Messages

I can test this, it's not a big deal

does the game_drv.exe run fine?

but I can not do other useful stuff for this project.

testing is always the biggest thing to do

So this driver integration is not directly in relation with re-stunts?

partialy - i use the exe combiner from clvn to get the combined mcga stunts exe (base of the re-stunts project)
and my own program to integrate the sound-driver

32/64 bit Stunts sounds more than amazing.

currently the re-stunts project suffering of beeing kept in the
16 bit dos evironment that means debugging in DosBox or old TurboDebugger etc. it makes
the ultra hard reversing even harder so my hope is to convert the original 16 Bit
asm source code to something like 16Bit-asm-behaving like C-Functions
inside of an 32/64 Bit C/C++ Projekt
this way the reversers can mix C and fake-asm and do the analyse and stuff under
linux/windows with the prefered development environments

but it sounds much easier than it is in real

i try to release the stuff in small steps with the hope that someone give it a try and find bugs - because
due to the reverse nature of the project its very hard to find bugs the way like in normal source based projects

Hmm, that's good but where is the deal? Thanks to this we can delete safely ad15.drv and/or pc15.drv and still the game will run fine? Which .exe file is involved?

the attached game_drv.exe is the mcga,soundblaster version of stunts1.1 (kalpen version)

so the following files are not needed to run stunts using game_drv.exe
   AD15.DRV
   CGA.COD
   CGA.DIF
   CGA.HDR
   EGA.CMN
   EGA.COD
   EGA.HDR
   LOAD.EXE
   MCGA.COD
   MCGA.DIF
   MCGA.HDR
   MT15.DRV
   MT32.PLB
   [MTENG1.VCE] - not loaded anymore
   [MTSKIDMS.VCE] - not loaded anymore
   PC15.DRV
   [PCENG1.VCE] - not loaded anymore
   [PCSKIDMS.VCE] - not loaded anymore
   SETUP.DAT
   SETUP.EXE
   [SETUP.PIF]
   ST.COM
   STUNTS.COM
   stunts_k.exe
   TD15.DRV
   [TDENG1.VCE] - not loaded anymore
   [TDSKIDMS.VCE] - not loaded anymore
   TDY.COD
   TDY.DIF
   TDY.HDR

and the game_drv.exe does not load any code dynamicaly - that
means its easier to reverse

And what about the in progress re-compiled .exe file?

its an side/alternative project of re-stunts - my hope is to statical recompile stunts
to 32/64bit sometime - to reduce dynamic code loading is one of the steps to ease the process

i talk about the exe result of clvns execombiner - so no code modification

i don't know if it is a known problem also with unmodified stunts - but i get sometimes (svn version) dosbox debuger illegal instruction breakdowns
or my vmware player (v6) totaly crashed with illegal instructions message

it mostly happens when you start a race and directly crash into a wall - anyone else got this problem (very rare)?

i've developed a tool that combines the stunts game.exe with the ad15.drv (adlib/soundblaster) driver (but pc15.drv is also possible)
parts of the game getting patched for disableing the driver (un)loading

why (still same reasons):
-for fun
-reduce the amount of runtime loaded code down to 0% (hope that is reached now) - IDA likes it more then

seems to work perfectly - someone want to try?

just copy the attached game_drv.exe into your stunts1.1 directory and start without commandline parameters

it seems to be a dosbox bp-cmd regression that i can't use different segment/offset values pointing to the same 32-bit location

http://www.vogons.org/viewtopic.php?f=32&t=37854#p336691

i've got dosbox (not heavy) debugger running, dynamic_core is disabled, try to debug game.exe from execombiner

if i just do

debug game /ssb and press then F5 in dosbox debugger the game starts with sound

if i set a breakpoint at 0x299a:0x000a - LoadAudioDriver and press F5 i get the error message "can't load driver"

what does setting the breakpoint change?

i've reduce my attaching to small steps before - all working ...

Code Select Expand


original stunts

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x01D0
  blocks_in_file: 0x019B
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x0769
  max_extra_paragraphs: 0x07C0
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout:
  (exe_begin)
    (header_paragraphs_begin)
      header: [0x00000000 - [0x0000001C size: 0x1C = 28 bytes
      relocation_table: [0x0000001C - [0x0000288C size: 0x2870 = 10352 bytes
      unused space (header_paragraphs padding): [0x0000288C - [0x00002890 size: 0x4 = 4 bytes
    (header_paragraphs_end)
    image: [0x00002890 - [0x000335D0 size: 0x30D40 = 200000 bytes
  (exe_end)

loaded exe layout:

