Archive for the ‘Curse of the Azure Bonds’ Category

« Older Entries

Curse of the Azure Bonds – build 1.0.21

Wednesday, November 4th, 2009

Build 1.0.21 has been released. Fixed in this version:

  • Issue 36, Fixed staff-sling weapon targeting
  • Issue 44, Fixed the modify player screen so edits to exceptional strength stay
  • Issue 45, Fixed the Order menu (found off Encamp, Alter), so you can select and place the party members
  • Issue 46, Fixed horizontal menu scroll via comma and dot keys

I also reworked how the combat engine builds target lists, and intend to change it to an A* system, but at this point it is a direct path cost based system, so I added a caching layer, and when all graphic’s and sounds turned off (non commented change) the combat is over in sub-second.

To do this  I hacked the game apart to dynamically turn graphics/sound/delays off, and then used the Red Gate Ant Performance Profiler to find the overworked code and it worked really well. I cheated and just used their 14-day trail version. But I did provide some feedback, and it has some really nice features like the ability to zoom to parts of the run history, and give guidance on hotspots, and you can drill down and see the code related to the CPU time. Check it out if your application is running a little slow.

As always, give the newer version a try, if you find any issues, even “old known” issues, let me know by: commenting here, email me directly, or add them to the issue list

Posted in Curse of the Azure Bonds | 4 Comments »

Reverse Engineering ‘Pools of Darkness’: Part 1

Sunday, October 4th, 2009

I thought I would reverse engineer Pools of Darkness to capture the process in a serries of blog posts.

This is the first, and I’ll add links to the later posts as we go. Part 2

Prerequisite:

Open game.exe in IDA Pro, jump to the start function (Ctrl+E). Here it is:

01-darkness-in-ida

In summary: it moves the executable to a new location in memory, then “jumps to the next function” via pushing the new memory address (seg001:0038) onto that stack and the returning to it (which is just a pop and jump).

The next blob of code seg001:0038 – seg001:00FE is a fancy pants scrambler, which by the way is exactly the same as Curse of the Azure Bonds had.

Line seg001:00FE is the interesting line:

seg001:00FE     jmp     dword ptr cs:[bx]

This is where the descrambler jumps to the actual game code.  The code in IDA is the scrambled version, so we want to get access to the descrambled memory layout.  So quit IDA Pro, and don’t keep this database.

For Curse I used the DOS debugger to get the descrambled memory, so lets do it again.

Here is the generic script to dump the memory:

g AAAA:37
p
g BBBB:fe
d 0 ffff
a BBBB:fe
mov dx,CCCC
mov ds,dx

p
p
d 0 ffff
a 1ab1:103
mov dx,DDDD
mov ds,dx

p
p
d 0 ffff
q

To get the values of AAAA, BBBB, CCCC and DDDD we start from a command prompt:

enter R to get the register dump

C:\games\DARKNESS>debug game.exe
-r
AX=0000  BX=0000  CX=F8CB  DX=0000  SP=0080  BP=0000  SI=0000  DI=0000
DS=0BA1  ES=0BA1  SS=1DC7  CS=1AED  IP=0012   NV UP EI PL NZ NA PO NC
1AED:0012 8CC0          MOV     AX,ES
-

DS is the beginning of the memory, and CCCC is DS + 0×1000 and DDDD is DS + 0×2000, AAAA is CS, and BBBB is DS + 10 + word_1F3CC, which happens to be 0×11C5, but I just step (p) six times, and read the value from AX

now we can run the debugger a couple more time to double check the base address are the same each run…. which they are.

now we can run the script as input to debug.exe to dump the 192Kb of game ram, via this command

debug game.exe < run.txt > out.txt

I found a few times I had to kill the process, as the quit (q) command at the end was not working…

