Ghidra is addictive. Found a good entry point for the #PocketViewer simulator and now I can't stop naming variables in the decompiler.

For those curious: plugview.plg seems to handle the screen rendering and it has a lot of public symbols and uses many known Windows APIs, so it could be a good way for me to find where VRAM resides in the emulator and maybe on the real system.
But I also rediscovered a PV blog with lots of useful utilities (like GetOS!) and even some OS patches. I already found some useful info about the memory map in the source code for GetOS2.
Still, reversing the simulator can be of some service yet! Right now I rely on some wonky AHK scripts to automate it, it would be much better to inject code directly into it with Frida, or to extract useful bits out of

@csepp I think @HalvarFlake had a presentation where he talked about hacking like an addiction where accessing more systems (and knowledge) leads you to even more systems, each giving a dopamine rush :)

@buherator Yes. :)