Echo #05 31 августа 1998

Программирование

Tips Hacker - The technique of adapting programs to the system of copyright TR-DOS (hacking technique ZX-Format 8, Mortal Kombat).

  The technique of adaptation of author's programs

           under a system of TR-DOS.

(C) Delta / Power Hackerz Group.


   This paper game is intended for all of hackers working on 
SPECTRUM'e. I also advise professionals, would not gaditsya 
similar articles t.k.ya also recently not respected when I was 
"taught" in various publications, but here I will discuss the 
adaptation programs, and who knows, maybe some

information will be new to you, the more I
hacker with experience and time to experience the many
pitfalls of this case.

   Let the reader does not think that I'm a pirate
No, it is erroneous informatsiya.Pirat
the man who steals from manufacturers to the same pirate is 
usually not even hacker, but an ordinary user. To the pirates, 
even More and more, if a decent

prog is not on the TR-DOS, and in some perverted form. Burglary
such a program, once a pirate kills two
rabbits: with a copy of which he can
distribute, as well as he understands that not
All users are able to use non-standard format copiers, the more 
that 80% of them complete crap. 

   Well, I expressed a little "sore", it's time to start and to 
the theory. I'll share with you the method of hacking and 
translation TR-DOS disk popular game MORTAL KOMBAT

and computer magazine ZX-FORMAT # 8. Time
hacking MORTAL-1. 5 days, and during break
ZX-FORMAT'a 4-5 hours.


   If you doubt my professionalism, we can and spisochek big 
programs cause I Vloman: 


   DOUBLE XINOX - From there I removed the protection,
set TR-DOS LOADER, as well as some
podkorektiroval KEMPSTON.


   THE SUNDREED-She was already "perelopachena" ARS'om of 
FATALiTY, resulting in it did not work on any Brest

machines. Only later earned with a terrible squeak in TR-DOS 
5.043. I'm stuck there # 3D13, though prishlo a little digging,

since there spoiling the system variables.


   ZX-FORMAT # 06 - Corporate drive brought
IMPERIO with ENLIGHT'a 97. I broke it and
adapted by TR-DOS 5. 043. Posted copyist as the saying goes 
"for himself, gave one ... and said something to him he does 
not apply, the day his whole yuzal Minsk and shouted that he 
was buggy. Note: By about glyuchnosti copyist contact

Gog (ICE / PHD).


   TECHNODROM-branded version appeared in
me from the author (by agreement). She had an entire disk, and 
had a defense (though ARS'MAST'ovskuyu). Revised became

take about 600 sectors (with all maps
and shipments) Shipping all in memory of the 128th
(48K mode is also used), and also
I was furnished the author's bug:) Personally, I
This game in Brest does not apply,
because as has been compromised for the sake of purely sporting 
interest. 


   MORTAL KOMBAT-Long time users
Brest controllers tormented because they could not pogeymatsya 
this a good game, not helped, even firmware TR-DOS v5.043. Had 
her "rape", she was transferred to the TR-DOS disk All 
transactions through # 3D13. Added mode fast loading menu 
fighters, rather handy thing. Works on any computer 
configuration, even on an emulator pisyushnom check:) The 
hardest part was adapt to the test.



   ZX-FORMAT # 8 - More recently, he appeared here in Brest, I 
turned it on TR-DOS disk, naturally all through # 3D13



   All these works are large, I do not have
here a lot of programs in which I pomenyalya not too many 
bytes, of just do a tremendous amount, even Hard to remember.


   Perhaps begin ...


        The method of data conversion.

   Previously, I believed that the translation of games in 
TR-DOS system required a lot of time and effort, as well as an 
incredible number of disks. But there is a better way:) No 
reason to sit on a program to translate all files in a standard 
TR-DOS format, and after that they stick together. If a small

game, for example TECHNODROM, all packed information (except 
cards) Freely "intermeddle" at 128K, then naturally this way 
fit. And if you have 50 articles and 20 music files? With them 
you'll dig at least a month, then you hardly pull into the 
following Krakow. Here's the method of conversion, I now 
describe. 

