perfect flying melee

[Alaric]

Hmmm...I wonder if this is part of what I'm looking for...

Hmm... Since the phrases used wouldn't have any meaning in machine code, it doesn't surprise me that changing them has no effect (though it wouldn't have surprised me if there had been some effect, either). Have you tried changing the part of the code just before or just after the words, where the .... show up? It strikes me that that might have some effect... On the other hand, what you found could be some sort of index or something, and for all we know may not even be implemented in the game as we have it. Have you tried searching more, to see if the same phrases appear anywhere else?

Edit: For that matter, is it possible that the game's reading the .exe from the disk or something, rather than the changed version?

[tommyboy]

Hmm... Since the phrases used wouldn't have any meaning in machine code, it doesn't surprise me that changing them has no effect (though it wouldn't have surprised me if there had been some effect, either). Have you tried changing the part of the code just before or just after the words, where the .... show up? It strikes me that that might have some effect... On the other hand, what you found could be some sort of index or something, and for all we know may not even be implemented in the game as we have it. Have you tried searching more, to see if the same phrases appear anywhere else?

Edit: For that matter, is it possible that the game's reading the .exe from the disk or something, rather than the changed version?

Yes what you say makes sense.
The bit I edited is actually not text, but rather what seems to be an array, or perhaps a list of "jump to"s that you can see above the text in my first quoted code thingy.
Those seemed to correspond to this:
[spoiler]

Code Select Expand


SSZ0081C7B4_CMeleeController:
  db 'CMeleeController',0
  Align 4
L0081C7C8:
dd L0051B040
dd L0051B0B0
dd L0051B010
dd L005DFFB0
dd L0051B120
dd L0051B4B0
dd L0051B3A0
dd L0051AF60
dd SUB_L00401000
dd L0051BDB0
dd L0040F6B0
dd L0051BA60
dd L0051AFF0
dd L0051AFC0
dd L006A1FD0
dd L0040F6B0
dd SUB_L006A1FF0
dd L0051B970
dd L0051B460
dd SUB_L00554AC0
dd SUB_L0070FDA0
dd SUB_L00482060
SSZ0081C820_melee_target_is_dead:
  db 'melee target is dead',0
  Align 4
SSZ0081C838_target_gone_invisible_or_dim_shi:
  db 'target gone invisible or dim shifted',0
  Align 4
SSZ0081C860_frozen_friend_freed:
  db 'frozen friend freed',0
SSZ0081C874_melee_attack_on_a_flying_charact:
  db 'melee attack on a flying character',0
  Align 4
SSZ0081C898_airborn_melee_attack_on_a_ground:
  db 'airborn melee attack on a grounded character',0
  Align 4
SSZ0081C8C8_melee_attack_while_flying:
  db 'melee attack while flying',0
  Align 4
SSZ0081C8E4_melee_target__s_is_out_of_2d_sce:
  db 'melee target %s is out of 2d scene extents',0
  Align 4
SSZ0081C910_Already_running_requested_melee_:
  db 'Already running requested melee attack, sinking trigger',0
SSZ0081C948_Attacking_target__s__s_:
  db 'Attacking target %s(%s)',0
SSZ0081C960_ERROR__Melee_Power__s_has_range_:
  db 'ERROR: Melee Power %s has range 0',0
  Align 4
SSZ0081C984_CMeleeController__start__:
  db 'CMeleeController::start()',0
  Align 4
SSZ0081C9A0_power_ref___is_not_valid:
  db 'power ref # is not valid',0
  Align 4
SSZ0081C9BC_closed_range__resumed_normal_att:
  db 'closed range, resumed normal attack',0
SSZ0081C9E0_target_ready_to_interogate:
  db 'target ready to interogate',0
  Align 4
SSZ0081C9FC_Melee_recharging__range_already_:
  db 'Melee recharging, range already closed',0
  Align 4
SSZ0081CA24_Waiting_for_melee_recharge__clos:
  db 'Waiting for melee recharge, closing range',0
  Align 4
SSZ0081CA50_Failed_to_reach_target:
  db 'Failed to reach target',0
  Align 4
SSZ0081CA68_Reached_target__Attacking:
  db 'Reached target, Attacking',0
  Align 4
L0081CA84:
  dd 3DCCCCCDh
[/spoiler]

(taken from a disassembly of the exe), and that seems to either point to or load values from some other subroutines elsewhere.
I'd probably get better results from editing the disassembly, but 1. I'm a newb/feeb at this, 2. It's 40Mb long, 3. I'm not entirely sure how to re-assemble it in a manner that works, 4. It's a LOT quicker and easier to edit in a hex editor than to disasemble, edit, reassemble.
I think maybe I'm not the best person to be doing this, but it's one of those "but nobody else is" deals at the moment...

EDIT: and the exe I'm hacking at is a "cracked" no-cd one as I can't be bothered swapping CDs in and out all the time. So I know IT is whats running, and not some other file on the CD.

[Lunarman]

:popcorn2

you know fiddling with the .exe is illegal, right?

let's just hope we don't get closed down...

[tommyboy]

:popcorn2

you know fiddling with the .exe is illegal, right?

Why, no, that hadn't occurred to me.
But now that you have gone to the trouble to publicly point that out, I'll stop doing it, along with stopping any meshing, skinning or Modding of any trademarked or copyrighted characters, as that too may well constitute a breach of some law or other.
Thanks so much for so usefully, and so publicly, pointing that out to me.
It's incredibly helpful that you have done so.
So that's the end of that then.
Move along people, nothing to see here anymore...

[Lunarman]

I'm sorry about that Tboy. I didn't intend to be threatening or attacking you. I hope you can forgive me  :)


Back to Flying melee!

I do think this could actually work! and be a great addition to the game at that :)

[BentonGrey]

LOL, come one guys, let's keep this friendly.  Tommy, Bearded, you have my rapt attention on this.  I imagine that the entire community is waiting with baited breath.  I'm afraid that I can barely follow your thoughts here, so I doubt I can be of much help, but just know that we're all cheering you on!

Just a random thought, you'd think that if it was a (comparatively) simple change of code to get workable flying melee Irrational would have done it for the sequel, huh?  Then again, you'd think they'd have enough sense to NOT remove functionality from the sequel by hamstringing the energy system.....but I digress.  Good luck guys!

[tommyboy]

Not to worry Lunarman, I just would prefer a heads up privately for such matters in future.

Hopefully you caught that my reply was sarcastic rather than angry, so no hard feelings?

Back on topic I just haven't the time to do much on this right now. I desperately need to finish up the first episode of the LSH Mod before i plunge into a new project. Which is not to say I wont look into it further, just that it may take a while.. 

[Epimethee]

Interesing code segments in the executable. I did mess around with that file a few times (vainly, I'm no hacker) but had never seen these. FWIW, I'm pretty certain these are error/status message fired by an event. This measn we'd need to find the event itself in the code... or how to display these messages in-game (which would be amazing, but is probably impossible since someone decided these messages shouldn't be available with the debugging commands (MLOG(), for example) available with the shipping game... :angry: )

Anybody knows a good .exe hacker? :P

[Lunarman]

I'm not sure if this is any use?
http://filext.com/info/archive/index.php/t-2269.html
It mentions some editors, specificly non-hex editors. It may help to address the problem from a different angle using these.

But then again the functionality might be the same still.

[bearded]

i've discovered in every list of special powers, like sprint, bullet, and teleport self, after the series of 0's there is a designator.  speeding bullet is '1e', energize is '1f' and so on.
i think '1e' is used as a reference for subroutines that speeding bullet would apply to.  i think by changing 1e in some circumstances would be all you would need to do to reactivate speeding bullet in flight.  still working on it.
if i'm right, and the programmers used this style of referencing, then all we have to do is find the designator for melee powers and flag it for the flying header.
i'm going to try and flag speeding bullet this way.
oh, and the reason the coders may have never included arial melee is becuase of the headache of remaking all the custom keyframes that would be necessary.

[bearded]

I have found the jump tables that reference the dialogue tables we found before.  the jump tables apparently control each function. 
I can do this.  I want some dialogue as to whether  I should.  Where does it end being an acceptable mod?  what if i created an executable that accesses the correct functions inside the fforce.exe?

[tommyboy]

The question is not whether you should but if you can and if it works should you distribute either the file or the info on what to edit.
I say prove the concept first, then discuss the ethics of distribution.

[bearded]

i got a program that locates strings and then shows you what references them.

