msdos dissasembly
msdos dissasembly
hi,
Has there ever been a dissasembly for the msdos version of BT1?
Other then the character editors and item list, i mean
Cheers
Has there ever been a dissasembly for the msdos version of BT1?
Other then the character editors and item list, i mean
Cheers
Re: msdos dissasembly
Not to my knowledge, no. Someone here is working on an extensive project called BT-Builder for MSDOS though.Caracas wrote:hi,
Has there ever been a dissasembly for the msdos version of BT1?
Other then the character editors and item list, i mean
Cheers
Re: msdos dissasembly
It is for linux and windows actually. The initial decoding of the file formats was done back in the days of MSDOS but I don't bother supporting it anymore.Darendor wrote:Someone here is working on an extensive project called BT-Builder for MSDOS though.
I have done limited disassembly on the MS-DOS version. Not really to do anything useful (with one exception) but rather to satisfy my curiosity about items, monsters, spells, and abilities.
Of course all the answers to the riddles and copy protection questions in the Review Board are easy--they're in ALL CAPS right after the text for the questions. Items Lists, Monster Lists, Spell Lists, and lists of traps, special attacks, breath weapon adjectives and such are in text tables as well. The attributes are a bit more difficult to find because the exe file is compressed with a simple run-length scheme. They're much easier to find once the exe is decompressed. A lot of the attributes are in bit fields, but things like AC, HP ranges, damage, possible group sizes, special attacks, spell points needed, and the like are decipherable with a little bit of record keeping. It looks like the program was originally written to take advantage of overlays, but by the time the game was actually released I think the hardware had progressed to the point it wasn't necessary. That makes it easy to just do a memory dump while the game is running and it's already decompressed.
One thing I still have never found is the table for how much things cost at Garth's. But then it's not like he doesn't TELL you how much he charges.
Of course all the answers to the riddles and copy protection questions in the Review Board are easy--they're in ALL CAPS right after the text for the questions. Items Lists, Monster Lists, Spell Lists, and lists of traps, special attacks, breath weapon adjectives and such are in text tables as well. The attributes are a bit more difficult to find because the exe file is compressed with a simple run-length scheme. They're much easier to find once the exe is decompressed. A lot of the attributes are in bit fields, but things like AC, HP ranges, damage, possible group sizes, special attacks, spell points needed, and the like are decipherable with a little bit of record keeping. It looks like the program was originally written to take advantage of overlays, but by the time the game was actually released I think the hardware had progressed to the point it wasn't necessary. That makes it easy to just do a memory dump while the game is running and it's already decompressed.
One thing I still have never found is the table for how much things cost at Garth's. But then it's not like he doesn't TELL you how much he charges.
Ok, with the limited amount of free time that I have, I've been looking into getting a memory dump when running BT1.
fortunatly, DOSBox has a debug executable that can provide me with such a dump. I can create a memdump.txt. This txt contains following format:
039C:0000 16 9C 03 8B 46 FE 8B E5 5D CB 55 8B EC 83 EC 0E
039C:0010 57 56 C7 46 F8 00 00 C6 06 05 08 00 9A 4A 04 9C
039C:0020 03 0B C0 74 03 E9 FF 03 A1 F5 31 A3 D6 D9 A1 F7
039C:0030 31 A3 D8 D9 A0 A2 07 98 50 FF 36 D8 D9 FF 36 D6
039C:0040 D9 9A 67 11 9C 03 83 C4 06 9A 37 04 08 05 0B C0
039C:0050 75 0C 9A 74 04 08 05 0B C0 75 03 E9 60 01 80 3E
039C:0060 4E 30 06 75 06 B8 1C 01 E9 D9 03 FF 36 D8 D9 FF
.
.
.
I'm looking for an easy way to copy/paste this in a hex editor. but so far I've managed to find quite a lot of text and attributes in it.
I'm interested in finding the maps, but no succes so far. Next step will be to find a way to actualy change some of the text/attributes
fortunatly, DOSBox has a debug executable that can provide me with such a dump. I can create a memdump.txt. This txt contains following format:
039C:0000 16 9C 03 8B 46 FE 8B E5 5D CB 55 8B EC 83 EC 0E
039C:0010 57 56 C7 46 F8 00 00 C6 06 05 08 00 9A 4A 04 9C
039C:0020 03 0B C0 74 03 E9 FF 03 A1 F5 31 A3 D6 D9 A1 F7
039C:0030 31 A3 D8 D9 A0 A2 07 98 50 FF 36 D8 D9 FF 36 D6
039C:0040 D9 9A 67 11 9C 03 83 C4 06 9A 37 04 08 05 0B C0
039C:0050 75 0C 9A 74 04 08 05 0B C0 75 03 E9 60 01 80 3E
039C:0060 4E 30 06 75 06 B8 1C 01 E9 D9 03 FF 36 D8 D9 FF
.
