(this is my first "try" of getting into reverse engeneering the game)
i just found out that load.exe is exepacker based
and can be easily uncompressed with UNP (in zip-archive \unp412b)
and i reduced the normal stunts11 package to the minimal amount of files
(data and "executables") needed to run the game (without the anti-password-crack, setup stuff)
so its easier to use an debugger or disassembler (http://www.hex-rays.com/idapro/idadownfreeware.htm (http://www.hex-rays.com/idapro/idadownfreeware.htm)) on it
and the dosbox debugger could also help: http://vogons.zetafleet.com/viewtopic.php?t=3944 (http://vogons.zetafleet.com/viewtopic.php?t=3944)
in the load.asm file is an first-shot-listing from ida freeware
just use start.bat to start the game - happy opcode extracting
Hi llm, welcome to the forums! It's always nice to see new faces around here.
About a year ago I began doing the same thing, reversed the decompression format and wrote my own implementation (http://code.google.com/p/stuntstools/source/browse/#svn/trunk/stunpack/src). With this tool we can decompress the actual code files. It would be awesome to reverse the physics code, then we could add modern 3d rendering, make automated replay analysis, etc.</daydream>
The next logical step would probably be to build a new EXE file from the CMN/DIF/COD/DRV files to ease the reversing process by skipping LOAD.EXE.
We have documented some of the data formats on the Stunts Wiki (http://wiki.stunts.hu/index.php/Resource_file_format). See also the reversing discussion thread (http://forum.stunts.hu/index.php?topic=1137.0) (contains lots of inaccuracies as well).
does your uncompress tool also work for the load.exe
and the other "executables" or just for the data files?
cas (http://forum.stunts.hu/index.php?topic=1663.msg22912#msg22912 (http://forum.stunts.hu/index.php?topic=1663.msg22912#msg22912)) had the
idea that the .cod and other files are also compressed (maybe with the same algorithm)
do you got an pre-disassembled version of the load.exe (like in my 7z-file)
or additional information(ideas) about the process of combining
the .dif/.hdr files in memory + run?
and i need a good 16-bit debugger - is the dosbox debugger ok for that
(i want to trace all the int 21h "calls")
bye
dosbox is great for tracing
but there are still missing logs for file-read/write/close... etc. in dos_files.cpp
that is the interesting part of the dosbox 0.72 debugger log
.....
292274: EXEC:Parsing command line: load /u MCGA /ssb
292277: EXEC:Execute load.EXE 0
292277: FILES:file open command 0 file load.EXE
295175: FILES:file open command 0 file setup.dat --> NOT NEEDED
297261: FILES:file open command 0 file LOAD.EXE
297736: FILES:file open command 0 file LOAD.EXE
299442: FILES:file open command 0 file LOAD.EXE
303022: FILES:file open command 0 file LOAD.EXE
324105: FILES:file open command 0 file setup.dat --> NOT NEEDED
325611: FILES:file open command 0 file MCGA.hdr
326087: FILES:file open command 0 file MCGA.hdr
331822: FILES:file open command 0 file ega.cmn
4710849: FILES:file open command 0 file ega.cmn
9089067: FILES:file open command 0 file mcga.dif
10375116: FILES:file open command 0 file mcga.cod
12136719: PIC:0 mask FB
12136737: PIC:0 mask F8
12137701: INT10:Set Video Mode 13
12137701: VGA:Blinking 0
12137774: PIC:0 mask FB
12137791: PIC:0 mask F8
12137796: PIT:PIT 0 Timer set without new control word
12137796: PIT:PIT 0 Timer at 100.00 Hz mode 3
12139079: MOUSE:Define Hortizontal range min:0 max:638
12139142: MOUSE:Define Vertical range min:0 max:199
12139708: FILES:file open command 0 file ad15.drv
12139936: FILES:file open command 0 file ad15.drv
12172478: FILES:file open command 0 file sdmain.PVS
12172713: FILES:file open command 0 file sdmain.PVS
12172789: FILES:file open command 0 file sdmain.PVS
12208132: VGA:h total 100 end 80 blank (80/98) retrace (84/96)
12208132: VGA:v total 449 end 400 blank (406/441) retrace (412/414)
12208132: VGA:Width 320, Height 200, fps 70.086304
12208132: VGA:double width, double height aspect 1.200000
12249935: VGAMISC:Parts left: 4
..... the intro starts here
so the "executables" needed for a run are:
load.exe
ega.cmn
mcga.hdr/dif/cod
ad15.drv --> soundblaster ... looks like an sys-driver (says ida freeware)
but there is no hidden-file-create or something like that :-{
are more detailed log (i've added some log messages to the dos-filehandling of dosbox)
-----------------------------------
dos starts load.exe itselfe
292274: EXEC:Parsing command line: load /u MCGA /ssb
292277: EXEC:Execute load.EXE 0
292277: FILES:DOS_OpenFile
292277: FILES:file open command 0 file load.EXE
292277: FILES:DOS_ReadFile .. read exe header?
