Patching to get the laser drawn

[peterthepigeon]

Start by finding the call that handles the firing code.

 

00471197   FF92 04010000    CALL DWORD PTR DS:[EDX+104] 

 

Notice that it's a vtable.

 

The code for structures is at:

 

004211CC   53               PUSH EBX

 

However notice that if we immediately patch it, guess what?  We crash at:

 

004211DB   8A40 54          MOV AL,BYTE PTR DS:[EAX+54]

 

So even if we nop it out, or patch it to find the unit location in memory we still don't see the laser drawn.

 

The answer is straight forward.

 

00421213   2E:FF2485 A0114200    JMP DWORD PTR CS:[EAX*4+4211A0]                 ; C&C95.00421265

 

We must zero out eax, so a simple unit or infantry check and done.

 

No laser?  Oh my.

 

We breakpoint on where we're supposed to:

 

Unit code

 

0042177E   FF91 BC010000         CALL DWORD PTR DS:[ECX+1BC]                     ; C&C95.004B6120

 

Obelisk code

 

0042177E   FF91 BC010000         CALL DWORD PTR DS:[ECX+1BC]                     ; C&C95.0041D058

 

More entry replacement.

 

Then we crash again.

 

0041D06F   8B58 42               MOV EBX,DWORD PTR DS:[EAX+42]

 

Nop or fix accordingly.

 

0041D0C0   8A40 54               MOV AL,BYTE PTR DS:[EAX+54]

 

Ditto.

 

You'll have to adjust some of the jump paths, but it should start drawing.

 

Presto done.

[peterthepigeon]

Keep in mind this is extremely hacky and I haven't worked beyond this, but it does work and on the move the laser sometimes may not draw at all. 

[peterthepigeon]

I honestly would recommend duplicating the code paths and redirecting to a new section, make sure of course to properly handle relocations.  I could do this myself and maybe I will when I feel like it.

[Nyerguds]

I honestly would recommend duplicating the code paths and redirecting to a new section, make sure of course to properly handle relocations.  I could do this myself and maybe I will when I feel like it.

I was wondering about that, the way you specified "unit code" and "Obelisk code" separately... though that's the same code for the same address, just called with different vtables.

 

Meh. I'd have to look into the exe to properly parse this.

[peterthepigeon]

I honestly would recommend duplicating the code paths and redirecting to a new section, make sure of course to properly handle relocations.  I could do this myself and maybe I will when I feel like it.

I was wondering about that, the way you specified "unit code" and "Obelisk code" separately... though that's the same code for the same address, just called with different vtables.

 

Meh. I'd have to look into the exe to properly parse this.

 

To be honest it's probably better just to patch the unit code to call drawline.  That's the route I intend to go.