Disabling the ship scrapping exploit
Moderator: thunderchero
-
- Code Master
- Posts: 683
- Joined: Sat Apr 26, 2008 2:00 am
Disabling the ship scrapping exploit
In vanilla if you build ships then scrap them you'll get more credits than if you leave the system idle as you get back the full cost of the ship produced in credits.
Gowron fixed this by letting the systems produce the same amount of credits when idle as with scrapping. That's probably the best way to go about it, but here's an alternative.
After this change you won't get any credits for the scrapped ship.
In trek.exe at 0x68837 replace 01 07 with 90 90
Gowron fixed this by letting the systems produce the same amount of credits when idle as with scrapping. That's probably the best way to go about it, but here's an alternative.
After this change you won't get any credits for the scrapped ship.
In trek.exe at 0x68837 replace 01 07 with 90 90
-
- Code Master
- Posts: 683
- Joined: Sat Apr 26, 2008 2:00 am
I'm just an elf. Father Christmas just gave us version 1.0.3Spocks-cuddly-tribble wrote:Thanks DCER, I've always wanted to do that.
Looking at your recent topics, it seems Father Christmas comes this year a bit sooner to AFC.
And same question as Darth_Windu:
Is there any possibility to implement a multiplier for the amount of credits (i.e. as a percentage adjusting)?
I'll see if I can add a multiplier.
-
- Code Master
- Posts: 304
- Joined: Sat Apr 26, 2008 2:00 am
- Location: 50° N, 11° E
Halving the revenue
Great discovery, DCER, as now we can handle the scrapping issue directly
How on earth did you manage to find that statement? ^^
The new code to be inserted is
The first statement increases the ship value by one credit, and the second statement divides it by 2, rounding down. Put together, this means that the ship cost is halved and rounded UP.
(if you want it to be rounded down instead, just replace the "40" by a "90")
Of course, inserting new code into a subtoutine moves the following part of that subroutine to a different offset, and that means that all code references pointing to or from that area need to be updated correspondingly, else they'd become invalid (read: "crash to desktop" ).
So here's what to do:
Step 1: Inserting the New Code
Open trek.exe, copy the area at position 0x68837 through 0x68866 (48 bytes in total) and paste it at position 0x6883A through 0x68869.
Then, go to position 0x68837 again and change to
Step 2: Fixing the References
Don't do this before Step 1!!
At position 0x687F2, change to
At position 0x68835, change
to
At position 0x68845, change
to
At position 0x68850, change
to
At position 0x68859, change
to
How on earth did you manage to find that statement? ^^
I guess we're lucky this time. Halving an integer value is something that can be done very easily in assembler, and there are some unused bytes after the subroutine which contains the code that needs to be changed. Using these bytes, we can actually insert new code thereDarth_Windu wrote:Isn't it possible to just, say, halve the ship value in credits that you get back?
The new code to be inserted is
Code: Select all
40 // inc eax
D1E8 // shr eax, 1
(if you want it to be rounded down instead, just replace the "40" by a "90")
Of course, inserting new code into a subtoutine moves the following part of that subroutine to a different offset, and that means that all code references pointing to or from that area need to be updated correspondingly, else they'd become invalid (read: "crash to desktop" ).
So here's what to do:
Step 1: Inserting the New Code
Open trek.exe, copy the area at position 0x68837 through 0x68866 (48 bytes in total) and paste it at position 0x6883A through 0x68869.
Then, go to position 0x68837 again and change
Code: Select all
01 07 46
Code: Select all
40 D1 E8
Step 2: Fixing the References
Don't do this before Step 1!!
At position 0x687F2, change
Code: Select all
7E 50
Code: Select all
7E 53
Code: Select all
74 02
Code: Select all
74 05
Code: Select all
7C B2
Code: Select all
7C AF
Code: Select all
E8 72 E2 FE FF
Code: Select all
E8 6F E2 FE FF
Code: Select all
E8 65 00 FE FF
Code: Select all
E8 62 00 FE FF
A discovery consists in seeing something everybody has seen and at the same time thinking something nobody has thought yet.
-
- Rear-Admiral
- Posts: 1210
- Joined: Thu May 01, 2008 2:00 am
-
- Code Master
- Posts: 304
- Joined: Sat Apr 26, 2008 2:00 am
- Location: 50° N, 11° E
You betMartok wrote:Out of curiosity Gowron, will you be adding in this change/fix in the next update for BOP (whenever that is)?
That scrapping exploit has always been hurting gameplay.
I don't think the upgrade fix is needed for BoP, since even the highest possible upgrade cost (last Cardassian factory upgrade, 705 credits) is still so low that you'd need more than 90 of those buildings to actually invoke that bugMartok wrote:And maybe DCER's fix for the building upgrade as well? Pretty please?
A discovery consists in seeing something everybody has seen and at the same time thinking something nobody has thought yet.
-
- Code Master
- Posts: 683
- Joined: Sat Apr 26, 2008 2:00 am
Good work, Gowron!
Take a few steps back to the functions calling this one. At 0x6AC00 you'll find the full military turn processing there including battles, ship movement, repair... interesting stuff. and another step back at 0x57660 is the function processing the game turn including economy, diplomacy... It'd take a lot of testing how stuff works, but it's there for the taking.
