News:

Herr Otto Partz says you're all nothing but pipsqueaks!

Main Menu

sound driver integration - first steps...

Started by llm, December 29, 2013, 08:16:56 PM

Previous topic - Next topic

llm

i've developed a small C/C++ program that attaches the ad15.drv to the stunts game exe

how is it done:
-attached block of 0x00 in size of former uninitialized data to image
-attach drv code
-add new entry for driver-ptr adjust to relocation table
-change position of stack
-change header sizes

result:

IDA can now fully analyse the code of the sound driver in new seg042 :)

why:
1. just for fun
2. reduce the amount of runtime loaded code further (should be now down to 0%) - so IDA can work better
3. just the next step to my 16bit->32/64bit translation idea


but ... BIG TODO - thats why i named the post "first steps..."

1. fix stunts crash "memory manager - BLOCK NOT FOUND at SEG=37eb" at startup - does the stunts code rely more on the image layout then i thought?
2. patch the driver loading code that the attached code is used instead of runtime loading

clvn, dstien, w4kfu - please help... :)

llm

#1
i've reduce my attaching to small steps before - all working :( ...


original stunts

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x01D0
  blocks_in_file: 0x019B
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x0769
  max_extra_paragraphs: 0x07C0
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout:
  (exe_begin)
    (header_paragraphs_begin)
      header: [0x00000000 - [0x0000001C size: 0x1C = 28 bytes
      relocation_table: [0x0000001C - [0x0000288C size: 0x2870 = 10352 bytes
      unused space (header_paragraphs padding): [0x0000288C - [0x00002890 size: 0x4 = 4 bytes
    (header_paragraphs_end)
    image: [0x00002890 - [0x000335D0 size: 0x30D40 = 200000 bytes
  (exe_end)

loaded exe layout:

  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00030D40
  (min/max_extra_paragraphs_begin)
    udata: [0x00030D40 - [0x00036490 size: 0x5750 = 22352 bytes
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
    udata: [0x000383D0 - [0x00038940 size: 0x570 = 1392 bytes
  (max_extra_paragraphs_end)

nulled udata as part of the image - stunts still works

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x0120
  blocks_in_file: 0x01C7
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x01F4 <--
  max_extra_paragraphs: 0x024B
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout:
  (exe_begin)
    (header_paragraphs_begin)
      header: [0x00000000 - [0x0000001C size: 0x1C = 28 bytes
      relocation_table: [0x0000001C - [0x0000288C size: 0x2870 = 10352 bytes
      unused space (header_paragraphs padding): [0x0000288C - [0x00002890 size: 0x4 = 4 bytes
    (header_paragraphs_end)
    image: [0x00002890 - [0x00038D20 size: 0x36490 = 222352 bytes
  (exe_end)

loaded exe layout:
  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00036490
  (min/max_extra_paragraphs_begin)
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
    udata: [0x000383D0 - [0x00038940 size: 0x570 = 1392 bytes
  (max_extra_paragraphs_end)

removed extra_paragraphs (just as a test) stunts still works

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x0120
  blocks_in_file: 0x01C7
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x01F4 <--
  max_extra_paragraphs: 0x01F4 <--
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout -> same as before

loaded exe layout:
 
  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00036490
  (min/max_extra_paragraphs_begin)
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
  (max_extra_paragraphs_end)


llm

#2
i've got dosbox (not heavy) debugger running, dynamic_core is disabled, try to debug game.exe from execombiner

if i just do

debug game /ssb and press then F5 in dosbox debugger the game starts with sound

if i set a breakpoint at 0x299a:0x000a - LoadAudioDriver and press F5 i get the error message "can't load driver"

what does setting the breakpoint change?

llm

it seems to be a dosbox bp-cmd regression that i can't use different segment/offset values pointing to the same 32-bit location

http://www.vogons.org/viewtopic.php?f=32&t=37854#p336691