|
Author
|
Comment
|
CK Guy
Meep
Posts: 1
(9/7/03 1:59 pm)
Reply
|
adurdin, how do you do it?
Hey adurdin,
I was wondering how the HECK you get all those offsets for patches? For example, how did you get all that info for keendata.zip? How did you find those patches for changing keen's shot height? I wanna be able to do that!!!  
Also, could you PLEASE update your page? As in, make links on it to all the stuff you have? I'm always suprised at what files I find were there.
And also, admins could you please delete my other account, The CK Guy, I sorta messed up the info!
|
KeenRush 
Photachyon Transceiver
Posts: 4018
(9/7/03 2:10 pm)
Reply
|
Re: adurdin, how do you do it?
I'm sure that's not easy, he has done lot's of experiements, I think.
Oh, and welcome to the forums! 
|
CommanderSpleen
Vortininja
Posts: 35
(9/7/03 10:43 pm)
Reply
|
Re: adurdin, how do you do it?
I'd say it'd be pretty similar to being able to understand the Matrix... hours and hours of sitting in front of the code.
Basically this: experimentation. About the easiest way to learn anything.
Though it would be cool to pick Andrew's brain on the subject.
>Commander Spleen
ö Cave assectatorem Ductoris Alacris ö
"If your grand plan is thwarted, fear not;
From its ashes shall arise a grander one."
- My Left Ankle Edited by: CommanderSpleen at: 9/7/03 10:46 pm
|
Robo Blue
Vorticon Elite
Posts: 618
(9/7/03 10:55 pm)
Reply
|
Re: adurdin, how do you do it?
Mabye andrew can write up modding lessons. Hm... mabye there should be a beginner section to the forum.
 Official Keenbound Site
Visit The Dos Vault Message Board. I'm an admin 
|
adurdin
Wormouth
Posts: 866
(9/8/03 12:45 am)
Reply
|
Re: adurdin, how do you do it?
It's a combination of experience, experimentation, and tedious work.
There are two prerequisites that I consider to be very important: one, to be familiar with the C programming language; and two, to have a decent knowledge of 80x86 assembly language.
The second of these is most important: if you are faced with something like the code below, you have to understand what all the instructions mean, so that you can work out what is going on:
A.46BA 55 push bp
A.46BB 8B EC mov bp,sp
A.46BD 56 push si
A.46BE E8 E274 call A.2935
A.46C1 8B F0 mov si,ax
A.46C3 C7 04 000A mov word ptr [si],0Ah
A.46C7 8B 46 06 mov ax,[bp+6]
A.46CA 8B 56 04 mov dx,[bp+4]
A.46CD 89 54 04 mov [si+4],dx
A.46D0 89 44 06 mov [si+6],ax
A.46D3 8B 46 0A mov ax,[bp+0Ah]
A.46D6 8B 56 08 mov dx,[bp+8]
A.46D9 81 C2 0900 add dx,900h
A.46DD 15 0000 adc ax,0
A.46E0 89 54 08 mov [si+8],dx
A.46E3 89 44 0A mov [si+0Ah],ax
A.46E6 C7 44 32 4808 mov word ptr [si+32h],4808h
A.46EB C7 44 22 0000 mov word ptr [si+22h],0
A.46F0 C7 44 34 4849 mov word ptr [si+34h],4849h
A.46F5 C7 44 28 006C mov word ptr [si+28h],6Ch
A.46FA 83 3E 604C 00 cmp word ptr ds:[604Ch],0 ; (=0C35Dh)
A.46FF 7C 75 jl A.4776 ; Jump if <
That is also where a knowledge of C becomes useful: knowing how certain things are written in C can give a big insight into what the assembly code is doing. For example, it is clear from the above code that all the "mov [si + ...], ..." instructions are storing data into a structure, with the pointer to the structure in si.
Obtaining assembly code like that above from the .exe is the job of a disassembler, a program which produces a human-readable version of the program code. It does a very simple translation, replacing (for example) two bytes 8B EC with the mnemonic "mov bp,sp".
If I'm looking for something in particular to patch, I will look for some sort of starting point. For example, if I were looking at how to change the cheat codes, I might start by using a hex-editor to find the location of the "God mode enabled" message. It's at $14EF6; but being in the data segment, I have to subtract the offset of the start of the data segment ($13050) to find the address that the code will use, which turns out to be $1EA6.
Then I search through the assembly code for this value, and find the following code:
A.11F0 sub_a_11F0 proc near
A.11F0 ,55 push bp
A.11F1 8B EC mov bp,sp
A.11F3 80 3E 505A 00 cmp byte ptr ds:[505Ah],0 ; (=0Ch)
A.11F8 74 11 je loc_a_120B ; Jump if equal
A.11FA 80 3E 5040 00 cmp byte ptr ds:[5040h],0 ; (=0D1h)
A.11FF 74 0A je loc_a_120B ; Jump if equal
A.1201 80 3E 5065 00 cmp byte ptr ds:[5065h],0 ; (=8Dh)
A.1206 74 03 je loc_a_120B ; Jump if equal
A.1208 E8 FBA5 call sub_a_0DB0
A.120B loc_a_120B: ; xref A.11F8, 11FF, 1206
A.120B 80 3E 504E 00 cmp byte ptr ds:[504Eh],0 ; (=3)
A.1210 74 3D je loc_a_124F ; Jump if equal
A.1212 80 3E 5044 00 cmp byte ptr ds:[5044h],0 ; (=36h)
A.1217 74 36 je loc_a_124F ; Jump if equal
A.1219 80 3E 504C 00 cmp byte ptr ds:[504Ch],0 ; (=6)
A.121E 74 2F je loc_a_124F ; Jump if equal
A.1220 E8 4A17 call sub_a_5C3A
A.1223 B8 0001 mov ax,1
A.1226 ,50 push ax ; PARAMETER_2
A.1227 B8 0014 mov ax,14h
A.122A 50 push ax ; PARAMETER_1
A.122B E8 4E90 call sub_a_60BE
A.122E 83 C4 04 add sp,4
A.1231 81 36 5DAA 0001 xor data_f_5DAA,1 ; (=0)
A.1237 74 05 jz loc_a_123E ; Jump if zero
A.1239 B8 1EA6 mov ax,1EA6h
A.123C EB 03 jmp short loc_a_1241
The two sets of three comparisons at the top are very interesting, as there are two cheat codes in Keen 1, and each uses three keys -- so it would take three comparisons for each cheat code. I notice that the second is looking at bytes at locations 504Eh, 5044h, and 504Ch; looking up a table of keyboard scan codes, I find that G is $22, O is $18, and D is $20 -- and that if you subtract $502C from each of the locations, you get those scan codes; so this is the place where the cheats are being looked for. An additional piece of information that I gain from this is that the code uses an array of bytes--beginning at location $502C--to keep track of which keys are pressed and which are not, so that any other code which is reading data from this area must also be looking at key presses.
Anyway, that might give you an idea. A lot of background knowledge helps a great deal in intuiting the purpose of the code.
Edited by Ilsoap: The second coded part was too long. Got rid of some of the spaces so that it would fit in more browser windows.
Edited by: Ilsoap at: 11/24/03 7:33 pm
|
Xtraverse 
Stranded Fish
Posts: 2434
(9/8/03 3:13 am)
Reply
|
Re: adurdin, how do you do it?
Where would one obtain a dissasembler like this?
Never argue with an idiot. He brings you down to his level, then beats you on experience -- Mark Twain
spatang.com |
adurdin
Wormouth
Posts: 867
(9/8/03 8:47 am)
Reply
|
Re: adurdin, how do you do it?
I use an old version of Sourcer; I'm not sure where you could find it these days. There are also some free disassemblers available, but I'm not sure how good they are.
|
KeenRush
Photachyon Transceiver
Posts: 4019
(9/8/03 2:52 pm)
Reply
|
Re: adurdin, how do you do it?
Interesting.
Just interested, how did you start this all, in the beginnig? Did you just started to learn Assembly and so on?
|
JosephBurke 
Tres-tria quindecim
Posts: 12
(9/9/03 10:50 am)
Reply
|
?
Can you edit the assembly code with the disassembler?
|
adurdin
Wormouth
Posts: 870
(9/9/03 11:55 am)
Reply
|
Re: ?
KeenRush wrote:
Quote:
how did you start this all, in the beginnig? Did you just started to learn Assembly and so on?
Well, I started off learning BASIC, then C (from the excellent Turbo C Programming for the PC), and from there went on to assembly language.
I remember first getting into assembly language programming when I was writing QBasic programs (mostly games). It began when I wanted to use the mouse in a QBasic program; as QBasic did not support calling interrupts, I had to write the assembly code, assemble it, store the resulting bytes into an array, then use the CALL ABSOLUTE function to run the code. My first attempts caused nasty crashes, but with help from my brother I got it working. I went on from there to writing graphics functions (blitting, graphics primitives, palette functions) for QBasic and QuickBasic, and writing a function to do for QBasic what Quick Basic's CALL INTERRUPT function did -- allow any interrupt calls.
My first efforts at decompiling a program were with Sopwith, a game written in the early 80's as a demonstration of a Canadian company's networking software; but it got spread around far and wide, as a single-player game, because of its excellent gameplay. Well, my attempts there, though fruitful and a useful learning exercise, did not get completed, because a bloke from the UK called Andrew Jenner independently reverse engineered it, and produced a workable source code--he'd previously done the same for another great 80's game, Digger: which was (in my opinion) a far more impressive feat. But that's a bit of a sidetrack.
I think my first foray into decompiling Commander Keen was when I began to decompile Keen 4; I got quite a lot done, but got sidetracked onto other interests, as the decompilation was taking too much time. But the knowledge gained there of how the engine worked has been invaluable in making patches for Keens 1-3 (the similarities between the engines are very noticeable).
JosephBurke wrote:
Quote:
Can you edit the assembly code with the disassembler?
