TDW mentioned this method in sh3 section for using new water shaders in sh3. He said, he believes the shaders are called through the sh3.exe - so if one manages to dig into this exe file, he could reach a fundamental breakthrough in modding sh3.

:shucks:

I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

:hmmm:

TDW also mentioned, if more people here would have the knowledge about software reverse engineering, we could mod the game to our needs, as nearly EVERYTHING seems to be possible.

:up:

AND...Please leave any of this bothering policy statements about licenses, forbidden things and all this unneccessary, boring and unuseful things, that made some of our great modders already leave the boat. There is simply nothing to fear, as long, as no one claims you to stop your work. By the way...the SH-Series is dead, so theres nothing to come, if we are not creating it.

:arrgh!:

Quote: I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

This is illegal, regardless of your opinion. It is also morally wrong, just as pirating copies of discs and hacking.

Quote: I do not know anything about this, but would love to learn more. The topic is totally new for me, as for many others here as well. Could the people who have experience in this, post their knowledge and share it to all of us?

This is illegal, regardless of your opinion. It is also morally wrong, just as pirating copies of discs and hacking.

That's an incorrect statement. The process of RE is legal as long as one does not redistribute the copyrighted software with changes. Your big name anti-virus companies, the government (US), and many large corporations use RE to learn how to use others software or to discover 'hidden' features not documented from the software manufacturer (anti-virus companies use it to learn how the virus, worm, etc. works and/or transmits itself). If this was really illegal then the US government and anti-virus companies would have thousands, if not millions, of lawsuits filed against them (not to mention those who made the virus, worm, etc. could file lawsuits against those who used RE to mitigate their creation).
Let me cite one example of RE that benefited everyone. Microsoft's Word format was a 'closed' format that only Microsoft's Word could read/create. Third party companies used RE to figure out the word format and they created software that could read/write the word format. Did you see Microsoft filing any lawsuits on this? No. There was nothing they could do about it because those third party companies created their own unique software that didn't use any of Microsoft's libraries or modules. Who was the winner in this? Everyone.
Check your local Borders, Amazon.com, etc. to see what they offer book wise on the subject. You'll see there are MANY books on it. They are EXCELLENT reading for those that have an interest in learning. Sadly the average person's knowledge in RE dwindles every day because of 'false fear' everyone tries to raise about it. Companies/corporations try to instill this 'fear' as a scare tactic and sadly it works on the majority of people.
The best defense is knowing the ways/tactics of your potential attacker/foe :up:

Well I've been trying to delve into this Reverse Engineering - since TDW mentioned ollydbg. Wow its complex stuff.
But I've managed to track down the stadimeter bug - locations in memorry.
I've managed to find the Base Address for the Stadimeter Range, that is the one that is linked to Sh5 memory address on loading and so is available always.
And also both of the Offset routes the stadimeter uses for that value (These use RVA address so change every time on game load - but I have the Base address and offsets).

Now of the 2 routes one is the Correct value and one is the bugged 20M value.

So I can see in the Bugged one.
That SH5 gets the range when using the stadimeter but on mouse release does not change to relflect the mast height - this value is then displayed in the XO Dialogue.

Now the working value.
Sh5 gets the range when using the stadimeter but on mouse release does update the Range to reflect the correct mast height.
(I also noticed that when I click The Stadimeter Fix icon from my Mod it - updates the incorrect value to the correct value - So this 100% confirms my fix is correct, But it would be great to fix the Stock Stadimeter bug in code.)
But the XO Dialogue does not update this value. So the correct value is never used by SH5 just sits in memory - This is most likely SH4 code :hmmm:


Now as my programming skills are very little - I do not know how to redirect the value from the Base Address of the correct value into the pointer of the incorrect value (That SH5 is using).
Don't know how to use Assembly to do the code inject or whatever is nedded to achieve this.


TDW any ideas on how this can be done :03:
I can give you the address for the relevant data, but would like to learn how to do this also - by tutorial or whatever means :up:

Well I've been trying to delve into this Reverse Engineering - since TDW mentioned ollydbg. Wow its complex stuff.
But I've managed to track down the stadimeter bug - locations in memorry.
I've managed to find the Base Address for the Stadimeter Range, that is the one that is linked to Sh5 memory address on loading and so is available always.
And also both of the Offset routes the stadimeter uses for that value (These use RVA address so change every time on game load - but I have the Base address and offsets).

Now of the 2 routes one is the Correct value and one is the bugged 20M value.

So I can see in the Bugged one.
That SH5 gets the range when using the stadimeter but on mouse release does not change to relflect the mast height - this value is then displayed in the XO Dialogue.

Now the working value.
Sh5 gets the range when using the stadimeter but on mouse release does update the Range to reflect the correct mast height.
(I also noticed that when I click The Stadimeter Fix icon from my Mod it - updates the incorrect value to the correct value - So this 100% confirms my fix is correct, But it would be great to fix the Stock Stadimeter bug in code.)
But the XO Dialogue does not update this value. So the correct value is never used by SH5 just sits in memory - This is most likely SH4 code :hmmm:


Now as my programming skills are very little - I do not know how to redirect the value from the Base Address of the correct value into the pointer of the incorrect value (That SH5 is using).
Don't know how to use Assembly to do the code inject or whatever is nedded to achieve this.


