Disassembling games for fun - Page 2

cosmicfrog · 01 May 2008, 18:58

any chance of zoneing ReSource 6.01, 6.06 packages?
mark pleas & thank you if u do

crabfists · 01 May 2008, 20:27

I got ReSource 6.06 from Codetapper's site. (Thanks Codetapper by the way)

http://www.codetapper.com/

crabfists · 02 May 2008, 09:34

Know what you mean about the custom chip flags. That is invaluable. Must be a way of setting IDA up to do that... I might have a fiddle around if I get a chance.

I'm getting the hang of ReSource now and quite liking it. Incidentally, I tried running it in Picasso96 mode in WinUAE so I could take advantage of the higher screen res to fit more text on the screen but all I got was a green screen. Anybody manged to run this in Picasso96 mode?

BippyM · 02 May 2008, 14:26

Quote:

Originally Posted by crabfists

Know what you mean about the custom chip flags. That is invaluable. Must be a way of setting IDA up to do that... I might have a fiddle around if I get a chance.

I'm getting the hang of ReSource now and quite liking it. Incidentally, I tried running it in Picasso96 mode in WinUAE so I could take advantage of the higher screen res to fit more text on the screen but all I got was a green screen. Anybody manged to run this in Picasso96 mode?

Attched is a pic of my tooltypes (Can't be bothered to copy them)

hope it helps

zenox98 · 02 May 2008, 18:36

Thanks bibbym. I had the same issue as crabfists, and it's the 'SYSRENDER=ON' that was needed. Cheers

BippyM · 02 May 2008, 19:22

no worries and it's BippyM

crabfists · 03 May 2008, 12:04

Thanks BippyM. Haven't tried ReSource in hi-res yet but I will do when I get a chance.

On the subject of disassembling games I came across this guy's site yesterday:

http://www.tomatarium.pwp.blueyonder...lfrontier.html

He's done a cross platform version of Frontier by disassembling the code, pulling out the OS calls and other hardware specific stuff and writing a program to convert 68000 asm to portable C. Interesting approach. The source code to the asm to c converter is there but I haven't looked at it yet.

Ironclaw · 03 May 2008, 15:21

Quote:

Originally Posted by bippym

no worries and it's BippyM

Not according to your registered name, which is bippym, no capital letters.

crabfists · 19 May 2008, 10:09

I'm still hacking away at this game but progress is quite slow at the minute as I try and work through what I think is the rob northen copylock loader in order to get to the game code. To teach me a little bit about removing copy protection and how WHDLoad works I am looking at the WHDLoad slave for the game to see how it patches it. I'm getting my head around how it patches it now but I'm trying to understand how using trap exceptions to jump to patched-in routines work.

Before the slave jumps to the game's code it loads a file from disk into memory, which I presume is the rnc loader (I've spotted trace vector decoder setup code and what I think is encrypted code), and patches a location within that file just loaded with a trap #15 instruction then sets up trap exception vector #15 like this:

Code:

 pea    patch_loader_1(pc)       
        move.l    (a7)+,$BC.W            ;; set as trap vector for trap #15

Then it jumps to the code it's just loaded. I've put a breakpoint on the line that executes the trap #15 and I was expecting it would jump directly to the patch_loader_1 routine but it doesn't, instead it jumps to another routine then that routine does an rts and then the patch_loader_1 routine is executed. My question is what is this other routine it jumps to first and why is it being executed on a trap instruction? I thought a trap #15 would jump directly to the routine set as the trap vector routine (eg patch_loader_1).

Also, I don't quite understand what the rnc code is doing (and I don't know if I need to to work it out to get to the game's code). The WHDLoad slave loads the rnc code to location $10000 but then the rnc code copies most of itself into location $50000 and jumps to there. Later on, when on the game title screen, if I look at location $10000 the rnc code does not exist any more. Why does it relocate itself like this? Why doesn't it just load itself directly to location $50000 in the first place?

I'm not really sure I should be getting bogged down in all this stuff. Is there an easy way to get to the game code without worrying about rnc code such as code encryption etc? Do I just need to see what files the patched loader is loading and then disassemble them after they have been decrunched?

Thanks in advance!

RedskullDC · 19 May 2008, 16:53

Hi Mark_K, et al.