292277: FILES:DOS_SeekFile ..
292277: FILES:DOS_ReadFile ..
292277: FILES:DOS_SeekFile ..
292277: FILES:DOS_ReadFile
~200 calls to DOS_ReadFile
292277: FILES:DOS_ReadFile
292277: FILES:DOS_ReadFile
292277: FILES:DOS_ReadFile
292277: FILES:DOS_CloseFile
-----------------------------------
295175: FILES:DOS_OpenFile
295175: FILES:file open command 0 file setup.dat
296058: FILES:DOS_WriteFile
extract of data from the load.exe?
297261: FILES:DOS_OpenFile
297261: FILES:file open command 0 file LOAD.EXE
297271: FILES:DOS_SeekFile
297279: FILES:DOS_SeekFile
297300: FILES:DOS_CloseFile
297736: FILES:DOS_OpenFile
297736: FILES:file open command 0 file LOAD.EXE
297972: FILES:DOS_ReadFile
298098: FILES:DOS_CloseFile
299442: FILES:DOS_OpenFile
299442: FILES:file open command 0 file LOAD.EXE
299595: FILES:DOS_SeekFile
299822: FILES:DOS_ReadFile
299946: FILES:DOS_CloseFile
303022: FILES:DOS_OpenFile
303022: FILES:file open command 0 file LOAD.EXE
303258: FILES:DOS_ReadFile
303398: FILES:DOS_CloseFile
324105: FILES:DOS_OpenFile
324105: FILES:file open command 0 file setup.dat
325611: FILES:DOS_OpenFile
325611: FILES:file open command 0 file MCGA.hdr
325621: FILES:DOS_SeekFile
325629: FILES:DOS_SeekFile
325651: FILES:DOS_CloseFile
326087: FILES:DOS_OpenFile
326087: FILES:file open command 0 file MCGA.hdr
326323: FILES:DOS_ReadFile
326449: FILES:DOS_CloseFile
331822: FILES:DOS_OpenFile
331822: FILES:file open command 0 file ega.cmn
331845: FILES:DOS_ReadFile
333849: FILES:DOS_SeekFile
333865: FILES:DOS_ReadFile
608542: FILES:DOS_ReadFile
884622: FILES:DOS_ReadFile
1159489: FILES:DOS_ReadFile
1436204: FILES:DOS_ReadFile
1715283: FILES:DOS_ReadFile
1995735: FILES:DOS_ReadFile
2279468: FILES:DOS_ReadFile
2553427: FILES:DOS_ReadFile
2836708: FILES:DOS_ReadFile
3117516: FILES:DOS_ReadFile
3398665: FILES:DOS_ReadFile
3673687: FILES:DOS_ReadFile
3951523: FILES:DOS_ReadFile
4257609: FILES:DOS_ReadFile
4560061: FILES:DOS_ReadFile
4708330: FILES:DOS_CloseFile
4710849: FILES:DOS_OpenFile
4710849: FILES:file open command 0 file ega.cmn
4710872: FILES:DOS_ReadFile
4712877: FILES:DOS_SeekFile
4712893: FILES:DOS_ReadFile
4987584: FILES:DOS_ReadFile
5263664: FILES:DOS_ReadFile
5538517: FILES:DOS_ReadFile
5815246: FILES:DOS_ReadFile
6094325: FILES:DOS_ReadFile
6374777: FILES:DOS_ReadFile
6658496: FILES:DOS_ReadFile
6932469: FILES:DOS_ReadFile
7215750: FILES:DOS_ReadFile
7496544: FILES:DOS_ReadFile
7777707: FILES:DOS_ReadFile
8052729: FILES:DOS_ReadFile
8330565: FILES:DOS_ReadFile
8636637: FILES:DOS_ReadFile
8939103: FILES:DOS_ReadFile
9087372: FILES:DOS_CloseFile
9089067: FILES:DOS_OpenFile
9089067: FILES:file open command 0 file mcga.dif
9089090: FILES:DOS_ReadFile
9091047: FILES:DOS_SeekFile
9091063: FILES:DOS_ReadFile
9395235: FILES:DOS_ReadFile
9701446: FILES:DOS_ReadFile
9751824: FILES:DOS_CloseFile
10375116: FILES:DOS_OpenFile
10375116: FILES:file open command 0 file mcga.cod
10375139: FILES:DOS_ReadFile
10377144: FILES:DOS_SeekFile
10377160: FILES:DOS_ReadFile
10650078: FILES:DOS_ReadFile
10917421: FILES:DOS_ReadFile
11188582: FILES:DOS_ReadFile
11480708: FILES:DOS_ReadFile
11793549: FILES:DOS_ReadFile
12112300: FILES:DOS_CloseFile
12136719: PIC:0 mask FB
12136737: PIC:0 mask F8
12137701: INT10:Set Video Mode 13
12137701: VGA:Blinking 0
12137774: PIC:0 mask FB
12137791: PIC:0 mask F8
12137796: PIT:PIT 0 Timer set without new control word
12137796: PIT:PIT 0 Timer at 100.00 Hz mode 3
12139079: MOUSE:Define Hortizontal range min:0 max:638
12139142: MOUSE:Define Vertical range min:0 max:199
12139708: FILES:DOS_OpenFile
12139708: FILES:file open command 0 file ad15.drv
12139718: FILES:DOS_SeekFile
12139726: FILES:DOS_SeekFile
12139748: FILES:DOS_CloseFile
12139936: FILES:DOS_OpenFile
12139936: FILES:file open command 0 file ad15.drv
12139947: FILES:DOS_ReadFile
12139957: FILES:DOS_CloseFile
i hope to see logical parts inside of these files by using the information from open,seek and read
even more detailed - the readfile operations looks strange
292274: EXEC:Parsing command line: load /u MCGA /ssb
292277: EXEC:Execute load.EXE 0
292277: FILES:DOS_OpenFile
292277: FILES:file open command 0 file load.EXE
292277: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 28 )
292277: FILES:DOS_SeekFile( pos: 928, type: DOS_SEEK_SET )
292277: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 20576 )
