Common searches

First post, by Neville

User metadata
Rank Oldbie

A friend in another board wants to patch Gunstick (optical gun) games so they can be played with the mouse. Using the patch ripsaw8080 made for "Solo" as a template he's been quite succesful. However, the last game, "Pack Regalo Gunstick", seems impossible to patch. It's a PC booter containing the games "Mike Gunner", "Solo" and "Target Plus". The first and the last games are only available in this format.

So what I'm asking is, is there any way to access / extract the files from a PC Booter image? I imagine there would be protection issues to be found, but for now we'd be happy with extracting the files.

Last edited by Neville on 2019-10-09, 23:31. Edited 1 time in total.

Reply 1 of 3, by pantercat

User metadata
Rank Newbie

Hi all,

Well, the image use a non-standard format and call INT 13h function 2 to read sectors and finally CALL to some memory address.

0000:7E4E  call far word [0047]

If I step into this call the first instruction is at address 1000:3A98 which is a different segment and from there the segment is always 1000 so 1000:3A98 should be the OEP right? Or am I wrong?

Assuming I need no more than 64KB, is it possible to use MEMDUMPBIN to dump memory and create an executable .COM file? I'm just and apprentice, I've tried things like "MEMDUMPBIN 1000:3a98 FFFF" or "memdumpbin 1000:0000 FFFF" but no success. What should I look for to adjust [mem], [seg] and [len] values?

Thank you all 😀

Last edited by pantercat on 2019-10-09, 22:33. Edited 1 time in total.

Reply 2 of 3, by ripsaw8080

User metadata
Rank DOSBox Author
DOSBox Author

It depends on the booter. Some were developed in DOS and made into booters, and with those you can often find files (executables) embedded in the image that can be pulled out relatively easily. In some cases you'd have to expend the effort to make a DOS conversion, which can vary in difficulty quite a bit.

However, I'll mention a little "secret" about DOSBox that might not be obvious: the internal mouse driver can still be used even after booting. DOS variants will tend to overwrite the INT 33h vector in the interrupt table, but you can point the interrupt back to the same handler address used by the internal DOS after booting. There's a good chance that a booter game won't touch the INT 33h vector, but it's possible that it might be overwritten and need to be set back. A nice thing about the mouse handler in DOSBox is that it's at an assigned address (C7FF:0010) and thus doesn't move around as internal callbacks are added or removed in the source. Knowing this, it's possible to modify the boot code of a booter to set up the same interrupts as my TSR for SOLO does and insert the calls to those interrupts into the disk image rather than inserting them in memory as the TSR does. Such a creation would, of course, only work in DOSBox. 😉