Want to learn how to dissassemble games

02 November 2008, 19:07

Hi there,

I want to learn to disassemble games. Not for any great purpose, just to see how they tick and to do something during the cold wet months of winter.

I do know a bit of 68k assembly.

What I don't know is where to start.

I am assuming that the first place to look is the bootblock, but how do I look here and what should I be looking for?

bippym · 03 November 2008, 04:34

Hmmm.. It's not a quick and simple thing to try and explain

Personally I use WinUAE and action replay 3. I load the bootblock to an address (say $50000) and then I disassemble it with d $5001c or similar (the exact number escapes me).

I then see what the bootblock is doing, and if you are lucky it's reserving some memory, then loading the game-loader to an address and then jumping to it!

If you are unlucky.. well you'll see

Next you change the bootblock to loop on itself instead of JMP loader, correct checksum, write it back to disk and reboot!

Now when you enter the replay you can disassemble the JMP address and figure out what the loader is doing. Again if you are very lucky it's a single file game and like with bootblock you modify the loader to flash screen or something once loaded and then you can disassemble the game

Hope this is okay, i've simplified it greatly as I have just finished work and it's 3.30am

03 November 2008, 18:02

Cheers for that.

But still not sure How to do it.

How do you load the Bootblock to an address such as you say $50000? Thats what I'm looking to do. If I could see what the bootblock is doing then I might be able to figure out the rest myself, but I don't know anything about bootblocks.

Thanks

Keeks

Photon · 03 November 2008, 21:34

The single most important thing to remember is to follow each jump in the bootblock as the cpu would. Do not even look at code below a jump before you have ruled out that the branch is taken.

Then, look for "move something, offset(a1)" and calls to "offset(a6)" as a1 and a6 have the structure pointer to the trackdisk device and execbase, respectively. If you see this combo it is usually loading something with trackdisk.device. By learning the trackdisk structure (structure.doc by Kodiak), you know which sectors are loaded, and to where. Then you can load those sectors to the same place and disassemble from there (IF the loaded stuff is jumped to, otherwise not, see above

)

Learned this proper when I had to have a look at a game lately

Codetapper · 04 November 2008, 20:31

Far easier is to rip the bootblock with a utility like grab (grab Game.adf bootblock.bin first 1024) then just use the tool resource to disassemble it. No mucking around with memory allocations and you can comment and save your work as you go - which is good for a newbie that might need a few passes to work out what's going on.

04 November 2008, 20:47

Thanks for the replies. Much appreciated.

Where would I find the utility grab. I'm assuming it is CLI based utility?

Thanks again for the help

xaind · 06 November 2008, 04:32

Not sure where you can find grab. There's a vaguely-similar utility on aminet called GrabInFile. You don't need it though, resource (v6.06) comes with a "Disassemble BOOT sector" macro that pulls the data straight off the disk.

06 November 2008, 18:10

Cool guys.

Thanks for the help. Should have enough info now to get me started.

Thanks again

02 November 2008, 19:07	#1
Keeks Posts: n/a	Want to learn how to dissassemble games Hi there, I want to learn to disassemble games. Not for any great purpose, just to see how they tick and to do something during the cold wet months of winter. I do know a bit of 68k assembly. What I don't know is where to start. I am assuming that the first place to look is the bootblock, but how do I look here and what should I be looking for?

03 November 2008, 04:34	#2
bippym Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 37 Posts: 8,141	Hmmm.. It's not a quick and simple thing to try and explain Personally I use WinUAE and action replay 3. I load the bootblock to an address (say $50000) and then I disassemble it with d $5001c or similar (the exact number escapes me). I then see what the bootblock is doing, and if you are lucky it's reserving some memory, then loading the game-loader to an address and then jumping to it! If you are unlucky.. well you'll see Next you change the bootblock to loop on itself instead of JMP loader, correct checksum, write it back to disk and reboot! Now when you enter the replay you can disassemble the JMP address and figure out what the loader is doing. Again if you are very lucky it's a single file game and like with bootblock you modify the loader to flash screen or something once loaded and then you can disassemble the game Hope this is okay, i've simplified it greatly as I have just finished work and it's 3.30am __________________ Little Puddings Cakes - My fiancées hobby

03 November 2008, 21:34	#4
Photon Oldskool Demo Coder Join Date: Nov 2004 Location: Hult / Sweden Age: 41 Posts: 3,674	The single most important thing to remember is to follow each jump in the bootblock as the cpu would. Do not even look at code below a jump before you have ruled out that the branch is taken. Then, look for "move something, offset(a1)" and calls to "offset(a6)" as a1 and a6 have the structure pointer to the trackdisk device and execbase, respectively. If you see this combo it is usually loading something with trackdisk.device. By learning the trackdisk structure (structure.doc by Kodiak), you know which sectors are loaded, and to where. Then you can load those sectors to the same place and disassemble from there (IF the loaded stuff is jumped to, otherwise not, see above ) Learned this proper when I had to have a look at a game lately __________________ Henrik. Programs Amiga demos, iPhone apps, websites, etc. A1000/512k - A500 2.0/040@28/4M/.5M slowmem/8M/SCSI/CF - A600 portable II 3.1/ACA630/WiFi/CF - 'A1700' 3.1/68060@80/64M/IDE-Fix Express/CF - etc."The difference between PC and Amiga is that 10yo PCs are worth $0. 20yo Amigas are worth a lot, and Amigas that are only 15yo cost a fortune!" If you like Portal 2, try my >> single player and cooperation maps <<

06 November 2008, 04:32	#7
xaind Registered User Join Date: Apr 2006 Location: Sydney / Australia Posts: 95	Not sure where you can find grab. There's a vaguely-similar utility on aminet called GrabInFile. You don't need it though, resource (v6.06) comes with a "Disassemble BOOT sector" macro that pulls the data straight off the disk. Last edited by xaind; 06 November 2008 at 04:38. Reason: grammar, duh.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Wanting to learn Blitz Basic on real Amiga	Adropac2	request.Other	20	20 August 2008 07:30
How did you learn to program	bippym	Coders. General	80	01 April 2007 19:25
More boxed Amiga games and cd32 games! Also coverdisks and unboxed games!	Smiley	MarketPlace	12	20 July 2005 22:39
For Sale: Boxed Amiga games (still with receipts) and a metal A500+ case! (30+ games)	Smiley	MarketPlace	5	04 July 2005 23:03
A little lesson to learn about Pong	MethodGit	Retrogaming General Discussion	7	07 December 2001 13:03

03 November 2008, 18:02	#3
Keeks Posts: n/a	Cheers for that. But still not sure How to do it. How do you load the Bootblock to an address such as you say $50000? Thats what I'm looking to do. If I could see what the bootblock is doing then I might be able to figure out the rest myself, but I don't know anything about bootblocks. Thanks Keeks

04 November 2008, 20:31	#5
Codetapper Moderator Join Date: May 2001 Location: Auckland / New Zealand Age: 38 Posts: 2,465	Far easier is to rip the bootblock with a utility like grab (grab Game.adf bootblock.bin first 1024) then just use the tool resource to disassemble it. No mucking around with memory allocations and you can comment and save your work as you go - which is good for a newbie that might need a few passes to work out what's going on.

04 November 2008, 20:47	#6
Keeks Posts: n/a	Thanks for the replies. Much appreciated. Where would I find the utility grab. I'm assuming it is CLI based utility? Thanks again for the help

06 November 2008, 18:10	#8
Keeks Posts: n/a	Cool guys. Thanks for the help. Should have enough info now to get me started. Thanks again

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)