Community
SCI Programming => SCI Syntax Help => Topic started by: OmerMor on February 23, 2016, 02:24:56 PM
-
Hi,
I'm trying to figure out some code in Pepper's Adventures in Time.
In script #0 (Main.sc), the following procedure failed to decompile, and I got the following assembly code:
(procedure (localproc_0ae6 param1 param2 &tmp temp0 temp1 temp2 temp3)
(asm
ldi 0
sat temp0
code_0aec:
lst temp0
lsp argc
ldi 1
sub
lt?
bnt code_0b5a
lat temp0
lapi param2
sat temp1
push
ldi 16
div
sat temp2
pushi 1
lst temp1
ldi 16
mod
shl
sat temp3
lsp param1
dup
ldi 1
eq?
bnt code_0b1a
jmp code_0b5a
jmp code_0b55
code_0b1a:
dup
ldi 2
eq?
bnt code_0b2f
lat temp2
lsgi global134
lat temp3
bnot
and
push
lat temp2
sagi global134
jmp code_0b55
code_0b2f:
dup
ldi 0
eq?
bnt code_0b43
lat temp2
lsgi global134
lat temp3
or
push
lat temp2
sagi global134
jmp code_0b55
code_0b43:
dup
ldi 3
eq?
bnt code_0b55
lat temp2
lsgi global134
lat temp3
xor
push
lat temp2
sagi global134
code_0b55:
toss
+at temp0
jmp code_0aec
code_0b5a:
lat temp2
lsgi global134
lat temp3
and
ret
)
)
Any reverse engineering expert around who could decipher that?
Thanks!
-
I wish I could read assembly...no idea where to begin!
-
It'd help if you knew what those globals were. Any readable blocks that use them? If not that, it'd help to know where this procedure is used. Context, y'dig?
-
Well, the beginning goes something like:
f(*argv, argc) {
if (argc > 1) {
// ...
} else {
// ...
}
}
I'm using the following resources for disassembly:
- http://www.scriptinterpreter.com/instruction-set (http://www.scriptinterpreter.com/instruction-set)
- https://github.com/scummvm/scummvm/blob/master/engines/sci/engine/vm.cpp (https://github.com/scummvm/scummvm/blob/master/engines/sci/engine/vm.cpp)
- http://wiki.scummvm.org/index.php/SCI/Specifications/SCI_virtual_machine/The_Sierra_PMachine#The_instruction_set (http://wiki.scummvm.org/index.php/SCI/Specifications/SCI_virtual_machine/The_Sierra_PMachine#The_instruction_set)
- https://github.com/icefallgames/SCICompanion/blob/master/SCICompanionLib/Src/Compile/PMachine.h (https://github.com/icefallgames/SCICompanion/blob/master/SCICompanionLib/Src/Compile/PMachine.h)
I have no idea what global134 is used for.
As for this function usage, I've got these unhelpful callers:
(procedure (proc0_4)
(localproc_0ae6 0 &rest)
)
(procedure (proc0_5)
(localproc_0ae6 1 &rest)
)
(procedure (proc0_6)
(localproc_0ae6 2 &rest)
)
-
Just from a quick glance, it looks like it takes a value and does a / 16 and mod 16 on it (which suggests it is a flags function, like Bset, Btest and Bclear), and mucks around with global134.
And there is switch statement with cases 1, 2, 0 and 3.
So my guess is proc0_4, proc0_5 and proc0_6 are basically Bset, Btest and Bclear (not in that order). Dunno what case 3 is. [edit: it's probably "toggle", since there's an xor in there]
And that the game's flags start at global 134.
-
Thanks!
You're probably right.
It is also turned out to be not very interesting... :)
I found some kind of a debug check for enabling a shortcut in room 210:
(and (== gTheRegister 100) (FileIO fiEXISTS {g}))
(proc0_4 132)
(proc0_6 219)
(proc0_4 96)
(proc0_4 217)
(= global193 3)
(= gTheRegister 230)
These procs clear and set various room specific flags.
The condition is that gTheRegister (which stores the previous room #) equals 100, and the there exists a file named "g".
I recreated these conditions in scummvm and it turned out to set the room's state such that the Hardy brothers quit their frisby game, and read a book instead.
The prevRoom == 100 condition was never natively set by the game, until I triggered the script debugger (by extracting 800.SCR (http://wiki.scummvm.org/index.php/SCI/Debug_Modes#Game_specific:_Pepper.27s_Adventures_In_Time_.28AKA_Twisty_History.29)). In this case, the game starts with an option to teleport, and if you teleport to room 210 directly, prevRoom is indeed 100.
So to summarize:
when both "g" and "800.SCR" files are present, you can teleport to room 210 and be in a more advanced state for debugging purposes.
*yawn* ;)