Alice Averlong🏳️⚧️hmm. I need to either start building documentation about which of my 13 current Ghidra installs have which extensions installed, or I need to set up a ghidra build environment and commit to maintaining a One True Ghidra environment with all the extensions
I keep having the problem of "now which one of these has that PSX loader installed in it?"
(the answer was ghidra 10.2.3 if you even care)
ugh. I'm gonna have to find the font for this game, not for the usual reasons (death generators), but because I'm trying to find the code powering a specific screen (The character viewer) but the text from it doesn't show up in a strings search.
because it's not ASCII. ;_;
it might be full-width latin characters. possibly encoded in shift-jis.
sadly ghidra doesn't know how to find that
maybe I can write a program to search for full-width characters in common encodings
Turns out the text IS in ascii, it's just in a datafile and not the executable.
so that doesn't help me
it was a good idea of them to put all the strings in a datafile instead of the executable! really handy for localization.
oh, this game was only ever released in japan? huh
oh I think this game is doing tricksy shit.
I think it's dynamically loading code out of datafiles and launching them. So the main executable is just the loader and archive-parser
I think it's dynamically loading code out of datafiles and launching them. So the main executable is just the loader and archive-parser
why the heck does the PS1 have a "NoFunction" syscall?
I know about NOPs, by why a NOP syscall?
it has been zero days since I crashed an emulator
ahh, fucking MIPS.
How do you get a full 32bit address into a register?
MOV EAX,800771DC ?
NO GET THAT X86 BULLSHIT OUT OF HERE.
lui v0,0x8007
addiu v0,v0,0x6e50
addiu v0,v0,0x404
that's an address encoding that'll put some hair on your chest!
you may notice the math here doesn't make sense. I agree that it doesn't make sense. but it seems to work. Something is very wrong
ahh no it's just a confusing loop.
that address doesn't equal 800771DC, it's 80077254
that address doesn't equal 800771DC, it's 80077254
You gotta love when it turns out a game is just spewing debugging info on the normally invisible serial terminal, so you just need to connect to see it
remember when writing code that parses data formats, always make sure it's a complex mess of dynamic callbacks indexed on magic bytes that you do arithmetic on. never just have a big switch table or a bunch of if-thens.
this won't make your program any better but it will absolutely give headaches to the poor reverse engineers trying to figure out your file formats 21 years later
so I'm trying to figure out the PAC format used inside the APFrs files used by Azumanga Donjyara Daioh and One Piece: Grand Battle! 1/2.
it has at least 11 types of sub-chunks, of which I know SDFC, VH, VB, and SEP are 4 of them.
The other 7? unknown.
The other 7? unknown.
however, those are only the ones known at compile time: there's a lookup table for the chunk types, and I know that at least at one point, it registers and unregisters two more.
I can't be sure yet if those two more are overriding existing chunk types, or if they're entirely new ones
partially because the chunk numbers aren't used as-is. They seem to be adjusted at runtime. So like, some chunks are 0-31, but chunks 32 and up get 32 subtracted from them? It's confusing
or... every callback is registered in pairs, and the second callback is at the same number as the first, +16, and in all cases, it's set to NULL?
WHAT EVEN IS THIS
okay so the chunk IDs seem to be related to different types of chunk handlers
chunk IDs 0-31 use a 3-parameter callback, and 32-47 use a 4-parameter callback
chunk IDs 0-31 use a 3-parameter callback, and 32-47 use a 4-parameter callback
you could have just made them all take 4 parameters and just have some of them ignore the 4th parameter but NO we gotta make everything complicated so that foone's little brain can't handle it
you'd think the programmers of an Azumanga Daioh, of all games, would realize that the eventual reverse engineer hacking their game might be an Osaka, and would not over-complicated it
oh hello. Someone left the output of a tool on the disc!
Data Pack2 by OOTUKA, Technosoft Co LTD, eh?
Data Pack2 by OOTUKA, Technosoft Co LTD, eh?
that's very interesting. Technosoft had nothing to do with this game... they didn't even exist anymore when it came out.
but given the 1996-1998 dates, I'm guessing they made this tool for one of their PS1 games they released in that period, and it later got used by Ganbarion for Azumanga Donjara Daioh and the One Piece games
Shuji Yoshida is credited as "Library Program" on all three games I know that use PAC files.
It's possible he's OOTUKA.
It's possible he's OOTUKA.
or it might mean he made the APF files
Misty@foone “Ootuka" is probably Haruhiko Otsuka, who went on to work at Ganbarion and is credited on the One Piece games. GDRI mentions that Ganbarion was founded by ex-Technosoft people. http://gdri.smspower.org/wiki/index.php/Technosoft
@misty ooh, thanks!
Sean Eric Fagan@foone Alternately, if you come across a date string you don't recognize, launch all of the nuclear missiles.
pancake 
@foone omg is no$ still doing emulators? 😍
Rairii@foone I joke about MIPS the rabbit being the only rabbit with delay slots
Farce Majeure
slaeshjag@foone this kind of bulllshit is why I've always hated writing assembly for RISC architectures. I mean sure, there's macros in the assembler, but is this really what peak performance is supposed to look like?
Jason Petersen (he)@slaeshjag I think part of peak performance is that you may not like what it looks like
walter4096its a good tradeoff.
full address literals are rare
there's usually a register pointing at some globals area - allowing quick access with 16bit offsets - and if real 32bit addresses were critical you could store them as constants there to load
most addresses that programs deal with are offsets from struct pointers, array offsets etc
RISC is designed to be easier for compilers to deal with.
I did enjoy writing 68000 CISC ASM on the amiga but the focus changes over time
leah & tigers & bears, oh my!@foone why not just addiu v0,v0,0x71dc?
@thamesynne I have no idea
@foone one idea did occur to me after - if they wanted to be able to patch offsets afterwards, it'd make sense to divide up the initial load from the adding of an offset
but that's all i've got
@foone or more to the point, ori v0,v0,0x71dc (which zero-extends its constant)
endrift 🏳️⚧️@foone it turns out when you have fixed width instructions that are the same width as addresses, you can't do a full width load immediate in one instruction. Given the advantages of fixed width instructions, I really don't see this as a problem.
Spencer Alves
The Doctor@foone On your eyelids, too.
Aaron Sawdey, Ph.D.@foone I mean, PowerPC does the same thing with li/addis.. I assume the double addiu is because of linker madness?
Koutsie 
@foone joke:
is this a denuvo on switch reference
Charlotte 
/Cinny 
@charlotte @endrift I don't think she has anything to do with no$psx
@charlotte @foone I would like to know how a build can be so misconfigured it crashes. That still sounds like a bug on the surface!
@endrift @foone oh okay i figured it out. It’s a bug in nixpkgs. It links mgba with lua 5.4 and with vlc (which links with lua 5.2) and while initializing vlc (which it does for some reason?) vlc crashes due to the version mismatch
Not sure why selecting an existing save file inits vlc tbh, that could be a bug on its own
@charlotte @foone ????? mGBA does not depend on libvlc, why is it linking with it?
@charlotte @foone it does look like it's being pulled in by KDE, specifically when pulling in Phonon, KDE's audio framework
@charlotte @foone Sounds plausible.
Jason Scott@foone Tired: Crashing an emulator by overpowering it
Wired: Crashing an emulator like you crash a party
miifox@textfiles @foone my favourite was crashing an emulator by doing absolutely nothing!
(gameboy emulator, i turned halt on with vblanks turned off, instead relying on the keypad interrupt. this crashed several badly programmed emulators which relied on the vblank interrupt apparantly to refresh the host event loop. i crashed the emulator by putting it in the deep freezer)
(gameboy emulator, i turned halt on with vblanks turned off, instead relying on the keypad interrupt. this crashed several badly programmed emulators which relied on the vblank interrupt apparantly to refresh the host event loop. i crashed the emulator by putting it in the deep freezer)
Jay@foone I crashed a VM today, that counts right?