[SheepShaver – Mac OS 9] Reverse Engineering a game

Anything about Mac emulation that does not belong in the above categories.

Moderators: Cat_7, Ronald P. Regensburg

Post Reply
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

[SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

Hi,

I would like to Reverse Engineering a game for Mac.
The game is only available for PowerPC Macs. I’m currently running it in SheepShaver with Mac OS 9.

I would like to add some features to the game (widescreen support for example) but I don’t know the source code. So I have to inject some code (ppc assembly code I think) in it (I’m not an expert, I know this will be a challenging task to do).
People did it for the Windows version of the game, I want to do it for macOS.

- Where to start?
- Fundamentals to know
- Can I RE from the host Mac?
- Program suggested?
- Have you ever done this?

Thank you
Jorpho
Master Emulator
Posts: 380
Joined: Fri Sep 17, 2004 4:22 am

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by Jorpho »

Why not just tell us the name of the game you're looking at?

My second question would be, are you sure widescreen support is feasible at all? I wasn't aware Sheepshaver could run in widescreen.

I expect for starters you'll want some kind of debugger or disassembler, but I wouldn't know what the best options are for PPC.
User avatar
Ronald P. Regensburg
Expert User
Posts: 7821
Joined: Thu Feb 09, 2006 10:24 pm
Location: Amsterdam, Netherlands

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by Ronald P. Regensburg »

Jorpho wrote:I wasn't aware Sheepshaver could run in widescreen.
SheepShaver can run in many different screen sizes. I myself run SheepShaver usually in a 1280/800 window or 1920/1080 full-screen.
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

The game is Age of Empires II.
I run SheepShaver at 1280x800 too, in fullscreen.
Jorpho
Master Emulator
Posts: 380
Joined: Fri Sep 17, 2004 4:22 am

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by Jorpho »

I would start by making absolutely sure no one's gone down this path before. There are probably many things done to the Windows version that might apply directly to the PPC version, once you understand how they were done to the Windows version in the first place.

But I also expect that, as noted in your other thread, almost everyone will tell you to use WineSkin or a virtual machine. See also https://gist.github.com/contra/554f541f ... 29439860eb .
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

The people who made the Windows patch seems not wanting to share their work. I didn’t want to insist though.
I think the development could be 80% faster.
Maybe if I’m not the only one, I can try to convince him/them.

The point is not only to play Age of Empires, but to play the original Mac version. Overall seems simpler to setup and play using SheepShaver.

The problem is multiplayer. Since GameRanger doesn’t support Mac OS 9 anymore. And Voobly for Windows offers many rooms and people to play with.

Last but not least, there will be much fun in trying and testing an updated Age of Empires II for Macintosh, with HD support and all that kind of HD Edition improvements.

While writing this actually I’m thinking of setting this idea apart and try to setup Wineskin. But there is something every time convincing me to want to continue make this upgraded version of Age for Mac.

The things are:

• Rosetta for newer Macs (like Wine)
• Patched version of Age for Macintosh
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

Also, I was thinking...
Making Age of Empires available for Mac, isn’t all a matters of recompiling it for Intel architecture? ...
dadreamer
Inquisitive Elf
Posts: 34
Joined: Sun Jan 08, 2017 4:31 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by dadreamer »

mePy2
Maybe it wouldn't be a much of help here, but you could try to do this task not on SheepShaver, but in QEMU as the recent QEMU versions (3.0.0-rc0 and higher) support MacsBug (native Mac debugger), so it would be easier for you to reverse-engineer that game. As to SheepShaver, I was unable to start up MacsBug there for some reason. I'm not sure if it allows inline patching at all, but you could study the disassembly at least and step/trace through it (w/ altering the memory/registers, if needed). Browse MacsBug Reference and Debugging Guide, which's floating on the internet.
There was Jasik debugger also, but I couldn't figure out how to use it. To get a plain disasm listings you might try MacNosy, The Fragmalyzer or IDA (on modern OS'es).
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

