Thunderbrew:binana: Difference between revisions
No edit summary |
No edit summary |
||
| Line 42: | Line 42: | ||
For Binana, the convention for the end address of a function is the address that's 1 byte after the last instruction. | For Binana, the convention for the end address of a function is the address that's 1 byte after the last instruction. | ||
For example, <code>0042830B</code> would be the end address of <code>WowConnection__AddRef</code> | |||
<pre> | |||
WowConnection__AddRef: | |||
00428300 b8 01 00 00 00 MOV EAX,0x1 | |||
00428305 f0 0f c1 01 XADD.LOCK dword ptr [ECX],EAX | |||
00428309 40 INC EAX | |||
0042830a c3 RET | |||
------> 0042830b cc ?? CCh | |||
0042830c cc ?? CCh | |||
0042830d cc ?? CCh | |||
0042830e cc ?? CCh | |||
0042830f cc ?? CCh | |||
</pre> | |||
=== C headers === | === C headers === | ||
A profile also contains a tree of C headers, which are used to expose type information into IDA Pro or Ghidra. | A profile also contains a tree of C headers, which are used to expose type information into IDA Pro or Ghidra. | ||
Revision as of 01:04, 9 May 2026
Binana is a centralized repository of reverse-engineering information for various stripped binaries that are of interest to the [Thunderbrew] project.
Rationale
Over the years, many individuals have attempted to reverse engineer specific parts of the WoW client. These are usually siloed away into individual IDA Pro databases, making them difficult to locate, and thus more difficult to make use of for the purposes of game preservation.
Binana is mainly targeted at version 3.3.5a of WoW. By reducing scope to a single version, the level of difficulty involved in implementing Whoa/Thunderbrew features is lowered significantly.
Profiles
A profile is a structured directory containing symbols and C headers that apply to a single binary sample.
For instance, in the Binana repository, the 3.3.5a-windows-386 profile contains information for the i386 (x86) Windows version of the World of Warcraft client.
Symbols
Each profile consists of a symbol database. This database is text-based, and organized as a root symbol directory, and is filled with many subdirectories, which contain both func.sym and label.sym text files, pertaining to function symbols and data label symbols, respectively.
The structure of a line (or entry) in the database is formatted thus:
LabelName <hexadecimal absolute address> <f or l for function/label> [ attributes, or optional values, e.g. key=value key="value with spaces" ]
A function file looks like this:
FunctionName1 11223344 f end=22334455 type="void __stdcall func()" ClassName__MethodName 12345678 f end=23456789 type="void __thiscall func(ClassName* this, int32_t argument)"
Our reverse-engineering tools cannot always detect the end address of a function (x64dbg cannot detect this at all!), so you should always give the end address of the function.
For Binana, the convention for the end address of a function is the address that's 1 byte after the last instruction.
For example, 0042830B would be the end address of WowConnection__AddRef
WowConnection__AddRef:
00428300 b8 01 00 00 00 MOV EAX,0x1
00428305 f0 0f c1 01 XADD.LOCK dword ptr [ECX],EAX
00428309 40 INC EAX
0042830a c3 RET
------> 0042830b cc ?? CCh
0042830c cc ?? CCh
0042830d cc ?? CCh
0042830e cc ?? CCh
0042830f cc ?? CCh
C headers
A profile also contains a tree of C headers, which are used to expose type information into IDA Pro or Ghidra.