Lingo bytecode

From Just Solve the File Format Problem
Jump to: navigation, search
File Format
Name Lingo bytecode
Ontology

This is a partial, work-in-progress examination of the bytecode created when Lingo code is compiled in Macromedia Director 4.0. It describes instructions for a stack-based virtual machine. This virtual machine is sometimes known as the IML, or Idealized Machine Layer.

Each instruction is one, two or three bytes.

  • If the first byte is in the range 0x00-0x3F, then the full instruction is one byte.
  • If the first byte is in the range 0x40-0x7F, then the full instruction is two bytes.
  • If the first byte is in the range 0x80-0xFF, then the full instruction is three bytes.

Constant blobs like string literals are stored after the bytecode, and referred to by records that are six bytes (director 7 uses eight bytes) long regardless of the actual length of the data. This means the first constant will be referred to as 0x00, the second constant as 0x06, the third as 0x0C, and so on. Integer literals over 32767 and floating-point number literals are also stored as constants.

There is also a namelist for referring to external identifiers, stored separately from the bytecode. This is a simple array of strings.

Contents

One-Byte Instructions

01 exit Leave the current function immediately and return to its caller. Automatically added as the final step of a function.
02
03

0

FALSE

+1

Push zero onto the stack.

04 (a * b) -2 +1 Pop two values from the stack, multiply them together and push the result.
05 (a + b) -2 +1 Pop two values from the stack, add them together and push the result.
06 (a - b) -2 +1 Pop two values from the stack, subtract the second from the first and push the result.
07 (a / b) -2 +1 Pop two values from the stack, divide the first by the second and push the result.
08 (a mod b) -2 +1 Pop two values from the stack, perform a modulo operation and push the result.
09 (-a) -1 +1 Pop one value from the stack, negate it and push the result.
0A (a & b) -2 +1 Pop two values from the stack, concatenate them and push the resulting string.
0B (a && b) -2 +1 Pop two values from the stack, concatenate them with one space character added in between, and push the resulting string.
0C (a < b) -2 +1 Pop two values from the stack, push 1 if the first is less than the second and 0 if not.
0D (a <= b) -2 +1 Pop two values from the stack, push 1 if the first is less than or equal to the second and 0 if not.
0E (a <> b) -2 +1 Pop two values from the stack, push 0 if the two values are the same and 1 if they are not.
0F (a = b) -2 +1 Pop two values from the stack, push 1 if the two values are the same and 0 if they are not.
10 (a > b) -2 +1 Pop two values from the stack, push 1 if the first is greater than the second and 0 if not.
11 (a >= b) -2 +1 Pop two values from the stack, push 1 if the first is greater than or equal to the sceond and 0 if not.
12 (a and b) -2 +1 Pop two values from the stack, push 1 if both are logically true and 0 if not.
13 (a or b) -2 +1 Pop two values from the stack, push 1 if either are logically true and 0 if not.
14 (not a) -1 +1 Pop one value from the stack, push 0 if it is logically true and 1 if not.
15 (a contains b) -2 +1

Pop two values from the stack, push 1 if the first is a string that contains the second and 0 if not.

The text comparison is case-insensitive and ignores diacritic marks, e.g. "a" and "Å" are treated the same.

16 (a starts b) -2 +1

Pop two values from the stack, push 1 if the first is a string that begins with second string and 0 if not.

The text comparison is case-insensitive and ignores diacritic marks, e.g. "a" and "Å" are treated the same.

17 (char a of c)

(char a to b of c)

(item 1 to 3 of someItems)

-9 +1 String slice/split operation. It takes nine arguments from the stack:
-9 First char position
-8 Last char position
-7 First word position
-6 Last word position
-5 First item position (items separated by the itemDelimiter, which is a comma by default)
-4 Last item position
-3 First line position
-2 Last line position
-1 The string to slice

The positions used here are one-based, so zero is invalid as a position and is instead used to indicate unused parameters. Only one "first X position" can be set, the rest must be zero.. Multiple first positions can be set to form constructs like "first character of the second word", or "first word of the second line". The corresponding "last X position" may either be set too, or it can be zero, in which case the first position will also be used as the last.

