Rebuilding the dictionary

Atvaark / BinderTool

Dark Souls II / Dark Souls III / Bloodborne / Elden Ring bdt, bhd, bnd, dcx, tpf, fmg and param unpacking tool

MIT License

310 stars 50 forks source link

Rebuilding the dictionary #4

Closed Atvaark closed 8 years ago

Atvaark commented 8 years ago

In order to get some more useful file names the dictionary has to be rebuild.

In DSII I obtained most file names by injecting a DLL into the game that hooked the file name hashing function (See Dark-Souls-II-Mod-Loader). In DSIII the file name hashing function appears to be inlined in lots of places (search for the following instruction: imul *, 137) which makes this painful to implement.

Atvaark commented 8 years ago

I managed to obtain the names of many files that get loaded before the into sequence. But the script I'm using is crashing a few seconds into the intro demo.

If anyone wants to help: if you break on execution of this instruction 000000014655ACC7 (DarkSousII.exe 1.3.1.0), then the RDX register points to the file name prefixed with the archive (e.g. data1:/shader/gxshader.shaderbnd.dcx) and the RSI register points to the file name (e.g. shader:/gxffxshader.shaderbnd.dcx).

Atvaark commented 8 years ago

I'll add some more file names in v0.4.1. The current method I use (an x64dbg script) is slow and causes access violations for some reason.

Atvaark commented 8 years ago

I found the substitution table that is used to prefix the file names (e.g. shader:/gxffxshader.shaderbnd.dcx -> data1:/shader/gxffxshader.shaderbnd.dcx) This will add some more file names that work while also reducing the potential hash collisions.
A new DLL I wrote can hook and access the file names. Now I only have to dump these names to a log file (~~and don't crash the game while doing this~~) The game ran longer than 1h without crashing,

Edit: I've attached the DLL if anyonce wants to log some file names. (Only works with DSIII 1.3.1.0 and Visual C++ Redistributable for Visual Studio 2015 at the moment.) Running it will write all file names it finds to a file called hash.log.

dinput8.zip

Atvaark commented 8 years ago

With a little help by Nyxo there are now just 499 files or 3,95% without names.

The majority of them are .entryfilelist in Data5.bdt. These all have the format entryfilelist:/%s.entryfilelist with %s being an Id. These are the Id patterns that Nyxo and I both checked:

eXXXXXXX with X being a number

I found some more patterns that I'll check later today.