Page 1 of 1

Snapshotting RAM of an app ... or the whole computer

Posted: Wed Aug 26, 2020 3:38 pm
by nudelooney
Hi everyone,

I'm trying to resurrect a piece of abandoned software, for a project. It's a bit niche, and although the author was originally very positive about letting me have the source code, he's since stopped responding to e-mails. He's moved on from the RISC OS scene and I guess some weirdo asking about a 20 year old project is not good motivation for him to go rummaging around in the loft for old disks! (I can understand that.)

The !RunImage is an executable, but the error message that appears on load includes a line number, which gives away that it's actually a BASIC program that's been obfuscated. But it's not one of those "first twenty bytes is code, then the rest of it is BASIC" that I used to see a lot of in the past ... it appears that the ARM code does some decryption or decompression of data into RAM, which is then run as BASIC.

I was wondering if I could grab a snapshot of the BASIC /after/ it's been loaded into RAM. So I'm looking for advice on any of these:

- a RISC OS app that will let me "snapshot" the RAM of a running app
- a way of just saving ALL the RAM
- an emulator that will let me dump all the RAM as a file

... so that I have something I can extract the BASIC out of.

Anyone have any thoughts?

Re: Snapshotting RAM of an app ... or the whole computer

Posted: Wed Aug 26, 2020 4:45 pm
by geraldholdsworth
There is an application that will extract the BASIC program, while running. I can't remember what it is called, or where I got it, but I shall go hunting on my RISC OS system and get back to you.

EDIT: It is called BASIC Ripper (!BASIC Rip) by Jonathan Hunt. The web address given is no longer valid, and it states RISC OS 3 only, but I've used it on RISC OS 5.

Re: Snapshotting RAM of an app ... or the whole computer

Posted: Wed Aug 26, 2020 7:48 pm
by IanJeffray
Unless it's one of the ones I wrappered for commercial purposes back in the 90s, then I expect you'll be able to get the BASIC out just by running the !RunImage directly at the command line, dropping to BASIC and then "OLD".

I used to add nefarious bits of wrappers to commercial things to prevent this very technique -- trapping the exit from BASIC, and trashing the program space so that "OLD" wouldn't see a valid BASIC program any more.

Note that it's necessary to perform this "OLD" trick from the F12 prompt rather than just running the !RunImage in the desktop, so that nothing else writes over the program before you "OLD" it back in to life.

Re: Snapshotting RAM of an app ... or the whole computer

Posted: Wed Aug 26, 2020 10:38 pm
by nudelooney
Thanks Gerald and Ian for your responses - I shall give both of those a go!

Cheers chaps!

Re: Snapshotting RAM of an app ... or the whole computer

Posted: Fri Aug 28, 2020 2:08 am
by sirbod
You could Alias BASIC to something else:

Code: Select all

set alias$BASIC DEBUG
Just about anything that enters a BASIC program via a decrypter is going to use OS_CLI and issue *BASIC @<start>,<end> so is easy to intercept, unless they also went to the lengths of intercepting CliV and watching for unexpected commands - Fourth Dimension titles did this for example.