.
.
I'm looking for an easy way to copy/paste this in a hex editor. but so far I've managed to find quite a lot of text and attributes in it.
I'm interested in finding the maps, but no succes so far. Next step will be to find a way to actualy change some of the text/attributes
I managed to get my memory dump in a hex editor. I have no clue where the loading of BT1 begins, though I can find a lot of references (just giving a few examples):
at 039c:218F8 I can see: C Library - (C)Copyright Microsoft Corp 1986 graphics.drv bardtit bardscr Race: Class: Lvl: ....
at 039c:21D6A characters I added in my team are loaded.
at 039c:220F8 Names of all the items of Garth's shop are listed
at 039c:22AB2 Names of all spells are listed
at 039c:24164 Names of a lot of monsters are listed. Not sure if it's all that exist.
at 039c:256B4 first lists answers, then questions you get at review board.
at 039c:26C1C the credits in the building across the guild.
at 039c:2D832 Map of Skara Brae with different buildings
at 039c:2EF26 Map of Skara Brae with street names
the map is identical to the map shown by Zerozero elsewhere on this forum.
I'v been looking for a dungeon map from Harkyn's castle as I entered that dungeon before taking the memory dump. Haven't found it yet. It probably looks a lot different from Skara Brae map.
at 039c:218F8 I can see: C Library - (C)Copyright Microsoft Corp 1986 graphics.drv bardtit bardscr Race: Class: Lvl: ....
at 039c:21D6A characters I added in my team are loaded.
at 039c:220F8 Names of all the items of Garth's shop are listed
at 039c:22AB2 Names of all spells are listed
at 039c:24164 Names of a lot of monsters are listed. Not sure if it's all that exist.
at 039c:256B4 first lists answers, then questions you get at review board.
at 039c:26C1C the credits in the building across the guild.
at 039c:2D832 Map of Skara Brae with different buildings
at 039c:2EF26 Map of Skara Brae with street names
the map is identical to the map shown by Zerozero elsewhere on this forum.
I'v been looking for a dungeon map from Harkyn's castle as I entered that dungeon before taking the memory dump. Haven't found it yet. It probably looks a lot different from Skara Brae map.
There seem to be some files encrypted with the Huffman encoding... in the Bard folder, I can see the B0.huf, B1.huf, B2.huf and B3.huf files which are the pictures of the different houses in the game...
Looking for a way to decode them, but it seems like you need VB for that.
Would love to decode the BIGPIC file as well
Looking for a way to decode them, but it seems like you need VB for that.
Would love to decode the BIGPIC file as well
Thanks for the heads up
Been checking a bit further during the weekend and came across this:
starting at 039c:192D0
656454645464654525A5851584144404040404040414
451160516041154525A485158030C000000000000010
450910574006154525A0851543114101010101010111
4518905C9044164525A085154C040404040404040414
599151915191554525A0851540000000000000000010
49050504144404041450842480000000000000000010
45051440104002021050401040000000000000000011
56565042115048185050401041010101010101012195
6A9A5048145040105050410105050514440514440514
5A5A5040105041114101050505051450505450505450
5A5A5040104105050505050505145041115241115250
5A5A5041000404050505051565904105050906051990
5A699166800101050505050505010505050509164511
6AA5A5AA904404040405050505050504040414480414
69A5A599504101010105050505165450401050410111
65A5A5A5810505050505050505195050401041050615
A5840404040404040404040405041050401044040424
44000000105040000000002095401050421340000010
40020000104101000000010005011140040C00010113
5058400010442480001154410404040000001044041C
50504000204010401045001540000000000010400010
61A18101114111410115514501010101010111810111
Which is the map of Harkyn's Castle level 3
22x22 square with each byte representing a square.
The first byte (65) in binary is 01100101. Broken down, this looks like:
first 2 bits: 01 represent the west wall
second 2 bits: 10 represent a door to the east
third 2 bits: 01 represent a wall to the south
last 2 bits: 01 represent a wall to the north
Which is in fact identical as the format described by ZeroZero in the C64 version.
A bit further, I can find the following:
80809008080000008000800000000000000004040400
10080888888810000000000000000400000004040404
10000804100010000000800000000000000000040400
00800088808808000000000000000000000000000000
08080808080804008000800000000000000000000000
00000004000000000000000400000000000000000000
04080800000000000000000000000000000000000000
00800000000000800000000000000000000000000000
00000000000000000000000000000000000000000000
80800000000000000000000000000000000000000000
80000000000000000000000000000000008000008000
00800000000000000000000080000000000000000000
80000000000000000000000000000000000000000000
00800000000000000000000000000080000000800000
00800080000000000000000000000000000000000000
00800080000000000000000000000000000000000000
00000000000000000000000000000000000000008000
00000000040000000000000080000000000000000000
00000000000000000000000000000000000000000000
00000000000080000000040000000000000000200000
00000000000000000004000400000000000000000000
00800000000000000000040000000000000000000000
Which represents the events for Harkyn's castle lvl 3.
The cluster of '04' at the bottom is the + shaped room with all the teleports in them (each 04 is a teleport)
The cluster of '04' at the top right, represent the spinners and the confrontation with the Mad God. The '04' a bit to the left represents the anit-magic zone when you enter the Mad Gods chamber.
A bit below and to the left, there's another '04' which is the text before you enter the barracks (5, 11 on the map) (A sign on the wall reads, 'The Barracks.')
The encounter with the berserkers doesn't show. Probably because I took the memory dump after I killed them and was still inside that level.
The starting location in the memory is interesting. Before, I thought it just started at 039c:218F8, but I guess I was wrong.
Level 1 of Harkyn's Castle should be in my memory dump as well somewhere. I'll look for it when I'm bored.
Up until now, I've only been able to check my memory dumps. I have not been able to find the information in the actual files, because they are compiled and maybe encoded. I'd love to find a way to get the info out of the actual files. If anyone has a way of doing that, I'd be very interested!
Edited for layout a bit
Been checking a bit further during the weekend and came across this:
starting at 039c:192D0
656454645464654525A5851584144404040404040414
451160516041154525A485158030C000000000000010
450910574006154525A0851543114101010101010111
4518905C9044164525A085154C040404040404040414
599151915191554525A0851540000000000000000010
49050504144404041450842480000000000000000010
45051440104002021050401040000000000000000011
56565042115048185050401041010101010101012195
6A9A5048145040105050410105050514440514440514
5A5A5040105041114101050505051450505450505450
5A5A5040104105050505050505145041115241115250
5A5A5041000404050505051565904105050906051990
5A699166800101050505050505010505050509164511
6AA5A5AA904404040405050505050504040414480414
69A5A599504101010105050505165450401050410111
65A5A5A5810505050505050505195050401041050615
A5840404040404040404040405041050401044040424
44000000105040000000002095401050421340000010
40020000104101000000010005011140040C00010113
5058400010442480001154410404040000001044041C
50504000204010401045001540000000000010400010
61A18101114111410115514501010101010111810111
Which is the map of Harkyn's Castle level 3
22x22 square with each byte representing a square.
The first byte (65) in binary is 01100101. Broken down, this looks like:
first 2 bits: 01 represent the west wall
second 2 bits: 10 represent a door to the east
third 2 bits: 01 represent a wall to the south
last 2 bits: 01 represent a wall to the north
Which is in fact identical as the format described by ZeroZero in the C64 version.
A bit further, I can find the following:
80809008080000008000800000000000000004040400
10080888888810000000000000000400000004040404
10000804100010000000800000000000000000040400
00800088808808000000000000000000000000000000
08080808080804008000800000000000000000000000
00000004000000000000000400000000000000000000
04080800000000000000000000000000000000000000
00800000000000800000000000000000000000000000
00000000000000000000000000000000000000000000
80800000000000000000000000000000000000000000
80000000000000000000000000000000008000008000
00800000000000000000000080000000000000000000
80000000000000000000000000000000000000000000
00800000000000000000000000000080000000800000
00800080000000000000000000000000000000000000
00800080000000000000000000000000000000000000
00000000000000000000000000000000000000008000
00000000040000000000000080000000000000000000
00000000000000000000000000000000000000000000
00000000000080000000040000000000000000200000
00000000000000000004000400000000000000000000
00800000000000000000040000000000000000000000
Which represents the events for Harkyn's castle lvl 3.
The cluster of '04' at the bottom is the + shaped room with all the teleports in them (each 04 is a teleport)
The cluster of '04' at the top right, represent the spinners and the confrontation with the Mad God. The '04' a bit to the left represents the anit-magic zone when you enter the Mad Gods chamber.
A bit below and to the left, there's another '04' which is the text before you enter the barracks (5, 11 on the map) (A sign on the wall reads, 'The Barracks.')
The encounter with the berserkers doesn't show. Probably because I took the memory dump after I killed them and was still inside that level.
The starting location in the memory is interesting. Before, I thought it just started at 039c:218F8, but I guess I was wrong.
Level 1 of Harkyn's Castle should be in my memory dump as well somewhere. I'll look for it when I'm bored.
