DOSBox Static Addresses

daninthemix

Expert Cheater
Joined
Jul 18, 2017
Messages
64
Reaction score
18
Anyone got the base addresses for .74-3 ?
 

mgr.inz.Player

RCE Fanatics
Talents
Joined
Mar 3, 2017
Messages
46
Reaction score
40
Steps to find pointer to Video Memory:
- launch DOSBox on default settings
- attach CE to DOSBox process
- do first scan for 4byte hex value: 1FCD1FC9
- if more than one result found, press ENTER few times inside main dosbox window (whole text should scroll only once)
- do next scan, 4byte hex value: 1F201FBA

- there should be only one address found, add it to table
- right click it and choose pointerscan
- pointerscan settings: max offset = 128, max level = 1


(0B6EF020, yours will be different)

It will find few pointers, add all of them to the table.

Restart dosbox, attach CE to dosbox, pick any valid pointer you want.



the trick is:
dosbox initially show welcome text, the first two chars in first line are ╔ (C9) and ═ (CD)
this is C9 1F CD 1F in dosbox memory

if you scroll text a little, first two chars in first line will be ║ (BA) and space(20)
this is BA 1F 20 1F in dosbox memory

White text on blue background - 1F



For DOSBox 0.74-3 pointers to video memory are:

["DOSBox.exe"+019074D4]+0
["DOSBox.exe"+01918BDC]+0
["DOSBox.exe"+01918BE0]+0
["DOSBox.exe"+01918BFC]+0
["DOSBox.exe"+01918C00]+0




For other games I'm using this
Code:
[ENABLE]
{$Lua}
for i,v in ipairs(enumMemoryRegions()) do
  if v.RegionSize==0x1001000 and v.AllocationProtect==4 then
    unregisterSymbol('GameMemoryStart') registerSymbol('GameMemoryStart',v.BaseAddress+20)
  end
end
{$Asm}

[DISABLE]
{$Lua}
unregisterSymbol('GameMemoryStart')
{$Asm}
as main script.

It finds 16MB+4KB memory region address and creates user symbol pointing to this address.

EDIT:
If you want to find a pointer, just right click "GameMemoryStart" and choose "pointer scan for this address", max level 1. Of course make few pointer rescans too.
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
Awesome, especially the Lua Script :wub:

Many thanks for sharing that!
 

mgr.inz.Player

RCE Fanatics
Talents
Joined
Mar 3, 2017
Messages
46
Reaction score
40
@Marc :cool:

Tested few dosbox versions.

This code will register user symbol VideoMemory pointing to video memory:
Code:
[ENABLE]
{$Lua}
for i,v in ipairs(enumMemoryRegions()) do
  if v.RegionSize==0x201000 and v.AllocationProtect==4 then
    unregisterSymbol('VideoMemory') registerSymbol('VideoMemory',v.BaseAddress+0x20)
  end
end
{$Asm}

[DISABLE]
{$Lua}
unregisterSymbol('VideoMemory')
{$Asm}
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
Very nice, thanks again!

Just noticed:
in the first version you are checking for
Code:
if v.RegionSize==0x1001000 and v.AllocationProtect==4 then
whereas in the other version you are checking for
Code:
if v.RegionSize==0x2001000 and v.AllocationProtect==4 then
The code 0x1 does not seem to trigger with 0.74-2.1, the 0x2 does. (tried with Darksun 1 from GoG)

Hmmm. Joined them :D
Code:
[ENABLE]
{$Lua}
for i,v in ipairs(enumMemoryRegions()) do
  if (v.RegionSize==0x2001000 or v.RegionSize==0x2001000) and v.AllocationProtect==4 then
    unregisterSymbol('GameMemoryStart') registerSymbol('GameMemoryStart',v.BaseAddress)
    unregisterSymbol('VideoMemory') registerSymbol('VideoMemory',v.BaseAddress+20)
  end
end
{$Asm}

[DISABLE]
{$Lua}
unregisterSymbol('GameMemoryStart')
unregisterSymbol('VideoMemory')
{$Asm}
 

mgr.inz.Player

RCE Fanatics
Talents
Joined
Mar 3, 2017
Messages
46
Reaction score
40
Probably it depends on used configuration file (xms=true/false ems=true/false umb=true/false)

Found memory regions with specific regions size values:



- 0x1001000 - it is 16781312 bytes (which is 16388KB, and that is 16MB plus 4KB) - Game Memory

- 0x201000 - it is 2101248 bytes (which is 2052KB, and that is 2MB plus 4KB) - Video Memory.

- there's also 0x402000 and it is 4202496 bytes (which is 4104KB, and that is 4MB plus 8KB) - Game Other Memory

Regions starts at address 0x20 bytes before pointers used in the first post (Dst symbol). This is why I add 0x20, so this registered symbol will be "compatible" with already found offsets.

Looks like DosBox allocates those regions in above order.

You can experiment with those registered symbols. Here is my attached table

EDIT:
CT file from CE7.1
 

Attachments

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
Many thanks for explaining that, really good to know.
Table works finde, of course - added it to my DOSBox-Template file. :)
 

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,483
Reaction score
1,866
Like I use to tell people.. before the emulator is started break on VirtualAlloc and start from there.
 

FitDynamite

What is cheating?
Joined
May 10, 2020
Messages
2
Reaction score
1
daninthemix said:
Anyone got the base addresses for .74-3 ?
Have been trying to find this too. Couldn't find it anywhere. Ended up finding it myself.

DosBox 0.74-3
Base address: 0193C370

It works for me.
 

mgr.inz.Player

RCE Fanatics
Talents
Joined
Mar 3, 2017
Messages
46
Reaction score
40
First, you found not a base, you found module offset for multilevel pointer base address.

Anyway, it depends on which memory block game is using for storing some values. 2MB (VideoMemory), 4MB, 16MB.

Usually it is 16MB. Paste this code to addresslist:
Code:
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"Find and set user symbols"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{$Lua}
if syntaxcheck then return end

[ENABLE]
for i,v in ipairs(enumMemoryRegions()) do
  if v.RegionSize==0x1001000 and v.AllocationProtect==4 then
    unregisterSymbol('GameMemoryStart') registerSymbol('GameMemoryStart',v.BaseAddress+0x20)
  end
end

[DISABLE]
unregisterSymbol('GameMemoryStart')
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>1</ID>
      <Description>"GameMemoryStart"</Description>
      <VariableType>Byte</VariableType>
      <Address>GameMemoryStart</Address>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Attach CE to dosbox, activate "Find and set user symbols", then just use "GameMemoryStart" symbol.

For example there is table for "Cosmo's Cosmic Adventure 1 V1.20"
https://fearlessrevolution.com/viewtopic.php?t=412

Health is pointer with last offset 1FCFC.
With "GameMemoryStart" symbol you can just use GameMemoryStart+1FCFC. It is universal, whatever DOSBOX version you use, it should work.
(at least all DOSBox versions up to this date)


If you really want to use pointers than symbols - you can do pointer scan with max level 1 ( and max offset 128 to speedup scanning even more)
In previous page I showed how to do this for pointers for VideoMemory, you can do the same for for 16MB and 4MB memory blocks.
Right click "GameMemoryStart" and choose "pointer scan for this address", max level 1, like in this screenshot:
(of course you will have different address)


That way, after few pointer rescans, I found pointers to GameMemoryStart (the 16MB memory block):
["DOSBox.exe"+0193C370]+0
["DOSBox.exe"+0074D728]+0
["DOSBox.exe"+0074D6D4]+0
["DOSBox.exe"+0074D6D0]+0
["DOSBox.exe"+0034DACC]+0
["DOSBox.exe"+0034DA94]+0
["DOSBox.exe"+0034D728]+0
["DOSBox.exe"+0034D6D4]+0
["DOSBox.exe"+0034D6D0]+0


As you see, there's also a pointer with base address: DOSBox.exe+0193C370 (modulename+moduleoffset)
And moduleoffset is the same as yours.
 

FitDynamite

What is cheating?
Joined
May 10, 2020
Messages
2
Reaction score
1
Wow player really know this stuff. Nice post!

Seriously, thanks for your reply. I am new to CE. While I don't really understand 100% what you were trying to say, I definitely am learning a thing or two from your post here.

I was (a lousy) DOS programmer back like 25 years ago. I still remembered video memory starts at 0xa000 address if i'm not mistaken. Text mode starts at 0xb800 or something like that. So I'm a bit confused when you refers to video memory at 2MB, but then again it was a really, really, really long time ago and I don't do programming anymore.

Let me do some serious reading, and hope you don't mind if i have a question or two.
 

mgr.inz.Player

RCE Fanatics
Talents
Joined
Mar 3, 2017
Messages
46
Reaction score
40
I got a PC when Windows Me was released. Before that I had only C64 :) I didn't do much with programming in DOS - simple tasks in Turbo Pascal 7 (with graph library) and some very basic executable modifications with Hiew 6.50. To sum this up - DOS is not my thing.

GameMemoryStart, VideoMemory, GameOtherMemoryStart those are just names for memory regions allocated by DOSBox. Those names were the first thing which came to my mind.
Code:
So I'm a bit confused when you refers to video memory at 2MB
2MB allocated by DOSBox.
 
Top