dadreamer wrote:mePy2
Maybe it wouldn't be a much of help here, but you could try to do this task not on SheepShaver, but in QEMU as the recent QEMU versions (3.0.0-rc0 and higher) support MacsBug (native Mac debugger), so it would be easier for you to reverse-engineer that game. As to SheepShaver, I was unable to start up MacsBug there for some reason. I'm not sure if it allows inline patching at all, but you could study the disassembly at least and step/trace through it (w/ altering the memory/registers, if needed). Browse MacsBug Reference and Debugging Guide, which's floating on the internet.
There was Jasik debugger also, but I couldn't figure out how to use it. To get a plain disasm listings you might try MacNosy, The Fragmalyzer or IDA (on modern OS'es).
Many many thanks!!

What do you suggest (or/and which are the differences) using Macbugs, debugger in Codewarrior (?), Hopper just saying a recent app to be run on the host machine.
User avatar
adespoton
Forum All-Star
Posts: 4226
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by adespoton »

MACSbug is a lot like gdb or windbg in how it operates, except that you are sitting on "bare metal" of the machine, underneath most of the OS. After familiarizing yourself with the reference listed, you should be able to set breakpoints and isolate flow issues. It doesn't have any bells or whistles by default, but it has a plugin architecture, so you can write or script your own workflows and commands (someone's written breakout for MACSbug among other things).

If you want to just look at the PPC disassembled and have access to IDA 7, that's probably the way to go -- it should disassemble all the structures and instructions and let you do a thorough static analysis.

CodeWarrior's debugger is MUCH more friendly, but doesn't give you as much control of your environment; it's more for debugging a particular app that you have the symbols for.

As for your wonderings about re-compilation for Intel... that sounds simple, but the underlying architecture (all the APIs and ABIs) have changed significantly since then; it's a challenge enough sometimes to take a 32-bit Intel OS X source tree and re-compile it for Mojave -- I've been hitting a number of programs recently that use the old scripting engine which no longer exists; they need any Apple Event related routines completely re-written using the modern interface. Taking the original source and re-compiling for 10.6 should be only a minor headache though, as long as there isn't a bunch of legacy 68k stuff coming along for the ride. This all, of course, assumes you've got the original source, the original build chain, and a similar IDE/compiler/toolchain; my guess is that AOEII was compiled on CodeWarrior, which means it'd have to be ported to XCode, then ported to x86, then have all the deprecated calls modernized. This is a LOT of work for a product that would only have moderate sales as a result.
dadreamer
Inquisitive Elf
Posts: 34
Joined: Sun Jan 08, 2017 4:31 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by dadreamer »

mePy2 wrote:What do you suggest (or/and which are the differences) using Macbugs, debugger in Codewarrior (?), Hopper just saying a recent app to be run on the host machine.
My own task was pretty slim and consisted in debugging some drivers mostly. MacsBug was the everything I needed that time (well, I used some helper tools like TattleTech, but it doesn't seem to be useful for the subject). As I'm not a professional in Linux/Mac RE, I can't say which would be best in the case. I had a try of IDA in all three wide-known OS'es and it does its job just fine (on Windows there's much more additional utilities, of course), but there was no port of IDA for Classic Mac AFAIK. Had a very little experience with Hopper and no deals with the others.

The straightforward way of completing the work is trying to do everything in Classic Mac environment, but as to me it's unlikely to be completed, because just a few tools for this OS were written. So, it would be more practical to transfer part of the work to the host OS, e.g. you might disasm and learn the code w/ IDA or Hopper, cross-compile (if possible) a shared library (or resource) for the game, write a "glue" layer for the injection and link your library to the game. When you get the final binaries, then you're able to test them on your Mac.
mePy2
Tinkerer
Posts: 58
Joined: Fri Dec 29, 2017 3:43 pm

Re: [SheepShaver – Mac OS 9] Reverse Engineering a game

Post by mePy2 »

Thank you for your useful replies.

I’ll give a try soon.
Post Reply