@plaes

123 Followers
397 Following
1,069 Posts
I break stuff. And file bug reports. Occasional retrocomputing.
Member of K-Space.ee hackerspace.
Websitehttps://plaes.org
Codeberghttps://codeberg.org/plaes
Githubhttps://github.com/plaes
plaes17h ago
Berries on the straw aka strawberries / 🍓
#summervibes
plaesJun 11

Little buddies. Left one needs some healing though as I suspect that floppy gear has dissolved. No signs of life from CRT either. And then I need a keyboard/mouse as well.

#retrocomputing #macintosh

Show threadplaesApr 23

Wii...

#macosx #wii #retrocomputing

Show threadplaesApr 18
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16
Show threadplaesApr 18

Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html

#ghidra #reverseengineering #win16

plaesApr 9

Attempted to install Mac OS X (10.0) on a Wii. Sadly my allocated time for hackerspace visit (K-Space.ee) ended before the installer managed to even start as I had to go home...

#hackintosh #wii #macos

Show threadplaesMar 27

Well, live and learn. There is actually a better search option which supports wildcards under: Search -> "Memory..." .

#ghidra #win16 #reverseengineering

Show threadplaesMar 27

If we look closely and chew through some endianness magic, we can now start searching for the "magic bytes" using the knowledge that `CALLF` instruction starts with 0x9a and the next four bytes is the address of the thunk.

One way so far is via Search -> "For Instruction Patterns" and looking up all the possible locations for these calls.
All this is manual work though, until I figure out a way to script this...

#ghidra #reverseengineering #win16

Show threadplaesMar 27

Some minor progress with Ghidra:

Firstly, it recognizes imports from various libraries (GDI, KERNEL and MMSYSTEM), but as it hasn't fully decompiled the game, most of the imports are marked as unused. On the image below `GDI::CREATECOMPATIBLEDC` is referenced from the code, but `GDI::CREATEDC` isn't.

So if we dig further, we can see that the library calls use `CALLF address_of_thunk` which in hex is `9a4000b811`...
#ghidra #reverseengineering #win16

plaesMar 26

Any hints on how to "port" a 16-bit NE-executable (decompiling and "recompiling") to run on modern Linux machines. So far I managed to get it working with Wine with custom 32-bit WINEPREFIX.

Executable itself is a simple game, was released in 1995 and based on ObjectWindows for C++ Demo (Borland C++).

#reverseengineering #retrocomputing