i have project trying 'stream' dos game, working in dosbox on ubuntu. idea take screenshots of screen, upload these server. take screenshots dosbox, use xdotool trigger key combination "ctrl+f5", triggers screen capture. screenshot saved /capture folder, can read file.
the problem screenshots named progname_000.png, progname_001.png, ... prefer single file overriden. possible achieve?
currently using horrendous bash code below:
wid=`xdotool search --limit 1 --name "dosbox" 2>/dev/null` while [ 1 ]; fn=`ls ./dosbox/capture/ | head -1` cp ./dosbox/capture/$fn ./img.png rm ./dosbox/capture/* xdotool key --window $wid ctrl+f5 sleep 0.10; done every 100 ms, read capture file, take first file encounter, copy ./img.png, , clear capture folder, , take screenshot. better alternative?
(p.s: above code simplified; copy captured images more 1 image; img0.png , img1.png, while 1 being written on, other can read, page flipping. anyway.)
i found solution tampering compiled dosbox binary directly. have edited source , built project, fun in that?
the binary file in /usr/bin/dosbox. opened gdb in terminal root , wrote
gdb -write -silent /usr/bin/dosbox this solution dosbox 0.74 binary, compiled ubuntu 14.04.
first, screenshot filenames include 3-digit number, such 'whatevs_000.png'. filename constructed string using sprintf function call, using format string included either %3d or %03d. lucky search objdump -s /usr/bin/dosbox | grep "\%03" revealed string "%s%c%s%03d%s" indeed stored @ 0x5fa9c7.
after setting hardware access watchpoint awatch *0x5fa9c7, runned program in gdb (several continues might required). once dosbox boots, used ctrl+f5 take screenshot , trap program @ instruction in sprintf function. after several ups, in main program flow (address 0x4a9949). disassing upwards, discovered for loop had standard library calls achieve directory listing. detected entry point of loop (using 2 continue statements in loop, verified later checking source code), , replaced for-loop termination statement (0x4a9854) unconditional jump end of loop (0x4a9908) below:
set write on set *(unsigned char*)0x4a9854 = 0xeb short jump 0x4a98d4 set *(unsigned char*)0x4a9855 = 0x7e set *(unsigned char*)0x4a9856 = 0x90 fill remaining set *(unsigned char*)0x4a9857 = 0x90 bytes of previous set *(unsigned char*)0x4a9858 = 0x90 instruction nops set *(unsigned char*)0x4a9859 = 0x90 because why not set *(unsigned char*)0x4a98d4 = 0xeb short jump 0x4a9908 set *(unsigned char*)0x4a98d5 = 0x32 (i make 2 short jumps jump on longer range because opcode remember heart , sleepy google rest)
after point, dosbox overrides filename_000.png, filename being name of binary being emulated.
Comments
Post a Comment