Quote:

Originally Posted by mark_k

[I have original ReSource 4.x, 5.x and 6.01, 6.06 packages.] From memory, ReSource version 6 came with the same manual as version 5, which was not hugely different from versions 3 & 4. I don't think anyone has scanned the ReSource version 5 manual, but that might be worthwhile to do.
....

Zipped PDF of the Manual for V5/V6 is in the zone now.

Rather large, but nice and clear to read, especially the code examples.

Knock yourselves out!

Incidentally, IDA is very nice for a "one-size-fits-all" dissassembler, but ReSource V6.06 is definitely the go for serious Amiga work.

V6.06 still has several bugs, but nothing too drastic, these 2 immediately spring to mind:

1. Creates .w offsets for some .b type branches when near the +/-127/128 byte offset limits. Especially when branching ahead.

2. Creates incorrect word offsets when code with an offset in the relocation table resolves to an absolute location outside the HUNK that the relocation table belongs to.
(The apple2000 V1.3 emulator is a good example of this).
In reality, this is pretty hacky hand-assembly anyway. Doubt you would ever see a compiler produce such code.

Cheers,
Red

RedskullDC · 19 May 2008, 17:03

Quote:

Originally Posted by crabfists

Anybody manged to run this in Picasso96 mode?

Works fine on WinUAE using Picasso96 at any resolution.
Use it at 1680x1050 here

Do get a few screen artifacts on the requesters and menuitems, nothing to worry about however. Doesn't affect the program in any way.

Only works in 8-bit screenmodes though.

Red

crabfists · 20 May 2008, 00:14

Thanks very much for the ReSource manual RedSkullDC, that's very good of you.

crabfists · 22 May 2008, 16:37

Sorry to do this... but bumping this to ask if anybody has any hints regarding my questions above in post #29.

zenox98 · 23 May 2008, 12:01

Hi crabfists.

You will probably need to wait for one of the big guns to notice this thread, before you get an answer. I'm still new to Resource myself, so I'm no help

Toni Wilen · 23 May 2008, 12:05

Quote:

Then it jumps to the code it's just loaded. I've put a breakpoint on the line that executes the trap #15 and I was expecting it would jump directly to the patch_loader_1 routine but it doesn't, instead it jumps to another routine then that routine does an rts and then the patch_loader_1 routine is executed. My question is what is this other routine it jumps to first and why is it being executed on a trap instruction? I thought a trap #15 would jump directly to the routine set as the trap vector routine (eg patch_loader_1).

VBR moved? Afaik whdload by default moves vbr and "reroutes" exceptions back to VBR at address zero if it was "acceptable" exception. (or re-enables the system and puts dialog if something unexpected happened)

crabfists · 23 May 2008, 12:05

Thanks zenox98. You're right, I need to wait a bit and be more patient.

ps crapfists? he he

musashi5150 · 23 May 2008, 12:08

Quote:

Originally Posted by crabfists

ps crapfists? he he

I'm such a kid... that made me spit my coffee all over my keyboard

Wepl · 23 May 2008, 17:09

Quote:

Originally Posted by Toni Wilen

VBR moved? Afaik whdload by default moves vbr and "reroutes" exceptions back to VBR at address zero if it was "acceptable" exception. (or re-enables the system and puts dialog if something unexpected happened)

crabfists:
probably yes. it should be identifyable by the pc if you are in the game, slave or whdload.
still dont know which game you are working on....

RedskullDC · 23 May 2008, 17:09

Hi crabfists,

Quote:

Originally Posted by crabfists

Sorry to do this... but bumping this to ask if anybody has any hints regarding my questions above in post #29.

Need a bit more info to go on.

Can you save a resource disassem of the code region(s) in question
for us to have a look at?

Red

zenox98 · 23 May 2008, 19:12

Quote:

Originally Posted by crabfists

Thanks zenox98. You're right, I need to wait a bit and be more patient.

ps crapfists? he he

Sorry about that. I did notice later and changed your name back to how it should be

01 May 2008, 20:27	#22
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	I got ReSource 6.06 from Codetapper's site. (Thanks Codetapper by the way) http://www.codetapper.com/ Last edited by crabfists; 02 May 2008 at 09:33. Reason: change url

