This is my gift/bonus for Risen’s first-year anniversary.
Before becoming over-excited, this is not the holy grail.
Please read the complete text before asking questions.
Code:An inchoate, community-based Software Development Kit for Risen Version 1.0.96124.0 (Patch 1.10) 1. License ~~~~~~~~~~ The whole RisenSDK is licensed under a Creative Commons BY-NC-SA 3.0 License (please visit http://creativecommons.org/licenses/by-nc-sa/3.0/ for details). All other names used in the SDK may be trademarks of their respective owners. The RisenSDK is completely independent and has (besides the game) absolutely no relationship to the developer Piranha Bytes and the publisher Deep Silver. Do not annoy them with support requests. They have contributed nothing (yet). 2. Preface ~~~~~~~~~~ Player: How do I get into the castle? Guards: You don't. Only Gomez' people get to go in there. Player: I see. This SDK is intended for software developers with a strong background in C++ and reverse engineering (Microsoft Visual C++ binary programs in particular). Without this expertise you are expected to get lost in space sooner or later. The idea of this project is to use the exported classes, functions, and data of the Genome libraries to extend Risen and develop custom tools or plug-ins. For several reasons (name mangling, memory layout, etc.) we are bound to the compiler that was used by Piranha Bytes to build Risen (Visual C++ 2005 SP1). Fortunately the Visual C++ 2005 Express Edition ISO image is still available on Microsoft's download server (google 0434C5AF-8FB5-4D64-B8D8-E9BDF3C83152). Combined with the "Windows Server 2003 R2 Platform SDK" (has been superceded by the Windows SDK, but the new SDKs do not include ATL/MFC headers) it adds up to a development environment for free, that can be used with the RisenSDK. To correctly handle exported data and functions with C linkage, I was forced to develop a custom tool for creating the import libraries that can be found in the /lib directory of the SDK. This tool is not part of this project (but I think this is not a problem, it seems to work and no changes are expected). For your own research, you might remove the protection wrapper (Solidshield) from the application (bin/Risen.exe) and protected libraries (bin/Engine.dll, bin/Game.dll, and bin/scripts/Script_Game.dll) to allow static code analysis. Do not waste our time, such binaries will not be published for legal reasons. 3. Loading ~~~~~~~~~~ Player: I need to get into the castle! I have a letter here for the High Fire Mage. Thorus: And you expect me to let you stroll inside the castle to hand it over and collect your reward? Player: Yeah. Checkout the "trunk" (main line of development) of the Subversion repository at svn://nicode.net/risensdk/trunk/ into Risen's program installation folder. For commits (write access) you need an account + password (send me an email). Go to http://svn.nicode.net/risensdk/trunk/ to browse through the repository. 4. Playing ~~~~~~~~~~ Xardas: WHO DARES TO DISTURB ME IN MY STUDIES? Player: My name is... Xardas: I don't wish to know your name. It is insignificant. All that matters is that you are the first person in years to have solved my Golem's riddles. As you will notice, the RisenSDK is in a very rudimentary state. All exports of the SharedBase.dll are covered, but the source is full of FIXMEs 'n TODOs. Expect to find problems and bugs in the template classes (has been developed from scratch, and some should have been rewritten) and nearly all parameters are unnamed. The reason is quite simple - lack of time. Most of the code has been written in about two weeks. The SharedBase.dll was the easiest part. It will require even more research and work to add support for the "foundation" (FF) and "framework" (FX) modules. Virtual inheritance is a nice feature for interfaces that might have been changed during the life cycle of the product. But it is no fun to analyze the thunks and data access with negative offsets. To get your code loaded by the engine, you can develop a script library that follows the naming convention /bin/scripts/Script_*.dll - have a look at the project in /source/Scripts/Script_Library (implements a new console command). 5. Closing ~~~~~~~~~~ Jackal: Hey, watch who you're trying to fool! Come back when you have the ore! This project is just a little too sparse and too late to be useful for Risen. But if Piranha Bytes re-uses parts of the Genome engine for the next project, it might speed up the development of community tools or plug-ins for Risen 2. So Long, and Thanks for All the Fish Nico Bendlin <nicode@gmx.net>
Ergebnis 1 bis 20 von 217
-
Geändert von NicoDE (01.10.2010 um 22:52 Uhr)
-
Development Resources and Links for the RisenSDK.
- Visual Studio 2005 SP1 (8.0.50727.762)
Visual C++ 2005 Express Edition (English)
Visual C++ 2005 Express Edition (German)
Visual C++ 2005 Express Edition SP1
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (English)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (German)
Visual Studio 2005 Service Pack 1 Update for Windows Vista (English)
Visual Studio 2005 Service Pack 1 Update for Windows Vista (German)
Windows Server 2003 R2 Platform SDK - DirectX 9.0 (9.11.519.0)
DirectX SDK (February 2006)
DirectX SDK (February 2006) Symbol Files
DirectX End-User Runtimes (February 2006)
DirectX End-User Runtimes (November 2008) (on the Risen DVD) - PhysX 2.8.1 Build 13 (2.8.1.21)
PhysX SDK Version 2.8.1 Build 13 (PC)
PhysX System Software 9.09.0408 (WHQL) (on the Risen DVD) - FMOD Ex 2.24.00 (0.4.24.0)
FMOD Ex API 2.24.00 (Windows 32bit)
FMOD Ex API 2.24.00 (Windows 64bit) - LAME 3.98.2
LAME 3.98.2 source
LAME binaries (Windows) - zlib 1.2.1
zlib 1.2.1
"Unter diesen schwierigen Umständen bin ich mir sicher, daß diese guten Menschen meinen augenblicklichen Bedarf an deren Gold verstehen werden." -- Connor
- Visual Studio 2005 SP1 (8.0.50727.762)
-
That's a VERY nice gift. And I'd really like to help expanding it... do you know any good book or online tutorial dealing with RE? Maybe I'll get experienced enough until Risen II is released.
Thanks a lot for all the hours you spent on this project!
EDIT:
Danke, mal sehen ob ich mit IDA Pro 4.9 was anfangen kann... ich muss aber zunächst noch Assembler lernen.Geändert von Baltram (02.10.2010 um 17:50 Uhr)
-
Here are same "pointers" for reverse engineering:
IDA Pro + Hex-Rays Decompiler are professional tools, but a free version of IDA is available. Go to Ilfak’s Blog to have some interesting reads. Now a bit dated (due to the Blochs debugger in the current version), but still the best Book about IDA and analysis in general.
OllyDbg is a good debugger.
Please read the excellent articles from Igor Skochinsky at OpenRCE, especially the one about MSVC’s class layout, virtual functions, and RTTI."Unter diesen schwierigen Umständen bin ich mir sicher, daß diese guten Menschen meinen augenblicklichen Bedarf an deren Gold verstehen werden." -- ConnorGeändert von NicoDE (02.10.2010 um 21:12 Uhr)
-
Obwohl ich bisher kaum Erfahrung mit modden habe und auch nicht viel mit deiner bisherigen Arbeit anfangen könnte hab ich zumindest eine kleine Vorstellung davon wieviel Arbeit und vorallem Gehirnschmalz du hier investiert hast.
Vielen herzlichen dank für dein Engagement!
Schöne Grüsse mit der Hoffnung das jemand deine Arbeit aufnimmt und ausbaut,
WhityEs gibt nur zwei Dinge die unendlich sind:
Das Universum. Und die menschliche Dummheit.
Beim ersten bin ich mir aber noch nicht ganz sicher.
- Albert Einstein
Meine Posts spiegeln immer nur meine Meinung dar. Ich nehme mir nicht das recht fuer die Allgemeinheit zu sprechen.
-
You’re welcome
Please stick to posting in English, thank you."Unter diesen schwierigen Umständen bin ich mir sicher, daß diese guten Menschen meinen augenblicklichen Bedarf an deren Gold verstehen werden." -- Connor
-
- Registriert seit
- Oct 2010
- Beiträge
- 2
thanks for you work.
Does sdk work with protectioned .exe file?
Can you write a tutorial on how to remove wrapper?
-
Yes. It was/is intended for the official release/patch - else it would not make sense at all
No. Circumventing copy protections is not allowed in Germany.
As long as you do not want to restore one of the 18 virtualized functions, there is nothing special to do: find the OEP, wait for decoding, write endless loop at OEP, wait for hang, dump sections, find original IAT/import table, and rebuild image without the Solidshield section. You will not get working images, but it is sufficient to analyze 99% of the binary."Unter diesen schwierigen Umständen bin ich mir sicher, daß diese guten Menschen meinen augenblicklichen Bedarf an deren Gold verstehen werden." -- Connor
-
Well done !
Just curious to know: was Genome the graphic engine used for Risen ? Wiki has some information about it (here) but does not name it.
-
-
Der Schläfer war damals auch mal ein Sektenspinner
[Bild: sigpic90446_34.gif]
Pimp my Gothic - Eine Anleitung zur Verschönerung des alten Klassikers ~ von InspirateGeändert von kAzGuRu (08.10.2010 um 19:24 Uhr)
-
New mods (including quests, dialogs, items, new weapons, ...) have become feasible quite some time ago, there is only a lack of modders.
The main object of the SDK is, as far as I understood, the ability of adding new scripted functions, which results in additional "script_XYZ.dll" (example of adding new console commands). This would for example be critical for realizing complex quests / events. But at the moment it's not really doable since the SDK is too "young" yet.
-
[...] to use the engine classes to load/modify/write the content files. Why should we analyze a file format and develop tools from scratch, if we can use the engine class to load the content.
At least in my option
I just used the Script interface to get into the engine and to interact with the user in a way that reduces the effort on both sides.
The SPU analysis is far from ready. Nobody (that I know) took the time to analyze the requirements, conditions and interrelation of "scripted" functions.
However, the Script wrapper classes (Script.dll) are very interesting, because they allow easy access to the frequently used functions/actions of the engine classes.
Note: Next I’ll work on the property classes/templates. This would allow us to read/change the properties of every bCObjectBase-based class in a generic way.
ps@Baltram: Many thanks for answering the questionsGeändert von NicoDE (08.10.2010 um 20:42 Uhr)
-
Because it can be fun
... no, you're right of course. Could this also help to understand the ._xmot Format? I'm not sure here because it's kind of "external" file format.I hoped we could implement functions to be called in infos that way...Sounds cool! But I've no idea what bCObjectBase-based classes are (didn't find that expressen in your source files).
-
"Verstehe."
Sorry, in the English release it was translated with "I see." - but this translation does not work here
Maybe, but I never had a deeper look at the animation resources/classes (other things to do, sorry).
We can, the prolog (getting "self" and "other" by the parameters or from the SPU is _always_ the same and quite simple to implement).
You just have to code what should happen in your function
Even if no Script.dll header is included, I created the import libraries for all Genome modules. So you can have a look at the existing script functions and use@for /R "D:\Games\Risen\bin" %i in (*.dll) do @dumpbin /exports /out:"%~dpni.exports.txt" "%i" && undname 0x8000 "%~dpni.exports.txt" > "%~dpni.undname.txt"
For the class hierarchy you might read the RTTI data. I attached files that have been generated with an IDA plug-in. It is not fail-safe (specifically with multiple virtual inheritance), but it gets it right most of the time.
bCObjectBase is the base class that introduces the generic property system.Geändert von NicoDE (30.03.2011 um 00:41 Uhr)
-
Wow, it worked .
I guess if I wanted to use such exported methods (?) I'd have to "rewrite the header" (don't now how to express ) of the corresponding class and base classes, like you did in the SDK, right?
And I further guess this would be the point where I'd need experience with IDA and assembly code...Thanks!
Unfortunately, as I haven't been concerned at all (yet) with anything having to do with RE, I don't quite understand it. For example:20D48B8C 0088 gCInventory_PS: eCEntityPropertySet, bCObjectRefBase, bCObjectBase, gCInventoryListener; [MI]
20D48B6C 0005 gCInventory_PS; [MI]
Are the classes stated in the first line the base classes of gCInventory_PS?
Do I have to know about "[MI]"?So I could call lets say your library script out of an info?
___________________
Sorry for bothering you with all these questions
-
Yes.
In the first step you just have to figure out, how big the class is (sizeof). For classes with virtual destructors (vector deleting destructor) this is quite easy, because the this-pointer is incremented by sizeof(*this). Therefore you can declare a dummy array as member block to start using a class (you should not include the pointer to the virtual function table(s) in the members).
Yes, it helps debugging if you reverse engineer the complete class with all members. But you don’t have to, if you only use exported functions/methods. Sometimes, when you only use pointers to objects (e.g. global singletons), you don’t even have to know the size of the class.
Don’t care, you’ll stumble upon it later.
Yes, they are the base classes.
Code:class bCObjectBase{}; class bCObjectRefBase: public bCObjectBase{}; class eCEntityPropertySet: public bCObjectRefBase{}; class gCInventoryListener{}; class gCInventory_PS: public eCEntityPropertySet, public gCInventoryListener{};
MI = Multiple Inheritance
VI = Virtual Inheritance
Because gCInventoryListener is not derived from bCObjectBase/bCObjectRefBase/eCEntityPropertySet, gCInventory_PS needs more than one virtual function table and separate blocks for the members -> MI.
Do you have an idea for an example?
I might take the time to create one. I’m sure it would help some people to get in touch with the SDK.Geändert von NicoDE (10.10.2010 um 20:53 Uhr)
-
Okay...
Sorry. It sounds pretty easy but I still have't got any idea what do to (in a concrete, practical sense) - am I supposed to use OllyDbg now?
I'd be happy if you could give me some words I can google, or so, I really have to learn EVERYTHING from zero (but I usually learn fast ).You mean an example of a useful additional script for the use in infos? Well, my intention was to write one to void trader inventories (in order to create own traders without pre-existing trade items) but today I recognized this isn't necessary at all .
But I think it would be convenient to have a script for playing a specific animation / sound. For spawning NPCs, Objects, Items. For influencing ingame time. (Might be that such already exists.)At least it would help ME
-
"Unter diesen schwierigen Umständen bin ich mir sicher, daß diese guten Menschen meinen augenblicklichen Bedarf an deren Gold verstehen werden." -- Connor
-