|
Echo #05
31 августа 1998 |
|
Tips Hacker - The technique of adapting programs to the system of copyright TR-DOS (hacking technique ZX-Format 8, Mortal Kombat).
The technique of adaptation of author's programs
under a system of TR-DOS.
(C) Delta / Power Hackerz Group.
This paper game is intended for all of hackers working on
SPECTRUM'e. I also advise professionals, would not gaditsya
similar articles t.k.ya also recently not respected when I was
"taught" in various publications, but here I will discuss the
adaptation programs, and who knows, maybe some
information will be new to you, the more I
hacker with experience and time to experience the many
pitfalls of this case.
Let the reader does not think that I'm a pirate
No, it is erroneous informatsiya.Pirat
the man who steals from manufacturers to the same pirate is
usually not even hacker, but an ordinary user. To the pirates,
even More and more, if a decent
prog is not on the TR-DOS, and in some perverted form. Burglary
such a program, once a pirate kills two
rabbits: with a copy of which he can
distribute, as well as he understands that not
All users are able to use non-standard format copiers, the more
that 80% of them complete crap.
Well, I expressed a little "sore", it's time to start and to
the theory. I'll share with you the method of hacking and
translation TR-DOS disk popular game MORTAL KOMBAT
and computer magazine ZX-FORMAT # 8. Time
hacking MORTAL-1. 5 days, and during break
ZX-FORMAT'a 4-5 hours.
If you doubt my professionalism, we can and spisochek big
programs cause I Vloman:
DOUBLE XINOX - From there I removed the protection,
set TR-DOS LOADER, as well as some
podkorektiroval KEMPSTON.
THE SUNDREED-She was already "perelopachena" ARS'om of
FATALiTY, resulting in it did not work on any Brest
machines. Only later earned with a terrible squeak in TR-DOS
5.043. I'm stuck there # 3D13, though prishlo a little digging,
since there spoiling the system variables.
ZX-FORMAT # 06 - Corporate drive brought
IMPERIO with ENLIGHT'a 97. I broke it and
adapted by TR-DOS 5. 043. Posted copyist as the saying goes
"for himself, gave one ... and said something to him he does
not apply, the day his whole yuzal Minsk and shouted that he
was buggy. Note: By about glyuchnosti copyist contact
Gog (ICE / PHD).
TECHNODROM-branded version appeared in
me from the author (by agreement). She had an entire disk, and
had a defense (though ARS'MAST'ovskuyu). Revised became
take about 600 sectors (with all maps
and shipments) Shipping all in memory of the 128th
(48K mode is also used), and also
I was furnished the author's bug:) Personally, I
This game in Brest does not apply,
because as has been compromised for the sake of purely sporting
interest.
MORTAL KOMBAT-Long time users
Brest controllers tormented because they could not pogeymatsya
this a good game, not helped, even firmware TR-DOS v5.043. Had
her "rape", she was transferred to the TR-DOS disk All
transactions through # 3D13. Added mode fast loading menu
fighters, rather handy thing. Works on any computer
configuration, even on an emulator pisyushnom check:) The
hardest part was adapt to the test.
ZX-FORMAT # 8 - More recently, he appeared here in Brest, I
turned it on TR-DOS disk, naturally all through # 3D13
All these works are large, I do not have
here a lot of programs in which I pomenyalya not too many
bytes, of just do a tremendous amount, even Hard to remember.
Perhaps begin ...
The method of data conversion.
Previously, I believed that the translation of games in
TR-DOS system required a lot of time and effort, as well as an
incredible number of disks. But there is a better way:) No
reason to sit on a program to translate all files in a standard
TR-DOS format, and after that they stick together. If a small
game, for example TECHNODROM, all packed information (except
cards) Freely "intermeddle" at 128K, then naturally this way
fit. And if you have 50 articles and 20 music files? With them
you'll dig at least a month, then you hardly pull into the
following Krakow. Here's the method of conversion, I now
describe.
-----------------------------------------
1. First you need to copy the discs, in TR-DOS.
2. Find all feeders, and put in
They move to its own procedure.
3. To understand the format of the disc.
4. Leave converter and LOADER.
-----------------------------------------
And now me more about all the options.
Just copy the program, you must
just write your copier. I
writing copyist took about 10-15
minutes. It is worth noting that, for each bend
need to write a copyist, since such a MORTAL'e sector
nachinayutsya with # F4 (Really) but then in a compromised
version, of that number of consuming # F4, and each sector
there is 512 bytes. In ZF # 8 quite another story, there are
sectors with nachinayutsya # 6F through # 73, and the length of
the sector is 1024 bytes.
You probably scared so large sector? After all,
theoretically, in comparison with the TR-DOS'om wins 1024 * 5 =
5120/256 = 20, 20-16 = 4 sector of the track (due to small gaps
dinny fields). You can estimate that the disk will be winning 4
* 160 = 640/16 = 40 tracks! But The authors are human beings
too, because they stick together its bend in the TR-DOS'e => On
the drive, even a place should remain free. In MORTAL'e I
drew attention to it, but in FORMATE'e
had (because of the application), the whole format
(Intruha + article + all the application) is not even
falls short of the full disk, there are about 200 free sectors
naprashivaetsya question: what the actual authors of their
application did not score?