Take a few steps back to the functions calling this one. At 0x6AC00 you'll find the full military turn processing there including battles, ship movement, repair... interesting stuff. and another step back at 0x57660 is the function processing the game turn including economy, diplomacy... It'd take a lot of testing how stuff works, but it's there for the taking.
-
- Past Administrator
- Posts: 2404
- Joined: Fri Jul 18, 2008 2:00 am
- Location: Your mom's bed ;)
I really hate to revive an old thread, but how would I go about making say a 20% return on scrapped ships. This to me seems most realistic since 1) its a used ship and 2) some materials off it might not be salvageable (such as dilithium matrix, nacelle coils, or certain parts of the class-specific framework.)
Spocks-cuddly-tribble wrote:At 0x68837 (above modification by Gowron)
you can use this:= Shipcost / [2^X] (rounded down)Code: Select all
C1E8 XX SHR EAX, X
so X=2 -> Shipcost/4 or 25%
An integer division is possible, but more work.
-
- Code Master
- Posts: 1962
- Joined: Sun Apr 27, 2008 2:00 am
Ship scrapping revenue set to square root: (= buildings & trade goods)
I had a hasty glance at sub_469370 and it turns out that, indeed, they managed to produce a half dozen of more or less capital bugs into this small piece of code.
For reference, thanks to OllyDbg, here is how the consistent code should look like:
ASM statements 469432-469443 can be replaced with any desired revenue ratio.
Note the cumulated build cost of the task force (stored in ecx & at [eax]) is increased by the value at 0x687D5 (default 1).
For reference, thanks to OllyDbg, here is how the consistent code should look like:
Code: Select all
trek.exe at 0x68794
replace: (44 bytes)
89 94 24 24 01 00 00 83 F8 FF 74 4B 69 C0 28 03 00 00 8B 15 C8 36 5A 00 8A 54 02 4C 31 C0 81 E2 FF 00 00 00 66 8B 45 34 39 C2 75 2B
with:
83 F8 FF 74 1F 69 C8 28 03 00 00 03 0D C8 36 5A 00 8A 51 4C 3A 55 34 0F 85 93 00 00 00 E8 8A B9 FD FF 85 C0 0F 84 86 00 00 00 8B C2
at 0x68802 change C1 31 C0 -> 08 8B C8
AND at 0x68812
replace: (50 bytes)
89 C2 8B 8C 24 A8 00 00 00 C1 FA 1F F7 F9 31 D2 66 8B 94 24 1C 01 00 00 0F AF C2 83 BC 24 24 01 00 00 00 74 02 01 07 46 8B 45 04 83 C3 04 39 C6 7C B2
with:
3B 84 24 A8 00 00 00 75 0A 0F B7 94 24 1C 01 00 00 01 11 8B C1 8B 09 46 83 C3 04 3B 75 04 7C C4 DB 00 D9 FA E8 99 42 0B 00 DB 18 8B 00 01 07 90 90 90
469394 83F8 FF CMP EAX,-1 // if no star system...
469397 74 1F JE SHORT 4693B8 // ...goto exit
469399 69C8 28030000 IMUL ECX, EAX, 328 // system ID entry for...
46939F 030D C8365A00 ADD ECX, [5A36C8] // systInfo
4693A5 8A51 4C MOV DL, [ECX+4C] // system owner
4693A8 3A55 34 CMP DL, [EBP+34] // TaskForce owner
4693AB 0F85 93000000 JNZ 469444 // goto exit if not equal
4693B1 E8 8AB9FDFF CALL 444D40 // shipyard check
4693B6 85C0 TEST EAX,EAX // if none...
4693B8 0F84 86000000 JE 469444 // ... goto exit
4693BE 8BC2 MOV EAX,EDX // race ID
469401 8908 MOV [EAX], ECX // temp store TaskForce cost
469403 8BC8 MOV ECX, EAX // GShipList
469412 3B8424 A8000000 CMP EAX, [ESP+A8] // if damaged...
469419 75 0A JNZ SHORT 469425 // ...no credits
46941B 0FB79424 1C010000 MOVZX EDX, WORD [ESP+11C] // shiplist.sst cost
469423 0111 ADD [ECX], EDX // add to TaskForce cost
469425 8BC1 MOV EAX, ECX // temp store at [eax]
469427 8B09 MOV ECX, [ECX] // write to ecx
469429 46 INC ESI // check next ship in TaskForce
46942A 83C3 04 ADD EBX, 4
46942D 3B75 04 CMP ESI, [EBP+4]
469430 ^7C C4 JL SHORT 4693F6 // loop for next ship
469432 DB00 FILD DWORD DS:[EAX] // TaskForce cost to FPU
469434 D9FA FSQRT // square root
469436 E8 99420B00 CALL 51D6D4 // round down float
46943B DB18 FISTP DWORD DS:[EAX] // store as integer at [eax]
46943D 8B00 MOV EAX, [EAX] // write to eax
46943F 0107 ADD [EDI], EAX // add to empire credits
469441-469443 909090 NOP
Note the cumulated build cost of the task force (stored in ecx & at [eax]) is increased by the value at 0x687D5 (default 1).
I don't know how many bugs is too many but that point is reached somewhere before however many in BotF is.