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Disassembling games to find out the game logic?	Jonathan Drain	Coders. General	14	20 November 2012 02:24
Disassembling resource	copse	Coders. General	1	02 April 2012 03:36
Amiga Games that were most fun	amiga_user	Retrogaming General Discussion	22	27 September 2011 18:51
Fun and games with the 68000!	h0ffman	Coders. General	4	28 February 2011 16:54
Idea: Fun & Games page	Jim	project.APoV	11	14 July 2004 17:49

01 May 2008, 18:58	#21
cosmicfrog The 1 who ribbits Join Date: Apr 2006 Location: leek, Staffs, UK Age: 56 Posts: 3,557	any chance of zoneing ReSource 6.01, 6.06 packages? mark pleas & thank you if u do

02 May 2008, 09:34	#23
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Know what you mean about the custom chip flags. That is invaluable. Must be a way of setting IDA up to do that... I might have a fiddle around if I get a chance. I'm getting the hang of ReSource now and quite liking it. Incidentally, I tried running it in Picasso96 mode in WinUAE so I could take advantage of the higher screen res to fit more text on the screen but all I got was a green screen. Anybody manged to run this in Picasso96 mode?

02 May 2008, 18:36	#25
zenox98 Joy Division Join Date: Nov 2006 Location: East Yorkshire Age: 60 Posts: 243	Thanks bibbym. I had the same issue as crabfists, and it's the 'SYSRENDER=ON' that was needed. Cheers

02 May 2008, 19:22	#26
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	no worries and it's BippyM

03 May 2008, 12:04	#27
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Thanks BippyM. Haven't tried ReSource in hi-res yet but I will do when I get a chance. On the subject of disassembling games I came across this guy's site yesterday: http://www.tomatarium.pwp.blueyonder...lfrontier.html He's done a cross platform version of Frontier by disassembling the code, pulling out the OS calls and other hardware specific stuff and writing a program to convert 68000 asm to portable C. Interesting approach. The source code to the asm to c converter is there but I haven't looked at it yet.

19 May 2008, 10:09	#29
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	I'm still hacking away at this game but progress is quite slow at the minute as I try and work through what I think is the rob northen copylock loader in order to get to the game code. To teach me a little bit about removing copy protection and how WHDLoad works I am looking at the WHDLoad slave for the game to see how it patches it. I'm getting my head around how it patches it now but I'm trying to understand how using trap exceptions to jump to patched-in routines work. Before the slave jumps to the game's code it loads a file from disk into memory, which I presume is the rnc loader (I've spotted trace vector decoder setup code and what I think is encrypted code), and patches a location within that file just loaded with a trap #15 instruction then sets up trap exception vector #15 like this: Code: pea patch_loader_1(pc) move.l (a7)+,$BC.W ;; set as trap vector for trap #15 Then it jumps to the code it's just loaded. I've put a breakpoint on the line that executes the trap #15 and I was expecting it would jump directly to the patch_loader_1 routine but it doesn't, instead it jumps to another routine then that routine does an rts and then the patch_loader_1 routine is executed. My question is what is this other routine it jumps to first and why is it being executed on a trap instruction? I thought a trap #15 would jump directly to the routine set as the trap vector routine (eg patch_loader_1). Also, I don't quite understand what the rnc code is doing (and I don't know if I need to to work it out to get to the game's code). The WHDLoad slave loads the rnc code to location $10000 but then the rnc code copies most of itself into location $50000 and jumps to there. Later on, when on the game title screen, if I look at location $10000 the rnc code does not exist any more. Why does it relocate itself like this? Why doesn't it just load itself directly to location $50000 in the first place? I'm not really sure I should be getting bogged down in all this stuff. Is there an easy way to get to the game code without worrying about rnc code such as code encryption etc? Do I just need to see what files the patched loader is loading and then disassemble them after they have been decrunched? Thanks in advance!

20 May 2008, 00:14	#32
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Thanks very much for the ReSource manual RedSkullDC, that's very good of you.

22 May 2008, 16:37	#33
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Sorry to do this... but bumping this to ask if anybody has any hints regarding my questions above in post #29.

23 May 2008, 12:01	#34
zenox98 Joy Division Join Date: Nov 2006 Location: East Yorkshire Age: 60 Posts: 243	Hi crabfists. You will probably need to wait for one of the big guns to notice this thread, before you get an answer. I'm still new to Resource myself, so I'm no help

23 May 2008, 12:05	#36
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Thanks zenox98. You're right, I need to wait a bit and be more patient. ps crapfists? he he

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)