In order to change the operation of the code, I need to work out what assembly code I need to do what I want; write that code; then use an assembler to produce the machine code (a series of bytes) which I can patch the .exe with. I use DEBUG (a program that has come with MS-DOS and Win9x for years) as an easy way of doing this.
|
MultiMania
Meep
Posts: 2
(11/24/03 1:38 am)
Reply
|
Re: adurdin, how do you do it?
I use Debug as a dissasembler, but I haven't got a very good understanding of asm.
|
KeenRush
Photachyon Transceiver
Posts: 4414
(11/24/03 7:13 pm)
Reply
|
Re: adurdin, how do you do it?
Oooh, other Kenius! 
Keen mods, please! |
Robo Blue
Vorticon Elite
Posts: 834
(11/25/03 1:22 am)
Reply
|
Re: adurdin, how do you do it?
hm... Keenius... that sounds like a Keen Awards category.
Official Keenbound Site
Visit The Dos Vault Message Board. I'm an admin |
Too Much Spare Time 
King Slug
Posts: 772
(11/26/03 2:49 pm)
Reply
|
Re: adurdin, how do you do it?
This reminds me...
Maybe the Source for the Commander Keen games is like, hidden in this big computer, and Keen has to, like, get into the computer in order to capture the source for us, but there's like a security system guarding it that can only be shut down for precisely three-hundred and fourteen seconds...
The Chasm of Strife! www.ThisStrife.com/Sluggy |
KeenRush
Photachyon Transceiver
Posts: 4421
(11/26/03 3:33 pm)
Reply
|
Re: adurdin, how do you do it?
And that reminds me of some movie..
Edit: LOL @ below!
Keen mods, please! Edited by: KeenRush at: 11/27/03 7:06 pm
|
Br1ck
Grunt
Posts: 10
(11/26/03 8:00 pm)
Reply
|
Re: adurdin, how do you do it?
*Couldn't resist*
There is so much in this world that I do not understand. See that machine? It has something to do with Mangling Super heros. I have absolutely no idea how it works. But I do understand the reason for it to work. I have absolutely no idea how you are able to do some of the things you do, Andrew Durdin, but I believe there's a reason for that as well. I only hope we understand that reason before it's too late.
Edited by: Br1ck at: 12/12/03 1:34 am
|
KeenEmpire
Keen's Empire
Posts: 659
(12/10/03 1:27 pm)
Reply
|
fsd
Haha! Yeah 
|
MultiMania
Grunt
Posts: 9
(12/13/03 9:38 am)
Reply
|
Keenius?
No I'm not a 'Keenius', I barely understand asm. only interupts. Plus Debug is awful at dissassembling. All I've Done is the music patches for keens 4 - 6.
|
JosephBurke
Tres-tria quindecim
Posts: 175
(12/13/03 11:57 pm)
Reply
|
it's still useful
It's still nice that you found something useful to do.  People will use that patch, I'm sure of it.
|
Br1ck
Grunt
Posts: 21
(12/14/03 7:33 am)
Reply
|
Re: Keenius?
MultiMania, that's kickass! I'll have to try that tomorrow!
|
Yowza
Vortininja
Posts: 172
(12/14/03 12:45 pm)
Reply
|
Re: Keenius?
This morning, I went and used that patch, and was about to go test it... When I remembered I use WinME, which doesn't support adlib sound :/
|
CommanderSpleen
Vortininja
Posts: 104
(12/15/03 1:22 am)
Reply
|
Re: Keenius?
Quote:
I remembered I use WinME, which doesn't support adlib sound
I'm using ME, and it adlib seems to work fine...
>Commander Spleen
ö Cave assectatorem Ductoris Alacris ö
"The irritating notion that the beholder should complete through his imagination what the artist left undone is refuted by the sumi paintings, so fond of incomplete objects. Try to complete the rocks whose base is lost in the mist or to populate the "empty" spaces with more rocks or woods, and you will find that your clumsy moves destroy the delicate balance and thus the meaning."
-Rudolf Arnheim, Parables of Sun Light
JimSoft Lair
http://jimsoftlair.tripod.com/ |
Scizor CT
Council Janitor
Posts: 656
(12/15/03 3:23 am)
Reply
|
Re: Keenius?
It would depend on your sound card, not your OS.
|
Yowza
Vortininja
Posts: 173
(12/15/03 11:26 am)
Reply
|
Re: Keenius?
Well, on my comp, it works in 98, but not ME. Which seems to be the same as most people :/
|
JosephBurke
Tres-tria quindecim
Posts: 181
(12/16/03 12:23 am)
Reply
|
sound
I'd check to see if your audio devices are configured right. Sift around; see if anything is different from the two similar OS'.
www.lastplain.com/tempics/soundconfig.jpg
edit: made link work --xtraverse
Edited by: Xtraverse at: 12/16/03 1:12 am
|
Public Commander Keen Forum
Email This To a Friend
Topic Commands
Click to receive email notification of replies 
Click to stop receiving email notification of replies