ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Oct 27, 2020 12:22 pm

All times are UTC




Post new topic  Reply to topic  [ 12 posts ] 
Author Message
 Post subject: Call DLL
PostPosted: Tue Apr 14, 2020 2:27 am 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
I am trying to get the function arkLZDecodeMemory from arkkdm.dll but I only get the error
Quote:
Error: file arkkdm.dll has not been found or cannot be loaded

This should be the correct LZ decompression for the arcade dance masters.
I attached a sample file
SIZE was - 00 0E 36 B0
ZSIZE was - 00 0B 21 18

Ida shows the function like this in psuedo code.

Code:
int __stdcall arkLZDecodeMemory(void *a1, int a2, int a3)
{
  size_t v3; // eax
  signed __int32 v4; // edi
  void **v6; // eax
  void **v7; // esi

  v3 = _byteswap_ulong(*(_DWORD *)a2);
  v4 = _byteswap_ulong(*(_DWORD *)(a2 + 4));
  if ( v3 <= a3 )
  {
    if ( !v4 )
    {
      memcpy_0(a1, (const void *)(a2 + 8), v3);
      return 0;
    }
    v6 = (void **)XCd229cc000141(0);
    v7 = v6;
    v6[1] = (void *)(a2 + 8);
    if ( v4 <= 0 )
      v4 = -1;
    v6[3] = (void *)v4;
    *v6 = a1;
    v6[2] = (void *)a3;
    if ( !(unsigned __int8)XCd229cc00008c(v6) )
      XCd229cc0000e6("package", "????? cstream INFLATE failed.\n");
    XCd229cc000025(v7);
    XCd229cc0000e3(v7);
  }
  return 0;
}


Attachments:
pl_akari000.model.comp.7z [593.89 KiB]
Downloaded 48 times
kdm_dlls.7z [2.14 MiB]
Downloaded 58 times
Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 10:14 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11696
I didn't check that dll but there are various reasons why a dll may not be loaded:
- it's 64bit (quickbms is ever 32bit so can't load these dlls)
- it needs other dll that aren't available in the folder


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 10:49 am 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
Do i need to copy normal windows dll's into the same folder with it?
These are the dll's it lists under the import table.
It should be 32 bit application.
Quote:
libavs-win32.dll
libavs-win32-ea3.dll
ess.dll
libacio.dll
KERNEL32.dll
IMM32.dll
GDI32.dll
WINMM.dll
libafp-win32.dll
USER32.dll


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 11:02 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11696
The first 4 and libafp-win32.dll must be in the same folder of your dll.


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 1:40 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
Ah now it is loading it.
i am trying this script

Code:
get SIZE asize
log MEMORY_FILE 0 SIZE
CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE MEMORY_FILE SIZE 0xE36B0


I get this error
Quote:
--------------------------------------
- library arkkdm.dll loaded at address 10000000
- function found at offset 100542D0

-------------------
*EXCEPTION HANDLER*
-------------------
An error or crash occurred:

*EH* ExceptionCode c0000005 access violation
*EH* ExceptionFlags 00000000
*EH* ExceptionAddress 100542D7
10000000 + 000542d7 arkkdm.dll
*EH* NumberParameters 00000002
*EH* 00000000
*EH* 000E36B0

Last script line before the error or that produced the error:
3 CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE MEMORY_FILE 0xE36B0


how would you assume I should call this function?


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 1:55 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
this code does not error but I get the input file back not uncompressed?

Code:
get SIZE asize
log MEMORY_FILE 0 SIZE
CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE 0xE36B0 MEMORY_FILE
get SIZE asize RETURN_VALUE
print "%SIZE%"
log NAME 0 SIZE RETURN_VALUE


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 4:01 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1101
Because function in your case returns is 0.

1) As you can see in the code - 2 values (zsize and size) are taken from the buffer and swapped in process.

Code:
  v3 = _byteswap_ulong(*(_DWORD *)a2);
  v4 = _byteswap_ulong(*(_DWORD *)(a2 + 4));


Code:
MOV EAX,DWORD PTR DS:[EBX]
MOV EDI,DWORD PTR DS:[EBX+0x4]

BSWAP EAX
BSWAP EDI


Buffer data must be like this..
00 0E 36 B0 00 0B 21 18 5F 4B 54 4D 44 4C 00

2) Arguments:

Aslo it copy data by memcpy from a2 to a1. My opinion it's must be >
Code:
dec_buffer, comp_buffer, size


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 6:56 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
Interesting that makes sense.
Did you get calldll to work with this sample file?


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 7:19 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1101
Nah. To find out the whole logic of this function, you need debug this app in runtime. What the game?


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 7:44 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
Its Dance Evolution Arcade version.


Top
   
 Post subject: Re: Call DLL
PostPosted: Tue Apr 14, 2020 9:03 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
is this supported in quickbms konami's lz77
https://github.com/zhaihj/konami-lz77

I was able to test a tool that uses this different compression
https://segaretro.org/Saxman_compression
and its very close to being correct.


Top
   
 Post subject: Re: Call DLL
PostPosted: Fri Apr 17, 2020 9:55 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11696
I don't know if that konami-lz77 is under a different name but saxman is definitely there in quickbms


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 12 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited