Jump to content

jvm

Members
  • Content count

    27
  • Joined

  • Last visited

Community Reputation

1 Neutral

About jvm

  • Rank
    Private
  • Birthday 26/11/1917

Profile Information

  • Gender
    Female

Recent Profile Visitors

2,229 profile views
  1. Sad, but I try to be honest. I had a lot of mental inhibitions (social bindings, limitations) when it comes to physical social relationships. I know it sound harsh "male", sorry about that.
  2. Maybe, at most in the intellectual level. Cuz I don't feel attracted by male bodies (my frontal lobe won't allow it). The problem is that almost all the women I've dated, every time we had a conversation was more boring than looking at the wall for hours. Hey at least is good for you, to start using an spanish word...
  3. If I didn't misunderstand you, it is sad to hear (actually read), that someone with a beautiful intellect (yes, I don't think that a better word would describe it) had depression. Life isn't just, but we have to keep on (cuz it will end quite soon). The main reason why I keep coming back after some months to cnc forums, is you. My brain feels so stimulated when I read your posts, so much knowledge, feminine touch and grace that I cannot explain it.
  4. Indeed. I have a lot (LOT) to learn, I had to google "triangle strips" to understand your sentence....
  5. Mmmm, how many more secrets are you hiding from us?
  6. It works fine on new os, like the mighty one said. devilish as always. It took me 5 hours to manually rewind one damaged coil of the stator of my dremel 3000 (yeah, I know that it has no sense posting this here, but I needed some catharsis). UPDATE 14/2 There is a w3d plugin for blender, did you know, original post: http://forum.modding-union.com/index.php/topic,15838.0.html Author: Tarcontar + others Link to the files: https://github.com/sage-team/W3D-Tools Since they are written in python (sort of script), you can rewrite them as you like for almost any program.
  7. Since testmodelcondition has bool, you can remove ==1 function OnAlienHexaPodFull (self) if (ObjectTestModelCondition(Self, "RIDER1") and ObjectTestModelCondition(Self, "RIDER2") and ObjectTestModelCondition(Self, "RIDER3")) then ObjectGrantUpgrade(Self, "Upgrade_EradicatorTeleport") end end
  8. With that sentence you violated the forum rules, especially: So I reported that message.
  9. you are devilish , hope you never be angry with me...
  10. jvm

    WrathEd 2

    ok, I guess it's good news. I need to restart working with definitions (I left with uprising), I found that I did something wrong with the modded wrathed1.0 dll's related with RA3's asset entry choice that fail with uprising and so CC4.
