17 January 2006, 21:22 | #1 |
Registered User
Join Date: Nov 2005
Location: Seattle, wa
Age: 50
Posts: 65
|
Noob Questions
I am trying to learn a bit about creating trainers and I have a few general questions.
Question 1 ----------- My A1200 has 34 megs ram (2chip, 32 fast). Sysinfo says my ram is located at the following address ranges: chip: $1000 - $1FFFFF fast: $1000000 - 2FFFFFF When I am using HRTMon or PDX-AR and want to search my memory, do I have to do this in 2 separate blocks since the memory is not contiguous? for example: fs $1000 $1FFFFF "test" and then fs $1000000 $2FFFFFF "test"? If my memory starts at 1000, what is below that address? Question 2 ----------- I understand how a trackloader will load code from the disk into a specific memory location. What I dont understand is when AmigaDOS is used and the file is loaded normally, how do I know where it was loaded? If I have a disk that uses startup-sequence to launch an executable. How can I know where it was loaded to? I may not even have this problem if I was using the AR search functions properly, but I cannot find the opcodes that signify the start of the program. If I break into AR, type: lm test, 50000 m 50000 and I get: 4E 75 4E 55 00 00 4A 6C then exit and let the game load the startup-sequence and exe file then break in, I cannot find that opcode pattern in memory. -------- Hope someone can shed some light on this :P -C6 |
18 January 2006, 03:09 | #2 |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,182
|
1. Yes you have to search it in 2 blocks. It is best to disable fast memory and let the game load, then you can guarantee it is in chip memory and only one block to search! (Note that some games will override you and load into fast memory anyway as they detect it by poking values and seeing if they read back the same).
SysInfo is lying, your chip memory starts at $0 and goes to $1fffff. The first $c0 bytes are vital to keep the computer running but you can safely use memory from $c0 to $1000 despite what SysInfo tells you! Many trainer makers use low memory to store their keyboard cheat code to toggle infinite lives etc. 2. There are a couple of things you can do to get around this, a common trick is to replace the first file with a simple loader. Say the original game was "hunter", you write a program "boot" which loads "hunter", waits for the mouse (and at this point you can break into it with AR etc) and then executes it. To load the file you need to open dos.library and LoadSeg the file, which loads it somewhere in memory. You will be given back the loading address of the file. With a completely clean operating system you should find the same file will load to the same address each time. It's only if you soft-reboot with Ctrl-Amiga-Amiga that it will appear all over the place. If you are using WinUAE you can use the debugger to cause it to halt when the code is in memory rather than in ROM. Create a config with only chip memory, let the program start to load, Shift-F12 to enter debug mode, "f", then and as soon as it finishes the debugger will appear and you can see where the code is. |
18 January 2006, 07:18 | #3 |
Registered User
Join Date: Sep 2005
Location: melbourne
Age: 55
Posts: 541
|
from qustion 2:
I seem to recall that if you were writing an AmigaDOS friendly loader, first you would allocate how much free memory you needed using system library calls - and you'd be returned the address where the free memory was. Then you'd load the file into that memory address, then JMP there if it was executable code. something like that.. it's been a long time. |
18 January 2006, 09:58 | #4 | |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
Quote:
|
|
18 January 2006, 23:44 | #5 | |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,182
|
Quote:
|
|
19 January 2006, 03:30 | #6 |
Registered User
Join Date: Nov 2005
Location: Seattle, wa
Age: 50
Posts: 65
|
Thanks for the information everyone
Slowly getting the hang of things. I'm sure i'll have more questions soon heh. -c6 |
19 January 2006, 13:07 | #7 | |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
Quote:
|
|
21 January 2006, 06:57 | #8 |
Registered User
Join Date: Nov 2005
Location: Seattle, wa
Age: 50
Posts: 65
|
Is there an AmigaDOS cracking or trainer tutorial anywhere?
I thought I'd give myself some rather easy goals starting out, so I chose to try removing the novella protection from "Pirates!", since I own the original and the disk itself is not protected. I figured this would be easier than trying to figure out a custom mfm disk format. Turns out, there is tons of information/tutorials on mfm protections and a complete lack of AmiDos tuts. Anyone know of one? or maybe have something helpful in their collection? (or even willing to write one, heh) |
21 January 2006, 08:20 | #9 |
Powered by Motorola
Join Date: Feb 2002
Location: Redondo Beach, CA
Age: 52
Posts: 1,065
|
Have you checked flashtro.com. They have tutorials for other novella protections.
|
21 January 2006, 09:29 | #10 |
Registered User
Join Date: Nov 2005
Location: Seattle, wa
Age: 50
Posts: 65
|
I have, and unless i've missed it, they are all mfm/rnc tuts.
|
21 January 2006, 11:33 | #11 |
Posts: n/a
|
On Flashtro.com, perhaps you should try menu item " Novella " ...
|
21 January 2006, 22:37 | #12 |
Registered User
Join Date: Nov 2005
Location: Seattle, wa
Age: 50
Posts: 65
|
I was hoping someone knew of somthing besides flashtro.
Of the 20 novella tutorials on flashtro, 18 of them are basically the same tutorial. Only two of them are significantly different types of novella: Risky Woods and Espana games92. These two require you to pick an object on screen, the other 18 are all "type in a word from ..." Risky woods and espana both make it very easy to break into the code at the perfect location. (with an instruction that branches to itself endlessly, or by using the reset command which is easy to find) The problem I am having is finding a good way to break into the code somewhere close to the protection. With "Pirates!", you select 2 answers, but even if you get it wrong the game continues and you can still play. Maybe I chose a tough game to start with... |
21 January 2006, 23:53 | #13 |
Global Moderator
Join Date: Nov 2001
Location: Derby, UK
Age: 48
Posts: 9,355
|
Where does it crash/end?
You need to find out what is set that makes the game do that, and then emulate/fix the condition |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Noob reporting in | jerzybulovski | New to Emulation or Amiga scene | 2 | 24 September 2012 21:55 |
Stupid noob TOSEC questions | antonvaltaz | project.TOSEC (amiga only) | 6 | 15 August 2010 00:59 |
whdload noob questions | beatnik | project.WHDLoad | 2 | 23 July 2010 21:53 |
NOOB Needs Help | bburtonpa | Coders. General | 2 | 28 May 2010 17:50 |
WHDLoad noob questions | beanz | project.WHDLoad | 9 | 17 May 2008 12:58 |
|
|