Quantcast

Jump to content

» «
Photo

[VC] Corona Limit

13 replies to this topic
ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#1

Posted 10 October 2013 - 06:00 PM Edited by ThirteenAG, 10 October 2013 - 06:01 PM.

I've succesfully increased the corona limit in vice city from 56 to 127, but i want to increase it even further. Here's the source code of a plugin: coronaLimit_vc.rar.
I've made a several jumps to overwrite default limit value(56), it works well at some functions, but not for CCoronas__RegisterCorona(0x542490).

I tried to change the code at 0x5425B7 with several ways, but it didn't work. So i just ended up with this:
CPatch::SetChar(0x5425B7+0x3, 127);
CPatch::SetChar(0x5425C5+0x3, 127);
 
I don't know how to change 
.text:005425B7 01C                 cmp     dx, 38h
 
and so on to make it work with the number more than 127. With 128 it's kinda works, i have one more corona but game starts to lag like hell, from 60 fps to 5-10.
 
Any advice would be appreciated.
 
CCoronas__RegisterCorona on pastebin || pseudocode

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#2

Posted 11 October 2013 - 01:08 PM Edited by Wesser, 11 October 2013 - 01:09 PM.

The source looks a bit messy. You are mixing word with dword instructions (not an issue at all for a 2-byte count) and hooking addresses which are mostly wrong (don't know if it is due to the different executables we disassembled, even though some collide perfectly). What's the reason of reserving a static memory block which won't be mostly used or useful for a puprose? You could declare char aCoronas[CORONAS_LIMIT * 0x68] if you would like to avoid defining the CCorona (sizeof = 0x68) class. Moreover, there are lots of movzx instructions, you should pay attention to them aswell.

 

The problem is caused by the two lines you posted. The cmp instructions at 0x005425B7 and 0x005425C5 test only if the first byte of the value handled by the edx register is set. You are causing an overflow. Comment such lines and uncomment the previous one and the bug should vanish.


ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#3

Posted 11 October 2013 - 03:29 PM Edited by ThirteenAG, 11 October 2013 - 03:33 PM.

Thanks for the reply, Wesser! I know code is messy, i wanted to rewrite it in a more <good> way in case the main goal would be achieved, but for now it's just a copy-paste from a different sources, nothing more(also that's why it's not on github yet).

The problem with CPatch::RedirectJump(0x5425B7, patch_5425B7)
 

void __declspec(naked)patch_5425B7()
{
	__asm
	{
cmp edx,CORONAS_LIMIT
jae loc_5425C5
cmp esi,[ecx+aCoronas_C+0xC+4+4]
jne loc_5425B3
cmp edx,CORONAS_LIMIT
jb loc_542680
cmp byte ptr [esp+0x30],0x00
jne loc_5425E3
fcompp 
fcompp 
add esp,0x10
fstp st(0)
pop ebp
pop esi
pop ebx
ret 

loc_5425C5:
		mov jmpAddress, 0x5425C5
		jmp jmpAddress
loc_5425B3:
		mov jmpAddress, 0x5425B3
		jmp jmpAddress
loc_542680:
		mov jmpAddress, 0x542680
		jmp jmpAddress
loc_5425E3:
		mov jmpAddress, 0x5425E3
		jmp jmpAddress
	}
}

is total coronas disappearance. It's not lags or anything, but there's simply no coronas in the game.
I noticed these movzx instructions too, do you think is absolutely necessary to replace them [while CCoronas__RegisterCorona issue isn't resolved]?

P.S. I guess i should mention that it works with 

cmp edx,0x38
jae loc_5425C5
cmp esi,[ecx+aCoronas_C+0xC+4+4]
jne loc_5425B3
cmp edx,0x38

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#4

Posted 11 October 2013 - 11:08 PM Edited by Wesser, 26 October 2013 - 05:32 PM.

I don't know what was going wrong, but I rewrote the code from scratch and now it is working. Take it from here (tested on gta-vc.exe v1.0 US).

//Edit: link updated.
  • ThirteenAG likes this

ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#5

Posted 12 October 2013 - 03:27 AM Edited by ThirteenAG, 12 October 2013 - 04:20 AM.

Oh, wow, thanks! I'll look into it.
 
