nancygold's Journal
 
[Most Recent Entries] [Calendar View] [Friends View]

Thursday, June 20th, 2024

    Time Event
    10:18p
    Loading the Overlays into Ghidra
    PREVIOUS PART

    Having fed up with Java, I decided to write some C99 code, which would produce a tampered exe with everything pre-relocated. Such engine could be readily loaded into Ghidra saving me from seeing Java ever again.

    That kinda worked, but with some analysis issues and all information about segments was lost, since Ghidra reliies on the MZ relocation table to produce the list of segments. And IDA Pro just couldn't handle such pre-relocated exe.

    Then came the realization, that instead of relocating, one can update the MZ relocation table and header to include the FBOVs segments, in addition to untrapping the trap segments. That way the resulting exe is properly loaded by both Ghidra and IDA, although IDA still detects it as a Borland overlayed exe and offers to load an external .ovr file (only Turbo Pascal 5.0 supported these), even though mzap erases the FBOV id after merge. Would be still nice if Ghidra does that properly because the FBOV __SEGTABLE__ has proper segment starts and ends, for both normal and overlayed segments.

    The resulting utility is called MZap
    https://github.com/NancyAurum/devroomm/blob/main/tools/mzap/mzap.c

    While is just a few lines of C99, which do basic things, researching the problem took really a lot of time. The game's main() function is now lies open and there is apparently a lot of fun code, but I really got burned out by all this fighting with Ghidra and overlays. Although I learned a bit about pageless memory management approaches and few tricks which could be useful in developing Symta further. So I guess this is the last part. I don't have the autistic dedication required for decompiling games.

    Cheers!

    Current Mood: accomplished

    << Previous Day 2024/06/20
    [Calendar]
    Next Day >>

About LJ.Rossia.org