Curse of Enchantia

All the inane chatter goes in here. If you're curious about whether we will support a game, post HERE not in General Discussion :)

Moderator: ScummVM Team

Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Curse of Enchantia

Post by Del »

I've started very preliminary work on figuring out how to write an engine for Curse of Enchantia.

So far I've figured out part of the .SPR file format used to store sprites.

The file starts with a header based on shorts (LE) that show which paragraph each sprite begins on. For example, in MOUSE.SPR, there are three sprites at offsets 0x1, 0x15, and 0x28. The header is zero-padded until the first sprite, which starts at offset 0x10 (0x1 * 0x10). The next sprite starts at 0x150 (0x1 * 0x10), etc. The 0x10 that I multiply with is the length of a paragraph (16 bytes).

Each sprite starts with two shorts (LE) that describe the dimensions (the mouse.spr sprites are 0x10 * 0x10 for instance, and the ones in FONT.SPR are 0x8 * 0x8).

I still haven't figured out exactly how the following data is formatted, but a safe assumption is that it should contain masking and color information. The data following the height & width in a mouse sprite is 316 (0x13C) bytes long, and in a font sprite, it's 92 (0x5C) bytes long. The data isn't very "ordered", aside from it looking like it contains three more shorts following the height & width.

I'm wondering if there are anybody else working on this, or anyone who can give tips as to what the best tools and approaches are? I've downloaded the freeware version of IDA, but I'm still trying to make heads or tails of it. Are there any good tutorials?

Edit: Forgot to mention, from the DOS EXE it looks like it was compiled in Borland C (there are plenty of C strings (filenames, various messages) in the latter half of the file, and if I've extracted correctly, the header extension looks like this:

Offset Contents
0x001c 0x0100
0x001e 0xfb (Borland TLINK?)
0x001f 48 (version)
0x0020 0x6a72
User avatar
sev
ScummVM Lead
Posts: 2306
Joined: Wed Sep 21, 2005 1:06 pm
Contact:

Post by sev »

I briefly took a look into engine. For me it looks like it was written in Assembler, and credits inside also give a hint to that:

Code: Select all

 8086 CODE - IAN SABINE
68000 CODE - ROBERT TOONE
I am not aware of any efforts to RE that game, and it may happen that game called Universe may be built on top of the same engine, though modified.

Did you try to contact original authors and try to obtain original source code?

In any case Free version of IDA should be enough for such tasks. As of tutirials... Well, there is none, though feel free to join #scummvm and talk to devs. Some of them have experience in RE and may give you some hints.


Eugene
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

It could well be assembly... I did look for people named Ian Sabine online, but there aren't any information that might lead me to contacting him, so no such luck at this moment.

I'll keep on chugging away at the code and see if I get anywhere.

Regarding IDA, it seems there should be a debugger included, how do I go about invoking it? The menu isn't where it should be I think? Edit: I guess the freeware version doesn't come with a debugger, I'll just use another one and compare notes with myself :)
User avatar
dreammaster
ScummVM Developer
Posts: 559
Joined: Fri Nov 04, 2005 2:16 am
Location: San Jose, California, USA

Post by dreammaster »

It may be pretty outdated, but all my RE efforts on Lure of the Temptress so far have been with good old DEBUG.EXE. Most of my time was spent in a text editor with an initial disassembly tracing program flow and fleshing out proper routine names and variable usage. On the occasions where I needed to trace through a routine to better understand it's flow, DEBUG provided sufficient functionality for me.

About the only major problem is that since it's so primitive, once the game switched to graphics mode, all the DEBUG text was displayed in 40 columns. Takes me back to when I first learned assembly programming on my Apple //e :lol:
clem
Posts: 2159
Joined: Mon Oct 31, 2005 11:14 am

Post by clem »

afaik you can compile dosbox to have a Debugger enabled (which looks pretty much like SoftIce if I remember correctly)

that way you don't even need an x86 CPU to do RE
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

clem wrote:afaik you can compile dosbox to have a Debugger enabled (which looks pretty much like SoftIce if I remember correctly)

that way you don't even need an x86 CPU to do RE
Ah, I didn't know that. That looks very good, I am actually running IDA in VirtualPC, so the less time I have to fiddle with that memory/CPU hog, the better!
User avatar
sev
ScummVM Lead
Posts: 2306
Joined: Wed Sep 21, 2005 1:06 pm
Contact:

Post by sev »

Del wrote:
clem wrote:afaik you can compile dosbox to have a Debugger enabled (which looks pretty much like SoftIce if I remember correctly)

that way you don't even need an x86 CPU to do RE
Ah, I didn't know that. That looks very good, I am actually running IDA in VirtualPC, so the less time I have to fiddle with that memory/CPU hog, the better!
Well, I tried debugger in dosbox and found it useless, just like dosbox folks told me. Moreover, it appeared to be much bigger CPU hog than VMWare plus IDA.


