This repository contains a script to import TDB Data from RE Engine games into Ghidra. It makes use of the il2cpp dumps generated by REFramework.

Usage

Prerequisites

• A memory dump of the game you're importing from:
  • Open the game
  • Open x64dbg.
  • In x64dbg, navigate to Plugins -> Scylla
  • Select the game from the process dropdown
  • Click on "IAT Autosearch"
  • Click "Dump"
• At least 16GB of RAM. Preferrably 32.
• Recommended: Close all resource hungry programs that take a lot of RAM and use your CPU a lot.

Note: It is recommended that you run this script before you run the auto-analysis in Ghidra. (See Step 8)

Running the script

1. Use REFramework to dump the SDK
2. Navigate to your ghidra installation directory. Right-click -> Edit on the ghidraRun.bat file.
3. Remove the :: from ::set MAXMEM=2G, and change 2G to at least 6G. That is the bare minimum. The speed of the script depends on the amount of memory you give ghidra. 6GB is a bare minimum and the script will run very slow with it. I recommend allocating at least 9GB. If you have 32GB of RAM I recommend giving it 16GB. That way it will run without issues.
   • Note that, more RAM =/= faster, but less RAM == slower.
   • Restart ghidra after doing this.
4. Download the latest org.json jar from here: https://github.com/stleary/JSON-java (Download is at the top of the readme) and put it into a folder that you can access later.
5. Open your ghidra project.
6. In the ghidra project manager, click on Edit -> Plugin Path. Then click "Add Jar" and select the jar you downloaded earlier.
7. Open your games binary in the code browser, click yes if it prompts you to auto-analyze. (If not, you can open the window via Analysis -> Auto Analyze...)
8. IMPORTANT: In the Auto-Analysis options page, deselect all options, then click "Apply", and then "Analyze".
9. Open the script manager in ghidra.
10. Click on the 3 horizontal lines icon in the top right of the window.
11. Click on the Green + icon and select the GhidraREFramework directory.
12. Find the IL2CPPDumpImporter script in the script manager and run it.
    • I recommend leaving the import filter set to snow/app/via/System. If you gave ghidra enough RAM (8GB+), the script should finish in anywhere between 3-10 minutes.
    • Also note that, the way the filter works, is that it will import every class that starts with the filter, and it will import as many classes as needed to fully construct those types, recursively.
    • The script will ask for an image base, usually 0x140000000 is fine for most games. Make sure it is correct however because if it is not, the script will not work.

Post Import

Depending on if you decided to run the post-import disassemble script or not, you might want to also let ghidra analyze the binary. If you do then you can use these options:

• ASCII Strings
• Create Address Tables
• Data Reference
• Function Start Search
• Reference
• Shared Return Calls
• Stack
• Subroutine References
• Windows x86 PE Exception Handling

The analysis should not take very long with these options.

Credits

• Stracker
  • Various improvements and additions
  • Making the script much faster
• Me :)