TDW any ideas on how this can be done :03:
I can give you the address for the relevant data, but would like to learn how to do this also - by tutorial or whatever means :up:

tell me what the addresses (RVAs) are and I'll view them ingame and tell you how :up: I have to see if they are pointers to pointers or are the actual memory being used or if the memory is actually a stack address (temp variable) which then I'll have to track down when that value got pushed onto the stack so I can find it's true memory address.

tell me what the addresses (RVAs) are and I'll view them ingame and tell you how :up: I have to see if they are pointers to pointers or are the actual memory being used or if the memory is actually a stack address (temp variable) which then I'll have to track down when that value got pushed onto the stack so I can find it's true memory address.


These are the Addresses i found

SH5.exe+47D740 (This gave me a Base Address of 005ED740 with my game)
Sh5.exe Process was at 000014B0.

second one had a Base Address of 005EE290

Hope I've done it right and found the static ones and not false pointers.

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/NF-Boat_HAHD-1/Stadimeter.jpg

Yes, the question is twofold. When thinking sensibly, in this case, no immorality and illegality there. Indeed, the only benefit that we derive from reverse-engineering is the only higher quality game:yep:. Ie. Exe cracked for improving the program, which has already purchased. Discussions on how to turn off DRM is not being conducted:D.
But it could conceivably come to the ridiculous: in 2006 in Russia happened is that (probably Russia and abroad, the case made a splash):know:: the headmaster had bought for school computers, which had been pre-installed pirated windows. The prosecutor's office seized the director of a stranglehold with a determination to defend the interests of Microsoft. Investigators were trying to close the deal "In the absence of a guilty person," and Bill Gates understand the situation refused to support a lawsuit against the director:know:. Persistence prosecution is simply amazing. The first time it stopped "in connection with minor damage" but the prosecution insisted on a new consideration, the court did not want to sit for a long time Director awarded 5000 rub. (~ $ 180) against the alleged 262,000 rubles. (~ 9500 $)

I am confident of the correctness of TheDarkWraith - who no matter how he knows all the pitfalls in this process.:up:

@ Obelix - interestingly I learned the majority of my 'specialized' skills from you Russians :cool: You all have people that blow me away with their RE skills and what they can do with software :yep: No matter how many books I read on the subject I'm always two steps behind you all :damn:

@ Reaper7 - I'll look into those addresses tonight :up: It's nice to see someone taking interest into RE. Let me warn you though that once you start down this path you'll probably never stop :D If you like puzzles and things that make you think then this will suit you well :yep: For me it's the whole challenge thing, the let's see if I can make it do this or that.....A great book on the subject is Hacking 2nd Edition - The Art of Exploitation by Jon Erickson. This book is more of an intermediate's book. A good beginner's book is Reversing - Secrets of Reverse Engineering by Elded Eilam :up: After some years of this you'll see just how 'bad' windows is. It still amazes me how easy it is to take control of any process running on any computer running Windows :nope:

EDIT:
@ Reaper7 - not sure how you found that address....were you using Olly Debug? If so, what was the base address, size, and entry point of your SH5.exe?

...- interestingly I learned the majority of my 'specialized' skills from you Russians...
:haha: maybe... but I also noticed the familiar words of Jeffrey Richter from his famous book Programming Applications for Microsoft Windows... in your famous thread... :03:

Where does one start on such a vast topic?

If you read guides about it like 2 sentances in it goes off on one about pointers, assembler, hex, debuggers without actually explaining anything :88) or worse still explaining it with even more specialist terms :doh:

Where does one start on such a vast topic?

If you read guides about it like 2 sentances in it goes off on one about pointers, assembler, hex, debuggers without actually explaining anything :88) or worse still explaining it with even more specialist terms :doh:

I agree. Many of us did not grow up with computers, and have only learned how to use them with some difficulty. Not everyone is an expert.

any constructive additions?

@tdw
i know there are books. i also know there is something called internet, which has even more sources. but as you might understand, i am not willed to spend my rare time in searching through all this complex stuff, just to change some things in a games "exe". maybe reasonable. i dont want to be an expert in RE some time in future. i am a designer and coding, hex editing and all this dry, complex logic stuff with numbers is heating up my brain to an unstandable level. beside this, i simply do not have the time to dig as deep into this topic, as you want me to do.

so i ask here, so people might post their experiences and helpful tutorials.

@ Reaper7 - not sure how you found that address....were you using Olly Debug? If so, what was the base address, size, and entry point of your SH5.exe?

Redid the entries to show all the Information I could. Values have changed due to sh5.exe using different loading memory location.

But hopefully all the relevant info is here to get the Stadimeter.


In the Following Pic You can see the Base, Size and Module name thats loaded for SH5.
I'm using Cheat Engine 6.1 to find my addresses and pointers within the sh5.exe code and memory thats used.

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/Stadi3.jpg

Also took 2 more pics to show whats happening with regards the Stadimeter and the 2 pointer branches that are used.

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/Stadi1.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/Stadi2.jpg


There are a total of 16 addresses that hold the stadimeter values (Both SH5 and Sh4) of these 2 are writeable the rest read only.
I only worked with these 2 to bac track thru all the pointers to get to the Base Address (Cheat Engine shows this value as green to show its a static address).

One thing I noticed that both code sets used are very similar except for the offsets used in the last pointers code for both.

One has its offset at 00000084 the other at 00000094 as can be seen in the Memory viewer in first pic - maybe this is the problem :hmmm:

Hope that this info is good to get you going TDW :up:


EDIT: Still not Sure this is the Base Address - Need to find how to do this in Ollydbg

Here is the Op, Assembly code you can search for - maybe that will help to find it
00412FF5 - F3 0F11 81 84000000 - movss [ecx+00000084],xmm0

Yes, I got it working - gave up on cheat Engine and went back to Ollydbg

Found the Memeory address via TSearch and added breakpoint on memory access to find whats writing to it.

Found the same commands I had found in Cheat Engine.

But was able to see the jumps and run routine in Olly. Could see the The offset 84 line was being jumped over to the offset 94 line.
So Manually edited the line to change the offset from 94 to 84 for both the original address and the one calling it. :up:

What do you know it works. Now just need to figure out how to add the fix or maybe you could add it to your Reverse Engineer Patch file TDW :up:

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix1.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix2.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix3.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix4.jpg


:woot::woot::woot::woot:


Next on the List has to be the Reset to Zero Bug.

Yes, I got it working - gave up on cheat Engine and went back to Ollydbg

Found the Memeory address via TSearch and added breakpoint on memory access to find whats writing to it.

Found the same commands I had found in Cheat Engine.

But was able to see the jumps and run routine in Olly. Could see the The offset 84 line was being jumped over to the offset 94 line.
So Manually edited the line to change the offset from 94 to 84 for both the original address and the one calling it. :up:

What do you know it works. Now just need to figure out how to add the fix or maybe you could add it to your Reverse Engineer Patch file TDW :up:

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix1.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix2.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix3.jpg

http://i1183.photobucket.com/albums/x477/U-Boot_HAHD/Reverse%20Engineer/StadiFix4.jpg


:woot::woot::woot::woot:


Next on the List has to be the Reset to Zero Bug.

Congratulations reaper7 :woot::yeah::up::rock:

Now it is still getting more and more interessting....i think i should also keep an eye on cheat Engine and Ollydbg.

Keep on your good working...

Best Regard and Wishes

DrJones

Good work Reaper7:yeah: :woot::woot:

Congratulations reaper7 :woot::yeah::up::rock:

Now it is still getting more and more interessting....i think i should also keep an eye on cheat Engine and Ollydbg.

Keep on your good working...

Best Regard and Wishes

DrJones


This only proves it works - still need to figure how to make the patch or else TDW can add to his current patches.
But its working with ollydbg attached to the Sh5 Process. So I'm sure its a simple thing to make the permanent edits to a patch :up:

really great news, reaper!

:rock:

Good work, reaper!:up::rock:

What if I have an incorrect spelling of pi? In sh5.exe pi to seven decimal places contains errors. Total uses 15 decimals.:06:

This only proves it works - still need to figure how to make the patch or else TDW can add to his current patches.
But its working with ollydbg attached to the Sh5 Process. So I'm sure its a simple thing to make the permanent edits to a patch :up:

My auto patcher uses patch files. Just create a patch file with your change :up:

maybe this whole topic is starting to get very interesting....

:hmmm:

smells like endless possibilities...does it?

maybe this whole topic is starting to get very interesting....

:hmmm:

smells like endless possibilities...does it?


Of Course...Maybe there is a need to have some support using the tools :DL

yap, i think so. this is why i started this thread ;)

So, when will PT, DD, CL and CV shot their torpedoes to surfaced uboats?
:03:

Well I had a patch all made up, and decided to test the Mod after applying the Patch.

Hmmm, the stadimeter worked ok, but going to the other dials it looks like there's some unwanted side effects.
The Range Dial no longer turns and the reset to zero bug is more obvious now.

I've done some digging and noticed that the Memory address that I was using for the fix is also being used by not only Range - But AOB, Target Speed and Bearing.

So that explains the Reset to Zero Bug - All these dials are sharing the same Address's to store the value before updating the final value for the relevant dial.

So for example If i set my range its stored in this address, now if I change to AOB it resets to zero (Because the AOB is currently set at 0 degrees so that value is moved to the address) Overwriting the one for range that was stored there.

This was very sloppy programming on behalf of the Devs - Why not give ever dial its own address for storing the temp values - like every other game out there. :nope:
Its not like a couple of dials each using a float space in memory is going to amount to much memory maybe 20Bits (160Bytes) in total. Especially when some of the dials have multiple copies of the same value stored in different addresses - where only one is needed - Bad management of the memory.

Looks like this is going to take more than changing the offesets due to the shared address Issue. :wah:

SOUND!

Sound is what needs to be fixed.

We have only ONE stinking internal ambient sound for the submarine. Doesn't matter if you're surfaced, submerged, silent running or what not, the same ambient sound is played.

Now, as a sound editor myself, I could do us WONDERS if we could patch the exe in order to include a function calling different ambient sounds for different situations of the uboat.

