I don't know if I'm weird or if it's just normal to get random reverse engineering urges.
-
16bit assembly is so silly.
You enter a function and step one is you make a pointer to 2, and then increment from there -
the calling code changes the data segment to one just used for your specific buffer, so you don't need a pointer, it's just in the implicit state of the processor. you just work from 2
-
okay I haven't checked against the actual output (since I haven't gotten the actual output yet) but I think this isn't huffman, it's not even regular RLE, it's Very Simple RLE: You can represent all bytes 00-7F normally, but if the high bit is set, it instead means "repeat this many zeros"
-
so 44 82 44 turns into 44 00 00 44
-
the files have a 2 byte header that's ignored and not checked, then a number of things.
those things are 6-byte chunks that get copied into the buffer above 0x1427. No idea why yet. -
It seems the way the function works that it's passed a buffer as DS, then it loads the file starting from address 0, and writes that into 0x2CEF and up That's 11k into the buffer, so well above any real file.
-
okay I'm following through the decompress loading A3.ARE. I can see in the data segment we've got the data in the file, but up at 2CEF? all zeros. now if I wait for this function to return, that should get filled out
-
NOPE I'm completely wrong. They've got ES and DS pointing at different segments.
2CEF is the start (I guess?) of the output buffer, in a different segment -
Foone🏳️⚧️replied to Foone🏳️⚧️ last edited by [email protected]
there's some values over 0x80 in the decompressed out so I think I'm misunderstanding the decompression
-
I wonder of those 6-byte chunks are objects? like, x-pos, y-pos, z-pos, look up object ID in the CMP file?
-
the game hangs if you try to copy the wrong .ARE file into the place, so I suspect there's some internal location references or something that break
-
so when the game launches it asks me what video mode I want (Hercules, CGA, Tandy/Amstrad, or VGA) and then asks me to insert the data disk. This is not fun, since I always give it the same answers. So let's fix that
-
the what video mode do you want? string starts at 1000:6648 and it's referenced from... nowhere. or so ghidra thinks.
-
so lets instead search the whole program for the scalar 6648 and OH LOOK IT'S REFERENCED AFTER ALL
-
ghidra: I know decompilers that understand segments and they're all cowards
-
okay so video mode hercules is actually CGA but with a flag set.
-
weird.
it stores the video mode selected (1-3) in 1000:912d, then stores the video mode TIMES TWO in 1000:912e and 1000:6646 -
why bother using the DOS api for changing interrupt handlers, when you can just address segment zero? WHY NOT INDEED, ECHELON?
-
at least they remembered to call CLI first
-
I think they're dynamically loading code and stuffing it into the tick handler