Here's what I want a tool to do:
I hit a breakpoint in the debugger, I turn it on, set another breakpoint, and hit go.
between those two breakpoints, every time a CALL instruction is hit, it dumps my selected memory region. If it's identical to the last dump, it's ignored.
At the end, each dump is rendered as an image, and the combined set are an animation I can scroll through.
=> More informations about this toot | More toots from foone@digipres.club
I need a higher order debugger. I'm doing too much shit manually
=> More informations about this toot | More toots from foone@digipres.club
GOT YOU, YOU SON OF A BITCH! I FOUND YOU.
=> More informations about this toot | More toots from foone@digipres.club
it's in a function I already found, temporarily named "blit_related".
I guess they don't decode the image until RIGHT before it needs to go up on the screen!
=> More informations about this toot | More toots from foone@digipres.club
if definitely decompresses and then blits the image as two parts, which aren't evenly sized, and it starts from the bottom
=> More informations about this toot | More toots from foone@digipres.club
I think they're just trying to keep their RAM usage down by not having both halves in memory at once
=> More informations about this toot | More toots from foone@digipres.club
wait is this image format vertically interlaced!?
=> More informations about this toot | More toots from foone@digipres.club
It loads the half-width version, then a few functions later, it's been replaced with a full-width version.
Strange!
=> View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
wait no, the colors are wrong... I bet I'm seeing it decompress the binary, but that's using the full width of the bytes. it then gets expanded out to a 16-color image.
=> More informations about this toot | More toots from foone@digipres.club
well the good news is that I think I've found the decompress_image function. the bad news is that now I have to reverse engineer it :(
=> More informations about this toot | More toots from foone@digipres.club
it's currently doing the obvious thing for a decompressor to do:
write the byte 04 every 69 bytes
=> More informations about this toot | More toots from foone@digipres.club
oh sweet jesus, that's the left two pixels of the image.
it's loading the image vertically!
at least it's top to bottom.
=> More informations about this toot | More toots from foone@digipres.club
yeah, doom did that too, but Doom was a 2.5D image that had to do pseudo-raycasting.
THIS GAME DOES NOT
=> More informations about this toot | More toots from foone@digipres.club
it allocates a 1024 byte buffer, then makes a pointer to the end of it, minus -0x42?
why would you need a link to the end of a new, freshly cleared buffer, minus 62?
=> More informations about this toot | More toots from foone@digipres.club
I think the memory allocation system here is that every malloc returns 2 extra bytes, which is a pointer to the previous block.
unless it's an odd number, in which case it's a free block. and pointer to the previous block, once you make it even again
=> More informations about this toot | More toots from foone@digipres.club
I hate dealing with the internals of memory allocation systems. I prefer to leave that to smarter people than me
=> More informations about this toot | More toots from foone@digipres.club
You see this little About dialog box? Guess how many times the DrawText function is called?
Once! and just to draw "Where in the World is Carmen Sandiego?".
The rest of the text is draw elsewhere, and I have no idea why.
=> More informations about this toot | More toots from foone@digipres.club
correction: it calls it once to draw "Where in the World is Carmen Sandiego?" but that's unrelated to the one on screen WHAT?
=> More informations about this toot | More toots from foone@digipres.club
Ahh, it's using a different version of the DrawFont call: DrawFontN
=> More informations about this toot | More toots from foone@digipres.club
the only problem with using Ghidra to hack children's games instead of, like, Serious Things like firmwares or malware or whatever, is sometimes you have to make a label named NUM_MOUNTAIN_CLIMBING_HINTS
=> More informations about this toot | More toots from foone@digipres.club
(the number of mountain climbing hints is 3, by the way)
=> More informations about this toot | More toots from foone@digipres.club
I think I accidentally hacked my debugger
=> More informations about this toot | More toots from foone@digipres.club
It has a surprisingly robust UI engine. I swapped from BoldFont to SmalFont and the menu adapted perfectly.
