Results 1 to 5 of 5
  1. #1
    LastLegend's Avatar
    Join Date
    Jun 2014
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    1

    Question IDA pro can't disassemble Ghosts. How do you guys do it?

    Hello everyone,

    When it comes to reverse engineering Ghosts, or any COD game for that matter, I've been really late to the train as I just started doing it. I was able to use some of the posted addresses to make simple programs that can read the game's state (e.g., IsInGame, CGS, etc).

    Now I'm trying to disassemble Ghosts to find some addresses myself using IDA v6.1. However, it seems Ghosts (v3.13) is using some kind of obfuscation that prevents IDA from doing its job. Here are some of the errors I get when I try to open Ghosts in IDA:



    (until the attachment is approved, the image url: oi62.tinypic.com/10n8ihl.jpg)

    When IDA is done analysing the binary, it barely finds any routines inside:



    (until the attachment is approved, the image url: oi61.tinypic.com/2rm8gn6.jpg)

    I opened both MW2 and BO2 in IDA and it worked without any problems. Is this happening because Ghosts is 64bit while the other two games were 32bit (i.e., does IDA 64bit support sucks?)? Any help would be appreciated.
    Attached Thumbnails Attached Thumbnails
    10n8ihl.jpg  

    2rm8gn6.jpg  

    Last edited by LastLegend; 06-30-2014 at 11:14 AM.

  2. The Following User Says Thank You to LastLegend For This Useful Post:

    out8r3ak (08-08-2014)

  3. #2
    cardoow's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Posts
    214
    Reputation
    28
    Thanks
    747
    My Mood
    Amazed
    Best way is to dump the exe and then open the dump file with IDA x64.

  4. The Following User Says Thank You to cardoow For This Useful Post:

    LastLegend (07-03-2014)

  5. #3
    LastLegend's Avatar
    Join Date
    Jun 2014
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    1
    Thanks cardoow for your reply Do you recommend any tool to create the dump?

  6. #4
    NightmareTX_RETIRED's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    1,240
    Reputation
    57
    Thanks
    15,075
    My Mood
    Fine
    CHimpREC 64

  7. The Following User Says Thank You to NightmareTX_RETIRED For This Useful Post:

    LastLegend (07-03-2014)

  8. #5
    LastLegend's Avatar
    Join Date
    Jun 2014
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    1
    Aw man NightmareTX where were you two days ago? Thank you so much for pointing me to that application. I've spent the last two days working on determining the IAT and OEP of Ghosts using this tutorial:
    hex-rays.com/products/ida/support/tutorials/unpack_pe/manual.shtml. I found them eventually, but with your program it literally was a few clicks! Now I'm back to finding addresses