I don't know squat about RE, my skills lies elsewhere. But teamwork wins right?

I've done some digging and noticed that the Memory address that I was using for the fix is also being used by not only Range - But AOB, Target Speed and Bearing.

So that explains the Reset to Zero Bug - All these dials are sharing the same Address's to store the value before updating the final value for the relevant dial.

So for example If i set my range its stored in this address, now if I change to AOB it resets to zero (Because the AOB is currently set at 0 degrees so that value is moved to the address) Overwriting the one for range that was stored there.


:woot:Fantastic find reaper :woot:

Hope you can fix it:yeah:

Well I had a patch all made up, and decided to test the Mod after applying the Patch.

Hmmm, the stadimeter worked ok, but going to the other dials it looks like there's some unwanted side effects.
The Range Dial no longer turns and the reset to zero bug is more obvious now.

I've done some digging and noticed that the Memory address that I was using for the fix is also being used by not only Range - But AOB, Target Speed and Bearing.

So that explains the Reset to Zero Bug - All these dials are sharing the same Address's to store the value before updating the final value for the relevant dial.

So for example If i set my range its stored in this address, now if I change to AOB it resets to zero (Because the AOB is currently set at 0 degrees so that value is moved to the address) Overwriting the one for range that was stored there.

This was very sloppy programming on behalf of the Devs - Why not give ever dial its own address for storing the temp values - like every other game out there. :nope:
Its not like a coiple of dials each using a float space in memory is going to amount to much memory maybe 20Bits (80Bytes) in total. Especially when some of the dials have multiple copies of the same value stored in different addresses - where only one is needed - Bad management of the memory.

Looks like this is going to take more than changing the offesets due to the shared address Issue. :wah:

yes, this find prooves the devs where under an extreme pressure of time and the programming is not the state of art over there in romania. what a shame...to present a full price game at this unfinished and unprofessionally coded state to us...

:nope:

what would we do without people like you, that got the skills to change all these crappy and unfinished delivered things...

i have a lot of respect for people like you and tdw.

:yep:

yes, this find prooves the devs where under an extreme pressure of time and the programming is not the state of art over there in romania. what a shame...to present a full price game at this unfinished and unprofessionally coded state to us...

:nope:

what would we do without people like you, that got the skills to change all these crappy and unfinished delivered things...

i have a lot of respect for people like you and tdw.

:yep:

Cheers Mate, I wish I had the skills. Only just getting the Basic on how code works. Never did Assembly or reverse engineering before.
Only going on the few youtube tutorials I've found on pointers and addresses.
So not even sure I can figure out how to circumvent the current code.
Most likely going to take some new assembly code injected into the exe (Via patch) to reroute the current dials to individual memory locations for temp before routing them to there final value locations :hmmm:.

thougt of the same thing. address a whole new area of memory for that, if it is possible. but this was only a thought as to the note of tdw, that we can inject things and change calls in the exe file. that sound to me, as if we might be able to change nearly every file/shader/library the exe uses or calls.

and in the end: i am a noobnoob. so, just a thought, mate.

anyway, you are doing great work. keep it on. i wish i had the time to learn this stuff. i would definitely change a lot of elemental things!

I've done some digging and noticed that the Memory address that I was using for the fix is also being used by not only Range - But AOB, Target Speed and Bearing.

So that explains the Reset to Zero Bug - All these dials are sharing the same Address's to store the value before updating the final value for the relevant dial.

What this sounds like is the programmer assigned each 'variable' to a temp variable so as to preserve the original variable. When the C++ code was compiled (and compiler optimized it) the compiler usually places temp variables on the stack (instead of the heap). Being that it was optimized the compiler probably decided to use the same address (stack address) for each temp variable (to save memory). This is why you are 'seeing' each variable using the same address. This is very common to see and is one reason why RE is very complicated to 'follow and decipher'. If you want to validate my theory then you'll probably notice that the address used for each 'variable' uses offset addressing to 'find' it's contents (ESI+x where x is the offset amount - and ESI could be any of the general CPU registers [EBX,ECX,ESI,EDI,etc.]). In this example ESI would be an address located on the stack (you can find where the stack is located via Olly Debug - EVERY application has at least one stack but usually they have more than this)

What this sounds like is the programmer assigned each 'variable' to a temp variable so as to preserve the original variable. When the C++ code was compiled (and compiler optimized it) the compiler usually places temp variables on the stack (instead of the heap). Being that it was optimized the compiler probably decided to use the same address (stack address) for each temp variable (to save memory). This is why you are 'seeing' each variable using the same address. This is very common to see and is one reason why RE is very complicated to 'follow and decipher'. If you want to validate my theory then you'll probably notice that the address used for each 'variable' uses offset addressing to 'find' it's contents (ESI+x where x is the offset amount - and ESI could be any of the general CPU registers [EBX,ECX,ESI,EDI,etc.]). In this example ESI would be an address located on the stack (you can find where the stack is located via Olly Debug - EVERY application has at least one stack but usually they have more than this)

LOL, thats exactly whats happening - I had come to the same conclusion.
I went back to Cheat engine this morning and fired up SH3 (As its quicker to load and easier to trace - but basically the same).

I was able to trace the pointer's all back to the same Base Address - and each of the dials is then written to by means of an offset.

Thanks TDW for confirming this :up: It makes much more sense to me now - and not an issue of bad programming as I first thought. Sorry Devs :up:.
Just a Noob jumping to the wrong conclussions :88).

yes, this find prooves the devs where under an extreme pressure of time and the programming is not the state of art over there in romania. what a shame...to present a full price game at this unfinished and unprofessionally coded state to us...

Good thing we have professionals like you who can judge programming skills from incomplete, misinterpreted due to lack of knowledge and probably incorrect statements read on forums.

Good thing we have professionals like you who can judge programming skills from incomplete, misinterpreted due to lack of knowledge and probably incorrect statements read on forums.
yes... you are lucky guys:)

EDIT: you pm box is full

Good thing we have professionals like you who can judge programming skills from incomplete, misinterpreted due to lack of knowledge and probably incorrect statements read on forums.

uhhh. feels like i tread on someones toes here, did i? please address your personal anger to the ones, who are responsable!

even if the code may not be unprofessionally coded, the game is unfinished and so the code is and THIS is unprofessional. thats a fact no one has to study it deeply for. and as you dive deeper into modding, you will find (even like in sh3 and sh4!) unfinished code parts. functions, that have been planned to be added, but never where.

so brother, step off my foot and judge the greasy tie guys from ubi for this piece of crappy software! and i think you will find 1 of 10 here, who was satisfied with this release. blame the ones who caused this...

dude.

Go thru Pinteas posts and see all the things he has helped with .

so brother, step off my foot and judge the greasy tie guys from ubi for this piece of crappy software! and i think you will find 1 of 10 here, who was satisfied with this release. blame the ones who caused this...dude.

So please keep bashing the suits with your complaints.
I was speaking in defense of the programmers and your "unprofessional/bad programming" claims. You have insufficient information/knowledge to be judging "programming skills in Romania".

You have insufficient information/knowledge to be judging "programming skills in Romania".
Knowledge/information on their ability and willingness to work well - it's SH 5 and the "curve" code.

uhhh. feels like i tread on someones toes here, did i? please address your personal anger to the ones, who are responsable!

even if the code may not be unprofessionally coded, the game is unfinished and so the code is and THIS is unprofessional. thats a fact no one has to study it deeply for. and as you dive deeper into modding, you will find (even like in sh3 and sh4!) unfinished code parts. functions, that have been planned to be added, but never where.

so brother, step off my foot and judge the greasy tie guys from ubi for this piece of crappy software! and i think you will find 1 of 10 here, who was satisfied with this release. blame the ones who caused this...

dude.

Pintea has every right to take your criticism personally, if you get my meaning.

Stop side-tracking the topic.

butthurt about someone making claims on bad programming for the game? Well, considering that the stadimeter bug does exist and not just "insufficient information/knowledge"... I would suggest you helping reaper to fix it, instead of complaining that he has no idea wtf he is doing... Especially after he admitted that he was wrong in his judgement.

dixi

Stop side-tracking the topic.

butthurt about someone making claims on bad programming for the game? Well, considering that the stadimeter bug does exist and not just "insufficient information/knowledge"... I would suggest you helping reaper to fix it, instead of complaining that he has no idea wtf he is doing... Especially after he admitted that he was wrong in his judgement.

dixi

Reaper7 has a stadimeter fix in his UI mod (his is a two step process). I have a stadimeter fix in my UIs mod (totally automatic no user input necessary). So stadimeter fixes already exist. What Reaper7 was trying to do was fix the stadimeter problem at the source - in the .exe :yep:

... I would suggest you helping reaper to fix it, instead of complaining that he has no idea wtf he is doing... Especially after he admitted that he was wrong in his judgement.

dixi

I think Pintea was complaining about someone else's statements. Please, read carefully the whole discussion :03:

...blame the ones who caused this...
dude.
lol, he is one of those responsible who caused this:know:

Stop side-tracking the topic.

butthurt about someone making claims on bad programming for the game? Well, considering that the stadimeter bug does exist and not just "insufficient information/knowledge"... I would suggest you helping reaper to fix it, instead of complaining that he has no idea wtf he is doing... Especially after he admitted that he was wrong in his judgement.

dixi
hey mate... like tdw said the problem was fixed... read careful... Pintea not liked the fact that urfisch said that the romanian programers are bad... very strange if i am thinking at his contact bos from ubi Romania:D(or maybe that was just a dream)... in my experience i know that are bad and good people all over the world... not depend by nationality... and like sober said read careful... Pintea helped a lot on this forum

dixi and respect

@urfisch... last time you puted me in a complet fog... with that topic that let's go to work with UBI and after that with this topic where you want to learn new things... and after that you increased the fog with impolite words about people... i saw that you are friend also with elanaiba... i supose you know that he is a romanian programer also ..so he is bad too?.... comme one dude... what is happend to you?... maybe in the future you will need to learn things from the bad people:D... you never know what the life can reserve for you:hmmm:
:o

Reaper7 has a stadimeter fix in his UI mod (his is a two step process). I have a stadimeter fix in my UIs mod (totally automatic no user input necessary). So stadimeter fixes already exist. What Reaper7 was trying to do was fix the stadimeter problem at the source - in the .exe :yep:

Wish we could have a stadimeter fix as stand alone mod. I really hate to use millions of mods, mega mods just to fix a small bug. I like to travel light :P

Reaper7 has a stadimeter fix in his UI mod (his is a two step process). I have a stadimeter fix in my UIs mod (totally automatic no user input necessary). So stadimeter fixes already exist. What Reaper7 was trying to do was fix the stadimeter problem at the source - in the .exe :yep:

I understand that part, I was just mentioning that it does exists without the mods (in the .exe, original game).

=[/B]stoianm]hey mate... like tdw said the problem was fixed... read careful... Pintea not liked the fact that urfisch said that the romanian programers are bad... very strange if i am thinking at his contact bos from ubi Romania:D(or maybe that was just a dream)... in my experience i know that are bad and good people all over the world... not depend by nationality... and like sober said read careful... Pintea helped a lot on this forum

dixi and respect

I also agree there is no need for calling people "bad-programmers" and things alike... No point and uncivil, imo. But that is why I said - let's not track the topic off, as myself and I think many others, are learning from what reaper7 and others are doing and explaining in here.

And if I was unclear about it - my apologies.

I understand that part, I was just mentioning that it does exists without the mods (in the .exe, original game).

=[/B]stoianm]hey mate... like tdw said the problem was fixed... read careful... Pintea not liked the fact that urfisch said that the romanian programers are bad... very strange if i am thinking at his contact bos from ubi Romania:D(or maybe that was just a dream)... in my experience i know that are bad and good people all over the world... not depend by nationality... and like sober said read careful... Pintea helped a lot on this forum

dixi and respect

I also agree there is no need for calling people "bad-programmers" and things alike... No point and uncivil, imo. But that is why I said - let's not track the topic off, as myself and I think many others, are learning from what reaper7 and others are doing and explaining in here.

And if I was unclear about it - my apologies.
is ok:up:... i was just angry because that out of topic like ''romanian programers sucks'' - the fact that Obelix liked this i understand because he is rusian (is a joke of cource)... what i do not understand is urfisch:hmmm:

is ok:up:... i was just angry because that out of topic like ''romanian programers sucks'' - the fact that Obelix liked this i understand because he is rusian (is a joke of cource)... what i do not understand is urfisch:hmmm:

I'm also russian :D :cool: But I don't have anything against any of the programmers...

but yeah, the second one is unclear.

I also agree with Zedi - it would be nice to be able to fix this without mods, giving people choice whether they want a particular mod or not.

I'm just starting to come back to computers/programming, but looking at what reaper7 and TDW are talking about makes me think that if the locations is referenced with offsets for various dials/values - finding this offset and figuring out if it can be changed is the next step. Will be interesting to try and figure it out.

never said, romanian proggers are bad people. calm down, dudes. i said maybe romanian coding is not state of the art. and maybe this was wrong, maybe not.

but let keep the fact in focus, the game was at a really, i mean REALLY bad state at release...many things had to be fixed. so something meant to be wrong in the code...or was it just unfinished? in the end, the result is the same.

so we all are legitimated to claim a "bad" work on this game. i do not understand the agitation about my post. people should always keep in mind, the might not be perfect.

me included.

always is place for better... i am calm... if your intention was what you said is ok:up:
never said, romanian proggers are bad people. calm down, dudes. i said maybe romanian coding is not state of the art. and maybe this was wrong, maybe not.

but let keep the fact in focus, the game was at a really, i mean REALLY bad state at release...many things had to be fixed. so something meant to be wrong in the code...or was it just unfinished? in the end, the result is the same.

so we all are legitimated to claim a "bad" work on this game. i do not understand the agitation about my post. people should always keep in mind, the might not be perfect.

me included.

is ok:up:... i was just angry because that out of topic like ''romanian programers sucks'' - the fact that Obelix liked this i understand because he is rusian (is a joke of cource)... what i do not understand is urfisch:hmmm:
Okay! I am willing to reconsider. After analyzing the situation I have such a conclusion suggests itself: programmers ubisoft romania not to blame for what has turned out SH5 curve. Most likely they were pressured from above. Recall that SH5 was the first game, protected with DRM. Protecting the new and the broad masses are not tested. Assassin cred II at the time was ready to release. Protection system required testing. What is it you can check with the least damage? The game which is very narrow and specific niche. This game was SH5. It is possible to start work on the SH5 and they wanted to do something valuable. And then appears on the horizon DRM. Which game will stand the test? SH5 - this is the same game, which is expected to profit the least in comparison with other upcoming releases ubisoft. The main part of the game is ready or almost ready for release, and SH5 is far from perfect. A DRM should be tested.
Therefore, the Romanian programmers given strict instructions - any ways and means to speed up work on SH5. March 4, 2010 is published SH5. Errors hurt the eyes, so almost immediately on the second day to rivet the patch. This efficiency is encouraging for the best, as evidenced by a month later with the release of second patch. And on this important role SH5 ends programmers transferred to other projects, where they laid out already in full. SH5 successfully fulfilled the role of the tester DRM, now the company is not required. His fate - taking care of players, "Life Saving of drowning - the handiwork of drowning." Programmers, writing SH5 successfully cope with the writing and other projects to SH5 just do not let their heads.

