Topic: Hex Editing of Starfleet executables  (Read 211356 times)

0 Members and 3 Guests are viewing this topic.

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3007
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #280 on: February 06, 2015, 05:03:22 pm »
Just a quick question for everyone, has anyone tried Hex-Rays plugin for IDA.  Supposedly this can make the code a little more readable or convert it into some type of C code.  I just stumbled across this as I was looking into IDA, but don't know much about it so I thought I'd ask.

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3007
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #281 on: February 06, 2015, 06:32:35 pm »
I GIVE UP :crazy2:

No different phasers other than what we already got. Moving along...

Ty for trying ;)

It's probably hard to find because I suspect that all phasers use the same subroutines.  The only difference I can see is beam characteristics and damage charts and/or special damage to engines and such.  I think if you found that chart(s) you will find how things work.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #282 on: February 07, 2015, 04:05:12 am »
Photon range functions are modifiable. They'll go into the next patch.

Maximums for OL, Normal, Proximity, and Fighter
Minimums for Normal and Proximity

After doing a few battles, the minimum range for standard Photons (0 to 1.99) does not benefit the conventional game. You theoretically could discharge 1/2 of a battery to create a 9-point OL warhead and thereby gain that critical 100% base accuracy bracket. The two points of feedback in SFC are a significant penalty.

The AI, of course, doesn't benefit from a restriction.

But in an unconventional mod, a PPD-like blind zone or larger could spread out the combat. Range-zero alpha strikes are powerful but not particularly intriguing.

Isolated the Disruptor feedback range and damage variables. They'll go in, too.
« Last Edit: February 07, 2015, 11:06:01 pm by TarMinyatur »

Offline JanB

  • Lt. Junior Grade
  • *
  • Posts: 103
Re: Hex Editing of Starfleet executables
« Reply #283 on: February 07, 2015, 04:15:31 am »
Adam, the way things work with stuff that doesn't get referenced directly is as follows. Some location above the stuff in question gets referenced by a function and then the function starts counting from there. That's how the fx1 texture for phasers gets referenced.

I'll take a look at hex rays as soon as I have time.

Tar, you once said that the pi values are filler but I believe some of them handle the rotation of torpedoes (I found one near a value that determines the visual size of torpedoes).

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3007
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #284 on: February 07, 2015, 07:56:55 am »
.data:00C69F20 ; struct _OSVERSIONINFOA VersionInformation
.data:00C69F20 VersionInformation _OSVERSIONINFOA <?>  ; DATA XREF: sub_6996E0+3w
.data:00C69F20                                         ; sub_6996E0+Do ...
.data:00C69FB4 ; int X
.data:00C69FB4 X               dd ?                    ; DATA XREF: sub_6997C0+1E9w
.data:00C69FB4                                         ; sub_6997C0+21Fr ...
.data:00C69FB8 dword_C69FB8    dd ?                    ; DATA XREF: sub_6997C0+219w
.data:00C69FB8                                         ; sub_69A4C0+215w
.data:00C69FBC ; int nHeight
.data:00C69FBC nHeight         dd ?                    ; DATA XREF: sub_6997C0+1DEw
.data:00C69FBC                                         ; sub_6997C0+203r ...
.data:00C69FC0 dword_C69FC0    dd ?                    ; DATA XREF: sub_6997C0+164w
.data:00C69FC0                                         ; sub_6997C0+190r ...
.data:00C69FC4 ; HMENU hMenu
.data:00C69FC4 hMenu           dd ?                    ; DATA XREF: sub_6997C0+1ACw
.data:00C69FC4                                         ; sub_6997C0+1FBr ...
.data:00C69FC8 dword_C69FC8    dd ?                    ; DATA XREF: sub_6997C0+170w
.data:00C69FC8                                         ; sub_6997C0+196r ...
.data:00C69FCC ; int nWidth
.data:00C69FCC nWidth          dd ?                    ; DATA XREF: sub_6997C0+1D4w
.data:00C69FCC                                         ; sub_6997C0+20Ar ...
.data:00C69FD0 dword_C69FD0    dd ?                    ; DATA XREF: sub_6997C0+2FCr
.data:00C69FD0                                         ; sub_699B30+29w ...
.data:00C69FD4 ; HWND dword_C69FD4

As a whole a lot of variables are being declared here but I still don't see a whole lot going on.  A few things that did interest me in the section above, one of them is "struct _OSVERSIONINFOA VersionInformation".  If my guess is correct this Procedure is checking to Operating System that the program is installed on.  The next two things I noticed were "nHeight" and "nWidth".  This may (??!?) be asking the screen size of the monitor (1024 x 768 etc).  I could be way off but those two things I listed make me think I'm on the right track.  One other thing I noticed was "hMenu".  I'm racking my brain right now trying to figure out what that might stand for either in game or in the OS and I'm coming up blank.  Anyone have any ideas here?  Almost forgot, one last observation I have is that when I see INT on the screen it is always in the comment section and doesn't have a hex value after it.  I'm having trouble with that one as well.


Quote
.data:00C69FE8 ; DWORD dwStyle
.data:00C69FE8 dwStyle         dd ?                    ; DATA XREF: sub_6997C0+180w
.data:00C69FE8                                         ; sub_6997C0+1A6r ...
.data:00C69FEC ; HHOOK hhk
.data:00C69FEC hhk             dd ?                    ; DATA XREF: fn+5Fr

HHOOK and hhk, why do I think Hydran here, probably totally unrelated.  Defined as 4 byte variables...


[/quote]
.data:00C69FF9                 db    ? ;
.data:00C69FFA                 db    ? ;
.data:00C69FFB                 db    ? ;
.data:00C69FFC                 db    ? ;
.data:00C69FFD                 db    ? ;
.data:00C69FFE                 db    ? ;
.data:00C69FFF                 db    ? ;
.data:00C6A000 flt_C6A000      dd ?                    ; DATA XREF: .text:0069AEC2w
.data:00C6A004 flt_C6A004      dd ?                    ; DATA XREF: sub_507AEA+E2r
.data:00C6A004                                         ; sub_511643+197r ...
[/quote]

So someone wanted to define text with seven characters in it.  Two other variables defined with four bytes each from the looks of things.  One last thing I noticed a lot of extra characters in the code that was quoted, looks like boxes with little numbers in them.  Is there extra code that we can't see.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #285 on: February 07, 2015, 02:58:26 pm »
Tar, you once said that the pi values are filler but I believe some of them handle the rotation of torpedoes (I found one near a value that determines the visual size of torpedoes).
I have found exactly two pi that are indeed linked to functions. The other 300 or so must be intentional filler, which has made the addition of new variables practical. As of yet, I've not noticed any side-effects from employing those bytes devoted to isolated 3.14's, nor do I expect to.

I too found a value that determines the size of Photon Torpedoes. If greatly increased, they look like space moths, fluttering their wings.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #286 on: February 07, 2015, 03:42:35 pm »
Quote
...one of them is "struct _OSVERSIONINFOA VersionInformation".  If my guess is correct this Procedure is checking to Operating System that the program is installed on.  The next two things I noticed were "nHeight" and "nWidth".  This may (??!?) be asking the screen size of the monitor (1024 x 768 etc).  I could be way off but those two things I listed make me think I'm on the right track.  One other thing I noticed was "hMenu".  I'm racking my brain right now trying to figure out what that might stand for either in game or in the OS and I'm coming up blank.  Anyone have any ideas here?  Almost forgot, one last observation I have is that when I see INT on the screen it is always in the comment section and doesn't have a hex value after it.  I'm having trouble with that one as well.

IDA is guessing about the terms used by the higher-level language that originally composed starfleet.exe. When it analyzes a function in Orion Pirates, it suggests by way of comments, the types that were used as arguments passed to functions. For example:

C++
int getPhotonDamage(int range);

The first "int" determines what the function, getPhotonDamage(), gives you when it's finished -- an integer. The second "int" defines the type of argument it will accept. In this case, another integer. If we try to use a 1-byte character as an argument, the function will not work properly and it might cause StarfleetOP.exe to crash. If we use a 4-byte float, the function will not provide the expected information because 41 00 00 00 (8.0f) is not the same as 08 00 00 00 (plain old 8).

"struct" is a structure, more-or-less a way to efficiently associate several variables (properties) with one item. Such as box.width, box.height, box.length. Box is the item, while width, height, length are its properties.

"nWidth" is an example of a variable that stores a countable quantity n, in this case probably pixels.

"hMenu" Hmm, maybe it's a hook.  I'm not familiar with hooks in software, but that term can be related to getting input from a device, like the keyboard.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #287 on: February 07, 2015, 04:17:32 pm »
Quote from: Captain Adam
What exactly are you proposing then for the next CE patch particular with the Photon/HBs?
You'll have the option to enforce a minimum range on the standard Photon, such that its range is 2.0 to 30.1. You'll have the option to adjust the range limits on Proximities and Overloads. Defaults will be 9.0 to 30.9 and 0 to 8.9, respectively.

The AI's performance might be improved if Proxies could be fired at range 5.0 to 8.9 and standard Photons couldn't be fired beyond 12.9. But those decisions aren't mine to make.

Hellbores won't be any different.

Warp Tacs will occur at a ship's speed of 3 (instead of 4) so that a WW won't be unintentionally voided in multiplayer. Since less energy is expended (3 instead of 4 for a CA), the turn rate will be reduced by 25%. I very much appreciate Warp Tacs when my ship is in a minefield.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #288 on: February 07, 2015, 04:45:42 pm »
Quote from: Captain Adam

What do I search for in orion pirates for the size of photons. And is it possible to make the PhoF micro torpedo size to reflect that they do in fact belong to shuttles and fighters.
Do you think the PhoF/Phot and PhoH all share the same size variable.
Tar, is it possible to find the phaser coding for the colors or do you think it's a dead end.
There is a 5.0f that determines the radius of all Photons Torpedoes. I don't know how to give the fighter a micro torpedo.
The code has a class, somewhere, called something like Photon. One of its properties is 3D size. If a fighter fires a PhoF, it inherits certain class variables, such as 3D size and sound effect. It does, as a subclass, use its own variables for range and damage. Changing the classes and subclasses via HexEdit is impossible with my current knowledge.

Adam, I applaud your effort to give Phasers custom colors. I suggest you let that idea rest for a little while. Perhaps while you're experimenting with other things, you'll come across some info that determines color associations.

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3007
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #289 on: February 07, 2015, 07:47:28 pm »
Thanks Tar, I was so focused in the Assembler code that I didn't even think about it referring to declaring a integer in C.  If I have time tomorrow I'll look up what I can about hooks.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #290 on: February 07, 2015, 11:02:42 pm »
Sounds great. Do you have the location in SFC2OP so that I may make adjustments to my photons and HBs  ;D

No, but I do have this info from CE:

.rdata:00A61EA0 flt_A61EA0      dd 5.0                  ; DATA XREF: sub_59E140+E5
.rdata:00A61EB0 aAssetsTextu_73 db 'assets/textures/photons-2.bmp',0

There should be a similar bitmap in OP. That 5.0f should determine the size.


Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #291 on: February 09, 2015, 12:12:49 am »
Following the scanner's references led me to a cloak formula for effective range.

In 2.672, I'm thinking of changing the formula. It has been EffectiveRange = (TrueRange*2)+5 for more than 14 years. EAW's cloak has, at times, been called the croaking device.

The cloak in Orion Pirates, on the other hand, can be highly protective because it can reduce incoming direct-fire damage by 50% or 75%. The damage is based on effective range for hit-or-miss weapons, never true range, for another 40% benefit (except vs Photons, which don't degrade).

In OP, a Disruptor fired at a cloaked vessel from range 1.9 uses the range 5-8 bracket for accuracy and damage. OP's cloak chart establishes an equal chance of doing 3, 1, or 0 damage if it hits. The average damage is a terrifying 0.89. In EAW/CE the average is 2.

But it is essentiallly the Phaser-1 which makes the cloaking device a death trap in EAW/CE. Its average damage is 3.5 at a true range of up to 0.4. So a ship with, let's say, 6 Ph-1's can do about 20 damage to a cloaker on each high-speed pass. There's no great need to ram its own mines, although it can do that too for a flash bonus.

In OP, the Ph-1 does an average of 1.83, which is about half (52%) of the damage of its counterpart in EAW/CE. Some players have said that this feels just about right to them.

I think a change from (Range*2)+5 to (Range*2)+6 is an excellent way to improve the cloak in CE without any significant side effects.

The Ph-1 would use, at best, the range 6-8 bracket for an average damage of 2.17. I'm testing this now...

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3007
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #292 on: February 09, 2015, 01:02:22 am »

IDA is guessing about the terms used by the higher-level language that originally composed starfleet.exe. When it analyzes a function in Orion Pirates, it suggests by way of comments, the types that were used as arguments passed to functions. For example:

C++
int getPhotonDamage(int range);

The first "int" determines what the function, getPhotonDamage(), gives you when it's finished -- an integer. The second "int" defines the type of argument it will accept. In this case, another integer. If we try to use a 1-byte character as an argument, the function will not work properly and it might cause StarfleetOP.exe to crash. If we use a 4-byte float, the function will not provide the expected information because 41 00 00 00 (8.0f) is not the same as 08 00 00 00 (plain old 8).

"struct" is a structure, more-or-less a way to efficiently associate several variables (properties) with one item. Such as box.width, box.height, box.length. Box is the item, while width, height, length are its properties.

"nWidth" is an example of a variable that stores a countable quantity n, in this case probably pixels.

"hMenu" Hmm, maybe it's a hook.  I'm not familiar with hooks in software, but that term can be related to getting input from a device, like the keyboard.


I researched "struct _OSVERSIONINFOA VersionInformation" the first thing that popped up was this: 

https://msdn.microsoft.com/en-us/library/windows/desktop/ms724834%28v=vs.85%29.aspx

"Contains operating system version information. The information includes major and minor version numbers, a build number, a platform identifier, and descriptive text about the operating system. This structure is used with the GetVersionEx function."

So I may have been on the right track after all.  When I looked up hooks I found this as well from Wikipedia of all places:

http://en.wikipedia.org/wiki/Hooking

"In computer programming, the term hooking covers a range of techniques used to alter or augment the behavior of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components[disambiguation needed]. Code that handles such intercepted function calls, events or messages is called a "hook".

Hooking is used for many purposes, including debugging and extending functionality. Examples might include intercepting keyboard or mouse event messages before they reach an application, or intercepting operating system calls in order to monitor behavior or modify the function of an application or other component. It is also widely used in benchmarking programs, for example frame rate measuring in 3D games, where the output and input is done through hooking."

If this is the case with SFC.exe then why?  Maybe this is a debug code that was no longer used and commented out but then we would have seen it commented.  Is there anything like this in the source code in EAW?
« Last Edit: February 09, 2015, 07:05:12 am by Javora »

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #293 on: February 09, 2015, 02:07:07 pm »
OP's Cloak range formula function can be found at text:00438522 sub_438522

It has a switch with 5 cases: 50.0d, 40.0d, 30.0d, 20.0d, 10.0d

Those values are added to the cloaking vessel's effective range as the device deactivates (or activates) over approximately 5 seconds.

That function loads the maximum value, 50.0d, from rdata:0079A140 dbl_79A140.

But that 50.0d is shared with 3 other functions. So it needs to be isolated. One of those 3 other functions may be the maximum transporter range, in fact.

There's a free pi right below at rdata:0079A150       dq 3.141592653589793

Remember that these are 8-byte doubles, not common 4-byte floats. So you can fit one double variable in that double pi.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #294 on: February 09, 2015, 02:32:03 pm »
Another thing I'd like verified is the OP cloak seeking weapon damage reduction chart. Dave said it was "SFB specs", but I had to assume that. We would need the % damage reductions for tractored and non-tractored ships.

It'll look something like this and when found SFC-CE/EAW can be brought up to specs:


_Cloaked Ship Status_ _Chance of Normal Damage_ _Chance of 1/2 Damage_ _Chance of 1/4 Damage_
 
 
     Non-Tractored                     33.3%                                       33.3%                               33.3%
 
 
 
       Tractored                           66.7%                                       33.3%                                  0%

Found the function in OP today. Hidden in plain sight. Its associated string is tCloakSystem::mDetermineCloakSeekingWeaponDamageModifier

d6  |  Multiplier
-------------------
1   |   1.0
2   |   1.0
3   |   0.5
4   |   0.5
5   |   0.25
6   |   0.25
7   |   0.0 (I don't know if this value is ever used. It could be there to handle unexpected values.)

There is probably another function for ships that are tractored. I don't see a subtraction of 2 from the die roll in this one, but that -2 would do it, resulting in a 33% chance of half damage.
« Last Edit: February 10, 2015, 03:01:28 am by TarMinyatur »

Offline Corbomite

  • Commander
  • *
  • Posts: 2939
Re: Hex Editing of Starfleet executables
« Reply #295 on: February 09, 2015, 02:45:13 pm »
Good find. They may not have bothered with the tractor table, but keep looking.

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #296 on: February 09, 2015, 02:55:36 pm »
EffectiveRange = (TrueRange*2)+5

That's the location of the example you previously gave?
Yes.

Here's the doubling of range: text:0043857A                 fadd    st, st

The "fadd" means add the range stored in the "st" register to itself. In other words, multiply by two. This would be tricky to modify however. There's no room to put in a larger instruction, like fmul. The fadd only uses two bytes. OP's code is, unfortunately for us, tight.

The 50.0d in my previous example is added to the doubled or non-doubled range. If you increased it to 90.0d, a cloaked ship would be incredibly resistant to damage. You'd have to flash it with a mine to do substantial damage, except for Ph-4s and good-luck Photons.


Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #297 on: February 09, 2015, 03:03:27 pm »
Good find. They may not have bothered with the tractor table, but keep looking.
Easy to test in that almost forgotten thing called multiplayer. If a Range-1 Plasma-F ever does 5 damage, then your suggestion is correct.

Offline RazalYllib

  • Imperial Romulan Information Service-senior advisor
  • Lt.
  • *
  • Posts: 784
  • Gender: Male
    • IRIS
Re: Hex Editing of Starfleet executables
« Reply #298 on: February 09, 2015, 09:18:59 pm »
All this wonderful stuff you peeps have unearthed has me intrigued, the fire vs cloaked ship table (in OP only) was hiding in plain sight.

With all this focus on the client, has anyone thought of applying the same kind of endeavor to the server kit?

Who knows what magic could be retro-fitted.
Comes a time when the blind man takes your hand
Says "don't you see?"
Gotta make it somehow
On the dreams you still believe
Don't give it up
You got an empty cup
Only love can fill
Only love can fill

Offline TarMinyatur

  • Lt.
  • *
  • Posts: 938
  • Gender: Male
Re: Hex Editing of Starfleet executables
« Reply #299 on: February 09, 2015, 10:56:06 pm »
The Dynaverse-related stuff seems to be full of references that go nowhere other than to useless descriptions. If someone wants to dive into that aspect of the game, that would be great.

Today I tried for 3 hours to find the function that discriminates between Nuclear Space Mines and regular t-bombs, and assigns the appropriate damage. It should be an easy thing to find, but it hasn't been. There should be a function with a fork to a 10 or a 35 and a reference to the words "mine" or "transporter bomb". I did find the one that prints the NSM detonation message, but that has no link to damage.

Progress is made one byte at a time.

Edit: I found the t-bomb cursor limit. Once that is increased, another variable can be adjusted for a very long-range t-bomb attack. This doesn't affect hit & run raids, which is controlled separately. So you can have Range-3 Hit&Runs and Range-8 t-bomb attacks if you so choose or vice versa. You can also adjust the distance from the minelayer at which a mine/t-bomb becomes hot. Look for 2.672 tomorrow.
« Last Edit: February 10, 2015, 02:59:42 am by TarMinyatur »