RE-vigorate

2010/11/30

Bytecode Bug

Filed under: Bytecode, Crusaders of Khazan, Debug — denormative @ 23:55

A particularly odd bytecode bug I found whilst reverse engineering the data. It looks like the original bytecode compiler failed to emit an “else” clause for a conditional statement. For the binary code:

Offset    0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
00003230 73 20 77 72 65 63 6B 69 6E 67 20 6C 69 66 65 2E s wrecking life.
00003240 0A 00 1E FD 31 21 05 1E 34 54 6F 20 65 6E 74 65 ....1!..4To ente
00003250 72 20 74 68 65 20 6D 6F 6E 73 74 65 72 73 20 6F r the monsters o

The string that ends with a null at 3241 is fine.

Opcode 1E is “print a string” and it takes a two byte parameter. This happens to point to the “To enter the monsters…” string just after it. So it looks fine.

At 3245 opcode 0x21 is “prompt yes/no”, given the question is: “To enter the monsters own environment requires some thought. Is there some preparation you are neglecting? Do you just leap in?\n” this makes logical sense

Opcode 0x05 at offset 3246 is a two byte parameter code that says “jump to location of the zero flag is false”, the zeroflag is what the yes/no opcode sets. So:

1E FD 31 - print the "To enter the..."
21 - Prompt for question
05 1E 34 - jump to 341E if zeroflag is set
54 6F 20 65 6E 74 65 - "To ente"
(Which is the string 1E FD 31 printed.)

So it didn’t emit the “else” clause of 05 XX XX.

Offset    0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
00003230 73 20 77 72 65 63 6B 69 6E 67 20 6C 69 66 65 2E s wrecking life.
00003240 0A 00 1E FD 31 21 05 1E 34 54 6F 20 65 6E 74 65 ....1!..4To ente
00003250 72 20 74 68 65 20 6D 6F 6E 73 74 65 72 73 20 6F r the monsters o
00003260 77 6E 20 65 6E 76 69 72 6F 6E 6D 65 6E 74 20 72 wn environment r
00003270 65 71 75 69 72 65 73 20 73 6F 6D 65 20 74 68 6F equires some tho
00003280 75 67 68 74 2E 20 20 49 73 20 74 68 65 72 65 20 ught.  Is there
00003290 73 6F 6D 65 20 70 72 65 70 61 72 61 74 69 6F 6E some preparation
000032A0 20 79 6F 75 20 61 72 65 20 6E 65 67 6C 65 63 74  you are neglect
000032B0 69 6E 67 3F 20 20 44 6F 20 79 6F 75 20 6A 75 73 ing?  Do you jus
000032C0 74 20 6C 65 61 70 20 69 6E 3F 0A 00 1E 94 32 23 t leap in?.....#
000032D0 BF 00 00 01 02 C0 52 01 00 00 0E 00 00 03 56 35 ......R.......V5
000032E0 49 6E 20 61 6E 20 61 63 74 69 6F 6E 20 74 6F 6F In an action too
000032F0 20 62 6F 6C 64 20 74 6F 20 62 65 20 62 65 6C 69  bold to be beli

At 32CC, right after that chunk of “To enter…. leap in?” text, is an output, 1E 94 32 dumps out the text below the “In an action too…”, which is basically the “no” response to the “are you neglecting something?”. Where you dive into the water without removing your armour first.

Since I vaguely know where this is, on my list of things to do is to actually visit the location and say “no” and see if the game dies.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: