To actually inject bytecode into existing functions, we'll need to know where the jumps are to adjust offsets; however that is impossible to do without implementing a disassembler.
Implementing an UnrealScript disassembler is quite complicated since the instructions nest and vary in length. I've been reverse engineering VM opcodes but there are a lot that are unimplemented or very complex with their disassembly being hard to read or unclear as to what an opcode does.
Reversing an opcode means two things:
Determining its encoding
Determining what it does
Given how much more time the second point can take, doing the first without the second seems like a feasible idea to push the project forward.
It would also be nice to have a test suite for the disassembler, with code examples coming from real UnrealScript code, but that is a more far-fetched goal.
To actually inject bytecode into existing functions, we'll need to know where the jumps are to adjust offsets; however that is impossible to do without implementing a disassembler.
Implementing an UnrealScript disassembler is quite complicated since the instructions nest and vary in length. I've been reverse engineering VM opcodes but there are a lot that are unimplemented or very complex with their disassembly being hard to read or unclear as to what an opcode does.
Reversing an opcode means two things:
Given how much more time the second point can take, doing the first without the second seems like a feasible idea to push the project forward.
It would also be nice to have a test suite for the disassembler, with code examples coming from real UnrealScript code, but that is a more far-fetched goal.