No edit summary Tag: Visual edit |
Tag: Visual edit |
||
| Line 11: | Line 11: | ||
In order to effectively debug, compile (or find) [https://www.dosbox.com/ DOSBox] with the debugger enabled. Loading up VAMPYR.EXE in DOSBox v0.74-2, the program's MCB is typically placed at segment 0x192 (pause DOSBox and run DOS MCBS). The code is then loaded 16 segments away, at segment 0x1A2. This causes the data segment to be relocated to 0x299F. Given the CS=0x1A2 and DS=0x299F, we can now start entering meaningful break points in the DOSBox debugger. |
In order to effectively debug, compile (or find) [https://www.dosbox.com/ DOSBox] with the debugger enabled. Loading up VAMPYR.EXE in DOSBox v0.74-2, the program's MCB is typically placed at segment 0x192 (pause DOSBox and run DOS MCBS). The code is then loaded 16 segments away, at segment 0x1A2. This causes the data segment to be relocated to 0x299F. Given the CS=0x1A2 and DS=0x299F, we can now start entering meaningful break points in the DOSBox debugger. |
||
| + | |||
| + | (This means ''all'' segments are offset by 0x1A2. For example, the main menu code segment in the binary starts at 0x1C46. However, since the code was loaded starting at 0x1A2, that means the main menu code now starts at 0x1C46 + 0x1A2 = '''0x1DE8'''!) |
||
== BOAT.DAT == |
== BOAT.DAT == |
||
Revision as of 21:18, 23 August 2020
Working backwards from the finished product to understand how it ticks.
Getting Started
(This only applies to version 2.0)
Vampyr is a 16 bit real mode DOS executable written in Borland Turbo Pascal 5.5 (5.0? not quite sure). It utilizes the Dos, Crt, and Graph modules (along with some libraries of its own).
In VAMPYR.EXE, the first code segment starts at address 0x3F10. The data segment starts at address 0x27FD0 (this is set by Borland compiled code). The data segment is the last segment in the binary.
Use of an interactive disassembler is recommended, such as IDA (the free version is quite capable). IDA will not parse the DOS header and relocation table, so it is advised to remove all bytes up to 0x3F10 using a hex editor. Once loaded in IDA, it's recommended to first create all the segments using the correct base; this aids the autoanalyzer, will make your life a lot easier, and cannot be corrected later on in analysis. Also, switch the string literal type to Pascal 8-byte length-prefixed.
In order to effectively debug, compile (or find) DOSBox with the debugger enabled. Loading up VAMPYR.EXE in DOSBox v0.74-2, the program's MCB is typically placed at segment 0x192 (pause DOSBox and run DOS MCBS). The code is then loaded 16 segments away, at segment 0x1A2. This causes the data segment to be relocated to 0x299F. Given the CS=0x1A2 and DS=0x299F, we can now start entering meaningful break points in the DOSBox debugger.
(This means all segments are offset by 0x1A2. For example, the main menu code segment in the binary starts at 0x1C46. However, since the code was loaded starting at 0x1A2, that means the main menu code now starts at 0x1C46 + 0x1A2 = 0x1DE8!)
BOAT.DAT
500 bytes in size.
Each byte is a value between 0x0 and 0x4
SIGN.DAT
Length: 6480 bytes
Record length: 144 bytes
Number of records: 45
Format:
type
SignData = record
x : byte;
y : byte;
line1 : string[70]
line2 : string[70]
end;
Each sign shows 2 lines of text. The (x, y) coordinates apply to the map in which the sign is loaded (the file doesn't specify which map). Like most external strings, this one also has garbage full of Turbo Pascal code.
Other *.DAT
*.CON, *.PIC, and *.00*
See Image Files.
ENCONTER.SET
Size: 43806 bytes
Record length: 147 bytes
Number of Records: 298
Format: see NPC Dialog File Format
It's cute that the garbage data in this file includes the following warning:
DO NOT TRY TO CRACK THIS GAME. CRACKING THIS GAME COULD BLOW UP YOUR COMPUTER.
By "crack" I assume they mean reverse engineer, considering this was distributed as shareware without copy protection. Anyway, ¯\_(ツ)_/¯
PLAYER.SAV
See Save File Format
Character Creation
The algorithm that determines stat rolls is detailed in Stats#Character Creation. Here are some extra tidbits related to the easter egg Races:
- Brian and Victor get a flat +10 to each stat, added during the initial rolling (so their stats start between 13 and 23)
- Victor has a stat adjustment, similar to Elf or Corintir:
- +2 to dexterity
- +1 to luck
- -1 to mental strength
- -2 to physical strength
Judgement
Judgement is random, but completing certain in-game functions will increase your likelihood of ressurrection.
Each completed mission changes your base level of survival. (Note that if the game thinks you've beaten later missions then it won't check for earlier missions):
- 10% if you've completed the first mission
- 25% if you've completed the second mission
- 40% for the third mission
- 50% for the fourth mission
- 70% for the fifth mission
The following stat bonus will DETRACT!
- +((constitution-10) + floor((constitution-10) / 2))% if constitution is >10
- constitution of 11 = 1+floor(.5) = 1%
- constitution of 12 = 2 + floor(1) = 3%
- constitution of 13 = 3 + floor(1.5) = 4%
- constitution of 14 = 4 + floor(2) = 6%
- ...
- constitution of 20 = 10 + floor(5) = 15%
- same for charisma
- same for luck
- also some random data bitshifted left by 3?
On top of that, there's some miscellaneous game play progress points that DETRACT:
- +3% if got the blue rose
- +6% if learned Rust Armor
- +10% if you met Dalagash
Map IDs
Each map has a unique internal identifier. The current map is stored in ds:805h. There's also a related variable in ds:804h?
- 0x0 - overworld
- 0x1 - Balinar
- 0x2 - Rendyr
- 0x3 - Maninox
- 0x4 - Zachul
- 0x5 - Trocines
- 0x6 - Myron
- 0x9 - castle
- 0xA - Heaven?
- 0xB - A dungeon
- 0xD - Vampyr's Castle