I need twelvesky 2 reborn IMG structure

[kaneki321]

I need twelvesky 2 reborn IMG structure

[sdefref]

Figure it out, that part isnt hard if you know what your doing.

[lnwnuyhodd]

Use IDA to find the correct structure
Example:
an exe is packed, you will need to dump process before load into IDA

IDA menu > Search > Sequence of bytes > "005_00002.IMG" > OK > double click result >
right click result name ex: "aG03GdataD01Gim_0" > List cross references to > OK (go to function)

Code:

BOOL CITEM::CheckValidElement(int a2)
{
  int i; // [esp+4h] [ebp-8h]
  int j; // [esp+4h] [ebp-8h]
  int l; // [esp+4h] [ebp-8h]
  int k; // [esp+8h] [ebp-4h]

  if ( !*(436 * a2 + this[1]) )
    return 1;
  if ( *(436 * a2 + this[1]) < 1 || *(436 * a2 + this[1]) > 99999 )
    return 0;
  if ( *(436 * a2 + this[1]) != a2 + 1 )
    return 0;
  for ( i = 0; i < 25 && *(436 * a2 + this[1] + i + 4); ++i )
  {
    ;
  }
  if ( i == 25 )
    return 0;
  for ( j = 0; j < 3; ++j )
  {
    for ( k = 0; k < 51 && *(51 * j + k + 436 * a2 + this[1] + 29); ++k )
    {
      ;
    }
    if ( k == 51 )
      return 0;
  }
  if ( *(this[1] + 436 * a2 + 184) < 1 || *(this[1] + 436 * a2 + 184) > 6 )
    return 0;
  if ( *(this[1] + 436 * a2 + 188) < 1 || *(this[1] + 436 * a2 + 188) > 32 )
    return 0;
  if ( *(this[1] + 436 * a2 + 192) < 1 || *(this[1] + 436 * a2 + 192) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 196) < 0 || *(this[1] + 436 * a2 + 196) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 200) < 0 || *(this[1] + 436 * a2 + 200) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 204) < 1 || *(this[1] + 436 * a2 + 204) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 208) < 0 || *(this[1] + 436 * a2 + 208) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 212) < 1 || *(this[1] + 436 * a2 + 212) > 4 )
    return 0;
  if ( *(this[1] + 436 * a2 + 216) < 1 || *(this[1] + 436 * a2 + 216) > 14 )
    return 0;
  if ( *(this[1] + 436 * a2 + 220) < 1 || *(this[1] + 436 * a2 + 220) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 224) < 0 || *(this[1] + 436 * a2 + 224) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 228) < 0 || *(this[1] + 436 * a2 + 228) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 232) < 1 || *(this[1] + 436 * a2 + 232) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 236) < 0 || *(this[1] + 436 * a2 + 236) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 240) < 1 || *(this[1] + 436 * a2 + 240) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 244) < 1 || *(this[1] + 436 * a2 + 244) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 248) < 1 || *(this[1] + 436 * a2 + 248) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 252) < 1 || *(this[1] + 436 * a2 + 252) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 256) < 1 || *(this[1] + 436 * a2 + 256) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 260) < 1 || *(this[1] + 436 * a2 + 260) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 264) < 1 || *(this[1] + 436 * a2 + 264) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 268) < 1 || *(this[1] + 436 * a2 + 268) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 272) < 1 || *(this[1] + 436 * a2 + 272) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 276) < 1 || *(this[1] + 436 * a2 + 276) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 280) < 1 || *(this[1] + 436 * a2 + 280) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 284) < 1 || *(this[1] + 436 * a2 + 284) > 3 )
    return 0;
  if ( *(this[1] + 436 * a2 + 288) < 0 || *(this[1] + 436 * a2 + 288) > 365 )
    return 0;
  if ( *(this[1] + 436 * a2 + 292) < 0 || *(this[1] + 436 * a2 + 292) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 296) < 0 || *(this[1] + 436 * a2 + 296) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 300) < 0 || *(this[1] + 436 * a2 + 300) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 304) < 0 || *(this[1] + 436 * a2 + 304) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 308) < 0 || *(this[1] + 436 * a2 + 308) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 312) < 0 || *(this[1] + 436 * a2 + 312) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 316) < 0 || *(this[1] + 436 * a2 + 316) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 320) < 0 || *(this[1] + 436 * a2 + 320) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 324) < 0 || *(this[1] + 436 * a2 + 324) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 328) < 0 || *(this[1] + 436 * a2 + 328) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 332) < 0 || *(this[1] + 436 * a2 + 332) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 336) < 0 || *(this[1] + 436 * a2 + 336) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) < 0 || *(this[1] + 436 * a2 + 340) > 16 )
    return 0;
  if ( *(this[1] + 436 * a2 + 344) < 0 || *(this[1] + 436 * a2 + 344) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) == 9 && (*(this[1] + 436 * a2 + 344) < 1 || *(this[1] + 436 * a2 + 344) > 3) )
    return 0;
  if ( *(this[1] + 436 * a2 + 348) < 0 || *(this[1] + 436 * a2 + 348) > 300 )
    return 0;
  if ( *(this[1] + 436 * a2 + 352) < 0 || *(this[1] + 436 * a2 + 352) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 356) < 0 || *(this[1] + 436 * a2 + 356) > 1000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 360) < 0 || *(this[1] + 436 * a2 + 360) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 364) < 0 || *(this[1] + 436 * a2 + 364) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 368) < 0 || *(this[1] + 436 * a2 + 368) > 100 )
    return 0;
  for ( l = 0; l < 8; ++l )
  {
    if ( *(this[1] + 436 * a2 + 8 * l + 372) < 0 || *(this[1] + 436 * a2 + 8 * l + 372) > 300 )
      return 0;
    if ( *(this[1] + 436 * a2 + 8 * l + 376) < 0 || *(this[1] + 436 * a2 + 8 * l + 376) > 100 )
      return 0;
  }
  return 1;
}