292277: FILES:DOS_SeekFile( pos: 28, type: DOS_SEEK_SET )
224 x 292277: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 4 )
292277: FILES:DOS_CloseFile
292277: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
295175: FILES:DOS_OpenFile
295175: FILES:file open command 0 file setup.dat
296058: FILES:DOS_WriteFile
297261: FILES:DOS_OpenFile
297261: FILES:file open command 0 file LOAD.EXE
297271: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_END )
297279: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_SET )
297300: FILES:DOS_CloseFile
297300: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
297736: FILES:DOS_OpenFile
297736: FILES:file open command 0 file LOAD.EXE
297972: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 32768 )
298098: FILES:DOS_CloseFile
298098: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
299442: FILES:DOS_OpenFile
299442: FILES:file open command 0 file LOAD.EXE
299595: FILES:DOS_SeekFile( pos: 928, type: DOS_SEEK_SET )
299822: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 20352 )
299946: FILES:DOS_CloseFile
299946: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
303022: FILES:DOS_OpenFile
303022: FILES:file open command 0 file LOAD.EXE
303258: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 32768 )
303398: FILES:DOS_CloseFile
303398: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
324105: FILES:DOS_OpenFile
324105: FILES:file open command 0 file setup.dat
325611: FILES:DOS_OpenFile
325611: FILES:file open command 0 file MCGA.hdr
325621: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_END )
325629: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_SET )
325651: FILES:DOS_CloseFile
325651: FILES: DOS_CloseFile( name: STUNTS11\MCGA.HDR )
326087: FILES:DOS_OpenFile
326087: FILES:file open command 0 file MCGA.hdr
326323: FILES:DOS_ReadFile( name: STUNTS11\MCGA.HDR, amount: 32768 )
326449: FILES:DOS_CloseFile
326449: FILES: DOS_CloseFile( name: STUNTS11\MCGA.HDR )
331822: FILES:DOS_OpenFile
331822: FILES:file open command 0 file ega.cmn
331845: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 512 )
333849: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
333865: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
608542: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
884622: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1159489: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1436204: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1715283: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1995735: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2279468: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2553427: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2836708: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3117516: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3398665: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3673687: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3951523: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4257609: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4560061: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4708330: FILES:DOS_CloseFile
4708330: FILES: DOS_CloseFile( name: STUNTS11\EGA.CMN )
4710849: FILES:DOS_OpenFile
4710849: FILES:file open command 0 file ega.cmn
4710872: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 512 )
4712877: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
4712893: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4987584: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5263664: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5538517: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5815246: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6094325: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6374777: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6658496: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6932469: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7215750: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7496544: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7777707: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8052729: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8330565: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8636637: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8939103: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
9087372: FILES:DOS_CloseFile
9087372: FILES: DOS_CloseFile( name: STUNTS11\EGA.CMN )
9089067: FILES:DOS_OpenFile
9089067: FILES:file open command 0 file mcga.dif
9089090: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 512 )
9091047: FILES:DOS_SeekFile( pos: 262, type: DOS_SEEK_SET )
9091063: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 8192 )
9395235: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 8192 )
9701446: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 8192 )
9751824: FILES:DOS_CloseFile
9751824: FILES: DOS_CloseFile( name: STUNTS11\MCGA.DIF )
10375116: FILES:DOS_OpenFile
10375116: FILES:file open command 0 file mcga.cod
10375139: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 512 )
10377144: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
10377160: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
10650078: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
10917421: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11188582: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11480708: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11793549: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
12112300: FILES:DOS_CloseFile
12112300: FILES: DOS_CloseFile( name: STUNTS11\MCGA.COD )
12136719: PIC:0 mask FB
12136737: PIC:0 mask F8
12137701: INT10:Set Video Mode 13
12137701: VGA:Blinking 0
12137774: PIC:0 mask FB
12137791: PIC:0 mask F8
12137796: PIT:PIT 0 Timer set without new control word
12137796: PIT:PIT 0 Timer at 100.00 Hz mode 3
12139079: MOUSE:Define Hortizontal range min:0 max:638
12139142: MOUSE:Define Vertical range min:0 max:199
12139708: FILES:DOS_OpenFile
12139708: FILES:file open command 0 file ad15.drv
12139718: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_END )
12139726: FILES:DOS_SeekFile( pos: 0, type: DOS_SEEK_SET )
12139748: FILES:DOS_CloseFile
12139748: FILES: DOS_CloseFile( name: STUNTS11\AD15.DRV )
12139936: FILES:DOS_OpenFile
12139936: FILES:file open command 0 file ad15.drv
12139947: FILES:DOS_ReadFile( name: STUNTS11\AD15.DRV, amount: 16384 )
12139957: FILES:DOS_CloseFile
12139957: FILES: DOS_CloseFile( name: STUNTS11\AD15.DRV )
Welcome to the community llm.
I won't take part in this discussion, too much technical for me. ;D
CMN/DIF/COD files are compressed using the same scheme as game resource files. Image header HDR and sound driver DRV are not compressed afaik. The DOSBox debugger BPINT command takes a AH register value as its second argument, so "BPINT 21 3F" will break on DOS file read.
I'll have to dig up my Stunts notes, I think I have plenty of comments and symbol names for the uncompression subroutines. Another hacker (http://forum.stunts.hu/index.php?topic=2306) just resurfaced here as well recently, hopefully we can collaborate to reverse the CMN/DIF/COD pathcing in order to produce a stand-alone EXE image so we don't have to deal with LOAD.EXE's self-modification.
the HDR is an exe-file header according to the UNP-Tool and Cas
and the combined (loaded by load.exe) executables CMN/DIF and COD files are nearly the size of the exe-image-size in the HDR-File
maybe the uncompressed versions are filling the gap of just ~4kbytes :-)
@dstien:
can you upload the uncompress versions of the DIF,CMN and COD-Files?
is the load.exe still usable with the uncompressed files (like the game-data)?
@dstien: i get you stunpack compiled and uncompressed the files myselfe
interesting is that the uncompressed EGA.CMN + MCGA.COD is extacly
the size of bytes as state in the MCGA.HDR under exe-image size: 198613 bytes
mcga.hdr
File Information (in Hex)
Header size: 0020 --> 32
Code size: 000307D5 --> 198613
Min Load size: 000383D5 --> 230357
Min allocation (para): 07C0
Max allocation (para): 07C0
Initial CS:IP: 2F25:0012
Initial SS:SP: 322D:0080
Relocation count: 0000
Relo table start: 001E
EXE file checksum: 0000
Overlay number: 0000
name filesize
mcga.hdr 30
ega.cmn 143104
mcga.cod 55509
mcga.dif 23062
ega.cmn + mcga.cod = 143104 + 55509 = 198613 == Code size
(I'm late, but still) Welcome, Llm! As of now I lack both knowledge and time to get actively involved in those efforts, but it's great to know the reverse engineering efforts are not a lonely struggle any more ;) Knowledge is power!
