![]() |
![]() |
#1 |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Having trouble decrunching the data from this exe...
Attached is the executable "jimmy.exe" from Jimmy's Fantastic Journey.
Looking at the file it appears to use Imploded data inside. I've extracted the chunk with WRip but XFDDecrunch complains that the data is corrupt and won't unpack it. I've tried looking closely at the header and determining the packed and unpacked sizes it notes but I still haven't been able to extract it successfully. It's either a "corrupt data" or "buffer truncated" error depending on how much data I've ripped. I know for a fact it can be unpacked somehow because the exe from the Crest cracked version has countless binary modifications to it - a clear sign that it was repacked and injected back into the exe. I wonder how they did it? |
![]() |
![]() |
#2 |
Banned
Join Date: Aug 2008
Location: 1
Posts: 114
|
Hello MethodGit!
A very good advice would be; Don't try decrunch the file. When doing cracks, you will run into lots of diffrent crunchers. Some are very common, and some and custom or some might be common, but with few mods, so it can not be decrunched anymore. Trust me, its a waste of time. You should rather disassemble the file, find the decrucher, and hook a call end end of it, too call your patch, when file is decrunched. This is from my experience, far the best way. You will run into key-locked ProPack files, ByteKiller routines with no header, files with fake headers, etc. Don't decrunch, patch! ![]() |
![]() |
![]() |
#3 | |||
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Does that explain why some RNC chunks extracted with WRip won't unpack as XFD complains that they're corrupt?
Quote:
Quote:
Quote:
![]() |
|||
![]() |
![]() |
#4 |
68k
Join Date: Sep 2005
Location: Somewhere
Posts: 829
|
|
![]() |
![]() |
#5 |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,187
|
MethodGit: Just trust us on this one and stop arguing. You will not be able to decrunch every file with XFDDecrunch to alter it. Patch the end of the decrunching routine and you will be able to do anything you wish.
For your info, a headerless file wouldn't have the PP20, IMP!, RNC etc identifier at the start so it just appears to be a random stream of data. |
![]() |
![]() |
#6 | |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Quote:
Hard = find the routine in a file and alter it directly (i.e. permanently). And yes, I'm aware some formats can't be decrunched by any program or be repacked. Then I'll go around it via memory-patching. I am a fan of and do collect both soft and hard hacks! ![]() BTW, can anyone confirm whether the Imploded data in this exe can actually be extracted or not? |
|
![]() |
![]() |
#7 |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,187
|
Yes of course it can be extracted since the game does that.
|
![]() |
![]() |
#8 |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
|
![]() |
![]() |
#9 |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,187
|
Why are you assuming it is imploder data? Just because it has IMP! in the file doesn't mean anything. The coders probably put that in thinking lamers would guess it's imploder data and wouldn't be able to decrunch it, and they're right!
![]() |
![]() |
![]() |
#10 |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Well so far I've renamed the header to PP20, RNC and Ice! and neither of those have worked so far.
![]() Here's Crest's exe for comparison. Something has to explain that massive chunk of difference in data. I highly doubt a simple manual check needed several gazillion bytes changing to defeat it either. |
![]() |
![]() |
#11 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
Not too surprising since it's not crunched with any of the mentioned crunchers. Decrunching the data is easy if you know how, obviously, you need the decrunch routine and this must be somehwere in the executable as otherwise the game wouldn't be able to decrunch its own data. Thus, if you locate the decrunch routine and understand its parameters (just check how it's called in the game code) you can decrunch the data easily. I have attached a source which will decrunch both packed data files and I used exactly the approach I described to do that.
|
![]() |
![]() |
#12 |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Well thanks for this! I suppose I need to run this through ASM-One or any other assembler to make a program out of it?
And I take it that those IMP! headers in the exe are actually a load of fibs then? ![]() |
![]() |
![]() |
#13 | |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
Quote:
They are fake, yes. Just done so it couldn't be decrunched with the "normal" decrunchers. |
|
![]() |
![]() |
#14 |
Junior Member
Join Date: Dec 2002
Location: The Streets
Age: 40
Posts: 2,731
|
Once again, thank you! I must admit though.......... while I was waiting for some help at the time, I decided to try and see if I could work around it with (you guessed it) a boot patch. My code to date:
Code:
7000C = BSR 000700C0 700C0 = LEA 000000C0,A0 700C6 = LEA 70100(PC),A1 700CA = MOVE.W #200,D7 700CE = MOVE.B (A1)+,(A0)+ 700D0 = DBF D7,000700CE 700D4 = LEA 7004C(PC),A1 700D8 = RTS 70100 = ADDA.L #92,A1 70106 = MOVE.L #4E714E71,(A1) 7010C = SUBA.L #92,A1 70112 = ADDA.L #B8,A1 70118 = MOVE.L #4E714E71,(A1) 7011E = SUBA.L #B8,A1 70124 = JMP (A1) ![]() |
![]() |
![]() |
#15 | |||
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,865
|
Quote:
Code:
lea 92(a1),a2 move.l #$4e714e71(a2) Code:
move.l #$4e714e71,92(a1) Quote:
Quote:
I'd place the patch at the beginning of the loop, i.e. I'd replace the move.l (a5),d0 instruction with a jmp $c0.w. And in your patch code you'll have to add the code that's executed in the original executable of course. I.e. your patch would look like this: Code:
.loop move.l (a5),d0 add.l d1,(a1,d0.w) addq.w #4,a5 dbf d7,.loop ; a1: start of decrunched data ; patch it ... ; let's go jmp (a1) - load the executable using LoadSeg (dos.library) - before starting it you install your patches - start the just loaded executable Last edited by StingRay; 29 November 2010 at 17:51. Reason: typos, additions |
|||
![]() |
![]() |
#16 |
2 contact me: email only!
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,187
|
For a LoadSeg example without modifying files, have a look at Football Manager: World Cup Edition on Flashtro. Just ignore the copylock stuff!
|
![]() |
![]() |
#17 |
Joy Division
Join Date: Nov 2006
Location: East Yorkshire
Age: 60
Posts: 243
|
V nice example, Codetapper. Many thanks
![]() |
![]() |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Trouble decrunching specific data in Shadow Fighter AGA | MethodGit | Coders. General | 6 | 23 November 2010 03:07 |
If WinUAE cannot detect your supposedly empty HDD, look for zap.exe or wipe.exe. | fmcpma | support.WinUAE | 5 | 08 August 2006 00:35 |
.exe games | Wavid | New to Emulation or Amiga scene | 9 | 29 May 2005 17:55 |
S!P-WelcomeSurprise1.exe | jrom | request.Demos | 3 | 07 July 2002 23:21 |
|
|