Damage Inc. & Prime Target Reversing

Have a question, suggestion, or comment about Aleph One's features and functionality (Lua, MML, the engine itself, etc)? Post such topics here.
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

damage2.png
Damage.png
damage3.png
I've been working on this very infrequently for the past few months. Today I started going through the original M2 source release and matching up C generated by Hexrays with the C from the release. I doubt this will ever be of any use. Even once all of the structures are defined the final product will still look pretty filthy, and nobody likes Damage anyway. I haven't even played past the first level. But I think it will be interesting for the people who want to see the differences between Damage and M2's engines.

https://www.dropbox.com/s/d1br2rr5jq90muf/damage.idb

There's my IDA db.
Last edited by Asylum on Jul 3rd '14, 00:23, edited 1 time in total.
(●__●)(͡° ͜ʖ ͡°)(●__●)
Johnman
Born on Board
Posts: 26
Joined: Apr 16th '14, 21:50

Damage was one of my favourite games when I was a child. I haven't played since, but I remember the squad management being the ultimate form of AI in computer games... I won't play it again since I don't want to spoil those good memories.

Also it contained a wolf howl sample that I have heard *everywhere* since. It's featured at the beginning of Kavinsky & Lovefoxxx's "Nightcall" from the Drive OST. I suppose it's one of those samples.
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Most of the deviations from the original source I've seen so far are in code associated with AI/monsters.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

dmg1.png
dmg2.png
Went back to this today. Just looked over what I have so far and apparently I only have about 30% of the functions named. Started setting breakpoints to locate ally-related functions. Some unused monster_data fields are utilized in Damage. Physics models are not used in Damage. all of that is hardcoded. Found the code relating to jumping (just uses monster_accelerate) but not the code for crouching.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Bobwithkeycard
Mjolnir Mark IV
Posts: 490
Joined: Feb 23rd '06, 16:31
Location: AMS-Tower
Contact:

this looks quite interesting. I always thought that Damage Inc. would have been just the greatest with just one little difference: as a Marathon scenario :P
Just imagine commandeering a squad of Marathon Defence Drones, BoBs or for greater firepower some W.A.S.P.-Gev's (-->picture those are from the 3rd party M1 add-on "dogs of pfhor": 2 marines in a Hovercraft equipped with grenades, rockets and a handheld MA-75). Your little army to surgically take out a pfhor army that is endagering your favourite outpost.

To my recollection apart from the physics models they also took out the ability of teleportation.
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Made a lot of progress today. If I keep returning to this from time to time I could probably produce something that a compiler would accept. I would say my progress is at about 30%. It was probably compiled with many compiler optimizations enabled, which makes the code a lot more difficult to interpret. The generated assembly code confuses Hex-Rays very often.

The dropbox link has been updated to have my most recent db.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

My hard drive died on me two days ago. It wasn't a major setback for this project, but many of my other projects were affected. The bad news is that I lost a lot of progress between my last dropbox update and the crash. The good news is that I've already pretty much recovered all of that progress due to the absence of any side projects to distract me.

The first recompilable release, when it comes, will probably be only compilable under VC++ (it will probably have some inline assembly, and GCC's syntax for inline assembly is atrocious). It'll be Windows-only of course, as a port isn't really within the scope of this project (I doubt that this will be merged with Aleph One.)
If I do port it it will use SDL and be a straight port.
Attachments
progress.png
(●__●)(͡° ͜ʖ ͡°)(●__●)
natranr
Born on Board
Posts: 7
Joined: Jul 5th '10, 00:08
Contact:

I would love for Damage Inc. to be ported to Aleph One along with a nice floating HUD. Damage inc was part of my child hood next to Marathon, Descent, and Quake 2.
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

If a port to Aleph One is done it won't be done by me.

Also this is kinda on hold at the moment.

I'm still going back to the db every so often and making a couple of corrections or other small changes. It's not really full on hardcore ISIS jiihad at the moment. it's a little more laid back, like Al-Qaeda jiihad. Or I guess you could say it's a Marathon, not a sprint.

I played up to the second level a couple of weeks ago and realized how much more advanced the engine is compared to M2. The first thing that comes to mind is that when you walk into mapobjects they actually MOVE. Crazy right??

Actually I think that's the only thing I noticed. But imagine the possibilities if that was integrated into Aleph One! With the help of lua scripting you could implement a huge chessboard map with chess pieces, and play chess IN MARATHON! You wouldn't even have to get up from your computer to call an acquaintance and invite them over to play chess with you, then wait for them to arrive. You could do all of that from the metaserver lobby!
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Also, if somebody could upload the Mac binary for Prime Target for me that would be fantastic.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

I have some pretty good news: Hopper sent me the mac binary for Prime Target, and after perusing the assembly I've found that there are far fewer functions that will need to be reversed for Prime Target. Since the source of Prime Target was used to make Damage I figured it would make sense to reverse them side-by-side. I can use the Hex-Rays decompiler for the x86 windows binary of Damage, and then compare the assembly of that function with the assembly of the mac PPC binary of Prime Target, and if they're close enough i can use the same code for both.

And of course, at least 80% of both of the engines code are the same as M2's.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Bobwithkeycard
Mjolnir Mark IV
Posts: 490
Joined: Feb 23rd '06, 16:31
Location: AMS-Tower
Contact:

ohboyohboy, someone said prime target
good luck with this, we really need more jiihad styled chess matches in marathon, heh :P Hope the squad members will stick to the rules when it comes down to it.

Anyway, looking forward to what comes of your project :)

p.s. sorry to hear about your hard drive crash. maybe put backups in mobile defense drones orbiting your home. you know, just to be on the safe side. (make sure the drones are turned on, though)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

I just wrote a quick script for IDA Pro that would count the number of subroutines in a database with the default name prefix, which allows me to get a rough count of how many functions are unknown/not named/not reversed.

I ran the script with my Prime Target db and my Damage db. Here are the results:

Prime Target: 1588 functions
Damage Incorporated: 1709 functions

Note that I've barely named any of the functions in my Prime Target db. This should give you a pretty good idea of how massive Damage for Windows is compared to Prime Target for Mac. There are other factors involved as well, like the code generation of the Wacom compiler for Windows compared to the (CodeWarrior??) compiler for Mac PPC. Also, I suspect that the Windows port was messily done. And wacom's linker seems to have linked in many unused library functions.

Those numbers I gave above probably look very intimidating. They are, and I definitely did not expect them to be that high! To compare the current progress on Damage with what I started with I just re-disassembled it. And the original subcount...

Prime Target: 1714 functions
Damage Incorporated: 1958 functions

And yes I did get around a hundred Prime Target functions named yesterday, but only because they did nothing but return the result of an system call (I think they're system calls on PPC Mac OS, but I'm not really a Mac person. They're some kind of extern.). And I only really named a small number of them, because doing all of it by hand would take forever. I'm going to write a script to do it eventually.

I will be busy for a while, but I will be working on this on and off. Prime Target will likely be done before Damage is complete, but the Prime Target source release will not be runnable on modern OS' directly after the release. I have no plans for it beyond the reversing yet.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Bobwithkeycard wrote:ohboyohboy, someone said prime target
good luck with this, we really need more jiihad styled chess matches in marathon, heh :P Hope the squad members will stick to the rules when it comes down to it.

Anyway, looking forward to what comes of your project :)

p.s. sorry to hear about your hard drive crash. maybe put backups in mobile defense drones orbiting your home. you know, just to be on the safe side. (make sure the drones are turned on, though)
I recently sedated myself with narcotic painkillers acquired from the seediest neighborhood in the area and performed surgery on myself to implant a usb in my wrist, with the dongle jutting outwards. I am keeping all backups on that usb from now on.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

To put thing in perspective concerning the number of functions, I used the script on the executable for the third consecutive _halo game and it returned 12,759 functions.
(●__●)(͡° ͜ʖ ͡°)(●__●)
natranr
Born on Board
Posts: 7
Joined: Jul 5th '10, 00:08
Contact:

I just recently found Prime Target on a Mac abandonware site and started working on getting sheepshaver up and running to play it. Though it would be great if they could be ported to Aleph One. How hard would it be to port them after you reverse them?
User avatar
Bobwithkeycard
Mjolnir Mark IV
Posts: 490
Joined: Feb 23rd '06, 16:31
Location: AMS-Tower
Contact:

Asylum wrote:I recently sedated myself with narcotic painkillers acquired from the seediest neighborhood in the area and performed surgery on myself to implant a usb in my wrist, with the dongle jutting outwards. I am keeping all backups on that usb from now on.
glad to hear that you're committed to the project. I recommend staying away from stimpacks that come bundled with old copies of starcraft, though..so that might have been a good call

good luck with this horde of functions [MUp]
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Current Unnamed Function count for Damage: 1,312

I took the time to undefine all of the unused library functions the wacom's linker crammed into the exe. Also, I checked the Mac version and it contained debugging information with the names of every function in Damage. This is a huge step forward, and it's also responsible for the function count dropping by 400 over the course of a few hours. So what I guess this means is that it will actually be DAMAGE that is completed first, then Prime Target. Prime Target will actually take longer since we have no debugging info for it. But it would not take as long as Damage would have taken without debugging info.

https://www.dropbox.com/s/psaxe7p20ewdz ... 1%20PM.png

So now I sit in front of my computer and rename all of the functions left by hand. Only 1,312 to go!
And then after that I have to do a lot of cleaning. And renaming. And defining.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Current unnamed function count for Damage: 1,215.

I modified the script that I had been using to find the number of unnamed functions so that it could also tell me how many functions are not referenced by code or data in the program. The numbers are:

225 functions unreferenced in any code (i.e not called)
118 functions unreferenced in both code and data (totally unused, worthless).

I'm considering modifying the script to remove all of these functions. The only problem is that some of them were originally a part of Damage, but the compiler inlined all of the calls to them. I've confirmed this by comparing with the Mac version. Actually, this seems like a really bad reason to leave 225 useless functions cluttering up the database.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Damage Unnamed Function Count: 1,028.

After running the modified script the database became much cleaner. When I scroll through the list of functions now I see a 1:1 ratio of named functions to unnamed functions. I'm pretty sure that some functions that actually are used were undefined when I ran the script, but that's okay because I'll come across the references to them (if they are referenced meaningfully) and I'll just redefine them.

I might be posting updates too frequently and giving more details than most readers would care to read, but this is less for the benefit of users on this forum and more for the benefit of people who are interesting in reverse-engineering. also I love to talk about this stuff but never get a chance to talk about it.

ANYWAY we're getting closer!
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Zott
Vidmaster
Posts: 1659
Joined: Jul 1st '06, 21:14
Location: Earth
Contact:

I enjoy every post in this thread. Keep up the good work.
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

Damage Unnamed Function Count: 879

It's slowed a bit because I've begun finding some interesting parts of the code. I did some backtracking to the entry point and worked from there, so now a large portion of the startup code has correctly typed and named functions, with the right number of arguments and the right types for those as well. Named a lot of global variables too.

I'll update this post later with some more info and pretty pictures and flowcharts. I know you guys crave the flowcharts.
(●__●)(͡° ͜ʖ ͡°)(●__●)
User avatar
Asylum
Cyborg
Posts: 96
Joined: Jan 19th '13, 16:05
Location: Location
Contact:

I just realized I was double posting again, but i had already uploaded the files and didnt feel like doing that again.
screenie1.png
screenie2.png
screenie3.png
I started working on the structures new to Damage. These are small screenshots of the progress on that. Two I've named: swinging_door_data and squadie_data. swinging_door_data is a pretty shitty name unfortunately, since the structure is also used for sliding doors *i think*. It can be renamed at any time without a problem though.

So the way the new doors are implemented is that they are map objects instead of platforms. the permutation field of the object_data structure determines what kind of door they are. Haven't gotten much further into that.

As for squadmates, that's a little foggier right now. Squadies are monsters, so they are described with monster_data structures, but there is also info relating to them in the player_data structure. There's also another global variable pointing to an array of structures that also relate to squadies. I decided to name this one "squadies". So far the only fields of it that I've documented are the squadies current weapon and the resource id for their name string.
838 functions.

EDIT: 666 functions remaining!
(●__●)(͡° ͜ʖ ͡°)(●__●)
natranr
Born on Board
Posts: 7
Joined: Jul 5th '10, 00:08
Contact:

So once Damage Inc. has been reversed and ported to Aleph One, will we be able to make it so when you use the map to command the marines that the gun would stop going off when you click.
Post Reply