joy2key -X -thresh 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 -buttons space 1 2
A = default (space), B = wrong answer, X = hard
A = default (space), B = wrong answer, X = hard
Friday 6 September 2013
Thursday 5 September 2013
PieceOfWonder has not been installed properly.
Faced this message after trying to run this old novel from an old hard drive without reinstalling. The original installer has been lost, what should I do?
First, let's locate the error message in the binary:
$ objdump -s PieceOfWonder.exe
...
5056c0 50696563 654f6657 6f6e6465 72206861 PieceOfWonder ha
5056d0 73206e6f 74206265 656e2069 6e737461 s not been insta
5056e0 6c6c6564 2070726f 7065726c 792e0000 lled properly...
...
Now let's see where the string is referred from:
$ objdump -d PieceOfWonder.exe |grep -C3 5056c0
406ac6: eb 09 jmp 0x406ad1
406ac8: 6a 00 push $0x0
406aca: 6a 00 push $0x0
406acc: 68 c0 56 50 00 push $0x5056c0
406ad1: e8 21 46 0d 00 call 0x4db0f7
406ad6: 8b 4c 24 08 mov 0x8(%esp),%ecx
406ada: 33 c0 xor %eax,%eax
Basic block that shows the error message starts from 406ac8, what calls it?
$ objdump -dF PieceOfWonder.exe | grep 4069f2
4069f2: 0f 84 d0 00 00 00 je 0x406ac8 (File Offset: 0x6ac8)
So the panic routine is launched by the conditional jump at 4069f2.
Let's try replacing it with NOPs (NOP is a 1-byte instruction that does nothing, thus replacing a jump with them will prevent the program from showing the error dialog box and quitting) and see what it does:
WHOA.
In conclusion, in order to fix the problem, grab any hex editor, open the exe file in it, and replace bytes 69f2 through 69f7 with hexadecimal 90.
Example of what you should see before the edit:
000069f0: e800 0f84 d000 0000 480f 84be 0000 0048
And after:
000069f0: e800 9090 9090 9090 480f 84be 0000 0048
PS
Piece of Wonder does not look like the bane of visual novels so far. A lot of the art looks sketchy and rough, but the characters are certainly cute and the whole game had enough charm to make me want to come back to it. Oh, and it also has a great OP song.
PPS
Really surprised I managed to figure out the problem. And Pin was not needed. Still, a short summary on how to obtain an instruction trace of a program in Wine for future reference:
$ cd pin-2.12-58423-gcc.4.4.7-linux/source/tools/ManualExamples && make TARGET=ia32 # make itrace, must be the same arch as the instrumented program
$ winedbg PieceOfWonder.exe
$ .../pin-2.12-58423-gcc.4.4.7-linux/pin.sh -pid $(PoW_exe_pid) -t .../pin-2.12-58423-gcc.4.4.7-linux/source/tools/ManualExamples/obj-ia32/itrace.so
Wine-dbg>c
PPPS
Scratch itrace, DebugTrace *is* the PIN tool you want to use! Proper instruction + memory trace with value resolution, mmmm. To run it, do smth like ".../pin/pin -t .../pin/source/tools/DebugTrace/obj-ia32/debugtrace.dylib -instruction -i -memory -unique_logfile -flush -- ./my_binary"
First, let's locate the error message in the binary:
$ objdump -s PieceOfWonder.exe
...
5056c0 50696563 654f6657 6f6e6465 72206861 PieceOfWonder ha
5056d0 73206e6f 74206265 656e2069 6e737461 s not been insta
5056e0 6c6c6564 2070726f 7065726c 792e0000 lled properly...
...
Now let's see where the string is referred from:
$ objdump -d PieceOfWonder.exe |grep -C3 5056c0
406ac6: eb 09 jmp 0x406ad1
406ac8: 6a 00 push $0x0
406aca: 6a 00 push $0x0
406acc: 68 c0 56 50 00 push $0x5056c0
406ad1: e8 21 46 0d 00 call 0x4db0f7
406ad6: 8b 4c 24 08 mov 0x8(%esp),%ecx
406ada: 33 c0 xor %eax,%eax
Basic block that shows the error message starts from 406ac8, what calls it?
$ objdump -dF PieceOfWonder.exe | grep 4069f2
4069f2: 0f 84 d0 00 00 00 je 0x406ac8 (File Offset: 0x6ac8)
So the panic routine is launched by the conditional jump at 4069f2.
Let's try replacing it with NOPs (NOP is a 1-byte instruction that does nothing, thus replacing a jump with them will prevent the program from showing the error dialog box and quitting) and see what it does:
In conclusion, in order to fix the problem, grab any hex editor, open the exe file in it, and replace bytes 69f2 through 69f7 with hexadecimal 90.
Example of what you should see before the edit:
000069f0: e800 0f84 d000 0000 480f 84be 0000 0048
And after:
000069f0: e800 9090 9090 9090 480f 84be 0000 0048
PS
Piece of Wonder does not look like the bane of visual novels so far. A lot of the art looks sketchy and rough, but the characters are certainly cute and the whole game had enough charm to make me want to come back to it. Oh, and it also has a great OP song.
PPS
Really surprised I managed to figure out the problem. And Pin was not needed. Still, a short summary on how to obtain an instruction trace of a program in Wine for future reference:
$ cd pin-2.12-58423-gcc.4.4.7-linux/source/tools/ManualExamples && make TARGET=ia32 # make itrace, must be the same arch as the instrumented program
$ winedbg PieceOfWonder.exe
$ .../pin-2.12-58423-gcc.4.4.7-linux/pin.sh -pid $(PoW_exe_pid) -t .../pin-2.12-58423-gcc.4.4.7-linux/source/tools/ManualExamples/obj-ia32/itrace.so
Wine-dbg>c
PPPS
Scratch itrace, DebugTrace *is* the PIN tool you want to use! Proper instruction + memory trace with value resolution, mmmm. To run it, do smth like ".../pin/pin -t .../pin/source/tools/DebugTrace/obj-ia32/debugtrace.dylib -instruction -i -memory -unique_logfile -flush -- ./my_binary"
Subscribe to:
Posts (Atom)