This is by far the topic I less understand... but it's great to see people working on it.
Quote from: Duplode on January 18, 2009, 04:19:11 AM
Knowledge is power!
Then I'm powerless here :D
i've added log-entries to all load.exe used dos functions (execute, file, memory) and thats the log
of the complete process after dos gives control over to load.exe itselfe
295175: FILES:DOS_OpenFile
295175: FILES:file open command 0 file setup.dat
296058: FILES:DOS_WriteFile
filesize(load.exe)
297490: MISC:DOS_AllocateMemory( segment: 15A4, blocks: 34087 = 545392 bytes )
297576: MISC:DOS_AllocateMemory( segment: 9ACC, blocks: 1330 = 21280 bytes )
297667: MISC:DOS_FreeMemory( segment: 15A4 )
297736: FILES:DOS_OpenFile
297736: FILES:file open command 0 file LOAD.EXE
297972: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 21280 )
298098: FILES:DOS_CloseFile
298098: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
298528: MISC:DOS_FreeMemory( segment: 9ACC )
299000: MISC:DOS_AllocateMemory( segment: 15A4, blocks: 25070 = 401120 bytes )
299086: MISC:DOS_AllocateMemory( segment: 7793, blocks: 10347 = 165552 bytes )
299177: MISC:DOS_FreeMemory( segment: 15A4 )
299442: FILES:DOS_OpenFile
299442: FILES:file open command 0 file LOAD.EXE
299595: FILES:DOS_SeekFile( pos: 928, type: DOS_SEEK_SET )
299822: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 20352 )
299946: FILES:DOS_CloseFile
299946: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
301086: MISC:DOS_AllocateMemory( segment: 15A4, blocks: 25061 = 400976 bytes )
301172: MISC:DOS_AllocateMemory( segment: 778A, blocks: 7 = 112 bytes )
301263: MISC:DOS_FreeMemory( segment: 15A4 )
302956: MISC:DOS_AllocateMemory( segment: 15A4, blocks: 24293 = 388688 bytes )
303022: FILES:DOS_OpenFile
303022: FILES:file open command 0 file LOAD.EXE
303258: FILES:DOS_ReadFile( name: STUNTS11\LOAD.EXE, amount: 21280 )
303398: FILES:DOS_CloseFile
303398: FILES: DOS_CloseFile( name: STUNTS11\LOAD.EXE )
321005: MISC:DOS_FreeMemory( segment: 15A4 )
321128: MISC:DOS_ResizeMemory ( segment: 7793, blocks: 5243 )
324105: FILES:DOS_OpenFile
324105: FILES:file open command 0 file setup.dat
325611: FILES:DOS_OpenFile
filesize(mcga.hdr)
325651: FILES: DOS_CloseFile( name: STUNTS11\MCGA.HDR )
325841: MISC:DOS_AllocateMemory( segment: 15A4, blocks: 25057 = 400912 bytes )
325927: MISC:DOS_AllocateMemory( segment: 105, blocks: 2 = 32 bytes )
326018: MISC:DOS_FreeMemory( segment: 15A4 )
326087: FILES:DOS_OpenFile
326087: FILES:file open command 0 file MCGA.hdr
326323: FILES:DOS_ReadFile( name: STUNTS11\MCGA.HDR, amount: 30 )
326449: FILES:DOS_CloseFile
326449: FILES: DOS_CloseFile( name: STUNTS11\MCGA.HDR )
329267: MISC:DOS_FreeMemory( segment: 128 )
329354: MISC:DOS_AllocateMemory( segment: 128, blocks: 14446 = 231136 bytes )
331822: FILES:DOS_OpenFile
331822: FILES:file open command 0 file ega.cmn
331830: MISC:DOS_AllocateMemory( segment: 3997, blocks: 512 = 8192 bytes )
331845: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 512 )
333849: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
333865: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
608542: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
884622: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1159489: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1436204: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1715283: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
1995735: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2279468: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2553427: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
2836708: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3117516: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3398665: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3673687: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
3951523: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4257609: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4560061: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 4184 )
4708324: MISC:DOS_FreeMemory( segment: 3997 )
4708330: FILES:DOS_CloseFile
4708330: FILES: DOS_CloseFile( name: STUNTS11\EGA.CMN )
4710849: FILES:DOS_OpenFile
4710849: FILES:file open command 0 file ega.cmn
4710857: MISC:DOS_AllocateMemory( segment: 3997, blocks: 512 = 8192 bytes )
4710872: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 512 )
4712877: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
4712893: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
