-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Wizardry 7 crashes before getting to intro videos #533
Comments
Hello, Thank you for this report. Indeed there is a lot of work still in making Spice86 work with more games. PRs are welcome since the primary focus is set on Dune until it is completely reverse engineered. There are a lot of code bases to draw inspiration from, such as:
And documentation such as EGA/VGA a programmer's reference guide, and Undocumented DOS books. Do you have a copy to of the game I can download ? (edit: I'll get it from Steam) Also did you try debugging it with gdb and compare it with dosbox-staging debugger ? The -f option is also useful in order to catch unemulated ports early. I have a branch named fix/Detroit that implemented more dos and bios services. It doesn't fix Detroit (the game) ATM, but it might be useful as a headstart. |
Indeed, the branch fix/detroit has a few improvements compared to master with this game:
Still, the game exits really early with this message:
Also, I tested the game with dosbox staging and the following settings:
and it ran fine in DOSBox. |
I've done a little poking around and I think I'm getting a little more familiar with DOS applications and Spice. My initial hangup with reversing Wizardry 7's DOS version is that I'm not very familiar with DOS specific details, like the various INT 21 options, and my confusion trying to understand what I'm seeing when I open DOS applications in Ghidra or Radare2. Regular PE applications look logical by comparison. I've had a LOT more luck with reversing the "Gold" version of Wizardry7 which is a standard Windows application and basically functions just fine on modern Windows. There's even some old remnants of the DOS code in there, functions that read from original VGA files instead of the BMPs that Gold uses. The first bump I hit was the unhandled CLTS command. I think I see enough info to figure out how to implement something simple like a register being cleared. I tried to just skip it without making any other change and ran into this file reading attempt that is a little bit suspect... Edit 1: Figured out with procmon that it should be loading "vga.drv" and substituting that in for the garbage string it had gets me closer, until I hit this guy One thing I'm a little confused by. While stopped at the breakpoint for that OpenFile call, I tried to pin down where I was in the code. I checked the CS and IP and it pointed me to like f000:0044 or something like that. I think that translates to f0044 (which was also the Physical IP when I check that), but that doesn't line up with DS.EXE which isn't long enough to have an f0044. I check the bytes themselves with Edit 2: With the little hacks I've made to it, it does appear to get far enough to blank the screen finally, so that's cool. 😅 |
Yeah, Win32 uses a flat memory model, and applications are... a lot more civilized there. On DOS, the application uses a Segmented Memory model, and a DOS application controls everything, and sometimes you deal with hand written ASM, not something easier to read like a C compiler would produce. Fun.
Do you mean a CLS command ? About VGA: On top of the "VGA Black Book" (see "Michael Abrash's Graphics Programming Black Book Special Edition"), and looking at the DOSBox Staging or PCem code, the Bochs VGA Bios is also a good reference: https://www.nongnu.org/vgabios/ Thankfully the VGA/CGA/EGA/Text mode implementation, while not 100% complete, is pretty extensive thanks a lot to @JorisVanEijden
That would be my guess too.
The application can relocate code or have self modifying code, which is why it doesn't correspond to the file(s) on disk. Also, the file on disk might be packed too. That's why you can set the entry point to start you jourrney from there. Your point of reference is the program's entry point segment.
Yes, it's one of the most important interrupt handlers of DOS. A good source of comparison is FreeDOS and DOSBox Staging. Therefore, a breakpoint on the line of code where the emulator doesn't find an interrupt handler and throws an exception could be helpful. There is also probably entries missing in our interrupt table, which is something to keep in mind. The branch fix/detroit implements FPU emulation placeholders (even if the game itself does not use the FPU) that this game overrides (with the help of Get/Set interrupt vectors methods) with the MS C runtime software FPU implementation. All of this to say, while I think this game has unique needs, I suspect there is a common set of causes between those too games not booting up. Edit: If you prefer to read Java instead of C++, there is a modern version of JDOSBox here: https://github.com/Tennessene/jDOSBox |
Encountering a CLTS instruction in a game is probably a sign of mis-disassembly. Like trying to disassemble data or starting disam in the middle of an instruction.
Indeed, looks like the pointer to the string is not containing the correct value. It can be tricky to find out where the origin lies.
This indicates that INT 08 was triggered, but the IVT (Interrupt Vector Table) does not contain a valid address to call for that interrupt number.
The spice emulator has a special fake instruction "FE 38 xx" that triggers a switch from emulating assembly to executing C# code. Specifically it will run the callback that is registered for the number in So let's say the cpu encounters an |
@dicene any news ? |
Describe the bug
Playing around with Wizardry 7 decompilation in my free time and stumbled on this extremely interesting project. I was hoping that since Wiz7 was released the same year as Dune it would be fairly similar as far as compatibility goes, but that doesn't seem to be the case.
Upon running Spice86 with the Wizardry 7 (dos version, not the Windows focused Gold version) executable, from within the folder Wizardry 7 is installed in, Spice86 is crashing without getting far enough to even see the Intro videos begin to play.
If there's any additional info I can provide beyond this, let me know. I'm assuming this is happening because of un-implemented functionality and if I can get pointed in the right direction, it's possible I might be able to contribute something to the project towards that end.
To Reproduce
Steps to reproduce the behavior:
C:\DSAVANT>c:\spice86\spice86 --Ems -l -e ds.exe
.Expected behavior
DS.EXE to make it further into the application before crashing.
Desktop:
Additional context
Attached is a Verbose log from my attempt to run it. I believe the --Ems option is necessary for Wiz7, but no other options that I used seemed to make a difference on getting it to run.
spice86_wiz7_verboselog.txt
The text was updated successfully, but these errors were encountered: