Gp Range

[Hooman]

There are two sections of code controlling tubbed GP range. They are (with a bit of context):

Code: [Select]

00485155  |.  F6C1 80           TEST CL,80                                                    ;  Check if (flags.bIsWeaponConnectedToCC)
00485158  |.  8B5C82 20         MOV EBX,DWORD PTR DS:[EDX+EAX*4+20]                            ;  EBX = Unit:Weapon.playerInfo[creatorNum].sightRange
0048515C  |.  74 19             JE SHORT Outpost2.00485177
0048515E  |.  8B46 38           MOV EAX,DWORD PTR DS:[ESI+38]
00485161  |.  85C0              TEST EAX,EAX
00485163  |.  74 12             JE SHORT Outpost2.00485177
00485165  |.  8B48 10           MOV ECX,DWORD PTR DS:[EAX+10]
00485168  |.  85C9              TEST ECX,ECX
0048516A  |.  74 0B             JE SHORT Outpost2.00485177
0048516C  |.  43                INC EBX
0048516D      83FB 07           CMP EBX,7
00485170  |.  7C 05             JL SHORT Outpost2.00485177
00485172      BB 07000000       MOV EBX,7                                                    ;  EBX = 7  [sightRange]

and:

Code: [Select]

0042D2A9   .  8B7C90 20         MOV EDI,DWORD PTR DS:[EAX+EDX*4+20]                            ;  EDI = UnitTypeInfo.playerInfo[ownerNum].sightRange
0042D2AD   .  8B46 38           MOV EAX,DWORD PTR DS:[ESI+38]
0042D2B0   .  85C0              TEST EAX,EAX
0042D2B2   .  74 12             JE SHORT Outpost2.0042D2C6
0042D2B4   .  8B48 10           MOV ECX,DWORD PTR DS:[EAX+10]
0042D2B7   .  85C9              TEST ECX,ECX
0042D2B9   .  74 0B             JE SHORT Outpost2.0042D2C6
0042D2BB   .  47                INC EDI
0042D2BC      83FF 07           CMP EDI,7
0042D2BF   .  7C 05             JL SHORT Outpost2.0042D2C6
0042D2C1      BF 07000000       MOV EDI,7

In both cases, just change the range cap in the last and third last lines of each block. (Change the 7s).

The first block controls how far the weapon will actually fire. The last block controls how far the mouse targetting will work for.

You can also change the INC instruction before that to increase how many extra tiles it will fire (when tubbed). Although, trying to increment by more than one will likely require more code bytes, so it might be a bit trickier to modify and get it to fit in somewhere.


The code above it seems to check for tube related things. At offset 0x38 within the Unit class is a pointer to some struct that contains info about tubbing. I've seen similar code in other places regarding tubing, including with the DIRT.

[Freeza-CII]

Does this also increase the range of the Flare and Nova guardposts as well?

[zigzagjoe]

as it seems, these are not the only 2 locations dealing with this: when (most) of the code block that controls the target range check is moved to a function, and hooked in the original op2 code, if tubed, it will still only fire +1 (even with the tube check removed). otherwise, it will not fire at all.

the mouse increase works as intended.

that is,

mouse check patch @ 0042D2AD

INC EDI
INC EDI
(lots of NOPs)

range check hook @ 00485155

Code: [Select]

  MOV EBX,DWORD PTR DS:[EDX+EAX*4+20H]

  INC EBX      	// EBX + 2
  INC EBX

  CMP EBX,8      // range less than 8?
  JL SHORT end    	// jump to end, if so

  MOV EBX,8      // cap it at 8 if not

*should* unconditionally increase the range by 2 to a max of 8 - but it only fires as far as it should normally (according to tube status) - it still accepts shoot orders for the correct range


edit think i found it -

Code: [Select]

004A6EE0  |. F6C1 80        TEST CL,80
004A6EE3  |. 74 19          JE SHORT Outpost2.004A6EFE
004A6EE5  |. 8B4E 38        MOV ECX,DWORD PTR DS:[ESI+38]
004A6EE8  |. 85C9           TEST ECX,ECX
004A6EEA  |. 74 12          JE SHORT Outpost2.004A6EFE
004A6EEC  |. 8B51 10        MOV EDX,DWORD PTR DS:[ECX+10]
004A6EEF  |. 85D2           TEST EDX,EDX
004A6EF1  |. 74 0B          JE SHORT Outpost2.004A6EFE
004A6EF3  |. 43             INC EBX
004A6EF4  |. 83FB 07        CMP EBX,7
004A6EF7  |. 7C 05          JL SHORT Outpost2.004A6EFE
004A6EF9  |. BB 07000000    MOV EBX,7

first one is checking the weaponisconnectedtocc, then it has the tube stuff you mentioned, and it has the correct constants

no labeling of any kind on it nor anything i can readily identify as owning it

hmm, no, i think there might be even more...? lol

found another anon chunk -

Code: [Select]

