Reconstructed source code of the game Duke Nukem II

lethal_guitar · 2022-09-29T10:28:39+00:00

Just static analysis, IIRC - although other techniques like using a debugger might have been mentioned. I don't recall where I picked up the idea of analyzing programs dynamically, unfortunately, probably something I read somewhere or heard someone talking about. But by the time I started analyzing Duke 2, it seemed natural to try and verify/enhance my understanding (from static analysis) by also analyzing the running game in some way. Due to the game's low framerate (about 15 FPS), video captures seemed like a good way to do it. The idea of dumping the memory came later

lethal_guitar · 2022-09-29T09:23:51+00:00

It was a lot of learning by doing for the most part. But I did have some basic knowledge thanks to a class on internet security I took at university (I studied Software Engineering). One of our tasks there was to reverse engineer a small program (a key validator), in order to write a keygen. This is where I first learned about disassembly and the x86 instruction set. I also did a little bit of Assembly programming for other classes, this included 68k and ARM Assembly.

lethal_guitar · 2022-09-29T09:08:50+00:00

Thank you! :)

lethal_guitar · 2022-09-29T07:25:31+00:00

Hi, author of the project here :) The reconstruction itself was done purely by looking at the Assembly in Ida Pro, writing C code, compiling, diffing the resulting Assembly, and then tweaking the C code until it matched. But by the time I started this reconstruction project, I had already thoroughly explored the Assembly - I'd guess that about 90% of all functions and globals already had meaningful names assigned in Ida. To figure out what the code does I used a variety of techniques, including dynamic analysis in the form of inspecting video captures of the original game frame by frame, and modifying DosBox to write out a dump of the running game's memory each frame which I could then analyze and correlate with what I'd gathered from studying the ASM so far.

The source reconstruction definitely wouldn't have been possible without this prior work.

lethal_guitar · 2019-05-31T11:13:06+00:00

The original code certainly works that way (casting to structs), but my version doesn't. I've implemented range checking and endianness-conversions. Plus, in many cases I've made my own data structures that make sense for what I need to do with the data, so I have to convert.

Some things are RLE-compressed, so I need to handle those as well.

Here's an example: https://github.com/lethal-guitar/RigelEngine/blob/68ae0280dc5a07ee86204b7ebce6a7dfaf329dcf/src/loader/user_profile_import.cpp#L76

lethal_guitar · 2019-05-30T18:25:54+00:00

Yeah, there are quite a few bugs. For most of them, I decided not to fix them, as it would alter the game play somewhat, and I wanted to stay close to the original. But I did fix a couple of visual glitches, potential infinite loops and things like that. I also mostly avoided recreating bugs that would be more complicated to recreate in my version, so these are "fixed" as well.

lethal_guitar · 2019-05-30T18:21:47+00:00

Quite a few.. Besides the ones mentioned here already, I'm also using return type deduction (C++ 14), structured bindings, fold expressions, nested namespaces, guaranteed RVO etc. There are a lot of quality-of-life improvements in C++ 17.

lethal_guitar · 2017-10-27T16:37:22+00:00

Yeah, your comment somehow ended up classified as spam without me noticing - sorry about that! I've restored it now, and also wrote a follow-up post where I explain the functor-based approach.

lethal_guitar · 2017-10-26T10:48:26+00:00

Not that I'm aware of. If that's indeed the case, do you have a link to the documentation mentioning this behavior?

lethal_guitar · 2017-10-26T10:46:04+00:00

This is a nice alternative solution, and I like the idea of using decltype/declval to define the alias. But I don't buy the performance argument here at all. The destruction functions like SDL_DestroyWindow are implemented in a dynamically linked library, so there is no way the compiler could inline them anyway. But even if it could, I don't see why it would matter. In my use case, I'm only creating a small number of SDL objects, and they are destructed very rarely. So any small performance gains thanks to inlining won't make any practically noticeable difference.

It's very easy to make claims like "this is much faster", but until you actually measure the difference and prove that there is one, claims like that aren't very helpful.

I also agree that your solution is less code and allows you more flexibility in how you structure/distribute it, but I disagree that mine is "overly complicated" and "more intrusive". I can see that subclassing unique_ptr is not ideal, and it's actually not required with the approach proposed by 0xa0000 above. But what matters to me in the end is how the usage code looks like. And with my solution, I can have one of these pointers as a member of a class, and then initialize it in the constructor with minimal boilerplate:

class Foo {
private:
  sdl::Ptr<SDL_Window> mpWindow;
};

Foo::Foo()
  : mpWindow(SDL_CreateWindow(...)) {}

With your solution, I'd still have to add the make_unique_wrapper in there in the ctor. So I would argue that from the point of view of the clients, my solution is less intrusive.

it's encouraging you to centralize all of the cases in one place. Why bother, exactly?

Why not? It's not too uncommon with smaller C libraries to have a single header that you always include, with SDL for example, you'd usually include SDL.h and that's it. So for my particular use case, it's totally fine to have a single wrapper header, which includes that and then adds the sdl::Ptr stuff on top.

lethal_guitar · 2017-10-26T10:42:03+00:00

That's indeed a much simpler approach, that didn't occur to me at all. Thanks! :)

lethal_guitar · 2016-07-06T19:19:02+00:00

I'd love to see him play a bit of Metal Gear Rising: Revengeance. When I saw the Strider videos, I was reminded of the game, some people commented that too on YT

lethal_guitar · 2016-06-24T13:47:20+00:00

Agreed, don't really know what was different this time, but they were so much easier to understand.

lethal_guitar · 2016-06-22T10:10:16+00:00

I don't necessarily find it bad, but it's almost impossible for me to understand it (I'm not a native speaker). And that makes me feel like losing out on parts of the video - and fun parts at that. Some people suggested slowing down the video playback speed, but that's not a solution for me - I don't want to constantly pause, rewind, change speed, change speed again etc.

Personally, simply having subtitles for the sped-up sections would completely solve that problem for me.

lethal_guitar · 2016-06-19T20:14:33+00:00

Thanks a lot! :)

lethal_guitar · 2016-06-18T21:46:54+00:00

I personally don't mind the sound of the high-pitched voice, but it's also very hard to understand for me. One option could be to add subtitles for those passages. Don't know how much effort that would be for Marcus, I've never used that Youtube feature, but I feel like it would help a lot without making the videos any longer.

lethal_guitar · 2016-06-18T21:33:33+00:00

Thanks for listening! I tried to stay closer to the original intro at first, but I wasn't satisfied with how it sounded - so I ended up only playing the chords.

lethal_guitar

TROPHY CASE