Difference between revisions of "HOWTO-Reverse Engineering"

Jump to navigation Jump to search
m
Formatting fix for list in the DosBox Debugger section
(Initial document creation.)
 
m (Formatting fix for list in the DosBox Debugger section)
Line 32: Line 32:


So long as the game doesn't use overlays, the following steps can be used:  
So long as the game doesn't use overlays, the following steps can be used:  
- look at the IDA view to find out the current file offset at the bottom of the screen. You'll quickly find it if you try selecting different instructions, since it will keep changing. Now:
- look at the IDA view to find out the current file offset at the bottom of the screen. You'll quickly find it if you try selecting different instructions, since it will keep changing. Now:
- Get the value from the beginning of the segment. This is just to make the calculations easier, since the start of the segment will have an instruction offset between 0h and 0Fh, which means it won't be messing with  
- Get the value from the beginning of the segment. This is just to make the calculations easier, since the start of the segment will have an instruction offset between 0h and 0Fh, which means it won't be messing with  
our segment calculations
our segment calculations
- Get the value from the beginning of the entire disassembly.
- Get the value from the beginning of the entire disassembly.
- Drop the last digit from both values, and get the difference between the two.
- Drop the last digit from both values, and get the difference between the two.
- For executables run in DosBox, add a value of '0138h'. For COM files, add a value of '0128h'.   
- For executables run in DosBox, add a value of '0138h'. For COM files, add a value of '0128h'.   


This will give you the segment address of where the segment should be under DosBox.  
This will give you the segment address of where the segment should be under DosBox. In either case, it's generally a good idea is to then rename the current segment in the IDA disassembly so that it includes the actual segment address of where it was loaded in DosBox.  
 
In either case, it's generally a good idea is to then rename the current segment in the IDA disassembly so that it includes the actual segment address of where it was loaded in DosBox.  


For example, the first segment of executables is normally loaded at segment 0138h in memory, so you might rename the segment 'sg0138'. That way, if you later want to set a breakpoint in the DosBox Debugger for any instruction in the segment, you will immediately know what the segment is.
For example, the first segment of executables is normally loaded at segment 0138h in memory, so you might rename the segment 'sg0138'. That way, if you later want to set a breakpoint in the DosBox Debugger for any instruction in the segment, you will immediately know what the segment is.
272

edits

Navigation menu