Up until now, I've only been able to check my memory dumps. I have not been able to find the information in the actual files, because they are compiled and maybe encoded. I'd love to find a way to get the info out of the actual files. If anyone has a way of doing that, I'd be very interested!
Edited for layout a bit
Memory location 039c:192D0 seems to be the location where the dungeon level you're entering, gets loaded. Just did a test with a party entering the sewers. The map gets loaded at the exact same location as Harkyn's Castle lvl 3 was. For those interested, here's the map and events of the sewers:
44144505050505050505050505050505050505050514
41000505040505050504040405050505050505051450
54504415504404041440001054440505050505145050
50505054504000001040001050505456565656505050
50505050504101001040001050506188080818505050
50609150400514401040001050506580000010505050
50504410505450401040001050506482020210505050
50504111505050401040001050505159595950505050
50609565905051401040011050410505051550505050
50504515504105011150555041050505051552515050
50400404000404040500040005040404040408041050
50400000000000105540001055400000000000001050
50400101000101010500010005010101010201011050
50505454504405145450555054440505155844145050
50505150505054505040041050504405145040105050
50504511505050515040001050505055505041105050
50505454505160945040001050504005000114505050
50505151400511525040001050505055505550505050
50608525904414595040001050504105010511505050
50505555504101155140001051410505050505115050
50410505010505050501010105050505050505051150
41050505050505050505050505050505050505050511
01000000000000000000000000000000000000000000
00040000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000080008000000000
00000000000000000000000000000000000000000000
00008000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000080000000000000
00008080000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000004000000
00000000000000000000040000000000000000000000
00000000000000000000000000000000000400000000
00000000000000000000000000000000008000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000800000000000000000100000000000
00000000000000000000000000000000000000000000
00008080000000020000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
44144505050505050505050505050505050505050514
41000505040505050504040405050505050505051450
54504415504404041440001054440505050505145050
50505054504000001040001050505456565656505050
50505050504101001040001050506188080818505050
50609150400514401040001050506580000010505050
50504410505450401040001050506482020210505050
50504111505050401040001050505159595950505050
50609565905051401040011050410505051550505050
50504515504105011150555041050505051552515050
50400404000404040500040005040404040408041050
50400000000000105540001055400000000000001050
50400101000101010500010005010101010201011050
50505454504405145450555054440505155844145050
50505150505054505040041050504405145040105050
50504511505050515040001050505055505041105050
50505454505160945040001050504005000114505050
50505151400511525040001050505055505550505050
50608525904414595040001050504105010511505050
50505555504101155140001051410505050505115050
50410505010505050501010105050505050505051150
41050505050505050505050505050505050505050511
01000000000000000000000000000000000000000000
00040000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000080008000000000
00000000000000000000000000000000000000000000
00008000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000080000000000000
00008080000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000004000000
00000000000000000000040000000000000000000000
00000000000000000000000000000000000400000000
00000000000000000000000000000000008000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000800000000000000000100000000000
00000000000000000000000000000000000000000000
00008080000000020000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000
the first 80 means, identical to C64 dungeon file format:A bit further, I can find the following:
80809008080000008000800000000000000004040400
10080888888810000000000000000400000004040404
a forced random encounter occurs here (bit 7 set)
the next field east is the same, random forced encounter
then the next (hex 90) has set bits 7 and 4, which means a trap and a random encounter, identical to C64 version.
And yes, since u fought the berzerks already the flag for that field is reset and the event will only occur upon reentering the level.
The interesting part of the dungeon should lie AFTER the two map dumps you gave... there are the events encoded, i. e. what field does what.
After every map is an unused gap of 28 bytes.
Study again my file of dungeon map description.
E D I T
I decompressed bard.exe with pklite, with what it seems to be compressed. The uncompressed files still loads and plays fine. Maybe all map stuff is in it?
I just see it is written in Microsoft C, and the levels are likely in the file "levs", which however is encoded.
yeah, the LEVS file contains all the info about the dungeons... haven't been able to decode it yet. I think all the maps and events are in that file.
DPICS0, DPICS1 and DPICS2 probably contain the different pictures of the walls in the dungeons.
Since I'm checking my memory dump, I'm not sure if the events are loaded at the same location you describe in your post. You get your info from the file instead of the memory dump?
Will certainly look into it... might have to brush up assembler language
Looking at PKLITE right now... If I do pklite -x ..\bard.exe, it says that the file is already decompressed.
DPICS0, DPICS1 and DPICS2 probably contain the different pictures of the walls in the dungeons.
Since I'm checking my memory dump, I'm not sure if the events are loaded at the same location you describe in your post. You get your info from the file instead of the memory dump?
Will certainly look into it... might have to brush up assembler language
Looking at PKLITE right now... If I do pklite -x ..\bard.exe, it says that the file is already decompressed.