I don't know if I'm weird or if it's just normal to get random reverse engineering urges.
-
Foone🏳️⚧️replied to Foone🏳️⚧️ last edited by [email protected]
there's some values over 0x80 in the decompressed out so I think I'm misunderstanding the decompression
-
I wonder of those 6-byte chunks are objects? like, x-pos, y-pos, z-pos, look up object ID in the CMP file?
-
the game hangs if you try to copy the wrong .ARE file into the place, so I suspect there's some internal location references or something that break
-
so when the game launches it asks me what video mode I want (Hercules, CGA, Tandy/Amstrad, or VGA) and then asks me to insert the data disk. This is not fun, since I always give it the same answers. So let's fix that
-
the what video mode do you want? string starts at 1000:6648 and it's referenced from... nowhere. or so ghidra thinks.
-
so lets instead search the whole program for the scalar 6648 and OH LOOK IT'S REFERENCED AFTER ALL
-
ghidra: I know decompilers that understand segments and they're all cowards
-
okay so video mode hercules is actually CGA but with a flag set.
-
weird.
it stores the video mode selected (1-3) in 1000:912d, then stores the video mode TIMES TWO in 1000:912e and 1000:6646 -
why bother using the DOS api for changing interrupt handlers, when you can just address segment zero? WHY NOT INDEED, ECHELON?
-
at least they remembered to call CLI first
-
I think they're dynamically loading code and stuffing it into the tick handler
-
the best place to stick dynamically loaded code: INSIDE AN INTERRUPT HANDLER
-
I need to turn my patching shit form Super Solvers Gizmos & Gadgets into a generic thing I can use on any game. That'd be sweet
-
anyway for now I can just skip the disk swap check by patching out CALL DiskSwapCheck, since it has no side-effects.
The video mode check unfortunately does, so I gotta leave it in but hack it to think I said "VGA" -
patch 0xDF0A with 90 90 90 to skip disk check
patch 0xE2BF with C6 C0 33 90 90 90 to skip video check. 33=VGA, 32=Tandy/Amstrad, 31=CGA, 68=Hercules -
I think this was written with a macro assembler by someone who loved macros.
Like there's a lot of times where the code would be like
LEA EAX, SomeString
CALL PRINTFin a saner world, but instead there's a loop that uses global memory addresses and calls the BIOS TELETYPE OUTPUT call letter by letter. and that loop appears in every function that needs to do printf()
-
I guess it's puts(), not printf
But yeah. It doesn't feel like an inlined function, it's just a macro
-
the way ghidra handles interrupts is profoundly broken and someone needs to fix it. someone might have already, I just haven't installed that incomplete dos loader
-
@foone Does 32-bit DOS with a DPMI use segments and overlays? It feels like it would be overkill since the whole idea was to get a 32-bit flat address space, unless you start doing weird stuff like unreal mode.