  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00030D40
  (min/max_extra_paragraphs_begin)
    udata: [0x00030D40 - [0x00036490 size: 0x5750 = 22352 bytes
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
    udata: [0x000383D0 - [0x00038940 size: 0x570 = 1392 bytes
  (max_extra_paragraphs_end)

nulled udata as part of the image - stunts still works

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x0120
  blocks_in_file: 0x01C7
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x01F4 <--
  max_extra_paragraphs: 0x024B
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout:
  (exe_begin)
    (header_paragraphs_begin)
      header: [0x00000000 - [0x0000001C size: 0x1C = 28 bytes
      relocation_table: [0x0000001C - [0x0000288C size: 0x2870 = 10352 bytes
      unused space (header_paragraphs padding): [0x0000288C - [0x00002890 size: 0x4 = 4 bytes
    (header_paragraphs_end)
    image: [0x00002890 - [0x00038D20 size: 0x36490 = 222352 bytes
  (exe_end)

loaded exe layout:
  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00036490
  (min/max_extra_paragraphs_begin)
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
    udata: [0x000383D0 - [0x00038940 size: 0x570 = 1392 bytes
  (max_extra_paragraphs_end)

removed extra_paragraphs (just as a test) stunts still works

exe_header:
  signature: 0x5A4D
  bytes_in_last_block: 0x0120
  blocks_in_file: 0x01C7
  num_relocs: 0x0A1C
  header_paragraphs: 0x0289
  min_extra_paragraphs: 0x01F4 <--
  max_extra_paragraphs: 0x01F4 <--
  ss: 0x3649
  sp: 0x1F40
  checksum: 0x0000
  ip: 0x0012
  cs: 0x1CC5
  reloc_table_offset: 0x001C
  overlay_number: 0x0000

exe file layout -> same as before

loaded exe layout:
 
  PSP: size: 0x0100 = 256 bytes
  <--- load_segment 0x0000
  image: [0x00000000 - [0x00036490
  (min/max_extra_paragraphs_begin)
    stack: [0x00036490 - [0x000383D0 size: 0x1F40 = 8000 bytes
  (min_extra_paragraphs_end)
  (max_extra_paragraphs_end)


[BIG TODO]

i've developed a small C/C++ program that attaches the ad15.drv to the stunts game exe

how is it done:
-attached block of 0x00 in size of former uninitialized data to image
-attach drv code
-add new entry for driver-ptr adjust to relocation table
-change position of stack
-change header sizes

result:

IDA can now fully analyse the code of the sound driver in new seg042

why:
1. just for fun
2. reduce the amount of runtime loaded code further (should be now down to 0%) - so IDA can work better
3. just the next step to my 16bit->32/64bit translation idea


but ... BIG TODO - thats why i named the post "first steps..."

1. fix stunts crash "memory manager - BLOCK NOT FOUND at SEG=37eb" at startup - does the stunts code rely more on the image layout then i thought?
2. patch the driver loading code that the attached code is used instead of runtime loading

clvn, dstien, w4kfu - please help...

I continued my development, and writting a new toolz for uncompressing the real game.
This toolz can make executable for CGA, EGA, MCGA, TDY, for example

are you aware of that such a tool already exists since october/2009?
see first post from clvn http://forum.stunts.hu/index.php?topic=2454.0

we've got an working unpacked, unprotected game.exe suiteable for statical reverse engineering
that is the base of the "restunts" project - restunts uses the reverse engineered (using IDA Pro Free) asm code - partialy replaced with c code
in an tasm/msc/wlink environment able to create a working 16bit dos program

the inital idea is to use an 16 bit environment to ease the porting to c and still keep an "working" game around

current status of the porting can be seen here: http://re.stunts.no/status/

source, idb and complete build-system can be found here: svn://anders-e.com/restunts/trunk/restunts

my own idea - wich suffers permanetely from missing spare time is to combine an simple 16-bit emulator with an fake 16bit assembler in C/C++ - i would like to interchange real 32 bit C/C++ code with fake asm-code and still interpreted code, and to get the real power of current development environments on the desk (test example http://pastebin.com/TGe0igCD)

@dstien: are you still updating the idb in the svn repo?

thx for keeping the project active

im still working on my 16-bit-opcode to c code converter/emulator in my very very limited spare time...
(btw: a nice and very small (due to real-mode-only) emulator able to run stunts is fake86 http://sourceforge.net/projects/fake86/)

very nice - restunts.exe seems to work ok

but the restuns-alt exe shows me just the same as the resunts.exe - how to go into mesh view mode?

nice work but... why on earth don't you use a real hex-editor like http://mh-nexus.de/en/hxd/ or others?

maybe it could help to have an good sounding midi (maybe an midi record of an roland mt32) to find out the right values by diffing to generated midi files

but anyway there shouldn't be much new stuff in it considering this midi converter works fine

clvn got still problems with the correct speed - as you can hear when listening to the midis in the zip-file

the biggest challenge would be understanding the format used for the samples - which cover both the musical instruments and the engine sounds if I'm not mistaken

any ideas :-)