Gildor's Forums
Gildor's Forums > English Forum > UE Viewer (English) > Unreal coding (Moderator: Juso3D) > UE3 reversing
Pages: [1]
Author Topic: UE3 reversing  (Read 6951 times)
Gildor
Administrator
Hero Member
*****
Posts: 7973



View Profile WWW
UE3 reversing
« on: January 30, 2013, 14:39 »
Good news for people like me, who researching Unreal Engine 3 internals using disassembler.

As you probably know, the easiest way to reverse Win32 executable is to load it into the IDA Pro disassembler and load corresponding pdb file containing symbol information. Unfortunately there's no pdb files for UDK etc, so it's very hard to detect any piece of code. UE3 executable files for iOS and Android are Linux .so files with a bunch of debug information (function names). Researching ARM code is very hard because of it's RISC architecture, but with yesterday's Epic Games release of Epic Citadel for Android it's much easier now. This version has support for both Android CPU architectures - ARM and x86, there's two .so files inside apk. I've just tried to load x86 .so file into the IDA Pro - it looks great, each function in the code has a prototype!

Personally for me, this is a bit useless - I reversed everything I needed for SkeletalMesh support more than a year ago. Also I have full access to the Epic's UE3 code now. But this information still could be useful for other researchers - there's a legally available executable file with debug information.
Logged
warrantyvoider
Full Member
***
Posts: 109


View Profile
Re: UE3 reversing
« Reply #1 on: January 30, 2013, 16:32 »
Thats awesome news, thanks alot!!

greetz WV
Logged
Alcatraz
Newbie
*
Posts: 17


View Profile
Re: UE3 reversing
« Reply #2 on: February 11, 2013, 14:04 »
That's interesting. I've looked into static mesh format. I've reversed everything until first "FUntypedBulkData" usage. What's that? Do you guys have any ideas?

BTW: it's funny such a function is called at the beginning of each serializer:
Code:
sub_6AEFCE proc near
nop
nop
nop
nop
nop
nop
nop
nop
mov     ebx, [esp+0]
retn
sub_6AEFCE endp
Logged
Gildor
Administrator
Hero Member
*****
Posts: 7973



View Profile WWW
Re: UE3 reversing
« Reply #3 on: February 11, 2013, 16:34 »
Quote from: Alcatraz on February 11, 2013, 14:04
I've reversed everything until first "FUntypedBulkData" usage. What's that? Do you guys have any ideas?
I think it holds editor data. These arrays empty in cooked mesh datas.
Quote
BTW: it's funny such a function is called at the beginning of each serializer:
Code:
sub_6AEFCE proc near
nop
...
mov     ebx, [esp+0]
retn
sub_6AEFCE endp
I seen such functions. I think this is compiler-generated code for some runtime hooks.
Logged
warrantyvoider
Full Member
***
Posts: 109


View Profile
Re: UE3 reversing
« Reply #4 on: April 18, 2013, 15:13 »
I was bored today and wrote a little extractor for the "unrealobb" file (*.obb), after renaming apk to zip/rar, you can extract its files, and one of it is this obb file. Actually this should be another zip, but isnt, so I wrote this (source included). have fun^^

greetz WV

http://www.mediafire.com/?ic5i1dqwkb1rz16
Logged
Pages: [1]
Jump to:  

Powered by SMF | SMF © 2006-2009, Simple Machines LLC
Leviathan design by Bloc | XHTML | CSS