Code Select Expand

0x2d1f1c - 36   : char[] string_1388 = melee attack on a flying character
goto block_fn_5162

block_fn_5162 has a bunch of code that it does.
i think if we redirect it to

Code Select Expand

0x2d1d8c - 24   : char[] string_1378 = Attacking target %s(%s)
0x596f6 - 0x296 block_fn_5154()

so, i think 5162 is code for 'no target available', and 5154 is code for 'targetable'.
i'll experiment some more tonight.

[crimsonquill]

I agree with Tommy.. If we are this close to figuring out how to make this huge breakthu then it should be done and celebrated before we work out the details of how it will effect modding.

- CrimsonQuill

[tommyboy]

Just a quick postscript.
I went back to working on the LSH Mod, forgetting that I'd hacked the EXE.
Then I wondered why it kept CTDing everytime there was a fight.
Evidently my removal of that code DID do something, just not what I wanted.

[Epimethee]

Code Select Expand

0x2d1f1c - 36   : char[] string_1388 = melee attack on a flying character
goto block_fn_5162

block_fn_5162 has a bunch of code that it does.
i think if we redirect it to

Code Select Expand

0x2d1d8c - 24   : char[] string_1378 = Attacking target %s(%s)
0x596f6 - 0x296 block_fn_5154()

so, i think 5162 is code for 'no target available', and 5154 is code for 'targetable'.

Looks very interesting. :)

BTW, personally, I wouldn't see any ethical (not so sure about legal) problem in hacking the .exe of a practically unsupported game if it doesn't circumvent copy protection and if the full executable is not distributed.

[BentonGrey]

I think as long as we keep this in the community, we should do it.....I don't know that my opinion counts for much, but I have to say that as long as we don't try and sell the result, I can't imagine that Irrational would be too upset with us.

By the way, Bearded, good luck!

[Lunarman]

I don't see why the full exe couldn't be distributed. It wouldn't work without all the other textures, scripts, py files and such like would it?

[bearded]

baby steps closer.  i know where the blocks of code are stored in the hex file that controls combat, i just don't know exactly what they mean.  and they are different sizes.  so changing one for the other crashes the exe.

i swear, i look at a person carrying a dog and i see the people function referencing the dog block now.  2 straight nights of this, with a few moments of playing nexus war, and i think i'm living in the matrix.

[bearded]

'nother step closer.  i have decyphered the asm (assembly?)  and know what hex each is located in.  i know basically what variables the asm is using, but i'm not sure which variables applies yet.  so, i've got the variables, i've got what asm is doing to the variables; push, pop, mov, etc. now all i have to figure out is which variable controls the melee flag, figure out which function assigns it, and then hex it.
i think it is eax and ecx.

[cripp12]

Go bearded! :thinkingidea Go Bearded!  :thinkingidea

[ow_tiobe_sb]

I don't see why the full exe couldn't be distributed. It wouldn't work without all the other textures, scripts, py files and such like would it?

Cheers, fellows!  Very interesting work here.  I just thought I might ask the following question: rather than distributing a modified version of the IG executable, would it not be better to distribute an executable patch that makes the desired revisions to the end user's copy of the FF executable?  I'm not certain about the legality of this alternative either, but distributing an executable (as opposed to an add-on or a patch) that contains at least some of IG's original programming sounds to me a bit suspect.

That is all I have to add.  Good work on this project! :)

ow_tiobe_sb
Phantom Bunburyist and The Prat in the Hat

[Alaric]

Are bearded's posts reminding anyone else earily of something out of an H. P. Lovecraft story? Y'know, the journal entries as the protagonist is slowly coming to understand things, while slowly going insane?

[Symon]

Very interesting. Though my first thought is that collection of strings you've found there are messages referenced by other parts of the code.

[bearded]

Very interesting. Though my first thought is that collection of strings you've found there are messages referenced by other parts of the code.

exactly so.  it's the other parts of the code i'm digging in now.  the only clues i have are the strings, because there is no commentary at all.  the strings led me to the blocks of code that deal with everything dealing with melee.

