Talk:014C
Revision as of 16:06, 13 June 2016 by Spaceeinstein (talk | contribs)
Is there more information on the bug? The causes, possible fixes? Seemann (talk) 10:45, 13 June 2016 (UTC)
- The bug is at around 0x5A7617 where it is making a bad comparison.
; the switch/counter is at cargen+0x28, size two bytes ; using a value of 101 or above stores 0xffff, using a value between 0 and 100 stores the number as-is .text:005A7617 movzx eax, word ptr [ebx+28h] ; grabs a two-byte value, do an unsigned extension ; this means 0xffff would change to 0x0000ffff .text:005A761B cmp eax, 0FFFFFFFFh ; compare against 0xffffffff .text:005A761E jge short loc_5A7624 ; jump if greater than or equal, signed comparison ; but ALL resulting values are greater than -1 .text:005A7620 dec word ptr [ebx+28h] ; decrement cargen+0x28 by 1, which is never reached .text:005A7624 loc_5A7624:
- So here's my fix that worked for me.
.text:005A7617 movsx eax, word ptr [ebx+28h] ; do a signed extension so that 0xffff would change to 0xffffffff .text:005A761B cmp eax, 0FFFFFFFFh ; .text:005A761E jz short loc_5A7624 ; jump if equal, signed comparison .text:005A7620 dec word ptr [ebx+28h] ; .text:005A7624 loc_5A7624:
- Here's the code for CLEO.
- --Spaceeinstein (talk) 16:04, 13 June 2016 (UTC)
05DF: write_memory 0x5A7618 size 1 value 0xBF virtual_protect 1 05DF: write_memory 0x5A761E size 1 value 0x74 virtual_protect 1