-----------------------------------------

   1. First you need to copy the discs, in TR-DOS.


   2. Find all feeders, and put in
They move to its own procedure.


   3. To understand the format of the disc.


   4. Leave converter and LOADER.

-----------------------------------------

   And now me more about all the options.


   Just copy the program, you must
just write your copier. I
writing copyist took about 10-15
minutes. It is worth noting that, for each bend
need to write a copyist, since such a MORTAL'e sector 
nachinayutsya with # F4 (Really) but then in a compromised 
version, of that number of consuming # F4, and each sector 
there is 512 bytes. In ZF # 8 quite another story, there are 
sectors with nachinayutsya # 6F through # 73, and the length of 
the sector is 1024 bytes.


   You probably scared so large sector? After all, 
theoretically, in comparison with the TR-DOS'om wins 1024 * 5 = 
5120/256 = 20, 20-16 = 4 sector of the track (due to small gaps 
dinny fields). You can estimate that the disk will be winning 4 
* 160 = 640/16 = 40 tracks! But The authors are human beings 
too, because they stick together its bend in the TR-DOS'e => On 
the drive, even a place should remain free. In MORTAL'e I

drew attention to it, but in FORMATE'e
had (because of the application), the whole format
(Intruha + article + all the application) is not even
falls short of the full disk, there are about 200 free sectors 
naprashivaetsya question: what the actual authors of their 
application did not score? 


   By the way here's the best procedure

       read / write (# 3D13)


   Programming is very simple:

 LOAD LD (23796), DE

        XOR A

        LD (23758), A

        LD IX, 7797

        PUSH IX

        JP 15663

 SAVE LD (23796), DE

        LD A, 255

        LD (23758), A

        LD IX, 7797

        PUSH IX

        JP 15663


   As you can see nothing complicated. Address
7797 is the address of the standard procedure for reading / 
writing, but without a team. This command (CALL xxxx) and 
spoils the entire mess, ie rides head drive back / a forward

on the track, sometimes knocking his head on the edge
track, and sometimes spoils diski.Imenno due
it we could not operate at the level of non-standard discs, 
TR-DOS Procedure 5, 6.But after removing it all OKTR-DOS you 
more do not know, amen. Everything was smooth, gently, in 
principle, such a rate the same as a conventional TR-DOS'a, but 
an opportunity to read at normal speed nonstandard sector, and 
this opens up We quite simply a great opportunity. Besides-I 
90% sure that MORTAL, SUNDRED, DB XINOX, TECHNODROM, ZX # 8 
will work on skorpovskih screws, as well as brestkih

controllers Version 5.04, 5,043.

   But this method of loading is one
"But." He does not want to work in the case
if prog actively yuzaet system variables. Have to be subverted.

            And here is the output:


        DI

        PUSH IX, IY

        PUSH HL, DE, BC

        LD IY, 23610

        LD HL, # 5C00

        LD DE, XXXX

        LD BC, 512

        LDIR

        LD HL, 10072; these variables

        EXX; need for

        LD A, # FF; of TR-DOS

        LD HL, # C9F1; after reading /

        LD (23796), HL; record

        LD (IY), A; TR-DOS to

        LD (23752), A; thoroughly

                           ; Trash.

        POP BC, DE, HL

        CALL LOAD

        POP IY, IX

        LD DE, # 5C00

        LD HL, XXXX

        LD BC, 512

        LDIR

        RET


   XXXX-this is the free memory in your computer,
it is usually not difficult to find, especially when
computer reads the disk, for example
screen. So did Kopein / NHG in UFOv2.0 and
JAGURA / PHG in UFOv2.10, when adapted
it under # 3D13. Him and I used in game
HUNDRED, there also used Region
variables.

   This method is also different yuzali Skorobogatova, 
Vasilyeva and other vulgar "Restorers" 90 years, because as a 
game These craftsmen were pohereno heap. Now

in such a perverted and head can unscrew.