Are bearded's posts reminding anyone else earily of something out of an H. P. Lovecraft story? Y'know, the journal entries as the protagonist is slowly coming to understand things, while slowly going insane?

exactly so.  I swear, Irrational must have hired 1000 monkeys at 1000 keyboards to do this code.  it's like each function is totally arranged differently from each other.

would it not be better to distribute an executable patch that makes the desired revisions to the end user's

i had a thought, that if i could discover exactly what variables needed exactly what flag, i could make a call to them externally.  sort of the way mods supercede base data.  it's not likely, as they are 'hard coded', but i'll try.
i feel like i'm very close, but i might not be able to work on it for a couple of days.  it's time to reference my birthday function, under the header 'out all night', with if drinking => tolerance then goto directory sick all next day.

[Symon]

I put my programmer head on (neither assembly nor machine code sadly) and looked at this bit some more:-

Code Select Expand


SSZ0081C820_melee_target_is_dead:
  db 'melee target is dead',0
  Align 4
SSZ0081C838_target_gone_invisible_or_dim_shi:
  db 'target gone invisible or dim shifted',0
  Align 4
SSZ0081C860_frozen_friend_freed:
  db 'frozen friend freed',0
SSZ0081C874_melee_attack_on_a_flying_charact:
  db 'melee attack on a flying character',0
  Align 4
SSZ0081C898_airborn_melee_attack_on_a_ground:
  db 'airborn melee attack on a grounded character',0
  Align 4
SSZ0081C8C8_melee_attack_while_flying:
  db 'melee attack while flying',0
  Align 4
SSZ0081C8E4_melee_target__s_is_out_of_2d_sce:
  db 'melee target %s is out of 2d scene extents',0
  Align 4
SSZ0081C910_Already_running_requested_melee_:
  db 'Already running requested melee attack, sinking trigger',0
SSZ0081C948_Attacking_target__s__s_:
  db 'Attacking target %s(%s)',0
SSZ0081C960_ERROR__Melee_Power__s_has_range_:
  db 'ERROR: Melee Power %s has range 0',0
  Align 4
SSZ0081C984_CMeleeController__start__:
  db 'CMeleeController::start()',0
  Align 4
SSZ0081C9A0_power_ref___is_not_valid:
  db 'power ref # is not valid',0
  Align 4
SSZ0081C9BC_closed_range__resumed_normal_att:
  db 'closed range, resumed normal attack',0
SSZ0081C9E0_target_ready_to_interogate:
  db 'target ready to interogate',0
  Align 4
SSZ0081C9FC_Melee_recharging__range_already_:
  db 'Melee recharging, range already closed',0
  Align 4
SSZ0081CA24_Waiting_for_melee_recharge__clos:
  db 'Waiting for melee recharge, closing range',0
  Align 4
SSZ0081CA50_Failed_to_reach_target:
  db 'Failed to reach target',0
  Align 4
SSZ0081CA68_Reached_target__Attacking:
  db 'Reached target, Attacking',0
  Align 4
L0081CA84:
  dd 3DCCCCCDh


Looks like it might be AI code to me. Conditions that flag attacks to be made or reasons they need to be aborted. If that's correct, sadly there isn't code to be enabled here. (Hope I'm wrong).

As for the legality of such a patch release. I'd say no problem. There are numerous Morrowind add on executables (MGE - Morrowind Graphics extender, MWE - Morrowind extended, MWSE - Morrowind script extender (and IS MW scripting primitive compared to FF/Python) etc.) that Bathseda know about and allow discussion of on their own forums.

[bearded]

Looks like it might be AI code to me. Conditions that flag attacks to be made or reasons they need to be aborted. If that's correct, sadly there isn't code to be enabled here. (Hope I'm wrong).

As for the legality of such a patch release. I'd say no problem. There are numerous Morrowind add on executables (MGE - Morrowind Graphics extender, MWE - Morrowind extended, MWSE - Morrowind script extender (and IS MW scripting primitive compared to FF/Python) etc.) that Bathseda know about and allow discussion of on their own forums.

no, that's right.  but it links up with the proper code.  i'm pretty sure i've flagged melee and speeding bullet to work in flight now.  what i didn't consider was that i then have to figure out where the user interface is located so you can actually use them in game.  and i don't think the ai's will use them either, because i'll have to find the code that activates different behaviours.
basically, they are allowable powers in flight now, but you can't access them yet, if that makes sense.

[Lunarman]

Wowee!

That's great news Bearded!
Well done on figuring out that crazy code :)

[BentonGrey]

Hey guys, what's the status on this exciting approach?

[DEATH]

I'm also very interested on what can be accomplished with this...any word from those involved?

DEATH