Thanks to DragonGirl for link to an article about AMX code and its decompilation! Having a PAWN disassembler could be useful in finding out what's inside the default Pleo personality, so I did some digging for the tool. The home site for AMXReader is supposed to be:

http://wraith.techcore.org/amxreader/

but the link appears broken. The thing is still available at some other places, the one that I was able to get it from is:

http://www.daghost.xionize.com/files/amxdisassembler.zip

Some details:

- This is a C# project, both the sources and the EXE are included in the archive above;

- It is made to work with Half-Life plugins, NOT with Pleo. Presumably the format of AMX data
is the same or nearly the same, but some changes will definitely be needed to make the disassembler
extract code from inside Pleo personality files.

- The version is at least 1.5 years old; if there is a newer version out there, I couldn't find it.

I haven't actually tried to run or to modify the disassembler yet.

It looks to me that some of the people on this forum (AiboHack ?) already have a version of PAWN disassembler working with Pleo files, so it would be interesting to hear from them if a better alternative is already available:

http://www.aibohack.com/pleo/tech2.htm :

Here's an example of a re-sourced version of one of the 'tricks':

// trx_balance.p - Balancing trick
// re-sourced from AMX binary
...
_getprop(arg1)
{
return property_get(arg1);
}

Selective comments.
Also recommended is the 5 part series here: http://www.sourcemod.net/devlog/?p=59
Essentially it explains how you can read the assembler and try to guess/figure out exploits in games.

FWIW: I looked at the amxreader C# implementation, but ended up writing my own version (much simpler and more direct, and in C/C++). I also added a number of Pleo specific features. The number of PAWN opcodes used by Pleo is relatively small.
BTW: my disassembler can automatically handle most function calls, and has the smarts to name parameters based on type. Pawn is typeless, but the smart disassembler knows how the types are used. For example instead of "command_exec(12518, 0)" it will emit "command_exec(command_trx_balance, 0);"
The rest is in low level opcodes, which take a little practice to figure out, especially in long if/else or switch statements.
----
The Pawn logic for the default personality is relatively simple. As noted, it can be reverse engineered relatively easily. The logic is spread out over many AMX modules (currently 43).
Ideally UGOBE would consider releasing the original Pawn source to the personality so harder core hackers can play with it, and perhaps add useful additions using AMX overlays. Probably with a big caveat that it will change from version to version, no official support etc.

to PleoPet:

(The "the 5 part series here: http://www.sourcemod.net/devlog/?p=59" was just where I started looking.)

As to disassemblers: is there any chance to get hold of yours, either with or without sources, or is it a strictly in-house tool?

> As to disassemblers: is there any chance to get hold of yours, either with or without sources, or is it a strictly in-house tool?
Most of my stuff is open source/free source. Email me if interested (or unblock your email here).