Author Topic: bypassing load.exe  (Read 23080 times)

dstien

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Stunts Tools
Re: bypassing load.exe
« Reply #45 on: March 20, 2013, 08:24:53 PM »
Welcome w4kfu, intriguing work!

stressed will only load files in Stunt's resource file container format. There's a separate command line tool in the stunpack repository [1]. There's also a another implementation in restunt's [2] fileio.c, just a direct ASM to C conversion.

[1] https://code.google.com/p/stuntstools/source/checkout?repo=stunpack
[2] svn://anders-e.com/restunts/trunk

w4kfu

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: bypassing load.exe
« Reply #46 on: March 20, 2013, 08:50:32 PM »
intriguing work!

What do you mean by intriguing ?

Thanks for pointing me to this svn, there is a lot of cool stuff in here, and yeah I didn't see the seperate command line tool :(

w4kfu

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: bypassing load.exe
« Reply #47 on: March 21, 2013, 05:23:56 AM »
I continued my development, and writting a new toolz for uncompressing the real game.
This toolz can make executable for CGA, EGA, MCGA, TDY, for example :

Code: [Select]
./bin/makegame -h test/4DSD/MCGA.HDR -m test/4DSD/EGA.CMN -d test/4DSD/MCGA.DIF -c test/4DSD/MCGA.COD
and it outputs a "game.exe", and this file can be unpacked with my unpacker UNEXEPACK on my github.

But ... I run it, click on "let's drive" and got this error :



I will try to fix it as soon as possible.

dstien

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Stunts Tools
Re: bypassing load.exe
« Reply #48 on: March 21, 2013, 09:02:06 AM »
intriguing work!
What do you mean by intriguing ?
Intriguing as in "arouse the curiosity or interest of; fascinate". ;)

Haven't got the chance to dive into your code yet, but it's very interesting that you've analyzed the compression and made an encoder. restunts have been evolving slowly lately, so I'm eager to see which direction you plan to go with GAME.EXE.

w4kfu

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: bypassing load.exe
« Reply #49 on: March 21, 2013, 06:15:10 PM »
but it's very interesting that you've analyzed the compression and made an encoder
My program can print graph (.dot) for explaining how my huffman decoding binary tree works. As exemple for the files "MISC.PRE" : http://blog.w4kfu.com/public/stunts/graph_test.png (Image very big, I don't insert it on the forum)
For example as you can see on the graph the byte 0x1B (green nodes) is encoded as follow : "1111001100"

Btw I found my bug, I don't know why but when it try to retrieve information related to the copy protection (X word at Y line ... etc), it try to find a ressource from the file "MISC.PRE" after uncompressing it, prefixed with the letter "e", for example it try to open "eqc0" but ... the file inside "MISC.PRE" is prefixed with : "g" ... "gqc0".
Don't really understand if my toolz fail, or there is another protection that I didn't see at the moment.
Btw this can be patched easily, by iniliazing the variable I called it "protection_disable" to 1 instead of 0 in the main function.
For my version of the game :

Code: [Select]
dseg:A6AA byte_45E1A      db ? 

seg000:02A8                 mov     byte_45E1A, 0

Btw I'm actually working with 4D Sports - Driving Version 1.1 (Dec 13 1990)

Another fix, If I take the file "MISC.PRE" from your svn, it seems to have the good prefixes, maybe the version of stunts I'm working on has been fucked ...
« Last Edit: March 21, 2013, 06:52:20 PM by w4kfu »

w4kfu

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: bypassing load.exe
« Reply #50 on: March 22, 2013, 10:08:13 AM »
Now that I understand how stunts.com, load.exe manage to load the real "game.exe", I'm now able to start reverse engineering the real game, I would like to know what's your need  ?
Is there any file format that are not documented / known ? Is there any bug for some file format ?, I will be glad to start helping you :)

Oscar

  • Stunts Addict
  • *
  • Posts: 32
    • View Profile
    • ProgramaciĆ³n Web - Codi Binari
Re: bypassing load.exe
« Reply #51 on: March 22, 2013, 04:22:41 PM »
Cheers  :)

llm

  • Stunts Maniac
  • *
  • Posts: 54
    • View Profile
Re: bypassing load.exe
« Reply #52 on: April 13, 2013, 07:38:49 PM »
Quote
I continued my development, and writting a new toolz for uncompressing the real game.
This toolz can make executable for CGA, EGA, MCGA, TDY, for example


are you aware of that such a tool already exists since october/2009?
see first post from clvn http://forum.stunts.hu/index.php?topic=2454.0

we've got an working unpacked, unprotected game.exe suiteable for statical reverse engineering
that is the base of the "restunts" project - restunts uses the reverse engineered (using IDA Pro Free) asm code - partialy replaced with c code
in an tasm/msc/wlink environment able to create a working 16bit dos program

the inital idea is to use an 16 bit environment to ease the porting to c and still keep an "working" game around

current status of the porting can be seen here: http://re.stunts.no/status/

source, idb and complete build-system can be found here: svn://anders-e.com/restunts/trunk/restunts

my own idea - wich suffers permanetely from missing spare time is to combine an simple 16-bit emulator with an fake 16bit assembler in C/C++ - i would like to interchange real 32 bit C/C++ code with fake asm-code and still interpreted code, and to get the real power of current development environments on the desk (test example http://pastebin.com/TGe0igCD)

