DOCKY99

http://www.allxboxskins.com Lit le forum SVP...

Oui j'en est discuté sur IRC [...] mais bon pour eviter tout problème je vous donne la pharse : Wait and see.....

c'est pas vraiment les source que je demande les des infos sur les code hexa de plus ses infos pourrait serveir a la création d'un soft ou une implémentation dans xbtools

scuse moi mais c'est pas possible d'avoie les code hexa tous sa pour qu'on se fasse des bios perso ?

le terme exact de la scene est : EXPLOIT

c'estit un bug sur PBL 1.3 il suffit juste de retirer le seonde pas du port 2 et le boot continue.

heu mameox il le fait pas par hasard ?

yoshiro tu pourrait me dire comment on fait pour changer le titre en dessous du logo ?

apparament c'est bon il enregistre les paramètre (il faut bien quitter le soft il enregistre un fichier de config nommé option dans le dossier courrant : options default_font_family_mono "default"default_font_family_vari "default"default_color_bg_g "ffffff"default_color_fg_g "000000"default_form_bg_g "c0c0c0"default_form_fg_g "000000"default_color_link_g "0000ff"default_color_vlink_g "000080"use_color_separation "1"default_color_bg "000000"default_color_fg "bfbfbf"default_color_link "ffffff"default_color_vlink "ffff00"transparency "1"html_assume_codepage "iso8859-1"html_hard_codepage "0"html_tables "1"html_frames "1"html_images "1"html_images_display "1"html_images_blocklist "0"html_images_scale "100"html_font_size "16"html_margin "3"html_table_order "0"html_links_numbered "0"document_history_global_enable "1"document_history_global_max_items "100"search_everything_is_a_link "1"refresh_enable "0"refresh_minimal "1"text_selection_rectangular_mode "0"text_selection_clipboard_charset "utf-8"keyboard_navigation "1"toolbar_button_visibility_back "1"toolbar_button_visibility_history "1"toolbar_button_visibility_forward "1"toolbar_button_visibility_reload "1"toolbar_button_visibility_bookmarks "1"toolbar_button_visibility_home "0"toolbar_button_visibility_stop "1"ministatus_visibility_connecting "1"ministatus_visibility_running "1"ministatus_visibility_images "1"ministatus_visibility_encoding "1"ministatus_visibility_ssl "1"ministatus_visibility_keyboard "1"ministatus_visibility_refresh "0"tabs_new_on_middle_button "1"tabs_new_on_ctrl_enter "1"tabs_new_in_background "0"tabs_cycle "1"tabs_close_switch_to_next "1"tabs_close_last "1"tabs_show "1"tabs_show_if_single "0"menu_fg_color "000000"menu_bg_color "dddddd"menu_shadow_color "000000"menu_font "default-medium-roman-serif-vari"menu_bold_font "default-bold-roman-serif-vari"menu_mono_font "default-medium-roman-serif-mono"menu_system_font "system-medium-roman-serif-vari"menu_font_size "16"scrollbar_area_color "888888"scrollbar_bar_color "dddddd"scrollbar_frame_color "dddddd"video_gamma_red "2.2"video_gamma_green "2.2"video_gamma_blue "2.2"video_gamma_user "1"video_aspect_on "0"video_aspect "1"video_display_optimize "0"video_dither_letters "1"video_dither_images "1"interface_language "French"bookmarks_file "D:\bookmarks.html"bookmarks_codepage "utf-8"http_bugs_http10 "0"http_bugs_allow_blacklist "1"http_bugs_302_redirect "1"http_bugs_post_no_keepalive "0"http_bugs_no_accept_charset "0"http_referer "1"http_referer_fake_referer ""http_proxy ""http_proxy_user ""http_proxy_password ""http_fake_useragent "Links"http_accept_charset "us-ascii, ISO8859-1, ISO8859-2, ISO8859-3, ISO8859-4, ISO8859-5, ISO8859-6, ISO8859-7, ISO8859-8, ISO8859-9, ISO8859-10, ISO8859-13, ISO8859-14, ISO8859-16, ISO8859-17, windows-1250, windows-1251, windows-1252, windows-1256, windows-1257, cp437, cp737, cp850, cp852, cp866, x-cp866-u, x-mac, x-mac-ce, x-kam-cs, koi8-r, koi8-u, TCVN-5712, VISCII, utf-8"http_accept_language ""ftp_proxy ""ftp_anonymous_password "some@where.net"cache_memory_size "1048576"cache_images_size "1048576"cache_formatted_entries "5"cache_aggressive "1"network_max_connections "16"network_max_connections_to_host "8"network_max_tries "3"network_receive_timeout "120"network_unrestartable_receive_timeout "600"network_async_lookup "1"network_download_utime "0"network_download_directory ""network_download_prevent_overwriting "1"network_program_mailto ""network_program_telnet ""network_program_tn3270 "" fichier a crée et a copier si il ce crée pas chez vous....