18 hilite word 1 of field 10 -9 Highlight (select) some text. The nine arguments taken from the stack are:
-9 First char position
-8 Last char position
-7 First word position
-6 Last word position
-5 First item position
-4 Last item position
-3 First line position
-2 Last line position
-1 Field number (cast ID)

The positions used here are one-based, so zero is invalid as a position and is instead used to indicate unused parameters. Only one "first X position" can be set, the rest must be zero. The corresponding "last X position" may either be set too, or it can be zero, in which case the first position will also be used as the last.

19 (sprite 1 intersects 2) -2 +1 Pop two sprite IDs and push 1 if the bounding rectangles of the two sprites touch at all, or 0 if they do not.
1A (sprite 1 within 2) -2 +1 Pop two sprite IDs and push 1 if the bounding rectangle of the first is entirely inside the bounding rectangle of the second, or 0 if not.
1B (field 1) -1 +1 Pop a cast ID (name or number), push the value of that cast member's text property.
1C tell someObject to go to frame 1 -1 Pop an object from the stack and begin running subsequent bytecodes in the context of that object, until code 1D is encountered.
1D tell someObject to go to frame 1 Marker for the end of a sequence of bytecodes started by 1C. Similar to 01 except for nested bytecode chunks instead of the main one.
1E -1 +1 Some kind of list transformation or check, seen used just before setting the actorList to []. More research is needed to know exactly what is happening there.
1F [#key: value] -1 +1 Pops a list that must be in the form [#symbol1, val1, #symbol2, val2 ...] to transform into [#symbol1: val1, #symbol2: val2 ...]

Two-Byte Instructions

41 XX 1 .. 127 +1 Push integer of value XX, which must be between 1 and 127, inclusive. To push zero, use 03. To push larger integers, use 81 XX YY.
42 XX a, b, c -XX +1 Pop the specified number of values off the top of the stack, create an unparenthesized argument list containing them (i.e. for a call statement like myFunction 1, 2, 3), and push that to the stack.
43 XX [a, b, c] -XX +1 Pop the specified number of values off the top of the stack, create a list for them (which can also be used for a parenthesized call expression like set result = myFunction(1, 2, 3)), and push that to the stack.
44 XX

"literal"

0.5

32768

+1 Push a constant from local constant records onto the stack. These records seem to be six (or 8) bytes long (regardless of the actual size of the constant value), so pushing the first one is 44 00, the second is 44 06 (or 44 08), the third is 44 0C, etc. To push the 65th one and beyond use code 84 YY ZZ
45 XX #symbol +1 Push a symbol with a name from namelist[XX]. Note that the name will be stored as "name", not "#name".
46 XX object +1 Push a object with a name from namelist[XX]. See also code 86.
47 XX
48 XX
49 XX

(someGlobal)

where previously declared:

global someGlobal

+1 Push the value of a global variable with a name from namelist[XX].
4A XX (the someProperty) +1 Push the value of a property
4B XX (someParam) +1 Push the value of a function call parameter. The parameter records seem to be 6 (or 8) bytes long, so the first is pushed with 4B 00, the second with 4B 06 (or 4B 08), etc.
4C XX (someLocal) +1 Push the value of a local variable. The local variable records seem to be 6 (or 8) bytes long, so the first is pushed with 4C 00, the second with 4C 06 (or 4C 08), etc.
4D XX
4E XX
4F XX set someGlobal = 0 -1 Pop one value and use it to set the global variable with name from namelist[XX].
50 XX set the  someProperty = 0 -1 Pop one value and use it to set a property.
51 XX set someParameter = 0 -1 Pop one value and use it to set a parameter.
52 XX set someLocal = 0 -1 Pop one value and use it to set a local variable. See code 4C 00 for a note about local variable records.
53 XX
54 XX end repeat Unconditional backwards jump by XX bytes, relative to the first byte of this instruction.
55 XX
56 XX localFunction(1,2,3) -1 +1 or +0 Call a function defined in this script with the name at namelist[XX]. The top value on the stack must be an argument list. If the argument list was created with code 43 XX, one return value will be pushed to the stack. If the argument list was created with code 42 XX, no return value will be pushed.
57 XX someFunction 1,2,3

