OELABOELA

Would this allow you to make the screensize smaller aswell?

I have hooked the function and dumped all of the .ini into new files that are actually readable now.

I will look into it. Any other hints you can give me on reversing tqplat? The dll seems scattered or obfuscated. For now only itemtype.dat. In the future I might need other files though.

I will share a few things with you. This is on the lastest patch of Conquer btw. I have been trying to decrypt the ItemType.dat. It seems they are still using some kind of 'key' to encrypt the data. The function can be found at sub_88C16Dthe key used is 0x2537. This function has 2 args, 1 is ecx (thisPtr to something I haven't been able to relate yet) and the other is the key. After the key has been set up, it calls the decrypt function, found at 0088C1CC. This function has 2 args, again the thisPtr and the path to the ini file. I have tried calling the TQPlat functions myself from within the process but I'm stuck at the this ptr. It seems to be retrieved from the stack, I tried putting a watchdog on it to see when it changes, but it is totally unrelated when it changes. To find out the args I hooked the setup and decrypt functions and printed them to the console: ECX: 1701844, Key: 9527 ECX: 1701844, a1: 1702584 54 6D EB 0 0 0 0 0 0 0 69 6E 69 2F 4D 61 70 44 65 73 ECX: 1702296, Key: 9527 ECX: 1702296, a1: 15500188 54 6D EB 0 0 0 0 0 0 0 69 6E 69 2F 72 75 6E 65 65 66 ECX: 1701272, Key: 9527 ECX: 1701272, a1: 15500344 54 6D EB 0 0 0 0 0 0 0 69 6E 69 2F 72 75 6E 65 5F 73 ECX: 1700508, Key: 9527 ECX: 1700508, a1: 368247984 54 6D EB 0 0 0 0 0 0 0 69 6E 69 2F 6D 61 67 69 63 74 ECX: 1700460, Key: 9527 ECX: 1700460, a1: 15346276 54 6D EB 0 0 0 0 0 0 0 69 6E 69 2F 78 75 61 6E 62 61 Top hex line is the ECX value, bottom hex line is the path. As you can see it starts with 69 6E 69 "ini".

Is the same process used for other .dat files? I'm actually working on that part as we speak and I could use a hint or two!