  11. Second part (fixing the call for transport glitch): Well if you think that the first part was dirty, wait to see what is done here. OMG, I don't know how this even works... The problem with call for transport is that it won't try to load for a second time the unit into the container. So I decided to see what happens when you select 2 or more squads and press the "call for transport" button while all of them are selected. The result was quite exploitable... If we recall the game loop that call the function to load squads: cnc3game.Debug::PostStaticInit+14CDE1 - 8B 44 24 04 - mov eax,[esp+04] ... cnc3game.Debug::PostStaticInit+14CE19 - 74 07 - je cnc3game.Debug::PostStaticInit+14CE22 cnc3game.Debug::PostStaticInit+14CE1B - 8B 01 - mov eax,[ecx] cnc3game.Debug::PostStaticInit+14CE1D - 6A 00 - push 00 cnc3game.Debug::PostStaticInit+14CE1F - FF 50 14 - call dword ptr [eax+14] cnc3game.Debug::PostStaticInit+14CE22 - 85 FF - test edi,edi cnc3game.Debug::PostStaticInit+14CE24 - 89 7E 04 - mov [esi+04],edi cnc3game.Debug::PostStaticInit+14CE27 - 74 38 - je cnc3game.Debug::PostStaticInit+14CE61 cnc3game.Debug::PostStaticInit+14CE29 - 8B 07 - mov eax,[edi] cnc3game.Debug::PostStaticInit+14CE2B - 8B CF - mov ecx,edi cnc3game.Debug::PostStaticInit+14CE2D - FF 50 10 - call dword ptr [eax+10] cnc3game.Debug::PostStaticInit+14CE30 - 8B 4E 04 - mov ecx,[esi+04] cnc3game.Debug::PostStaticInit+14CE33 - 85 C9 - test ecx,ecx ... cnc3game.Debug::PostStaticInit+14CE65 - C2 0400 - ret 0004 And the fact that "eax" has to be 0x00A6F304 at "call dword ptr [eax+10]", when you call for transport if you set a debug breakpoint (remember that we are on the game loop, so the first breakpoint should have special condition) at: cnc3game_original.Debug::PostStaticInit+14CE2B - 8B CF - mov ecx,edi You will see something like this with the value of EAX: 0x00A6F304 0x00A6DC84 // n times, with n been the number of members at the squad ... // some other stuff 0x00A6F304 0x00A6DC84 // n times, with n been the number of members at the squad ... // repeats as many "call for transport" where done Dunno what is exactly 0x00A6DC84 for..., so I gamble and decided to make it simple. Why not replace one of these "0x00A6DC84" with another "0x00A6F304" to complete the dual call needed for the hack to work... And I did it, and it works like a charm. I don't know why on earth it works or how it does..., but it does. It would be nice know, however here I am just a gamer, not a professional (nobody is paying a sh.. for this), so for now we will have to accept this until I or someone else improves this solution. Enough of experience talk, let's see how to do it. Again we will need two memory spaces. The data will be the same as the previous part: cnc3game.dat+2D5F018 - 00 00 - add [eax],al cnc3game.dat+2D5F01A - 00 00 - add [eax],al ... cnc3game.dat+2D5F02D - 00 00 - add [eax],al Remember that we already used the first four bytes. Although the code space will be: cnc3game.dat+2D5F0F0 - 0F84 29753FFD - je cnc3game.Debug::PostStaticInit+14CE61 ... cnc3game.dat+2D5F139 - E9 AD743FFD - jmp cnc3game.Debug::PostStaticInit+14CE2D With that set, let's try to replace one of those "0x00A6DC84" with another "0x00A6F304". The big issue here is that we need to change a part of the game loop, so we will try add few instructions here (otherwise we could get some performance issues). We will replace these: cnc3game.Debug::PostStaticInit+14CE27 - 74 38 - je cnc3game.Debug::PostStaticInit+14CE61 cnc3game.Debug::PostStaticInit+14CE29 - 8B 07 - mov eax,[edi] cnc3game.Debug::PostStaticInit+14CE2B - 8B CF - mov ecx,edi With these: cnc3game.Debug::PostStaticInit+14CE27 - E9 068BC002 - jmp cnc3game.dat+cnc3game.dat+2D5F0F0 cnc3game.Debug::PostStaticInit+14CE2C - 90 - nop Now we move to "cnc3game.dat+2D5F0F0" and write the following: cnc3game.dat+2D5F0F0 - 0F84 29753FFD - je cnc3game.Debug::PostStaticInit+14CE61 cnc3game.dat+2D5F0F6 - 8B 07 - mov eax,[edi] cnc3game.dat+2D5F0F8 - 8B CF - mov ecx,edi cnc3game.dat+2D5F0FA - 3D 04F3A600 - cmp eax,00A6F304 cnc3game.dat+2D5F0FF - 75 12 - jne cnc3game.dat+2D5F113 cnc3game.dat+2D5F101 - 89 3D 1CF01503 - mov [cnc3game.dat+2D5F01C],edi cnc3game.dat+2D5F107 - 89 1D 20F01503 - mov [cnc3game.dat+2D5F020],ebx cnc3game.dat+2D5F10D - 89 15 24F01503 - mov [cnc3game.dat+2D5F024],edx cnc3game.dat+2D5F113 - 83 3D 18F01503 00 - cmp dword ptr [cnc3game.dat+2D5F018],00 cnc3game.dat+2D5F11A - 0F84 CB743FFD - je cnc3game.Debug::PostStaticInit+14CE2D cnc3game.dat+2D5F120 - 8B 3D 1CF01503 - mov edi,[cnc3game.dat+2D5F01C] cnc3game.dat+2D5F126 - 89 7E 04 - mov [esi+04],edi cnc3game.dat+2D5F129 - 8B 07 - mov eax,[edi] cnc3game.dat+2D5F12B - 8B CF - mov ecx,edi cnc3game.dat+2D5F12D - 8B 1D 20F01503 - mov ebx,[cnc3game.dat+2D5F020] cnc3game.dat+2D5F133 - 8B 15 24F01503 - mov edx,[cnc3game.dat+2D5F024] cnc3game.dat+2D5F139 - E9 AD743FFD - jmp cnc3game.Debug::PostStaticInit+14CE2D What's new: cnc3game.dat+2D5F0FA - 3D 04F3A600 - cmp eax,00A6F304 cnc3game.dat+2D5F0FF - 75 12 - jne cnc3game.dat+2D5F113 So why compare eax with "0x00A6F304", cuz if the game wants to load an squad we will need to back up some registers in our data bank in order to make the second call with "0x00A6F304". Then, the back up: cnc3game.dat+2D5F101 - 89 3D 1CF01503 - mov [cnc3game.dat+2D5F01C],edi cnc3game.dat+2D5F107 - 89 1D 20F01503 - mov [cnc3game.dat+2D5F020],ebx cnc3game.dat+2D5F10D - 89 15 24F01503 - mov [cnc3game.dat+2D5F024],edx Next is time to check if there was a first call (so we check the first four bytes in our data): cnc3game.dat+2D5F113 - 83 3D 18F01503 00 - cmp dword ptr [cnc3game.dat+2D5F018],00 cnc3game.dat+2D5F11A - 0F84 CB743FFD - je cnc3game.Debug::PostStaticInit+14CE2D If not keep the game routine, else read the back up and prepare to make the the second call with "0x00A6F304": cnc3game.dat+2D5F120 - 8B 3D 1CF01503 - mov edi,[cnc3game.dat+2D5F01C] cnc3game.dat+2D5F126 - 89 7E 04 - mov [esi+04],edi cnc3game.dat+2D5F129 - 8B 07 - mov eax,[edi] cnc3game.dat+2D5F12B - 8B CF - mov ecx,edi cnc3game.dat+2D5F12D - 8B 1D 20F01503 - mov ebx,[cnc3game.dat+2D5F020] cnc3game.dat+2D5F133 - 8B 15 24F01503 - mov edx,[cnc3game.dat+2D5F024] cnc3game.dat+2D5F139 - E9 AD743FFD - jmp cnc3game.Debug::PostStaticInit+14CE2D Finally you have fixed the multi squad load on vehicles, without adding any issue. However the worst is about to come, the unholy camera mod. Now it will get really ugly... TO BE CONTINUED (but not here since it doesn't relate with the topic)...
  12. First, some considerations: 1- If you know how to use the cheat engine or similar programs for hacks, it will be helpful to understand what follows. 2- Is important to remember that the instructions like "call" and "jmp", when they make a long jump what you see in the instruction is relative (ie correct), but bytes are absolute (which will only be correct if nothing is changed). Therefore, it is best to look in the assembler instructions, regardless of bytes. 3- Having said that, there is no single way of doing things, the only thing that matters is to keep the theorical sequence of instructions. 4- The fix for loading squads into units, works fine, but is not optimal and needs to be improved, but I don't have the time nor motivation to do it. 5- The camera mod is not complete, missing adjust of floor level with the minimum height allowed. 6- I will be calling "game loop" to all the game instructions that are always executed during gameplay and debugging them makes the game freeze. 7- Also I will be calling "refresh screen" when the game call especial libraries that aren't debuggable at least by cheat engine. 8- To make debugging easier, remember to launch the game with "-win". Let's start with, how to fix the issue when loading multiple squads on a vehicle: First part (alone causes the call for transport glitch): As any hack to an .exe file, we need to start by debugging the "exe" until we find the section where the problem lies. For cnc3game.dat (version 1.09) the "game loop" calls a function to start with the loading squads (in both units and structures), here: cnc3game.Debug::PostStaticInit+14CE2D - FF 50 10 - call dword ptr [eax+10] Only when "eax" equals 0x00A6F304. That instruction belongs to this routine (which is in the game loop): cnc3game.Debug::PostStaticInit+14CDE1 - 8B 44 24 04 - mov eax,[esp+04] ... cnc3game.Debug::PostStaticInit+14CE19 - 74 07 - je cnc3game.Debug::PostStaticInit+14CE22 cnc3game.Debug::PostStaticInit+14CE1B - 8B 01 - mov eax,[ecx] cnc3game.Debug::PostStaticInit+14CE1D - 6A 00 - push 00 cnc3game.Debug::PostStaticInit+14CE1F - FF 50 14 - call dword ptr [eax+14] cnc3game.Debug::PostStaticInit+14CE22 - 85 FF - test edi,edi cnc3game.Debug::PostStaticInit+14CE24 - 89 7E 04 - mov [esi+04],edi cnc3game.Debug::PostStaticInit+14CE27 - 74 38 - je cnc3game.Debug::PostStaticInit+14CE61 cnc3game.Debug::PostStaticInit+14CE29 - 8B 07 - mov eax,[edi] cnc3game.Debug::PostStaticInit+14CE2B - 8B CF - mov ecx,edi cnc3game.Debug::PostStaticInit+14CE2D - FF 50 10 - call dword ptr [eax+10] cnc3game.Debug::PostStaticInit+14CE30 - 8B 4E 04 - mov ecx,[esi+04] cnc3game.Debug::PostStaticInit+14CE33 - 85 C9 - test ecx,ecx ... cnc3game.Debug::PostStaticInit+14CE65 - C2 0400 - ret 0004 The input values to function seems to be quite random and they don't repeat after a loading. The function called is this one (not game loop): cnc3game.Debug::PostStaticInit+17C232 - 8B 49 18 - mov ecx,[ecx+18] cnc3game.Debug::PostStaticInit+17C235 - 53 - push ebx cnc3game.Debug::PostStaticInit+17C236 - 55 - push ebp