Call for 68k patch on payment basis

[kas1e]

Hi All!

Some prehistory first: I was a big fan of the Foundation game back in years and now want to play in it on morphos and amigaos4. And while it works and plays ok it is still an issue for me as protrekker mod files for title screens/menu works only over Paula. Even if you choose the AHi game only use sounds over AHi but the title music is still Paula only.

Now I have some irrational and illogical fetish to fix Foundation binary (which is 68k binary of 500kb size) and replace a player of mods over Paula on a player over AHI via ptplay or/and ptreplay libraries.

I am in no way an assembler coder or coder at all, only know some little bits so want to find out someone skilled enough to do it fast enough.

I can offer for a start 150-200$ If that will motivate anyone.

As far as i understand we need to use the win32 version of IRA together with WinUae probably (to catch the moments where a player starts) then understand how the player is done and write external analog for ptplay/ptreplay library (even on C as on PPC machines that not that matter). But in general does not matter how just need those files to be played over AHi when need it and not over Paula

All I find in binary is that CIAA is used and that pure running of "ira -a -preproc Foundation" produces asm listing of ~150.000 strings and ~5mb of size.

Is anyone interested in it? I from my side will be fast on tests/providing all necessary data/etc.

Thanks.

[Hedeon]

Doesn't NallePuh work for OS4? Never tried it myself.

[kas1e]

Nope, its too old and even when works wasn't working for everything.. Besides with NallePuh morphos version out of question as well, but will be cool to patch binary so everyone can use it. I read on aw.net that "Exception hander in NallePuh is broken, it looks for 680x0 opcodes, but because of inbuild Petunia JIT, it might not get correct/expected results". Dunno how correct that info are, but what for sure that i never have NallePuh working even 10 years ago

[kas1e]

At least maybe someone can make a good reassemble of binary?

[jotd]

you probably don't need to reassemble it. Just understand where the player is called and patch it with a launcher, like the crackers did with protections for instance.

[Radertified]

You could try contacting the developer Paul Burkey: https://shoecakegames.com/

He's still an active developer on other platforms. He's embraced his Amiga past many times (he was even once a member here) so he might be able to help.

[kas1e]

@jotd
Yep sounds good as well, but while i had no hope for reassembling (but at least I may _try_ to make working binary) making a loader is surely out of my skills. Can i dare to ask you if you in interest to fix that problem in any way? (so my offer for 200$ of course is valid, just i am sure that nothing for all this work but maybe can motivate just a little).

in meantime i just do: "ira -a -preproc Foundation" and there is the archive with
binary, .cnf and .asm : https://kas1e.mikendezign.com/misc/a...se/fond_01.lha

All that i can say at the moment it seems to be written on assembler ? At least i can't see right at the begining that things going on to stack which is usuall for C but i can see that after 2-3 jumps we have (on LAB_18A7):

Code:

LAB_1807:
	MOVE.L	#$00010000,D0		;67186: 203c00010000
	JSR	LAB_0B30		;6718c: 4eb90002d492
	MOVEA.L	-32224(A5),A2		;67192: 246d8220
	LEA	202(A2),A2		;67196: 45ea00ca
	MOVEA.L	-32716(A5),A3		;6719a: 266d8034
	MOVEQ	#0,D0			;6719e: 7000
	MOVE.L	D0,-(A7)		;671a0: 2f00
	TST.L	(A2)			;671a2: 4a92
	BEQ.W	LAB_1808		;671a4: 6700000e
	MOVEA.L	(A2),A0			;671a8: 2052
	SUBQ.W	#4,A0			;671aa: 5948
	MOVE.L	(A0)+,(A7)		;671ac: 2e98
	JSR	LAB_1972		;671ae: 4eb90006aba6

But i didn't know asm so can be very wrong.

