techtree.tec - TalShiar operatives report successful mission

[Flocke]

Who said it was bought...

*fib*

For example make a text search for "tech". That will show you every occurence of the plaintext "tech" within the source. No matter if comment or a stored db value like a failure message.
I get alot occurences by this and with some luck and understanding of asm *cough*, one will get you to the right procedure.

Edit: setting a break point and trying to debug would help alot, cause in case it's the right procedure, game will halt on turn progress / research...

[Tethys]

Ah ok i understand now... I didnt even think to do that... so there should be more instances of "tech" in asm language then in regular Hex analysis then?

[Flocke]

sub_454F0C (0x5430C) looks promising.
With it the technology pictures are getting accessed. It's the only one reading them in the whole source.
And there are only 3 cross references to that subroutine.
One should be for watching the research view, but one also should be on turn progress when a new break through has been made. The third one.. well, I dunno. If I'd also count technology screen and object database, we'd have 4!
Or is there a second picture available in a different size maybe...

cross references are at:
asm454E65 (0x54265)
asm4640AC (0x634AC)
asm46414A (0x6354A)

setting a break point and debugging, or replacing a cross reference call by nops and checking where botf crashes should tell you more about and get you to the right one.
But it doesn't have to be one of the three subroutines calling sub_454F0C. It might be some more levels up or even a dynamic variable being set previously in another subroutine and accessed lateron for determining the pictures. However, that's the most promising place I've found for testing.

Go on!

Edit: Damn, of course there are three different sizes of images available! Ok, which size we need? I think it was the big one, than it should still be the right subroutine, just dunno why it's getting accessed a third time.

[Tethys]

Any idea how many bytes for each entry, or should i start with 2 bits at a time?

EDIT: Possibly the third time could be for minor races Evolution Level

[Flocke]

within ida, just select the subroutine call, then swap to the hex view, there you can see which bytes to replace. (if hex view is not in sync, click right and sync with asm view). The three call commands mentioned are all five bytes long.

I doubt accessing the pictures has anything to do with minors.

[Tethys]

Just got a BSOD... oh the joy of Microsoft crapware...

Anyway, since I was hexing trek.exe during BSOD, entire instance of BotF has been compromised and requires a complete reinstall (yes i tried restoring backup, crashlog said something about dounzip.c blah blah /Stbof.res ) Thanks Microshit!!

Anyway well there is 3 different sized images for the Techs, one set goes in Management, Tech Field Database, and Object Database (across the bottom)

2m7clfc.png (556.01 KiB) Viewed 4715 times

[Flocke]

Just got a BSOD... oh the joy of Microsoft crapware...

damn

Well, I've tested myself, replacing the first one by nops causes a crash on research breakthrough. That's what we've looked for. And it doesn't seem to have any other effects. Replacing the other two by nops doesn't seem to have any effect at all.
Research screen, technology listing and object database must have their own way to access the pictures.

So in conclusion, sub_454E50 (calling sub_454F0C) is responsible for the research breakthrough popup window. And that obviously is dependant on the actual research breakthrough triggering the window during turn progress.
I've to stop here now, but hope it helps further analysis and I might try another day...

good luck

Edit: another thing I've noticed, although it crashed, turn was still progressed and research got increased cause on continue it loaded the turn after with new technology level.

[Tethys]

Awesome! Ill test this as well thanks

[Flocke]

Yeah, but as I just wanted to add, research still progressed, so triggering the window must be temporarily saved on turn progress, or at least the window gets shown after new auto.sav was stored.

[Tethys]

{If you take a look at loc_454F40 this is the event we want to be able to *stop* from happening, or at least postpone it to a later level...

I also think that loc_454FAE might have something to do with it as well, since it is a comparable jumptable used in the above loc (maybe these control the actual implementation of the tech/release of tech requirement for new ship/building). It jumps to sub_48B2E0 which looks like tech levels for major races, but not sure?}

EDIT: my brain hurts and i have to potty... worst combination... ill be going to sleep now, maybe ill have a nice nightmare about all this coding stuff...

EDIT 2: scratch all that, what i meant to say is we need to find out how to disable the limit check for Tech fields with more than 11 Levels (0-10)

[Flocke]

lol, have a nice dream!
Just figured out, replacing the call to sub_454E50 at asm44CE1C (0x4C21C) by nops prevents the research breakthrough window to pop up - no crashes. Research still progresses, but silently.

Edit: sub_454F6C is used in several locations and I've to agree that it looks very similar to sub_454F0C, but I dunno what it's for.
Where you got that sub_48B2E0 has to do with major tech levels I don't see at all. At least it seems like it has to do with research in some way ...but might be an impasse.

[Tethys]

That is interesting to know, so that means that somewhere close by there must be a limiting call for levels above 10 which can be *nopped* up

I suppose this is in good hands now that you are here, in my hands who knows what i might mess up lol!

EDIT: This is the time when we need SCT to pop in and say that he's solved this riddle

sub_454F6C is used in several locations and I've to agree that it looks very similar to sub_454F0C, but I dunno what it's for.

Im guessing being so close to the Tech images, if it looks like a duck, walks like a duck, and quacks... its probably a goose?...
Suppose what I mean is it looks alot like the loading of the Images, so it could quite possibly be the actual tech levels loaded after breakthrough...

[Flocke]

I'd better wish for a code master, they're much more practiced in that and I'm short in time.

Edit: I belive the subroutine you mentioned is for loading the tech level text descriptions, therefore the lexicon comment,...

[Spocks-cuddly-tribble]

ATM I don't have the time to read (i.e. check figures) all new posts, but here are some values I forgot to add to my list (the three in the mid-position are most important):

Code: Select all

452DA7   BA 0A 00 00 00   mov  edx, 0Ah
4532E7   BA 0A 00 00 00   mov  edx, 0Ah

4535E7   83 FA 0B         cmp  edx, 0Bh
4D2A17   66 83 FA 0A      cmp  dx, 0Ah
4D6378   80 FB 0B         cmp  bl, 0Bh 

at 7th tech field (there are still much more)
4D6E39   80 FB 06         cmp  bl, 6  ships
4D6FB8   80 FB 06         cmp  bl, 6  buildings

[Tethys]

SCT YOUR A GENIUS!!!!

Here is what I did! :

Code: Select all

4535E7   83 FA 0B
4D2A17   66 83 FA 0A
4D6378   80 FB 0B

replaced with

Code: Select all

4535E7   83 FA 0C
4D2A17   66 83 FA 0B 
4D6378   80 FB 0C  

AND AT:

Code: Select all

0x23816   66 83 FA 0B
0x5202A   66 83 FE 0B
0x52bce   80 FB 0B
0x52dbf   80 FB 0B

TO

Code: Select all

0x23816   66 83 FA 0C
0x5202A   66 83 FE 0C
0x52bce   80 FB 0C
0x52dbf   80 FB 0C

For testing purposes this is what I got when I looked at tech requirements!!

5yylqp.png (523.56 KiB) Viewed 4714 times

TYTYTY SCT your the man!!!!!!

EDIT: Should be noted that I only incresed the displayable Tech 11 level using code 0C to replace 0B, but higher value is needed to get another Tech level

One downfall however, is that the subsequent Tech 0 techs are intertwined with the previous Tech category, see below:

166zyaq.png (519.57 KiB) Viewed 4714 times