What's new

Solved Function names and parameters

  • Thread starter stepto
  • Start date
  • Views 2,379
stepto

stepto

Enthusiast
Messages
249
Reaction score
72
Points
110
Sin$
0
When reverse engineering, I see that a lot of people here are able to deduce what a certain function's name is and their parameters. I was wondering how exactly people do this? Is collecting the parameters simply done through reversing the function and examining how the function uses the stack and so forth, pushing bytes of information and then conducting your research on that?

If so, then how do people know what the arguments are called? For example, (controllerIndex int*, ...) etc. Sorry for being a n00b, but I can't seem to find anywhere on the internet telling me how they do this... I did however come across a user on this site who said he dumps the function's memory and that's how he's able to find out the names...
 
stepto

stepto

Enthusiast
Messages
249
Reaction score
72
Points
110
Sin$
0
You use the cod4 pdb or the ghosts pdb to get the parameters.
Even without the pdbs, how do people do it?
I mean, I'm pretty sure Battlefield hasn't had pdbs leaked for them, so how would someone find the function name and parameters for that game?

And what about game-specific functions that aren't used in the previous Call of Duty's with pdbs? For example, didn't people have information on the Demonware anti-cheat for Ghosts and Black Ops 2 even before the pdbs were leaked?
 
Upvote 0
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Even without the pdbs, how do people do it?
I mean, I'm pretty sure Battlefield hasn't had pdbs leaked for them, so how would someone find the function name and parameters for that game?

And what about game-specific functions that aren't used in the previous Call of Duty's with pdbs? For example, didn't people have information on the Demonware anti-cheat for Ghosts and Black Ops 2 even before the pdbs were leaked?
Pretty sure for battlefield they use cheat engine to peek and poke values. For the demonware stuff, I'm not sure exactly.
 
Upvote 0
A

Auschwitz Guard

Banned
Messages
195
Reaction score
123
Points
85
Sin$
0
No you do not check cod4 you moron lmao, that has got to be the worse advise going. He said reverse engineering not going from a 2008 reference. PM me, I'll show you how logical it all is
 
Upvote 0
Succulent Moist

Succulent Moist

You PC bro?
Messages
70
Reaction score
12
Points
55
Sin$
0
No you do not check cod4 you moron lmao, that has got to be the worse advise going. He said reverse engineering not going from a 2008 reference. PM me, I'll show you how logical it all is
Breehhh can you just explain it in a comment. Ive been wondering the same thing for like 2 years.
 
Upvote 0
Succulent Moist

Succulent Moist

You PC bro?
Messages
70
Reaction score
12
Points
55
Sin$
0
I did see it, sadly I'm not a support bot...
I don't see why you couldn't just comment it in the first place instead of having to keep it private. Some people on this forum are ridiculous.

- Say's he's not a support bot
- Is in the Modding Support Section 
When reverse engineering, I see that a lot of people here are able to deduce what a certain function's name is and their parameters. I was wondering how exactly people do this? Is collecting the parameters simply done through reversing the function and examining how the function uses the stack and so forth, pushing bytes of information and then conducting your research on that?

If so, then how do people know what the arguments are called? For example, (controllerIndex int*, ...) etc. Sorry for being a n00b, but I can't seem to find anywhere on the internet telling me how they do this... I did however come across a user on this site who said he dumps the function's memory and that's how he's able to find out the names...
Any chance you could help me out?
 
Upvote 0
A

Auschwitz Guard

Banned
Messages
195
Reaction score
123
Points
85
Sin$
0
I don't see why you couldn't just comment it in the first place instead of having to keep it private. Some people on this forum are ridiculous.

- Say's he's not a support bot
- Is in the Modding Support Section 

Any chance you could help me out?

And this is why, you're acting like a child. I know stepto, so I help friends, on the other hand I have no idea who you are and you just insulted me for not helping you, now you're defiantly not getting help.
 
Upvote 0
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
I just realised, he asked the guy who asked for help, for help...:facepalm::roflmao:
687474703a2f2f692e696d6775722e636f6d2f317855716c626c2e676966
 
Upvote 0
SC58

SC58

Enthusiast
Messages
358
Reaction score
129
Points
125
Sin$
7
Even without the pdbs, how do people do it?
I mean, I'm pretty sure Battlefield hasn't had pdbs leaked for them, so how would someone find the function name and parameters for that game?

And what about game-specific functions that aren't used in the previous Call of Duty's with pdbs? For example, didn't people have information on the Demonware anti-cheat for Ghosts and Black Ops 2 even before the pdbs were leaked?

They don't know the names unless they use the pdb leaks, and for bf they use the pdb leaks else they just call it something different, but sometime they leave function name in the file to know it
 
Upvote 0
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
They don't know the names unless they use the pdb leaks, and for bf they use the pdb leaks else they just call it something different, but sometime they leave function name in the file to know it
 
Upvote 0
D

Deleted member 117745

Reefer Smoker
Messages
2,393
Reaction score
1,924
Points
365
Sin$
0
A Auschwitz Guard , seen your posts all over 7s lately but been too lazy to login and respond to them. You really should stop being such an *** to everyone, it's really not very nice.

No you do not check cod4 you moron lmao, that has got to be the worse advise going. He said reverse engineering not going from a 2008 reference. PM me, I'll show you how logical it all is
I don't see how checking into leaked pdbs is bad advice, it's actually a great place to start as you can find a lot of relationships in the cod4 pdb that still exist to this day in advanced warfare. Not to say that's the only way to figure these things out, but it's definitely a good starting point.

I did see it, sadly I'm not a support bot...
You should refrain from reading the support section if you don't like what you see; and especially from posting here if you're going to just make passive aggressive, douchy comments to other members who are only seeking help, and act all condescending like you're some kind of genius. No one person is perfect, and everyone needs help at some point. Regardless of whether or not you'll admit it, I can guarantee at some point (or all points) in your life, you've received help, and/or used someone elses work as a basis for anything you've created.

And this is why, you're acting like a child. I know stepto, so I help friends, on the other hand I have no idea who you are and you just insulted me for not helping you, now you're defiantly not getting help.
I think you should take your own advice on this one, and stop acting like a child. If you wanted to only help the OP, you should've PM'd them directly. Instead, you act all elitist like the information you possess is invaluable, and no one else has it.

When reverse engineering, I see that a lot of people here are able to deduce what a certain function's name is and their parameters. I was wondering how exactly people do this? Is collecting the parameters simply done through reversing the function and examining how the function uses the stack and so forth, pushing bytes of information and then conducting your research on that?

If so, then how do people know what the arguments are called? For example, (controllerIndex int*, ...) etc. Sorry for being a n00b, but I can't seem to find anywhere on the internet telling me how they do this... I did however come across a user on this site who said he dumps the function's memory and that's how he's able to find out the names...
Finding the actual name of a function is usually impossible without having direct access to a PDB file or the source, however in some cases string references are left in the finalized xex that can be used to figure out what a function is called, or what it does.

A good example from the advanced warfare xex is CG_CanSeePlayer, shown here:
a25274e25f.png


If you double click on the string, it takes you to the location of the string in the xex. Then you just follow the XREF (ctrl+x) to the function that piece of text is referenced in, and in general it will only be referenced by one function.

277b81aefe.png


As you can see from the first screenshot, there are a bunch of functions you can find just from string references. The CL_GetUserCmd function is useful for finding information used in creating a silent aimbot. CG_FireWeapon can be used in tracking down information used to create a basic nospread mod and/or bullet penetration checks for your ESP/aimbot. Being able to find these functions all so easily combined with the knowledge that can be gained from looking into leaked PDB files, makes it easy to figure out which functions do what, and at least then you can assign them a name based on what you think they're doing.

As far as finding out what parameters are, you just have to backtrack through the code to see what registers are being populated with what information, then figure out what that information actually is.

TL/DR: in most cases, getting the actual name of the function isn't going to be possible. However, if the devs leave any debug messages and/or error messages that provide information about the function, then it might be possible.

Disclaimer: I'm not an expert, and anything I've stated here could probably be expanded upon, or trumped by a more efficient method. I'm just sharing what I know as it has worked for me, and would most likely be useful to beginners who are just trying to figure out where to start.
 
Last edited:
Upvote 0
A

Auschwitz Guard

Banned
Messages
195
Reaction score
123
Points
85
Sin$
0
A Auschwitz Guard , seen your posts all over 7s lately but been too lazy to login and respond to them. You really should stop being such an *** to everyone, it's really not very nice.


I don't see how checking into leaked pdbs is bad advice, it's actually a great place to start as you can find a lot of relationships in the cod4 pdb that still exist to this day in advanced warfare. Not to say that's the only way to figure these things out, but it's definitely a good starting point.


You should refrain from reading the support section if you don't like what you see; and especially from posting here if you're going to just make passive aggressive, douchy comments to other members who are only seeking help, and act all condescending like you're some kind of genius. No one person is perfect, and everyone needs help at some point. Regardless of whether or not you'll admit it, I can guarantee at some point (or all points) in your life, you've received help, and/or used someone elses work as a basis for anything you've created.


I think you should take your own advice on this one, and stop acting like a child. If you wanted to only help the OP, you should've PM'd them directly. Instead, you act all elitist like the information you possess is invaluable, and no one else has it.


Finding the actual name of a function is usually impossible without having direct access to a PDB file or the source, however in some cases string references are left in the finalized xex that can be used to figure out what a function is called, or what it does.

A good example from the advanced warfare xex is CG_CanSeePlayer, shown here:
a25274e25f.png


If you double click on the string, it takes you to the location of the string in the xex. Then you just follow the XREF (ctrl+x) to the function that piece of text is referenced in, and in general it will only be referenced by one function.

277b81aefe.png


As you can see from the first screenshot, there are a bunch of functions you can find just from string references. The CL_GetUserCmd function is useful for finding information used in creating a silent aimbot. CG_FireWeapon can be used in tracking down information used to create a basic nospread mod and/or bullet penetration checks for your ESP/aimbot. Being able to find these functions all so easily combined with the knowledge that can be gained from looking into leaked PDB files, makes it easy to figure out which functions do what, and at least then you can assign them a name based on what you think they're doing.

As far as finding out what parameters are, you just have to backtrack through the code to see what registers are being populated with what information, then figure out what that information actually is.

TL/DR: in most cases, getting the actual name of the function isn't going to be possible. However, if the devs leave any debug messages and/or error messages that provide information about the function, then it might be possible.

Disclaimer: I'm not an expert, and anything I've stated here could probably be expanded upon, or trumped by a more efficient method. I'm just sharing what I know as it has worked for me, and would most likely be useful to beginners who are just trying to figure out where to start.

No, the cod4 PDB isn't reliable seeing as parameters change, how functions manage data change, along with data management all together (structures, enumerations, unions), I never said that it's completely invalid, of course to see how something worked or existed in a previous title is valid, but it shouldn't be a dependable reference. As for "finding the function name", real reverse engineering would be to understand the prefixes, what the function does along with how it's used. Of course the EXACT label is impossible, why would anyone think labels are magically stored in the file? As for parameters, all you need to do is understand data sizes, gpr's and a basic understanding on both the LR and stack (seeing as in C, parameters can exceed 8, so where do you think the rest are stored?...) as for the stupid crap you came up with, you must have some serious problems if you think I'm implying supremacy or "shooting g someone down" just for refusing to try and teach someone assembly who I don't even know? But I love how you sat there typing that out like it's going to help a single person viewing this thread, please take your leeched PC research and brag about it in the Modding Section where all the 12 year olds seem to coexist with you ego boosters.
 
Upvote 0
Top Bottom
Login
Register