(someFunction(1,2,3))

-1 +1 OR +0 Call the external function with name from namelist[XX]. The top value on the stack must be an argument list. If the argument list was created with code 43 XX, one return value will be pushed to the stack. If the argument list was created with code 42 XX, no return value will be pushed.
58 XX someObject(mSomeMethod, 1,2,3) -2 +1 OR +0 Pop [argument list, call target] to make a method call. If the call target is a literal number, this indicates a local variable is the target. It must be divided by six to get the actual local variable number. The first argument of the argument list will be a symbol with the name of the method. Note: It is still unclear what difference the value of XX makes. It has been seen as 0x01 and 0x05. More research is needed to know more. (Possibly local variables vs. call parameters?)
59 16 put value into field textVar -3 Pops 0, the variable name and the value from the stack and sets the value of the variable. The 0 is supposed to be related with the "field" mark. More investigation needed.
59 25 put value after textVar -2 Pops variable name and value from the stack and adds the value after the current value of the variable (string concatenation).
59 35 put value before textVar -2 Pops variable name and value from the stack and adds the value before the current value of the variable (string concatenation).
5A XX put value (chunkexpression) -10 XX determines the operation (0x1- = insert, 0x2- = after, 0x3-= before ) and the object type (0x-5 = local, 0x-4 = parameter, 0x-2 = object, 0x-6 = global). Both local and parameter are passed in as numbers and need to be looked up. Still need to do more work to map all XX codes. codes 59 XX, and 5B XX probably work the same.
5B XX delete something 3 of textVar -9 Like code 17, except deletes specific item, word, line or character.
5C 00

(the abbr time)

(the short date)

(the last word in someText)

-1 OR -2 +1

If the top value is one of the following setting IDs, pop it from the stack, and push the current value of the setting:

00 the floatPrecision
01 the mouseDownScript
02 the mouseUpScript
03 the keyDownScript
04 the keyUpScript
05 the timeoutScript

If the top value is a time-formatting ID, pop it from the stack, and push the current time formatted using it:

06 the short time 1:09 AM
07 the abbreviated time, the abbrev time, the abbr time 1:09 AM
08 the long time 1:09:38 AM

If the top value is a date-formatting ID, pop it from the stack, and push the current date formatted using it:

09 the short date 3/4/16
0A the abbreviated date, the abbrev date, the abbr date Mon, Mar 14, 2016
0B the long date Monday, March 14, 2016

If the top value is a slice type ID, pop both it and the previous value from the stack. The previous value will be a string, slice the last "bit" of it according to the slice type, and push the sliced value:

0C the last char
0D the last word
0E the last item
0F the last line
5C 01 (the number of chars in someText) -2 +1

Pop [text, stat ID] and push the stat value for the given text, using these stat IDs:

01 chars
02 words
03 items (separated by the itemDelimiter, which is a comma by default)
04 lines
5C 02 (the name of menu 1) -2 +1

Pop [menu ID, property ID] and push the value of the specified menu property, using these property IDs:

01 name
02 number of menuItems
5C 03 (the name of menuItem 3 of menu 1) -3 +1

Pop [item ID, menu ID, property ID] and push the value of the specified menu item property, using these property IDs:

01 name
02 checkMark
03 enabled
04 script
5C 04 (the volume of sound 1) -2 +1

Pop [sound ID, property ID] and push the value of the specified sound property, using these property IDs:

01 volume (0 to 255)
5C 06 (the cursor of sprite 3) -2 +1

Pop [sprite ID, property ID] and push the value of the specified sprite property, using these property IDs:

01 type
02 backColor
03 bottom
04 castNum
05 constraint
06 cursor
07 foreColor
08 height
0A ink
0B left
0C lineSize
0D locH
0E locV
0F movieRate
10 movieTime
12 puppet
13 right
14 startTime
15 stopTime
16 stretch
17 top
18 trails
19 visible
1A volume (-256 to 256, <= 0 is silent)
1B width
1D scriptNum
1E moveableSprite
20 scoreColor

The values for type are:

0 inactive
1 bitmap
2 rectangle
3 rounded rectangle
4 oval
5 line top-left to bottom-right
6 line bottom-left to top-right
7 text
8 button
9 checkbox
10 radio button
16 undetermined (try the castType of the associated cast member)
5C 07 (the exitLock) -1 +1

Pop a setting ID from the stack and push its value, using these setting IDs:

01 the beepOn
02 the buttonStyle
03 the centerStage
04 the checkBoxAccess
05 the checkBoxType
06 the colorDepth
08 the exitLock
09 the fixStageSize
13 the timeoutLapsed
17 the selEnd
18 the selStart
19 the soundEnabled
1A the soundLevel
1B the stageColor
1D the stillDown
1E the timeoutKeyDown
1F the timeoutLength
20 the timeoutMouse
21 the timeoutPlay
22 the timer
5C 08 (the number of castMembers) -1 +1

Pop a stat ID from the stack and push the stat, using these stat IDs:

01 the perFrameHook
02 number of castMembers
03 number of menus
5C 09

(the picture of cast "bob")

(the name of cast 3)

-2 +1

Pop [cast ID, property ID] from the stack and push the value of the cast property, using these property IDs:

01 name
02 text
08 picture
0A number
0B size
11 foreColor
12 backColor
5C 0C (the textSize of field 1) -2 +1

Pop [field ID, property ID] and push the value of the property for the given field according to these property IDs:

03 textStyle
04 textFont
05 textHeight
06 textAlign
07 textSize
5C 0D (the sound of cast 5) -2 +1

Pop [cast ID, property ID] and push the value of property for the given cast according to these property IDs:

0F directToStage
10 sound
5D 00 when keyDown then beep -2

Pop [statement, eventID] and set the statement (Lingo source code in a text string) to run on the given event:

01 mouseDown
02 mouseUp
03 keyDown
04 keyUp
05 timeOut
5D 03 set the enabled of menuItem 3 of menu 5 to FALSE -4 Pop [menuItem ID, menu ID, new value, property ID] and set the menu item property. See the table for code 5C 03 for menu item property IDs.
5D 04 set the volume of sound 3 to 255 -3 Pop [sound ID, new value, property ID] and set the menu item property. See the table for code 5C 04 for sound property IDs.
5D 06 set the constraint of sprite 3 to 0 -3 Pop [sprite ID, new value, property ID] and set the sprite property. See the table for code 5C 06 for sprite property IDs.
5D 07 set the exitLock to TRUE -2 Pop [new value, setting ID] and change the relevant setting. See the table for code 5C 07 for setting IDs.
5D 09 set the backColor of cast "bob" to 0 -3 Pop [cast ID, new value, property ID] and set the cast property. See the table for code 5C 09 for cast property IDs.
5D 0C set the textAlign of field 3 to "right" -3 Pop [field ID, new value, property ID] and set the field property. See the table for code 5C 0C for cast property IDs.
5D 0D set the sound of cast 3 to TRUE -3 Pop [cast ID, new value, property ID] and set the cast property. See the table for code 5C 0D for cast property IDs.
5E XX
5F XX (the someProperty) +1 Push the value of the contextual property with the name at namelist[XX].
60 XX set the someProperty to 0 -1 Pop a value and use it to set the contextual property with the name at namelist[XX].
61 XX (the someProperty of someVariable) -1 +1 Pop a property-owning object from the stack, and push the value of this object's property with the name at namelist[XX].
62 XX set the someProperty of someVariable to 1 -2 Pop [property-owning object, new value] from the stack and set the property of the object with the name at namelist[XX].
63 XX tell someObject to go to frame 1 -1 Remote call: Similar to 57 XX except runs in the context of a tell ... to block.
64 XX +1

Push a copy of a value already on the stack, relative to the top where 00 is the top slot, 01 is one slot beneath the top, etc.