004A7382   . F6C1 80        TEST CL,80
004A7385   . 74 19          JE SHORT Outpost2.004A73A0
004A7387   . 8B48 38        MOV ECX,DWORD PTR DS:[EAX+38]
004A738A   . 85C9           TEST ECX,ECX
004A738C   . 74 12          JE SHORT Outpost2.004A73A0
004A738E   . 8B69 10        MOV EBP,DWORD PTR DS:[ECX+10]
004A7391   . 85ED           TEST EBP,EBP
004A7393   . 74 0B          JE SHORT Outpost2.004A73A0
004A7395   . 43             INC EBX
004A7396   . 83FB 07        CMP EBX,7
004A7399   . 7C 05          JL SHORT Outpost2.004A73A0
004A739B   . BB 07000000    MOV EBX,7

maybe, each weapon has one of these chunks? it would make a certain amount of sense

another chunk

Code: [Select]

004A7512   . F6C1 80        TEST CL,80
004A7515   . 74 19          JE SHORT Outpost2.004A7530
004A7517   . 8B48 38        MOV ECX,DWORD PTR DS:[EAX+38]
004A751A   . 85C9           TEST ECX,ECX
004A751C   . 74 12          JE SHORT Outpost2.004A7530
004A751E   . 8B69 10        MOV EBP,DWORD PTR DS:[ECX+10]
004A7521   . 85ED           TEST EBP,EBP
004A7523   . 74 0B          JE SHORT Outpost2.004A7530
004A7525   . 43             INC EBX
004A7526   . 83FB 07        CMP EBX,7
004A7529   . 7C 05          JL SHORT Outpost2.004A7530
004A752B   . BB 07000000    MOV EBX,7

this last one belongs to
004A74D0 Function: UnitTypeInfo:.(Unit* unit, ):

another edit: hooked the last 3 chunks with the same (INC ebx 2x and nop the rest) and behavior persists. i will keep looking.

one more

Code: [Select]

004A7172   . F6C1 80        TEST CL,80
004A7175   . 74 19          JE SHORT Outpost2.004A7190
004A7177   . 8B47 38        MOV EAX,DWORD PTR DS:[EDI+38]
004A717A   . 85C0           TEST EAX,EAX
004A717C   . 74 12          JE SHORT Outpost2.004A7190
004A717E   . 8B48 10        MOV ECX,DWORD PTR DS:[EAX+10]
004A7181   . 85C9           TEST ECX,ECX
004A7183   . 74 0B          JE SHORT Outpost2.004A7190
004A7185   . 45             INC EBP
004A7186   . 83FD 07        CMP EBP,7
004A7189   . 7C 05          JL SHORT Outpost2.004A7190
004A718B   . BD 07000000    MOV EBP,7

anothr chunk

Code: [Select]

004A6BC4   . F6C3 80        TEST BL,80
004A6BC7   . 74 21          JE SHORT Outpost2.004A6BEA
004A6BC9   . 8B40 38        MOV EAX,DWORD PTR DS:[EAX+38]
004A6BCC   . 85C0           TEST EAX,EAX
004A6BCE   . 74 1A          JE SHORT Outpost2.004A6BEA
004A6BD0   . 8B48 10        MOV ECX,DWORD PTR DS:[EAX+10]
004A6BD3   . 85C9           TEST ECX,ECX
004A6BD5   . 74 13          JE SHORT Outpost2.004A6BEA
004A6BD7   . 8B4424 1C      MOV EAX,DWORD PTR SS:[ESP+1C]
004A6BDB   . 40             INC EAX
004A6BDC   . 83F8 07        CMP EAX,7
004A6BDF   . 7C 05          JL SHORT Outpost2.004A6BE6
004A6BE1   . B8 07000000    MOV EAX,7

it definitely seems like there is a chunk for each weapon (that will be a right f***er to patch -_-) saying this because these functions tend to have a lot of similarities, like the chunks i have been listing, with minor deviations in registers and the like

Code: [Select]

00412040   . 56             PUSH ESI
00412041   . 8B01           MOV EAX,DWORD PTR DS:[ECX]
00412043   . 8BF1           MOV ESI,ECX
00412045   . FF90 A0000000  CALL DWORD PTR DS:[EAX+A0]
0041204B   . 85C0           TEST EAX,EAX
0041204D   . 74 11          JE SHORT Outpost2.00412060
0041204F   . 8B46 38        MOV EAX,DWORD PTR DS:[ESI+38]
00412052   . 85C0           TEST EAX,EAX
00412054   . 74 0A          JE SHORT Outpost2.00412060
00412056   . 8B48 10        MOV ECX,DWORD PTR DS:[EAX+10]
00412059   . 85C9           TEST ECX,ECX
0041205B   . 74 03          JE SHORT Outpost2.00412060
0041205D   . FF40 14        INC DWORD PTR DS:[EAX+14]
00412060   > 5E             POP ESI
00412061   . C2 0800        RETN 8

maybe this is a function of interest? it has some similarities (mostly, the  offsets, and number of jumps and it does have an inc)