Eugene
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

sev wrote:
Del wrote:
clem wrote:afaik you can compile dosbox to have a Debugger enabled (which looks pretty much like SoftIce if I remember correctly)

that way you don't even need an x86 CPU to do RE
Ah, I didn't know that. That looks very good, I am actually running IDA in VirtualPC, so the less time I have to fiddle with that memory/CPU hog, the better!
Well, I tried debugger in dosbox and found it useless, just like dosbox folks told me. Moreover, it appeared to be much bigger CPU hog than VMWare plus IDA.


Eugene
It does seem to be pretty versatile though, even if I am having troubles (mind you, I am drunk at this moment) making it stop execution (it brings up the resolution thingie in sys prefs (mac os x)).
Shadow_Knight
Posts: 2
Joined: Sat May 13, 2006 10:22 am

Post by Shadow_Knight »

I'm using dosbox debugger because I didn't find any suitable debugger. Softice is kernel mode debugger and it's hard to switch between it and IDA. Additionally I move to Linux/KDevelop from Windows/Visual Studio (using IDA in WINE).
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

I've been somewhat busy lately, but I've found out a few other tidbits.

The *.PAL files are palettes, each being used for one or more *.DAT files, which are images.

All the PAL files are 768 bytes long, and end with 0x3f3f3f. The data in a number of them appears to be in 24-bit chunks.

The DAT files are varying length and start with 0x524e43 ("RNC" in ASCII). I'm currently working out how the files specifically relate to each other, by looking at CORE.*, the main logo, as it has the smallest DAT file.
clem
Posts: 2159
Joined: Mon Oct 31, 2005 11:14 am

Post by clem »

Del wrote:I've been somewhat busy lately, but I've found out a few other tidbits.

The *.PAL files are palettes, each being used for one or more *.DAT files, which are images.

All the PAL files are 768 bytes long, and end with 0x3f3f3f. The data in a number of them appears to be in 24-bit chunks.

The DAT files are varying length and start with 0x524e43 ("RNC" in ASCII). I'm currently working out how the files specifically relate to each other, by looking at CORE.*, the main logo, as it has the smallest DAT file.
BASS also has some RNC algorithm afaik, I wonder if that is coincidence...
User avatar
john_doe
ScummVM Developer
Posts: 117
Joined: Fri Nov 04, 2005 8:25 pm
Location: Stuttgart, Germany

Post by john_doe »

clem wrote:BASS also has some RNC algorithm afaik, I wonder if that is coincidence...
Yes, probably. RNC is a third-party compression algorithm/library that was used by some games around that time (mid 90es). Think of it as the zlib of that time :)

@Del:
You can find decompression code for RNC method 2 in the BASS sources, I can send you C++ code to decompress method 1 if you want.
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

Interesting! I'll take a look at the BASS code right now :)

I assume you mean the rnc_* files in scummvm svn yeah?

Edit: The fourth byte is indeed 0x01, so I'd say it's a pretty safe assumption that it's the same algorithm. I'll try it out. I'd like to take a look at method 1 as well, you can send it to my gmail address delonch@(etc).

I ran a quick test with PP and they unpack nicely to 64000 byte (320 * 200) files that are exactly as I expect them. Beautiful! :)
cappuchok
Posts: 134
Joined: Mon Oct 31, 2005 7:54 am

Post by cappuchok »

A quick look through MobyGames seems to suggest that one or both of the original programmers are now working at Mass Media (website).
Del
Posts: 38
Joined: Wed Apr 26, 2006 4:48 pm

Post by Del »

cappuchok wrote:A quick look through MobyGames seems to suggest that one or both of the original programmers are now working at Mass Media (website).
Where did you see that? I tried looking for Ian Sabine & Rob Toone, but didn't find anything?
Post Reply