2

I am wondering about if it is always possible, in some way to obtain the function and class names when reversing an application. (in this case a game) I have tried for around 1 month to reverse a game (Assassin's Creed Unity (anvil engine)) but still no luck getting the function names. I have found a way to obtain the class names but no clue on function names. So my question is, is it possible to actually obtain the function name out having the documentation, and create a hierarchy. (I ame doing this to get better at reversing and to learn new things (asm x64))

Any tips and tricks related to reversing classes/structers are appreciated.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
IHateAndLoveASM
  • 21
  • 1

1 Answers1

3

No, function and class names aren't needed for compiled code to work, and usually aren't part of an executable that's had its symbol table stripped.

The exception to that would be calls across DLL boundaries where you might get some mangled C++ names containing function and class names, or if there are any error-check / assert messages in the release build then some names might show up in strings.

C++ with RTTI (RunTime Type Info) might have type names somewhere, maybe mapping vtable pointers to strings, or for classes with no virtual members probably only if typeid was ever actually used. (Or not at all if compiled with RTTI disabled. activate RTTI in c++)

Even exception-handling I think doesn't need class names in the binary.

Other than that, there's no need for class names or function names in the compiled binary. Definitely not in the machine code itself; that's of course all pointers / relative offsets, even for classes with virtual functions. How do objects work in x86 at the assembly level?.

C++ does not generally support introspection, unlike Java, so there's no default need for any of the info you're looking for to be in the executable anywhere.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • ahh, ok :/ You know how to check if thay have RTTI enabled in a easy way? – IHateAndLoveASM Sep 23 '18 at 10:11
  • @IHateAndLoveASM: No idea. I don't know what data / metadata it would create, or whether searching for strings with `::` in them would work at all. Most game publishers want to make it hard to reverse-engineer their code, so it's unlikely they compiled with RTTI enabled. – Peter Cordes Sep 23 '18 at 10:18
  • 2
    also RTTI for long time incurred quite some runtime penalty and bloated the binary (back around 2000, when I was developing games for windows), so we certainly did not use any of those C++ parts. Not sure what is the state of current compilers (maybe RTTI is now affordable), but it may be the game developers are using lot of older tools/libraries and still prefer to not use RTTI, if for nothing else, due to inertia. Also RTTI provides solution for problems, which are not common in game development, if you barely scratch one of them, it often can be resolved in other way with reasonable results – Ped7g Sep 23 '18 at 11:00
  • @IHateAndLoveASM BTW, SW distributed without sources is "zombie", it may take years until it will finally disappear, but you are sort of "wasting" time with your effort (except you surely did improve your programming skills by this exercise, so I'm using quotes around "wasting"). And when you want to modify some SW, modifying the sources is lot more efficient. So make sure you catch the point when your effort will turn from experience giving exploration into tedious mechanical reverse-engineering, at that point let the ACU game go and focus on more meaningfully \[with future\] distributed SW). – Ped7g Sep 23 '18 at 11:05