In the past few days, I started working on reverse-engineering a joystick driver written for Windows 98. It’s a six-button joystick which uses the ordinary (and, of course, obsolete by today’s standards) gameport. Since the gameport provides only four actual pins for representing buttons, drivers for devices that had more buttons had to use some sort of multiplexing. The main motivation behind this is to find out what kind of multiplexing is employed – and also, hopefully, write a driver for this joystick for Linux.
The first problem related to this was finding a utility that would read the contents of the VXD file containing the driver. The format of this file is the LX/LE „Linear Executable” executable format, which was used in OS/2 and early versions of Windows before the PE format took over. Fortunately, after some googling (and trying to write my own dumper for this format) I found a great utility called DUMPLX. It’s simply amazing, and features a full disassembler of the executable contents, and disassembles VMM/VxD calls as normal instructions, which was just what I was looking for.
The second problem was finding the definitions of the constants and structures used in the program. Microsoft doesn’t distribute old DDKs anymore, but I managed to get a hold of a copy of the Windows 98 DDK, which contains all the include files that I needed to work out what all the magic numbers mean. I put it up if on my mediafire account if anybody needs it : click.
Now, back to disassembling…