(Modding) Encode/Convert .dll and .xml Gibberish

[Hell Diguner]

I've been playing around with the .xml files produced with Gibbed's modding tools for a while now. I want to translate various strings into a readable format - strings that his tools do not translate.

This post/thread got me started: http://www.openworldgames.org/owg/forums/index.php?topic=2702.msg50018#msg50018
The main thing I learned was eight character strings are usually little-endian hexadecimal numbers that can be converted manually by reversing the characters and converting from hex to decimal in Windows Notepad

Spoiler

<value hash="88596C97" type="BinHex">1E000000</value>
Can be translated
<value hash="88596C97" type="UInt32">30</value>

Somewhere else I found the longer strings can usually be converted straight from hex to ascii

Spoiler

<value hash="B171F78F" type="BinHex">776561706F6E732E776561706F6E732E706C5F6D757A7A6C65666C6173685F6D32343973617700</value>
Can be translated
<value hash="B171F78F" type="String">weapons.weapons.pl_muzzleflash_m249saw</value>

But I've wondered how folks translated the unique hashes into something readable, like

Spoiler

<value hash="88596C97" type="UInt32">30</value>
into
<value hash="88596C97" type="UInt32">30</value> <!-- iAmmoInClip -->

A couple days ago I discovered http://www.openworldgames.org/owg/forums/index.php?topic=2709.msg51956#msg51956
In which I learned why some eight character strings converted to strange numbers (they're floaing points, not whole numbers), and way to convert said strings

Even more interesting, is this:

BTW, I figured out most of the two sections that follow the ammo one.  Value names are from inside Dunia.dll, right before the ammo ones.

Value names... as in the unique hashes I don't know how to convert? Most interesting. I've tried opening Dunia.dll in Notepad++, but every encoding and attempt to use the hex<->ascii conversion tool results in gibberish.

So, uh... can anybody point me in the right direction?


Among other things, I'm trying to find and modify the section of weapon attributes that deals with how a weapon behaves when you aim down sights. I'd like to switch around scope pictures and see if can enable/disable the ability to ADS. (Flamethrower can't ADS, test to see if I can disable ADS for a weapon).

[Stiku]

reverse engineering a DLL isn't that simple, as opening it in notepad++, DLL's are dynamic and loads are done via exe's when the dll is initialized(and executed).

for the hashes : http://svn.gib.me/public/dunia2/trunk/
Quick look : http://svn.gib.me/public/dunia2/trunk/Gibbed.Dunia2.Unpack/Program.cs

[Hell Diguner]

Oh boy, C# is a little over my head. Guess it's time to learn some programming.

[Art Blade]

I'll leave that to others. "I'm too old for that s#!t" :-D

[nexor]

My head's too round for those flat things  :-D

[Art Blade]

 :-D

[wobatt]

For the ironsights section decoded, check this post by Knightmare.

You can open Dunia.dll in a hex editor such as XVI32.
Then you can search for the text value of "bCanIronsight", and you can see all the variable names for these values.
What I don't know is how Knightmare worked out which hash is for which variable name.

[Art Blade]

maybe he'll share it with us  :-()

[wobatt]

Hope he will!  :)

I tried looking at the code for the extractor, but I couldn't w@&k it out. C# is similar enough to Java for me to be able to (mostly) read it, but there is still a lot of unfamiliar code to pick through.
Maybe I'll have another go at some point.

[wobatt]

I decided to take another look at the code while still drunk after new year celebrations, and I've made some progress  :-()

From the extractor I found out that the hashes are a CRC32 hash. Putting the names from Dunia.dll through online CRC32 tools produces the hashes we see in the XML file.
This means it should be possible to create a 'dictionary' of the variable names in Dunia.dll with their hashes, and use this to fill in the blanks.

I'll keep working on it  :-()

[Binnatics]

Good luck Wobatt!

It's sounds quite complicated but I think you're going to make something out of it! :) :-X

[Art Blade]

excellent!  :)

[Hell Diguner]

I discovered Notepad++ can open Dunia.dll in the same way as XVI32. Notepad++ defaults to ANSI encoding, which is fine. The file is huge, and still full of gibberish, but I should have tried searching for known strings. Anyway, using Notepad++ is useful because I still haven't figured out how to copy/paste in XVI32

bCanIronsight needs to become E49EEB82. I had no luck using CRC32 with the online converter I found. Then I tried CRC32B and... success! Now it's "just" a matter of building a hash-to-value library, and manually translating all the xml files. Think I'll start by browsing Dunia.dll for interesting stuff. So far:

IronsightFX
fIronsightFOV
enumReticleType
selReticleType
(latter three already translated by Knightmare, I think the latter two are crosshair type if you have crosshairs enabled [does anybody actually leave crosshairs enabled?])

In a line that appears to mostly deal with vehicles:
fKickForce (maybe the force applied to vehicles when they're turned over? I've always had problems "kicking" swamp boats back into the water)
fAccelerationPushFactor
fIncomingFireEvasiveness
fUnderWaterMaxDepth (drive underwater?)

Several dozen lines higher:
LockedWeaponWater (maybe this will let us shoot underwater)
UseRoadSignHilight (same line that defines cheats, like "AllWeaponsUnlock[null][null][null][null]Unlock all weapons at the bazaar."),
MajorDamageEngineStartTime
MinorDamageEngineStartTime
MintEngineStartTime

[wobatt]

I have been doing a bit of programming for this  :-()

I have a dictionary of 32000 strings from Dunia.dll (although some of them a complete rubbish), and I have a program that calculates their hashes, then reads the XML files to translate the hashes in them  >:D

I just need to fix a couple of small bugs, then I will share it.



