#win16 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #win16, aggregated by home.social.
-
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16 -
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16 -
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16 -
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16 -
Well, some success. I think I figured out some kind of address for these types:
#ghidra #reverseengineering #win16 -
Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html -
Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html -
Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html -
Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html -
Back to my antics.. I think I seem to have figured out the RTTI stuff somewhat thanks to this resource:
http://hwreblog.com/projects/ghidra.html -
Well, live and learn. There is actually a better search option which supports wildcards under: Search -> "Memory..." .
-
If we look closely and chew through some endianness magic, we can now start searching for the "magic bytes" using the knowledge that `CALLF` instruction starts with 0x9a and the next four bytes is the address of the thunk.
One way so far is via Search -> "For Instruction Patterns" and looking up all the possible locations for these calls.
All this is manual work though, until I figure out a way to script this... -
Some minor progress with Ghidra:
Firstly, it recognizes imports from various libraries (GDI, KERNEL and MMSYSTEM), but as it hasn't fully decompiled the game, most of the imports are marked as unused. On the image below `GDI::CREATECOMPATIBLEDC` is referenced from the code, but `GDI::CREATEDC` isn't.
So if we dig further, we can see that the library calls use `CALLF address_of_thunk` which in hex is `9a4000b811`...
#ghidra #reverseengineering #win16 -
i've been building a little Windows 3 VM with #DOSBox-X recently. originally to play with #LotusImprov but i ended up installing all ✨productivity✨ software i could think of. this website proved pretty useful: https://winworldpc.com/ it's got tons of old software, including some things missing from archive.org.
got any recommendations of what i can try? perhaps some open-source programs still have #win16 builds?
-
It feels so weird to be able to run Windows 3.1 on top of FreeDOS on actual modern hardware - it's not perfect - can't do more than 640x480 at the moment, but it should be able to do more with some tweaking. Used that GUI daily about three decades ago - didn't love it, but it was good enough and ran fine on my 286.
-
Finally, somebody developed a good AI tool!
https://www.dialup.net/wingpt/
This site is a gold mine of cool Win16 stuff. I need to give Win16 programming another crack one of these days.
-
So I went ahead and turned a bunch of old compilers for #DOS and #Win16 into #Ghidra FunctionID databases. Like DOS? Sick of having to identify strncpy 500 times? This is for you!
https://github.com/moralrecordings/ghidra-fidb-dos-win16
We're starting with a handful of popular compilers from Borland and Microsoft; if you have any old compilers or popular SDKs for DOS/Win16, sling them my way and I'll try and add them in.
-
so I'm reversing after dark for windows.
basically, I adore the "Itchy and Scratchy" screensaver from After Dark: The Simpsons, but it's 16-bit only.
It's a ~300kb NE, borland c++.
It calls into a lot of exports from ADXPL310.DLL which exports only by ordinal. (also borland c++)
After Dark 4.0 contains ADXPL510.DLL which also exports by name. Quite a few exports happen to be direct ports. For example adxpl510!360 aka @PushFarCatch$qpql$v aka void PushFarCatch(void (__cdecl *fptr)(int)) is the 32-bit equivalent of adxpl310!516.
#ReverseEngineering #Win16 #Win32
cc @foone - I know you've been interested in reversing after dark stuff before.