From f2ab0863dfd7806b30a6d8c476ab6100949e1c63 Mon Sep 17 00:00:00 2001 From: Ludovic Pouzenc Date: Sun, 15 Sep 2013 13:29:05 +0200 Subject: Lecture de la memoire DOSBox et injection dans la structure C. Check. --- reverse-engineering/dosbox_snif/dos_lemm.h | 9 +++-- .../dosbox_snif/main_validate_code.c | 42 +++++++++++++++------- 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/reverse-engineering/dosbox_snif/dos_lemm.h b/reverse-engineering/dosbox_snif/dos_lemm.h index af07f61..303ba57 100644 --- a/reverse-engineering/dosbox_snif/dos_lemm.h +++ b/reverse-engineering/dosbox_snif/dos_lemm.h @@ -113,21 +113,24 @@ struct _avail_skills { struct game_data { /* ds == 0x0b55 */ + uint8_t unk0; // TODO uint8_t unk1[0x27]; // TODO uint8_t paused; // [0x28] uint8_t unk2[0x10]; // TODO uint8_t lemm_count_to_process; // [0x39] + uint8_t unk3[0x6]; // TODO uint8_t lemm_spawned_count; // [0x40] - uint8_t unk3; // TODO + uint8_t unk4a; // TODO uint8_t lemm_out_count; // [0x42] - uint8_t unk4; // TODO + uint8_t unk4b; // TODO uint8_t lemm_level_count; // [0x44] uint8_t next_spawn_ticks; // [0x45] uint8_t spawn_rate_ticks; // [0x46] uint8_t unk5[0x20]; // TODO struct _avail_skills avail_skills; // [0x67] - [0x7e] uint8_t unk6[0x06]; // TODO - struct _lemm_data lemmings[100]; // [0x85] + struct _lemm_data lemmings[1]; // [0x85] + //struct _lemm_data lemmings[100]; // [0x85] } __attribute__ ((__packed__)); #endif /*_DOS_LEMM_H*/ diff --git a/reverse-engineering/dosbox_snif/main_validate_code.c b/reverse-engineering/dosbox_snif/main_validate_code.c index 931acfe..44728ce 100644 --- a/reverse-engineering/dosbox_snif/main_validate_code.c +++ b/reverse-engineering/dosbox_snif/main_validate_code.c @@ -12,7 +12,7 @@ inline int imin(int a, int b) { } int main(int argc, char *argv[]) { - int rv, i, end=0, byte; + int rv, i, end=0, byte, loops; struct rsp_state rsp; char ds_si[10], command[16], hex_byte[3]; unsigned int addr, bs, size, offset; @@ -28,38 +28,56 @@ int main(int argc, char *argv[]) { return 1; } + loops=0; while (!end) { + loops++; rsp_query(&rsp, "c"); // Continue - if ( rsp.replied != 1 ) printf("Bug 03\n"); + if ( rsp.replied != 1 ) { + printf("Bug 03\n"); + continue; + } rsp_recv_full(&rsp); - if ( rsp_check_and_clear(&rsp, "S05") != 0 ) printf("Bug 04\n"); + if ( rsp_check_and_clear(&rsp, "S05") != 0 ) { + printf("Bug 04\n"); + continue; + } + + //if ( loops % 10 != 0 ) continue; // From the beginning of the ds segment - bs = 0x20; + bs = 0x100; + //printf("sizeof(struct game_data) == %i\n", sizeof(struct game_data) ); + for (offset=0 ; offset < sizeof(struct game_data) ; offset += size) { size = imin(bs,sizeof(struct game_data)-offset); addr = (0xb55 << 4) + offset; snprintf(command, 15, "m%06x,0x%x", addr, size); + //printf("-> %s\n", command); rsp_query(&rsp, command); - if ( rsp_decode(&rsp) != bs*2) { + if ( rsp_decode(&rsp) != size*2) { printf("%06x : Bug\n", addr); - } else { - printf("%06x : %s\n", addr, rsp.decoded); + break; } - for (i=0;idraw_hint == %x\n", lemm->draw_hint); + //printf("g.paused == %x (off %02x)\n", g.paused, (void *)&g.paused - (void *)&g); + printf("g.lemm_spawned_count == %x (off %02x)\n", g.lemm_spawned_count, (void *)&g.lemm_spawned_count - (void *)&g); + //printf("g.lemm_out_count == %x (off %02x)\n", g.lemm_out_count, (void *)&g.lemm_out_count - (void *)&g); + //printf("g.lemm_level_count == %x (off %02x)\n", g.lemm_level_count, (void *)&g.lemm_level_count - (void *)&g); + //printf("lemm->draw_hint == %x (off %02x)\n", lemm->draw_hint, (void *)&lemm->draw_hint - (void *)&g); } rsp_quit(&rsp); -- cgit v1.2.3