This tool gives the right results and is easy to use: http://www.tools4noobs.com/online_php_functions/crc32/

[PZ]

Excellent w@&k both of you - +1 to each  :-X

I may actually abandon my current FC2 installation and upgrade to the latest version so I can start modding again.  Not sure though, because there are other games I've been meaning to play that I have not really started yet. 

Life seems to be getting in the way  :-()

In any case, because FC2 is still so visually appealing to me, and is still my favorite game of all time, I am keeping it on my list because I always seem to return.  The best part is that each mod makes playing the game an entirely different experience.  As I mentioned in another post, just changing the weapon degradation has completely changed my movements through the FC2 world, and I now follow pathways I have not followed before.

[wobatt]

Hope I can open up some more pathways for you PZ!

I've finished my program, uploaded here, just waiting for approval.

In the files extracted by the Gibbed bootstrapper, it identifies nearly 100,000 lines from their hashes, and translates about 85,000 of the BinHex values   :-D

[PZ]

Approved. and thanks wobatt - from a quick examination of the contents, this should make modding much easier, especially from the stand point of performing changes not already discovered by others  :-X definitely a +1 for your submission

[wobatt]

Thanks!

I'll try to improve it over the next couple of days, before I go back to w@&k. The dictionary needs a bit more cleaning up, and I need to go through the newly named XML to see if there are any more BinHex values that can be revealed.

I haven't even looked at what is now possible in most of the XML files  ;)

Another idea is that encoded in a load of the strings are file names. We could try hashing them to see if they match any of the unknown files  :-D

[Art Blade]

splendid, wobatt, splendid  :-D

+1  :-X :)

[Hell Diguner]

Holy crap wobatt, amazing w@&k! More kudos from me.

Some of the long hexadecimal strings (not hashes) I've converted to text (mostly in player.xml and weaponproperties.xml) turned out to be file names and sometimes file paths for scripts/functions, particles, sounds, and animations - so maybe they're the file names you've found in Dunia.dll? Stuff like

weapons.AimCurves.IronsightFOVCurve
Curves.ShootingSystem.DistanceAccuracy_Mounted_M249
weapons.weapons.muzzleflash_m249saw_mounted
graphics\gfx\weapons\bullettracer_d.xbt
environment.underwater.vasouille
PostFx.Run.RunLoop
Curves.Locomotion.VegetationSlowdown
and so on

[Art Blade]

Hell Diguner, I'm pretty sure it was without any intention, but his name is spelled differently  ;)

[wobatt]

Meh, close enough  ;)

Some of those file names look similar to the ones I found  :-X
How I think it works is that the file path is hashed, and that hash is the file name in the UNKNOWN extracted folder. If we identify them, they can be added to one of the 'filelist' files in the Gibbed tool folders so they can be extracted properly.


Here are some more that can be added to Wob.FC2Dunia.TypeNames.txt

Spoiler

driverActionMap   String
EntryBoneName   String
ExplodeSendEvent   String
mmsAction   String
sArchetypeName   String
sCarrierBindBone   String
sEnterUsageString   String
sKickUsageString   String
sPlacementBone   String
sPlacementBoneName   String
sRepairUsageString   String
sSeatBoneName   String
sSmokeEmitterBindBone   String
sStationBindBone   String
sTeamName   String
#disName   String  -  sometimes a hash
011F98D9   String
033DAB5D   String
0340F868   String
04CCC712   String
0B6C042B   String
13E1DBD8   String
1943B130   String
1AAD6A41   String
1CC53544   String
1DA03EFF   String
1E78405F   String
210BE5EA   String
281ED89D   String
284C8CAC   String
297D0D1C   String
3030F2A0   String
3924E150   String
3BB1654D   String
3E939EAF   String
3EA3A598   String
415C9112   String
432EBAAF   String
4C222D81   String
527E7674   String
589BEC1B   String
61957EFA   String
63F89F1F   String
655C7547   String
6B3AF208   String
6D69FB3D   String
75961936   String
8448BEBC   String
860E34FA   String
90665ACB   String
907AE14C   String
920A6E7C   String
93D2AFB5   String
978B22AC   String
9816A342   String
9A1246A4   String
9A6235E1   String
9D93CBE3   String
A6B8C5EE   String
A732FD76   String
B171F78F   String
B395D9E0   String
B8F77B33   String
BE25F0C9   String
C11C9A7E   String
C1D8B8A3   String
C281E914   String
C8F8BA52   String
D267B1A9   String
D553AED0   String
D6F35F0A   String
D821E6F9   String
D8AA3E0C   String
D9379BFE   String
DCEEA1E7   String
EA0F38C4   String
ED3C443C   String
EFA4885E   String
F0AF9DDB   String
F1B1D97B   String
F96FAF0D   String
FCEB2B9A   String
FDC68FDE   String

[Hell Diguner]

Ah yes, not the first time auto-spellcheck screwed me. Fixed.

[Art Blade]

  :-X

[aleeque]

How do I decode an 8-digit hex floating point number?

Such as CEB68E0D, for example. You said I have to "swap the bytes", but what does it mean?