PG - Reverse engineering a DOS PC FMV Game from 1994

so without any further delay uh see across you all right hi uh good to see you i'm glad you could all make it so we're doing a presentation here on reverse engineering real ms das game from 1994 for fun because we can't feel free to take pictures of anything that's on the screen nothing here is uh privileged or an issue so uh um my actual name is andrew luten i do go by uh cpros corc pro for most of it uh my early childhood consisted of taking things apart making all my battery powered things act up uh yo learning how to put things back together after uh i had taken them apart um and i got to the point where i wasn't leaving any extra screws or extra screw holes that is important uh so i got bit by the computer bug and uh in preschool by an apple two plus uh computer using a 6502 processor and um yeah so the basic deal with that was i'm not kidding i got on that computer and i either put it into a test mode or i made something in apple basic that caused a bunch of junk to scroll across the screen computer teacher thought that i had broken the computer which if you've ever used an apple ii you can't break it um and so they sat me in the corner you know put my name on the chalkboard didn't get my snack for the day i was hooked had to do computers how to have my own so they were prohibitively expensive in the 90s like and it was really hard for me to justify it or get one but i was going to do it so what i ended up doing quite a few years later was i was at a computer swap meet and they had a pile of original ibm pcs um and i bought one for 42. and for my 42 dollars best 42 dollars i've ever spent i got myself an ibm 5150 the original pc a clicky clacky keyboard um two five uh and a quarter drives 256k of ram a monochrome green screen and i my parents and me truck this stuff home and uh the first thing i did was take it apart put it back together take it apart put it back together learn exactly what it was and i started upgrading it i put a 42 meg hard drive in it 640k of ram cga graphics learned everything the hard way about dip switches and jumpers um so after that i built my first computer at nine i got my plus at age 13. um kind of funny story about that my mom brought me to uh icon uh business solutions who did a plus testing um and uh the front desk secretary said uh ma'am uh you're gonna have to you know leave your son somewhere else for not a daycare facility my mom said oh no he's taking the test so so yeah so that was fun so uh back then they offered a good deal half off if you take the brand new test and the old test and whichever one you pass you get to have a great plus certification i passed both and i did better on the adaptive test which i was supposed to do worse on because he's supposed to ask you more questions about stuff you get wrong anyway i have to thank my parents for being amazingly encouraging and supportive thank you um so now for something completely different in 94.95 my parents bought our first nice computer that is a gateway 2000 75 megahertz it had the f div bug it was a socket five uh cpu eight megs of ram 790 meg five meg hard drive a 2x cd rom a 14 for uh fax modem vibro 16 sound guard which is a cut down version of the sound blaster 16. it came bundled with some software and some games um and one of them was this game called the lawnmower man so i'm going to change video sources here so i can kind of show you uh what what this game was and why it was kind of bonkers to me so we're gonna wait for that to come up so keep in mind this is 1994. and i need to adjust some things [Music] unfortunately when you're doing things like this uh you have to just make things up as you go along so the graphics in this game are pretty pretty good because it's actually video hang on let's recalibrate here so this is actually gameplay right here [Music] so it goes right into this whole sequence here you'll see the catwalk and this is having anyone here play dragon's lair the arcade game this is quick time events before quick time events uh with coin is a term so this expects you to press buttons at a specific time get [Music] so we'll get into the technology [Music] and so okay so i missed that one but this is good because you see games were brutal back in the game killing you not enough you ready for this [Music] [Music] uh [Music] needless to say this made quite an impression on eight-year-old me or whatever it was [Music] so uh kind of cool thing this is your only pause screen in the entire game if you hit this button you have five seconds and then it restarts the entire game no matter where you are if you accidentally press the escape key up it's gone so uh let me go back to the other computer right now so i hope that kind of gives you an idea of what we're dealing with here which is complete insanity so this game made an impact but clearly as you can see for the wrong reasons so one does not simply run an ms-dos game so getting this game to load is a challenge if you're if you remember back in the day you had to edit your config assist your autoexec.bat your emm386 your highm.sys you had to configure everything properly in order for your game to run usually it broke other games and windows so there are terms that are very close to each other but they're not quite right so there's xms and ems memory i'm in dos and uh they're completely different things so if you have one and not the other then you're in trouble especially trying to run a game like this this game happens to use like xms memory but if you did everything right you configure it you remembered what you changed so you could change it back later so you could still boot windows then you were fine so as you saw you pressing escape at any time exits you and dumps you to dos there's no menu system there's no save system there's no pause button puzzles are timed and they would fail you if you took too long uh the pamphlet was vague about how to play this game it was not intuitive you're supposed to figure out how to play this game by trial and error um you got three failures and that was game over and that's over the entire game over all the different levels if you failed it three times you just restarted the game um and of course the continue button had a five second time delay and if you didn't hit it well tough uh so yeah the the game used quicktime events which is not to be confused with apple quicktime i only remember apple quicktime um before the tournament turned and uh it's like dragon's lair so yeah so these video segments are bridged by logic puzzles and captured video um which i can show a bit later if i get the time so neat things this thing was way ahead of its time for 94. like it was mind-blowing that it was even possible to do this on a computer you got full motion animation video and audio you got some pretty cool music i think um the story picked up from where the last movie left off so it's almost like another movie in fact i kind of wish one more man too had had this plot from this video game it would have been a lot better um and it gave you hours of serial gameplay so how the hell did they do this in dos that's the question i had um so 28 years later uh how to drop down a rabbit hole so how did we get here well it was just i was i was thinking about it i was like i want to get i want to dump the music from this video game because i think it's awesome and that's why as well so why all of a sudden now i don't know but uh you know it's a good time retro computing's big now and uh you know it's time to bring up some of the interesting skeletons in the closet so i came here for an argument not abuse so if we look if we look at our if we look at our files on our cd we got all kinds of stuff going on here this is not your standard binary executable um game this has some really big files some really small files everything in between the um eight sx files which um are at the top there uh like act granted act denied well that sure sounds like it could be sound effects right so you know in my brain before i even start opening things up in hex editor i want to kind of see what the developers uh did oh cool laser pointer don't know how to use it but uh oh it's green cool thanks so uh but yeah these ones right here they sure sound like uh you know audio files to me so a m um let's see let's see is there any of them yeah there's so maybe a m is an animation file uh brs uh well the brs file that we've got let's see where is that thing is uh right here it's screen save so maybe it's a screen saver i don't know so uh we got another one called lbm and uh let's see where is that very bottom okay so lbm file and we also have one called logo here so logo logo is probably an image file right so we got map files um maybe it's a keyboard map maybe it's mapped to files i don't know maybe it's an in-game app um and excel and i really think this is our video maybe our video and our audio and sht let's not try to think about that one too hard um but uh what we do know about them is they're tiny like 658 bytes tiny so what could they possibly be well let's let's try and figure that out so let's look at an hsx file first bang it's a sound effect file and we can figure out that it recorded with whatever studio 16 from sunrises so you jump down that rabbit hole and you find out yes it's a product for the amiga you know it's a whole entire digital workstation digital audio workstation cool so now we know that that file came out of an amiga and since the card was for an amiga 2000 it probably came from the omega 2000 so maybe we can uh you know work on that and think about uh what there is uh as far as that's concerned i need to grab um audio here so bear with me just a moment one part i didn't test all right so we've got an audio file it looks like it didn't play but that's fine with me it's just basically it says access granted so we uh then need to look at the other files and uh what we what we found out is uh that the lbm files are actually deluxe paint files which is another popular program for the amiga so we're starting to get a picture that this game might have been actually made on an amiga this pc game this pcdos game was made on amiga so we uh then take the animation files and we take them and we take them apart using this program that's made to work with the amiga and we find out indeed we have the precursor to jiff here which is deluxe paint animation how cool is that we were able to actually open this up on a pc so now that's not the entire game but uh we need to start putting the pieces together so the map file contains all these different files and where they are so this is how the game actually knows where they're installed and that's important because you have the ability to install all the animation files on the hard disk not the video files though you can install i think up to like 50 megs of uh of these animation files onto your hard disk so it wouldn't have to load it from the cd but the game had to know where to where to point them so it has when you install it on the drive it hard codes it to where the path was so if you make the unfortunate uh the unfortunate mistake of renaming that path or that directory the game will break because it's all hard-coded so what about this executable file that we got here dtv play well thanks to some people who actually took apart the program we were able to find the hidden switches and kind of funny because we have a dos program that uses case sensitive switches so s lower case we'll skip frames s capital will actually override which sht file we use sht files it turns out we'll get to later so uh yeah it's crazy this program runs in 16-bit real mode and basically takes complete control of the computer and uses all of its resources to play these video files so just really really neat stuff um so i really want to find out the real origins of this game so um i found all kinds of weird weird things here like cdtv.device cdtv cd tv error so i thought it was for commodore cd tv because you know it would make sense it was one of in commodore's interesting failed projects um they made a lot of mistakes like this so i'm curious has anyone ever seen a commodore cd tv before so yeah it's uh back in the day in 1991 it was a thousand dollar console so the people whining complaining about the ps3 being 6.99 got nothing on this thing so it was basically uh for all purposes an amiga 500 that was shoved into a fancy case that kind of looked like um you know a cd player and they really compacted i don't know if you can see that motherboard there but it's crammed and so they released it in 91. the movie came out 92 of march the uh commodore cd tv was actually discontinued in 1993 during the development of this video game and then they finally released it 94 for the pc so pencil spoken gun probably uh so looking for the information on lawnmower man and his potential connection to the cdtv i found a guy named peter who detailed the cdtv games that didn't make it uh and um the definitive cdtv retrospective part two uh we wrote for uh amiga world so he said the llama man sales curve wound up as an ibm game but started out as a cdtv project it is a series of linked arcade flying and puzzle games based around the rather silly movie which i can definitely say is a rather silly movie uh the game was well along he says he saw the show in 93 but they dropped the project um for something else so interesting so if we look um i was able to actually find out that there were two different conferences in 93 um in germany so if anyone's got footage of that i'd love to see if there's a cd tv running the lawnmower man um in any of that buried footage i haven't found any yet though so my theory is that i think it's possible to take the files that are on the cd and actually make it run on an original platform so um we've yet to decode the video files uh as of yet but we're working on it um i'm hoping that between b-sides and defcon i can have some you know a whole bunch of people who are smarter than me take a look at it and see what they need to see and actually take the video and dump it directly i think that's going to be an interesting fun challenge and kind of what i'm hoping to do here so my theory is that they might have used a video toaster in order to dump the files out um and they probably use magneto optical drives in order to actually uh to actually take the footage from the video toaster to the pc or whatever dev platform they were using then and then burn it into the final so i think these might be raw video toaster files that's my theory on it and uh they would include audio so it'd be kind of like a precursor to avi it would still be you know interlaced video audio just in a format that you can't open with vlc player or anything recent so i do have an amiga 2000 i do not have a video toaster i do not have the uh appropriate licenses or equipment to open up the files but maybe someday i will and then i'll be mistaken because if they did something else but again that's why i'm here so i hope that kind of gives you a interesting background of some of the technology that went behind this game um so i actually contacted the pro one of the programmers who worked on this game and he got back to me as soon as uh this talk was actually accepted so i found out some pretty cool things um so here are his words on it but i'll i'll uh you know paraphrase some of this so uh this just happened to be the best seller they had and they had another dude who ported it to the to the pc and this was actually meant for the amiga not for the cd tv this was meant as a full pledged amiga game which makes a lot of sense limitations in color palette everything that you see the way that they went about it the fact that they used an amiga as a development system it all makes perfect sense um so he told me that he i was right that the sht files were actually shot files they actually set up the uh the order that the video files run in um which is fascinating to me because it means that each one's a sequence and what he said was the way they made it work was they run two videos at the same time and depending on what input you put in it either gives you the fail or the the one that doesn't fail it's actually running the two at the same time even though it's a single speed cd drive and they did some pretty interesting hackery to actually make that happen as a result the input for the pc is actually quite janky it's not pulling very quickly so you can be pressing the button and it'll miss the pull so you almost have to spam the button for it to pick it up you know it's sort of like you know when you're frantically trying to press uh delete or f2 or f12 for your bias settings on a pc so yeah the fun part about the actual pc version was that he said that he they had an interrupt request blocking function in the program and it corresponded to when it was actually reading data from the disk so input from the keyboard wouldn't actually modify the data that was being run in through the dma and such so as a result you had no control during a discrete function and you really had no control at all because you're just watching a video of what happened after you hopefully put it in the correct input so the fact that they actually made it work is amazing to me because they had just so many crazy things that they had to overcome in order to make this thing happen so um right now i want to take some questions uh before i actually have someone try to play the game because i really want you to see how crazy this is hey how you doing thank you very much for your time i was wondering uh when i think amiga sound i think mods those mod files like they were like sequenced yeah i used to play with those a lot when i was a kid um do you know like a big issue was like they're porting all this from an amiga to a pc what about all the licensing all the libraries and stuff they have to port i mean that just seems to make the game prohibitively like expensive to develop i think they just hacked it they were just a game studio of like a couple of people i think they just hacked it and made it work they didn't even export it to wave or anything they just made it work i think most of the audio is actually inside the video file the raw video file um the only thing that's different is the things that are that are like the mod files which are these uh asx files here that i showed earlier and these happen to have samples and such and they must have written their own home built player forum instead of dealing with any of the licenses yes delhi player can play it in fact i got it right there on deli player so you can play the sound samples but it's usually just drum loops or maybe access granted or access denied you know it's nothing it's nothing really uh is none of the music is in there um let me see if i've got anything else on that don't think so but yeah so that's pretty much it on that um they just made it up as they went along and hacked it until it worked any other questions go ahead wait wait wait you gotta get the microphone first sorry about that that's my bad so the engine was made for multiple games not just lawnmower man have you explored any of those other games and tried to get them to run as well um i found that although the game engine was used for some other games they are so wildly different it's ridiculous and one of the other engines isn't even the same it's just named the same um pretty interesting so question for you um is you know with uh i know you're reverse engineering this that makes sense and i probably have this this disc somewhere i can't find it but is it posted anywhere we can get to it is it has it gone into the common domain yes uh you can grab it on archive.org um you just type in the lawnmower man and you can grab the iso of it um and uh it's there for uh messing around with and uh it's handy and if you want a physical cd i can give you one of those too