cnc3game.Debug::PostStaticInit+17C237 - 56 - push esi cnc3game.Debug::PostStaticInit+17C238 - 57 - push edi cnc3game.Debug::PostStaticInit+17C239 - 8B 79 14 - mov edi,[ecx+14] cnc3game.Debug::PostStaticInit+17C23C - E8 5B0CFDFF - call cnc3game.Debug::PostStaticInit+14CE9C cnc3game.Debug::PostStaticInit+17C241 - 85 FF - test edi,edi cnc3game.Debug::PostStaticInit+17C243 - 8B E8 - mov ebp,eax cnc3game.Debug::PostStaticInit+17C245 - 0F84 A5000000 - je cnc3game.Debug::PostStaticInit+17C2F0 cnc3game.Debug::PostStaticInit+17C24B - 85 ED - test ebp,ebp cnc3game.Debug::PostStaticInit+17C24D - 0F84 9D000000 - je cnc3game.Debug::PostStaticInit+17C2F0 ... cnc3game.Debug::PostStaticInit+17C2F0 - 6A FE - push -02 cnc3game.Debug::PostStaticInit+17C2F2 - 58 - pop eax cnc3game.Debug::PostStaticInit+17C2F3 - 5F - pop edi cnc3game.Debug::PostStaticInit+17C2F4 - 5E - pop esi cnc3game.Debug::PostStaticInit+17C2F5 - 5D - pop ebp cnc3game.Debug::PostStaticInit+17C2F6 - 5B - pop ebx cnc3game.Debug::PostStaticInit+17C2F7 - C3 - ret The first function called is: cnc3game.Debug::PostStaticInit+17C23C - E8 5B0CFDFF - call cnc3game.Debug::PostStaticInit+14CE9C Inside it, there is this (game loop): cnc3game.Debug::PostStaticInit+14CE9C - 8B 41 3C - mov eax,[ecx+3C] cnc3game.Debug::PostStaticInit+14CE9F - 56 - push esi cnc3game.Debug::PostStaticInit+14CEA0 - 33 F6 - xor esi,esi cnc3game.Debug::PostStaticInit+14CEA2 - 2B C6 - sub eax,esi cnc3game.Debug::PostStaticInit+14CEA4 - 74 2B - je cnc3game.Debug::PostStaticInit+14CED1 cnc3game.Debug::PostStaticInit+14CEA6 - 48 - dec eax cnc3game.Debug::PostStaticInit+14CEA7 - 74 04 - je cnc3game.Debug::PostStaticInit+14CEAD ... cnc3game.Debug::PostStaticInit+14CEAD - 8B 49 20 - mov ecx,[ecx+20] cnc3game.Debug::PostStaticInit+14CEB0 - 3B CE - cmp ecx,esi cnc3game.Debug::PostStaticInit+14CEB2 - 74 19 - je cnc3game.Debug::PostStaticInit+14CECD ... cnc3game.Debug::PostStaticInit+14CECD - 8B C6 - mov eax,esi cnc3game.Debug::PostStaticInit+14CECF - 5E - pop esi cnc3game.Debug::PostStaticInit+14CED0 - C3 - ret When loading squads the first "je" won't jump but the second will always, so the code reduces to: cnc3game.Debug::PostStaticInit+14CEAD - 8B 49 20 - mov ecx,[ecx+20] cnc3game.Debug::PostStaticInit+14CEB0 - 3B CE - cmp ecx,esi cnc3game.Debug::PostStaticInit+14CEB2 - 74 19 - je cnc3game.Debug::PostStaticInit+14CECD ... cnc3game.Debug::PostStaticInit+14CECD - 8B C6 - mov eax,esi cnc3game.Debug::PostStaticInit+14CECF - 5E - pop esi cnc3game.Debug::PostStaticInit+14CED0 - C3 - ret And here is the key part [ecx+20] always holds the ID of the transport (even after reloading a saved game, the ID doesn't change). If you start messing and you change this ID for another valid ID, the squad will change course to the new container but it won't enter to it physically (they will be in some sort of limbo). Anyway in order to make the hack work we must make the jump from the third "je". This can be achieved by setting the ZF (zero flag) or by moving a zero to "ecx" before the comparison. If that is done, the instructions