I think this might be the GUI system doing a screenshot of the image under a window, so it can restore it at the end. And it still does that here, even though we'll never need to restore that image: we're about to overwrite it

Here's what I want a tool to do:
I hit a breakpoint in the debugger, I turn it on, set another breakpoint, and hit go.
between those two breakpoints, every time a CALL instruction is hit, it dumps my selected memory region. If it's identical to the last dump, it's ignored.
At the end, each dump is rendered as an image, and the combined set are an animation I can scroll through.

I need a higher order debugger. I'm doing too much shit manually

GOT YOU, YOU SON OF A BITCH! I FOUND YOU.

it's in a function I already found, temporarily named "blit_related".

I guess they don't decode the image until RIGHT before it needs to go up on the screen!

if definitely decompresses and then blits the image as two parts, which aren't evenly sized, and it starts from the bottom

I think they're just trying to keep their RAM usage down by not having both halves in memory at once

wait is this image format vertically interlaced!?

It loads the half-width version, then a few functions later, it's been replaced with a full-width version.
Strange!

wait no, the colors are wrong... I bet I'm seeing it decompress the binary, but that's using the full width of the bytes. it then gets expanded out to a 16-color image.

well the good news is that I think I've found the decompress_image function. the bad news is that now I have to reverse engineer it

it's currently doing the obvious thing for a decompressor to do:
write the byte 04 every 69 bytes

oh sweet jesus, that's the left two pixels of the image.
it's loading the image vertically!

at least it's top to bottom.

yeah, doom did that too, but Doom was a 2.5D image that had to do pseudo-raycasting.

THIS GAME DOES NOT

it allocates a 1024 byte buffer, then makes a pointer to the end of it, minus -0x42?

why would you need a link to the end of a new, freshly cleared buffer, minus 62?

I think the memory allocation system here is that every malloc returns 2 extra bytes, which is a pointer to the previous block.
unless it's an odd number, in which case it's a free block. and pointer to the previous block, once you make it even again

I hate dealing with the internals of memory allocation systems. I prefer to leave that to smarter people than me

You see this little About dialog box? Guess how many times the DrawText function is called?

Once! and just to draw "Where in the World is Carmen Sandiego?".
The rest of the text is draw elsewhere, and I have no idea why.

correction: it calls it once to draw "Where in the World is Carmen Sandiego?" but that's unrelated to the one on screen WHAT?

Ahh, it's using a different version of the DrawFont call: DrawFontN