It loads the half-width version, then a few functions later, it's been replaced with a full-width version.
Strange!
=> View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
wait no, the colors are wrong... I bet I'm seeing it decompress the binary, but that's using the full width of the bytes. it then gets expanded out to a 16-color image.
=> More informations about this toot | More toots from foone@digipres.club
well the good news is that I think I've found the decompress_image function. the bad news is that now I have to reverse engineer it :(
=> More informations about this toot | More toots from foone@digipres.club
it's currently doing the obvious thing for a decompressor to do:
write the byte 04 every 69 bytes
=> More informations about this toot | More toots from foone@digipres.club
oh sweet jesus, that's the left two pixels of the image.
it's loading the image vertically!
at least it's top to bottom.
=> More informations about this toot | More toots from foone@digipres.club
yeah, doom did that too, but Doom was a 2.5D image that had to do pseudo-raycasting.
THIS GAME DOES NOT
=> More informations about this toot | More toots from foone@digipres.club
it allocates a 1024 byte buffer, then makes a pointer to the end of it, minus -0x42?
why would you need a link to the end of a new, freshly cleared buffer, minus 62?
=> More informations about this toot | More toots from foone@digipres.club
I think the memory allocation system here is that every malloc returns 2 extra bytes, which is a pointer to the previous block.
unless it's an odd number, in which case it's a free block. and pointer to the previous block, once you make it even again
=> More informations about this toot | More toots from foone@digipres.club
I hate dealing with the internals of memory allocation systems. I prefer to leave that to smarter people than me
=> More informations about this toot | More toots from foone@digipres.club
You see this little About dialog box? Guess how many times the DrawText function is called?
Once! and just to draw "Where in the World is Carmen Sandiego?".
The rest of the text is draw elsewhere, and I have no idea why.
=> More informations about this toot | More toots from foone@digipres.club
correction: it calls it once to draw "Where in the World is Carmen Sandiego?" but that's unrelated to the one on screen WHAT?
=> More informations about this toot | More toots from foone@digipres.club
Ahh, it's using a different version of the DrawFont call: DrawFontN
=> More informations about this toot | More toots from foone@digipres.club
the only problem with using Ghidra to hack children's games instead of, like, Serious Things like firmwares or malware or whatever, is sometimes you have to make a label named NUM_MOUNTAIN_CLIMBING_HINTS
=> More informations about this toot | More toots from foone@digipres.club
(the number of mountain climbing hints is 3, by the way)
=> More informations about this toot | More toots from foone@digipres.club
I think I accidentally hacked my debugger
=> More informations about this toot | More toots from foone@digipres.club
It has a surprisingly robust UI engine. I swapped from BoldFont to SmalFont and the menu adapted perfectly.
=> More informations about this toot | More toots from foone@digipres.club
The game loads the BoldFont first, then the SmallFont, then the NormalFont.
Annoyingly this isn't how they're laid out in memory:
It's SmallFont, then BoldFont, then NormalFont
=> More informations about this toot | More toots from foone@digipres.club
Weirdly, swapping the NormalFont for the SmallFont causes the printer text to be VERTICAL, for reasons I do not remotely understand!
=> More informations about this toot | More toots from foone@digipres.club
font_alloc = malloc(local_a);
if (font_alloc == (void *)0x0) {
font_alloc = (void *)0x0;
}
Ahh yes. remember, if you get a null pointer back from malloc(), make sure to set that variable to NULL so it won't be left as... NULL?
=> More informations about this toot | More toots from foone@digipres.club
The three fonts
=> More informations about this toot | More toots from foone@digipres.club
man, running on 4 hours of sleep is killing me.
I can't even remember the MS-DOS interrupt to open a file!
I know reading it is int 21 ah=3f, closing it is int 21 ah=3d, and I'll never forget that seeking is int 21 ah=42, but how do you open a file?
I mean, not the int 21 ax=6c00 way, that one is only for DOS 4.0+, and obviously a game released in 1990 isn't gonna use that.
=> More informations about this toot | More toots from foone@digipres.club
ahh, now that I've looked it up, it seems I was wrong!
closing isn't 3D, that's 3E! 3D is open!
no wonder I couldn't remember it, I had it confused with another call
=> More informations about this toot | More toots from foone@digipres.club
looking it up took less than 10 seconds, but that's 10 seconds I'll never get back.
=> More informations about this toot | More toots from foone@digipres.club
what the fuck do you mean that carmen.dat is opened on the first call to finish_draw_maybe()?
like, I know there's a "maybe" in that name, but it's not THAT big of a maybe.
=> More informations about this toot | More toots from foone@digipres.club
oh thank god, that was a bit of confusion from manually tracking stack frames.
it actually LoadDatFile, which makes a HELL of a lot more sense
=> More informations about this toot | More toots from foone@digipres.club
darn. Compiler Explorer doesn't support MS C Compiler 5.1 from 1988. Guess I gotta spin up an emulator again
=> More informations about this toot | More toots from foone@digipres.club
the annoying thing is that MS C Compiler 5.1 is the most mundane-ass DOS application. If I had a 32bit windows install rather than 64bit, it would probably just run natively on my system
=> More informations about this toot | More toots from foone@digipres.club
I'm gonna build an m.2 addon that's just a drop in x86 coprocessor. I know a lot of computers that could use an x86 processor these days.
=> More informations about this toot | More toots from foone@digipres.club
it's like a Super Game Boy, but for your PC! Plug in this extra hardware, and now your system is compatible with a ton more software!
=> More informations about this toot | More toots from foone@digipres.club
note to self: figure out how Ghidra fidb works, so I can apply it to MSC5.1 (which was sadly overlooked by the developers of ghidra)
=> More informations about this toot | More toots from foone@digipres.club
note to self:
maybe do it for everything MS-DOS.
=> More informations about this toot | More toots from foone@digipres.club
okay don't change that byte, GOT IT.
I think I failed to load the cursor, which caused it to corrupt the mouse cursor catastrophically
=> View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
a fun kind of reverse engineering tactic that I practice probably more than I should is a version of The Scream Test (which is the principle that the easiest way to find who "owns" a server is to turn it off and see who screams): if you don't know what some code does, break it. and see what screams.
=> More informations about this toot | More toots from foone@digipres.club
I think I may have found unused graphics for a feature that'd change the Acme Detective Agency at the beginning to be season-specific. There's summer, fall, winter, and spring variants, but the game seems to be hardcoded to summer
=> More informations about this toot | More toots from foone@digipres.club
no, this should be working. Hmm. Maybe they just missed one of the four images?
=> More informations about this toot | More toots from foone@digipres.club
nope! it's fully functional, based on the system date.
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | More toots from foone@digipres.club
I did a little looking into the contents of MIDISND.DAT
It's got 12 small tracks, and each of them is a valid MIDI file if you remove the first byte.
=> More informations about this toot | More toots from foone@digipres.club
heh. I was checking different near-death animations by overriding the randomness, so I had to tell my debugger to set AX to 0
guess which animation that is? The one with the AXe.
=> More informations about this toot | More toots from foone@digipres.club
why do they store the day of the week as a 16bit int?
future proofing in case the calendar gets updated and has more than 256 days in the week?
=> More informations about this toot | More toots from foone@digipres.club
I accidentally applied a patch backwards and put the detective to sleep, forever.
They're in Rome and they've just slept through about two months of nothing
=> More informations about this toot | More toots from foone@digipres.club
@foone other than the "Rome" part and the "nothing" part, same
=> More informations about this toot | More toots from dave_cochran@infosec.exchange
text/geminiThis content has been proxied by September (3851b).