![]() After that the opcodes finally reveal themselves.Ĭhange them all to 0x90 and don't bother with repacking. There are several tools to unpack / repack, let's use unpįor this purpose. Pklite, a common exe packer from that era. Revealed the last piece of information missing. I wanted to make sure and scanned through allįiles in the game folder for the opcodes but no luck. Have to do is find the opcode bytes (0x29 0x06 0x94 0x01 and 0x83 0x1EĠx96 0x01 0x00) in the executable and replace them with nop instructions (0x90).Īlready noticed that even though the game is started with gods.exe, These two instructions are responsible for decreasing our money. Check the previous and current instructions in the code overview area. Now we define a breakpoint for this address.īuy the fireball again and the breakpoint is hit. Good, so now we know the address of "to" for sure, let’s reset it to Let’s buy a fireball and… the value changes at 1317:194 accordingly. Overview region to start with this address: This command dumps 64K data to a file named "memdump.bin".įact that there are 2 memory addresses again holding this value nicelyĬorresponds with what we've seen in WinDbg. You have to dump theĬontents of a memory region to a binary file and look for the value with ![]() Need to find 80000 (0x00013880) in memory…hmmm.there seems to be noīuilt-in support to search for data in memory. Then press Alt+Pause to break into the debugger. Let’s start the game from the debugger and navigate to the shop screenĪgain. Re-compile it for yourself with some special switches or be smart andĭownload it from somewhere. Order to use the debugging features of DOSBox, you have to either This is where the DOSBox Debugger comes into play. We have to find a way to debug the original code, not the It makes no sense to look for the opcode bytes in the gameĮxecutable(s). WARNING: Stack unwind information not available. The callstack also confirms this, as there’s no Instructions from the original executable and translates them to 32-bit Realized that DOSBox works as an interpreter, i.e. what’s going on here?! After doing some research I So let’s choose the first address and reset the value it holds to 80000. The game stores the "from", "actual" and "to" values and when "actual"īecomes "to" over time, "from" is set to "to". Money gradually (not instantly) decreases from 80000 to 67500, I figure Ģ matches compared to the previous results? Okay, I got it! As the Of the game, so I had the password for the temple region. I can only recommend D-Fend as it is very easy to use and exposes many configuration options via a nice GUI. If you’re not a command-line geek, you might want to check the available frontends for it. Start it on modern systems w/o an emulator so I decided to use the most This is an old game running in 16-bit real mode, you won’t be able to Know it, you have to give it a try, trust me! Myīrother and I used to play it a lot when we were kids. ![]() To circumvent the logic that subtracts the cost of items from our moneyįrom 1991 by The Bitmap Brothers. Of course, this could be easily achieved by attaching WinDbg to DOSBoxĪnd creating a breakpoint at the address where the money is stored withĪn automatic command that rewrites the value. to modify your executable in order to circumvent some logic, like the one decreasing your gold when buying something. Show you how to go one step further, i.e. I’ve shown you how WinDbg can assist you in cheating. Please don't ask for any cracked executables from me. The following post was written for educational purposes only.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |