Community

SCI Programming => SCI Development Tools => Topic started by: ZvikaZ on May 19, 2020, 04:03:26 AM

Title: Source code/disasm of Sierra drivers (using Ghidra?)
Post by: ZvikaZ on May 19, 2020, 04:03:26 AM
Hi.

I'd like to check something in Sierra's original adl.drv (for qfg1 ega, if that matters)
Is there source code of it, or of any other Sierra's drivers? I haven't found in https://github.com/OmerMor/SCI16/tree/master/INTERP
Or maybe someone has good disassemblies?

And anyway, how can I disassemble it myself?
(I have never done reverse engineering, but I'm a quick learner ;-) )
I've downloaded Ghidra. Is it a good tool for this?
Just opened the driver in Ghidra, selected the language as "x86/Real Mode/16 bit/LE" (is it??), and it doesn't look very nice  :-\
Does it need some more information/configuration?
Title: Re: Source code/disasm of Sierra drivers (using Ghidra?)
Post by: lskovlun on May 19, 2020, 04:54:36 AM
The Sierra drivers start with a jump instruction to the entry point followed by a bunch of data. The actual code is near the end of the file.

I haven't tried Ghidra, so I don't know if it needs to be configured in any way to handle these files. Sounds like it's interpreting the data area as code?
Title: Re: Source code/disasm of Sierra drivers (using Ghidra?)
Post by: OmerMor on May 19, 2020, 05:08:00 AM
Take a look at Ravi's research on SCI drivers: http://sci.sierrahelp.com/Tools/RavisSoundDrivers.html
You can also try contacting NewRisingSun who I believe have experience reverse engineering the drivers.
Title: Re: Source code/disasm of Sierra drivers (using Ghidra?)
Post by: ZvikaZ on May 19, 2020, 05:24:33 AM
Thanks you both!
With your tips, it started to make sense...

@OmerMor - using Ravi's 'Framework Driver' is a very good reference - disassembling his driver with one hand, and reading his commented source assembly on the other hand...

@lskovlun - you were right - Ghidra was a little bit confused - it somehow thought it's all data. I just had to right click on the first 'data', and choose 'Disassemble', and it started working.
Title: Re: Source code/disasm of Sierra drivers (using Ghidra?)
Post by: Kawa on May 19, 2020, 10:24:30 AM
Also: https://helmet.kafuka.org/logopending/2019/08/13/sci-drivers-how-do-they-work/