Peter Swinkels wrote on 2024-04-23, 07:04:

Also, how I am going to figure out the application code if I don't know what C function's they're calling or what part of the binary is application code?

As a DOS EXE file does not contain any kind of function name information, all names displayed by IDA (like _open or __dtoxmode) are there because IDA recognized these functions. While IDA knows the MS C library quite well and is able to recognize nearly all parts of it, it does not know anything about application code, and thus won't recognize application functions. So any named function (except main) is library code, and also flagged as such by the "L" attribute and the bright cyan color coding of the addresses, as already mentioned by llm. You can figure out what parts are application code by just looking at the code that has not yet been named by IDA (and of course by looking at main, too).

Thank you llm. That looks useful. 😀

@mkarcher: yeah I get it, once I know what is C library code I will need to start to figure out what application function does what. C functions are pretty standardized but the code specific to the application is not. However even though the version of Cartooners I am reverse engineneering is a MS-DOS program it is a port from a program originally released for the Apple IIGS and as such retains traces of that origin:

1https://gswv.apple2.org.za/a2zine/GS.WorldView/v1999/Sep/GSWV.A2.Error.Code.files/IIgs.Error.Codes.txt
2
3   $0 - None
4 $201 - Unable to allocate
5 $202 - Illegal operation on an empty handle
6 $203 - Illegal operation on a handle that is not empty
7 $204 - Illegal operation on a locked or immovable block
8 $205 - Attempt to purge an unpurgeable block
9 $206 - Invalid handle
10 $601 - The Event Manager has already been started
11 $607 - Insufficient memory available for queue
12 $6FF - ???
13 $E02 - Unable to allocate window record
14 $E03 - Some reserved bits were not clear in Window Manager - TaskMask field of Window Manager TaskRec record
15$150A - Inappropriate item type
16$150B - Item creation failed
17$150C - No such item
18
19Stored at [0x80C0] according to the disassembled code.

I can give more examples of Apple IIGS related remnants if anyone is interested.