Outpost Universe Forums

Outpost Series Games => Outpost 2 Divided Destiny => Topic started by: vennom on August 20, 2008, 06:58:31 PM

Title: One Idea
Post by: vennom on August 20, 2008, 06:58:31 PM

Hello guys ^^ im a developer, i work with DELPHI/ASM and i know well how manipulate the game memory, so i had a cool idea... let me explain it:

My Style to play OP2 is make all researches, hehe xD so i take a lot of time to end in some missions, then or microbes or lava aways destroy everything and etc etc... so i lose the stage coz of the "main disasters"

i made a program, that find a procedure call like "DoInfect" , "Lava" , "Microbe" and a few more matches of procedures that "call" these disasters. so i nerfed these functions and worket well for me, so i made a program to nerf these functions.

My problem is: Each mission has it own dll, and it OWN function-address, so i have to find it manually to then nerf it... i did it, its working on a "betta-buggy" version xD

can some1 help me with beta-testing stages and developing the restant of this program >.>?

(Well, i did it a few times, totally manually using WRITEPROCESSADDRESS function to nerf disaster functions with RET in function start but isnt working very well dinamically finding addresses and modifying em)



 

Title: One Idea
Post by: Sirbomber on August 20, 2008, 10:13:43 PM

Quote

i made a program, that find a procedure call like "DoInfect" , "Lava" , "Microbe" and a few more matches of procedures that "call" these disasters. so i nerfed these functions and worket well for me, so i made a program to nerf these functions.

You want to get rid of the Blight?!
You are the enemy of all mankind!

Plus, the game isn't all that fun if there's no time limit.

Title: One Idea
Post by: Hidiot on August 21, 2008, 03:30:29 AM

Yeah, just go play colony games for no time limit.

Or get really good at the game. I managed to finish both campaigns on normal recently ,researching ALL researches in each map I could (excluding Leisure Studies, as it's only a pain to maintain.)

That said, I think your skills could be better used for other things. Like piecing the exe for every last big of code used, so we can all understand why things work the way they do.

Check around for Hooman discoveries, as to not find the same thing twice.

Title: One Idea
Post by: vennom on August 21, 2008, 05:32:48 AM

i play in hard mode and some lvls with these things are REALLY impossible xD

but anyway >.> i think i have to try finish the game without a "few" discoverys if im going to play with diseases but, i didnt learn how to play without make all researches so i dont know exactly wha ti need/dont need hehe ^^ ill play in medium to review these concepts >.>

anyway, im trying to find at last a way to "delay" these diseasses... maximum of delay i got was about err, 5 minutes and a few seconds... i think i cant do more >.> i even tried use a code-cave to keep a part of the code with a delay function, to w8 a few minutes before start the microbe/lava, hehe ^^ only testing... find a code cave isnt easy, outpost2 is a hard game to find somewhere to put even a small code >.> but worked once when i made a jump to a "dead-function", im using GDI32, SETPIXEL function to use as code-cave >.>

anyway, ill keep fighting to win without cheating xD! (now i only cheat in medium mode after i finished with eden/plymouth, anyway i finished with a few researches left with plymouth coz of mission 11 >.> its hellish)

Title: One Idea
Post by: Hidiot on August 21, 2008, 05:56:05 AM

All in all it's single player and you can kinda d owhat you want with it.

But watch out when playing multi player... desyncs are almost certain to happen... if you get past the checksum first.
The checksum problem will only arise if you pre-edited the exe, or any file that is used during your play.

Title: One Idea
Post by: vennom on August 21, 2008, 07:11:05 AM

acrtually i know how to nerf any function in fame, just getting it 5 first bytes, and writing (asm)
(ill write in hex the commands)
90
90
90
90
c3

90 = nop / c3 = ret

so function wont work... well, i can try nerf any checksum function >.> (i can nerf cd checking using this) but my intention isnt cheat online xD i like online game playing with blood =D

but well, i dont like cheating single player neither! only if i finish the game, then i think its funny play with it's engine ^^ anyway, i still have to beat hard mode with both eden and plymouth... so i can only cheat in easy/medium xD (i found also how activate cheat codes in any map, theres is a function called ALLOWCHEATS or something like that, that can give me these acess rights >.> dunno in multiplayer mode xD)

me and my friends, we are making a mod to play OP2 online also ^^ we are increasing all structs/vehicles Hit points, reducing all researching/construction time by 25%~30% and reducing a LITTLE of thor's damage >.>
im trying to make just a "plugin" to make these changes whyen game is running so no need patch the original client but its kinda hard xD

Title: One Idea
Post by: Mcshay on August 21, 2008, 07:57:11 AM

Just remember that if you disable the checksum, the game will desynchronize eventually. It's pretty pointless to play a game in which your opponent has already destroyed your base on his end.

Edit: There is a mod system built into our version of op2, search around for details on it.

Title: One Idea
Post by: vennom on August 21, 2008, 08:27:30 AM

xD as i said my idea isnt cheat online o.O so its really pointless disable checksum functions ^^

and yeah i found mod version o.O pretty nice

Title: One Idea
Post by: Hooman on August 21, 2008, 08:16:17 PM

Of course the easy way would have been to nerf the exe rather than the DLLs. Do it once, and it's done for all the levels.

Also, you don't really need those NOPs. It can just put the RET as the first byte. Of course that's assuming the function doesn't take parameters, otherwise you'll need "RET x" to prevent crashes.
 

Title: One Idea
Post by: vennom on August 21, 2008, 09:54:17 PM

yeah i was thinking about that (the nopes are something else i was planning to put there =D)

and hmm RET in start of the function dont "crash" but it raises an exception and depending on its level can crash (not all the time) but is interesting give a return... but to give this return, first i have to understand what exactly i should return, else ill make s*** xD (Microbe dont have return, is VOID function)

and, start microbe function is only in dll's not in exe... so i have to nerf in EACH dll EACH time the map is restarted/reloaded and thats my biggest problem... i have to make a memory search after parts of the microbe code to then nerf microbe function, remembering EACH dll has a start-microbe function name, in first mission is DoInfect, second is StartMicrobe and third Microbe1 (i think this is the order) xD its hard to work with these things... and i think addresses will change between computers so, i have to find it on runtime...

remember im just doing these changes at runtime, coz i dont want modify original game-giles =D dinamic patches are better (i think lol)

Title: One Idea
Post by: Hooman on August 22, 2008, 06:55:29 AM

The "RET x" is to pop the parameter bytes off the stack, not to return a value. If the function takes one parameter, then usually you need a "RET 4".

There are only really two functions in the exe to infect things:

Code: [Select]

Unit.DoInfect()
Map.SetVirusUL(LOCATION location, int spreadSpeed)

All the DLLs need to call one of those two functions to create the blight. The Unit.DoInfect is used to infect a building without blight being visible on the map, such as in Eden mission 1. The other creates visible blight on the map that will grow from it's starting point. This is the function used by pretty much every level other than Eden mission 1. If you check the DLL code closely you'll see that blight can always be traced back to one of these two calls. There are a few other blight related calls, such as to speed up the spread, but unless you've called one of these functions first, the others won't do anything.

Also, since the exe is the first module loaded in it's address space, it will always get the same load address. Thus you don't really need to search each time since those functions will always be at the same location. Plus, with all the patching we've done, the exe isn't likely to even work if it's loaded to any other address. When we patch code bytes in the exe, we've never bothered to update the relocation table. Should the exe ever get relocated, some patch code won't be relocated that needs to be, and other patch code will get relocated when it shouldn't. We've thinking of stripping the relocation table entirely for the next release. Also, it's become common practice to strip the relocation table from the exe, and only include it in DLLs. There is essentially no chance of exe code being relocated.
 

Title: One Idea
Post by: vennom on August 22, 2008, 10:38:58 AM

hmm interesting o.O!

now i'v done my first test-release of this auto-patcher, the patcher is resumed ina  dll wrote in delphi/asm to edit functions and even resolution in OP2 crackedd version, til now seems to work nicely but i have a few bugs to fix ^^

Edit

i found the address you were talking about!

DoInfect: 00476b90
SetVirusUL: 00476ea0

now only put RET on these functions and this dissease is ended o.O! but ill keep working on DELAY these functions, so i dont have to end the "funny part" of being infected xD

edit

even if i put RET in SetVirusUL dont work o.o" seems to have something wrong... it crashes game... ill try nil all the function and see what i can do >.>