Manalink C/ASM Dll

[Snacko]

Yes that's the exact structure as the code reads those values in different places in the code.

Thanks to Harry's code sample for the structure I added an c equivalent and you can do cardsData[2].codePointer = 0;
the id is the internal card id, which you get from the get_cards_info get_card_info

Code: Select all

cardInfo* c = get_card_info(player, card);
if((c->internalCardId & 0xFF000000)>>6 & 0x80 == 0){
    if(c->status & (TAPPED | SUMMONING_SICKNESS | UNKNOWN) == TAPPED)
        if(cardsData[c->internalCardId].type == ENCHANTMENT) // 2 is ench
           ...

Would be the equivalent of the jatill asm code.
if((c->internalCardId & 0xFF000000)>>6 & 0x80 == 0) checks if the card has a proper internal id as some have -1 (0xFFFFFFFF) in there.

[foolosopher]

Does anyone know the progress lonewolf made, about the 2000 limit?

[monopoman]

I assume not much because he probably would have revealed it in the thread this thread is a over a year old.

I sincerely doubt he figured it out then decided to keep the information to himself.

You can send him a private message though and ask if you so desire.

[foolosopher]

Ok, here i am again,
After following lonefox's example I also used IDA and here are my results
Environment:
Win7 , IDA v5.5, camelbox, tdm-gcc, VS2005
but i can setup a linux box with the required tools if necessary
Methodology:
I used the june 25th version of manalink, disassembled magic.exe into both .c and .asm for verification and looked for occurences of 2000 and 0x7D0 and specifically for
tables that have this number of elements. Apart from the magic.c I also looked in the src folder in the code files (.c and .asm).
I found four tables with that number of elements in magic.c

Line 1256: extern int dword_56260C[2000];
Line 1691: extern char byte_5B924C[2000]; // idb
Line 56820: int v8[2000]; // [sp+18h] [bp-1F44h]@5
Line 60633: int v20[2000]; // [sp+4C1C4h] [bp-1F50h]@7

The problem is with v8 and v20 which have a lot of occurences (more than 1500 each), BUT
I thought that maybe we can replace them by defining a couple of new variables instead of v8 and v20 with the desired size and use them instead.
I think Ideal would be if we could define a global variable like CARD_LIMIT 3000 and replace the 2000 number limit with that variable, so that way we will be able to change the size easily, only at the definition (i know it can be done in c)

Another idea was that if we could embed the assembly code of magic into a c file and maybe start replacing the assembly with c a little bit at a time.

My problem so far is that I haven't managed to compile the produced magic.c to an exe so that i can try out my ideas.

Any words of advise if I am looking at the right direction would be most welcome
Forgive my ignorance if I'm saying something extreme and I know you 've had discussed a lot about this but I thought
I'd give it a try.

some Ocuurence results:

Search "dword_56260C" (3 hits in 1 files)
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\magic.c (3 hits)
Line 1256: extern int dword_56260C[2000]; // weak
Line 5560: v19 = (int)dword_56260C;
Line 5630: // 56260C: using guessed type int dword_56260C[2000];
Search "byte_5B924C" (8 hits in 1 files)
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\magic.c (8 hits)
Line 1691: extern char byte_5B924C[2000]; // idb
Line 65405: j_sprintf(byte_5B924C, "File-> %s, Line-> %d\n", a3, a4);
Line 65408: v7 = sub_4D5290((int)byte_5B924C);
Line 65409: j__vsnprintf(&byte_5B924C[v7], 0x7D0u, Format, v6);
Line 65412: j_fprintf(v12, "%s%s\n", v8, byte_5B924C);
Line 65415: sub_4D5260((int)byte_5B924C, (int)"\n");
Line 65416: sub_4D5260((int)byte_5B924C, (int)&byte_715CAC);
Line 65417: j_MessageBoxA(0, byte_5B924C, "Assertion Error", 0x1000u);
Search "7D0" (28 hits in 1 files)
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\magic.c (28 hits)
Line 3514: __int64 __cdecl sub_4647D0();
Line 3526: HBITMAP __cdecl sub_4667D0(int a1, int a2);
Line 3580: BOOL __cdecl sub_46B7D0(void *a1, HGDIOBJ ho, void *a3, void *a4);
Line 3876: int __cdecl sub_49D7D0(const CHAR *a1);
Line 8593: memset((void *)v3, -1, 0x7D0u);
Line 9585: memset(v3, -1, 0x7D0u);
Line 13859: if ( sub_49D7D0("MAGIC_TellUserClass") & v20 )
Line 13929: v8 = sub_4647D0();
Line 17123: j_Sleep(0x7D0u);
Line 17702: j_Sleep(0x7D0u);
Line 23319: j_Sleep(0x7D0u);
Line 25294: char v4; // [sp+4h] [bp-7D0h]@1
Line 40480: //----- (004647D0) --------------------------------------------------------
Line 40481: __int64 __cdecl sub_4647D0()
Line 41676: v3 = sub_4667D0((int)((char *)v6 + 14), a2);
Line 41686: //----- (004667D0) --------------------------------------------------------
Line 41687: HBITMAP __cdecl sub_4667D0(int a1, int a2)
Line 44438: sub_46B7D0(dword_56BEC0, dword_56BE3C, (void *)dword_56BE30, dword_56BF08);
Line 44539: //----- (0046B7D0) --------------------------------------------------------
Line 44540: BOOL __cdecl sub_46B7D0(void *a1, HGDIOBJ ho, void *a3, void *a4)
Line 48109: j_Sleep(0x7D0u);
Line 62039: j_Sleep(0x7D0u);
Line 62047: j_Sleep(0x7D0u);
Line 62150: j_Sleep(0x7D0u);
Line 62158: j_Sleep(0x7D0u);
Line 65409: j__vsnprintf(&byte_5B924C[v7], 0x7D0u, Format, v6);
Line 71693: //----- (0049D7D0) --------------------------------------------------------
Line 71694: int __cdecl sub_49D7D0(const CHAR *a1)
Search "2000" (23 hits in 1 files)
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\magic.c (23 hits)
Line 1256: extern int dword_56260C[2000]; // weak
Line 1691: extern char byte_5B924C[2000]; // idb
Line 5630: // 56260C: using guessed type int dword_56260C[2000];
Line 5734: v7 = 2000;
Line 8288: v6 = sub_401C40(2000);
Line 8592: v3 = sub_401C40(2000);
Line 21558: j_j_memcpy(a1, (char *)dword_559FD0 + (((char *)dword_55A7A0 - (char *)dword_559FD0) & ((a2 == 0) - 1)), 2000);
Line 21587: j_j_memcpy(a1, (char *)dword_55BF10 + (((char *)dword_55C6E0 - (char *)dword_55BF10) & ((a2 == 0) - 1)), 2000);
Line 21616: j_j_memcpy(a1, (char *)dword_55AF70 + (((char *)dword_55B740 - (char *)dword_55AF70) & ((a2 == 0) - 1)), 2000);
Line 42641: if ( a1 >= 0 && a1 < 2000 )
Line 52007: v4 = 2000 * i;
Line 56820: int v8[2000]; // [sp+18h] [bp-1F44h]@5
Line 56863: // 481180: using guessed type int var_1F44[2000];
Line 60633: int v20[2000]; // [sp+4C1C4h] [bp-1F50h]@7
Line 60754: // 489040: using guessed type int var_1F50[2000];
Line 72113: Rect.right = 2000;
Line 72131: v7 = 2000;
Line 72448: v29 = sub_49F500((int)deck, 2000) & v28;
Line 72545: v126 = sub_49F500((int)dword_507EC0, 2000) & v125;
Line 72546: v127 = sub_49F500((int)dword_5076F0, 2000) & v126;
Line 72993: v28 = sub_49F500((int)deck, 2000) & v27;
Line 73091: v126 = sub_49F500((int)dword_507EC0, 2000) & v125;
Line 73092: v127 = sub_49F500((int)dword_5076F0, 2000) & v126;
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\src1\functions\functions.c (3 hits)
Line 3: int card_coded[2000];
Line 182: char buffer[2000];
Line 186: for(i=0;i<2000;i++){
C:\Users\esfak\Desktop\DESKTOP\disassemblers\dis-code\src1\functions\game_startup.c (1 hits)
Line 131: for(i=0;i<2000;i++){

[gmzombie]

i think your best resource would be snacko or even harry pitfall as they both know asm really well i believe.

