Disabling the ship scrapping exploit

Disabling the ship scrapping exploit; support/discussion/questions

Moderator: thunderchero

Post Reply
User avatar
DCER
Code Master
Code Master
Posts: 683
Joined: Sat Apr 26, 2008 2:00 am

Disabling the ship scrapping exploit

Post by DCER » Thu Oct 30, 2008 10:32 am

In vanilla if you build ships then scrap them you'll get more credits than if you leave the system idle as you get back the full cost of the ship produced in credits.

Gowron fixed this by letting the systems produce the same amount of credits when idle as with scrapping. That's probably the best way to go about it, but here's an alternative.

After this change you won't get any credits for the scrapped ship.

In trek.exe at 0x68837 replace 01 07 with 90 90

User avatar
DCER
Code Master
Code Master
Posts: 683
Joined: Sat Apr 26, 2008 2:00 am

Post by DCER » Fri Oct 31, 2008 10:16 am

Spocks-cuddly-tribble wrote:Thanks DCER, I've always wanted to do that.:)

Looking at your recent topics, it seems Father Christmas comes this year a bit sooner to AFC.:D

And same question as Darth_Windu:
Is there any possibility to implement a multiplier for the amount of credits (i.e. as a percentage adjusting)?
I'm just an elf. Father Christmas just gave us version 1.0.3 :D

I'll see if I can add a multiplier.

User avatar
Gowron
Code Master
Code Master
Posts: 304
Joined: Sat Apr 26, 2008 2:00 am
Location: 50° N, 11° E

Halving the revenue

Post by Gowron » Sat Nov 01, 2008 10:35 am

Great discovery, DCER, as now we can handle the scrapping issue directly :)
How on earth did you manage to find that statement? ^^
Darth_Windu wrote:Isn't it possible to just, say, halve the ship value in credits that you get back?
I guess we're lucky this time. Halving an integer value is something that can be done very easily in assembler, and there are some unused bytes after the subroutine which contains the code that needs to be changed. Using these bytes, we can actually insert new code there :)

The new code to be inserted is

Code: Select all

40    // inc eax
D1E8  // shr eax, 1
The first statement increases the ship value by one credit, and the second statement divides it by 2, rounding down. Put together, this means that the ship cost is halved and rounded UP.

(if you want it to be rounded down instead, just replace the "40" by a "90")

Of course, inserting new code into a subtoutine moves the following part of that subroutine to a different offset, and that means that all code references pointing to or from that area need to be updated correspondingly, else they'd become invalid (read: "crash to desktop" ;)).


So here's what to do:

Step 1: Inserting the New Code

Open trek.exe, copy the area at position 0x68837 through 0x68866 (48 bytes in total) and paste it at position 0x6883A through 0x68869.
Then, go to position 0x68837 again and change

Code: Select all

01 07 46
to

Code: Select all

40 D1 E8

Step 2: Fixing the References

Don't do this before Step 1!!
At position 0x687F2, change

Code: Select all

7E 50
to

Code: Select all

7E 53
At position 0x68835, change

Code: Select all

74 02
to

Code: Select all

74 05
At position 0x68845, change

Code: Select all

7C B2
to

Code: Select all

7C AF
At position 0x68850, change

Code: Select all

E8 72 E2 FE FF
to

Code: Select all

E8 6F E2 FE FF
At position 0x68859, change

Code: Select all

E8 65 00 FE FF
to

Code: Select all

E8 62 00 FE FF
A discovery consists in seeing something everybody has seen and at the same time thinking something nobody has thought yet.

User avatar
Martok
Rear-Admiral
Rear-Admiral
Posts: 1137
Joined: Thu May 01, 2008 2:00 am

Post by Martok » Sat Nov 01, 2008 1:13 pm

Out of curiosity Gowron, will you be adding in this change/fix in the next update for BOP (whenever that is)? And maybe DCER's fix for the building upgrade as well? Pretty please? :D
"Evil is easy, and has infinite forms." -- Pascal

User avatar
Gowron
Code Master
Code Master
Posts: 304
Joined: Sat Apr 26, 2008 2:00 am
Location: 50° N, 11° E

Post by Gowron » Sat Nov 01, 2008 1:54 pm

Martok wrote:Out of curiosity Gowron, will you be adding in this change/fix in the next update for BOP (whenever that is)?
You bet :)
That scrapping exploit has always been hurting gameplay.
Martok wrote:And maybe DCER's fix for the building upgrade as well? Pretty please? :D
I don't think the upgrade fix is needed for BoP, since even the highest possible upgrade cost (last Cardassian factory upgrade, 705 credits) is still so low that you'd need more than 90 of those buildings to actually invoke that bug ;)
A discovery consists in seeing something everybody has seen and at the same time thinking something nobody has thought yet.

User avatar
DCER
Code Master
Code Master
Posts: 683
Joined: Sat Apr 26, 2008 2:00 am

Post by DCER » Sun Nov 02, 2008 6:02 am

Good work, Gowron!

Take a few steps back to the functions calling this one. At 0x6AC00 you'll find the full military turn processing there including battles, ship movement, repair... interesting stuff. :) and another step back at 0x57660 is the function processing the game turn including economy, diplomacy... It'd take a lot of testing how stuff works, but it's there for the taking.

User avatar
Tethys
Past Administrator
Past Administrator
Posts: 2065
Joined: Fri Jul 18, 2008 2:00 am
Location: Your mom's bed ;)
Contact:

Post by Tethys » Wed May 05, 2010 8:45 pm

I really hate to revive an old thread, but how would I go about making say a 20% return on scrapped ships. This to me seems most realistic since 1) its a used ship and 2) some materials off it might not be salvageable (such as dilithium matrix, nacelle coils, or certain parts of the class-specific framework.)

Spocks-cuddly-tribble wrote:At 0x68837 (above modification by Gowron)

you can use this:

Code: Select all

C1E8 XX        SHR EAX, X
= Shipcost / [2^X] (rounded down)

so X=2 -> Shipcost/4 or 25%

An integer division is possible, but more work.

User avatar
Spocks-cuddly-tribble
Code Master
Code Master
Posts: 723
Joined: Sun Apr 27, 2008 2:00 am

Post by Spocks-cuddly-tribble » Fri Mar 18, 2011 12:22 pm

I had a hasty glance at sub_469370 and it turns out that, indeed, they managed to produce a half dozen of more or less capital bugs into this small piece of code.


For reference, thanks to OllyDbg, here is how the consistent code should look like:

Code: Select all

trek.exe at 0x68794
replace: (44 bytes)
89 94 24 24 01 00 00 83 F8 FF 74 4B 69 C0 28 03 00 00 8B 15 C8 36 5A 00 8A 54 02 4C 31 C0 81 E2 FF 00 00 00 66 8B 45 34 39 C2 75 2B
with:
83 F8 FF 74 1F 69 C8 28 03 00 00 03 0D C8 36 5A 00 8A 51 4C 3A 55 34 0F 85 93 00 00 00 E8 8A B9 FD FF 85 C0 0F 84 86 00 00 00 8B C2

at 0x68802  change  C1 31 C0  ->  08 8B C8

AND at 0x68812
replace: (50 bytes)
89 C2 8B 8C 24 A8 00 00 00 C1 FA 1F F7 F9 31 D2 66 8B 94 24 1C 01 00 00 0F AF C2 83 BC 24 24 01 00 00 00 74 02 01 07 46 8B 45 04 83 C3 04 39 C6 7C B2
with:
3B 84 24 A8 00 00 00 75 0A 0F B7 94 24 1C 01 00 00 01 11 8B C1 8B 09 46 83 C3 04 3B 75 04 7C C4 DB 00 D9 FA E8 99 42 0B 00 DB 18 8B 00 01 07 90 90 90


469394     83F8 FF         CMP EAX,-1  // if no star system...
469397     74 1F           JE SHORT 4693B8  // ...goto exit
469399     69C8 28030000   IMUL ECX, EAX, 328  // system ID entry for...
46939F     030D C8365A00   ADD ECX, [5A36C8]  // systInfo
4693A5     8A51 4C         MOV DL, [ECX+4C]  // system owner
4693A8     3A55 34         CMP DL, [EBP+34]  // TaskForce owner
4693AB     0F85 93000000   JNZ 469444  // goto exit if not equal
4693B1     E8 8AB9FDFF     CALL 444D40  // shipyard check
4693B6     85C0            TEST EAX,EAX  // if none...
4693B8     0F84 86000000   JE 469444  // ... goto exit
4693BE     8BC2            MOV EAX,EDX  // race ID

469401     8908               MOV [EAX], ECX  // temp store TaskForce cost
469403     8BC8               MOV ECX, EAX  // GShipList

469412     3B8424 A8000000    CMP EAX, [ESP+A8]  // if damaged...
469419     75 0A              JNZ SHORT 469425 // ...no credits
46941B     0FB79424 1C010000  MOVZX EDX, WORD [ESP+11C] // shiplist.sst cost
469423     0111               ADD [ECX], EDX  // add to TaskForce cost
469425     8BC1               MOV EAX, ECX  // temp store at [eax]
469427     8B09               MOV ECX, [ECX]  // write to ecx
469429     46                 INC ESI  // check next ship in TaskForce
46942A     83C3 04            ADD EBX, 4
46942D     3B75 04            CMP ESI, [EBP+4]
469430    ^7C C4              JL SHORT 4693F6  // loop for next ship
469432     DB00               FILD DWORD DS:[EAX]  // TaskForce cost to FPU
469434     D9FA               FSQRT  //  square root
469436     E8 99420B00        CALL 51D6D4  // round down float
46943B     DB18               FISTP DWORD DS:[EAX]  // store as integer at [eax]
46943D     8B00               MOV EAX, [EAX] // write to eax
46943F     0107               ADD [EDI], EAX  // add to empire credits
469441-469443   909090        NOP
ASM statements 469432-469443 can be replaced with any desired revenue ratio.

Note the cumulated build cost of the task force (stored in ecx & at [eax]) is increased by the value at 0x687D5 (default 1).
On the verge of a nervous breakdown? Try the relaxing tribble sounds.

Post Reply

Return to “Disabling the ship scrapping exploit”

Who is online

Users browsing this forum: No registered users