=> More informations about this toot | More toots from foone@digipres.club
The game loads the BoldFont first, then the SmallFont, then the NormalFont.
Annoyingly this isn't how they're laid out in memory:
It's SmallFont, then BoldFont, then NormalFont
=> More informations about this toot | More toots from foone@digipres.club
Weirdly, swapping the NormalFont for the SmallFont causes the printer text to be VERTICAL, for reasons I do not remotely understand!
=> More informations about this toot | More toots from foone@digipres.club
font_alloc = malloc(local_a);
if (font_alloc == (void *)0x0) {
font_alloc = (void *)0x0;
}
Ahh yes. remember, if you get a null pointer back from malloc(), make sure to set that variable to NULL so it won't be left as... NULL?
=> More informations about this toot | More toots from foone@digipres.club
The three fonts
=> More informations about this toot | More toots from foone@digipres.club
man, running on 4 hours of sleep is killing me.
I can't even remember the MS-DOS interrupt to open a file!
I know reading it is int 21 ah=3f, closing it is int 21 ah=3d, and I'll never forget that seeking is int 21 ah=42, but how do you open a file?
I mean, not the int 21 ax=6c00 way, that one is only for DOS 4.0+, and obviously a game released in 1990 isn't gonna use that.
=> More informations about this toot | More toots from foone@digipres.club
ahh, now that I've looked it up, it seems I was wrong!
closing isn't 3D, that's 3E! 3D is open!
no wonder I couldn't remember it, I had it confused with another call
=> More informations about this toot | More toots from foone@digipres.club
looking it up took less than 10 seconds, but that's 10 seconds I'll never get back.
=> More informations about this toot | More toots from foone@digipres.club
what the fuck do you mean that carmen.dat is opened on the first call to finish_draw_maybe()?
like, I know there's a "maybe" in that name, but it's not THAT big of a maybe.
=> More informations about this toot | More toots from foone@digipres.club
oh thank god, that was a bit of confusion from manually tracking stack frames.
it actually LoadDatFile, which makes a HELL of a lot more sense
=> More informations about this toot | More toots from foone@digipres.club
darn. Compiler Explorer doesn't support MS C Compiler 5.1 from 1988. Guess I gotta spin up an emulator again
=> More informations about this toot | More toots from foone@digipres.club
the annoying thing is that MS C Compiler 5.1 is the most mundane-ass DOS application. If I had a 32bit windows install rather than 64bit, it would probably just run natively on my system
=> More informations about this toot | More toots from foone@digipres.club
I'm gonna build an m.2 addon that's just a drop in x86 coprocessor. I know a lot of computers that could use an x86 processor these days.
=> More informations about this toot | More toots from foone@digipres.club
it's like a Super Game Boy, but for your PC! Plug in this extra hardware, and now your system is compatible with a ton more software!
=> More informations about this toot | More toots from foone@digipres.club
note to self: figure out how Ghidra fidb works, so I can apply it to MSC5.1 (which was sadly overlooked by the developers of ghidra)
=> More informations about this toot | More toots from foone@digipres.club
note to self:
maybe do it for everything MS-DOS.
=> More informations about this toot | More toots from foone@digipres.club
okay don't change that byte, GOT IT.
I think I failed to load the cursor, which caused it to corrupt the mouse cursor catastrophically
=> View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
a fun kind of reverse engineering tactic that I practice probably more than I should is a version of The Scream Test (which is the principle that the easiest way to find who "owns" a server is to turn it off and see who screams): if you don't know what some code does, break it. and see what screams.
=> More informations about this toot | More toots from foone@digipres.club
I think I may have found unused graphics for a feature that'd change the Acme Detective Agency at the beginning to be season-specific. There's summer, fall, winter, and spring variants, but the game seems to be hardcoded to summer
=> More informations about this toot | More toots from foone@digipres.club
no, this should be working. Hmm. Maybe they just missed one of the four images?
=> More informations about this toot | More toots from foone@digipres.club
nope! it's fully functional, based on the system date.
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
I did a little looking into the contents of MIDISND.DAT
It's got 12 small tracks, and each of them is a valid MIDI file if you remove the first byte.
=> More informations about this toot | More toots from foone@digipres.club
heh. I was checking different near-death animations by overriding the randomness, so I had to tell my debugger to set AX to 0
guess which animation that is? The one with the AXe.
=> More informations about this toot | More toots from foone@digipres.club
why do they store the day of the week as a 16bit int?
future proofing in case the calendar gets updated and has more than 256 days in the week?
=> More informations about this toot | More toots from foone@digipres.club
I accidentally applied a patch backwards and put the detective to sleep, forever.
They're in Rome and they've just slept through about two months of nothing
=> More informations about this toot | More toots from foone@digipres.club
patching 0x148C9 in the EXE to 90 90 will stop the clock advancing, so you now have Infinite Time to catch the culprit
=> More informations about this toot | More toots from foone@digipres.club
I finally figured out how it calculates travel times.
It's the difference in X coordinate between the two cities, plus the difference between the Y coordinate, plus one.
that quantity divided by 40, then has 2 added. if the result is over 7, it's set to 7.
Weird! that's not how you measure distance, Carmen.
=> More informations about this toot | More toots from foone@digipres.club
TODO: plot all the distances between all 30 cities and compare how inɐccurate this mess is
=> More informations about this toot | More toots from foone@digipres.club
also, it's the 90s, I can afford a sqrt().
I should fix it up for my version.
or use a squared lookup table. you could do this REAL easy by making it a table search: there's only 6 possible results: 2,3,4,5,6,7. each entry in the lookup table contains the maximum squared distance that can generate that number of hours
=> More informations about this toot | More toots from foone@digipres.club
here's all 30 city locations:https://gist.github.com/foone/0992517879877e0e995259d08a0941a7
it's currently way too 6am to do more calculations, though. I'll do that tomorrow
=> More informations about this toot | More toots from foone@digipres.club
Good news: @modulusshift did the calculations for me!
https://digipres.club/@modulusshift/113924878526681049
=> More informations about this toot | More toots from foone@digipres.club
I think that says that it doesn't matter much. The biggest error is in the biggest distances, which are all saturated to the max of 7-hours anyway.
=> More informations about this toot | More toots from foone@digipres.club
@foone Foone, you do the work of the angels. 🙏
=> More informations about this toot | More toots from philbetts@mastodon.social
@foone hey, longshot here, but in your fun have you run across a "getting close" cutscene where the flower pot (in like in the window) drops and crashes on the ground. I think it's supposed to signify a near miss of hitting you.
I remember it vividly from playing as a kid, but I've since watched playthroughs and scoured screenshots and I'm doubting my own memory.
=> More informations about this toot | More toots from tomasino@tilde.zone
@tomasino I've definitely seen that image, but I don't think it's in this version: There's only three "you're close" animations: A gun, a knife, and an axe.
=> More informations about this toot | More toots from foone@digipres.club
@foone Hey, you never know what’s going to be next for calendars after 2038!
=> More informations about this toot | More toots from billgoats@bitbang.social
@foone 256 days in a week seems enough.
I think a week sould be equivalent to a month should be equivalent to a year and everything should be 256 days. It would make dates handling far easier.
=> More informations about this toot | More toots from RonanLK@piaille.fr
@foone Cargo cult about register type/width and speed or experience with compiler shenanigans? When I tried to write a certain drawing routine optimized for a certain SH4AL CPU, it was faster to have a consistent variable typing because otherwise the compiler would insert zero/sign extension operands to adapt between 8/16 and 32 integer types.
=> More informations about this toot | More toots from Ronflaix@mastodon.gamedev.place
@Ronflaix @foone this is true on PowerPC with gcc as well. It’s not very good at reasoning about where it needs sign extension.