Pour ecran noir apparament ce soft n'est pas compatible NTSC-J (ecran noir) puis en faite si car je viens de le relancer et la sa passe !!!! donc si vous aveaz un ecran noir mettez vous en PAL 50 hz... lancer le soft puis retenter avec votre mode vidéo... en plus on peut choisir la langue : y'a le français ! Par contre on ne peut pas sauvegarder la configuration mais comme j'ai les source.....

hop hop : seg000:00000000; File Name : xboxlive2.binseg000:00000000; Format : Binary Fileseg000:00000000; Base Address: 0000h Range: 0000h - 03D4h Loaded length: 03D4hseg000:00000000 seg000:00000000; ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍseg000:00000000 seg000:00000000; Segment type: Pure codeseg000:00000000 seg000 segment byte public 'CODE' use32seg000:00000000 assume cs:seg000seg000:00000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothingseg000:00000000 db XXh, XXhseg000:00000002 dw 3D4h ; Length of this packetseg000:00000004 db 0; seg000:00000005 db 0; seg000:00000006 db 0; seg000:00000007 db 0; seg000:00000008 db 0; seg000:00000009 db 0; seg000:0000000A db 0; seg000:0000000B db 0; seg000:0000000C db 0XXh; ; These bytes and the ones atseg000:0000000C ; 00000000 very likely uniquelyseg000:0000000C ; identify the user. Therefore,seg000:0000000C ; for privacy reasons, we omitseg000:0000000C ; these bytes.seg000:0000000D db 0XXh;seg000:0000000E db 0XXh;seg000:0000000F db 0XXh;seg000:00000010 db 0XXh;seg000:00000011 db 0XXh;seg000:00000012 db X; ; 12-1B are either 00 or 01 only, butseg000:00000012 ; it's still unsafe to show them.seg000:00000013 db X; seg000:00000014 db X; seg000:00000015 db X; seg000:00000016 db X; seg000:00000017 db X; seg000:00000018 db X; seg000:00000019 db X; seg000:0000001A db X; seg000:0000001B db X; ; RSA-2048 digital signatureseg000:0000001B ; of this code using theseg000:0000001B ; standard Xbox public key.seg000:0000001C DigitalSignature db 4Bh, 0B8h, 0DEh, 0B1h, 2, 0C0h, 0Ah, 99h, 0E1h, 5Dhseg000:0000001C db 0Bh, 31h, 2Bh, 97h, 0C6h, 0A4h, 35h, 74h, 89h, 44hseg000:0000001C db 0F2h, 56h, 4Bh, 15h, 30h, 56h, 2Eh, 9Ah, 67h, 18h, 29hseg000:0000001C db 24h, 30h, 60h, 0F5h, 3Bh, 69h, 0B7h, 97h, 96h, 23hseg000:0000001C db 0DEh, 5Bh, 0F8h, 3, 0F7h, 6, 6Dh, 0FDh, 0C8h, 0CBhseg000:0000001C db 95h, 64h, 5Fh, 0A4h, 0F2h, 44h, 83h, 0A4h, 0B4h, 6seg000:0000001C db 57h, 93h, 7Dh, 25h, 12h, 73h, 54h, 36h, 57h, 0D7h, 4Dhseg000:0000001C db 76h, 10h, 16h, 7Ch, 98h, 76h, 4Dh, 39h, 0DCh, 0E1hseg000:0000001C db 47h, 69h, 52h, 0BEh, 0A4h, 0CDh, 4Dh, 79h, 8Bh, 0BFhseg000:0000001C db 0F1h, 7, 9Ah, 0DCh, 3Fh, 68h, 0FCh, 12h, 0A6h, 0D1hseg000:0000001C db 4Ah, 2Ah, 6Ch, 9Bh, 69h, 9Ch, 42h, 25h, 0A2h, 5Ah, 0DAhseg000:0000001C db 6Eh, 0AEh, 0AAh, 90h, 0EEh, 0FBh, 0D2h, 3Ch, 0E5h, 96hseg000:0000001C db 3Eh, 30h, 0BAh, 7Dh, 0ABh, 0FBh, 0FCh, 2Eh, 78h, 7Dhseg000:0000001C db 0B5h, 46h, 0BBh, 8Eh, 49h, 0C5h, 0D6h, 0CEh, 0BAh, 5seg000:0000001C db 0BFh, 5Fh, 0EAh, 56h, 0D9h, 94h, 0DBh, 8Ch, 4Ch, 4Bhseg000:0000001C db 19h, 8Ch, 0F7h, 10h, 0EAh, 85h, 0C4h, 65h, 33h, 96hseg000:0000001C db 75h, 5Ch, 0EBh, 32h, 0DAh, 0AEh, 69h, 5Fh, 0C2h, 2Fhseg000:0000001C db 0F6h, 79h, 0CAh, 0D2h, 55h, 28h, 51h, 0F9h, 0F8h, 0ABhseg000:0000001C db 0F1h, 0C4h, 8Fh, 88h, 8Eh, 0B7h, 8Fh, 0C8h, 0CEh, 0ADhseg000:0000001C db 19h, 0F4h, 0ABh, 7Bh, 68h, 85h, 0Eh, 8Bh, 4, 44h, 6Chseg000:0000001C db 8Ah, 0E2h, 36h, 8Fh, 5Dh, 0EFh, 3Dh, 57h, 7Bh, 2Dhseg000:0000001C db 0F6h, 23h, 0C8h, 67h, 0Fh, 72h, 0BBh, 0BAh, 3, 0A8hseg000:0000001C db 11h, 5Bh, 67h, 0D1h, 5Eh, 95h, 0DAh, 5Eh, 0Dh, 4Bhseg000:0000001C db 91h, 0B9h, 34h, 7Ch, 9, 78h, 0CEh, 0E6h, 85h, 33h, 0E9hseg000:0000001C db 99h, 0B7h, 52h, 0F3h, 11h, 0D8h, 82h, 3Fh, 0FDh, 31hseg000:0000001C db 21hseg000:0000011C seg000:0000011C; ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ S U B R O U T I N E ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛseg000:0000011C seg000:0000011C; On entry, ebp=EntryPoint. That is important.seg000:0000011C; edi=data to be sent to Microsoftseg000:0000011C; edx=data received from Microsoftseg000:0000011C; seg000:0000011C; Note to Microsoft: This routine runs atseg000:0000011C; DISPATCH_LEVEL... You should not call theseg000:0000011C; Nt* functions from that level.seg000:0000011C; seg000:0000011C; Attributes: bp-based frameseg000:0000011C seg000:0000011C EntryPoint proc nearseg000:0000011C seg000:0000011C import_table = dword ptr -34hseg000:0000011C var_30 = dword ptr -30hseg000:0000011C var_2C = dword ptr -2Chseg000:0000011C var_28 = dword ptr -28hseg000:0000011C var_24 = dword ptr -24hseg000:0000011C object_attributes= OBJECT_ATTRIBUTES ptr -20hseg000:0000011C ansi_string = ANSI_STRING ptr -14hseg000:0000011C handle = dword ptr -0Chseg000:0000011C var_8 = byte ptr -8seg000:0000011C var_4 = dword ptr -4seg000:0000011C arg_0 = dword ptr 4seg000:0000011C seg000:0000011C mov ax, cs ; Check whether the CPU is runningseg000:0000011C ; in user mode (Xbox is normallyseg000:0000011C ; in kernel mode). This probablyseg000:0000011C ; is here to detect emulators.seg000:0000011F test ax, 3seg000:00000123 jz short loc_130seg000:00000125 mov dword ptr [edi], 'GNIR'; "ring" can mean user/kernel modeseg000:0000012B mov [edi+4], axseg000:0000012F retnseg000:00000130; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:00000130 seg000:00000130 loc_130: ; CODE XREF: EntryPoint+7jseg000:00000130 push ediseg000:00000131 sub [esp+4+var_4], 10hseg000:00000135 push ebp ; After this, [ebp+0] = old ebpseg000:00000135 ; Also, [ebp+4] = old ediseg000:00000136 mov ebp, espseg000:00000138 sub esp, 34hseg000:0000013B mov esi, edx; Not sure what this isseg000:0000013D movsdseg000:0000013E movsdseg000:0000013F mov eax, 80010000h; Find the kernel exportseg000:0000013F ; directory (80010000 =seg000:0000013F ; start address of kernel)seg000:00000144 mov ebx, [eax+3Ch]; IMAGE_DOS_HEADER::e_lfanewseg000:00000147 add ebx, eaxseg000:00000149 mov edx, [ebx+78h]; [IMAGE_DIRECTORY_ENTRY_EXPORT]seg000:0000014C add edx, eaxseg000:0000014E mov edx, [edx+1Ch]; IMAGE_EXPORT_DIRECTORY::AddressOfFunctionsseg000:00000151 add edx, eaxseg000:00000153 mov ecx, 2A6h; 2A6 + EntryPoint = 3C2, the import tableseg000:00000158 add ecx, [ebp+0]; [ebp+0] = EntryPointseg000:0000015B mov [ebp+import_table], ecxseg000:0000015E seg000:0000015E import_loop: ; CODE XREF: EntryPoint+57jseg000:0000015E mov eax, [ecx]; This code reads the DWORDs atseg000:0000015E ; 3C2, which are indexes intoseg000:0000015E ; the kernel import table. Itseg000:0000015E ; then resolves each one, untilseg000:0000015E ; it sees a zero entry.seg000:00000160 cmp eax, 0seg000:00000163 jz short import_doneseg000:00000165 dec eaxseg000:00000166 mov eax, [edx+eax*4]; Look up entry in tableseg000:00000169 add eax, 80010000h; Add base address of kernelseg000:0000016E mov [ecx], eaxseg000:00000170 add ecx, 4seg000:00000173 jmp short import_loopseg000:00000175; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:00000175 seg000:00000175 import_done: ; CODE XREF: EntryPoint+47jseg000:00000175 movzx ecx, word ptr [ebx+14h]seg000:00000179 lea ecx, [ecx+ebx+18h]seg000:0000017D mov edx, 80010000hseg000:00000182 add edx, [ecx+8]seg000:00000185 add edx, [ecx+0Ch]seg000:00000188 mov ecx, [ebp+arg_0]seg000:0000018B mov eax, [ecx]seg000:0000018D movzx ebx, word ptr [ecx+4]seg000:00000191 xor eax, 0CCF0E0A2h; Seed values for TEA. Apparentlyseg000:00000191 ; Microsoft varies what the legalseg000:00000191 ; hash is by sending random seedseg000:00000191 ; values to the client (the previousseg000:00000191 ; values of eax and ebx). Thisseg000:00000191 ; prevents simply always sendingseg000:00000191 ; back a hard-coded hash.seg000:00000196 xor ebx, 0EB111D39hseg000:0000019C mov ecx, 80010000hseg000:000001A1 call TEAHash ; Hashes a range of memory with the TEA algorithm.seg000:000001A1 ; I don't know if Microsoft bothered to fix theseg000:000001A1 ; 31/63 bit XOR problem. (See MCPX 1.1 disassembly)seg000:000001A1 ; ecx=start address, edx=end address (exclusive)seg000:000001A6 mov esi, 0seg000:000001AB call WeirdHash; This function is apparentlyseg000:000001AB ; hashing the currently runningseg000:000001AB ; XBE's code/data.seg000:000001B0 mov esi, 1seg000:000001B5 call WeirdHash; This function is apparentlyseg000:000001B5 ; hashing the currently runningseg000:000001B5 ; XBE's code/data.seg000:000001BA push 20h; ' ' ; FILE_SYNCHRONOUS_IO_NONALERTseg000:000001BC push 1 ; CreateDisposition = FILE_OPENseg000:000001BE push 3 ; ShareAccess = read | writeseg000:000001C0 push 80h; '€' ; FileAttributes = normalseg000:000001C5 push 0 ; AllocationSize = NULLseg000:000001C7 lea eax, [ebp+var_8]seg000:000001CA push eax ; IoStatusBlockseg000:000001CB mov word ptr [ebp+ansi_string.Buffer], 1Ch; seg000:000001CB ; Build OBJECT_ATTRIBUTES for theseg000:000001CB ; \Device\Harddisk0\Partition0seg000:000001CB ; string (1C = its length)seg000:000001D1 mov word ptr [ebp+ansi_string.Buffer+2], 1Chseg000:000001D7 mov eax, 28Ah; Get address of that stringseg000:000001DC add eax, [ebp+0]seg000:000001DF mov dword ptr [ebp+ansi_string.Length], eaxseg000:000001E2 lea eax, [ebp+ansi_string]seg000:000001E5 mov [ebp+object_attributes.RootDirectory], 0; NULLseg000:000001EC mov [ebp+object_attributes.ObjectName], eaxseg000:000001EF mov [ebp+object_attributes.Attributes], 40h; case insensitiveseg000:000001F6 lea eax, [ebp+object_attributes]seg000:000001F9 push eax ; ObjectAttributesseg000:000001FA push 80100000h; DesiredAccessseg000:000001FF lea eax, [ebp+handle]seg000:00000202 push eax ; FileHandleseg000:00000203 mov eax, [ebp+import_table]seg000:00000206 call dword ptr [eax]; NtCreateFileseg000:00000208 stosdseg000:00000209 cmp eax, 0seg000:0000020C jnz open_error; MS: This should be jns or jlseg000:00000212 mov ebx, 2B6h; 2B6 + EntryPoint = 3D2seg000:00000217 add ebx, [ebp+0]seg000:0000021A mov [ebp+var_30], 0seg000:00000221 mov [ebp+var_2C], 0; seg000:00000221 ; This nasty chunk of code readsseg000:00000221 ; the hard drive's identificationseg000:00000221 ; information (model name, serialseg000:00000221 ; number) and prepares it to beseg000:00000221 ; sent back to Microsoft.seg000:00000228 mov byte ptr [ebp+var_2C+2], 0ECh; EC = IDENTIFY DEVICEseg000:0000022C mov [ebp+var_28], 200h; Length of data to returnseg000:00000233 mov [ebp+var_24], ebxseg000:00000236 lea eax, [ebp+var_30]seg000:00000239 push 10hseg000:0000023B push eaxseg000:0000023C push 10hseg000:0000023E push eaxseg000:0000023F push 4D028h ; IOCTL_IDE_PASS_THROUGHseg000:00000244 lea eax, [ebp+var_8]seg000:00000247 push eaxseg000:00000248 push 0seg000:0000024A push 0seg000:0000024C push 0seg000:0000024E push [ebp+handle]seg000:00000251 mov eax, [ebp+import_table]seg000:00000254 call dword ptr [eax+8]; NtDeviceIoControlseg000:00000257 stosdseg000:00000258 push [ebp+handle]seg000:0000025B mov eax, [ebp+import_table]seg000:0000025E call dword ptr [eax+4]; NtCloseseg000:00000261 stosdseg000:00000262 push ediseg000:00000263 mov ebx, 2B6hseg000:00000268 add ebx, [ebp+0]; The below structure isseg000:00000268 ; IDE_IDENTIFY_DATA from theseg000:00000268 ; Windows 2000 DDK.seg000:0000026B lea esi, [ebx+36h]; Copy HD model numberseg000:0000026E mov ecx, 0Ahseg000:00000273 rep movsdseg000:00000275 lea esi, [ebx+2Eh]; Copy HD firmware revisionseg000:00000278 mov ecx, 2seg000:0000027D rep movsdseg000:0000027F lea esi, [ebx+14h]; Copy HD serial numberseg000:00000282 mov ecx, 5seg000:00000287 rep movsdseg000:00000289 pop ediseg000:0000028A mov esi, ediseg000:0000028C mov ecx, 22h; '"'seg000:00000291 seg000:00000291 loc_291: ; CODE XREF: EntryPoint+17Djseg000:00000291 lodsw ; Swap around every pair of bytes.seg000:00000291 ; This is because IDE protocol isseg000:00000291 ; reversed like this.seg000:00000293 rol ax, 8 ; MS: Try xchg al, ahseg000:00000297 stoswseg000:00000299 loop loc_291seg000:0000029B mov eax, [ebx+78h]; Send the size of the hard disk!!!seg000:0000029E stosdseg000:0000029F seg000:0000029F open_error: ; CODE XREF: EntryPoint+F0jseg000:0000029F add esp, 3Chseg000:000002A2 retnseg000:000002A2 EntryPoint endp; sp = -50hseg000:000002A2 seg000:000002A3 seg000:000002A3; ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ S U B R O U T I N E ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛseg000:000002A3 seg000:000002A3; This function is apparentlyseg000:000002A3; hashing the currently runningseg000:000002A3; XBE's code/data.seg000:000002A3 seg000:000002A3 WeirdHash proc near ; CODE XREF: EntryPoint+8Fpseg000:000002A3 ; EntryPoint+99pseg000:000002A3 mov ecx, [ebp+4]; Get original edi (buffer to send to MS)seg000:000002A6 movzx edx, byte ptr [esi+ecx+6]; esi is 0 or 1seg000:000002AB mov ecx, [ecx+esi*4+8]seg000:000002AF cmp ecx, 0seg000:000002B2 jz short return_zeroseg000:000002B4 mov esi, ecxseg000:000002B6 and esi, 3seg000:000002B9 and ecx, 0FFFFFFFChseg000:000002BC cmp esi, 0 ; 0 mod 4seg000:000002BF jz short loc_2FEseg000:000002C1 cmp esi, 1 ; 1 mod 4seg000:000002C4 jz short hash_headerseg000:000002C6 mov esi, 10000h; XBE header addressseg000:000002CB mov edx, ecx; Multiply by 7. ecx is apparentlyseg000:000002CB ; already a QWORD multiple (theseg000:000002CB ; round size of TEA), making thisseg000:000002CB ; effectively a multiply by 0x38,seg000:000002CB ; the size of a section header.seg000:000002CD add edx, ecx; To Microsoft:seg000:000002CF add edx, ecx; Try this next time:seg000:000002D1 add edx, ecx; lea edx, [ecx*8]seg000:000002D3 add edx, ecx; sub edx, ecxseg000:000002D5 add edx, ecxseg000:000002D7 add ecx, edxseg000:000002D9 add ecx, [esi+120h]; Pointer to section headersseg000:000002DF mov edx, [ecx+8]; Virtual size of sectionseg000:000002E2 mov ecx, [ecx+4]; Virtual address of sectionseg000:000002E5 jmp short loc_309seg000:000002E7; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:000002E7 seg000:000002E7 hash_header: ; CODE XREF: WeirdHash+21jseg000:000002E7 mov ecx, 10000h; XBE header start addressseg000:000002EC cmp edx, 0seg000:000002EF jz short unknownseg000:000002F1 mov edx, [ecx+108h]; Length of XBE headerseg000:000002F7 jmp short loc_309seg000:000002F9; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:000002F9 seg000:000002F9 unknown: ; CODE XREF: WeirdHash+4Cjseg000:000002F9 mov edx, 6Eh; 'n'seg000:000002FE seg000:000002FE loc_2FE: ; CODE XREF: WeirdHash+1Cjseg000:000002FE cmp ecx, 0CFFFF800hseg000:00000304 jnb short return_zeroseg000:00000306 shl edx, 3seg000:00000309 seg000:00000309 loc_309: ; CODE XREF: WeirdHash+42jseg000:00000309 ; WeirdHash+54jseg000:00000309 add edx, ecx; edx points to end - it's not length.seg000:0000030B call TEAHash ; Hashes a range of memory with the TEA algorithm.seg000:0000030B ; I don't know if Microsoft bothered to fix theseg000:0000030B ; 31/63 bit XOR problem. (See MCPX 1.1 disassembly)seg000:0000030B ; ecx=start address, edx=end address (exclusive)seg000:00000310 retnseg000:00000311; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:00000311 seg000:00000311 return_zero: ; CODE XREF: WeirdHash+Fjseg000:00000311 ; WeirdHash+61jseg000:00000311 push eax ; This looks like some kind ofseg000:00000311 ; error handler to tell MS thatseg000:00000311 ; something went wrong.seg000:00000312 xor eax, eaxseg000:00000314 stosdseg000:00000315 stosdseg000:00000316 pop eaxseg000:00000317 retnseg000:00000317 WeirdHash endpseg000:00000317 seg000:00000318 seg000:00000318; ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ S U B R O U T I N E ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛseg000:00000318 seg000:00000318; Hashes a range of memory with the TEA algorithm.seg000:00000318; I don't know if Microsoft bothered to fix theseg000:00000318; 31/63 bit XOR problem. (See MCPX 1.1 disassembly)seg000:00000318; ecx=start address, edx=end address (exclusive)seg000:00000318 seg000:00000318 TEAHash proc near ; CODE XREF: EntryPoint+85pseg000:00000318 ; WeirdHash+68pseg000:00000318 seg000:00000318 var_14 = dword ptr -14hseg000:00000318 var_10 = dword ptr -10hseg000:00000318 var_C = dword ptr -0Chseg000:00000318 var_8 = dword ptr -8seg000:00000318 var_4 = dword ptr -4seg000:00000318 seg000:00000318 push eaxseg000:00000319 push ebxseg000:0000031A push ebpseg000:0000031B push ediseg000:0000031C mov ebp, ecxseg000:0000031E mov edi, edxseg000:00000320 sub esp, 14hseg000:00000323 seg000:00000323 loc_323: ; CODE XREF: TEAHash+80jseg000:00000323 mov [esp+14h+var_10], eaxseg000:00000327 mov [esp+14h+var_C], ebxseg000:0000032B mov edx, [ebp+0]seg000:0000032E mov esi, [ebp+4]seg000:00000331 prefetchnta byte ptr [ebp+8]seg000:00000335 lea ebp, [ebp+8]seg000:00000338 mov [esp+14h+var_8], edxseg000:0000033C mov [esp+14h+var_4], esiseg000:00000340 mov [esp+14h+var_14], 0seg000:00000347 mov ecx, 10hseg000:0000034C seg000:0000034C loc_34C: ; CODE XREF: TEAHash+7Cjseg000:0000034C mov edx, ebxseg000:0000034E mov esi, ebxseg000:00000350 shl edx, 4seg000:00000353 shr esi, 5seg000:00000356 xor edx, esiseg000:00000358 add edx, ebxseg000:0000035A mov esi, [esp+14h+var_14]seg000:0000035D and esi, 3seg000:00000360 mov esi, [esp+esi*4+14h+var_10]seg000:00000364 add esi, [esp+14h+var_14]seg000:00000367 xor edx, esiseg000:00000369 add eax, edxseg000:0000036B add [esp+14h+var_14], 9E3779B9hseg000:00000372 mov edx, eaxseg000:00000374 mov esi, eaxseg000:00000376 shl edx, 4seg000:00000379 shr esi, 5seg000:0000037C xor edx, esiseg000:0000037E add edx, eaxseg000:00000380 mov esi, [esp+14h+var_14]seg000:00000383 shr esi, 0Bhseg000:00000386 and esi, 3seg000:00000389 mov esi, [esp+esi*4+14h+var_10]seg000:0000038D add esi, [esp+14h+var_14]seg000:00000390 xor edx, esiseg000:00000392 add ebx, edxseg000:00000394 loop loc_34Cseg000:00000396 cmp ebp, ediseg000:00000398 jb short loc_323seg000:0000039A add esp, 14hseg000:0000039D pop ediseg000:0000039E pop ebpseg000:0000039F stosdseg000:000003A0 mov eax, ebxseg000:000003A2 stosdseg000:000003A3 pop ebxseg000:000003A4 pop eaxseg000:000003A5 retnseg000:000003A5 TEAHash endpseg000:000003A5 seg000:000003A5; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄseg000:000003A6 aDeviceHarddisk db '\Device\Harddisk0\Partition0'; Name of the "file" to openseg000:000003C2 NtCreateFile dd 0BEh ; This is the kernel importseg000:000003C2 ; table. These fields getseg000:000003C2 ; replaced with the actualseg000:000003C2 ; address.seg000:000003C6 NtClose dd 0BBhseg000:000003CA NtDeviceIoControlFile dd 0C4hseg000:000003CE dd 0seg000:000003D2 db 0; ; This is where the identify data isseg000:000003D2 ; written to (512 bytes long)seg000:000003D3 db 0; ; Last byte checked by digitalseg000:000003D3 ; signatureseg000:000003D4 db 0;

Arf tu cherche vraiment pas trouvez une roms sonic ou mario c'est le baBA : Tiens vla un site référence : http://www.sonicstrike.net/users/sonicroms/

Le site des triners evox officiels est ici : http://trainers.evolutionx.info tu as PAL NTSC et NTSC J

C'est clair ... j'hésitait ho et puis op si t'a l'original tu doit pouvoir refaire un iso sinan....

a force de le deamndé il finiera bien par si penché dessus (les team dev) je pencherais pour Xport pas vous ?

bah djbase tu devrais savoir qu'il esiste plein de forum plus précisément des forum de dévelopement underground et bien sur l'émulation en fait partie...

tiens c'est bizzarre c'est que y'a pas 1 jours sur mon IM il ma demandé ou ce trouvait les contrôle sur les roms.... (Pour info c'est dans .\src\unzip\bzip.cpp) Je lui est envoyé mon fichier au passage.. : il s'agit d'un VF : // Burner Zip module#include "..\..\fba.h"// Zip files to search throughchar *szBzipName[BZIP_MAX*4+1]={NULL};int nBzipError=0; // non-zero if there is a problem with the opened romsetstruct RomFind { unsigned char nState; int nZip; int nPos; }; // State is non-zero if found. 1 = found totally okay.static struct RomFind *RomFind=NULL;static int nRomCount=0;static struct ZipEntry *List=NULL; static int nListCount=0; // List of entries for current zip filestatic int nCurrentZip=-1; // Zip which is currently openStringSet BzipText; // Text which describes any problems with loading the zipStringSet BzipDetail; // Text which describes in detail any problems with loading the zipstatic int bFoundSomeZips=0;static char *GetFilename(char *szFull){ int i,nLen; nLen=strlen(szFull); if (nLen<=0) return szFull; for (i=nLen-1;i>=0;i--) if (szFull[i]=='\\' || szFull[i]=='/') return szFull+i+1; return szFull;}static int FindRomByName(char *szName){ struct ZipEntry *pl; int i; // Find the rom named szName in the List for (i=0,pl=List; i<nListCount; i++,pl++) { if (stricmp(szName,GetFilename(pl->szName))==0) return i; } return -1; // couldn't find the rom}static int FindRomByCrc(unsigned int nCrc){ struct ZipEntry *pl; int i; // Find the rom named szName in the List for (i=0,pl=List; i<nListCount; i++,pl++) { if (nCrc==pl->nCrc) return i; } return -1; // couldn't find the rom}// Find rom number i from the pBzipDriver gamestatic int FindRom(int i){ struct BurnRomInfo ri; int nRet=0; int nAka=0; memset(&ri,0,sizeof(ri)); nRet=BurnDrvGetRomInfo(&ri,i); if (nRet!=0) return -2; // Failure: no such rom // Search for possible names first for (nAka=0;nAka<0x10000;nAka++) { char *szPossibleName=NULL; int nRet=0; nRet=BurnDrvGetRomName(&szPossibleName,i,nAka); if (nRet!=0) break; // No more rom names nRet=FindRomByName(szPossibleName); if (nRet>=0) return nRet; } // Failing that, search by crc (if we have one) if (ri.nCrc) { nRet=FindRomByCrc(ri.nCrc); if (nRet>=0) return nRet; } return -1; // Couldn't find the rom}static int RomDescribe(StringSet *pss,struct BurnRomInfo *pri){ pss->Add ("Le "); if (pri->nType&0x10) pss->Add ("essentiel "); if (pri->nType&0x01) pss->Add ("graphique"); if (pri->nType&0x02) pss->Add ("son "); pss->Add ("rom "); return 0;}//ayeyestatic int CheckRomsBoot(){ int i=0; for (i=0;i<nRomCount;i++) { struct BurnRomInfo ri; int nState=0; memset(&ri,0,sizeof(ri)); BurnDrvGetRomInfo(&ri,i); // Find information about the wanted rom nState=RomFind[i].nState; // Get the state of the rom in the zip file if (nState!=1 && ri.nType) return 1; } return 0;}// Check the roms to see if they code, graphics etc are completestatic int CheckRoms(){ int i=0; nBzipError=0; // Assume romset is fine for (i=0;i<nRomCount;i++) { struct BurnRomInfo ri; int nState=0; memset(&ri,0,sizeof(ri)); BurnDrvGetRomInfo(&ri,i); // Find information about the wanted rom nState=RomFind[i].nState; // Get the state of the rom in the zip file if (nState==0 && ri.nType) // (A type of 0 means empty slot - no rom) { char *szName="Unknown"; RomDescribe(&BzipText,&ri); BurnDrvGetRomName(&szName,i,0); BzipText.Add("%s introuvable.\n",szName); } if (ri.nType&0x10) // essential rom - without it the game may not run at all { if (nState==0) nBzipError|=0x01; // not found at all - game probably won't run else if (nState==3) nBzipError|=0x01; // incomplete - game probably won't run else if (nState==1) ; // fine // else nBzipError|=0x10; // crc wrong, or rom too big - may run different } if (ri.nType&1) // rom which contains graphics information { if (nState==0) nBzipError|=0x02; // not found at all else if (nState==3) nBzipError|=0x02; // incomplete else if (nState==1) ; // fine // else nBzipError|=0x20; // crc wrong, or rom too big - may look different } if (ri.nType&2) // rom which contains sound information { if (nState==0) nBzipError|=0x04; // not found at all else if (nState==3) nBzipError|=0x04; // not found at all else if (nState==1) ; // sound code rom was fine // else nBzipError|=0x40; // crc wrong, or rom too big - may sound different } } if (bFoundSomeZips==0) nBzipError|=0x08; // No data at all! return 0;}static int BzipBurnLoadRom(unsigned char *Dest,int *pnWrote,int i){ struct BurnRomInfo ri; int nWantZip=0; char *szRomName=NULL; int nRet=0; if (i<0) return 1; if (i>=nRomCount) return 1; // Check for messages: BurnDrvGetRomName(&szRomName,i,0); if (szRomName==NULL) szRomName="unknown"; if (RomFind[i].nState==0) return 1; // Rom not found in zip at all ri.nLen=0; BurnDrvGetRomInfo(&ri,i); // Get length nWantZip=RomFind[i].nZip; // Which zip file it is in if (nCurrentZip!=nWantZip) // If we haven't got the right zip file currently open { int nRet=0; ZipClose(); nCurrentZip=-1; nRet=ZipOpen(szBzipName[nWantZip]); if (nRet!=0) return 1; nCurrentZip=nWantZip; } // Read in file and return how many bytes we read nRet=ZipLoadFile(Dest,ri.nLen,pnWrote,RomFind[i].nPos); if (nRet!=0) { return 1; } return 0;}//ayeyeint BzipOpen(bool bootApp){ int nRet=0, nMemLen=0, z=0; // Zip name number int i; bFoundSomeZips=0; // Haven't found zips yet if (szBzipName==NULL) return 1; BzipClose(); // Make sure nothing is open if(!bootApp) { // reset information strings to nothing BzipText.Reset(); BzipDetail.Reset(); } // Count the number of roms needed for (i = 0;; i++) { nRet=BurnDrvGetRomInfo(NULL,i); if (nRet!=0) break; } nRomCount=i; if (nRomCount<=0) return 1; // Create an array for holding lookups for each rom -> zip entries nMemLen=nRomCount*sizeof(struct RomFind); RomFind=(struct RomFind *)malloc(nMemLen); if (RomFind==NULL) return 1; memset(RomFind,0,nMemLen); for (z=0;z<BZIP_MAX*4;z++) { char *szName=NULL; szName=szBzipName[z]; if (szName==NULL) break; // No more names in the szBzipName list ZipClose(); nCurrentZip=-1; // Close the last zip file if open // Open the rom zip file nRet=ZipOpen(szName); if (nRet==0) {//ayeye if(!bootApp) BzipText.Add("Fichier %s Bon.\n",szName); bFoundSomeZips=1; nCurrentZip=z; // Mark as open // Get the list of entries ZipGetList(&List,&nListCount); }//ayeye else if(!bootApp) {#ifndef _XBOX BzipText.Add("Impossible d'ouvrir %s\n",szName);#endif } for (i = 0; i < nRomCount; i++) { int nFind; struct BurnRomInfo ri; if (RomFind[i].nState==1) continue; // Already found this and it's okay memset(&ri,0,sizeof(ri)); nFind=FindRom(i); if (nFind<0) continue; // Couldn't find this rom at all RomFind[i].nZip=z; // Remember which zip file it is in RomFind[i].nPos=nFind; RomFind[i].nState=1; // Set to found okay nRet=BurnDrvGetRomInfo(&ri,i); // get info about the rom if (List[nFind].nLen==ri.nLen) { if (ri.nCrc) // If we know the CRC { if (List[nFind].nCrc!=ri.nCrc) RomFind[i].nState=2; // Length okay, but CRC wrong } } else if (List[nFind].nLen<ri.nLen) RomFind[i].nState=3; // Too small else RomFind[i].nState=4; // Too big if(!bootApp) { if (RomFind[i].nState!=1) RomDescribe(&BzipText,&ri);#ifdef _XBOX if (RomFind[i].nState==2) { BzipText.Add("%s a le CDC %.8X.\n(Il doit avoir %.8X.)\n", GetFilename(List[nFind].szName),List[nFind].nCrc,ri.nCrc); } if (RomFind[i].nState==3) BzipText.Add("%s de %dk en partie incomplete.\n(Il doit avoir %dk.)\n", GetFilename(List[nFind].szName),List[nFind].nLen>>10,ri.nLen>>10); if (RomFind[i].nState==4) BzipText.Add("%s de %dk est trop gros.\n(Il doit etres %dk.)\n", GetFilename(List[nFind].szName),List[nFind].nLen>>10,ri.nLen>>10);#else if (RomFind[i].nState==2) { BzipDetail.Add("%s a les CRC %.8X. (Il doit avoir %.8X.)\n", GetFilename(List[nFind].szName),List[nFind].nCrc,ri.nCrc); } if (RomFind[i].nState==3) BzipDetail.Add("%s de %dk en partie incomplete. (Il doit avoir %dk.)\n", GetFilename(List[nFind].szName),List[nFind].nLen>>10,ri.nLen>>10); if (RomFind[i].nState==4) BzipDetail.Add("%s de %dk est trop gros. (Il doit etres %dk.)\n", GetFilename(List[nFind].szName),List[nFind].nLen>>10,ri.nLen>>10);#endif } } ZIP_LIST_FREE(List,nListCount) } if(!bootApp) { // Check the roms to see if they code, graphics etc are complete CheckRoms(); if (bFoundSomeZips) { if (nBzipError==0) BzipText.Add ("La romset est correct.(Controle CRC non actif !)\n"); if (nBzipError&0x7) BzipText.Add ("ATTENTION la romset est INCOMPLETE.\n"); if (nBzipError&0x01) { BzipText.Add("Essential rom data is missing.\nLe jeu ne va provablement pas ce lancer.\n"); } else { if (nBzipError&0x10) BzipText.Add("Des partie essentiel de la rom sont different. "); if (nBzipError&0x02) BzipText.Add("Les Data Graphique sont manquant. "); else if (nBzipError&0x20) BzipText.Add("Plusieurs Roms graphique roms sont differents. "); if (nBzipError&0x04) BzipText.Add("Les Data Graphique sont manquant. "); else if (nBzipError&0x40) BzipText.Add("Plusieurs Son roms sont differents. "); if (nBzipError&0x76) BzipText.Add("\n"); } } BurnExtLoadRom=BzipBurnLoadRom; // Okay to call our function to load each rom } else { if(CheckRomsBoot()) return 1; } return 0;}int BzipClose(){ ZipClose(); nCurrentZip=-1; // Close the last zip file if open BurnExtLoadRom=NULL; // Can't call our function to load each rom anymore nBzipError=0; // reset romset errors if (RomFind!=NULL) free(RomFind); RomFind=NULL; nRomCount=0; return 0;}void GenericMessage(char *szMessage){ BzipText.Add(szMessage);}

on est sur que lantus nous tapera pas dessus il est de 1992

intéressant alors on peut faire des fbax en français sans controle de CRC et plein d'autres truc fun du momment qu'il n'y a pas de drivers de - de 2 ans c'est sa ?

c'est valable pour pal mal d'émulateurs open source et d'éviter les dérives... Perso le plus fun c'est la course a l'émulation pour essayer d'émuller au plus vite les dump les protection

je pense que ce qui gêne lantus c'est comme mame : Cf la FAQ : Il y as cette "regle" aussi des 2 ans dont les auteurs d'émulateurs sont ferme aussi (cas de kof)....

Bah pas de photos tu en a sur ce post : http://www.gueux-forum.net/index.php?showtopic=16121# Ouais c'est dommage Cedric2911 je suis bloqué mais déja j'ai des m-**** de compilation...

oupsss!!!!!!!!!!!!!!!

Neomamex (NEO GEO MAMEx ) pour Mame B6 avec tous les drivers neo-geo et le dernier mame. (ne pas confondre avec mameox)

Vache t'es dur moi j'aime bien les music !!!! Si vraimment tu aime pas les son sont au format ADX comme sur dremcast donc resort tes vieux tools adx (son) pour en créé des persos ou prendre ceux de la dreamcast ou de billy hatcher sur game cube (j'avais fait un fun hacks avec sonic heroes avec les son de billy hatcher et video)