Bad idea: build a captcha library that embeds DOSBox so it can make you beat levels/puzzles from DOS games to continue.
-
this may seem "boring" and "mundane" and "how debuggers always work?" but just imagine you have lost that simple ability to compare code between the two programs?
that is the horror of 16bit segmented code
-
I've been doing too much GBA reverse engineering. I saw a 32bit pointer starting with 0x02 and tried to remember if that was on-cartridge RAM.
this is a /windows/ program. on windows 10.
THERE ARE NO CARTRIDGES!
-
now let me copy this program onto this SD card in my laptop's built-in SD card reader
-
Jason Parker (he/they)replied to Foone🏳️⚧️ last edited by
@foone but what if there were cartridges?
-
Foone🏳️⚧️replied to Jason Parker (he/they) last edited by
@north this thought experiment gave us the IBM PCjr, which was a massive flop.
-
@foone couldn't have written a little script to write that for them? or do you think they actually copy pasted that out by hand?
-
@Canageek probably a macro in their compiler. little scripts are rarer then, but possibly?
-
yeah this is some windows 3.x-ass code. They definitely recompiled it as 32bit and did all the changes that required, but the general feel of the code is that it's 3.x code, with how it handles most things.
-
WHAT IN THE BORLAND TURBO C PLUS PLUS IS GOING ON HERE?
-
Ghidra is better at reversing MSVC-style arguments than Borland-style. Makes sense. Probably not a lot of Evil Malware written in Borland Turbo C++ these days
-
What happened: I'm looking at a function that's clearly a strcmp of some kind. It seems to compare against a length, so... strncmp? looks like it, except it takes FOUR ARGUMENTS?! what could this be?
I look at several variants of strncmp to see if there's a 4-argument version, then give up and look back at ghidra's decompilation: it never uses argument 1.
-
there's some nonsense going on here with pascal calling convention but I think I'm too tired already to figure out the exact details well enough to explain it.
-
but the bottom line is that it's not a 4-argument function, it's a 3-argument function. the decompiler just didn't get the calling convention exactly right.
-
so I live another day, safe from the horror that is the 4-argument strcmp.
what does it do? how does it work? I don't want to know.
-
Foone🏳️⚧️replied to Foone🏳️⚧️ last edited by [email protected]
I figured out the hypothetical 4-argument strcmp:
it's a locale-specific strnnicmp.That's stricmp (compare insensitively) and also strncmp (compare only the first n characters), but with TWO LENGTHS! Why? To compare two strings of different lengths, case-insensitively.
-
and you might say "why would you compare two strings you know are of different lengths, of course they're not equal"
Well, if the compare is case insensitive, they might still match... in a german locale!
-
To greatly oversimplify, the german letter "ß" is lowercase, and in uppercase you write it "SS".
So if you have two strings, one reading "straße" and one reading "STRASSE", they are different lengths (6 vs 7), but case insensitively comparing them should return a match.
-
Try it out on your local javascript console:
>> "Straße".length
6
>> "Straße".toUpperCase().length
7 -
so yeah hypothetically if you had a version of stricmp that was strncmp and compared two strings of different length, this might still be a match, if your locale treated the German Eszett this way.
-
enough writing about FICTIONAL C LIBRARY FUNCTIONS, what the hell writing brain, let's get back to reverse engineering