[Snacko]

I think Ideal would be if we could define a global variable like CARD_LIMIT 3000 and replace the 2000 number limit with that variable, so that way we will be able to change the size easily, only at the definition (i know it can be done in c)

There isn't c code so it isn't so easy if you look in the asm counterpart of the decompiled c code.

Another idea was that if we could embed the assembly code of magic into a c file and maybe start replacing the assembly with c a little bit at a time.

This is a good idea, but it's a lot of work to rewrite it all into c. If you have time, knowledge and resources then this would be the most beneficial way as it would allow to modify the engine and AI.

My problem so far is that I haven't managed to compile the produced magic.c to an exe so that i can try out my ideas.

[/quote]There is no asm->c decompiler that would allow you to compile the source back without any modifications. It's even hard to get asm dump that would recompile in an assembler like nasm.

[foolosopher]

I 'll go with the good idea then. I believe even making embedded asm in c to work, will give enough room for improvements to the game. You are my resources (as in the manalink community) so 'll try to use them wisely.

I 'll also give a shot to num. 3 and see what comes of it.

Another question,
Has anyone managed to compile/debug using eclipse cdt? I 'm having trouble linking asm-yasm into it with a proper makefile.

Back to work now...

[foolosopher]

Hi everyone and happy new year.
I'm back to report my findings in case it is of interest to anyone, so here it is.
I 've been trying to debug and compile the produced c file from the decompiled magic.exe. I had not much success in that, so far I have limited the number of errors down to around 1000, but the remaining errors are between 4-5 different types. Meanwhile, after a lot of searching I managed to find the definitions file (defs.h) that IDA pro uses after it decompiles a program, but it was an extended one. I mention this because in the sources provided by gmzombie from a similar attempt I did not find this file.
I scanned the two files and managed to clear most of the unnecessary definitions and macros.
A major problem is that IDA pro could not decompile the whole magic.exe and it's missing 5-6 functions, according to its report, but I also have a decompiled assembly file, which reported no errors, but I don't know assembly.
Anyway, since I don't have much time to spare, I'll keep on working for a little while longer, before moving to coding cards, or the multiplayer debugging, but I believe it's doable but requires some collaborative effort, so I 'd really appreciate some help.
If anyone is interested or has any news concerning the 2000 card limit please post a reply or send me a message.

Everyone have a good time until then...

[jatill]

I'm glad to see you're making progress here. I would love to help, but would have no idea what I'm doing. If it comes down to grunt work that can be explained in steps, then I'll certainly pitch in.

[foolosopher]

Thanks for the offer. The work needs some serious debugging but like I mentioned there are many repeating errors within 4-5 different types.
From what I found so far there must be something with the defs.h In there, there are some macros that are probably causing the damage to the magic.c but haven't managed to root them out yet. I believe that if we manage to overcome this we will make a major breakthrough and limit the number of errors much more, But I need verification on this, or a second pair of eyes and after that probably much grunt work as in correcting the remaining errors, which from what I think are mostly due to some coding principles that IDA pro follows, when disassembling.
Anyway if you 're interested to take a look or want the files, send me your email address and I 'll sent the files to you. (I can't send you the asm file cause it's 36MB though so if you want that I'll try to find a way to post it somewhere though)

[gmzombie]

another note would be to ask a master programmer like snacko. i goto him when i need a tough(so i think tough) question answered. but i will still try and find that def.h file for you.

[foolosopher]

OK, I sent you the files, so that you can have a look. In the defs.h I have commented out functions that are not used in magic.c. I have also included some libraries that were missing but if you add something else that clears out more mistakes let me know.
keep in mind that 11 functions were not disassembled correctly and produced errors (#error), which I also commented out to proceed with compilation. That is why we also need the magic.asm which seems to be fully disassembled, so that we extract the missing code. This is where I was planning to call upon those who know assembly. Anyone who decides to work on this let me know so that we coordinate our effort and split the area of code and types of errors that we are working on.