Also what is interesting, i run some tool on OS4 which catch access to Cia, and that the output i had when run the game and go to menu (so 2 modules about to play frst one for intro and second one for menu):

Quote:

CIAgent Spy Monitor
- API: CIA B: AddICRVector() ICRBit: 1=TIMER B Interrupt: $5F39243E "Protracker MusicInt" Result: $00000000
! Hit: CIA B: ?:TBLO ($BFD600) Data: 236 ($EC) Task: $60B25AA0 "Foundation"
! Hit: CIA B: ?:TBHI ($BFD700) Data: 236 ($EC) Task: $60B25AA0 "Foundation"
! Hit: CIA B: R:CRB ($BFDF00) Data: 0 ($00) Task: $60B25AA0 "Foundation"
! Hit: CIA B: W:CRB ($BFDF00) Data: 1 ($01) Task: $60B25AA0 "Foundation"
! Hit: CIA B: R:CRB ($BFDF00) Data: 1 ($01) Task: $60B25AA0 "Foundation"
! Hit: CIA B: W:CRB ($BFDF00) Data: 0 ($00) Task: $60B25AA0 "Foundation"
- API: CIA B: RemICRVector() ICRBit: 0=TIMER A Interrupt: $5F39243E "Protracker MusicInt" Result: $00000000

At least now i can be 100% sure why .mods didn't play on anything where no real paula.

[kas1e]

Quote:

Originally Posted by Radertified

You could try contacting the developer Paul Burkey: https://shoecakegames.com/

He's still an active developer on other platforms. He's embraced his Amiga past many times (he was even once a member here) so he might be able to help.

Thanks! Wrote him a mail as well... Maybe he even can share sources... Through seeing the listing of ira it can be just assembler .. but will see.


@All
And pure reassembling to new binary from ira's disassemble just like this works too:

Quote:

vasmm68k_mot -no-opt -Fhunkexe -nosym -o Foundation_new Foundation.asm

Created binary of the same size and working.

Now to find out where are the player called and probably i can made external call to a C compiled object where wrote my player over AHi. At least i hope it can be that easy.

[kas1e]

@jotd
Also tried your cheapres.py on that asm output i have. it brings me in the console that:

Quote:

D:\amiga\disasm>python cheapres.py -i Foundation.asm -o rr.aaa
cheapres.py: LAB_1901 identified as intuy string
cheapres.py: LAB_1928 identified as d string
cheapres.py: LAB_1970 identified as g string
cheapres.py: LAB_1997 identified as asl. string
cheapres.py: LAB_19CD identified as e/?z?` string
cheapres.py: LAB_19EB identified as m,y string
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: Warning: Cannot decode library name at LAB_19ED
cheapres.py: LAB_1AE2 identified as d string
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: Warning: Cannot decode library name at LAB_1CBB
cheapres.py: LAB_1D40 identified as g string
cheapres.py: LAB_1DDB identified as d string

D:\amiga\disasm>

While for example:

Quote:

LAB_19ED:
;6b5a2
;DC.B $6d,$61,$74,$68,$74,$72,$61,$6e,$73,$2e,$6c,$69,$62,$72,$61,$72
;DC.B $79,$00
DC.B "mathtrans.library",0

And LAB_1CBB are cybergraphics.library.

Checked the output and while there are surely graphics/asl/dos/etc/etc in the output i can see that only Exec.library is correctly replaced.. Maybe that is expected with such a raw output from the ira i do without any modifications by hands?

[Docent]

It looks like the game adds cia interrupt handler via system call.AddICRVector.
Search in the sourceode for jsr -6(A6) This defines AddICRVector. Before this call register a1 will be setup with a pointer to Interrupt struct, where.field is'_code is a pointer to actual cia interrupt handler with replay routine. You can replace it with your player

[kas1e]

@Docent
Thanks a bunch! Now we go further..

LAB_1D4A is the label of "actual CIA interrupt handler with replay routine" as far as i see. And while jotd's python parser didn't reparse all the libs except exec.library it did put through more readable stuff into and for example right before LAB_1D4A routine i had

Code:

LAB_1D49:
	SF	LAB_1D66		;724e0: 51f900073a3c
	LEA	HARDBASE,A0		;724e6: 41f900dff000
	CLR.W	aud0+ac_vol(A0)			;724ec: 426800a8
	CLR.W	aud1+ac_vol(A0)			;724f0: 426800b8
	CLR.W	aud2+ac_vol(A0)			;724f4: 426800c8
	CLR.W	aud3+ac_vol(A0)			;724f8: 426800d8
	MOVE.W	#$000f,DMACON		;724fc: 33fc000f00dff096
	RTS				;72504: 4e75
void_is_Code:
	DC.L	$48e7f8fe		;72506
	DC.W	$4a39			;7250a
	DC.L	LAB_1D66		;7250c: 00073a3c

Sadly that almost whole is_Code are a mess of DC.*.. Probably because IRA finds the first symbol as "H" and thinks that data .. dunno. Had to adjust code addresses in ira's config and the mess is gone. Can see the actual routine. at least i think so it does have lots of lea aud0/aud1/aud2 so it should be it

[kas1e]

@All
Is there any easy way on assembler to have visual output that i hit my code ? I just tried simple output via dos.lbrary. le:

Code:

			LEA	DosName,A1
			MOVEQ	#36,D0
			MOVEA.L	SysBase,A6
			JSR	OpenLibrary(A6)

			MOVE.L	#Hello,D1
			MOVEA.L	D0,A6
			JSR	PutStr(A6)

			MOVEA.L	A6,A1
			MOVEA.L	SysBase,A6
			JSR	CloseLibrary(A6)

And while if i put that at the beginning of the source code of the game i have output in the console but if i put those routines in cia's player then i never have any output (i just tried to find where are the name of the module taken so can move it externally to my C based player). I even tried to put it before and after AddICRVector call and nothing. While my debug tool catches that calls were done.

[Cowcat]

@kas1e

Did you try ADis disassembler? Just for having another output reference.

[kas1e]

@Cowcat
Yeah tried now. Output a bit (or not a bit) worse than in iRA but can be a good ref too. i also got another reference output from IDA PRO: this one, of course, doesn't put any names of the registers or LVOs but still something between ira and adis.

For now, i need to find a way for how to write an AHi player on C and then call it from reassembled binary. The problem there is that probably it will be in need of C startup libs... Or from the other side, i can try to write fully only on AmigaOS functions without C-lib functions involved ..

Because getting rid of Cia player to just wrote again one in assembler but over ahi seems over-complicated IMHO.

@All
is there any tool that will give me more information about the Binary file? Like by what it was compiled how much of sections of a different kind it have, readable information from hunks sections, etc. Something like "readelf" for Elf files.

[kamelito]

It as been already said but patching the binary once you know where is easier, reassembling a partial disassembly and adding code will bring bugs if not done correctly.
IIRC IRA give you the number of hunks, there’s also the CBM devtools and surely more in Aminet.

[Cowcat]

@kas1e

You can do good formating/output with Adis:

Code:

Adis -d0 -a -c2 -t Foundation-whatever -o Foundation.out

I played a little with an old Foundation demo and clearly you can see where ciaa.resource label is (and where is called) and basically the strings used in the program can be viewed or deduced if not fully decoded.

My two cents.

[Ami]

Quote:

is there any tool that will give me more information about the Binary file? Like by what it was compiled how much of sections of a different kind it have, readable information from hunks sections, etc. Something like "readelf" for Elf files.

DropHunk?

[Thomas Richter]

Quote:

Originally Posted by kas1e

is there any tool that will give me more information about the Binary file? Like by what it was compiled how much of sections of a different kind it have, readable information from hunks sections, etc. Something like "readelf" for Elf files.

http://aminet.net/package/dev/misc/Hunk

[Daedalus]

Quote:

Originally Posted by kas1e

All that i can say at the moment it seems to be written on assembler ? At least i can't see right at the begining that things going on to stack which is usuall for C but i can see that after 2-3 jumps we have (on LAB_18A7):

It's my understanding that Foundation was written using Blitz Basic. Not sure that that makes much difference unless you have deep knowledge of the Blitz compiler, but it might help to understand some parts of the code.

Edit: Additional thoughts on this are that it would have used several Blitz libraries, including the Mildred library for graphics and potentially the XBCIATracker Library for playing PT modules. The source doesn't seem to be available for these 3rd party libraries, but at least the raw library files are there. Perhaps by looking at these much smaller chunks of code, it might be easier to find key parts in the large executable?

3rd party library object files can be found here: https://github.com/AmiBlitz/AmiBlitz...thirdpartylibs

[kas1e]

@Deadalus
That 68k binary of foundation runs very well and is stable as binary itself, while all the examples for blitz basic i download from Aminet just crash a system on running.

I want to take 2-3 small blitz basic executable files and then disassemble them with IRA, so to see if there will be the same one single section code with data in, will it have that kind of jumps on the beginning, etc. Just know on which language it was written for real will help for sure.

@Thomas,Ami
Thanks! Maybe there is anything else that can "autodetect" on what language binary was created?