@dstien: are you still updating the idb in the svn repo?
« Last Edit: April 13, 2013, 08:18:51 PM by llm »

RacerBG

  • Stunts Addict
  • *
  • Posts: 33
  • Stunts Indy Driver
    • View Profile
Re: bypassing load.exe
« Reply #53 on: May 13, 2013, 05:38:40 PM »
Hello guys Im back here again (this time with Linux OS). 8)

Here you are making excellent progress and well done for this. I have just 2 newbie questions about this awesome project:

What exactly we can achieve from this? ;D

What is the reason to ignore some things in the .exe file?
Stunts full crazy man with top perfomance from backwards!

dstien

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Stunts Tools
Re: bypassing load.exe
« Reply #54 on: June 01, 2014, 05:47:20 AM »
Ported some more functions after another year-long hiatus. Most asset loading and init functions should be done now, and I have begun digging into the heartbeat functions. Real greasy stuff.

When we can run the gameloop path used by repldump I plan to start a new repository that is technically and legally clean, so I'm not focusing on graphics, sound and interactivity. Will probably take another decade at this pace. ;D

zaqrack

  • Administrator
  • Makes love with Stunts
  • *****
  • Posts: 4530
    • View Profile
    • ZakStunts
Re: bypassing load.exe
« Reply #55 on: March 16, 2015, 05:34:40 PM »
A coder (a very good one at that ;)) friend of mine connected me with a couple of guys who are working on emulating Stunts at the machine code level, while replacing all graphics. They know about ZakStunts, not sure if they are aware of restunts and the rest of stuff here. Hopefully more info coming soon and we can combine forces!

divip

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: bypassing load.exe
« Reply #56 on: March 16, 2015, 10:45:10 PM »
A coder (a very good one at that ;)) friend of mine connected me with a couple of guys who are working on emulating Stunts at the machine code level, while replacing all graphics.

Hi, I'm divip, a Hungarian coder living in Budapest.

Recently I've joined Csaba Hruska's project on an OpenGL based Stunts remake. Maybe you already know of this, here is a youtube video of it:  https://www.youtube.com/watch?v=XoE5CKLLnaM

We decided that besides developing the modern Bullet physics, the authentic original physics should also be kept. This is what I am working on now.

They know about ZakStunts, not sure if they are aware of restunts and the rest of stuff here.

I have skimmed through this thread several times and I have read a few other resources around here too.
The uncompressed game.exe and the disassemled code is a huge help!
Restunts C files also helps understanding.

We chose a different path to revive the original physics.
First, we use the uncompressed game.exe as a starting point.

Then we emulate every single 8086 instructions and the needed DOS functions with a Haskell program.
The Haskell emulator is at the moment 3338 LOC, located in 8 files in this directory:
https://github.com/csabahruska/stunts/tree/master/emulate8086
Currently it is a bit slow (takes 26 seconds to reach the main menu), but it seems to do the right job.

Next, we are going automatically transform the machine code into a program library.
This is not trivial at all, but we have some initial results already.

Hopefully more info coming soon and we can combine forces!

I hope I could give a good overview of our efforts and I hope we can report more progress soon!

Duplode

  • Breaths Stunts
  • ******
  • Posts: 3573
  • Through the astral door - to soar
    • View Profile
    • The Southern Cross Stunts Trophy
Re: bypassing load.exe
« Reply #57 on: March 17, 2015, 05:33:24 AM »
Hopefully more info coming soon and we can combine forces!

I hope I could give a good overview of our efforts and I hope we can report more progress soon!

Hello and welcome! Fascinating project - even more so for an occasional Haskeller like myself. I'll be sure to keep an eye on it  :)

zaqrack

  • Administrator
  • Makes love with Stunts
  • *****
  • Posts: 4530
    • View Profile
    • ZakStunts
Re: bypassing load.exe
« Reply #58 on: March 17, 2015, 08:39:26 AM »
Hi divip,

thanks for joining! Excellent work, thanks for letting us know the progress! Having the option to keep original physics is key aspect for me.
Let me know if we can help with anything.
Would your approach -once completed- possibly open the way for newly designed 3D track elements?


dstien

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Stunts Tools
Re: bypassing load.exe
« Reply #59 on: March 17, 2015, 11:58:52 PM »
Hi, I'm divip, a Hungarian coder living in Budapest.

Welcome, divip! Nice to finally hear from the mythical Haskell Stunts project. :)

We decided that besides developing the modern Bullet physics, the authentic original physics should also be kept. This is what I am working on now.

Good choice. I too tried to combine Stunts' assets with a modern rendering engine and Bullet once. It turned out to be remarkably boring after just a few minutes. The dirty physics engine is definitely needed. ;D

We chose a different path to revive the original physics.
First, we use the uncompressed game.exe as a starting point.

Then we emulate every single 8086 instructions and the needed DOS functions with a Haskell program.
The Haskell emulator is at the moment 3338 LOC, located in 8 files in this directory:
https://github.com/csabahruska/stunts/tree/master/emulate8086
Currently it is a bit slow (takes 26 seconds to reach the main menu), but it seems to do the right job.

Next, we are going automatically transform the machine code into a program library.
This is not trivial at all, but we have some initial results already.

llm was working on a similar approach with Fake86 in C, but time is unfortunately not a renewable resource. Really looking forward to hear more about your progress on this project. In addition to being awesome, the outcome will be useful for restunts as well.