[Ghost]

Hi guys, Im new around, so here's a little story. About a year ago I decided to play the game again after a few years. Played quite a bit and got an old friend to also get back to it so we could try to play over the net. After quite a few problems to make it work, I checked his version more carefully, since mine was the original one, and he told me his version got all those many new cards! I checked it out and reawakened my old idea of getting it to have all the cards I originally played on paper, that is to encompass the golden age of magic =) my epoch spanned from 4th edition, just after fallen empires, to just before mirage. Read a few txts and learned about people taking "less desirable" cards to make space for new ones.. didnt mind much and got back to playing, though since I like to hack stuff up, got thinking about such a limit and how that could come about and how it could be circumvented.. got a few ideas, but mostly theory and forgot about it..
ok.. few months later, like yesterday, got into thinking again about setting the game into a personal collection of my times with magic, and how one would go about doing it, but for that I needed to know more about that limit, started researching and got here =) I counted the cards and confirmed that, even with the limit, my goal is still feasible. Nevertheless as I said I like to hack stuff and wanted to know how progress on this, if at all, was going.. Jaguar pointed me here and when I read about foolosopher idea I got quite excited since it was quite similar with an idea I got, though I soon realized it was much more complex and would drain much more effort, perhaps even in vain, since simply changing the constant 2000 is very risky even if you do get to compile it. (more on this below)

My original idea was to, instead of taking the asm and get it into C bit by bit, (which might, as it seems to be, take A LOT of technical effort), we dont try to compile it yet, we take it bit by bit yes, but we just compile a wiki or compendium of our understanding of the code, which would be 10x faster as we already need to understand some of it to get it to compile, but we obviate the need to type the exact characters a compiler need which gets worse since we are not using the proper tool for the job (i hear it should be C++, right?). Also, many more people would be able to help, since reading code, difficult as it may be, is less to ask than to actually modify asm etc.. you dont have to get it 100%, even pseudo-code of what you BELIEVE might be going on, would help, and more knowledgeable people can be responsible for gluing together little snippets others might figure out, in some kind of hierarchical organization.

Another problem with that approach is that it might not even work after you think you solved all problems. Perhaps those errors come from the fact of not having the missing functions there, have you tried to place dummy functions just to see if some errors go away? maybe the majority might go, or perhaps the same errors that prevented them to get decompiled might get in the way of the rest, i.e. a more fundamental problem than just with the functions themselves... Eventually understanding the code would solve this, and we dont even need to understand it all unless you really want to mod the game, expand shandalar and what-not, but we would follow the lead of the 2K limit and understand how THAT works much earlier than the whole code. Also, what people already know, like variable positions and what they are, function addresses, etc, would probably prune whole sections of the search space.

One of the ideas I had to circumvent the limit was to, instead of simply augmenting hardcoded (risky) constants, which might be dependable throughout the entire system, is to intercept the call for each card (every time an id gets used to get a card out of those arrays) and place a function (which should be simple enough we can just add at the end of the code), which would take that ID and get the card from OUR array (which could also be added in the same way arbitrarily). The idea is similar to what unicode did to be able to work while being backwards compatible (which is specially important for us since we dont understand the code, yet) and not breaking all the previous apps that used ascii.

Yet, with all that said, I offer another pair of eyes to the endeavor =) I do believe though there are more efficient ways to go about it than to shoot in the dark =)

Im open to your ideas.

Cheers,
Ghost.

[Gargaroz]

I really hope we'll get a decent source code one day, so we could fix a lot of annoying things (slowdowns, the dumb AI and so on) and got a more smooth and stable program.
Keep up the good work, Ghost and everyone else !

[gmzombie]

Ghost to me that sounds like a great idea..although im no coder by any means although i do hack stuff up and attempt anything i think i can do. the one thing im not sure about and maybe some of the coders can chime in is if the AI reactions and movements are coded with the cards or not. not being a coder i dont know. but i also had an idea to eliminate the clutter of card code in the program exe and that was to find all cards still coded into the exe and move them to the DLL maybe even a new dll that is just original magic cards or just added to the current dll file too. either or really and that would eliminate code that we would have to go through..just a thought.