Best approach for Reverse engineering

fstarred · 02 September 2023, 14:52

Hello,

I was trying doing some modifications on old games just for fun.
To accomplish this job my purpose was to load the main module object with LoadSeg function (for DOS games) and then apply my changes before the JMP.
I noticed some games fails to load even with this method even without doing any changes (so basically after getting the VBR address on A0 I do the JMP 4(A0).)

What is the best approach for you to see what's going on underneath?

I spent many hours trying to match differences between my disk and the original using Winuae debugging while loading the game, but I have not idea at them moment.
Still I don't know a good approach on how to disassemble directly the content of the disk (unless there's some kind of compression which prevent to read it).

Any hint would be appreciated.
Thank you

kamelito · 02 September 2023, 15:25

I guess you have to start with the loader being custom or doio the if crunched break before the execution analyze code and so on, quite a tedious job if you ask me. If the game is loaded in one part in memory then no other data’s are loaded or save then you could break before execution then save the memory using WinUAE debugger. I’m pretty sure there is tutorials online to crack mm some game with enough explanations for you to start.

StingRay · 02 September 2023, 16:35

Quote:

Originally Posted by fstarred

(so basically after getting the VBR address on A0 I do the JMP 4(A0).)

What do you need the VBR address for when patching DOS games?

fstarred · 02 September 2023, 18:18

Quote:

Originally Posted by StingRay

What do you need the VBR address for when patching DOS games?

Sorry it was a typo, I mean BTPR of a file instead

phx · 02 September 2023, 22:48

Quote:

Originally Posted by fstarred

To accomplish this job my purpose was to load the main module object with LoadSeg function (for DOS games) and then apply my changes before the JMP.

I would use a reassembler. Then analyze and change the source text.

Quote:

I noticed some games fails to load even with this method even without doing any changes (so basically after getting the VBR address on A0 I do the JMP 4(A0).)

Maybe the program has a startup-code, which expects A0 to point to the command line, with command line length in D0? Or it doesn't like to be launched within your current process. Try CreateProc() with the seglist?

Quote:

Still I don't know a good approach on how to disassemble directly the content of the disk

What do you mean? An NDOS disk, with a trackloader started out of the boot block? Then you start with disassembling the boot block, as Kamelito already pointed out.

Galahad/FLT · 02 September 2023, 23:18

A0 and D0 on entry into to an AmigaDOS compliant program are reserved for "Arguments" after the program name.

A0 = Pointer to text, and D0 = Size of text

If the game or program uses these, you can't corrupt them.

02 September 2023, 14:52	#1
fstarred Registered User Join Date: Mar 2018 Location: Rome Posts: 173	Best approach for Reverse engineering Hello, I was trying doing some modifications on old games just for fun. To accomplish this job my purpose was to load the main module object with LoadSeg function (for DOS games) and then apply my changes before the JMP. I noticed some games fails to load even with this method even without doing any changes (so basically after getting the VBR address on A0 I do the JMP 4(A0).) What is the best approach for you to see what's going on underneath? I spent many hours trying to match differences between my disk and the original using Winuae debugging while loading the game, but I have not idea at them moment. Still I don't know a good approach on how to disassemble directly the content of the disk (unless there's some kind of compression which prevent to read it). Any hint would be appreciated. Thank you

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Gods reverse engineering	Kroah	Retrogaming General Discussion	127	27 February 2023 14:46
Megatraveller 1 reverse engineering	TreacleWench	Coders. General	12	18 May 2020 12:46
Reverse engineering wiki	copse	Coders. General	10	02 March 2020 09:48
Reverse engineering from an executable	bloodline	Coders. General	13	20 August 2017 08:50
Captive 2 reverse engineering	copse	Coders. General	2	19 August 2015 21:08

02 September 2023, 15:25	#2
kamelito Zone Friend Join Date: May 2006 Location: France Posts: 1,801	I guess you have to start with the loader being custom or doio the if crunched break before the execution analyze code and so on, quite a tedious job if you ask me. If the game is loaded in one part in memory then no other data’s are loaded or save then you could break before execution then save the memory using WinUAE debugger. I’m pretty sure there is tutorials online to crack mm some game with enough explanations for you to start.

02 September 2023, 23:18	#6
Galahad/FLT Going nowhere Join Date: Oct 2001 Location: United Kingdom Age: 50 Posts: 8,994	A0 and D0 on entry into to an AmigaDOS compliant program are reserved for "Arguments" after the program name. A0 = Pointer to text, and D0 = Size of text If the game or program uses these, you can't corrupt them.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)