This is used by the compiler when generating bytecode for the repeat with i in list block, to keep state in the loop without allocating new local variables.

65 XX -XX

Pop and discard XX values from the top of the stack.

This is used in the bytecode generated for a repeat with i in list block, to clean up at the end.

66 XX (the pathName) -1 +1 Pop an empty list and push the value of a read-only property named at namelist[XX].

Three Byte Instructions

81 XX YY 128 .. 32767   +1 Push the integer ((XX * 0x100) + YY). Larger integers and floats are pushed using constants.
82 XX YY someFunc 1, 2, 3, (...) 254, 255, 256, 257 -((XX * 0x100) + YY) +1 Pop ((XX * 0x100) + YY) values from the stack and push a no-return-value argument list object containing these values. Similar to code 42 XX, only necessary when there are more than 255 arguments in the list.
83 XX YY [1, 2, 3, (...) 254, 255, 256, 257] -((XX * 0x100) + YY) +1 Pop ((XX * 0x100) + YY) values from the stack and push a list object containing these values. Similar to code 43 XX, only necessary when there are more than 255 items in the list.
84 XX YY "literal" +1 Like code 44 XX, except for use with larger index: (XX * 0x100) + YY.
89 XX YY (global) +1 Like code 49 XX, except for use with larger index: (XX * 0x100) + YY.
8F XX YY set someGlobal = 0 -1 Like code 4F XX, except for use with larger index: (XX * 0x100) + YY.
90 XX YY set the someProperty = 0 -1 Like code 50 XX, except for use with larger index: (XX * 0x100) + YY.
93 XX YY

else

exit repeat

next repeat

Unconditional jump: Advance by ((XX * 0x100) + YY) bytes, relative to the first byte of this instruction (i.e. it may be 3 more than you are expecting)

(next repeat jumps forward to end repeat instead of jumping back itself)

95 XX YY

if somethingIsTrue then

repeat while somethingIsTrue

-1 Conditional jump: Pop a value, and if it is logically FALSE, advance by ((XX * 0x100) + YY) bytes, relative to the first byte of this instruction
a0 XX YY

set the someProperty =

- 1 Like code 50 XX or 60 XX, except for use with larger index: (XX * 0x100) + YY.
a1 XX YY

(the someProperty of someVariable)

- 1 + 1 Like code 51 XX or 61 XX, except for use with larger index: (XX * 0x100) + YY.
a2 XX YY

set the someProperty of someVariable to value

- 2 + 1 Like code 52 XX or 62 XX, except for use with larger index: (XX * 0x100) + YY.
a6 XX YY

the shiftDown

- 1 +1 or 0 Like code 66 XX, except for use with larger index: (XX * 0x100) + YY.

Syntactic Sugar

Some functions get special syntax when written out in source code, but under the hood, the compiler just transforms it into more regular syntax. Here is a mapping that shows the equivalent in plain, generalized Lingo that gets used for the bytecode.

Specialized Syntax Generalized Syntax
play frame 10 of movie "theMovie" play 10, "theMovie"
play frame 10 play 10
play movie "theMovie" play 1, "theMovie"
play done play
repeat with i = 15 to 20
  ...

end repeat
set i = 15
repeat while i <= 20
  ...
  set i = i + 1
end repeat
repeat with i = 15 down to 10
  ...

end repeat
set i = 15
repeat while i >= 10
  ...
  set i = i - 1
end repeat
sound playFile 1, "Thunder" sound #playFile, 1, "Thunder"
sound fadeIn 5 sound #fadeIn, 5
sound fadeIn 5, 10 sound #fadeIn, 5, 10
sound fadeOut 5 sound #fadeOut, 5
sound fadeOut 5, 10 sound #fadeOut, 5, 10
sound stop 1 sound #stop, 1
sound close 1 sound #close, 1
go to frame 10

go frame 10

go to 10

go 10
go to movie "theMovie"

go movie "theMovie"

go 1, "theMovie"
go to frame 10 of movie "theMovie"

go frame 10 of movie "theMovie"

go to 10 of movie "theMovie"

go 10 of movie "theMovie"

go 10, "theMovie"
go loop go #loop
go next go #next
go previous go #previous
open "document" with "application" open "document", "application"
set obj = GetObject()
obj(mSomeMethod, 1, 2, 3)
set obj = GetObject()
obj(#mSomeMethod, 1, 2, 3)

Lscr bytecode-container chunk layout

Header

...
$0040-$0041 uint16 Offset to the function records block
...
$004E-$004F uint16 Number of constants
...
$0048-$0049 uint16 Number of function records
...
$0052-$0053 uint16 Offset to the constant records block
...
$005A-$005B uint16 Base address for constant data

Function Record

Each function record is 42 bytes long.

$0000-$0001 uint16 Namelist index for the function's name, or 0xFFFF if there is no name(?)
$0002-$0003 uint16 Unknown
$0004-$0007 uint32 Length of the function bytecode in bytes
$0008-$000B uint32 Offset to the function bytecode
$000C-$000D uint16 Number of arguments
$000E-$0011 uint32 Unknown
$0012-$0013 uint16 Number of local variables
$0014-$0017 uint32 Unknown
$0018-$0019 uint16 Count (C)
$001A-$001D uint32 Unknown
$001E-$0021 uint32 Unknown
$0022-$0023 uint16 Unknown
$0024-$0025 uint16 Count (D)
$0026-$0029 uint32 Unknown

Bytecode Trailer

After the bytecode section for a function (determined using the offset and length fields from the function record), and then after an additional padding byte if there are an odd number of bytes in the bytecode, are the following values:

  • For each argument: uint16 namelist index for the argument's name
  • For each local variable: uint16 namelist index for the variable's name
  • Count (C) * uint16
  • Count (D) * uint8
  • A padding byte if Count (D) is an odd number

Constants

Each constant record is six bytes long and has this format:

  • uint16: Value type ID
  • uint32: Data address, relative to the base address given in the header

In Director 5 files, eight bytes long records has been found, and has the following format:

  • uint32: Value type ID
  • uint32: Data address, relative to the base address given in the header

Here is how the value type IDs correspond to the data found at the given address:

01 Text string uint32 length (including null terminator) followed immediately by the character data
04 32-bit unsigned integer "Data address" not an address, but the value itself
09 Floating point uint32 length followed by the floating point data. In practice, the length always seems to be 10, so the number is an 80-bit extended precision number.

Projector File (Windows)

Director 3.0

At the very end of the projector executable is a 32-bit little-endian file address.

At this location is found:

  • 7 bytes: Not sure/more research needed
  • uint32: Length of the RIFF block
  • uint8: Length of the original RIFF file's name
  • ASCII: Original RIFF file's name
  • uint8: Length of the original RIFF file's parent folder
  • ASCII: Original RIFF file's parent folder
  • RIFF block

Director 4.0

At the very end of the projector executable is a 32-bit little-endian file address.

At this location is found:

  • ASCII "PJ93"
  • The file address of the main RIFF data file
  • Six further addresses for other embedded data (more research required to know more about these)

Lingo script decompile

A proof of concept of a Lingo script decompiler (still a Work In Progress) can be found in "drxtract" python script (DRI and DRX files data extractor) in GitHub (https://github.com/System25/drxtract). This scripts tries to extract images as BMP files, sound as WAV files and Lingo scripts as Lscr files.

The relationship between the file names and the cast members must be calculated with the help of the KEY file and CAS file. For example if in the KEY file we see the following line (file name, CAS index):

18.STXT, 0000000e

We will look for the CAS index (0000000e in the example) inside the CAS file. If that number is in the line 5 of the CAS file, that means that the text content of 18.STXT file is the element 5 of the casting.

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox