I don't know if I'm weird or if it's just normal to get random reverse engineering urges.
-
either ghidra's set-register doesn't work or I don't understand what it's doing
-
uh-oh.
after loading the file, it calls two functions. One seems to just be shoving it into memory, but the other shows up as blank, and instant ret.
That smells like dynamic code loading and I don't like that
-
16bit assembly is so silly.
You enter a function and step one is you make a pointer to 2, and then increment from there -
the calling code changes the data segment to one just used for your specific buffer, so you don't need a pointer, it's just in the implicit state of the processor. you just work from 2
-
okay I haven't checked against the actual output (since I haven't gotten the actual output yet) but I think this isn't huffman, it's not even regular RLE, it's Very Simple RLE: You can represent all bytes 00-7F normally, but if the high bit is set, it instead means "repeat this many zeros"
-
so 44 82 44 turns into 44 00 00 44
-
the files have a 2 byte header that's ignored and not checked, then a number of things.
those things are 6-byte chunks that get copied into the buffer above 0x1427. No idea why yet. -
It seems the way the function works that it's passed a buffer as DS, then it loads the file starting from address 0, and writes that into 0x2CEF and up That's 11k into the buffer, so well above any real file.
-
okay I'm following through the decompress loading A3.ARE. I can see in the data segment we've got the data in the file, but up at 2CEF? all zeros. now if I wait for this function to return, that should get filled out
-
NOPE I'm completely wrong. They've got ES and DS pointing at different segments.
2CEF is the start (I guess?) of the output buffer, in a different segment -
Foone🏳️⚧️replied to Foone🏳️⚧️ last edited by [email protected]
there's some values over 0x80 in the decompressed out so I think I'm misunderstanding the decompression
-
I wonder of those 6-byte chunks are objects? like, x-pos, y-pos, z-pos, look up object ID in the CMP file?
-
the game hangs if you try to copy the wrong .ARE file into the place, so I suspect there's some internal location references or something that break
-
so when the game launches it asks me what video mode I want (Hercules, CGA, Tandy/Amstrad, or VGA) and then asks me to insert the data disk. This is not fun, since I always give it the same answers. So let's fix that
-
the what video mode do you want? string starts at 1000:6648 and it's referenced from... nowhere. or so ghidra thinks.
-
so lets instead search the whole program for the scalar 6648 and OH LOOK IT'S REFERENCED AFTER ALL
-
ghidra: I know decompilers that understand segments and they're all cowards
-
okay so video mode hercules is actually CGA but with a flag set.
-
weird.
it stores the video mode selected (1-3) in 1000:912d, then stores the video mode TIMES TWO in 1000:912e and 1000:6646 -
why bother using the DOS api for changing interrupt handlers, when you can just address segment zero? WHY NOT INDEED, ECHELON?