BOOL CITEM::Init()
{
  BOOL result;
  DWORD nReadBytes;
  ITEM_INFO *tDATA;
  HANDLE hFile;
  int index01;
  int tNumWithXOR;
  int tDataNum;
  int tOffset;
  BYTE *tCompress;
  BYTE *tOriginal;
  DWORD tCompressSize;
  DWORD tOriginalSize;

  if ( mLanguage == 1 )
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\TR\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  else
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  if ( hFile == INVALID_HANDLE_VALUE)
    return 0;
  if ( ReadFile(hFile, &tOriginalSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
  {
    tOriginal = GlobalAlloc(0, tOriginalSize);
    if ( tOriginal && ReadFile(hFile, &tCompressSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
    {
      tCompress = GlobalAlloc(0, tCompressSize);
      if ( tCompress && ReadFile(hFile, tCompress, tCompressSize, &nReadBytes, 0) && nReadBytes == tCompressSize )
      {
        if ( CloseHandle(hFile) )
        {
          if ( CUTIL::Decompress(tCompressSize, tCompress, tOriginalSize, tOriginal) )
          {
            tNumWithXOR = 0;
            tOffset = 0;
            CopyMemory(&tNumWithXOR, tOriginal, 4);
            tDataNum = tNumWithXOR ^ 0x1CB3;
            tOffset = 67;
            if ( (tNumWithXOR ^ 0x1CB3) == 99999 )
            {
              tDATA = GlobalAlloc(0, 43599564);
              if ( tDATA )
              {
                CopyMemory(tDATA, &tOriginal[tOffset], 436 * tDataNum);
                GlobalFree(tCompress);
                GlobalFree(tOriginal);
                mDataNum = tDataNum;
                mDATA = tDATA;
                for ( index01 = 0; index01 < mDataNum; index01++ )
                {
                  if ( !CITEM::CheckValidElement(index01) )
                    return 0;
                }
                result = 1;
              }
              else
              {
                result = 0;
              }
            }
            else
            {
              result = 0;
            }
          }
          else
          {
            result = 0;
          }
        }
        else
        {
          result = 0;
        }
      }
      else
      {
        CloseHandle(hFile);
        result = 0;
      }
    }
    else
    {
      CloseHandle(hFile);
      result = 0;
    }
  }
  else
  {
    CloseHandle(hFile);
    result = 0;
  }
  return result;
}

[kaneki321]

Quote:

Originally Posted by lnwnuyhodd

Use IDA to find the correct structure
Example:
an exe is packed, you will need to dump process before load into IDA

IDA menu > Search > Sequence of bytes > "005_00002.IMG" > OK > double click result >
right click result name ex: "aG03GdataD01Gim_0" > List cross references to > OK (go to function)

Code:

BOOL CITEM::CheckValidElement(int a2)
{
  int i; // [esp+4h] [ebp-8h]
  int j; // [esp+4h] [ebp-8h]
  int l; // [esp+4h] [ebp-8h]
  int k; // [esp+8h] [ebp-4h]

  if ( !*(436 * a2 + this[1]) )
    return 1;
  if ( *(436 * a2 + this[1]) < 1 || *(436 * a2 + this[1]) > 99999 )
    return 0;
  if ( *(436 * a2 + this[1]) != a2 + 1 )
    return 0;
  for ( i = 0; i < 25 && *(436 * a2 + this[1] + i + 4); ++i )
  {
    ;
  }
  if ( i == 25 )
    return 0;
  for ( j = 0; j < 3; ++j )
  {
    for ( k = 0; k < 51 && *(51 * j + k + 436 * a2 + this[1] + 29); ++k )
    {
      ;
    }
    if ( k == 51 )
      return 0;
  }
  if ( *(this[1] + 436 * a2 + 184) < 1 || *(this[1] + 436 * a2 + 184) > 6 )
    return 0;
  if ( *(this[1] + 436 * a2 + 188) < 1 || *(this[1] + 436 * a2 + 188) > 32 )
    return 0;
  if ( *(this[1] + 436 * a2 + 192) < 1 || *(this[1] + 436 * a2 + 192) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 196) < 0 || *(this[1] + 436 * a2 + 196) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 200) < 0 || *(this[1] + 436 * a2 + 200) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 204) < 1 || *(this[1] + 436 * a2 + 204) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 208) < 0 || *(this[1] + 436 * a2 + 208) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 212) < 1 || *(this[1] + 436 * a2 + 212) > 4 )
    return 0;
  if ( *(this[1] + 436 * a2 + 216) < 1 || *(this[1] + 436 * a2 + 216) > 14 )
    return 0;
  if ( *(this[1] + 436 * a2 + 220) < 1 || *(this[1] + 436 * a2 + 220) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 224) < 0 || *(this[1] + 436 * a2 + 224) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 228) < 0 || *(this[1] + 436 * a2 + 228) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 232) < 1 || *(this[1] + 436 * a2 + 232) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 236) < 0 || *(this[1] + 436 * a2 + 236) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 240) < 1 || *(this[1] + 436 * a2 + 240) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 244) < 1 || *(this[1] + 436 * a2 + 244) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 248) < 1 || *(this[1] + 436 * a2 + 248) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 252) < 1 || *(this[1] + 436 * a2 + 252) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 256) < 1 || *(this[1] + 436 * a2 + 256) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 260) < 1 || *(this[1] + 436 * a2 + 260) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 264) < 1 || *(this[1] + 436 * a2 + 264) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 268) < 1 || *(this[1] + 436 * a2 + 268) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 272) < 1 || *(this[1] + 436 * a2 + 272) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 276) < 1 || *(this[1] + 436 * a2 + 276) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 280) < 1 || *(this[1] + 436 * a2 + 280) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 284) < 1 || *(this[1] + 436 * a2 + 284) > 3 )
    return 0;
  if ( *(this[1] + 436 * a2 + 288) < 0 || *(this[1] + 436 * a2 + 288) > 365 )
    return 0;
  if ( *(this[1] + 436 * a2 + 292) < 0 || *(this[1] + 436 * a2 + 292) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 296) < 0 || *(this[1] + 436 * a2 + 296) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 300) < 0 || *(this[1] + 436 * a2 + 300) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 304) < 0 || *(this[1] + 436 * a2 + 304) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 308) < 0 || *(this[1] + 436 * a2 + 308) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 312) < 0 || *(this[1] + 436 * a2 + 312) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 316) < 0 || *(this[1] + 436 * a2 + 316) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 320) < 0 || *(this[1] + 436 * a2 + 320) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 324) < 0 || *(this[1] + 436 * a2 + 324) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 328) < 0 || *(this[1] + 436 * a2 + 328) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 332) < 0 || *(this[1] + 436 * a2 + 332) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 336) < 0 || *(this[1] + 436 * a2 + 336) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) < 0 || *(this[1] + 436 * a2 + 340) > 16 )
    return 0;
  if ( *(this[1] + 436 * a2 + 344) < 0 || *(this[1] + 436 * a2 + 344) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) == 9 && (*(this[1] + 436 * a2 + 344) < 1 || *(this[1] + 436 * a2 + 344) > 3) )
    return 0;
  if ( *(this[1] + 436 * a2 + 348) < 0 || *(this[1] + 436 * a2 + 348) > 300 )
    return 0;
  if ( *(this[1] + 436 * a2 + 352) < 0 || *(this[1] + 436 * a2 + 352) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 356) < 0 || *(this[1] + 436 * a2 + 356) > 1000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 360) < 0 || *(this[1] + 436 * a2 + 360) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 364) < 0 || *(this[1] + 436 * a2 + 364) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 368) < 0 || *(this[1] + 436 * a2 + 368) > 100 )
    return 0;
  for ( l = 0; l < 8; ++l )
  {
    if ( *(this[1] + 436 * a2 + 8 * l + 372) < 0 || *(this[1] + 436 * a2 + 8 * l + 372) > 300 )
      return 0;
    if ( *(this[1] + 436 * a2 + 8 * l + 376) < 0 || *(this[1] + 436 * a2 + 8 * l + 376) > 100 )
      return 0;
  }
  return 1;
}

