# 15 — Ranked Extraction Pipeline Apply in order. Stop at the first rank that yields a clean `.gmd`. ## Rank 1 — Native Backup Recovery **Method**: Forensic disk scan for `.gb1`–`.gb9` on developer's hardware / backups. Rename to `.gmd`. Open in 5.3a IDE or [LateralGM](11-tool-lateralgm.md). **Pros**: Zero data loss. No crypto. Original variable names, comments, formatting all preserved. **Cons**: Requires access to developer-side storage. **Use when**: Any chance of accessing original dev environment. → [14-gb1-backups](14-gb1-backups.md) --- ## Rank 2 — Static Algorithmic Decompilation **Tool**: [GM Decompiler v2.1](10-tool-gm-decompiler-v21.md) (`gmdecompiler_v2_1.jar`) **Method**: Reads target `.exe` from disk only. Locates EOF payload offset. Mathematically derives static XOR key. Writes clean `.gmd`. **Pros**: Safe (no execution → no malware risk). Cross-platform. Automatable. **Cons**: Defeated by outer packers (UPX, custom anti-tamper). **Use when**: Untrusted binary; non-Windows host; CI / batch needed. → [10-tool-gm-decompiler-v21](10-tool-gm-decompiler-v21.md) --- ## Rank 3 — Dynamic Memory Injection **Tool**: [GMD-Recovery](09-tool-gmd-recovery.md) by VBGAMER45 **Method**: Run target `.exe` in **sandboxed Windows XP VM**. Attach process. Hook memory. Calculate base address. Brute-force XOR key from decrypted RAM state. Write clean `.gmd`. **Pros**: Bypasses outer packers (UPX) — the runner unpacks itself for you. **Cons**: Invasive. Requires execution of untrusted code. Requires WinXP. **Use when**: Static decompilation failed due to packing. → [09-tool-gmd-recovery](09-tool-gmd-recovery.md) · [02-encryption](02-encryption.md) --- ## Rank 4 — Raw Resource Carving **Tools**: GMD-Recovery's "Bmp Extractor" + "Wav Extractor", or any hex editor. **Method**: Scan executable / memory dump for file magic headers (`52 49 46 46` = WAV, `42 4D` = BMP, `89 50 4E 47` = PNG, etc.). Extract raw byte ranges following each header. **Pros**: Always recovers *something* even from catastrophically corrupt binaries. **Cons**: **Total loss** of GML scripts, room layouts, object logic, variables, DnD actions. Assets only. **Use when**: All structured methods failed and you need the art / audio at minimum. --- ## Decision flow ``` Have access to dev machine? ──yes──> Rank 1 (.gb1 scan) │ no ▼ Untrusted binary OR no WinXP? ──yes──> Rank 2 (static) │ no / Rank 2 failed ▼ .exe packed (UPX etc)? ─────yes──────> Rank 3 (dynamic in XP VM) │ no / Rank 3 failed ▼ Catastrophic corruption ────────────> Rank 4 (raw carving) ``` ## After successful extraction - Validate by opening `.gmd` in [LateralGM](11-tool-lateralgm.md). - Optionally explode to VCS-friendly tree using [GmkSplitter pattern](12-tool-gmksplitter.md). - For project-specific formats encountered in extracted GML, see [16-bno-bnb-notes](16-bno-bnb-notes.md). ## See also - [00-overview](00-overview.md) - [13-modern-tool-incompat](13-modern-tool-incompat.md) — what NOT to try