John Hammond Interviews Nathan Bags on Reverse Engineering and Game Preservation

In this video, John Hammond interviews Nathan Bags, a professional software engineer and YouTube content creator specializing in reverse engineering and cybersecurity. Nathan shares his journey and current projects, including his efforts to preserve old video games by making them compatible with modern operating systems. Nathan begins by explaining his interest in reverse engineering, particularly for video games from his childhood. He mentions that his YouTube channel, launched three years ago, initially gained popularity with a video comparing C++ and assembly language, which reached 800,000 views. Since then, he has diversified his content to include topics such as security, game hacking, mods, and reverse engineering. One of Nathan's recent projects involves the game "Discworld Noir," a point-and-click adventure game based on Terry Pratchett's novels. The game, released in the late 90s, does not run correctly on Windows 11 due to differences in Windows versions. Nathan explains how he approaches this type of problem using reverse engineering techniques to understand and fix incompatibilities. Nathan demonstrates his reverse engineering process in real-time, using tools like x64dbg and Ghidra. He starts by analyzing the game's executable file, which is protected by a DRM called SafeDisc. This DRM uses anti-debugging techniques to prevent code analysis. Nathan explains how he bypasses these protections using techniques such as binary patching and process injection. One of the anti-debugging techniques used by the game is the insertion of numerous jump instructions to make the code difficult to analyze. Nathan has developed a custom tool to detect and remove these jump instructions, making the code more readable. He also shows how the game uses hardware interrupts to detect the presence of a debugger and how he bypasses this protection. Nathan explains how the game uses specific Windows data structures, such as the Thread Environment Block (TEB) and Process Environment Block (PEB), to check for the presence of a debugger. He demonstrates how he bypasses these checks by modifying the values of these structures in memory. Finally, Nathan discusses the importance of preserving old video games and the satisfaction he feels when receiving thank-you messages from users whose games work again thanks to his efforts. He also mentions his future projects, including continuing his work to make old games compatible with modern systems. To learn more about Nathan's projects and follow his reverse engineering adventures, you can visit his YouTube channel and follow his live streams.