4987584: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5263664: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5538517: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
5815246: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6094325: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6374777: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6658496: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
6932469: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7215750: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7496544: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
7777707: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8052729: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8330565: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8636637: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 8192 )
8939103: FILES:DOS_ReadFile( name: STUNTS11\EGA.CMN, amount: 4184 )
9087366: MISC:DOS_FreeMemory( segment: 3997 )
9087372: FILES:DOS_CloseFile
9087372: FILES: DOS_CloseFile( name: STUNTS11\EGA.CMN )
9089006: MISC:DOS_AllocateMemory( segment: 3997, blocks: 15090 = 241440 bytes )
9089067: FILES:DOS_OpenFile
9089067: FILES:file open command 0 file mcga.dif
9089075: MISC:DOS_AllocateMemory( segment: 748A, blocks: 512 = 8192 bytes )
9089090: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 512 )
9091047: FILES:DOS_SeekFile( pos: 262, type: DOS_SEEK_SET )
9091063: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 8192 )
9395235: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 8192 )
9701446: FILES:DOS_ReadFile( name: STUNTS11\MCGA.DIF, amount: 1312 )
9751818: MISC:DOS_FreeMemory( segment: 748A )
9751824: FILES:DOS_CloseFile
9751824: FILES: DOS_CloseFile( name: STUNTS11\MCGA.DIF )
10374975: MISC:DOS_FreeMemory( segment: 3997 )
10375116: FILES:DOS_OpenFile
10375116: FILES:file open command 0 file mcga.cod
10375124: MISC:DOS_AllocateMemory( segment: 3997, blocks: 512 = 8192 bytes )
10375139: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 512 )
10377144: FILES:DOS_SeekFile( pos: 273, type: DOS_SEEK_SET )
10377160: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
10650078: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
10917421: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11188582: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11480708: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 8192 )
11793549: FILES:DOS_ReadFile( name: STUNTS11\MCGA.COD, amount: 7666 )
12112294: MISC:DOS_FreeMemory( segment: 3997 )
12112300: FILES:DOS_CloseFile
12112300: FILES: DOS_CloseFile( name: STUNTS11\MCGA.COD )
12112455: MISC:DOS_FreeMemory( segment: 105 )
12112594: MISC:DOS_FreeMemory( segment: 778A )
12112682: MISC:DOS_FreeMemory( segment: 7793 )
12135695: MISC:DOS_ResizeMemory ( segment: 128, blocks: 14446 )
12136719: PIC:0 mask FB
12136737: PIC:0 mask F8
12137300: MISC:DOS_AllocateMemory( segment: 3997, blocks: 100 = 1600 bytes )
12137311: MISC:DOS_ResizeMemory ( segment: 3997, blocks: 26217 )
12137316: MISC:DOS_ResizeMemory ( segment: 3997, blocks: 26216 )
12137701: INT10:Set Video Mode 13
12137701: VGA:Blinking 0
12137774: PIC:0 mask FB
12137791: PIC:0 mask F8
12137796: PIT:PIT 0 Timer set without new control word
12137796: PIT:PIT 0 Timer at 100.00 Hz mode 3
12139079: MOUSE:Define Hortizontal range min:0 max:638
12139142: MOUSE:Define Vertical range min:0 max:199
filesize(ad15.drv)
12139936: FILES:DOS_OpenFile
12139936: FILES:file open command 0 file ad15.drv
12139947: FILES:DOS_ReadFile( name: STUNTS11\AD15.DRV, amount: 3571 )
12139957: FILES:DOS_CloseFile
12139957: FILES: DOS_CloseFile( name: STUNTS11\AD15.DRV )
12172478: FILES:DOS_OpenFile
12172478: FILES:file open command 0 file sdmain.PVS
12172488: FILES:DOS_ReadFile( name: STUNTS11\SDMAIN.PVS, amount: 4 )
12172496: FILES:DOS_CloseFile
12172496: FILES: DOS_CloseFile( name: STUNTS11\SDMAIN.PVS )
filesize(sdmain.pvs)
12172789: FILES:DOS_OpenFile
12172789: FILES:file open command 0 file sdmain.PVS
12172800: FILES:DOS_ReadFile( name: STUNTS11\SDMAIN.PVS, amount: 1176 )
12172810: FILES:DOS_CloseFile
12172810: FILES: DOS_CloseFile( name: STUNTS11\SDMAIN.PVS )
my intention/questions:
-what does load.exe read from itselfe (the readfile operations on load.exe are invoked by the load.exe code itselfe)
-which memory segement is used to store the combinde code? (some segement are not freed)
-reduce the amount of unknowns to the absolute minimum - before starting the disassembler-party
-find a good starting point in the game-startup process for going through the disassembled code
any other ideas what is interesting to see in the log?
