/loaderDumpsArcade

Loader Dumps Arcade run Taito Type X arcade machines games in your PC

Primary LanguageC++MIT LicenseMIT

Loader Dumps Arcade (wip)

All this is a homebrew development with reverse engineering, non official technical documentation and a lot of personal time.

Twitter : https://twitter.com/vicboma1

Table of Contents (wip)

Systems

Loader

Injections

Process

  • CreateProcess and OpenProcess
  • CreateRemoteThread and LoadLibrary
  • Portable Execute
  • Hook Injection

Techniques

  • Virtual Method Table
  • Vectored Exception Handling
  • Trampoline/Columpio
  • DetourFunction

Hooks

Segmentation memory

  • Addressing

Inputs

JVS I/O Emulation

Graphics

Sound

Virtual Storage

Cache Storage

Display

Rotation Display

TaskBar Menu

GUI

Systems/Games Loaders

Video DevList

Code Ratio

References

About

Systems

Taito Type x

```
Year : 2005
CPU : Celeron - Pentium 4
Chipset: Intel 865G
GPU: ATI Radeon 9600SE/9600XT(128 MB) / X700PRO (256 MB), Bahia AGP 2.0/3.0 Soporte 1x/4x/8x
SO: Windows XP Embedded
```

Taito Type x2

  Year : 2005
  CPU : Intel Core 2 Duo E6400/Pentium 4 651/Celeron D 352
  Chipset: Intel Q965 + ICH8
  GPU: ATI RADEON X1600Pro/X1300LE o nVIDIA GeForce 7900GS/7600GS/7300GS
  SO: Microsoft Windows XP Embedded SP2

NESiCAxLive

  Arcade System Board
  Run w/ Taito Type X, X2, X Zero, X3 and X4

Loader | Based on Injection's

 public interface ILoaderProcessNative
 {
     Boolean isLoaded { get; }
     Boolean isActive();

     int Open(String name);
     Task OpenAsync(String name);

     Kernel32Native.PROCESS_INFORMATION Create(String name, uint securityAttr);

     Boolean Attach(String name);
     Boolean InjectDLL(String name);

     List<IntPtr> SuspendAllThreads();
       
     Boolean ReadMemory(IntPtr processID, IntPtr address, int numOfBytes, byte[] buffer, out int bytesRead);
     Boolean WriteMemory(IntPtr hProc, IntPtr address, byte [] buffer, out int bytesWrited);

     List<IntPtr> ResumeAllThreads();

     Boolean Terminate();
 }

Inputs

GetAsyncKeyState | OpCodes

Example | File.properties

  • Player 1
P1_SERVICE = 3
P1_START = 1
P1_COIN = 5
P1_UP = UP
P1_DOWN = DOWN
P1_LEFT = LEFT
P1_RIGHT = ALT
P1_BUTTON_1 = SPACE
P1_BUTTON_2 = CTRL
P1_BUTTON_3 = C
P1_BUTTON_4 = A
P1_BUTTON_5 = V
P1_BUTTON_6 = B
  • Player 2
P2_SERVICE = 4
P2_START = 2
P2_COIN = 6
P2_UP = R
P2_DOWN = F
P2_LEFT = G
P2_RIGHT = D
P2_BUTTON_1 = A
P2_BUTTON_2 = S
P2_BUTTON_3 = E
P2_BUTTON_4 = Q
P2_BUTTON_5 = W
P2_BUTTON_6 = E
  • Board
TEST_TILT1 = 3
TEST_TILT2 = 7 
TEST_TILT3 = 8
TEST_MODE = T
EXIT_CODE = ESC
  • Manual
Need for the taito type x game to read the keyboard input 

ENUM = Ascii code keyboard

Direct Input | Based on Hook's | DIKCodes

Example | File.bin

  • Player 1
  [Display address]  [Value]  [Byte]  [Key]
  0000000000000000     00       .     Start
  0000000000000004     00       .     Coin
  0000000000000008     00       .     Service
  000000000000000C     00       .     Up
  0000000000000010     00       .     Down
  0000000000000014     00       .     Left
  0000000000000018     00       .     Right
  000000000000001C     00       .     Btn 1
  0000000000000020     00       .     Btn 2
  0000000000000024     00       .     Btn 3
  0000000000000028     00       .     Btn 4
  000000000000002C     00       .     Btn 5 
  0000000000000030     00       .     Btn 6
  • Player 2
 [Display address]  [Value]  [Byte]  [Key] 
 0000000000000034     00       .     Start
 0000000000000038     00       .     Coin
 000000000000003C     00       .     Service
 0000000000000040     00       .     Up
 0000000000000044     00       .     Down
 0000000000000048     00       .     Left
 000000000000004C     00       .     Right
 0000000000000050     00       .     Btn 1
 0000000000000054     00       .     Btn 2
 0000000000000058     00       .     Btn 3
 000000000000005C     00       .     Btn 4
 0000000000000060     00       .     Btn 5 
 0000000000000064     00       .     Btn 6
  • Board
 [Display address]  [Value]  [Byte]  [Key]
 0000000000000068     00       .     Test Mode
 000000000000006C     00       .     Exit
  • Manual
 Need for the taito type x game to read the keyboard input 
 
 Keyboard    -  256 (short)
 0x000000XX     XX     
   
 Joystick    -  X[1|2]   -  Axis[+|-][X|Y|Z]   -  256 (btn)
 0xZXYA0CMN       ZY     -        YA           -    0CMN      
 

 Example

 [Display address]        [Hexa Code]             [Hexa Code]          [Ascii Code]
 0000000000000000  02 00 00 00 06 00 00 00  06 00 00 00 C8 00 00 00  ................
 0000000000000010  D0 00 00 00 CB 00 00 00  CD 00 00 00 02 00 00 00  ................
 0000000000000020  03 00 00 00 04 00 00 00  05 00 00 00 06 00 00 00  ................
 0000000000000030  07 00 00 00 32 00 00 00  31 00 00 00 30 00 00 00  ....2...1...0...
 0000000000000040  2F 00 00 00 2E 00 00 00  01 00 00 X1 03 00 00 X1  /...............
 0000000000000050  02 00 00 X1 25 00 00 00  24 00 00 00 23 00 00 00  ........$...#...
 0000000000000060  22 00 00 00 21 00 00 00  14 00 00 00 01 00 00 00  "...!...........

  • Input Tool to map output file *.bin | scratch (PoF with vs2010)

JVS I/O Emulation

OpCodes

Semantic Trace

Inicializando
	Logger: 2019-06-07_00-48-04-LoggerJvs.log 

	Escribo  6 bytes... -> [ E0 FF 03 F0 D9 CB ] 0xE0FF03F0D9CB
	[E0] = SYNC_CODE OK
	[FF] = BROADCAST A TODOS LOS NODOS
	[03] = 
	[F0] = RESET ALL NODES
	[D9] 
	[CB] = 
	Envío    0 bytes... -> [ ]

............................

	Escribo  6 bytes... -> [ E0 FF 03 F1 01 F4 ] 0xE0FF03F101F4
	[E0] = SYNC_CODE OK
	[FF] = BROADCAST A TODOS LOS NODOS
	[03] = 
	[F1] = Set Address
	[01] 
	[F4] = 
	Envío    6 bytes... -> [ XXXXXXXXXXX ]

............................

	Escribo  5 bytes... -> [ E0 01 02 10 13 ]  0xE001021013 
	[E0] = SYNC_CODE OK
	[01] = ESCLAVO
	[02] = 
	[10] = I/O IDENTIFICADOR 
	[13] = 
	Envío    58 bytes... -> [ XXXXXXXXXXX ]

............................

	Escribo  5 bytes... -> [ E0 01 02 11 14 ] 0xE001021114 
	[E0] = SYNC_CODE OK
	[01] = ESCLAVO
	[02] = 
	[11] = COMANDO REVISION FORMATO 
	[14] = 
	Envío    7 bytes... -> [ XXXXXXXXXXX ]
	
	...
	

............................
	
	Escribo  5 bytes... -> [ E0 00 02 00 02 ]
	[E0] = SYNC_CODE OK
	[00] = MAESTRO
	[02] =
	[00] = RESETEANDO MAQUINA (Exit Game)
	[02] = 
	Envío    6 bytes... -> [ XXXXXXXXXXX ]

Graphics

  • Color Inverting per-stage texture processing
  • No filter stretch
  • Fetch stream vertex
  • Primitives to render
  • Rendered entities without alpha
  • Filters in runtime
  • Reverse pixel mode in runtime / Nearest-Point
  • Diffuse CyberPunk Lights
  • Spot Light Type
  • Anisotropic Filter

Sound

  • Sound Create
  • Sound Capture
  • Sound Full Duplex
  • Sound Full Duplex Create
  • Sound EnumerateA
  • Sound EnumerateW
  • Sound Buffer

Virtual Storage

  • Dynamic virtual Hard Disk (VHD)
  • Substitute a drive letter for local path

Cache Storage

  • Save/Config0000.bin
  • setting.dat
  • hiscore.dat
  • game.dat

Display

  • Windowed
  • Windowed Center
  • Fullscreen (Windowed Magnifier)
  • Fullscreen Native

Rotation Display

  • 90°
  • 180°
  • 270°

TaskBar Menu

  • Show
  • Hidden
  • Animation

GUI

  • scratch (Pof with vs2010) (wip)

Systems/Games Loaders (wip)

Taito Type x

Taito Type x2

NesicaxLive

Video DevList

Code Ratio

-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
XML                            142            173            345         286219
C/C++ Header                   795          38483          84272         147221
C++                            114           4477           4607          16206
C                               14            747            711          10235
C#                             118           1478           3894           9043
MSBuild script                  18              0             49           1653
Markdown                         3              4              0             46
DOS Batch                        8              1              0             27
XAML                             2              1              0             15
JSON                             5              0              0              5
Bourne Shell                     2              7             22              4
Assembly                         1              1              2              1
-------------------------------------------------------------------------------
SUM:                          1222          45372          93902         470675
-------------------------------------------------------------------------------

References

About

Loader Dump Arcade is programmed by vicboma1, all this is a homebrew development with reverse engineering, non official technical documentation and a lot of personal time.

Twitter : https://twitter.com/vicboma1.

This software is provided as-is, and is licensed under the MIT License.

MIT License

Copyright (c) 2019 Victor Bolinches

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

No roms, no games, no dumps!