=> More informations about this toot | More toots from acsawdey@fosstodon.org
@foone Earth has 8 corners, simultaneous 28 day time cubed in only 7 day weeks. No 7 Day Gods.
=> More informations about this toot | More toots from drsbaitso@infosec.exchange
@foone Travelling salesman problem ahoy!
(I did my PhD in combinatorial optimisation...)
=> More informations about this toot | More toots from darkling@mstdn.social
@foone if it's 6am you mean you'll do it "later today?"
=> More informations about this toot | More toots from StompyRobot@mastodon.gamedev.place
@StompyRobot nah. I meant human days, which can only change when you sleep
=> More informations about this toot | More toots from foone@digipres.club
@foone heh. Humans.
=> More informations about this toot | More toots from StompyRobot@mastodon.gamedev.place
@StompyRobot "human" is in massive air quotes here, I'm not terribly human in the first place, but you know what I mean. The difference between lived experience and a clock.
=> More informations about this toot | More toots from foone@digipres.club
@foone well I'm a robot!
I'll allow "colloquial meaning of next day" though. Colloquial is such a useful word!
=> More informations about this toot | More toots from StompyRobot@mastodon.gamedev.place
@StompyRobot good point. "lived experience" doesn't exactly work if you're not technically alive.
=> More informations about this toot | More toots from foone@digipres.club
@foone I did it lol https://docs.google.com/spreadsheets/d/e/2PACX-1vTr5GBfUNkxzVN7RoAiMg081ihERAFs93oE_m_1dPj67IxG-pkMQ41zoVVDlK0DJQepfeRe3NcA-9z8/pubhtml
hope this answered any questions you had
=> More informations about this toot | More toots from modulusshift@digipres.club
@modulusshift Awesome, thanks!
=> More informations about this toot | More toots from foone@digipres.club
@foone why is that 'a' upside down!? The first one in "inaccurate"...
=> More informations about this toot | More toots from Scmbradley@mathstodon.xyz
@Scmbradley I fat-fingered my compose key, and compose-a-a is ɐ
=> More informations about this toot | More toots from foone@digipres.club
@foone If she's in Manhattan, it is. (Assuming she's on floor Z=2.)
=> More informations about this toot | More toots from felix@dom.ke
@foone I'm not sure travel time is really a function of distance?
=> More informations about this toot | More toots from fishidwardrobe@mastodon.me.uk
@foone saturating Manhattan :)
=> More informations about this toot | More toots from vmp_@mastodon.social
@foone
The government of Athens reports that Carmen Sandiego has stolen Pythagoras's Theorem!
=> More informations about this toot | More toots from MegaMichelle@a2mi.social
@foone Honestly, at this point sleeping through two months of nothing sounds like a life goal
=> More informations about this toot | More toots from frenshape@beige.party
@foone other than the "Rome" part and the "nothing" part, same
=> More informations about this toot | More toots from dave_cochran@infosec.exchange
@foone it will probably be trumps directive next week.
=> More informations about this toot | More toots from RueNahcMohr@infosec.exchange
@foone
Maybe for Uranus or Neptune, assuming they stick with 52 weeks, which seems unlikely.
=> More informations about this toot | More toots from cdamian@rls.social
@foone patch notes for v1.whatever: "game can now be configured to use julian dates in its internal logic, if you feel like that would be a fun thing to do or whatever, we guess"
=> More informations about this toot | More toots from dave_cochran@infosec.exchange
@foone Code hastily ported from a platform where it's simpler to work with 16bit words, so broderbund just stuck "int day;"?
=> More informations about this toot | More toots from dryak@mstdn.science
@foone the french republican calendar, but more radical
=> More informations about this toot | More toots from phooky@octodon.social
@foone Not me clicking one of the thumbnails to get a larger image, only to realize that these were of course full-sized already... 🤦♂️
=> More informations about this toot | More toots from rkarman@mastodon.world This content has been proxied by September (3851b).Proxy Information
text/gemini
