Unprotected Memory
October 8, 2008 9:27 PM   Subscribe

So, you watched the movie Tron, and now you want to run your computerized guy off of the game grid and into the rest of the computer system? That's exactly what Daniel Wellman did on his Apple IIgs.
posted by CrunchyFrog (34 comments total) 28 users marked this as a favorite
tl;dr: buffer overrun
posted by TheOnlyCoolTim at 10:01 PM on October 8, 2008

Here is a modernized flash version of Tron.

It sucked up a whole afternoon of mine a few months ago.
posted by clearly at 10:15 PM on October 8, 2008

I did this with a hacked copy of Bolo on the Apple ][e -- pretty fun, when graphics are mapped into sections of core. I drove my tank right off into never-never land, where the map walls flickered unpredictably and moved at random, and then I crashed the system.

It was great.
posted by Michael Roberts at 10:37 PM on October 8, 2008 [1 favorite]

I've done that. Made a sub game where you shot ships at the top of the screen like 16 years ago. Old school, pre-dos4gw I believe. Mode X for graphics (Yay Michael Abrash)

Didn't clip the torpedoes when they went off the top of the screen so they just wandered out into system memory and crashed everything.

Sorta fitting if you ask me.
posted by Lord_Pall at 10:40 PM on October 8, 2008 [2 favorites]

I don't know whether to be proud or sad that I remember enough Apple ][ programming to know how and why their program crashed before I got to the explanation. As poor as my memory is, you'd think I'd have reallocated those neural connections for another use by now.
posted by D.C. at 11:09 PM on October 8, 2008

posted by nudar at 11:16 PM on October 8, 2008

As a non-programmer, I have to say: Wow. That's damn cool. And very well explained.
posted by brundlefly at 11:51 PM on October 8, 2008

Definitely RTFA, guys. This isn't about Tron-the-game, it's about something a lot cooler.
posted by archagon at 1:12 AM on October 9, 2008

Definitely RTFA, guys. This isn't about Tron-the-game, it's about something a lot cooler.

Guy writes Tron game program, glitch crashes his computer. Nerds are fascinated. Nudar posts glitch free version of the game.
posted by nudar at 2:43 AM on October 9, 2008

I was going to express surprise that anyone with any assembler knowledge at all would be so impressed by this behavior, but then I remembered my own early video memory out of bounds adventures. Seem to recall an Araknoid clone that I made crashing the old C64 a lot with a wayward bounce. Good times. Good times.

Also; I just realized how dirty peek and poke sound.
posted by Skwirl at 2:44 AM on October 9, 2008

Heh. I well remember all the weird crap I used to pull with PEEKs and POKEs back in my Apple days. Yay Beagle Brothers!

I also remember similar issues with my old Timex TS-1000. I was playing around with the first iteration of a long line of attempts (across multiple platforms) of learning roshambo games. I wrote an array so big it slid right over the memory barrier into system memory.

To borrow a Stephensonism, the machine snow crashed and I lost all my work. My aunt also won $200 from a Timex magazine for writing a bomb diffusing game in the blistering 1K of memory that, incidentally, did not go berserk and eat the whole machine.

And this, BTW, is why I never pursued coding as a career...
posted by Samizdata at 2:46 AM on October 9, 2008

Ah, I used to do something analogous. Computers can be so predictable to play against, especially in the Olden Days. After I had gotten to the point where I'd beat my Apple ][e at Othello, every time, I was eventually making moves as fast as the computer would, so a very long game of Othello might take a full ninety seconds if I handicapped myself. I took a couple of photos of me stonewalling the game in under ten moves. Great, what do I do with my Othello obsession now? I eventually located where the program resided in memory and wrote a little bit that would randomly POKE the appropriate parts of memory with random bytes. Sometimes just one, sometimes several.

Often, the computer would lock up (I might not have been all that careful where I was putting those bytes). Or it would begin playing nonsensically, like putting each piece on a line, or even an intersection of lines, rather than on the blank space. The screen might go all weird. The new version might decide that I got no turns at all. But every so often, one of my random assaults on the system would produce a version of Othello where it would play a game, normally, no errors, no random blocks of text appearing, but differently. I was used to it putting a piece there when I put mine here, but now it's all switched up. And in a reasonable manner. I realized that I was playing against a whole new opponent and it would often beat me because I had become so attuned to this other organism I'd prey upon.

I got blown out of my hyperspecialized niche by the offspring of a random mutation. It's one of those weird moments where you not only get what you have done, but also that these are the experiences that can bring home, if only on an artificial level, the idea of microevolution.
posted by adipocere at 3:59 AM on October 9, 2008 [5 favorites]

On my Amstrad, with the security of the plot and test commands, I never had this problem when I made my Tron game.

But I still had fun pokeing random memory locations to see what would happen.
posted by Jimbob at 4:02 AM on October 9, 2008

Apple IIs were for the rich kids. TI 99/4A REPRESENT!
posted by sexymofo at 4:30 AM on October 9, 2008 [2 favorites]

Hey, I had the TI 99/4A, I traded up. You think you had it rough? I started on the Timex-Sinclair. You don't sneer at the palace of the Tooey from your Cosby-pimped Jell-O-loving Tee-eye without recognizing I came from the sticks where 2K is all you had to work with all year ... tied my fingers up in knots just trying to GOTO somewhere. Oh, I made some dice on my TS1000, yeah, real proud, my first computer now sounds like some kind of she-male porn with time travel and CGI. I make that thing play Tic-Tac-Toe, that's a big day. Now you come up to me with your Parsec cartridges and speech synthesizer module, telling me how I'm rich and don't know how it is for the little folks. I wrote a lot of term papers to get the scratch and put me where I am: stretch limo extended memory, put the extra after that pillar. I've got a dot matrix printer now, but that cassette drive storage you're all thinking is rough stuff was happy days for me back when I graduated from having to type in the same programs every time I wanted to do something and I didn't have any sprites to work with, just some cuneiform-lookin' wingdings in a non-ASCII character set that put me back years trying to memorize my character codes.
posted by adipocere at 5:00 AM on October 9, 2008 [2 favorites]

I hacked a version of Karateka to make the opponent instantly die whenever "Esc" was pressed. The funny thing was, the cut scenes were driven by the same routines as the actual game. So when you pressed Esc during a cut scene, one of the characters in the scene would go "Eyahhhh!" and die. It was very meta.
posted by RobotVoodooPower at 5:21 AM on October 9, 2008 [4 favorites]

I discovered a similar bug in Super Mario Land 2. You could pause a level you had already beaten and quit without finishing it if you wanted to---however, if you did this while going down one of the pipes, the Game Boy would think you were still descending when you started whatever level you chose to do next.

The result was Mario falling through the floor of that level---and usually a long way after that. Eventually you would "land" on an assortment of random blocks and other shapes---clearly, the Game Boy trying to visualize non-level-related data in its memory. You would not have far to go before you fell "into" those blocks---and once inside, jumping around could change what they were (just like hitting a '?' block with your head changes it in the ordinary parts of the level). Usually the Game Boy would lock up before you got the chance to hit many blocks.
posted by tss at 5:21 AM on October 9, 2008

posted by DU at 5:34 AM on October 9, 2008

Well, hell, now I want to fire up my Apple ][e and see if I can find this game.

Except I have neither a monitor nor a disk drive for the ][e, I just have the body (with the 64k memory expansion, w00t!)

I think the best part of this story is not that the programmers crashed system memory, but that they got the program to crash itself using the same paradigm as in the movie: Player breaks the game boundaries and wanders into system memory. If it were any game other than Tron this wouldn't be as fun to read.
posted by caution live frogs at 6:01 AM on October 9, 2008 [2 favorites]

Anybody remember Atari Surround ?
posted by parm=serial at 6:15 AM on October 9, 2008

Anybody remember Atari Surround ?

On the VCS? Sure! As was common with VCS carts, there were a bunch of game modes. One of them allowed you to stop leaving a trail behind your cycle (well, a block, actually) when you pressed the button.

As a round progressed, your cycle would get faster and faster until it was flying across the screen.

When we played, we would hold down our buttons from the beginning so no trails were left. Then we waited until maximum speed was reached and would simultaneously release our buttons on one...two...three!

Survival times were 2-3 seconds.
posted by bitmage at 6:28 AM on October 9, 2008 [1 favorite]

As someone with absolutely no computer programming skills, the closest I ever got to something like this was putting Atari 2600 cartridges not quite all the way into the machine; quite often the colors would be all fucked-up, and IIRC the gameplay would sometimes be kind of weird, too (i.e. stuff not interacting the way it was supposed to, etc.).
posted by you just lost the game at 6:30 AM on October 9, 2008

posted by jaduncan at 7:13 AM on October 9, 2008

Apple IIs were for the rich kids. TI 99/4A REPRESENT!

Ahhhh... Microsurgeon, Parsec, Hunt the Wumpus, Adventure, Tunnels of Doom, the list of awesome goes on and on...
posted by Dr-Baa at 8:28 AM on October 9, 2008

bitmage, my brother and I used to play the same mode on Surround! Good times.
posted by Dr-Baa at 8:29 AM on October 9, 2008

Great story. Similar story is the Pac-Man level 256 split screen analyzed and fixed. Sadly, most computer program crashes are much less interesting.
posted by Nelson at 8:41 AM on October 9, 2008 [2 favorites]

Yup. Did the half-cartridge thing that yjltg is describing. Had a TI99/4A but never messed with it to this extent.

I think the best part of this story is not that the programmers crashed system memory, but that they got the program to crash itself using the same paradigm as in the movie: Player breaks the game boundaries and wanders into system memory. If it were any game other than Tron this wouldn't be as fun to read.

posted by Durn Bronzefist at 10:10 AM on October 9, 2008

You know, I used to do something similar to what yjltg did. With the aforementioned Adventure on the TI, we had a cassette tape deck which acted as primitive data storage. You would start the cartridge, which was the basic program, then load the cassette of the adventure you wished to play. These were all the Scott Adams text adventure games- Ghost Town, The Golden Voyage, Mission Impossible, etc. If you were playing one of the games and wished to save your progress, you would pop a blank cassette into the tape deck, hit record, and the TI would record some tones to it (they sounded kind of like data sent over a 56k modem).

Then you had the option to load your saved game progress from a cassette tape later on. What was really interesting is if you loaded game data from one game into a different one. For example, loading Voodoo Castle data into the Pirate's Adventure game. Weird text stuff, like:

"You are standing in a room. Torch. Obvious exits: ?!@, NORTH, NORTH, NORTH

You are wearing a parrot."

Most actions wouldn't work, but some would. Often times the actions that worked led to instant death. Good times.
posted by Dr-Baa at 10:27 AM on October 9, 2008 [1 favorite]

I would have happily messed with the cassette tape storage, Dr-Baa, and I thought about it, but given that Tunnels of Doom took about a half hour of squaking and humming to load, I knew I didn't have the patience to mess with it in any trial and error fashion.
posted by Durn Bronzefist at 10:36 AM on October 9, 2008

I did the same sort of thing on the C64 with sprites and Apple BASIC-compliant PEEK and POKE commands. I thought it was pretty cool at first, then I learned where the limits of screen memory were and I wrote constraints into my function. In its own way that was even cooler -- mastery over the system.

I'm sort of struggling to recall the excitement of those first, heady, reboot-filled days. Maybe I've been a Windows user for far too long now, but, "Wow! I can break this!" has lost its cachet.
posted by dhartung at 11:31 AM on October 9, 2008

And all the time I was expecting him to move on and design an algorithm, which would change its behaviour once off the video memory grid - it could analyze memory content and go around the obstacles (which would be pieces of code whose disruption would crash the world, erm, computer, and kill the program), but no.

Thinking of it, such algorithms are being made. We used to call them V-I-R-U-S.

Summary: pretty boring for a 2008 post. Maybe back in 1988, I'd care.
posted by Laotic at 12:16 PM on October 9, 2008

posted by Guy_Inamonkeysuit at 1:30 PM on October 9, 2008

Pac Man & other games' kill screens fixed, previously.
posted by Pronoiac at 4:21 PM on October 9, 2008

Fantastic, thanks. Nice to see screenshots of shooting yourself in the stack.
posted by Skorgu at 4:28 AM on October 10, 2008

« Older P/E Ratios, The other elephant in the room   |   I drink it up. Everyday. I drink the blood of lamb... Newer »

This thread has been archived and is closed to new comments