If you keep all of this triad to a single phrase, the essence is - SH5 was originally designed for a painless test DRM, because the risk of revenue loss from this game is negligible.

That something like this.

Regards!
Obelix :salute:

The "state" of the game, was not due to bad programming.... It was due to time (well money to the suits and time to the devs).

I would imagine that the devs asked for more time... but Ubi saw that more time would cost more money.

More cost = less profit or could even return a negative amount of profit.

So the devs stitched together the code with what time they had left and made it playable, but yes it was unfinished.

Just my 2cents worth.

yep... i have the same opinion like you this time:)
regards:salute:
Okay! I am willing to reconsider. After analyzing the situation I have such a conclusion suggests itself: programmers ubisoft romania not to blame for what has turned out SH5 curve. Most likely they were pressured from above. Recall that SH5 was the first game, protected with DRM. Protecting the new and the broad masses are not tested. Assassin cred II at the time was ready to release. Protection system required testing. What is it you can check with the least damage? The game which is very narrow and specific niche. This game was SH5. It is possible to start work on the SH5 and they wanted to do something valuable. And then appears on the horizon DRM. Which game will stand the test? SH5 - this is the same game, which is expected to profit the least in comparison with other upcoming releases ubisoft. The main part of the game is ready or almost ready for release, and SH5 is far from perfect. A DRM should be tested.
Therefore, the Romanian programmers given strict instructions - any ways and means to speed up work on SH5. March 4, 2010 is published SH5. Errors hurt the eyes, so almost immediately on the second day to rivet the patch. This efficiency is encouraging for the best, as evidenced by a month later with the release of second patch. And on this important role SH5 ends programmers transferred to other projects, where they laid out already in full. SH5 successfully fulfilled the role of the tester DRM, now the company is not required. His fate - taking care of players, "Life Saving of drowning - the handiwork of drowning." Programmers, writing SH5 successfully cope with the writing and other projects to SH5 just do not let their heads.

If you keep all of this triad to a single phrase, the essence is - SH5 was originally designed for a painless test DRM, because the risk of revenue loss from this game is negligible.

That something like this.

Regards!
Obelix :salute:

ok, back2topic then...please.

Originally Posted by TheDarkWraith
What this sounds like is the programmer assigned each 'variable' to a temp variable so as to preserve the original variable. When the C++ code was compiled (and compiler optimized it) the compiler usually places temp variables on the stack (instead of the heap). Being that it was optimized the compiler probably decided to use the same address (stack address) for each temp variable (to save memory). This is why you are 'seeing' each variable using the same address. This is very common to see and is one reason why RE is very complicated to 'follow and decipher'. If you want to validate my theory then you'll probably notice that the address used for each 'variable' uses offset addressing to 'find' it's contents (ESI+x where x is the offset amount - and ESI could be any of the general CPU registers [EBX,ECX,ESI,EDI,etc.]). In this example ESI would be an address located on the stack (you can find where the stack is located via Olly Debug - EVERY application has at least one stack but usually they have more than this)



---------------
LOL, thats exactly whats happening - I had come to the same conclusion.
I went back to Cheat engine this morning and fired up SH3 (As its quicker to load and easier to trace - but basically the same).

I was able to trace the pointer's all back to the same Base Address - and each of the dials is then written to by means of an offset.

Thanks TDW for confirming this :up: It makes much more sense to me now - and not an issue of bad programming as I first thought. Sorry Devs :up:.
Just a Noob jumping to the wrong conclussions :88).


-------------------------------------------------------

Assembly for NEWBIS ...and more....---Google / Vivek Ramachandran ----:up:


For Start !! :hmmm:
http://www.securitytube.net/video/208





This video is part of the following groups:







1. Assembly Language Megaprimer for Linux (http://www.securitytube.net/groups?operation=view&groupId=5) ( 11 videos)

Assembly Primer for Hackers (Part 1) System Organization
Assembly Primer for Hackers (Part 2) Virtual Memory Organization
Assembly Primer for Hackers (Part 3) GDB Usage Primer
Assembly Primer for Hackers (Part 4) Hello World
Assembly Primer for Hackers (Part 5) Data Types
Assembly Primer for Hackers (Part 6) Moving Data
Assembly Primer for Hackers (Part 7) Working with Strings
Assembly Primer for Hackers (Part 8) Unconditional Branching
Assembly Primer for Hackers (Part 9) Conditional Branching
Assembly Primer for Hackers (Part 10) Functions
Assembly Primer for Hackers (Part 11) Functions Stack
. after then cams ..this !!!

