
Right click it's selection, and select "Find references to..." -> "Selected block"
This particular string is only referenced in one place in my code. So double click that reference, (push offset KPT2352.005BF444) and Olly will shift the CPU code listing to that line.
This is the location I have placed that string in my KPTTrans section... so the address I need that PUSH to point to is 04421F10.
Replace (by re-assembling, press Space) the reference to your "labelled" address with the address of your new, translated string in the added section.
For simplification, you can Label your translated address too, and zero fill the old Korean string now that there is no code pointing to it. None of that will make any difference to the program, but it may make it easier for you to read the code... now and in the future.
This looks very interesting. I will study it so I can really know what i am going to do. Following your instruction will allow me to go from .rdata and point to its equivalent in KPTtans? Thanks again for the help. I will let you know how I made out...:thumbup1:
Yes... when you are done modifying the code, don't forget to select the modification, save it to the executable image in memory and (once you are done with all your edits) save that in memory image back out to an exe file.
You will almost certainly want to play around a bit with the size (how many edits) of your session... too many will turn your brain to fuzz, too few will mean an awful lot of file saving and time waste.
the instructions you gave work just fine, the only place that I am not sure of is the re-assembly of the found referenced addy. I think I have to change that addy but I am not sure as to what, it seems that I missed something. Am I looking in KPTTrans for it? The english translation of my first korean text does not exist in KPTTrans. so my thinking process seems also flawed..
My brain started out as mush so it cant get any worse:thumbup:
Okay... when you "Edit" -> "Copy to executable" it only copies the line(s) or data that is currently selected.
There is a slight glitch in Olly (at least the version I use) where in-memory copy of the exe file doesn't show the first edit updated until you add another edit, or move the highlight... but when you do, you can see that it is different from the original, because it highlights changes. (on my colour scheme, with a red background, but the scheme I use is because I grew up with RomanticRobots' Multiface 1, Borland Turbo C++ and Turbo Pascal, and Norton Disk Doctor for DOS... they all used this colour scheme, and I find it familiar and easy on the eyes.)
From there, as you can see, you can save off the edits you have made to a new executable file... or the same one if you like living on the edge. :wink: