Hacking a adventure game

edited September 2009 in Development
Hello folks,
on the recent issue of SCENE+ Diskmagazin is a game called "By right of Birth",you can find this game also on WOS.

Although this magazin is already sent out for tape, TAP and MB02 users (who all uses tape syntax), my job is to convert the mag for Opus and +D/Disciple users.

This issue there were already some games which I had to hack the loader, as it had a special tape loader which I cannot use for disk conversion. Basically I always erase or overjump the MC loader and therefore write a Basic Loader. It was a lot of work this time but I did it. Just with one game I still have problems, and it is this adventure from the year 2002.

The first MC part is loaded from Basic and it is a rather long part with 8 kB. In this 8 kB is the loader for two parts loaded from tape. I have tried a lot, but it seems that I don?t understand what is going on in this loader and so I failed still to get a runable version with Basic loader.

So I seek assistance. Anybody can help me? I really want do a proper issue for Opus and +D and not just erase this game from disk, which would be the easiest solution.

I hope somebody write me here, perfect would be if somebody just find out the start adress of the main code, so I can just load all parts from Basic and use this start adress to start. However, I am not sure if some code from the first 8kB must be executed before starting the main code, but I think so.

Regards

Thomas
Post edited by Speccyman on

Comments

  • edited August 2009
    hi.
    it looks the first block contains a code generated by some kind of compiler. definitely nightmare to trace it.
    if you are not against a cheap&dirty solution do this:

    it looks game uses ROM tape loader so put breakpoint on the exit of LD-BYTES.
    let load all part into memory and after last block you will end at your breakpoint.
    write down content of all registers.
    inspect memory and save all used blocks. i'm not expert on disciple but the game uses system variables so you should save it too.
    then write small prog which load all blocks back to memory, set the registers and run the game.
  • edited August 2009
    I'm not familiar with PAW, but here a few things that I found while trying to help:

    -In Spectaculator you can emulate the Plus D and activate the Plus D snapshot function to save the game in that format.
    -If using the Multiface you can successfully exit to Basic and it should make everything easier for you because the code has already gone any possible modifications and data movement that might have occurred. The problem is how to find the start address.

    I even tried using the Multiface and Microdrive (all under emulation) and successfully saved files that were a lot easier to use than a regular Multiface loader, but I didn't know how to solve the screen corruption thing.

    Yes, I know it's a lot easier than this, but since I don't know machine code I have to be creative. :)
  • edited August 2009
    zxbruno wrote: »
    I'm not familiar with PAW, but here a few things that I found while trying to help:

    -In Spectaculator you can emulate the Plus D and activate the Plus D snapshot function to save the game in that format.
    -If using the Multiface you can successfully exit to Basic and it should make everything easier for you because the code has already gone any possible modifications and data movement that might have occurred. The problem is how to find the start address.

    I even tried using the Multiface and Microdrive (all under emulation) and successfully saved files that were a lot easier to use than a regular Multiface loader, but I didn't know how to solve the screen corruption thing.

    Yes, I know it's a lot easier than this, but since I don't know machine code I have to be creative. :)

    Thanks for the suggestion. Yes, I agree that the loader is impossible to trace. This is why I couldn?t find the point where is the start adress. If I find it, I can of course save the memory, registers, everything and it is hacked.

    The Multiface option I wouldn?t use. It is a possibility, but would be a shame on my hacker soul.

    I hope somebody can help me.

    Regards

    Thomas
  • edited August 2009
    Speccyman wrote: »
    This is why I couldn?t find the point where is the start adress. If I find it, I can of course save the memory, registers, everything and it is hacked.
    but you know it uses ROM loader. so exit point of rom routine LD-BYTES is point where everything is in memory and still 'nothing' happened.
  • edited August 2009
    If I can get the trace option to work in Spectaculator or Specemu to open the debugger and show the next instruction that will execute after the tape stops, we can get it done. Where's Woody when you need him?
  • edited September 2009
    zxbruno wrote: »
    If I can get the trace option to work in Spectaculator or Specemu to open the debugger and show the next instruction that will execute after the tape stops, we can get it done. Where's Woody when you need him?

    I debugged it, but I am still not sure where is the right point...
  • edited September 2009
    Speccyman wrote: »
    I debugged it, but I am still not sure where is the right point...

    It is absolutely crazy code. There is an RST16 which is in a loop, but after end of the loop the game starts without any call. Seems that the last RET is starting the game. On the stack is 34999 and really, when I save a memory dump and RANDOMIZE USR 34999 the game starts...but it crashes soon. So something is still wrong, but I am obviously quite near...
  • edited September 2009
    With a real Spectrum I couldn?t do it, think that the variables changed when I exit from MC using my MB02. So I just made a memory dump with emulator and with RANDOMIZE USR 34999 I can start it and it is working (both parts). However, it is not a perfect hack, but done... without Multiface.
    I will now pack the dump from 40 to only 25 kB and put it on the disk.

    If you have a disk system for Spectrum like +D and Opus I can really recommend to get our disk magazine, as it is only source to get the stuff from internet on a real disk. As you can see with this example, sometimes it is not only to copy the files.

    Also for emulator users I want recommend the mag. Although you can find all the stuff yourself on the net, we make a nice summary of the last releases and we are looking forward even for some exclusive releases + we are looking forward for nice TR-DOS hacks.

    So why not have a try?
    http://www.speccy-scene.de/
    This site is just a new site as our old one (www.sintech-shop.de/home/spectrum-user-club.html) is a bit out of date. The mag is in English and German, but the site is now just in German. But you find there the e-Mail Adress of Mirko, the main organizer of the club (MS-256-X@gmx.de) . Please exchange the X with "email". This is just because he don?t want to get spammed.

    Regards

    Thomas
  • LCDLCD
    edited September 2009
    I hope, you recieved my hack. The first part works well (I think so), but the second one has a graphics bug.
    I used USR 29904 which is in the disassembly as the first JP. Earlier jumping in caused crashes.
Sign In or Register to comment.