Hex editing Keen

Tools, assembly, and file formats.
Post Reply
thehackercat
Posts: 69
Joined: Sat Sep 26, 2009 10:49 pm
Location: Mississippi, USA

Hex editing Keen

Post by thehackercat »

I'm completely new to hex editing.. Haven't got a clue what any of it means. But.. I've been fascinated while watching users like Xkyraugh and levellass jabber back and forth in this stuff.. And I know it could be quite useful.

Could somebody point me to a tutorial? And should I start with Keen 1?
Draik
Posts: 117
Joined: Sat Jul 26, 2008 8:52 am
Contact:

Post by Draik »

I am assuming that by "hex editing" you mean patching. I myself am not actually sure as to how you go about finding these values for patching (though I'm sure some people just sort of poke around and see what happens *coughLevelLordcough*), although dumping memory with CKPatch would provide a starting point.

As far as starting with Keen 1 goes, I can't find any reason to start with Keen 1 over Keen 2 or 3, other than that Keen 1 is legally available for free.
levellass
Posts: 3001
Joined: Wed Oct 11, 2006 12:03 pm
Location: Ngaruawahia New Zealand

Post by levellass »

*Cricks fingers*


Righto! The first thing you'll need is a Hex Editor (Program capable of opening any file and showing you it on a byte level.) Google helps here. I use XI32 myself. You'll also need a dump of the Keen you want to edit for the right addresses. To write a dump file make a patchfile with only one patch in it:

Code: Select all

%dump "DUMFILE.BIN"
This will contain ALL of the Keen executable, with the right addresses when opened in a hex editor. Simply open it, and GO!


...


Ok, so there's a bit more than that. There are basically three ways to go at this. The first is the random, or Levellordian way. Write a random address and a random value and test it out until you get something that does interesting things.

The main problem of this is it takes a long time to get anything that works. A LONG time.


The second way is slightly less lazy. You'll need to know a small bit about how code works, most of which you can get by studying previous patches. Simply decide on what you want to patch (I want to change the title screen bitmap used.) and search the code for it.

In the above case I'd search for all occurrences of $B8 $00 $00 $50 ($B8 and $50 being typical start and end of 'use this value' commands.) I'd patch all of them and see if one changes the title bitmap.

The main problem with this is that it can still take a while to get what you want. In our case, there are NO $B8... in the code, and the title bitmap CAN'T be changed (Just its location.) because the code just assumes '0' without being told. Complications like this arise all the time.

As you pick up trick you'll learn how various things work and where they are in the code. The Patch Index keeps a rough tally of things in the Keen code for this kind of thing. It takes months before you really settle into things and get the hang of jumps, conditions and calls.


The third way is the most difficult. Learn assembly, the language Keen is written in and look serious at some decompiled stuff. You will be able to understand exactly (Or almost exactly) what the code does. In our title example, I can go to $97B0 and look at the code, clearly seeing that the F1 bitmap comes next and where the h and v cordinates. The hardest part is learning assembly (And, if nobody's studied the code before, writing up some notes.) This is what Lemm has done, in theory there is nothing ha cannot do given a long enough time, as we have seen.



The best thing to do would be to decide what you want to do first, what Keen are you interested in? Then ask for help with patches you want done, ask people to explain how older patches were done and how a new patch may be found. Hopefully you'll take to it and soon be able to do things without help.
thehackercat
Posts: 69
Joined: Sat Sep 26, 2009 10:49 pm
Location: Mississippi, USA

The patch file.

Post by thehackercat »

Ok, I'm at a loss as to how I can create said binary file...
I've created a patch file in the same directory as my keen4e.exe and this file contains the following:

Code: Select all

%dump "DUMFILE.BIN"
I've also created a batch file to run the patch. It contains:

Code: Select all

ck4patch dump.pat -nowait
I run the batch file.. and nothing happens. When I try to type in the contents of the patch file into the CK4PATCH shell, I get an error saying that the script file "dump" cannot be found. What AM I doing wrong here?

EDIT: I'm using CK4PATCH v0.9.0 beta.
User avatar
CommanderSpleen
Posts: 1017
Joined: Sun Aug 31, 2003 12:11 pm
Location: The Land of Sparkly Things
Contact:

Post by CommanderSpleen »

I don't think it supports dumping the Keen 4 exe, it's much more complex than the Vorticons games.

There is some reverse engineered Keen 4 stuff that you could work with, but I'm not sure where it's located at the moment.
Post Reply