Page 1 of 1
Trainer manager in Python
Posted: Fri Oct 30, 2015 10:19 pm
by nodots
I am writing an Xbox trainer manager in Python/PyGame (to make it cross-platform). I already have ".etm" support, but I do not have ".xbtf" support.
Does any one here know how software reads XBTF files? I can read C/C++, but not when it drops to ASM inline. Anyone that helps me get's credit!
Q: Why Python, there's a Windows binary version!
A: Something old isn't guaranteed to run on something new, something new isn't guaranteed to run on something old. Python runs everywhere (and classes can be backported/updated to other versions of Python). This will be open source (DUH!) so there is no worry of the program dying or being tied to a specific OS or OS version.
I can read C/C++, but not when it drops to ASM inline (I don't know C, but logic is logic). PM me if you can help with XBTF files.
EDIT: All I need to know is how to read the text from an ".xbtf" file. Is it 7-bit? Is is compressed? Where are the pointers?
Re: Trainer manager in Python
Posted: Wed Nov 11, 2015 12:53 am
by nodots
In "utils\Trainer.cpp" on line 64:
Not even remotely a great comment, LOL.
No comment's on what it's doing and how, or how this is derived on line 70:
I am just looking for what the ASM code (lines 64-90) does, and I can glean the rest.
Re: Trainer manager in Python
Posted: Fri Dec 18, 2015 9:13 pm
by professor_jonny
have a look here on X86 assembly:
http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
basically it is adding two bytes together
the end result gets stored in the al register
al is the lower 8 bits in the eax register esi is a 32 bit register so as you can imagine you cant add the two directly because they are two different sizes so it is using it as a pointer to where the number you require is stored to add to al.
byte ptr tells it it to look for look for the number stored in the address eax+027h rather than the actual address value + 027h.
buggered if I know what that address has some significance to something related to patching in the trainer.
I don't know if you have access to the hardware directly in python and the trainer may not work without access to adding those two values together
just tells the compiler the code block is assembly no c++
https://msdn.microsoft.com/en-us/library/45yd4tzz.aspx
Re: Trainer manager in Python
Posted: Fri Dec 18, 2015 10:16 pm
by professor_jonny
maybe you could look at the Xored ETM to XBTF Converter 2.0 and compare the diff between two files.
this is what I found:
XBTF trainers are based on Evox's ETM standard with 1 added section and 15k of buffer space. This section and buffer space allows us to give trainer authors access to "built in" support functions so they can spend more time on the important hacks. These functions also work regardless of end-users hardware, meaning if you call LCDCLEAR() your trainer calls the code injected by the Mini Launcher (configured by end-users ini file) so as long as the Mini Launcher supports their LCD your trainer will also).
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 7:14 pm
by nodots
Well, I ditched the Pygame idea and just went with GTK/Tkinter because it comes with python.
Most everything works, but no one can tell me how XBTF works. That little bit of "it's just an ETM" is crap.
ETM's are super easy to reverse engineer/modify. I just had a feature request to allow renaming of cheat options, and I'm adding it.
What I'm really asking, is how to derive the same variables used in the ASM code. What info from the file is it using/manipulating?
I know what the ASM is doing, I just can't tell what with.
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 7:39 pm
by Rocky5
Here is the asm code snippet.
Code: Select all
unsigned int iTextOffset;
if (m_bIsXBTF)
{
void* buffer = m_pData;
unsigned int trainerbytesread = m_iSize;
__asm // unmangle trainer
{
pushad
mov esi, buffer
xor eax, eax
add al, byte ptr [esi+027h]
add al, byte ptr [esi+02Fh]
add al, byte ptr [esi+037h]
mov ecx, 0FFFFFFh
imul ecx
xor dword ptr [esi], eax
mov ebx, dword ptr [esi]
add esi, 4
xor eax, eax
mov ecx, trainerbytesread
sub ecx, 4
loopme:
xor byte ptr [esi], bl
sub byte ptr [esi], al
add eax, 3
add eax, ecx
inc esi
loop loopme
popad
}
Maybe better of asking over at the
http://forum.xentax.com forums, as they are damn good at reversing formats.
The ETM format is straight forward to reverse as it has all the offsets at the beginning of the file and visually you can see stuff, XBTF is compressed or encrypted in some way.
I created a batch file and a quick me script to rename all files to there internal names, also added truncating as the Xbox only accepts 42 or less characters.
Info and stuff here.
http://www.emuxtras.net/forum/viewtopic.php?f=179&t=361
I tried to workout how the xbtf works but couldn't find any way to reverse it, so gave up.
Code: Select all
#=================================================================================================
# etm_trainer_name_extractor.bms
# (c) 01/08/2014 by Rocky5
#=================================================================================================
get FILESIZE asize
goto 0xE
get METAOFFSET long
goto METAOFFSET
get NAMEOFFSET short
get NULL short
get DESCOFFSET short
math DESCOFFSET -= NAMEOFFSET
math DESCOFFSET -= 1
goto NAMEOFFSET
savepos FOUND
getdstring NAME DESCOFFSET
set NAME NAME
log "export.txt" NAMEOFFSET DESCOFFSET
Cleanexit
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 9:22 pm
by nodots
Rocky5 wrote:Here is the asm code snippet...
Yeah, I have the source. I am looking for someone to help me understand it.
Rocky5 wrote:Maybe better of asking over at the
http://forum.xentax.com forums, as they are damn good at reversing formats.
Thanks, will try there too.
Rocky5 wrote:The ETM format is straight forward to reverse as it has all the offsets at the beginning of the file and visually you can see stuff, XBTF is compressed or encrypted in some way.
ETM took <5 minutes to reverse... I think the XBTF is compressed. 7-bit (for text only) was popular in the DOS era, and it's relatively easy and fast.
dominater01 showed me that page already, LOL.
Look, when I get help and understand I will make sure to document it so no one else will need to ask.
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 11:07 pm
by Rocky5
The snippet was for folk other than me and you
saves them having to scour the source code to find it.
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 11:23 pm
by nodots
Rocky5 wrote:The snippet was for folk other than me and you
saves them having to scour the source code to find it.
I was hoping that one of the Devs would read this and know what I'm asking for... I was hoping that the site that does the dev would have the answers.
The file format will be documented when I get done, no one will ever have to ask the question again if they know how to use google.
I am also going to document the ETM file well enough that you could build/mod it by hand if you wanted. One of the functions of
PTM (Python Trainer Manager) will be to edit the text fields. I am also going to make a database of the trainers like the GOOD tools do.
Re: Trainer manager in Python
Posted: Sun Jan 15, 2017 11:44 pm
by Rocky5
You may want to post a link to the trainer.cpp, trainer.h file and also a xbtf trainer for someone to look at. They won't go looking for this stuff. ( been a member on there for a long time )
Re: Trainer manager in Python
Posted: Mon Jan 16, 2017 4:12 am
by nodots
Holy crap, you all are havin' a laugh. It's a *special* routine I'm looking at. Meh, I'll try to mask what I'm doing in my code. It's there for a reason, and I agree.
REALLY? THE PRICE OF ADMISSION IS NOT TO LEARN ASM AND C, BUT ASM IN C? lmfao, I mighta done it too. Nothing to see here, move along script kiddies. I'll give you no scraps!
Now I gotta turn ASM into Python. If someone would have PM'd me, I coulda had this sooner. Like a year sooner.
Re: Trainer manager in Python
Posted: Mon Jan 16, 2017 9:18 am
by Rocky5
?
Re: Trainer manager in Python
Posted: Mon Jan 16, 2017 9:30 pm
by nodots
I just figured out what I couldn't figure out! XBTF support will come within the month (when depends on my amount of lazy). I know what the code does, and how it does it, where it get's it's data. I looked for an hour, and it clicked.
Re: Trainer manager in Python
Posted: Mon Jan 16, 2017 10:53 pm
by Rocky5
You going to go into detail on how it gets the data or how it's done?
I'm interested as I was scratching my head.
From what I could see and interparate is it gets the data ( sets it as the buffer ) gets the size, the asm code moves the buffer some where? ( or moves the buffer to a point in memory? ) then it adds a few bytes to the end? then other things
Re: Trainer manager in Python
Posted: Wed Jan 18, 2017 11:52 pm
by nodots
As soon as I have a "GOOD" list of originals, I will document. I don't want credit where credit is not due. This is why the trainers were "mangled" as the source states.
Re: Trainer manager in Python
Posted: Sat Jan 21, 2017 7:41 pm
by nodots
Is there a game cover scan pack labeled by TitleID? If any project had one, it should be here.
Rocky5, you are on the right track. It moves it into memory in "buffer", unmangles in place, and reads the info needed.
This is why it takes so long to start up xored functionality with a big amount of trainers. Pretty easy to read now, actually.
Re: Trainer manager in Python
Posted: Sat Jan 21, 2017 8:03 pm
by Rocky5
nodots wrote:Is there a game cover scan pack labeled by TitleID? If any project had one, it should be here.
Rocky5, you are on the right track. It moves it into memory in "buffer", unmangles in place, and reads the info needed.
This is why it takes so long to start up xored functionality with a big amount of trainers. Pretty easy to read now, actually.
I have a pack of over 200, but not in titleid format. But I made batch files to extract the titleids from a FTP source so give me a few hours and I will get you them all as titleids.
Do you want a extension or folderized?
( Halo\titeid )
Update:
Here you go there are 3 variants.