Native Generator

Tool for generating IDA scripts to aid in reverse-engineering of GTA 5.

Requirements

• IDA Pro
• Visual Studio 2015 or higher
• .NET Framework 4.0 or higher

Usage

This tool requires a dump file that is usually generated by the reverse engineer. It is not meant to read from an EXE or any game files. See below for how your dump file should be structured.

NOTE: I haven't implemented native hash translation yet, so it's likely you won't be able to generate for now. If you would like to help, please submit a pull request.

Options

• --lc: Generate lower-case native names.
• --py: Generate an IDAPython script instead of a regular IDA script.

File Format

ASCII

NOTE: The ASCII format is currently not implemented. The format below may be subject to change.

# NativeDump                        ; Magic (MUST be exactly as shown!)
.version <dump_version>             ; Dump version (as an integer)
[                                   ; Beginning of natives list
    <native_hash> <func_offset> ;   Native list entry (format may vary depending on version)
    <...>                           ;   MUST NOT be separated by commas or anything else besides a space.
]                                   ; End of natives list

• . is a reserved character for variable declarations.
• [ and ] indicate the beginning and end of the natives list, respectively.
• # is a comment line. Inline comments (e.g. $version 1 # the dump version) are not supported.
• 0x is the specifier used for hexadecimal notation. Natives in the list must begin with this to be parsed as hexadecimal.

Unlike the binary format, you don't need to follow a strict, sequential format. For example, you could do something like this:

# NativeDump
.version 191
.gta_build 323
[
    0xDEADBEEFF000BAA2 0xBADC0DE2
]
# Looks like Joe screwed up the exporter again...
.native_count 0

ASCII is much more flexible, but the filesize will definitely increase! Pick your poison wisely!

Binary

Binary dumps are simple files that must be in little-endian. For most purposes, version 1 dumps should suffice.

struct NativeDumpFile
{
    int32 magic = 0x5654414E; // 'NATV'
    int32 version;            // version of dump
    int32 native_count;       // number of dumped natives (MUST NOT include failed ones during native dump!)
    /*
        Depending on which version dump you are using, the natives list
        may or may not follow directly after the native count.

        For version 1 dumps, the list is directly after the count.
    */
    struct NativeEntry
    {
        int64 hash; // native hash
        int64 func_offset; // function offset in the EXE
    } natives[native_count]; // Native list size will be (native_count * sizeof(NativeTableEntry))
    /!*
        This space should NOT be used to store extra data.
    *!/
}

Contributing

Want to contribute to the project? Submit a pull request!

Please keep the following guidelines in mind:

• Use size 4 spaces. No tabs please.
• Try to keep code style consistent.
• Don't use anyone else's code without attributing them.

Special Thanks

• JohnnyCrazy -- For writing most of the original code in his NativeGenerator.