sasaalert.blogg.se - Cxbx reloaded progress

#Cxbx reloaded progress code

If all checks are valid, the location is considered a match for the OOVPA and scanning continues with the next OOVPA.

For each location in the address range, all byte offsets mentioned in the OOVPA are read from the executable and checked against the value that should be there according to the OOVPA.

XbSymbolDatabase walks through a list of OOVPAs, and for each of these, the address range is determined and scanned through.

Scanning for functions using OOVPAs goes roughly like this: In it's current state, XbSymbolDatabase contains one OOVPATable per library. OOVPAs are registered in library's OOVPATable. XbSymbolDatabase uses an OOVPA to scan for the location of that function in an XBE. The likelihood of falsely locating a function body is inversely proportional to the number of pairs combined with the rarity of those pairs.Įach OOVPA describes one unique function which originated from a specific version of a library.

This is due to the fact that, statistically, carefully chosen (offset,value) pairs are capable of uniquely identifying relocatable code. This process is time consuming, but very rewarding.Ĭxbx is able to successfully (and with no false identifications to date) identify High Level Functions inside an arbitrary XBE file. With this datatype, we can locate the function by hand, and then write down important (offset,value) pairs. Value represents the byte value at that location. Offset represents the offset (in bytes) from the start of the function. a High Level Function), a database of (offset,value) pairs can be used.

#Cxbx reloaded progress code

In order to efficiently locate a given chunk of assembly code (i.e. It's initial description can be read on, it says: It's a data-structure that was thought up by Aaron Robinson (also known as Caustik), the initiator of Cxbx back in 2003. OOVPA stands for "Optimized (Offset, Value)-Pair Array". XbSymbolDatabase scans the contents of an XBE using so-called OOVPAs.