   Anyway, I'm a little distracted.


   2. Once we have copied the prog
for TR-DOS disk, you need to find and alter
all downloaders. Just in the loader, put in JP # 5F00 (24320), 
usually this place before the stack, and there write the 
converter and LOADER. I will give my full procedure:



        ORG # 5F00

        PUSH IY; remember registers

        PUSH IX; for all sorts of fire

        LD IY, # 5C3A; these values

        LD A, # C9; need to fix

        LD (# 5CC2), A

        EXX

        PUSH HL

        LD HL, # 2758, also need

        EXX
LDER PUSH BC

        PUSH HL

        CALL RASS; call converter

        POP HL

        POP BC

L1 LD (# 5CF4), DE

        LD A, B; multiply by four

        ADD A, A; because length of the sector
        ADD A, A; RA 1024 bytes.

        LD B, A

        CALL LOAD; download

        LD DE, (# 5CF4)

        XOR A; recover

        EXX; crap

        POP HL; value

        EXX

        POP IX

        POP IY

        RET
RASS DEC D; in format to the first
                  ; Horns not yuzaet

        LD L, D; multiply road

        LD H, 0 to 20.

        ADD HL, HL

        ADD HL, HL

        PUSH HL

        ADD HL, HL

        ADD HL, HL

        POP BC

        ADD HL, BC

        LD B, H

        LD C, L

        LD A, E

        ADD A, A; multiply the sector on

        ADD A, A; 4 because in ZF sector

        LD C, A; occupies 1024 bytes

        LD B, 0

        ADD HL, BC; add the old

        PUSH HL; value

        LD A, L

        AND% 11110000

        LD L, A

        OR A; divide it all by 16

        RR H; without a trace.

        RR L

        RR H

        RR L

        RR H

        RR L

        RR H

        RR L

        LD D, L

        ADD HL, HL; multiplied by 16

        ADD HL, HL

        ADD HL, HL

        ADD HL, HL

        LD B, H

        LD C, L

        POP HL

        OR A

        SBC HL, BC; find balance

        LD E, L

        RET; in the original DE-

                      ; Value
LOAD XOR A
DISK LD (# 5CCE), A

        LD IX, 7797

        PUSH IX

        JP # 3D2F


   This procedure is certainly not juzat I
it led to what-have you written similar to his case. I is 
calculated by its formula, you calculate on their own.

Not even the main compactness, although in some cases it is 
absolutely necessary, there were even some cases that one byte 
is not enough:)


   The procedure can of course be reduced by
order, but for my case, it is suitable
100%. In MORTAL'e things were worse, there
I have two free bytes left (thanks to # 3D13). If it was my 
LOADER, then he held, would be a lot of memory. By the way

LOADER MORTAL'a in the old version was incorrect, hindering 
disk drives 5313, 5311 and etc.



    3. How to understand format the disk.

   There are several ways. You can for example using the 
procedure of reading the track (I have it somewhere already 
described) can be considered field blanks, and then sort out 
the data that are located there. 

   You can break the prog you want to translate, where the 
order of sector and their length is exactly.


   You can STS5.1, STS6.2 read on
sector (with 255 to 16) if nothing schityvaetsya have to use two
top ways.


    4. Leave converter and LOADER.

   Well this is you can already write, since that
the information I gave you, it is
enough for a professional burglary. Naturally requires a little 
more brains, and 99% perspiration. Since in this case there is 
mass sensitive situations with which you deal one-on-one, and I 
already will not close, something would be in a difficult moment

to give you a strong helping hand ...


   If you have any problems with the perception of the text, or 
you decide tell me something, please.



         My phone is in Brest:
8 + (0162) 41-09-12 DELTA / PHG a.k.a.Oleg.



    P.S. Who says that there are no good

    pirated versions:)


    P.P.S. What would all IMP'y hanged himself:)


    P.P.P.S. All those who runs into Hakke
    ditch - _LEYMERY_.