openrakis / cryogenic Goto Github PK

View Code? Open in Web Editor NEW

24.0 24.0 1.0 5.01 MB

An open-source reimplementation of Cryo's DUNE game (WIP)

License: Apache License 2.0

C# 100.00%

assembly-x86 dotnet dune msdos reverse-engineering spice86

cryogenic's Introduction

OpenRakis

This is a WIP project aiming at reversing Cryo's DUNE game.

Project structure

bin/floppy : PC DOS floppy version files (LOGO.HNM, BAGDAD.HSQ, DUNE.EXE, LOGO.EXE, ...)
bin/cd : PC DOS CD version files (DUNE.DAT, DNCDPRG.EXE, DUNE.EXE)
tools : a set of tools from various sources
bluegr/scummvm : the resulting ScummVM engine (which is the work of multiple people)
asm : the original x86 DOS assembly

the bin folder is not part of this repo, as it is copyrighted material.

Tools

IDA Freeware

Ghidra

UNLZEXE (to unpack LOGO.EXE, if it is packed)

DOSBox Debugger with AUTOEXEC support

Chani: Simulfow Debugger

Spice86: Reverse Engineering Emulator

Ghidra code generator

Cryogenic: Dune ASM code overriden with C# code, bit by bit

Other interesting tools

MASM/TASM (VSCode marketplace)

Existing efforts

Engines

madmoose/dune (Uses SCUMMVM, and can decode videos)

madmoose/dune-disassembly: Disassembly work on the PC CD DOS version.

scummvm/cryo (for Lost Eden, a very similar game from Cryo)

scummvm-cryo (Scummvm Wiki page)

DUNE revival project (GitHub copy) (uses SCUMMVM too)

Resources

Save editors and other resources

Dune "HERAD" Ad Lib Music Hacking thread

Port of the French Mega CD dub over to the PC CD DOS version

HERAD music format description

Partial data files description (CD version)

HNM video format description

HERAD implementation in adplug

DUNE revival thread

DUNE game translations

HERAD implementation in MIDIPLEX

IDA Settings and How to

8086 16-bit Real Mode. Entry point (CS initial value) = 1ED.

DOSBox Debugger AUTOEXEC example:

mount C C:\DUNE_CD\C
imgmount D "C:\DUNE_CD\CD\Dune.iso" -t iso
D:
Z:\DEBUG.COM DNCDPRG.EXE ENG ADP220 SBP2227 EMS 386 SAF WRIC:\DUNECD\
exit

ScummVM Wiki : HOWTO-Reverse Engineering

LICENSE

GNU GPLv2 License

cryogenic's People

Contributors

Stargazers

Watchers

Forkers

nubox007

cryogenic's Issues

MT-32 : Generate the code using the generator

Normally there should not be too much variation in the driver, so a quick game where you change the volume can be enough
To generate it because of the ghidra bug on the segments it is necessary that the segment of the driver is a multiple of 4096
like in what I posted in the main chat, the exe I have it at segment 0x1000, and the code is good
the driver was at segment 0x563E -> ghidra might be a bit crazy

We can change the base segment of the game, it changes the drivers?

I would have to set it to segment 0x6000, so add 0x9C2 to the load address of the exe (command line parameter)
Yes
Everything is provided 🙂
--ProgramEntryPointSegment=4096 => base segment 0x1000
--ProgramEntryPointSegment=6594 => audio driver will be at 0x6000
the rest will be a mess but you don't care
you get the code generated only for these functions

Ghidra Generated Code produces an Exception

[21:00:36 ERR { SourceContext: "Spice86.UI.ViewModels.MainWindowViewModel" }] An error occurred during execution
Spice86.Emulator.Errors.UnrecoverableException: Untested code reached, please tell us how to reach this state.Here is the message: Error: Function not registered at address 235C8 Here is the call stack: - entry_1000_0000_10000 expected to return to address
at Cryogenic.Overrides.Overrides.spice86_generated_label_call_target_1000_C0AD_01C0AD(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode7.cs:line 2550
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.<>c__DisplayClass136_0.b__0() in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 197
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.ExecuteEnsuringSameStack(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Action action) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 246
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.NearCall(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Func2 function) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 195 at Cryogenic.Overrides.Overrides.spice86_generated_label_call_target_1000_E594_01E594(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode9.cs:line 4514 at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.<>c__DisplayClass136_0.<NearCall>b__0() in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 197 at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.ExecuteEnsuringSameStack(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Action action) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 246 at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.NearCall(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Func2 function) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 195
at Cryogenic.Overrides.Overrides.entry_1000_0000_10000(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode.cs:line 1143
at Spice86.Emulator.Function.FunctionInformation.CallOverride() in /home/max/repos/Spice86/src/Spice86/Emulator/Function/FunctionInformation.cs:line 43
at Spice86.Emulator.Function.FunctionHandler.Call(CallType callType, UInt16 entrySegment, UInt16 entryOffset, Nullable1 expectedReturnSegment, Nullable1 expectedReturnOffset, String name, Boolean recordReturn) in /home/max/repos/Spice86/src/Spice86/Emulator/Function/FunctionHandler.cs:line 52
at Spice86.Emulator.VM.Machine.Run() in /home/max/repos/Spice86/src/Spice86/Emulator/VM/Machine.cs:line 213
at Spice86.Emulator.ProgramExecutor.Run() in /home/max/repos/Spice86/src/Spice86/Emulator/ProgramExecutor.cs:line 51
at Spice86.UI.ViewModels.MainWindowViewModel.RunMachine() in /home/max/repos/Spice86/src/Spice86/UI/ViewModels/MainWindowViewModel.cs:line 291

Somewhere, the Java code that generated the fake ASM has a bug.