afterwards will be: cnc3game.Debug::PostStaticInit+14CEB2 - 74 19 - je cnc3game.Debug::PostStaticInit+14CECD cnc3game.Debug::PostStaticInit+14CECD - 8B C6 - mov eax,esi cnc3game.Debug::PostStaticInit+14CECF - 5E - pop esi cnc3game.Debug::PostStaticInit+14CED0 - C3 - ret //Returns to the function that is not in the game loop cnc3game.Debug::PostStaticInit+17C241 - 85 FF - test edi,edi cnc3game.Debug::PostStaticInit+17C243 - 8B E8 - mov ebp,eax cnc3game.Debug::PostStaticInit+17C245 - 0F84 A5000000 - je cnc3game.Debug::PostStaticInit+17C2F0 cnc3game.Debug::PostStaticInit+17C24B - 85 ED - test ebp,ebp cnc3game.Debug::PostStaticInit+17C24D - 0F84 9D000000 - je cnc3game.Debug::PostStaticInit+17C2F0 cnc3game.Debug::PostStaticInit+17C2F0 - 6A FE - push -02 cnc3game.Debug::PostStaticInit+17C2F2 - 58 - pop eax cnc3game.Debug::PostStaticInit+17C2F3 - 5F - pop edi cnc3game.Debug::PostStaticInit+17C2F4 - 5E - pop esi cnc3game.Debug::PostStaticInit+17C2F5 - 5D - pop ebp cnc3game.Debug::PostStaticInit+17C2F6 - 5B - pop ebx cnc3game.Debug::PostStaticInit+17C2F7 - C3 - ret //This will exit it quite fast and returns to the very beginning cnc3game.Debug::PostStaticInit+14CE30 - 8B 4E 04 - mov ecx,[esi+04] cnc3game.Debug::PostStaticInit+14CE33 - 85 C9 - test ecx,ecx ... And it will loop, but "eax" won't be 0x00A6F304 in "call dword ptr [eax+10]" (at least not for the same container unit) the immediatly next time: ... cnc3game.Debug::PostStaticInit+14CE19 - 74 07 - je cnc3game.Debug::PostStaticInit+14CE22 cnc3game.Debug::PostStaticInit+14CE1B - 8B 01 - mov eax,[ecx] cnc3game.Debug::PostStaticInit+14CE1D - 6A 00 - push 00 cnc3game.Debug::PostStaticInit+14CE1F - FF 50 14 - call dword ptr [eax+14] cnc3game.Debug::PostStaticInit+14CE22 - 85 FF - test edi,edi cnc3game.Debug::PostStaticInit+14CE24 - 89 7E 04 - mov [esi+04],edi cnc3game.Debug::PostStaticInit+14CE27 - 74 38 - je cnc3game.Debug::PostStaticInit+14CE61 cnc3game.Debug::PostStaticInit+14CE29 - 8B 07 - mov eax,[edi] cnc3game.Debug::PostStaticInit+14CE2B - 8B CF - mov ecx,edi cnc3game.Debug::PostStaticInit+14CE2D - FF 50 10 - call dword ptr [eax+10] cnc3game.Debug::PostStaticInit+14CE30 - 8B 4E 04 - mov ecx,[esi+04] cnc3game.Debug::PostStaticInit+14CE33 - 85 C9 - test ecx,ecx ... However the container unit will be "fixed" (it seems permanently, but need more testing), so the true fix is done by the game itself (after that "zero hack") between these two instructions: cnc3game.Debug::PostStaticInit+14CE30 - 8B 4E 04 - mov ecx,[esi+04] ... cnc3game.Debug::PostStaticInit+14CE2D - FF 50 10 - call dword ptr [eax+10] For "eax" to be 0x00A6F304 for the same container unit in "call dword ptr [eax+10]", we will have to wait a "refresh screen", and that is why you can see a delay for the squads when entering to the container. Ok, enough of theory, how you solve it? First you need two memory spaces. One for data and the other for the instructions. For improvise reasons my data memory spaces goes from/to: cnc3game.dat+2D5F018 - 00 00 - add [eax],al cnc3game.dat+2D5F01A - 00 00 - add [eax],al ... cnc3game.dat+2D5F02D - 00 00 - add [eax],al And my code space goes from/to: cnc3game.dat+2D5F0A8 - 8B 41 3C - mov eax,[ecx+3C] ... cnc3game.dat+2D5F0EF - C3 - ret Now once that set, let's try to put the "zero". Since the function that needs the "zero", is in the game loop, it would be better not to touch cuz it could break something else. So we will clone it in our code space like this: cnc3game.dat+2D5F0A8 - 8B 41 3C - mov eax,[ecx+3C] cnc3game.dat+2D5F0AB - 56 - push esi cnc3game.dat+2D5F0AC - 31 F6 - xor esi,esi cnc3game.dat+2D5F0AE - 29 F0 - sub eax,esi cnc3game.dat+2D5F0B0 - 48 - dec eax cnc3game.dat+2D5F0B1 - 8B 49 20 - mov ecx,[ecx+20] cnc3game.dat+2D5F0B4 - 39 0D 18F01503 - cmp [cnc3game.dat+2D5F018],ecx cnc3game.dat+2D5F0BA - 74 0D - je cnc3game.dat+2D5F0C9 cnc3game.dat+2D5F0BC - 89 0D 18F01503 - mov [cnc3game.dat+2D5F018],ecx cnc3game.dat+2D5F0C2 - B9 00000000 - mov ecx,00000000 cnc3game.dat+2D5F0C7 - EB 0A - jmp cnc3game.dat+2D5F0D3 cnc3game.dat+2D5F0C9 - C7 05 18F01503 00000000 - mov [cnc3game.dat+2D5F018],00000000 cnc3game.dat+2D5F0D3 - 51 - push ecx cnc3game.dat+2D5F0D4 - 8B 0D 4C53BE00 - mov ecx,[cnc3game.dat+7E534C] cnc3game.dat+2D5F0DA - 81 C1 C0000000 - add ecx,000000C0 cnc3game.dat+2D5F0E0 - E8 6B1B6BFD - call cnc3game.Debug::PostStaticInit+407492 cnc3game.dat+2D5F0E5 - 39 F0 - cmp eax,esi cnc3game.dat+2D5F0E7 - 74 03 - je cnc3game.dat+2D5F0EC cnc3game.dat+2D5F0E9 - 8B 70 08 - mov esi,[eax+08] cnc3game.dat+2D5F0EC - 8B C6 - mov eax,esi cnc3game.dat+2D5F0EE - 5E - pop esi cnc3game.dat+2D5F0EF - C3 - ret Where is the difference, here: cnc3game.dat+2D5F0B4 - 39 0D 18F01503 - cmp [cnc3game.dat+2D5F018],ecx cnc3game.dat+2D5F0BA - 74 0D - je cnc3game.dat+2D5F0C9 cnc3game.dat+2D5F0BC - 89 0D 18F01503 - mov [cnc3game.dat+2D5F018],ecx cnc3game.dat+2D5F0C2 - B9 00000000 - mov ecx,00000000 cnc3game.dat+2D5F0C7 - EB 0A - jmp cnc3game.dat+2D5F0D3 cnc3game.dat+2D5F0C9 - C7 05 18F01503 00000000 - mov [cnc3game.dat+2D5F018],00000000 What it does?, the 1º instruction compares the first 4 bytes of our data space (the first time is zero). The 2º will jump to 2D5F0C9 if they are equal (this will only happen if the game already tried to load an squad to this container unit). The 3º, will save the new container ID into the first 4 bytes of our data space. The 4º will put the ZERO in ecx. The fifth will avoid the sixth. And finally the 6º will be executed only if 2º did the jump, meaning that the game is trying a second time to load an squads to the container and that's why the first 4 bytes of our data space should be clear. Now we need that the game calls our function instead of the original, that is quite simple, we need to replace this: cnc3game.Debug::PostStaticInit+17C23C - E8 5B0CFDFF - call cnc3game.Debug::PostStaticInit+14CE9C With this: cnc3game.Debug::PostStaticInit+17C23C - E8 A996BD02 - call cnc3game.dat+2D5F0A8 And that's it. Now you have fixed the multi squad load on vehicles, but you added a "call for transport" glitch. This will be "solved" in the second part. TO BE CONTINUED...
