Article 3048 of rec.games.corewar: Path: news.cs.utah.edu!utah-morgan!cs.utexas.edu!howland.reston.ans.net!vixen.cso.uiuc.edu!newsrelay.iastate.edu!dunix.drake.edu!acad.drake.edu!pk6811s From: pk6811s@acad.drake.edu Newsgroups: rec.games.corewar Subject: Re: The '94 Warrior (tracing boot code) Date: 21 Jun 94 08:37:41 CST Organization: Drake University, Des Moines, Iowa Lines: 82 Distribution: world Message-ID: <1994Jun21.083741.1@acad.drake.edu> References: <2u651d$a9n@magus.cs.utah.edu> NNTP-Posting-Host: acad.drake.edu In The '94 Warrior Brandt says: > exploit any information in that code. Now, more than ever, I think it will > become important to spend a couple of extra instructions covering up your > trail after you boot-strap. Eclipse II used a b-scan to find startup code, then bombed 'through' each instruction it found, hoping to catch boot pointers. It was pretty good at catching imps (using a spiral attack) and a few other programs. One thing I found in tracing startup instructions. You have to be careful about small pointers that cause you to bomb other startup instructions. You might end up destroying the pointers you were looking for. This also leads to a defensive strategy: put a- and b- references in your decoy to your own pointer instructions. Then when the scanner attacks through those references he will destroy your pointers for you. Put references both before and after the pointers. I don't know why, but I got the impression that Insight was doing some kind of trace like this, so I messed around over the weekend with Torch (also to make it a little more djn-proof :-). Here's the latest: ;redcode-94 verbose ;name Torch t5 ;kill Torch ;author P.Kline ;strategy very rapid incendiary bombing, core-clear & gate ;strategy plus decoy & boot & djn resistance ;macro step equ 73 count equ 1800 boot1 equ 2150 boot2 equ 3508 for 5 mov.i #sp-300,2667 rof smptr dat #1,#sm+boot1 ; a-ref to gtptr gtptr dat #-1,#gate+boot1 ; a-ref to smptr start jmn.f c2,@copy1 ; don't boot onto opponent's code mov smptr d2 mov gate,>gtptr copy1 jmp @0,cp+boot1 dat 0,0 dat copy1,copy1 ; a- and b-refs to copy1 gate dat >-step+1,<-step c2 mov -step ; spl half of the incendiary in add #step+step,@msp ; '@msp' for djn-resistance msm mov sm,>tgt-(step*count) msp mov sp,@msm ; bomb alternately with spl & mov tgt djn.f in,>3157 ; bombed with spl to start clear clr mov gate,<-13 cp djn.f clr,>3 copyf dat #0 for 30 mov.i #sp-300,2667 rof dat #copy1,#copy1 ; a- and b-refs to copy1 sm mov @0,>step ; mov half of the incendiary end start Paul Kline @c@ pk6811s@acad.drake.edu - ignorance exceeded only by inquisitance -