First step :
Compare Spice86 + gdb and Cryogenic + gdb

A good GDB client for Linux :
https://github.com/hugsy/gef

Or browser based:
https://github.com/cs01/gdbgui/

Or inside VSCode:
https://marketplace.visualstudio.com/items?itemName=webfreak.debug

Try to connect Ghidra to Spice86:
https://wrongbaud.github.io/posts/ghidra-debugger/#debugging-the-rom

Also maybe use the -d option.

C# code progression % ?

Hello All,

Approx. how much of the original code has been converted into C#? What will the user experience from the conversion ?
The system req. will be lower and the speed will be faster?

Latest "Fake ASM" generated code access the emulated stack when it is empty -> Exception

21:41:35 ERR { SourceContext: "Spice86.UI.ViewModels.MainWindowViewModel" }] An error occurred during execution
System.InvalidOperationException: Stack empty.
at System.Collections.Generic.Stack1.ThrowForEmptyStack() at System.Collections.Generic.Stack1.Pop()
at Spice86.Emulator.ReverseEngineer.JumpDispatcher.Jump(Func2 target, Int32 entryAddress) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/JumpDispatcher.cs:line 26 at Cryogenic.Overrides.Overrides.spice86_generated_label_ret_target_1000_E67B_01E67B(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3739 at Spice86.Emulator.ReverseEngineer.JumpDispatcher.Jump(Func2 target, Int32 entryAddress) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/JumpDispatcher.cs:line 22
at Cryogenic.Overrides.Overrides.spice86_generated_label_call_target_1000_E675_01E675(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3692
at Spice86.Emulator.ReverseEngineer.JumpDispatcher.Jump(Func2 target, Int32 entryAddress) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/JumpDispatcher.cs:line 22 at Cryogenic.Overrides.Overrides.spice86_generated_label_ret_target_1000_E67B_01E67B(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3739 at Spice86.Emulator.ReverseEngineer.JumpDispatcher.Jump(Func2 target, Int32 entryAddress) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/JumpDispatcher.cs:line 22
at Cryogenic.Overrides.Overrides.spice86_generated_label_call_target_1000_E675_01E675(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3692
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.<>c__DisplayClass140_0.b__0() in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 201
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.ExecuteEnsuringSameStack(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Action action) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 250
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.NearCall(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Func2 function) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 199 at Cryogenic.Overrides.Overrides.spice86_generated_label_ret_target_1000_E5B4_01E5B4(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3484 at Spice86.Emulator.ReverseEngineer.JumpDispatcher.Jump(Func2 target, Int32 entryAddress) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/JumpDispatcher.cs:line 22
at Cryogenic.Overrides.Overrides.spice86_generated_label_call_target_1000_E594_01E594(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode17.cs:line 3436
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.<>c__DisplayClass140_0.b__0() in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 201
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.ExecuteEnsuringSameStack(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Action action) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 250
at Spice86.Emulator.ReverseEngineer.CSharpOverrideHelper.NearCall(UInt16 expectedReturnCs, UInt16 expectedReturnIp, Func2 function) in /home/max/repos/Spice86/src/Spice86/Emulator/ReverseEngineer/CSharpOverrideHelper.cs:line 199 at Cryogenic.Overrides.Overrides.entry_1000_0000_10000(Int32 loadOffset) in /home/max/repos/Cryogenic/src/Cryogenic/Overrides/Generated/GeneratedCode.cs:line 2406 at Spice86.Emulator.Function.FunctionInformation.CallOverride() in /home/max/repos/Spice86/src/Spice86/Emulator/Function/FunctionInformation.cs:line 43 at Spice86.Emulator.Function.FunctionHandler.Call(CallType callType, UInt16 entrySegment, UInt16 entryOffset, Nullable1 expectedReturnSegment, Nullable`1 expectedReturnOffset, String name, Boolean recordReturn) in /home/max/repos/Spice86/src/Spice86/Emulator/Function/FunctionHandler.cs:line 52
at Spice86.Emulator.VM.Machine.Run() in /home/max/repos/Spice86/src/Spice86/Emulator/VM/Machine.cs:line 213
at Spice86.Emulator.ProgramExecutor.Run() in /home/max/repos/Spice86/src/Spice86/Emulator/ProgramExecutor.cs:line 51
at Spice86.UI.ViewModels.MainWindowViewModel.RunMachine() in /home/max/repos/Spice86/src/Spice86/UI/ViewModels/MainWindowViewModel.cs:line 292

BUILDING IT section is wrong. cd cryogenic should be replaced with cd cryogenic/src

Remake a ghidra code generator dump (not the whole game for now) with --ProgramEntryPointSegment=0x4096

and use it to correct the generator and/or informations in ghidra itself.