What do you do when a ten-year-old video game has a bug in it? If you are [ExileLord] you fix it, even if you don’t have the source code. Want to know how? Luckily, he produced a video showing all the details of how he tracked the bug down and fixed it. You can see the video below. You may or may not care about Guitar Hero, but the exercise of reverse engineering and patching the game is a great example of the tools and logic required to reverse engineer any binary software, especially a Windows binary.
The tool of choice is IDA, an interactive debugger and disassembler. The crash thows an exception and since [ExileLord] has done some work on the game before, he was able to find a function that was creating a screen element that eventually led to the crash.
By snooping around the virtual table, he figured out that the object that caused the crash. However, he also found that the object’s constructor had been obscured by a copy protection scheme. However, [ExileLord] was adept enough to overcome the obscuring code.
The problem arises because text objects are drawn from a preallocated pool. If the pool runs empty, there is no provision for creating more. The fix? There are several, but [ExileLord] just bumped up the pool’s initial size which is fine unless you break that limit, too.
If you want to try your hand at this kind of work and you don’t have IDA, you might start with an online disassembler tool. It isn’t as capable, but it does work. IDA is very capable, though, and we’ve seen it used before to good effect.