Users browsing this thread: 2 Guest(s)
Tips and Tricks
#1
Here are a few tricks you can use, while ripping sprites or just reversing a video game.

First of all, to open a 32-bit dos4gw executable inside IDA, remove in hex editor all bytes from the start of EXE up to the 4th MZ occurrence.

Second, DOS games output graphics through 0A000h and related addresses. Searching for them should be the first thing you do after opening EXE in disassembler.

In some cases you can get unpacked tiles by just dumping DOSBox memory and then treating it as a big 8-bit image (with current palette) and changing it's width until tiles get aligned. In many cases dumping memory won't work, because many DOS games store sprites in biplanes and/or RLE, unpacking them only during drawing. For example, DOS version of Heimdall stores each scanline in RAM as a number of interleaved bitplanes, each compressed with simple RLE scheme.

If some graphics aren't present in memory, you can get it loaded by just patching offsets/filenames in hex editor. I.e. overwrite some GameOver.bin in game.exe with Victory.bin.

If you want to easily dump entire game map as a single png image, then get DOSBox source code and patch it to trace changes in memory, so you can get addresses of the X,Y variables of the game viewport. Now you can programmatically change them, saving screenshots into png after each increment. This way you can also position viewport on inaccessible places or just teleport your character there.

When ripping from Amiga games (and some DOS games), look for "RNC" signature. It's a common compression scheme on Amiga. Although some games (like Heimdall) use a variation of RNC.

Similarly for Windows and iOS games, signature 0x9C78 near the beginning of a sprite points to deflate compression. For example, Might & Magic 6, MapleStory and Zenonia use it to compress sprites.
Thanked by:
#2
That's a rough tutorial and requires lots of prior knowledge.

It could be more detailed, think about people who have no idea about all these tools and terms but would like to rip for example one of these Amiga games.
[Image: dariC.png][Image: tumblr_mlf109xOe81rmu6i5o1_250.gif][Image: b0KxM.gif]
Thanked by: Maxim, Garamonde, Candel, Goemar
#3
(08-20-2012, 05:09 AM)Davy Jones Wrote: That's a rough tutorial and requires lots of prior knowledge.

It could be more detailed, think about people who have no idea about all these tools and terms but would like to rip for example one of these Amiga games.

I second that. A lot of people (including me) don't know how to patch or compile source code, but are still interested in Dos ripping. A more detailed tutorial would be nice.

I have ripped from Amiga games before, but my method was different. I used a program called 'Gfxrip', which can read uncompressed WinUAE savestates. It's quite difficult to use and not very user-friendly, but it works.
Thanked by:
#4
Davy Jones, Maxim, I'm sorry, but in many cases successful ROM hacking requires some prior training.

Learning a little assembly and getting an assembler/disassembler for target platform would be of enormous help - just poking a little chunks of code can do magic, like removing backgrounds (if you replace drawing code with NOPs or jump). Then goes hex editor, because changing a single byte could save you a lot time in Photoshop. I.e. by changing an audio track number in exe, you can record all ingame music, without playing through the game or writing complicated ADPCM decoders.

Tracing memory changes could be done in any emulator by saving snapshot, changing values of interest, then saving again and comparing two snapshots.
Thanked by:
#5
A quick tutorial on tracing a decompression routine using a debugger: http://www.tales-cless.org/util/psasmdoc.zip

it uses PSX, but the same principles apply for any other architecture.
Thanked by:
#6
There is another way to dump entire game maps. As an example I will use Beyond the Beyond game. It stores game map at the end of RAM as a 128x128 array:
[Image: Screen_Shot_2012_08_25_at_8_43_39.jpg]

Changing it's content automatically updates game screen, so we can use the following alghorithm:
1. determine the location of viewport
2. using a simple script, blit there a chunk from the other part of the map
3. save a screenshot
4. repeat to 2, until all chunks are saved.
5. use ImageMagick to combine all screenshots into one big image.
Thanked by:


Forum Jump: