Difference between revisions of "DAT (Ever17)"
| Line 30: | Line 30: | ||
Extracting images straight from the container file will produce broken images. There is nothing wrong with the extraction process but rather the files themselves. Starting from offset 4352 and ending at 4608 in every single JPG, this 256 byte has been modified in some way. | Extracting images straight from the container file will produce broken images. There is nothing wrong with the extraction process but rather the files themselves. Starting from offset 4352 and ending at 4608 in every single JPG, this 256 byte has been modified in some way. | ||
2014/07/10 Currently looking into this with a dissembler and debugger. A small local | 2014/07/10 Currently looking into this with a dissembler and debugger. A small local subroutine for a function at 0x0000D286(input file) 0x0040D286 appears to be the annoying function. Seems the whole list of numbers used as the number that is subtracted from the incoming number from the extracted file, is in memory and not generated durring this operation. It may be generated sometimes else or a static set from the EXE image that may be used with other functions so there may be other files, such as the scripts, that may have obstructed spots in the file. | ||
Revision as of 07:39, 11 July 2014
Seen/used in the follow game(s):
- Ever17
Structure
| Header | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Size | Content | Description | ||||||||||||
| 4Bytes | Magic/ID | |||||||||||||
| 4Bytes | File Count | |||||||||||||
| 8Bytes | 0x00 Filler | |||||||||||||
| Index | ||||||||||||||
| Size | Content | Description | ||||||||||||
| 4Bytes | Offset | Starts from zero. | ||||||||||||
| 4Bytes | File Size | Stored value is actual size doubled | ||||||||||||
| 24Bytes | File name | |||||||||||||
Notes for 'wallpaper.dat' Extracting images straight from the container file will produce broken images. There is nothing wrong with the extraction process but rather the files themselves. Starting from offset 4352 and ending at 4608 in every single JPG, this 256 byte has been modified in some way.
2014/07/10 Currently looking into this with a dissembler and debugger. A small local subroutine for a function at 0x0000D286(input file) 0x0040D286 appears to be the annoying function. Seems the whole list of numbers used as the number that is subtracted from the incoming number from the extracted file, is in memory and not generated durring this operation. It may be generated sometimes else or a static set from the EXE image that may be used with other functions so there may be other files, such as the scripts, that may have obstructed spots in the file.