RA1 low disk space message box fix

[Iran]

Open up OllyDbg and apply the following patches:

 

00551E05    E9 9E000000    JMP ra95.00551EA8

00551E0A    90            NOP

 

That will make the game always jump over the code to show the message box. Here's a full listing of the relevant parts of memory (without this patch applied):

 

00551DFB  |. E8 0893F5FF    CALL ra95.004AB108

00551E00  |. 3D 00008000    CMP EAX,800000

00551E05  |. 0F83 9D000000  JNB ra95.00551EA8

00551E0B  |. 6A 08          PUSH 8

00551E0D  |. 68 FB0B5F00    PUSH ra95.005F0BFB                      ;  ASCII "Warning - you are critically low on free disk space for saving games. Do you want to play Red Alert anyway?"

00551E12  |. 8D85 70F9FFFF  LEA EAX,DWORD PTR SS:[EBP-690]

00551E18  |. 50            PUSH EAX

00551E19  |. E8 8C6D0600    CALL ra95.005B8BAA

00551E1E  |. 83C4 0C        ADD ESP,0C

00551E21  |. 6A 24          PUSH 24                                  ; /Style = MB_YESNO|MB_ICONQUESTION|MB_APPLMODAL

00551E23  |. 68 670C5F00    PUSH ra95.005F0C67                      ; |Title = "Red Alert"

00551E28  |. 8D85 70F9FFFF  LEA EAX,DWORD PTR SS:[EBP-690]          ; |

00551E2E  |. 50            PUSH EAX                                ; |Text

00551E2F  |. 6A 00          PUSH 0                                  ; |hOwner = NULL

00551E31  |. 2E:FF15 64685E>CALL DWORD PTR CS:[<&USER32.MessageBoxA>>; \MessageBoxA

00551E38  |. 83F8 07        CMP EAX,7

00551E3B  |. 75 6B          JNZ SHORT ra95.00551EA8

00551E3D  |. A1 B05E6600    MOV EAX,DWORD PTR DS:[665EB0]

00551E42  |. 85C0          TEST EAX,EAX

00551E44  |. 74 0E          JE SHORT ra95.00551E54

00551E46  |. 74 0C          JE SHORT ra95.00551E54

00551E48  |. 31D2          XOR EDX,EDX

00551E4A  |. E8 11A00600    CALL ra95.005BBE60

00551E4F  |. E8 4CA10600    CALL ra95.005BBFA0

00551E54  |> BA 60B95F00    MOV EDX,ra95.005FB960

00551E59  |. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]

00551E5C  |. 8955 B0        MOV DWORD PTR SS:[EBP-50],EDX

00551E5F  |. BB FF000000    MOV EBX,0FF

00551E64  |. FF52 34        CALL DWORD PTR DS:[EDX+34]

00551E67  |. 8A55 CC        MOV DL,BYTE PTR SS:[EBP-34]

00551E6A  |. 31C9          XOR ECX,ECX

00551E6C  |. F6C2 01        TEST DL,1

00551E6F  |. 74 1A          JE SHORT ra95.00551E8B

00551E71  |. 8B75 C4        MOV ESI,DWORD PTR SS:[EBP-3C]

00551E74  |. 85F6          TEST ESI,ESI

00551E76  |. 74 13          JE SHORT ra95.00551E8B

00551E78  |. 89F0          MOV EAX,ESI

00551E7A  |. E8 C61A0700    CALL ra95.005C3945

00551E7F  |. 8A75 CC        MOV DH,BYTE PTR SS:[EBP-34]

00551E82  |. 80E6 FE        AND DH,0FE

00551E85  |. 894D C4        MOV DWORD PTR SS:[EBP-3C],ECX

00551E88  |. 8875 CC        MOV BYTE PTR SS:[EBP-34],DH

00551E8B  |> F6C1 02        TEST CL,2

00551E8E  |. 0F84 C8040000  JE ra95.0055235C

00551E94  |. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]

00551E97  |. E8 04A10600    CALL ra95.005BBFA0

00551E9C  |. 89D8          MOV EAX,EBX

00551E9E  |. 8D65 F4        LEA ESP,DWORD PTR SS:[EBP-C]

00551EA1  |. 5F            POP EDI

00551EA2  |. 5E            POP ESI

00551EA3  |. 5B            POP EBX

00551EA4  |. 5D            POP EBP

00551EA5  |. C2 1000        RETN 10

00551EA8  |> 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]

 

[Allen262]

It may have been fixed already if not it should be usefull to others. Thanks!

[Nyerguds]

Might be more useful to just give the bare file address and bytes to change, so anyone with a hex editor can do it

[Iran]

Oh RA95 relocates the memory addresses from a different spot than the offsets in the executable. So here are what needs to be changed in the EXE. I'm using hifi's 3.03.p3 exe so I don't know if the bytes are relocated. Write starting from 00151200:

 

E9 9E 00 00 00 90

 

This should replace 0F 83 9D 00 00 00. If you can't find this sequence at 00151200 search for the byte sequence "68FB0B5F00" with your hex editor, it only occurs once in the executable.

 

To check if this actually fixes the bug, before patching the executable you can open the file in OllyDbg and navigate to the addresses in my first post, replace the CMP EAX, 800000 with STC and then let the game run under OllyDbg, you should now see the message box about disk space appear. Then apply this patch with a hex editor to the binary and retry doing these steps in OllyDbg, the message box should no longer appear.

[Nyerguds]

Oh right. Hifi's extra segments generator. Y U MAEK HACKING SO HARD HIFI? :ranting:

 

(for the record, I use IDA, not Olly)

[Iran]

There's another check in the save game function for whether disk space is low (same bug) so here's a new patch to fix that too (with this one the previous patch isn't needed), the patch in OllyDbg (with hifi's exe) is:

 

004AB108    B8 01008000    MOV EAX,800001

004AB10D    C3            RETN

004AB10E    90            NOP

 

 

For a hex edit to the binary, find the byte sequence 8D55F0E8F6101200, which is at 000AA512 in my exe, then find the first occurance of the 55 hex before that (which is at 000AA508 in my EXE) and apply the following byte changes from there:

 

B801008000C390

 

[Nyerguds]

Would be better to actually fix the disk check function though.

[Iran]

Hmm, the Microsoft Application Compatibility Toolkit has 2 fixes related to the disk space function Red Alert 1 uses, 'EmulateGetDiskFreeSpace' to make Windows XP return 2 GB if there's more than 2 GB and 'GetDiskFreeSpace2GB' for applications that don't understand >2GB.