Doomworld Forums - hexen-plus, ver 1.1.5

Doomworld Forums : Powered by vBulletin version 2.2.5

Doomworld Forums > Classic Doom > Source Ports > hexen-plus, ver 1.1.5

Pages (2): « 1 [2]

Author

All times are GMT. The time now is 02:20.

Quasar
Moderator

Posts: 4615
Registered: 08-00

entryway said:

Read. if (!NULL->dx)

code:void P_BounceWall(mobj_t *mo)
{
	...
	P_PathTraverse(leadx, leady, leadx+mo->momx, leady+mo->momy,
		PT_ADDLINES, PTR_BounceTraverse);

	// entryway: bestslideline is NULL
	side = P_PointOnLineSide(mo->x, mo->y, bestslideline);

I can crash chocolate-hexen in two seconds

That's a very interesting find there. It'll probably require an overflow emulation for Choco Hexen, since it doesn't crash the DOS version.

03-22-10 08:08 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

entryway
Forum Staple

Posts: 2587
Registered: 01-04

Quasar said:
It'll probably require an overflow emulation for Choco Hexen, since it doesn't crash the DOS version.

Pure DOS output:
>debug 0:0
0000:0000 9E 0F C9 00 65 04 70 00-16 00 EF E5 65 04 70 00

As you can see, (line_t*)0->dx != 0 and (line_t*)0->dy != 0, so there is no early exit from P_PointOnLineSide() and you need ((line_t*)0)->v1->x/y. What do you know about (vertex_t*)0x00C90F9E->x/y values? Probably this address refers to some hexen code - would be easy to emulate.

If you do not know how DOS4GW loader works, you can simply inject some code to hexen.exe for showing value from that address (as I did for showing spechit address for using with -spechit xxx with prboom-plus) and compare the output with hexen.exe's code and data segments and use it if it's static, heh

Last edited by entryway on 03-22-10 at 12:20

03-22-10 11:47 #

Profile || Blog || PM || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Quasar
Moderator

Posts: 4615
Registered: 08-00

entryway said:

If you do not know how DOS4GW loader works, you can simply inject some code to hexen.exe for showing value from that address (as I did for showing spechit address for using with -spechit xxx with prboom-plus) and compare the output with hexen.exe's code and data segments and use it if it's static, heh

I could, if I had a clue how to do that :) I've reverse engineered, but I've never managed to add code to a program yet.

03-22-10 16:33 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

entryway
Forum Staple

Posts: 2587
Registered: 01-04

Quasar said:
I could, if I had a clue how to do that :) I've reverse engineered, but I've never managed to add code to a program yet.

It's easy. Common template for hacking something

code:
00041234: mov gamemap, 1         // you want to change or get gamemap variable
...
00042234: call xyz               // some code without fixup using, so you can overwrite
00041239: ...

replace it with
00042234: jmp 00A40000           // unused space at the end of segment

00A40000: call xyz               // original code
00A40005: push eax               // save all needed registers
00A40006: push ecx
00A40007: call $                 // opcode: e8 00 00 00
00A4000c: pop ecx                // ecx has eip
00A4000d: dec ecx, 00A4000c-00041234+2 // ecx contains address of address of variable  
00A400xx: mov ecx, [ecx]         // address of variable
00A400xx: mov ecx, [ecx]         // gamemap value

00A400xx: mov eax, ecx           // do what you want
00A400xx: call something(int)    //

00A400xx: pop ecx
00A400xx: pop eax
00A400xx: jmp 00041239           // return

03-22-10 16:59 #

Profile || Blog || PM || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Graf Zahl
Why don't I have a custom title by now?!

Posts: 7130
Registered: 01-03

It's easy...

Yeah, right...

:P

03-22-10 17:34 #

Profile || Blog || PM || Email || Search || Add Buddy

IP || Edit/Delete || Quote

entryway
Forum Staple

Posts: 2587
Registered: 01-04

Graf Zahl said:
It's easy...

Yeah, right...

Ok.

Lesson #1: How to add "-maxdemo" support to Hexen for Dummies (11MB)

Home-work: do the same for Heretic and Strife.

03-22-10 21:14 #

Profile || Blog || PM || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

kristus
Megablast!

Posts: 9683
Registered: 07-00

Homework #2:
Add vertical tiling for the sky texture in Heretic and Hexen. :p

03-22-10 21:51 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Quasar
Moderator

Posts: 4615
Registered: 08-00

Before anybody bothers with Strife:

code:
cseg01:000176C0 loc_176C0:                              
cseg01:000176C0                 pop     edi
cseg01:000176C1                 mov     eax, offset aMaxdemo ; "-maxdemo"
cseg01:000176C6                 mov     ecx, 20000h
cseg01:000176CB                 call    M_CheckParm
cseg01:000176D0                 test    eax, eax
cseg01:000176D2                 jz      short loc_176F3
cseg01:000176D4                 mov     edx, myargc
cseg01:000176DA                 dec     edx
cseg01:000176DB                 cmp     eax, edx
cseg01:000176DD                 jge     short loc_176F3
cseg01:000176DF                 mov     edx, myargv
cseg01:000176E5                 mov     eax, [edx+eax*4+4] ; a1
cseg01:000176E9                 call    atoi_
cseg01:000176EE                 mov     ecx, eax
cseg01:000176F0                 shl     ecx, 0Ah

It already has -maxdemo, on account of having been based on DOOM II v1.666 ;)

03-22-10 23:54 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

All times are GMT. The time now is 02:20.

Pages (2): « 1 [2]

Doomworld Forums > Classic Doom > Source Ports > hexen-plus, ver 1.1.5

Show Printable Version |

Email this Page |

Subscribe to this Thread

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are OFF
[IMG] code is ON

< Contact Us - Doomworld >