The solution is a bit complicated as I had to add code that checks whether the ship is unknown or not. The downside is that to get space I had to disable and overwrite 3 error checks. These are: Shipbox != Null, Widget != Null and ShipclassMem Is Null
Ok, here's the fix. The assembly instructions are from IDA 5 Pro, they are there for double checking.
before -> after
Code: Select all
1.Remove ShipBox error message
At 0x17FC28 fill with 15x 0x00
2.Disable error message at 0x13D208
75 1C -> EB 1C
jnz short loc_53DE26 -> jmp short loc_53DE26
3.Change code flow at 0xEC14A
0F 84 14 01 00 00 -> E9 BB 10 05 00 90
jz loc_4ECE64 -> jmp loc_53DE0A, nop
4.Overwrite error message at 0x13D20A
BB 24 7A 58 00 BA 47 00 00 00 B8 34 7A 58 00 E8 92 A3 FC FF 85
C0 74 04 85 C9 74 E4
->
89 2D 28 1E 58 00 0F 84 4E F0 FA FF E9 35 EF FA FF B8 71 05 00
00 E8 BB D4 F4 FF C3
mov ebx, offset aWidgetNull
mov edx, 47h
mov eax, offset aWidget_c
call sub_5081B0
test eax, eax
jz short loc_53DE26
test ecx, ecx
jz short loc_53DE0A
->
mov offsetShipboxNull, ebp ; stores whether this ship is unknown for later use
jz loc_4ECE64 ; if 0 load normal image else load ufo image
jmp loc_4ECD50
mov eax, 571
call sub_48B2E0
retn
5.Disable error message at 0x6EDD0
75 A1 -> EB 1A
jnz short loc_46F9EC -> jmp short loc_46F9EC
6.Overwrite error message at 0x6EDD2
BE 2C AD 57 00 BB EC AD 57 00 BA 2D 01 00 00 89 F0 E8 C8 87 09 00 85 C0 75 EB
->
E8 44 E4 0C 00 50 8D 44 24 04 50 E8 B7 43 0A 00 83 C4 08 E9 36 B9 07 00 90 90
mov esi, offset a____SourceG_22
mov ebx, offset aShipclassmemIs
mov edx, 12Dh
mov eax, esi
call sub_5081B0
test eax, eax
jnz short loc_46F9D7
->
call sub_53DE1B
push eax
lea eax, [esp + 04h]
push eax
call sprintf_
add esp, 8
jmp loc_4EB320
2x nop
7.Disable error message at 0xEC043
75 1C -> EB 1C
jnz short loc_4ECC61 -> jmp short loc_4ECC61
8.Overwrite error message at 0xEC045
BB 28 1E 58 00 BA 2B 03 00 00 B8 AC 1D 58 00 E8 57 B5 01 00 85 C0 74 04 85 F6 74 E4
->
83 3D 28 1E 58 00 00 0F 85 80 2D F8 FF 8B 94 24 A8 02 00 00 E9 14 E6 FF FF 90 90 90
mov ebx, ds:aShipboxNull
mov edx, 32Bh
mov eax, offset a____SourceU_71
call sub_5081B0
test eax, eax
jz short loc_4ECC61
->
cmp ds:aShipboxNull, 0
jnz loc_46F9D2
mov edx, [esp + 2A8h]
jmp loc_4EB272
3x nop
9.Change code flow at 0xEA66B
8B 94 24 A8 02 00 00 -> E9 D5 19 00 00 90 90
mov edx, [esp + 2A8h]
->
jmp loc_4ECC45
2x nop