alialidoust Posted April 10, 2017 Share Posted April 10, 2017 Hey guys!Lately I've been trying to analyze how much The Witcher 3 can be modded using the official mod kit and community tools.I managed to bring the old AsWing AS3 components into the game and wanted to generate a property sheet for every Witcher Script class so they can be modified from inside the game.But realized many crucial classes are not available to the scripting engine. I came to the conclusion that the available tools are not just *enough*. Witcher Script is limited in the number of classes available, and modifying game content requires too much time and countless [ build the content > run the game > check if it's working > fail ] loops. Also there isn't any cue that we're going to get the complete REDKit for The Witcher 3.Now I want to start something big (so big that somehow feels unreachable, at least for me), so before I spend countless hours on it, I want your opinions about it.The ProposalThe idea is to create an unofficial C++ SDK for the game. A library of c++ classes than can be used to create mods (and maybe editors/tools) for the game.As many of you might know, there is the ScriptHookV mod for GTA V that allows developers to call in-game functions, and there are countless mods that leverage that to modify the game workings. Hooking functions is not enough for The Witcher 3 and hooking complete class information is something completely different.Here is the process:We extract a definitions of classes, functions, and maybe other things from the game assembly. The engine can export an RTTI xml file that can be used as a base. We use the RTTI information and some reverse engineering to determine the classes, their properties and their methods. Writing some hooks to dump such information is also possible. The greatest problem here is finding out the number and types of inputs/outputs for the functions. My idea is to find and hook the constructors, then have a big hash table of address of every object created by the engine, and match register/stack info of the called functions with these addresses to determine the object types. I don't really know how feasible this thing really is. We generate a c++ shadow copy of each and every class that we have found. Maybe we can map the constructors to some factory functions. This part is mostly done with code generation, and it's probably the *easiest* part of the whole process. At game's startup we hook some functions, and using information collected with the hooks, we update our shadow classes and constructors to point to the actual game objects.There's a great deal of reverse engineering to be done here. I have good enough experience in dealing with assembly code in x64dbg, hooking game functions in c++, and using frida toolkit for creating foreign interfaces for binary code.I believe with collaboration, and given enough time, we can pull this thing off.So here are my questions from the community:Is it worth the effort? At the time it is done (hopefully), are there many keen modders who are going to use this SDK thingy? What are your opinions about the process overall? Does it miss a very important detail that is going to make this whole thing a failure? Do you think there is an alternative to get what we want from the game? Maybe hacking the Witcher Script compiler to allow more modifications, or something else? Is there any chance that CD Projekt would take down this project legally?And sorry for the long post. Link to comment Share on other sites More sharing options...
djkovrik Posted April 11, 2017 Share Posted April 11, 2017 Btw there is already some new unofficial toolset based on Sarcen's Mod Editor and it is being working on for a quite long time (you can find it on github). We extract a definitions of classes, functions, and maybe other things from the game assembly. The engine can export an RTTI xml file that can be used as a base. We use the RTTI information and some reverse engineering to determine the classes, their properties and their methods. Writing some hooks to dump such information is also possible. The greatest problem here is finding out the number and types of inputs/outputs for the functions. My idea is to find and hook the constructors, then have a big hash table of address of every object created by the engine, and match register/stack info of the called functions with these addresses to determine the object types. I don't really know how feasible this thing really is.As far as I remember, RTTI part was already done by some fellow witchers in w3 modding discord channel.p.s. Nexus forums is not the best place to discuss such stuff because a very few modders come here :smile: cdpr mod discussions subforum is a bit more alive. Link to comment Share on other sites More sharing options...
alialidoust Posted April 11, 2017 Author Share Posted April 11, 2017 Btw there is already some new unofficial toolset based on Sarcen's Mod Editor and it is being working on for a quite long time (you can find it on github). We extract a definitions of classes, functions, and maybe other things from the game assembly. The engine can export an RTTI xml file that can be used as a base. We use the RTTI information and some reverse engineering to determine the classes, their properties and their methods. Writing some hooks to dump such information is also possible. The greatest problem here is finding out the number and types of inputs/outputs for the functions. My idea is to find and hook the constructors, then have a big hash table of address of every object created by the engine, and match register/stack info of the called functions with these addresses to determine the object types. I don't really know how feasible this thing really is.As far as I remember, RTTI part was already done by some fellow witchers in w3 modding discord channel. p.s. Nexus forums is not the best place to discuss such stuff because a very few modders come here :smile: cdpr mod discussions subforum is a bit more alive. Thank you for the info, I will look up the github project and the RTTI stuff in the discord channel asap. Guess you're right, I'll move this thread to CDPR forums. Link to comment Share on other sites More sharing options...
Recommended Posts