http://raykoid666.wordpress.com/2009/11/17/buffer-overflow-primer-review/


The links to the different parts:
Part 1 (http://go.clb1.com/a6ea0qv0dh4) (Smashing the stack)
Part 2 (http://go.clb1.com/a7ea0qv6j6n) (Writing exit shellcode)
Part 3 (http://go.clb1.com/auea0qvlluk) (Executing shellcode)
Part 4 (http://go.clb1.com/awea0qvr6b2) (Disassembling execve)
Part 5 (http://go.clb1.com/apea0qvxs0c) (shellcode for execve)
Part 6 (http://go.clb1.com/area0qwfz5j) (exploiting a program)
Part 7 (http://go.clb1.com/afea0qw2qb5) (exploiting a program: demonstration)
Part 8 (http://go.clb1.com/alea0qw83ls) (return to libc theory)
Part 9 (http://go.clb1.com/awea0qwn13z) (return to libc theory: demonstration)


Videos 1-4 have to do with basic system calls, mov commands,
you make a hello world program and then video 3 is all about using gdb

(Viveks tutorial is the best i***8217;ve seen)

Videos 5-11 are all about more indepth mov commans, creating variables and examining memory layout and values with gdb.
This is all very useful but just watching the videos is not enough!
You need to go through and do it along with him,
you have to write the programs(even though he says you can download them) and you need to get assembly in your fingers.

Think of great athletes, they didn***8217;t get great by watching sports on TV ***8211;
they went out and did the real thing ***8211;

Exact same concept with computers ***8211;

Practice practice practice.
.

hey tomi...nice to see you round here!

I've had a look at those vids and indeed, they seems very good. It's especially intersting since i'm absolute beginner to that. However, it seems to me that having a good to strong knowledge of programming in C is a pre-requisite.

Still having an in-depth look though, as this so-called "modding friendly SH5 -oups, I forgot about this GR2 über restrictive sh*t-" is not going to see lots of breakthrough rapidly if we are to rely now entirely on a very very few bunch of coding experts like TDW or Reaper7 who are pretty much alone doing all the new stuffs on the modding scene (apart from few eye-candies here and there and campaign related stuffs).

They have a life of their owns and can't work 24h/7...
Hope I'll be able to help somehow soon. It's been quite some time since I've modded anything since everyone here pretty much covered what can be achieved so far in their own area of expertise with current tools and restrictions. I do for sure miss a S3D for SH5 like that thing allowed you to do for SH4! Wish the devs never relied on that granny GR2 thingy! Such a plague, such a step backward for all the modders community... Talk about reinventing the wheel on and on! And that goblin editor is nothing much of a viewer, really... :damn:

Heh I'm a very competent computer scientist and and well versed in MIPS assembly and RE still evades me. It's very tough. Although I absolutely could RE MIPs.

If this was anything but a graphical program I would love to help. But I can barely write a 3d renderer let alone RE one.

I think you would be better off (and save more time) RE all the files and writing your own exe from scratch. You could control more that way. But you have to imagine a huge team of developers worked on this, so only one or a handful at best working on it will take FOREVER.

Heh I'm a very competent computer scientist and and well versed in MIPS assembly and RE still evades me. It's very tough. Although I absolutely could RE MIPs.

If this was anything but a graphical program I would love to help. But I can barely write a 3d renderer let alone RE one.

I think you would be better off (and save more time) RE all the files and writing your own exe from scratch. You could control more that way. But you have to imagine a huge team of developers worked on this, so only one or a handful at best working on it will take FOREVER.
:salute:It is very good that you are competent computer scientist. It is a pity that you are skeptical about this. Previously, were convinced that in SH5 MarineQuadratKarte to realise not really. We must break the EXE. And all have calmed down.
And I the humble computer user went and has drawn this "MQK". And nothing is not broke.:O:
We must think not standard. And there is always a way out!:rock:

quote " the SH-Series is dead, so theres nothing to come, if we are not creating it."

First of all, we all accepted but few read over the user end license agreements for the software we use - including games. RE was specifically not permitted.

Copyright ownership does not end if a company does not produce further updates or similar titles.

Google was undergoing a class action law suit representing authors (I am one of them) for displaying book contents without permission. They settled out of court and have to pay millions.

Each of us has our own opinion about the right of it, but accept that it is basically illegal to RE software for any reason. Just about every program end-user license I have encountered indicates that ownership of the program remains with the maker and the license is to use it.

That should kick up some dust in the forum ! :arrgh!:

Hi, raymond.
And, what do you suggest?:)

Hi, raymond.
And, what do you suggest?:)

Simple. Leave the .exe file alone.

Simple. Leave the .exe file alone.

There are no mods here that have an edited SH5.exe file - or am I missing something:06:

I want to edit my sh5.exe - I can do this:yep:

If you want to leave yours alone - fair doos:D
:up:

There are no mods here that have an edited SH5.exe file - or am I missing something:06:

I want to edit my sh5.exe - I can do this:yep:

If you want to leave yours alone - fair doos:D
:up:

:agree: :Kaleun_Applaud:

To be clear. You can edit your own exe, and even write a patcher that will patch one if you have it (EULA won't stand up in court as you own that exe). What you cannot do is copy that EXE and distribute it.

So if you could somehow RE the exe, you would have to create a patcher to patch all the stuff you are changing, which wouldn't happen, as the exe would change dramatically on the very first build of source code.

But you can RE to find certain sections of the exe and replace them with a patcher, this is 100% legal.

Also legal is taking the file structure that we have and making out own exe from scratch. That is completely legal as well.