Difference between revisions of "DAT (Ever17)"

Seen/used in the follow game(s):

• Ever17

Structure

Notes for 'wallpaper.dat' Extracting images straight from the container file will produce broken images. There is nothing wrong with the extraction process but rather the files themselves. Starting from offset 4352 and ending at 4608 in every single JPG, this 256 byte has been modified in some way.

There is a subroutine in the EXE that will take 1 byte from the JPG that is stored in memory, subtracted it by a number, then put it back. It does this 256 times, or the whole 256 byte chunk of data that is obstructed and only for locations between 4352 and 4608. The number that is subtracted from the raw value is not the same for each byte.

Subtraction numbers are generated by adding up the 14 characters i the file name and taking the last value (looking at it like a 8 bit number so, if total is 0x00000AE4, you only take E4). This is the first difference number out of 256, numbers then use the previous number to make the new number so... Please note, the case of the letters in the file name is important!

'a' starts off as the value of the previous number.

One unknown thing so far that needs to be figured out for a condition that will do the following
0040D25F and eax, 8000FFFFh
0040D264 jns short loc_40D26D

Probably not even been needed. Changes register from 0x00000AE4 to 0x000000E4 for example.