Great giana Sisters

Hits: 7754

the CopyKiller was Killed

More
Tags
Category: TutorialsAmigaCrackingMFM
Author: aLpHa oNe
Submitted by: aLpHa oNe
Date: 2005-05-23 18:43
No tags

The Great Giana Sisters (c) Rainbow Arts

Requirements
1. AMiGA or WINUAE (Configuration: 2MB CHIP!!!)
2. ACTION REPLAY freezer (or ROM Image)
3. Original Game or CAPS-Image
4. Assembler (ASM-One / Trash-M One / Seka or similar)


So... let?s see how to make a working copy out of this game which only shows up small red numbers if being copied with X-Copy or similar..... :-) As always we?ll check out what is happening on track 0 because that?s the place which keeps the secret of how the dos-unreadable tracks are loaded into memory. This is nothing new, so activate AR, rt 0 1 50000 and d 5000c ...

Hmmm... I think it?s only neccessary to watch at those 5 first instructions to realise what is going on! Seems as if a trackloader at $50068 is been called to load 2 tracks beginning from track 1 to $30000 in memory... Let?s find out what kind of data is loaded to $30000 then. This is surely one of the main loaders!
Behave like shown in the pic above... replace the jump with a branchloop, calculate the new bootchecksum and write the track back to disk. Now reset your amiga & wait until the loop is executed (white screen, no tracking sounds, nothing happens hehe...)
Activate AR again and disassemble the area from $30020 ...

Yo... again we can see these 4 instructions, starting track in d0, number of tracks in d1, loadadress in a0 -> call trackloader.
It?s an easy job for us now to get an complete dump of our original disk. We just have to break at the begin of the loader and to change the calling parameters so that the gameloader tracks the whole disk into memory. So this will be: d0 set to 1 (start track), d1 set to !159 (number of tracks) and a0 to e.g. $90000 ! Let?s begin, follow the steps shown in the pic below.

So after continueing the gamecode with a g $30020 the Action Replay pops up immediately showing us that the game is about to load 21 tracks beginning from track 3. That?s not enough for us so we change the parameters in d0/d1/a0 like described before. No need to set another breakpoint now which alerts us that the trackloader has finished.... just leave AR using 'x' and you?ll see why... After a minute of tracking the trackloader will stop on it?s own because the last tracks on the gamedisk are not written in the used trackformat, in this case they are really UNUSED. So... now you have a complete dump of your original disk in memory beginning at $90000, waiting for being saved! ;D

We will have to use 2 disks for saving the dump coz it won?t fit on one... so no problem, we save in two steps. Insert first disk and write part one of our memory dump like this:
sm giana1, 90000 150000
So, these were the first !786432 ($C0000) bytes.
Insert second savedisk now and write the rest with:
sm giana2, 150000 16A800
Wow, that were the remaining !108544 ($1A800) bytes.

SOMETHING WONDERFUL HAS HAPPENED! ORIGINAL DISK NOT NEEDED ANYMORE!
Before we continue to write the cracked diskimage (man we were fast this time hehe) I give you some more informations about this game which you had surely find out for yourself if stepping through the trackloader and the rest of the game engine...
This loader at $31CF4 is used to load the titlescreen and the titlemusic. If you press your joybutton it is used one more time to load the main gamecode which also includes another loader... this one is located at $C632 but is 100% identical with the first one (both loaders handle tracks of $1700 bytes). The first one stores the adress for loading the raw MFM data at $30524, the second one at $7E20!
So due to the fact that both loaders are identical I will only patch the first loader in our memorydump before tracking it back to disk. This loader will check at the end of every call if the second loader has already been loaded up to $C632. If this is true, loader one will copy itself directly over loader 2! Alright?! ;D
Now it?s time to boot up your favourite Assembler, in this case ASM-One, reserve some (more) chipmem (1200) and load in the sourcecode that is delivered with this tutorial. It will look like this:


The commented sourcecode is here:

LEA GIANALOADER(PC),A0 ; Overwrite the old loader which is loaded up
LEA DISKIMAGE+$1700+$1CF4,A1 ; to $31CF4 with our new one ...
MOVE.L #(GIANALOADERENDE-GIANALOADER)-1,D0
REPLACELOADER:
MOVE.B (A0)+,(A1)+
DBF D0,REPLACELOADER
RTS

GIANALOADER:
MOVEM.L D0-A6,-(A7) ; Save regs on stack
LEA $DFF000,A6 ; Customchipbase in A6, needed for our trackloader

MOVE.L D1,D3 ; Move 'tracks to read' to d3
MOVE.L D0,D1 ; Move 'starttrack' to d1
MULS.W #$1700,D1 ; Get Byteoffset of the starttrack on disk
DIVS.W #$1600,D1 ; Now where is the starttrack on our crackdisk
SWAP D1 ; Get the Byteoffset on track ...
MOVE.W D1,D2 ; ... and store it in d2
EXT.L D2 ;Enlarge to .l
CLR.W D1 ; Clear Byteoffset in d1
SWAP D1 ; ... now d1 = starttrack again
MOVE.L D3,D0 ; restore 'tracks to read' to d0 again
MULS.W #$1700,D0 ; 'tracks to read' * $1700 = bytes to read

LEA LOADERNUMBER(PC),A5 ; here we store the info in which loader we are currently in ;D
TST.B (A5) ; Loader 1 at $31CF4 ?
BNE.B LOADER2 ; Nope, we are in Loader 2 !
MOVE.L $30524,A2 ; Otherwise move correct MFM adress for loader 1 to a2
BRA.B RULES ; Call Trackloader
LOADER2:
MOVE.L $7E20,A2 ; Move correct MFM adress for 2nd loader to a2

RULES:
BSR.W TRACKLOADER ; Trackloader!

LEA LOADERNUMBER(PC),A5 ; Loadernumber
TST.B (A5) ; Still in loader 1 ?
BNE.B SUCKS ; Nope, we are in loader 2 so no need to check for 2nd loader anymore
CMP.L #$48E7FFFE,$C632 ; Otherwise check if loader 2 is already in memory
BNE.B SUCKS ; Nope, it is not!
MOVE.B #1,(A5) ; Otherwise store info that we will be in loader 2 next time ...
LEA GIANALOADER(PC),A0 ; ... and copy the first loader over the 2nd loader
LEA $C632,A1
MOVE.L #(GIANALOADERENDE-GIANALOADER)-1,D0
REPLACELOADER2:
MOVE.B (A0)+,(A1)+
DBF D0,REPLACELOADER2

SUCKS:
MOVEM.L (A7)+,D0-A6
RTS

TRACKLOADER:
; D0 = bytes to read
; D1 = start track
; D2 = byteoffset on track
; a0 = loadadress
; a2 = mfm adress
INCBIN "ALPHA:TRACKLOADERPRO.BIN"

LOADERNUMBER:
DC.B 0,0

GIANALOADERENDE:

; ------------------------------------------------------------
; NOW HERE COMES THE COMPLETE DISKIMAGE OF GIANA SISTERS!
; AFTER ASSEMBLING AND EXECUTING THE CODE, THIS AREA IS THE
; COMPLETE WORKING CRACKED DISKIMAGE !
; ------------------------------------------------------------

DISKIMAGE:

BOOTCODE:

DC.B "DOS",0
DC.L 0
DC.L $370

MOVE.W #$2,$1C(A1) ; Use trackdisk device to read the first
MOVE.L #$1600,$2C(A1) ; loader to $30000 as the original did.
MOVE.L #$2FF00,$28(A1) ; Here we use $2FF00 and not $30000 as loadadress
MOVE.L #$3000,$24(A1) ; because trackdisk device is not able to read
JSR -$1C8(A6) ; from diskpositions which are not $ideable with $200.
MOVE.W #$9,$1C(A1) ; So we read from $1600 instead from $1700 ;D
MOVE.L #$0,$24(A1)
JSR -$1C8(A6)
MOVE.W #$7FFF,$DFF096
MOVE.W #$7FFF,$DFF09A
JMP $30020

BOOTCODEENDE:

BLK.B $400-(BOOTCODEENDE-BOOTCODE),0
BLK.B $1700-$400,0

INCBIN "ALPHA:GIANA1" ; This file begins exactly at offset $1700 on disk!
INCBIN "ALPHA:GIANA2"

DISKIMAGEENDE:

Now, you already guessed it... assemble this code with j followed by enter and then write the complete diskimage to a new fresh formatted disk using the wt command... Begin writing from label DISKIMAGE and write 160 tracks beginning from track 0 !!! Finally don?t forget to calculate the bootblock-checksum using cc ...
Reset your amiga now and play some levels of this great oldskool game!

Alpha One ?2005
FileDownload: Great giana Sisters
Filesize: 0KB, downloaded 196 times
Powered by the best online Amiga mod player: FLOD


Some more you may like:
Red Sector - The Great Giana SistersLightForce - Great Giana SistersFlashtro - Great Giana Sisters SEScoopex - Great Giana Sisters SE

Leave a Comment!

Name:
: Use this calculator
Your comment will be available for editing for 10 minutes
No comments yet