Far Cry 4 - symbols

Add topics here with methods, analysis, code snippets, mods etc. for a certain game that normally won't make it in the Tables or Requests sections.
Post Reply
User avatar
SunBeam
Administration
Administration
Posts: 4703
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Far Cry 4 - symbols

Post by SunBeam »

As some of you know, Ubisoft has dropped VMProtect off the Far Cry 4 library (FC64.dll). That being said and taking into consideration the bullets below..
  • I've used a leaked XBOX360 build that has debug symbols
  • no, I can't provide information or a link to the XBOX360 leak, you will have to find it yourself
  • no, I can't teach you how to do it yourself
  • no, I can't explain how I did it, as it's a learning curve (it still is even for me)
  • no, I can't do the same for some game of your interest, just cuz I was able to do it here and know how
  • no, I don't want money or anything to do something similar for your game
..here's an x64dbg database containing mapped symbols by yours truly.

IF you're going to use this in your work, IF you're going to leech it to some other forum, IF <insert any other actions here>, remember where you got it from and who made this available, so give proper credit. Would be nice if you mention the author and this forum/topic link in your message. Why am I asking this of you.. please read below.

I've put in quite a lot of hours (over 1 week or more; and not 1 hour a day, but up to 5-6 hours a day) manually mapping functions in the PC version of the game (Intel x64 architecture) from XBOX360 version (IBM PowerPC architecture). Different architectures, looking completely different from the ASM you're used to. Here's an idea of equivalence between XBOX360 and PC. Top is IDA with the XBOX360 .xex open, bottom is x64dbg showing the PC version (FC64.dll) and the same region of data:

Image

Linked the current .exe/.dll pair so they stay here for posterity.

Far Cry 4 1.10.0 binaries: [Link]
(password: sunbeam)

Far Cry 4 1.10.0 x64dbg database: [Link]
(no password)

How to use, simple:
  • get [Link]
  • extract/move the .dd64 file to '\x64dbg\x32\db' folder
  • run the game
  • attach to TWFC.exe
  • done
Once attached, open the Labels pane and you'll see over 753 names there:

Image

Note that I can't hold your hand while you learn how to use x64dbg, so "my game crashes", "I can't attach", "I don't understand how to do it" etc. are not my concern. The intention here is to provide a helping hand to people wanting to reverse Dunia, not to teach you how to use x64dbg. If you have zero knowledge in this regard, maybe you want to ignore this for now; till you get interested, learn a bit, then return here.

The database contains mappings up to what I've - once more, manually - mapped so far. It's not complete by far, you will find CALLs (functions) that have no names/labels still, but a lot of them should make sense once you start debugging. I might turn it into a .pdb later on using FakePDB plugin in IDA.

This should help you understand a bit how Dunia Engine works internally. Most of the stuff here can easily be replicated to Far Cry 6 by either string reference look-up or patterns (aobs).

Enjoy and best regards,
Sun

Post Reply

Who is online

Users browsing this forum: No registered users