ghidra-scripts VS frida-gum

I've got no experience with reverse-engineering executables, but I got a bunch of code-like stuff showing up when I fed ULTIMA.EXE to Ghidra and told it to analyze it with all the flags set.

The whole game is written in C++ (game logic intertwined with graphics). Ghidra can help you deconstruct the game binaries, but you need to put in a GREAT great effort to even get a starting point. Cheat Engine has been successful for some purposes, including an AI enabling utility for multiplayer (use with great care!).

Ghidra: https://ghidra-sre.org/, https://github.com/NationalSecurityAgency/ghidra

What I think you’re talking about is reverse engineering. It’s basically taking a program and analysing the compiled code to attempt to find out how it works. It’s a fairly expansive topic, and fairly tricky to do but look at anything to do with Ghidra to get started.

Oh also just as an aside Ghidra is a really cool free tool developed by the NSA which can reverse engineer software by looking at its executable and recreating the C code from the instructions and static data within. It's another way to get familiarized with the relationship between C code and the instructions it compiles to.

There exist decompilers and other tools for helping make sense of assembly and that can automate some of the conversion back to higher level languages. In my brief involvement with Slippi I used Ghidra - a tool developed by the NSA, to do some of that kind of work, which I found a little amusing.

It's likely a binary file that's improperly being interpreted as Unicode by the text editor. If it's an executable file, you can use Ghidra to disassemble and analyze it. There may also be some interesting ASCII strings that would reveal its purpose. My guess is that it's a Windows version of Unix "tee" program which will write stdin to a file and stdout simultaneously.

On the other hand, this slick "Ghidra" webpage looks suspicious. It's probably written in Typescript on Electron!

LD_PRELOAD1, available as an environment variable, is a feature provided by dynamic linkers like ld.so that lets us load a shared library into a process before the process loads anything else. In our case, we use LD_PRELOAD to load mirrord-layer, which overrides libc functions with a custom implementation. By overriding file and socket functions, we can then transparently plug the process into the remote pod, having it read and write files and traffic remotely without changing a single line of code. Overriding these libc functions on different systems would have been a difficult task and this is where Frida-gum comes to save the day through its inline hooking interceptor.