BOOL CITEM::Init()
{
  BOOL result;
  DWORD nReadBytes;
  ITEM_INFO *tDATA;
  HANDLE hFile;
  int index01;
  int tNumWithXOR;
  int tDataNum;
  int tOffset;
  BYTE *tCompress;
  BYTE *tOriginal;
  DWORD tCompressSize;
  DWORD tOriginalSize;

  if ( mLanguage == 1 )
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\TR\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  else
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  if ( hFile == INVALID_HANDLE_VALUE)
    return 0;
  if ( ReadFile(hFile, &tOriginalSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
  {
    tOriginal = GlobalAlloc(0, tOriginalSize);
    if ( tOriginal && ReadFile(hFile, &tCompressSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
    {
      tCompress = GlobalAlloc(0, tCompressSize);
      if ( tCompress && ReadFile(hFile, tCompress, tCompressSize, &nReadBytes, 0) && nReadBytes == tCompressSize )
      {
        if ( CloseHandle(hFile) )
        {
          if ( CUTIL::Decompress(tCompressSize, tCompress, tOriginalSize, tOriginal) )
          {
            tNumWithXOR = 0;
            tOffset = 0;
            CopyMemory(&tNumWithXOR, tOriginal, 4);
            tDataNum = tNumWithXOR ^ 0x1CB3;
            tOffset = 67;
            if ( (tNumWithXOR ^ 0x1CB3) == 99999 )
            {
              tDATA = GlobalAlloc(0, 43599564);
              if ( tDATA )
              {
                CopyMemory(tDATA, &tOriginal[tOffset], 436 * tDataNum);
                GlobalFree(tCompress);
                GlobalFree(tOriginal);
                mDataNum = tDataNum;
                mDATA = tDATA;
                for ( index01 = 0; index01 < mDataNum; index01++ )
                {
                  if ( !CITEM::CheckValidElement(index01) )
                    return 0;
                }
                result = 1;
              }
              else
              {
                result = 0;
              }
            }
            else
            {
              result = 0;
            }
          }
          else
          {
            result = 0;
          }
        }
        else
        {
          result = 0;
        }
      }
      else
      {
        CloseHandle(hFile);
        result = 0;
      }
    }
    else
    {
      CloseHandle(hFile);
      result = 0;
    }
  }
  else
  {
    CloseHandle(hFile);
    result = 0;
  }
  return result;
}

How can i dump exe,can you help me

[lnwnuyhodd]

[kaneki321]

Quote:

Originally Posted by lnwnuyhodd

Thanks for all,if you have ida pro download link, would you please share to me.

Quote:

Originally Posted by lnwnuyhodd

Use IDA to find the correct structure
Example:
an exe is packed, you will need to dump process before load into IDA

IDA menu > Search > Sequence of bytes > "005_00002.IMG" > OK > double click result >
right click result name ex: "aG03GdataD01Gim_0" > List cross references to > OK (go to function)

Code:

BOOL CITEM::CheckValidElement(int a2)
{
  int i; // [esp+4h] [ebp-8h]
  int j; // [esp+4h] [ebp-8h]
  int l; // [esp+4h] [ebp-8h]
  int k; // [esp+8h] [ebp-4h]

  if ( !*(436 * a2 + this[1]) )
    return 1;
  if ( *(436 * a2 + this[1]) < 1 || *(436 * a2 + this[1]) > 99999 )
    return 0;
  if ( *(436 * a2 + this[1]) != a2 + 1 )
    return 0;
  for ( i = 0; i < 25 && *(436 * a2 + this[1] + i + 4); ++i )
  {
    ;
  }
  if ( i == 25 )
    return 0;
  for ( j = 0; j < 3; ++j )
  {
    for ( k = 0; k < 51 && *(51 * j + k + 436 * a2 + this[1] + 29); ++k )
    {
      ;
    }
    if ( k == 51 )
      return 0;
  }
  if ( *(this[1] + 436 * a2 + 184) < 1 || *(this[1] + 436 * a2 + 184) > 6 )
    return 0;
  if ( *(this[1] + 436 * a2 + 188) < 1 || *(this[1] + 436 * a2 + 188) > 32 )
    return 0;
  if ( *(this[1] + 436 * a2 + 192) < 1 || *(this[1] + 436 * a2 + 192) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 196) < 0 || *(this[1] + 436 * a2 + 196) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 200) < 0 || *(this[1] + 436 * a2 + 200) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 204) < 1 || *(this[1] + 436 * a2 + 204) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 208) < 0 || *(this[1] + 436 * a2 + 208) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 212) < 1 || *(this[1] + 436 * a2 + 212) > 4 )
    return 0;
  if ( *(this[1] + 436 * a2 + 216) < 1 || *(this[1] + 436 * a2 + 216) > 14 )
    return 0;
  if ( *(this[1] + 436 * a2 + 220) < 1 || *(this[1] + 436 * a2 + 220) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 224) < 0 || *(this[1] + 436 * a2 + 224) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 228) < 0 || *(this[1] + 436 * a2 + 228) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 232) < 1 || *(this[1] + 436 * a2 + 232) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 236) < 0 || *(this[1] + 436 * a2 + 236) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 240) < 1 || *(this[1] + 436 * a2 + 240) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 244) < 1 || *(this[1] + 436 * a2 + 244) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 248) < 1 || *(this[1] + 436 * a2 + 248) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 252) < 1 || *(this[1] + 436 * a2 + 252) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 256) < 1 || *(this[1] + 436 * a2 + 256) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 260) < 1 || *(this[1] + 436 * a2 + 260) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 264) < 1 || *(this[1] + 436 * a2 + 264) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 268) < 1 || *(this[1] + 436 * a2 + 268) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 272) < 1 || *(this[1] + 436 * a2 + 272) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 276) < 1 || *(this[1] + 436 * a2 + 276) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 280) < 1 || *(this[1] + 436 * a2 + 280) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 284) < 1 || *(this[1] + 436 * a2 + 284) > 3 )
    return 0;
  if ( *(this[1] + 436 * a2 + 288) < 0 || *(this[1] + 436 * a2 + 288) > 365 )
    return 0;
  if ( *(this[1] + 436 * a2 + 292) < 0 || *(this[1] + 436 * a2 + 292) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 296) < 0 || *(this[1] + 436 * a2 + 296) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 300) < 0 || *(this[1] + 436 * a2 + 300) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 304) < 0 || *(this[1] + 436 * a2 + 304) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 308) < 0 || *(this[1] + 436 * a2 + 308) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 312) < 0 || *(this[1] + 436 * a2 + 312) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 316) < 0 || *(this[1] + 436 * a2 + 316) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 320) < 0 || *(this[1] + 436 * a2 + 320) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 324) < 0 || *(this[1] + 436 * a2 + 324) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 328) < 0 || *(this[1] + 436 * a2 + 328) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 332) < 0 || *(this[1] + 436 * a2 + 332) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 336) < 0 || *(this[1] + 436 * a2 + 336) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) < 0 || *(this[1] + 436 * a2 + 340) > 16 )
    return 0;
  if ( *(this[1] + 436 * a2 + 344) < 0 || *(this[1] + 436 * a2 + 344) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) == 9 && (*(this[1] + 436 * a2 + 344) < 1 || *(this[1] + 436 * a2 + 344) > 3) )
    return 0;
  if ( *(this[1] + 436 * a2 + 348) < 0 || *(this[1] + 436 * a2 + 348) > 300 )
    return 0;
  if ( *(this[1] + 436 * a2 + 352) < 0 || *(this[1] + 436 * a2 + 352) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 356) < 0 || *(this[1] + 436 * a2 + 356) > 1000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 360) < 0 || *(this[1] + 436 * a2 + 360) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 364) < 0 || *(this[1] + 436 * a2 + 364) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 368) < 0 || *(this[1] + 436 * a2 + 368) > 100 )
    return 0;
  for ( l = 0; l < 8; ++l )
  {
    if ( *(this[1] + 436 * a2 + 8 * l + 372) < 0 || *(this[1] + 436 * a2 + 8 * l + 372) > 300 )
      return 0;
    if ( *(this[1] + 436 * a2 + 8 * l + 376) < 0 || *(this[1] + 436 * a2 + 8 * l + 376) > 100 )
      return 0;
  }
  return 1;
}