But you now have a file looking like this

-g 1aed:0037
AX=0038  BX=0000  CX=0000  DX=0001  SP=007C  BP=0000  SI=FFFF  DI=FFFF
DS=1AED  ES=1D76  SS=1DC7  CS=1AED  IP=0037   NV DN EI PL NZ NA PE NC
1AED:0037 CB            RETF
-p
AX=0038  BX=0000  CX=0000  DX=0001  SP=0080  BP=0000  SI=FFFF  DI=FFFF
DS=1AED  ES=1D76  SS=1DC7  CS=1D76  IP=0038   NV DN EI PL NZ NA PE NC
1D76:0038 06            PUSH	ES
-g 1d76:fe
AX=0BA1  BX=0000  CX=0000  DX=F000  SP=4000  BP=0000  SI=2576  DI=4000
DS=0BA1  ES=0BA1  SS=2576  CS=1D76  IP=00FE   NV UP EI PL NZ NA PO NC
1D76:00FE 2E            CS:
1D76:00FF FF2F          JMP	FAR [BX]                           CS:0000=0002
-d 0 ffff
0BA1:0000  CD 20 FF 9F 00 9A F0 FE-1D F0 4F 03 95 05 8A 03   . ........O.....
0BA1:0010  95 05 17 03 95 05 84 05-03 04 01 00 02 FF FF FF   ................
0BA1:0020  FF FF FF FF FF FF FF FF-FF FF FF FF 42 0B F1 49   ............B..I
0BA1:0030  95 05 14 00 18 00 A1 0B-FF FF FF FF 00 00 00 00   ................
0BA1:0040  05 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
0BA1:0050  CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20   .!...........

Next we need to turn that into a binary file, the code I wrote for Curse required only the hex dump lines so we trim the extra lines from out.txt file first.

#include <iostream>
#include <stdio.h>

using namespace std;

unsigned char decode(char h, char l)
{
    unsigned char hv, lv;
    if ( h >= 'A' && h <= 'F' )
        hv = h - 'A' +10;
    else
        hv = h - '0';

    if ( l >= 'A' && l <= 'F' )
        lv = l - 'A' +10;
    else
        lv = l - '0';

    return (lv+(hv*16));
}

void main()
{
    const int lineSize = 1024;
    char line[lineSize];

    FILE *out = fopen( "dump.bin", "wb" );

    unsigned char byte;

    while(cin.good())
    {
        cin.getline( line, lineSize );

        int offset=11;
        for(int i=0; i<8; i++)
        {
            char h,l;
            h = line[offset+(i*3)];
            l = line[offset+(i*3)+1];

            byte = decode(h, l);

            fwrite(&byte,1,1,out);
        }

        offset=35;
        for(int i=0; i<8; i++)
        {
            char h,l;
            h = line[offset+(i*3)];
            l = line[offset+(i*3)+1];

            byte = decode(h, l);

            fwrite(&byte,1,1,out);
        }
    }
    fclose(out);
}

Now using this like so:

dumpparse.exe < out2.txt

We get file dump.bin

Which we will load into IDA Pro in Part 2

Posted in Curse of the Azure Bonds, Games, Pools of Darkness | 6 Comments »

Curse of the Azure Bonds – build 1.0.20

Sunday, August 30th, 2009

Build 1.0.20 has been released. Fixed in this version:

  • Issue 32, Fixed manual targeting
  • Issue 33, Fixed Magic-Users spell selection on levelling to show new spells, not current
  • Issue 34, Fixed the combat Aiming crash at the edges of the screen
  • Issue 35, Fixed Magic-Users spell selection on levelling to show level 5 spells
  • Issue 38, Loss of excess Exp when level, was in original DOS game, but I’ve removed it
  • Add new cheat to sort treasure (most valuable at top)
  • Screen Capture now save to “My Pictures” as “Curse – xxxx.png”
  • Settings are now kept across upgrades

I have some more issues to track down, but I’m hoping this build will solve the worst of them.

Enjoy.

Posted in Curse of the Azure Bonds | No Comments »

Curse of the Azure Bonds build 1.0.19

Tuesday, July 28th, 2009

Build 1.0.19 has been released. Fixed in this version:

  • Fixed the Pool of Radiance player import code. You may now transfer you older saved games
  • Fixed shop items displaying so the long items display correctly (same as DOS)
  • Fixed the way the list code controls when to display ‘Prev’ as it was not showing always correctly

Enjoy.

Posted in Curse of the Azure Bonds | 12 Comments »

Curse of the Azure Bonds build 1.0.18

Monday, July 6th, 2009

Build 1.0.18 has now be released Two fixes:

  • Added UI to the installer and also added a shortcut on the Start Menu to the main executable.
  • Fixed an issue with the icon editor getting stuck if you try change the head of your icon

As always let me know if you have or find any issues.

Posted in Curse of the Azure Bonds | 2 Comments »

« Older Entries