{"id":43,"date":"2005-03-13T09:41:08","date_gmt":"2005-03-13T16:41:08","guid":{"rendered":"\/?p=43"},"modified":"2006-05-18T10:47:02","modified_gmt":"2006-05-18T17:47:02","slug":"solutions-to-brief-re-puzzles","status":"publish","type":"post","link":"https:\/\/multimedia.cx\/eggs\/solutions-to-brief-re-puzzles\/","title":{"rendered":"Solutions To Brief RE Puzzles"},"content":{"rendered":"<p>Click on (more) for the solutions to <a href=\"http:\/\/multimedia.cx\/eggs\/index.php?p=42\">the brief RE puzzles<\/a>&#8230;<\/p>\n<p><!--more--><\/p>\n<p>RE puzzle #1 is a simple bitstream decoder extracted from the <a href=\"http:\/\/multimedia.cx\/svq1-format.txt\">Sorenson Video 1 (SVQ1)<\/a> decoder in Apple&#8217;s QuickTime v5 program. The C prototype and operation of the function can be expressed thusly:<\/p>\n<blockquote><p>\nunsigned int svq1_get_bits(struct bitstruct, unsigned int n);<\/p>\n<p>The function takes 2 parameters&#8211; a bitstream accounting structure (bitstruct) and an integer (n)&#8211; and returns the next (n) bits from the bitstream according to the information in bitstruct.\n<\/p><\/blockquote>\n<p>The bitstruct data structure must have at least 5 32-bit parameters (based on the fact that the last known member is at +0x10); only 2 of these are used in the function:<\/p>\n<ul>\n<li>bitstruct + 0x04 = current bit index<\/li>\n<li>bitstruct + 0x10 = bit buffer start address<\/li>\n<\/ul>\n<p>RE puzzle #2 takes a pointer to a data structure, checks that the pointer is non-NULL, and checks that the first field is equal to a particular size (0x3C). If everything checks out, return 1. If there is an error, set a global variable (at address 0xnnnn9000) to 4 and return 0. This ASM fragment comes from xanlib.dll, a video decoding module for decoding &#8216;Xxan&#8217; video used in various Origin games such as <em>Wing Commander IV<\/em>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Solutions to those brief RE puzzles&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-43","post","type-post","status-publish","format-standard","hentry","category-reverse-engineering"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":0,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/43\/revisions"}],"wp:attachment":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/media?parent=43"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/categories?post=43"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/tags?post=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}