BOOL CITEM::Init()
{
  BOOL result;
  DWORD nReadBytes;
  ITEM_INFO *tDATA;
  HANDLE hFile;
  int index01;
  int tNumWithXOR;
  int tDataNum;
  int tOffset;
  BYTE *tCompress;
  BYTE *tOriginal;
  DWORD tCompressSize;
  DWORD tOriginalSize;

  if ( mLanguage == 1 )
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\TR\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  else
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  if ( hFile == INVALID_HANDLE_VALUE)
    return 0;
  if ( ReadFile(hFile, &tOriginalSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
  {
    tOriginal = GlobalAlloc(0, tOriginalSize);
    if ( tOriginal && ReadFile(hFile, &tCompressSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
    {
      tCompress = GlobalAlloc(0, tCompressSize);
      if ( tCompress && ReadFile(hFile, tCompress, tCompressSize, &nReadBytes, 0) && nReadBytes == tCompressSize )
      {
        if ( CloseHandle(hFile) )
        {
          if ( CUTIL::Decompress(tCompressSize, tCompress, tOriginalSize, tOriginal) )
          {
            tNumWithXOR = 0;
            tOffset = 0;
            CopyMemory(&tNumWithXOR, tOriginal, 4);
            tDataNum = tNumWithXOR ^ 0x1CB3;
            tOffset = 67;
            if ( (tNumWithXOR ^ 0x1CB3) == 99999 )
            {
              tDATA = GlobalAlloc(0, 43599564);
              if ( tDATA )
              {
                CopyMemory(tDATA, &tOriginal[tOffset], 436 * tDataNum);
                GlobalFree(tCompress);
                GlobalFree(tOriginal);
                mDataNum = tDataNum;
                mDATA = tDATA;
                for ( index01 = 0; index01 < mDataNum; index01++ )
                {
                  if ( !CITEM::CheckValidElement(index01) )
                    return 0;
                }
                result = 1;
              }
              else
              {
                result = 0;
              }
            }
            else
            {
              result = 0;
            }
          }
          else
          {
            result = 0;
          }
        }
        else
        {
          result = 0;
        }
      }
      else
      {
        CloseHandle(hFile);
        result = 0;
      }
    }
    else
    {
      CloseHandle(hFile);
      result = 0;
    }
  }
  else
  {
    CloseHandle(hFile);
    result = 0;
  }
  return result;
}

Didn't work

Quote:

Originally Posted by lnwnuyhodd

Use IDA to find the correct structure
Example:
an exe is packed, you will need to dump process before load into IDA

IDA menu > Search > Sequence of bytes > "005_00002.IMG" > OK > double click result >
right click result name ex: "aG03GdataD01Gim_0" > List cross references to > OK (go to function)

Code:

BOOL CITEM::CheckValidElement(int a2)
{
  int i; // [esp+4h] [ebp-8h]
  int j; // [esp+4h] [ebp-8h]
  int l; // [esp+4h] [ebp-8h]
  int k; // [esp+8h] [ebp-4h]

  if ( !*(436 * a2 + this[1]) )
    return 1;
  if ( *(436 * a2 + this[1]) < 1 || *(436 * a2 + this[1]) > 99999 )
    return 0;
  if ( *(436 * a2 + this[1]) != a2 + 1 )
    return 0;
  for ( i = 0; i < 25 && *(436 * a2 + this[1] + i + 4); ++i )
  {
    ;
  }
  if ( i == 25 )
    return 0;
  for ( j = 0; j < 3; ++j )
  {
    for ( k = 0; k < 51 && *(51 * j + k + 436 * a2 + this[1] + 29); ++k )
    {
      ;
    }
    if ( k == 51 )
      return 0;
  }
  if ( *(this[1] + 436 * a2 + 184) < 1 || *(this[1] + 436 * a2 + 184) > 6 )
    return 0;
  if ( *(this[1] + 436 * a2 + 188) < 1 || *(this[1] + 436 * a2 + 188) > 32 )
    return 0;
  if ( *(this[1] + 436 * a2 + 192) < 1 || *(this[1] + 436 * a2 + 192) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 196) < 0 || *(this[1] + 436 * a2 + 196) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 200) < 0 || *(this[1] + 436 * a2 + 200) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 204) < 1 || *(this[1] + 436 * a2 + 204) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 208) < 0 || *(this[1] + 436 * a2 + 208) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 212) < 1 || *(this[1] + 436 * a2 + 212) > 4 )
    return 0;
  if ( *(this[1] + 436 * a2 + 216) < 1 || *(this[1] + 436 * a2 + 216) > 14 )
    return 0;
  if ( *(this[1] + 436 * a2 + 220) < 1 || *(this[1] + 436 * a2 + 220) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 224) < 0 || *(this[1] + 436 * a2 + 224) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 228) < 0 || *(this[1] + 436 * a2 + 228) > 2000000000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 232) < 1 || *(this[1] + 436 * a2 + 232) > 145 )
    return 0;
  if ( *(this[1] + 436 * a2 + 236) < 0 || *(this[1] + 436 * a2 + 236) > 12 )
    return 0;
  if ( *(this[1] + 436 * a2 + 240) < 1 || *(this[1] + 436 * a2 + 240) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 244) < 1 || *(this[1] + 436 * a2 + 244) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 248) < 1 || *(this[1] + 436 * a2 + 248) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 252) < 1 || *(this[1] + 436 * a2 + 252) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 256) < 1 || *(this[1] + 436 * a2 + 256) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 260) < 1 || *(this[1] + 436 * a2 + 260) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 264) < 1 || *(this[1] + 436 * a2 + 264) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 268) < 1 || *(this[1] + 436 * a2 + 268) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 272) < 1 || *(this[1] + 436 * a2 + 272) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 276) < 1 || *(this[1] + 436 * a2 + 276) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 280) < 1 || *(this[1] + 436 * a2 + 280) > 2 )
    return 0;
  if ( *(this[1] + 436 * a2 + 284) < 1 || *(this[1] + 436 * a2 + 284) > 3 )
    return 0;
  if ( *(this[1] + 436 * a2 + 288) < 0 || *(this[1] + 436 * a2 + 288) > 365 )
    return 0;
  if ( *(this[1] + 436 * a2 + 292) < 0 || *(this[1] + 436 * a2 + 292) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 296) < 0 || *(this[1] + 436 * a2 + 296) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 300) < 0 || *(this[1] + 436 * a2 + 300) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 304) < 0 || *(this[1] + 436 * a2 + 304) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 308) < 0 || *(this[1] + 436 * a2 + 308) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 312) < 0 || *(this[1] + 436 * a2 + 312) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 316) < 0 || *(this[1] + 436 * a2 + 316) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 320) < 0 || *(this[1] + 436 * a2 + 320) > 20000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 324) < 0 || *(this[1] + 436 * a2 + 324) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 328) < 0 || *(this[1] + 436 * a2 + 328) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 332) < 0 || *(this[1] + 436 * a2 + 332) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 336) < 0 || *(this[1] + 436 * a2 + 336) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) < 0 || *(this[1] + 436 * a2 + 340) > 16 )
    return 0;
  if ( *(this[1] + 436 * a2 + 344) < 0 || *(this[1] + 436 * a2 + 344) > 10000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 340) == 9 && (*(this[1] + 436 * a2 + 344) < 1 || *(this[1] + 436 * a2 + 344) > 3) )
    return 0;
  if ( *(this[1] + 436 * a2 + 348) < 0 || *(this[1] + 436 * a2 + 348) > 300 )
    return 0;
  if ( *(this[1] + 436 * a2 + 352) < 0 || *(this[1] + 436 * a2 + 352) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 356) < 0 || *(this[1] + 436 * a2 + 356) > 1000 )
    return 0;
  if ( *(this[1] + 436 * a2 + 360) < 0 || *(this[1] + 436 * a2 + 360) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 364) < 0 || *(this[1] + 436 * a2 + 364) > 100 )
    return 0;
  if ( *(this[1] + 436 * a2 + 368) < 0 || *(this[1] + 436 * a2 + 368) > 100 )
    return 0;
  for ( l = 0; l < 8; ++l )
  {
    if ( *(this[1] + 436 * a2 + 8 * l + 372) < 0 || *(this[1] + 436 * a2 + 8 * l + 372) > 300 )
      return 0;
    if ( *(this[1] + 436 * a2 + 8 * l + 376) < 0 || *(this[1] + 436 * a2 + 8 * l + 376) > 100 )
      return 0;
  }
  return 1;
}