  13. You need to create a new section at the end of cnc3game.dat with something like Stud_PE (the raw offset should be 0x2351000), (the size in this example was 0xB9000) It will look like this: here OR you could find a space inhabited with only null (0x00) as a your code cave.In this case you will need to change same call and jmp values. Dunno, never played a multiplayer game with this version. If you want I could explain step by step what I did (and you will see that it is a real mess, try and error). But it could be quite large the topic (however it will help anyone, this include me, since I usually forget how to do things after a couple of months). A short version (which doesn't have all the details nor explanation)of how this was done is here: my topic: here which redirects to this topic: here
  14. , there is a way, and I found it, I told you mighty one (or it was a dream? ) that I would fix this issue... Forgive mighty one, I was joking , Let's get serious, you can mess with the exe (actually cnc3game.dat) until you get what you want.... Like this: However cuz of the delayed loading, the "call for transport" won't work unless you manually click to load units before the transport lands. UPDATE 17 - 7 - 15 After messing more with the .exe I fixed the delayed loading and so the "call for transport" glitch. Since nobody cares I will post the patches here: --------------------------------------------------------------------------------------- Camera Mod ORIGINAL: 74 4B D9 41 0C F3 0F 10 41 08 D8 0D 88 E6 A3 00 F3 0F 59 05 40 CE AA 00 F3 0F 11 45 08 D9 C0 MODDED: 74 4B E9 41 0B A2 02 D9 41 0C D8 0D 88 E6 A3 00 90 90 90 90 90 90 90 90 F3 0F 11 45 08 D9 C0 ORIGINAL: 76 64 D9 47 50 8B 06 8B CE D9 5D FC FF 10 D8 6D FC 0F 57 C0 8D 45 FC MODDED: 76 64 D9 47 40 8B 06 8B CE D9 5D FC FF 10 D8 6D FC 0F 57 C0 8D 45 FC ORIGINAL: E8 A5 D3 E1 FF D9 5E 08 80 7D FF 00 75 0E MODDED: E8 A5 D3 E1 FF 90 90 90 80 7D FF 00 75 0E NEW SECTION: 00 00 96 44 00 00 96 43 33 33 B3 3F CD CC B3 42 00 00 c8 44 00 00 96 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 A1 08 F0 15 03 53 8B 1D 78 A2 BE 00 89 83 10 0B 00 00 5B A1 0C F0 15 03 89 41 0C A1 10 F0 15 03 89 41 08 A1 14 F0 15 03 89 41 04 8B 81 88 DB FF FF 3B 05 00 F0 15 03 7F 12 3B 05 04 F0 15 03 7C 14 F3 0F 10 81 88 DB FF FF EB 12 F3 0F 10 05 00 F0 15 03 EB 08 F3 0F 10 05 04 F0 15 03 F3 0F 10 89 88 DB FF FF F3 0F 5E C8 F3 0F 11 89 84 DB FF FF 58 E9 47 F4 5D FD --------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------- Multi squad load on vehicles Fix (causes call for transport glitch) ORIGINAL: 8B 79 14 E8 5B 0C FD FF 85 FF 8B E8 0F 84 A5 00 00 00 85 ED MODDED: 8B 79 14 E8 A9 96 BD 02 85 FF 8B E8 0F 84 A5 00 00 00 85 ED NEW SECTION: 8B 41 3C 56 31 F6 29 F0 48 8B 49 20 39 0D 18 F0 15 03 74 0D 89 0D 18 F0 15 03 B9 00 00 00 00 EB 0A C7 05 18 F0 15 03 00 00 00 00 51 8B 0D 4C 53 BE 00 81 C1 C0 00 00 00 E8 6B 1B 6B FD 39 F0 74 03 8B 70 08 8B C6 5E C3 --------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------- Call for transport glitch Fix ORIGINAL: 85 FF 89 7E 04 74 38 8B 07 8B CF FF 50 10 8B 4E 04 MODDED: 85 FF 89 7E 04 E9 06 8B C0 02 90 FF 50 10 8B 4E 04 NEW SECTION: 0F 84 29 75 3F FD 8B 07 8B CF 3D 04 F3 A6 00 75 12 89 3D 1C F0 15 03 89 1D 20 F0 15 03 89 15 24 F0 15 03 83 3D 18 F0 15 03 00 0F 84 CB 74 3F FD 8B 3D 1C F0 15 03 89 7E 04 8B 07 8B CF 8B 1D 20 F0 15 03 8B 15 24 F0 15 03 E9 AD 74 3F FD --------------------------------------------------------------------------------------- If anyone wants the cnc3game.dat already modded, send me a pm.
  15. Some ai's are missing but try these link it added the skirmishAI folder to definitions + changed some typehashes for kane's w.
×