Jump to content

Recommended Posts

I would like to take a look at the BASIC code in the game "Dunjonquest: Temple of Apshai." This game was written in BASIC. It can be downloaded here:

http://www.atarimania.com/game-atari-400-800-xl-xe-dunjonquest-temple-of-apshai_5312.html

I want to examine the BASIC programs on the ATX disk image that's included in the downloadable archive. This ATX disk image still has some copy protection intact. This is expected because the point of using ATX images is to preserve copy protection. At any time while playing the game from the ATX image of the disk, you can press the BREAK key. Typing LIST (or anything else) freezes the computer. With the ATX image, I can't LIST the BASIC program or even see the disk's directory from DOS.

This is not the same case at all with the ATR image of the game. If I boot to DOS 2.0s, I can easily list the contents of the ATR version of "Dunjonquest: Temple of Apshai." Here is the directory listing of the disk image called "Dunjonquest - Temple of Apshai.atr:"

* DOS SYS 039
* AUTORUN SYS 002
* INN 131
LEVEL2 027
* GOTH SET 009
LEVEL3 027
LEVEL1 027
* DM 146
297 FREE SECTORS

I can load the two BASIC programs (INN or DM) and easily LIST the program to disk. I've done that and created a LISTING of each program. I opened this LISTing in the Windows program called ATASCIIview and then saved the BASIC LISTing with DOS/Windows carriage returns. I then opened each LISTing in Word and used an Atari font to view the program in its accurate ATASCII format. Here are the results of the listing when "printed" to a pdf file:

Note that SOME of the ATASCII special characters in the program do no show correctly in Word. Most show just fine. The few characters that give programs make no difference for this example, as I just want to give an example of what I want to be able to see.

 

View the BASIC program and making LISTings of them is easy and allows me to look at the code... but it's not exactly what I want to do. I want to insure that I'm examining the original code for the game, that is, the ATX copy protected version of the game.

I'd like to know how to access the programs and level data on the ATX version of Dunjonquest - Temple of Apshai. Could I please get some assistance and directions on how to read the files on an ATX disk image?

Same as usual, zeroed statement length bytes to cause the BASIC interpreter to lock up. Repaired programs attached. This annoying trick is used so much I'm considering adding code to Altirra's debugger specifically to defeat it.

 

There is another way to LIST such programs from BASIC without fixing them externally. The deliberately damaged program line prevents you from entering any immediate mode command. However, you can enter new deferred lines, since the interpreter finds the spot to put them before it hits the broken line. This means that you can use a dirty trick to do the LIST:

 

 

TRAP 32766
LOAD "D2:DM"
32766 LIST:END
-1

 

The -1 triggers an value error (3), which then invokes line 32766 via TRAP.

 

dm.bas

inn.bas

  • Like 6

Same as usual, zeroed statement length bytes to cause the BASIC interpreter to lock up.

Thanks for the reply and working on the trouble.

 

This makes me feel pretty ignorant-- and I feel as though I know how to use an Atari pretty well. I don't know what "zeroed statement length bytes" means. Could you please point me to a place where I can read more about this error and understand what you're talking about?

 

There is another way to LIST such programs from BASIC without fixing them externally.

I can load either of these new INN.BAS or DM.BAS programs from either D: or H:. I can LIST them now. However, if I try to RUN either program, the computer locks up. I guess I really need to understand this common error that the program is using for "copy protection."

 

Also, I can use the dirty trick that you showed me, but the program will LIST the last line of the program over and over forever.

There is a nice tutorial in Altirra's HELP on debugging BASIC programs,

Just open help in Alttirra and search for on "BASIC" or "Debugging BASIC programs"

This Help section discusses BASIC Table Locations and how to Recover Damaged or protected basic programs.

 

madi

Edited by Madi

I can load either of these new INN.BAS or DM.BAS programs from either D: or H:. I can LIST them now. However, if I try to RUN either program, the computer locks up. I guess I really need to understand this common error that the program is using for "copy protection."

The programs have a check for DSTATS=0 at line 2. That's easy to bypass, but the real problem is that they're dependent upon an AUTORUN.SYS that is hidden on the disk. The disk has a modified DOS that first looks at a hidden directory sector:

 

Sector 452 / $1C4 (128 bytes):
000: 42 26 00 04 00 44 4F 53-20 20 20 20 20 53 59 53 |B&...DOS     SYS|
010: 42 02 00 2A 00 41 55 54-4F 52 55 4E 20 53 59 53 |B..*.AUTORUN SYS|
020: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
030: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
040: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
050: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
060: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
070: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |................|
This AUTORUN.SYS loads into page 6, re-patches DOS to use the regular directory location, sets the load flag at location 576, and then auto-loads the INN program. It probably also provides some additional data or ML code services that the BASIC programs depend on.

 

This makes me feel pretty ignorant-- and I feel as though I know how to use an Atari pretty well. I don't know what "zeroed statement length bytes" means. Could you please point me to a place where I can read more about this error and understand what you're talking about?

De Re Atari and Atari BASIC Source Book have everything you need to know about how BASIC programs are stored.

 

In a nutshell, the program is stored as back-to-back lines, where the first two bytes of each line are the line number and the third byte is the total length of the line. Any time BASIC needs to find a line, it starts from the beginning and hops one line at a time using the line length bytes until it finds the line it's looking for or goes past where it should be. Two key issues here. First, the immediate mode line is actually a hidden line 32768, so any time you enter an immediate command, BASIC has to insert or replace line 32768 at the end. Second, if BASIC ever hits a line with a bogus length of zero, it will lock up trying to process that line over and over.

 

The way most BASIC programs were protected was to run a line that edited line 32768 or another line near the end to length zero and then immediately saved out the protected program to disk. This is why if you example the end of a protected BASIC program in a machine debugger you often see the command that was run to do this. The end of the basic program is pointed to by STARP ($8C, $8D), and right before that is the immediate mode line. Find the beginning of it, repair the line number and length, and usually that fixes it.

 

As an example, this is what the end of INN looks like, both raw and decoded:

 

Altirra> db 5cdd
5CDD: CC 26 2A 06 28 14 23 28-0F 17 41 72 74 20 54 68 |.&*.(.#(..Art Th|
5CED: 6F 75 20 72 65 61 64 79-20 66 6F 72 20 6D 6F 72 |ou ready for mor|
5CFD: 65 15 14 27 0C 8A 14 2A-24 16 FF 7F 00 33 1F 46 |e..'...*$....3.F|
5D0D: 3A 0E 41 01 38 00 00 00-2C 25 46 3A 0E 41 01 39 |:.A.8...,%F:.A.9|
5D1D: 00 00 00 2C 24 0E 41 02-56 00 00 00 25 0E 40 02 |...,$.A.V...%.@.|
5D2D: 00 00 00 00 12 0E 00 00-00 00 00 00 14 3D 19 0F |.............=..|
5D3D: 05 44 3A 49 4E 4E 16 00-80 0D 0D 0A 0E 42 03 27 |.D:INN.......B.'|
5D4D: 67 00 00 16 00 00 00 00-00 00 40 09 00 00 00 00 |g.........@.....|
Altirra> .basic_dumpline -c 5cdd
$5CDD: 9932 ? : ? "Art Thou ready for more";: GOSUB CQ: RETURN  {end $5D07}
$5D07: 32767 [invalid line length]
Line 32767 is corrupted. The next line is the immediate mode line 32768 at $5D44, so line 32767 should have a length of $5D44-$5D07 = $3D (61 bytes). Patching this back in repairs the program, revealing how it was protected in the first place:

 

Altirra> e 5d09 $5d44-$5d07
Altirra> .basic_dumpline -c 5cdd
$5CDD: 9932 ? : ? "Art Thou ready for more";: GOSUB CQ: RETURN  {end $5D07}
$5D07: 32767 POKE PEEK(138)+PEEK(139)*256+2,0: SAVE "D:INN" {end $5D44}
$5D44: 32768 GOTO 32767 {end $5D51}
This also shows why the protected program runs in the first place and how the trick works. BASIC only hangs if it gets far enough to see the broken line, which doesn't happen during normal execution. By inserting a new line before the broken one and invoking it through the error TRAP, you also avoid hitting the broken line.

 

Sometimes you see additional layers, like patching the E: device to hang the system when BASIC tries to read the immediate mode line. Back in the day on real hardware, that might have been an impediment. Nowadays, with ML debuggers and emulators, not so much.

 

Also, I can use the dirty trick that you showed me, but the program will LIST the last line of the program over and over forever.

Use LIST 0,32765 instead of plain LIST so it stops before the broken line.

  • Like 1

 

The programs have a check for DSTATS=0 at line 2. [...]

 

This explanation was so much better than I was expecting! Thank you so much for taking the time to write it. I'm going to be exploring this Temple of Apshai more, and this reply answer everything that I wasn wondering about. Again, thanks SO much for writing it so well.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...