Working with multiple modules when reversing

[maktm]

Hi,

So I have a game (Crysis 2 Beta) and unlike the release version where the modules are all merged into one executable, they decided to compile each DLL separately (instead of statically linking it/just coding it in) and load it from the main executable. So it looks something like this:

iHcdFfP.png

Now when I want to xref something in OllyDbg the function can end up in any of the modules so to look back in IDA I would have to open another instance for the separate module to look at the function. Totally this is > 9 instances and I can't do this without it being utterly time consuming. What I wanted to do is merge all the DLLs together and I first encountered this :

http://www.hexblog.com/?p=6

After I downloaded the script and tried to execute it (in IDA 6.5) it failed and told me the exact line so I commented it out and it sort of worked. Now I come across this error :

i1Oha0D.png

After this error pops up a portion of the DLL is added and the rest is not. Judging from the error, the script cannot find one of the structures in the PE file format and thus was unable to load in everything else.

Another thing I tried was OllyDumpEx, but it was never meant for dumping all the modules of a process together to make up one executable.


Any suggestions/ideas would be helpful.

Thanks

[Deathway]

Well, even if you manage to create a single non-DLL executable, you may find inner security issues, some scripts don't relocate correctly resource sections (some DLLs have) and other internal data.

[Stitch]

I can't see the images, please upload to imgur or other image web hosting.