Hey, how did you pull this off!? By running the player under debugger to identify call to sort routine? Something simpler? Amazing!
Hehe.
I'm afraid it wasn't anything as heroic as stepping through the player one instruction at a time or reading and understanding the entire disassembled code.
Empeg publishes a partially linked player binary on their website (due to the licensing requirements of the GNU C library). I was quite surprised to find that they hadn't stripped their own symbols from that binary, so it contains many function names from the empeg source code. (I just hope I don't regret mentioning this here.) Looking through them, there were several functions with names like _introsort_loop__H3ZP8MenuItem and sort_heap__H1ZP8MenuItem (the cryptic suffixes are due to the C++ compiler "feature").
Rather than trying to read the code and figure out which of these functions calls which and when, I decided to try and get a stack trace at the point when they are called, that would immediately tell me which is the top-level sort function. I wrote a little wrapper around the strcasecmp library function that the player uses to compare the strings. Trying to put a breakpoint on that and get a backtrace with gdb got me nowhere (gdb has issues with threaded executables, and the ptrace system call that lets me attach to a process later on was also not working). So I printed the stack contents in the wrapper function and walked up the call chain manually.
A few levels up from my wrapper was a function called Sort__4Menui. I hadn't noticed it before since I searched for "sort", lowercase "s" - duh. I looked at the disassembly of that function and the first thing it does is something like "if (whatever) return;". It doesn't get any simpler than that - I just had to change the conditional branch to unconditional and the function will never do anything. At this point I took out my ARM book ("ARM system-on-chip architecture" by Steve Furber - highly recommended) and figured out the hex codes I needed to change (it was only one byte change). I tried the resulting binary and sure enough I got unsorted menus!
It was getting late that night so I left it at that. Next morning I woke up all worried. OK, I get unsorted menus, but are they actually in playlist order, or in some other order (e.g. FID order, upload order, random)? I did some tests with emplode, sorting my playlists in various ways and they all seemed to come out OK. Phew. Then I just had to write a small utility that can tweak that one byte back and forth, post on the BBS and wait for the applause.
Now let's see what other intersting symbol names they have in there...
Borislav
Previous Topic
Index
