Patrick Hulin used LLM-driven static and dynamic analysis to reverse engineer SimTower into a playable multiplayer clone at towers.world.
Key Takeaways
Static analysis via reaper (a Ghidra-connected coding agent) failed to produce a clean-room spec; LLMs made premature conclusions, used vague naming, and lost detail as context compacted.
The breakthrough was building a Unicorn emulator with Claude Code mocking all 195 Windows 3.1 API calls in ~30 minutes, enabling ground-truth state traces.
State-trace diffing let Claude Code autonomously hill-climb toward behavioral parity, including RNG ordering and slab-allocator sim iteration matching.
Longest autonomous Claude Code run: 8 hours, zero prompts, 5 parity bugs fixed and committed.
Key pattern: high-level coordination thread plus low-level subagents; closed-loop dynamic verification beats open-ended “make it better” prompting.
