First post, by Peter Swinkels
Okay, so I have disassembled an MS-DOS old game (Cartooners) which was compiled using the Microsoft C 5.10 compiler. With some effort I managed to identify a few parts as a C functions for example:
000241C0 55 PUSH BP
000241C1 8BEC MOV BP, SP
000241C3 8CC0 MOV AX, ES
000241C5 C45E06 LES [BP +0x06], BX
000241C8 26 ES
000241C9 8C5F06 MOV [BX +0x06], DS
000241CC 26 ES
000241CD 8907 MOV [BX], AX
000241CF 26 ES
000241D0 8C4F02 MOV [BX +0x02], CS
000241D3 26 ES
000241D4 8C5704 MOV [BX +0x04], SS
000241D7 8EC0 MOV ES, AX
000241D9 8BE5 MOV SP, BP
000241DB 5D POP BP
000241DC CB RETF
Turned out to be the segread function defined in DOS.H:
void _CDECL segread(struct SREGS *);)
However there chunks which are short and appear simple enough such as:
; Function that rotates and shifts bits to the left the number of times specified in the CL register.
0002501E 32ED xor ch,ch ; Ensure that the CX register's value does not exceed 0xFF.
00025020 E306 jcxz 0x5028 ; Return if CX equals zero.
00025022 D1E0 shl ax,1 ; Shift the bits in the AX register to the left and preserve the left most bit shifted out in the carry flag.
00025024 D1D2 rcl dx,1 ; Rotate the bits in the DX register to the left and preserve the left most bit rotated out in the carry flag.
00025026 E2FA loop 0x5022 ; Keep rotating and shifting until the CX register has been decremented to zero.
00025028 CB retf
I can tell what it is doing but I can't make out what the exact purpose is. It is only called by one slightly larger function:
00025036 55 push bp
00025037 8BEC mov bp,sp
00025039 8B5E06 mov bx,[bp+0x6] ; Retrieve the offset of the values to be rotated and shifted.
0002503C 8B07 mov ax,[bx] ; Bits to be rotated to the left.
0002503E 8B5702 mov dx,[bx+0x2] ; Bits to be shifted to the left.
00025041 8B4E08 mov cx,[bp+0x8] ; The number of shifts and rotations to be performed.
00025045 0E push cs ; Near call with a far return.
00025046 E8D5FF call 0x501e ; Call the leftward rotating and shifting function.
00025049 8B5E06 mov bx,[bp+0x6] ; Return the results.
0002504C 8907 mov [bx],ax ;
0002504E 895702 mov [bx+0x2],dx ;
00025051 8BE5 mov sp,bp
00025053 5D pop bp
00025054 CA0400 retf 0x4
That one is in turn called from a much larger function , and again only that one:
...
000226DD B008 mov al,0x8 ; The number of rotations and shifts.
000226DF 50 push ax ;
000226E0 8D46F6 lea ax,[bp-0xa] ; Offset of the values to rotated and shifted.
000226E3 50 push ax ;
000226E5 0E push cs ; Near call with far return.
000226E6 E84D29 call 0x5036 ; Call the function which in turn calls the bit rotating shifting function.
...
It seems the number of left shifts/rotations is fixed at eight times. Why? No idea. The function which does the left rotating/shifting is paired with an almost identical one that rotates and shifts bits to the right:
; Function that rotates and shifts bits to the right the number of times specified in the CX register.
0002502A 55 push bp
0002502B 8BEC mov bp,sp
0002502D E306 jcxz 0x5034 ; Return if CX equals zero.
0002502E D1FA sar dx,1 ; Shift all bits in the DX register to the left while preserving the sign bit (left most bit).
; 1. Unsigned values will be divided by two and rounded down.
; 2. Signed values will be divided by two and rounded down and recieve a copy of the sign bit in the second to left most bit.
; (Value = Value OR 0x4000.)
00025030 D1D8 rcr ax,1 ; Rotate ax to the right and save the right most bit shifted out in the carry flag.
00025032 E2FA loop 0x502e ; Keep rotating and shifting until the CX register has been decremented to zero.
00025034 CB retf
It is also called in the exact same manner as the first one by another function. However there appear to be no calls to it. Given almost all of this code is located at the bottom of the disassembled code where I already identitied a few C functions I suspect the rotating/shifting code bit is some kind of C function or part of one.
My project:
https://github.com/PeterSwinkels/Cartooners-F … iewer/tree/main
EDIT:
I used the Netwide Disassembler after unpacking Cartoons.exe with my own custom unpacker. And yes, it works because Cartoons.exe runs fine after unpacking.
Do not read if you don't like attention seeking self-advertisements!
Did you read it anyway? Well, you can find all sorts of stuff I made using various programming languages over here:
https://github.com/peterswinkels