todo: find out which allocated segement are used for the readfiles
and (more important) which not (needed for holding the uncompressed code)
and what i can say so far is:
-the cmn,cod,dif,hdr,drv executables are loaded only at load.exe startup - no later access to these files (that means the code IS completely in ram)
-it seems that the video-stuff (mcga init, ...) is activated before the sound-drv
anyone interested in my small dosbox changes to produce the same log?
and a question about dos memory:
is a paragraph 16bytes?
and why can i allocate (in my log) memory larger than 64kb?
is there a better place for posting my logs
the allocation for segment 128 is the right size (from mcga.hdr)
and with the allocation for segment: 3997 the only memory which survive the alloc/free startup process
until mcga init
for segment 128 (the 5. memory-function after filesize(mcga.hdr))
329354: MISC:DOS_AllocateMemory( segment: 128, blocks: 14446 = 231136 bytes )
...
for segment 3397 (the 3. line before 12137701: INT10:Set Video Mode 13)
MISC:DOS_AllocateMemory( segment: 3997, blocks: 100 = 1600 bytes )
these two need to hold the code - because all others are freed :-)
a way to dump the memory into a file?
i've dumped the segment: 128 into a file (memdumpbin 128:0 length in hex)
and the segment 3397
~ = uncompressed and modified
memdump_128 = ~ega.cmn~ + ~mcga.cod~
and it seams the the last part of the file is the uncompressed mcga.cod with small differences
the front seems to be the ega.cmn also with small differences (in some blank fields of the original file is now "ad15.drv" etc...)
the header of the dump from segement 3397 is the adv15.drv (also with small modifications)
then the uncompressed mcga.dif (minor modifications) and the load.exe at the end
memdump_3397 = ~adv15.drv~ + ~mcga.diff~ + big_unknown_block + ~load.exe~
i need a very very good diff tool - i tried araxis merge at my company - but i need something free
the small modifications can be a bug in the stunpack algorithm or unitialized data or something
Hey, guys! I'm in!
I'm so, so happy that some other people are working on this now. I had left it for so long! But now I'll put hands at work. What I researched some time ago may be now mostly useless, but I trust one or two things will serve and I will be able to help with more research.
Right now I'm on my Linux partition. I'll jump to DOS to translate my old files to English and ZIP them and I'll come back to send them. No big thing, but something is something.
I do not have DOSBox. I think I should download it. I have pure DOS and Ubuntu Linux. I do not have a disassembler and never had... I still have to learn how to handle those things.
These are some things I thought would be nice to do if we get this work done:
- It would be great to create a .DRV file (sound) that could replace the Tandy one or some other not very used and that would redirect the sound requests to a new sound API for DOS (if you take a look at freedos.org, many people have long been trying to accomplish a new sound API for DOS)
- I'd love to be able to add more elements to be used on tracks and create tracks of sizes different from 30x30. Also, elements with heights greater than 3, that is, ramps that could take you very high and bridges above bridges
- It'd be nice to dismantle the car format and maybe even replace it for something more flexible so that a utility could be created to design your own car (appearance included)
- A system could be added so that replays were encrypted, allowing Stunts championships to verify if replays were handled or not without needing to record a video (I've already tried to do this once in a different way)
- Opponent commands could be redirected to a remote computer and an option could be set to play as "#2" and appear on the left side. This way, a 2-person race would be possible.
All these things seem crazy, but isn't it even harder to do what we are trying to do right now?
OK... I'll go and zip those files now! Be right back! :)
=================
Alright! Here I am uploading the Zip file. Look for the README.1ST file in it
great, we are having a small Stunts development team. Wish you success! Do you need a subforum?
our own subforum - would be great
can you also transfer this topic into the new one
Quote from: Cas on January 22, 2009, 06:56:05 AM
I'm so, so happy that some other people are working on this now. I had left it for so long! But now I'll put hands at work. What I researched some time ago may be now mostly useless, but I trust one or two things will serve and I will be able to help with more research.
I guess everyone should be as happy as you are... :)
Quote from: Cas on January 22, 2009, 06:56:05 AM
I do not have DOSBox. I think I should download it. I have pure DOS and Ubuntu Linux.
