bootblocks intro

[asle]

yop,

I'm having some difficulties to "extract" the ultra mini intros that are in the bootblocks of various disks. Is there, somewhere, some information describing the bootblock structure.
Oh, and, while I'm ont it, is there, also, somewhere, something to read about how to create back a binary file (read launchable EXE), from an xdf-decrunched Bytekiller 1.3 for example.
I can provide examples for each, if necessary.

Don't forget my knowledge of 68k is _very_ poor .

Thanks in advance.

[XtC]

Ey up!

I'm not sure if you already know of this utility, but for me WRip is a godsend!

As well as other formats, it should extract any Amiga executable from an image file.

Actually, all this is assuming your are using an Amiga...

[asle]

I didn't know of this utility, so thanks. Just, in my case, it's not really interresting for two reasons.
- It rips only well formed binaries, not the uncrunched relocated ones.
- My own prowiz for PC rips already all these _and_ for the most part, recreate the header when it's missing ... .

I'm not using my Amiga for this. UAE under FreeBSD works all right .

Anyway, thanks for your kind reply. I'll continue searching while hoping for someone to help, here

Cya

[cf]

i'm interested by these mini intros in boot but I didn't find much of disks with such intros (I resourced only one on TEK Mindfunk : a dots flag - the same in Rampage demo, and the Sanity Interference boot)

bootblock structure :
dc.l 'DOS',0 ; DOS (type of disk)
dc.l 0 ; checksum
dc.l 880 ; root (normal sector 880)

after it's the code

about exe, on aminet (not tested)
http://de4.aminet.net/dev/misc/Bin2Hunk.lha
http://de4.aminet.net/dev/misc/BinToHunk.lha
http://de4.aminet.net/dev/misc/Hunk.lha
http://de4.aminet.net/dev/misc/HunkGuide.lha (doc)

[asle]

Well, I've found at least two cracktros by Vision Factory that fit in this bootblock. It's not much, agreed, but .. .
Anyway, thank you very much for the information provided !. It's very interresting and useful !. I now understand far better what are EXE, and hunks .
I guess the next step, for me, will be ressourcing.
Your boot header description shows that there's no hunk for the code after the "dc.l 880 ; root (normal sector 880)". And understanding what is done is beyond me for now. The major problem is to know how big is a program. Adding head and end hunks is child's play after that.

So thanks again for your kind and fast reply.

[cf]

many new Bootro posted on Pouet since some months
even an impressive micro synth player by D-Tect here

[asle]

Right. *gee*, when looking at it, Stingray did provide the original bootblock and the binary he made out of it. It seems simple enough. Add the one chunk header and the end tag and that's it !. And it works !. Now, why can't I do the same ?!?. Look I fetch an old one I couldn't extract. Get it here : boottest.zip. It's the first 1024 bytes of the diskimage and the rest is blanked. It boots and runs fine, but .. when doing Stingray's trick .. well, it doesn't run at all. So, tell me how to do this .

Sylvain

[cf]

you have to skip the first 12 bytes (boot header 3 long words) and replace by exe hunk header :

.L $3F3 (hunk_header)
.L 0 (no name for the hunk. o=end of hunk list)
.L 1 (number of hunks)
.L 0 (1st hunk to load)
.L 0 (last hunk to load)
.L $fd (len of hunks. here 1 hunk - add $40000000 to the len to force loading in chip ram)
.L $3E9 (hunk_code : start of the program)
.L $fd (len in LWords)
...code start here
...
.L $3F2 (hunk_end : last lword of the program)

hmm...or you can use BootMaster to rip original boot (.bb) and convert it to exe (on this toolspack)

[cf]

for boottest : you have to patch the exe because of a bootloader (nop the 1st bra after bsr or extract code)
final version

[asle]

Well, first thanks for the file(s) . Ok, now, I've tried my luck with this boot-master tool, and it works, save that it extract the boot block, encapsulate it into a big exe and saves the lot. I mean, the boot block is 'as is', untouched. Now, that's clearly _not_ what you did, as you changed things in the file I sent to you. So, you didn't remove 12 bytes but 18 at the beginning!. and near the end, like this $00000000 that becomes $000231e8 below 'graphics.library' string. _VERY_ confusing. So, errrr, what did you do to get this result, please ?.
Anyway, thanks again .

Cya
Sylvain

[cf]

yep, 18 bytes in this case, because I skipped the beginning : "bsr start" and "bra loader" and keep only the "start" code.
and I also skipped the end of the boot because of "cracked by marco polo" string (you can also skip the loader)

most of the time bootmaster can do a direct usable exe (for simple "dos" bootblock)
But in case of NDOS game cracktro, like boot loader, you have to patch, extract the good code...
the boot code always start at offset 12 (because of header)

I use Megamonitor to disassemble a bootblock and patch it.

Code: Select all

<b 40000 0 2 // load boot at $40000, read 2 sectors from sector 0.
d 4000c // disassemble the boot
$4000c : bsr $40012 // start "intro"
$4000e : bra $40274 // goto loader
$40012 : movem.l d0-a6,-(sp) // save registers in stack
... // intro here
$40148 : movem.l (sp)+,d0-a6 // restore registers
$4014c : rts // end of "intro"
...// here the text "VISION FACTORY..."
... // datas
$40274 : ... // start of the loader
... 
$4028a: ... // allocmem
... 
$402b6: jsr -$1c8(a6) // execbase DoIO() : read sectors
...
$402c2: jmp (a3) // jump to game
...
$402c8: string "cracked by marco polo"...

you can rip the code : copy from $40012 to $402c8 (or $40274)
S boot 40012 402c8
and add exe hunks (a boot is always loaded in Chip ram. force with the hunk_len $40000000+len)

[asle]

Megamonitor ?!? ... HELP

[cf]

if you know how to use an Action Replay, it works!
or many others disassemblers (ReSource on amiga, IDA on windows...)

->megamon
or you can use C-Mon (on IRIS tools disk)

[asle]

ok, thanks again for all this. I'll play a bit with all this. Might turn up something .

Sylvain

[asle]

Hey there,

Broke up my teeth on the Nemesis bootblock intro for Cisco Heat. Rather tricky, this one, I guess, as it first reads then launches the trainer in the middle of the disk, and launches the bootro afterwards .. . Tried to extract it without any success at all.
Help would be greatly appreciated on this one

Cya
Sylvain