Content for everyone
How to disassemble Imagination Pilots 16-bit games?
(Blown Away, Panic in the Park, Waldo Circus)
First, you need to strip the Watcom Extender which is in front of the actual 32 bit game code. Search for "MQ" and copy from there on. The file starting with "MQ" is the actual 32-bit executable in the Pharlap "REX" format.
This REX file begins with some relocation stuff, and then comes the REAL code.
For Blown Away Retail, the code starts at 0x8B20 For Blown Away Demo, the code starts at 0xC1B0 For Panic in the Park, the code starts at 0x11C90
Copy this code into a BIN file. You can now disassemble this BIN file, and read it using IDA.
I add a few thousand additional zeroes at the end, so that Xref's can be handled with IDA
Using OpenWatcom's wdump, you can dump the header of the REX file. You will see the initial EIP (for Blown Away Retail : 20238h) which you can use to start the auto-analysis of IDA.
Attention in regards to patching: The fixed addresses may not be moved, because the extender changes the assembly on-the-fly, updating the addresses according to the relocation table. So, if the address reference is then somewhere else due to changed assembly code, the game will crash
Example; This patch is OK:
xor eax,eax --> nop --> nop mov ebx,0x1234567 --> mov ebx,0x1234567 (stays)
This patch is NOT OK and will crash the game:
xor eax,eax --> mov ebx,0x1234567 (did move!) mov ebx,0x1234567 --> xor eax,eax
Please also see my pages for other Imagination Pilots games:
Blown Away | Panic in the Park | Waldo at the Circus | Waldo Exploring Geography | Eraser Turnabout | Virtual K'Nex