Indeed you should: DOSBox + Linux is at the moment our perfect sandbox investigation ambient (and a very good one for racing too!)
Quote from: Cas on January 22, 2009, 06:56:05 AM
- I'd love to be able to add more elements to be used on tracks and create tracks of sizes different from 30x30. Also, elements with heights greater than 3, that is, ramps that could take you very high and bridges above bridges
Hacking the track assembling and edition routines so we can introduce new track elements without removing old ones - it's the possibility I enjoy contemplating the most :)
Quote from: Cas on January 22, 2009, 06:56:05 AM
- It'd be nice to dismantle the car format and maybe even replace it for something more flexible so that a utility could be created to design your own car (appearance included)
Great strides were made in that direction over the last year, so that is not just a dream any more - I highly recommend you to check this subforum (http://forum.stunts.hu/index.php?board=88.0) ;)
Quote from: Cas on January 22, 2009, 06:56:05 AM
- A system could be added so that replays were encrypted, allowing Stunts championships to verify if replays were handled or not without needing to record a video (I've already tried to do this once in a different way)
I am a bit skeptical on the possibility of taming/eliminating RH (and the implications of such a deed for game mechanics and competitions), but there's more opinion than fact in my position... Anyway, what was the "different way" you once tried?
WOW! A subforum! fantastic!
About handling replay handling, what I had tried was using Game Wizard to locate in the memory structure, where Stunts stored the menu item number and related stuff, to make a TSR program to be loaded before Stunts (and unloaded at the end) that monitored this and automatically saved a replay in a different format, setting a flag if there is a crash or if you reload a replay. I succeeded to find the memory location, but I could not find where Stunts channels the current key being pressed as a command, to generate the replay. Check the format file I wrote for the replays. It's in Spanish, but I can translate it later. :D
like duplode said dosbox is realy the best sandbox for testing -
i've made changes to the very easy to read source code to get the logs as shown post before
and i think you could use ida pro freeware 4.9 on linux under WINE
http://www.hex-rays.com/idapro/idadownfreeware.htm (http://www.hex-rays.com/idapro/idadownfreeware.htm)
http://winehq.org/ (http://winehq.org/)
(you can see an example of ida output in the zip file i added to my second post in this thread)
btw:is your load.asm an working replacement for the original load.exe?
what are the settings for flatassembler to assemble and link?
I'll check what you advise. Thank you! :)
The LOAD.ASM file is far from being complete. It is what I was able to manually disassemble in about two months of work, using FreeDOS's DEBUG application on one computer and typing at the same time into a text editor on another. Flat Assembler has the simplest format possible. You don't have to compile and then link, but it just builds exactly what you tell and where you tell. You may use, if you prefer, no directives at all, but only mnemonics and db's to create a binary file. To make an EXE file, you need to use a "format MZ" directive at the beginning and then you can define each segment with the "segment" directive and you need to set up a start point before the segments, as you can see in these ASM files. Everything is stored in the order you put it. Then you type "FASM myfile.asm" and you get a "myfile.exe". Just like that. It's very powerful
this is offtopic - how you get dos+ubuntu working at one PC? i mean - can you give me part from menu.lst file in grub?
maybe i will participate in this disassembling too :)
dosbox havy debug version is far more powerfull than simple dos debug
dosbox debug guide
http://vogons.zetafleet.com/viewtopic.php?t=3944 (http://vogons.zetafleet.com/viewtopic.php?t=3944)
http://kannan.jumbledthoughts.com/index.php/howto-use-dosbox-as-a-quick-dirty-disassembler/ (http://kannan.jumbledthoughts.com/index.php/howto-use-dosbox-as-a-quick-dirty-disassembler/)
you can even log the executed instructions etc.
I definitely have to download the DOSBox for Linux and start learning... My computer is a little bit slow, though... maybe the time is getting closer that I will have to get a new one.
Friker: when you install Ubuntu, if you already have a DOS partition in your hard drive, you can identify it as such at installation time and then you will have the GRUB menu to automatically show it. If you create a DOS partition after you have installed Ubuntu, then you do have to add some lines. Right now I'm at work and they have micro$oft window$ here, so I am unable to check and I don't remember very well. I'll see when I get to my computer. Anyway, even in that case, if you are starting DOS and want to switch to the Ubuntu partition, all you have to do is run FDISK and change the active partition. Also, some emulators, such as DOSBox, will allow you to have a DOS environment within Linux too