BOOL CITEM::Init()
{
  BOOL result;
  DWORD nReadBytes;
  ITEM_INFO *tDATA;
  HANDLE hFile;
  int index01;
  int tNumWithXOR;
  int tDataNum;
  int tOffset;
  BYTE *tCompress;
  BYTE *tOriginal;
  DWORD tCompressSize;
  DWORD tOriginalSize;

  if ( mLanguage == 1 )
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\TR\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  else
    hFile = CreateFileA("G03_GDATA\\D01_GIMAGE2D\\005\\005_00002.IMG", 0x80000000, 1u, 0, 3u, 0x80u, 0);
  if ( hFile == INVALID_HANDLE_VALUE)
    return 0;
  if ( ReadFile(hFile, &tOriginalSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
  {
    tOriginal = GlobalAlloc(0, tOriginalSize);
    if ( tOriginal && ReadFile(hFile, &tCompressSize, 4, &nReadBytes, 0) && nReadBytes == 4 )
    {
      tCompress = GlobalAlloc(0, tCompressSize);
      if ( tCompress && ReadFile(hFile, tCompress, tCompressSize, &nReadBytes, 0) && nReadBytes == tCompressSize )
      {
        if ( CloseHandle(hFile) )
        {
          if ( CUTIL::Decompress(tCompressSize, tCompress, tOriginalSize, tOriginal) )
          {
            tNumWithXOR = 0;
            tOffset = 0;
            CopyMemory(&tNumWithXOR, tOriginal, 4);
            tDataNum = tNumWithXOR ^ 0x1CB3;
            tOffset = 67;
            if ( (tNumWithXOR ^ 0x1CB3) == 99999 )
            {
              tDATA = GlobalAlloc(0, 43599564);
              if ( tDATA )
              {
                CopyMemory(tDATA, &tOriginal[tOffset], 436 * tDataNum);
                GlobalFree(tCompress);
                GlobalFree(tOriginal);
                mDataNum = tDataNum;
                mDATA = tDATA;
                for ( index01 = 0; index01 < mDataNum; index01++ )
                {
                  if ( !CITEM::CheckValidElement(index01) )
                    return 0;
                }
                result = 1;
              }
              else
              {
                result = 0;
              }
            }
            else
            {
              result = 0;
            }
          }
          else
          {
            result = 0;
          }
        }
        else
        {
          result = 0;
        }
      }
      else
      {
        CloseHandle(hFile);
        result = 0;
      }
    }
    else
    {
      CloseHandle(hFile);
      result = 0;
    }
  }
  else
  {
    CloseHandle(hFile);
    result = 0;
  }
  return result;
}

thanks for everything