Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Call DLL

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 2:27 am (55892)

I am trying to get the function arkLZDecodeMemory from arkkdm.dll but I only get the error
Quote:
Error: file arkkdm.dll has not been found or cannot be loaded

This should be the correct LZ decompression for the arcade dance masters.
I attached a sample file
SIZE was - 00 0E 36 B0
ZSIZE was - 00 0B 21 18

Ida shows the function like this in psuedo code.

Code:
int __stdcall arkLZDecodeMemory(void *a1, int a2, int a3)
{
  size_t v3; // eax
  signed __int32 v4; // edi
  void **v6; // eax
  void **v7; // esi

  v3 = _byteswap_ulong(*(_DWORD *)a2);
  v4 = _byteswap_ulong(*(_DWORD *)(a2   4));
  if ( v3 <= a3 )
  {
    if ( !v4 )
    {
      memcpy_0(a1, (const void *)(a2   8), v3);
      return 0;
    }
    v6 = (void **)XCd229cc000141(0);
    v7 = v6;
    v6[1] = (void *)(a2   8);
    if ( v4 <= 0 )
      v4 = -1;
    v6[3] = (void *)v4;
    *v6 = a1;
    v6[2] = (void *)a3;
    if ( !(unsigned __int8)XCd229cc00008c(v6) )
      XCd229cc0000e6("package", "????? cstream INFLATE failed.\n");
    XCd229cc000025(v7);
    XCd229cc0000e3(v7);
  }
  return 0;
}

kdm_dlls.7z

  • Author
  • Localization

aluigi, posted Tue Apr 14, 2020 10:14 am (55900)

I didn't check that dll but there are various reasons why a dll may not be loaded:
- it's 64bit (quickbms is ever 32bit so can't load these dlls)
- it needs other dll that aren't available in the folder
  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 10:49 am (55906)

Do i need to copy normal windows dll's into the same folder with it?
These are the dll's it lists under the import table.
It should be 32 bit application.
Quote:
libavs-win32.dll
libavs-win32-ea3.dll
ess.dll
libacio.dll
KERNEL32.dll
IMM32.dll
GDI32.dll
WINMM.dll
libafp-win32.dll
USER32.dll
  • Author
  • Localization

aluigi, posted Tue Apr 14, 2020 11:02 am (55909)

The first 4 and libafp-win32.dll must be in the same folder of your dll.
  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 1:40 pm (55924)

Ah now it is loading it.
i am trying this script

Code:
get SIZE asize
log MEMORY_FILE 0 SIZE
CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE MEMORY_FILE SIZE 0xE36B0


I get this error
Quote:
--------------------------------------
- library arkkdm.dll loaded at address 10000000
- function found at offset 100542D0

-------------------
*EXCEPTION HANDLER*
-------------------
An error or crash occurred:

*EH* ExceptionCode c0000005 access violation
*EH* ExceptionFlags 00000000
*EH* ExceptionAddress 100542D7
10000000 000542d7 arkkdm.dll
*EH* NumberParameters 00000002
*EH* 00000000
*EH* 000E36B0

Last script line before the error or that produced the error:
3 CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE MEMORY_FILE 0xE36B0


how would you assume I should call this function?
  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 1:55 pm (55925)

this code does not error but I get the input file back not uncompressed?

Code:
get SIZE asize
log MEMORY_FILE 0 SIZE
CallDLL "arkkdm.dll" arkLZDecodeMemory stdcall RETURN_VALUE 0xE36B0 MEMORY_FILE 
get SIZE asize RETURN_VALUE
print "%SIZE%"
log NAME 0 SIZE RETURN_VALUE
  • Author
  • Localization

Ekey, posted Tue Apr 14, 2020 4:01 pm (55930)

Because function in your case returns is 0.

1) As you can see in the code - 2 values (zsize and size) are taken from the buffer and swapped in process.

Code:
  v3 = _byteswap_ulong(*(_DWORD *)a2);
  v4 = _byteswap_ulong(*(_DWORD *)(a2   4));


Code:
MOV EAX,DWORD PTR DS:[EBX]
MOV EDI,DWORD PTR DS:[EBX 0x4]

BSWAP EAX
BSWAP EDI


Buffer data must be like this..
00 0E 36 B0 00 0B 21 18 5F 4B 54 4D 44 4C 00

2) Arguments:

Aslo it copy data by memcpy from a2 to a1. My opinion it's must be >
Code:
dec_buffer, comp_buffer, size
  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 6:56 pm (55938)

Interesting that makes sense.
Did you get calldll to work with this sample file?
  • Author
  • Localization

Ekey, posted Tue Apr 14, 2020 7:19 pm (55939)

Nah. To find out the whole logic of this function, you need debug this app in runtime. What the game?
  • Author
  • Localization

chrrox, posted Tue Apr 14, 2020 7:44 pm (55941)

Its Dance Evolution Arcade version.
  • Author
  • Localization

aluigi, posted Fri Apr 17, 2020 9:55 am (56022)

I don't know if that konami-lz77 is under a different name but saxman is definitely there in quickbms
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.