UPD. Yeah, figured it out. My problem was in patch_5425B7(), i just copied your version to my initial code, and it works, even without some missing parts like movzx instuctions. So just to be clear, my function is posted above, what is so wrong with that? (cmp esi,[ecx+aCoronas_C+0xC+4+4] shows as aCoronas + C in Cheat Engine, and i also no idea why. Syntax?)

ural
  • ural

    Trash Humper

  • Members
  • Joined: 27 Jan 2007

#6

Posted 12 October 2013 - 06:48 AM

WOW, I tested the game with coronanolimitvc.asi and find that the problem is solved with disappearing corona (even if values ​​of the draw distance in 5000 in the section 2dfx generic.ide), I bow down before the power of yours intellect, bravo!

 

ThirteenAG and Wesser Bravo, Bravo! :inlove:

You are the best :cookie: :cookie: :cookie: :cookie: :cookie:


Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#7

Posted 12 October 2013 - 10:06 AM Edited by Wesser, 12 October 2013 - 10:07 AM.

So just to be clear, my function is posted above, what is so wrong with that? (cmp esi,[ecx+aCoronas_C+0xC+4+4] shows as aCoronas + C in Cheat Engine, and i also no idea why. Syntax?)

The VS assembly listing doesn't report any issue with the offset in that line (0x20). Indeed, aCorona_C pointer alone was enough (0x00815134 = 0x00815128 + 0x0C). Plus, the first conditional jump should point to the third check. These mistakes would have probably led to error.

 

ural, thank you. I'm glad it worked.  :^:


ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#8

Posted 12 October 2013 - 03:22 PM

Plus, the first conditional jump should point to the third check. These mistakes would have probably led to error.

Oh, shame on me, really. I'll try to do better on GTA3 version :rol:


ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#9

Posted 25 October 2013 - 07:56 PM

Gta 3 corona limit plugin source, for v1.0: http://www.sendspace.com/file/7b3auv

I thought i covered everything, but with "CORONAS_LIMIT 1024" it doesn't work, with "CORONAS_LIMIT 13024" or more it works, but eats a lot of fps.
So something is definitely wrong here, i'll try to take another look asap, but in the meantime, if someone feels helpful... :)

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#10

Posted 26 October 2013 - 09:57 AM

Gonna give it a try again, this time for III. :p


ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#11

Posted 26 October 2013 - 10:04 AM Edited by ThirteenAG, 26 October 2013 - 10:07 AM.

Gonna give it a try again, this time for III. :p

Then check this updated dllmain: http://www.sendspace.com/file/ju0a1p
I believe i've got rid of lags, but it still requires "CORONAS_LIMIT 10024" to show large amount of coronas.

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#12

Posted 26 October 2013 - 05:41 PM Edited by Wesser, 26 October 2013 - 05:43 PM.

Some parts of your source were pretty useless, so I decided to rewrite the whole code as for VC. Sadly, it is untested because I do not have III installed and I was too lazy to search for the game copy. Anyway, here you can download it. :)

ThirteenAG
  • ThirteenAG

    Gangsta

  • Feroci
  • Joined: 29 Dec 2008
  • None
  • Contribution Award [Mods]

#13

Posted 26 October 2013 - 08:41 PM

Thanks, crashes as is, but nothing i can't fix. Final code is here.
Also had to disable CPatch::RedirectJump(0x4FA03B, patch_4FA03B); because seems like code is correct, but it crashes with it anyway.
Btw, you're patching code at 0x4F9C50, how did you figured it needs to be patched?

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci
  • Joined: 19 Aug 2006
  • Unknown
  • Contribution Award [Mods]

#14

Posted 27 October 2013 - 05:04 PM

Thanks, crashes as is... Also had to disable CPatch::RedirectJump(0x4FA03B, patch_4FA03B); because seems like code is correct, but it crashes with it anyway.

Yes, I forgot to nop some bytes to align the movzx instruction to mov and patching few addresses in CCoronas::Init(). Redownload. :)
 

Btw, you're patching code at 0x4F9C50, how did you figured it needs to be patched?

Nothing special. Once I found the cmp instruction I needed to patch in the same routine I scrolled up and down to find all other dependencies of esp.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users