By the way here's the best procedure
read / write (# 3D13)
Programming is very simple:
LOAD LD (23796), DE
XOR A
LD (23758), A
LD IX, 7797
PUSH IX
JP 15663
SAVE LD (23796), DE
LD A, 255
LD (23758), A
LD IX, 7797
PUSH IX
JP 15663
As you can see nothing complicated. Address
7797 is the address of the standard procedure for reading /
writing, but without a team. This command (CALL xxxx) and
spoils the entire mess, ie rides head drive back / a forward
on the track, sometimes knocking his head on the edge
track, and sometimes spoils diski.Imenno due
it we could not operate at the level of non-standard discs,
TR-DOS Procedure 5, 6.But after removing it all OKTR-DOS you
more do not know, amen. Everything was smooth, gently, in
principle, such a rate the same as a conventional TR-DOS'a, but
an opportunity to read at normal speed nonstandard sector, and
this opens up We quite simply a great opportunity. Besides-I
90% sure that MORTAL, SUNDRED, DB XINOX, TECHNODROM, ZX # 8
will work on skorpovskih screws, as well as brestkih
controllers Version 5.04, 5,043.
But this method of loading is one
"But." He does not want to work in the case
if prog actively yuzaet system variables. Have to be subverted.
And here is the output:
DI
PUSH IX, IY
PUSH HL, DE, BC
LD IY, 23610
LD HL, # 5C00
LD DE, XXXX
LD BC, 512
LDIR
LD HL, 10072; these variables
EXX; need for
LD A, # FF; of TR-DOS
LD HL, # C9F1; after reading /
LD (23796), HL; record
LD (IY), A; TR-DOS to
LD (23752), A; thoroughly
; Trash.
POP BC, DE, HL
CALL LOAD
POP IY, IX
LD DE, # 5C00
LD HL, XXXX
LD BC, 512
LDIR
RET
XXXX-this is the free memory in your computer,
it is usually not difficult to find, especially when
computer reads the disk, for example
screen. So did Kopein / NHG in UFOv2.0 and
JAGURA / PHG in UFOv2.10, when adapted
it under # 3D13. Him and I used in game
HUNDRED, there also used Region
variables.
This method is also different yuzali Skorobogatova,
Vasilyeva and other vulgar "Restorers" 90 years, because as a
game These craftsmen were pohereno heap. Now
in such a perverted and head can unscrew.
Anyway, I'm a little distracted.
2. Once we have copied the prog
for TR-DOS disk, you need to find and alter
all downloaders. Just in the loader, put in JP # 5F00 (24320),
usually this place before the stack, and there write the
converter and LOADER. I will give my full procedure:
ORG # 5F00
PUSH IY; remember registers
PUSH IX; for all sorts of fire
LD IY, # 5C3A; these values
LD A, # C9; need to fix
LD (# 5CC2), A
EXX
PUSH HL
LD HL, # 2758, also need
EXX
LDER PUSH BC
PUSH HL
CALL RASS; call converter
POP HL
POP BC
L1 LD (# 5CF4), DE
LD A, B; multiply by four
ADD A, A; because length of the sector
ADD A, A; RA 1024 bytes.
LD B, A
CALL LOAD; download
LD DE, (# 5CF4)
XOR A; recover
EXX; crap
POP HL; value
EXX
POP IX
POP IY
RET
RASS DEC D; in format to the first
; Horns not yuzaet
LD L, D; multiply road
LD H, 0 to 20.
ADD HL, HL
ADD HL, HL
PUSH HL
ADD HL, HL
ADD HL, HL
POP BC
ADD HL, BC
LD B, H
LD C, L
LD A, E
ADD A, A; multiply the sector on
ADD A, A; 4 because in ZF sector
LD C, A; occupies 1024 bytes
LD B, 0
ADD HL, BC; add the old
PUSH HL; value
LD A, L
AND% 11110000
LD L, A
OR A; divide it all by 16
RR H; without a trace.
RR L
RR H
RR L
RR H
RR L
RR H
RR L
LD D, L
ADD HL, HL; multiplied by 16
ADD HL, HL
ADD HL, HL
ADD HL, HL
LD B, H
LD C, L
POP HL
OR A
SBC HL, BC; find balance
LD E, L
RET; in the original DE-
; Value
LOAD XOR A
DISK LD (# 5CCE), A
LD IX, 7797
PUSH IX
JP # 3D2F
This procedure is certainly not juzat I
it led to what-have you written similar to his case. I is
calculated by its formula, you calculate on their own.
Not even the main compactness, although in some cases it is
absolutely necessary, there were even some cases that one byte
is not enough:)
The procedure can of course be reduced by
order, but for my case, it is suitable
100%. In MORTAL'e things were worse, there
I have two free bytes left (thanks to # 3D13). If it was my
LOADER, then he held, would be a lot of memory. By the way
LOADER MORTAL'a in the old version was incorrect, hindering
disk drives 5313, 5311 and etc.
3. How to understand format the disk.
There are several ways. You can for example using the
procedure of reading the track (I have it somewhere already
described) can be considered field blanks, and then sort out
the data that are located there.
You can break the prog you want to translate, where the
order of sector and their length is exactly.
You can STS5.1, STS6.2 read on
sector (with 255 to 16) if nothing schityvaetsya have to use two
top ways.
4. Leave converter and LOADER.
Well this is you can already write, since that
the information I gave you, it is
enough for a professional burglary. Naturally requires a little
more brains, and 99% perspiration. Since in this case there is
mass sensitive situations with which you deal one-on-one, and I
already will not close, something would be in a difficult moment
to give you a strong helping hand ...
If you have any problems with the perception of the text, or
you decide tell me something, please.
My phone is in Brest:
8 + (0162) 41-09-12 DELTA / PHG a.k.a.Oleg.
P.S. Who says that there are no good
pirated versions:)
P.P.S. What would all IMP'y hanged himself:)
P.P.P.S. All those who runs into Hakke
ditch - _LEYMERY_.
Other articles:
Similar articles:
В этот день... 23 November