Lecture de la memoire DOSBox et injection dans la structure C. Check.

2 files changed, 36 insertions, 15 deletions

diff --git a/reverse-engineering/dosbox_snif/dos_lemm.h b/reverse-engineering/dosbox_snif/dos_lemm.h
index af07f61..303ba57 100644
--- a/reverse-engineering/dosbox_snif/dos_lemm.h
+++ b/reverse-engineering/dosbox_snif/dos_lemm.h
@@ -113,21 +113,24 @@ struct _avail_skills {
 
 struct game_data {
 	/* ds == 0x0b55 */
+	uint8_t unk0;				// TODO
 	uint8_t unk1[0x27];			// TODO
 	uint8_t paused;				// [0x28]
 	uint8_t unk2[0x10];			// TODO
 	uint8_t lemm_count_to_process;		// [0x39]
+	uint8_t unk3[0x6];			// TODO
 	uint8_t lemm_spawned_count;		// [0x40]
-	uint8_t unk3;				// TODO
+	uint8_t unk4a;				// TODO
 	uint8_t lemm_out_count;			// [0x42]
-	uint8_t unk4;				// TODO
+	uint8_t unk4b;				// TODO
 	uint8_t lemm_level_count;		// [0x44]
 	uint8_t next_spawn_ticks;		// [0x45]
 	uint8_t spawn_rate_ticks;		// [0x46]
 	uint8_t unk5[0x20];			// TODO
 	struct _avail_skills avail_skills;	// [0x67] - [0x7e]
 	uint8_t unk6[0x06];			// TODO
-	struct _lemm_data lemmings[100];	// [0x85]
+	struct _lemm_data lemmings[1];	// [0x85]
+	//struct _lemm_data lemmings[100];	// [0x85]
 } __attribute__ ((__packed__));
 	
 #endif /*_DOS_LEMM_H*/
diff --git a/reverse-engineering/dosbox_snif/main_validate_code.c b/reverse-engineering/dosbox_snif/main_validate_code.c
index 931acfe..44728ce 100644
--- a/reverse-engineering/dosbox_snif/main_validate_code.c
+++ b/reverse-engineering/dosbox_snif/main_validate_code.c
@@ -12,7 +12,7 @@ inline int imin(int a, int b) {
 }
 
 int main(int argc, char *argv[]) {
-	int rv, i, end=0, byte;
+	int rv, i, end=0, byte, loops;
 	struct rsp_state rsp;
 	char ds_si[10], command[16], hex_byte[3];
 	unsigned int addr, bs, size, offset;
@@ -28,38 +28,56 @@ int main(int argc, char *argv[]) {
 		return 1;
 	}
 
+	loops=0;
 	while (!end) {
+		loops++;
 		rsp_query(&rsp, "c"); // Continue
-		if ( rsp.replied != 1 ) printf("Bug 03\n");
+		if ( rsp.replied != 1 ) {
+			printf("Bug 03\n");
+			continue;
+		}
 		rsp_recv_full(&rsp);
-		if ( rsp_check_and_clear(&rsp, "S05") != 0 ) printf("Bug 04\n");
+		if ( rsp_check_and_clear(&rsp, "S05") != 0 ) {
+			printf("Bug 04\n");
+			continue;
+		}
+
+		//if ( loops % 10 != 0 ) continue;
 
 		// From the beginning of the ds segment
-		bs = 0x20;
+		bs = 0x100;
+		//printf("sizeof(struct game_data) == %i\n", sizeof(struct game_data) );
+
 		for (offset=0 ; offset < sizeof(struct game_data) ; offset += size) {
 			size = imin(bs,sizeof(struct game_data)-offset);
 			addr = (0xb55 << 4) + offset;
 			snprintf(command, 15, "m%06x,0x%x", addr, size);
+			//printf("-> %s\n", command);
 			rsp_query(&rsp, command);
-			if ( rsp_decode(&rsp) != bs*2) {
+			if ( rsp_decode(&rsp) != size*2) {
 				printf("%06x : Bug\n", addr);
-			} else {
-				printf("%06x : %s\n", addr, rsp.decoded);
+				break;
 			}
 
-			for (i=0;i<bs;i++) {
+			//printf("%06x : %s\n", addr, rsp.decoded);
+			for (i=0;i<size;i++) {
 				memcpy(hex_byte, rsp.decoded+(i*2), 2);
 				if ( sscanf(hex_byte, "%x", &byte) != 1 ) {
 					printf("Bug decode\n");
-				} else {
-					((char *)&g)[offset+i] = byte;
+					break;
 				}
+				((char *)&g)[offset+i] = byte;
+				//printf("((char *)&g)[0x%02x] = 0x%02x\n", offset+i, byte);
 			}
 		}
-		printf("\n");
+		//printf("\n");
 
 		lemm = g.lemmings;
-		printf("lemm->draw_hint == %x\n", lemm->draw_hint);
+		//printf("g.paused == %x (off %02x)\n", g.paused, (void *)&g.paused - (void *)&g);
+		printf("g.lemm_spawned_count == %x (off %02x)\n", g.lemm_spawned_count, (void *)&g.lemm_spawned_count - (void *)&g);
+		//printf("g.lemm_out_count == %x (off %02x)\n", g.lemm_out_count, (void *)&g.lemm_out_count - (void *)&g);
+		//printf("g.lemm_level_count == %x (off %02x)\n", g.lemm_level_count, (void *)&g.lemm_level_count - (void *)&g);
+		//printf("lemm->draw_hint == %x (off %02x)\n", lemm->draw_hint, (void *)&lemm->draw_hint - (void *)&g);
 	}
 
 	rsp_quit(&rsp);