Port 59NL server patches to 59NJ (pt. 1)

This commit is contained in:
Corrine
2026-05-06 08:56:22 -07:00
committed by Martin Michelsen
parent b8e7d81a22
commit a57cca6c12
6 changed files with 353 additions and 3 deletions
@@ -0,0 +1,44 @@
# (uint16_t entity_id @ eax) -> TObjectV00b421c0* @ eax
# Preserves all registers except eax
get_enemy_entity:
push esi
push edi
push edx
push ecx
xor edx, edx
xchg edx, eax
cmp edx, 0x1000
jl done
cmp edx, 0x4000
jge done
mov esi, [0x00AABCE8] # bs_low = next_player_entity_index
mov edi, [0x00AABCE4]
lea edi, [edi + esi - 1] # bs_high = next_player_entity_index + next_enemy_entity_index - 1
bs_again:
cmp esi, edi
jge bs_done
lea ecx, [esi + edi]
shr ecx, 1
mov eax, [ecx * 4 + 0x00AAB2A0] # all_entities[ecx]
cmp [eax + 0x1C], dx
jge bs_not_less
lea esi, [ecx + 1]
jmp bs_again
bs_not_less:
mov edi, ecx
jmp bs_again
bs_done:
mov eax, [esi * 4 + 0x00AAB2A0] # all_entities[bs_low]
test eax, eax
je done
xor ecx, ecx
cmp [eax + 0x1C], dx
cmovne eax, ecx
done:
pop ecx
pop edx
pop edi
pop esi
@@ -0,0 +1,42 @@
# This file defines the following function:
# write_address_of_code(
# const void* patch_code,
# size_t patch_code_size,
# void** ptr_addr);
# This function allocates memory for patch_code, copies patch_code to that
# memory, then writes the address of the allocated code at the specified
# pointer. The allocated memory is never freed.
# This function pops its arguments off the stack before returning.
write_call_to_code:
# [esp + 0x04] = code ptr
# [esp + 0x08] = code size
# [esp + 0x0C] = ptr addr
# Allocate memory for the copied code
mov ecx, [0x00AA8F84]
push dword [esp + 0x08]
mov eax, 0x007A984C
call eax # malloc7
test eax, eax
je done
# Copy the code to the newly-allocated memory
# eax = dest pointer (from malloc7 call above)
mov edx, [esp + 0x04] # edx = source pointer
mov ecx, [esp + 0x08] # ecx = source size
push ebx
memcpy_again:
dec ecx
mov bl, [edx + ecx] # Copy one byte from source to dest
mov [eax + ecx], bl
test ecx, ecx
jne memcpy_again
pop ebx
# Write the address
mov ecx, [esp + 0x0C]
mov [ecx], eax
done:
ret 0x0C
@@ -0,0 +1,76 @@
# This file defines the following function:
# write_call_to_code(
# const void* patch_code,
# size_t patch_code_size,
# void* call_opcode_address,
# ssize_t call_opcode_bytes);
# This function allocates memory for patch_code, copies patch_code to that
# memory, then writes a call or jmp opcode to call_opcode_address that calls
# the code in the allocated memory region. The allocated memory is never freed.
# call_opcode_bytes specifies how many bytes at the callsite should be
# overwritten. This value must be at least 5; the first 5 bytes are overwritten
# with the call/jmp opcode itself; the rest are overwritten with nop opcodes.
# If call_opcode_bytes is positive, a call opcode is written; if it's negative,
# a jmp opcode is written.
# This function pops its arguments off the stack before returning.
write_call_to_code:
# [esp + 0x04] = code ptr
# [esp + 0x08] = code size
# [esp + 0x0C] = jump callsite
# [esp + 0x10] = callsite size (if zero, write the address instead of a call)
# Allocate memory for the copied code
mov ecx, [0x00AA8F84]
push dword [esp + 0x08]
mov eax, 0x007A984C
call eax # malloc7
test eax, eax
je done
# Copy the code to the newly-allocated memory
# eax = dest pointer (from malloc7 call above)
mov edx, [esp + 0x04] # edx = source pointer
mov ecx, [esp + 0x08] # ecx = source size
push ebx
memcpy_again:
dec ecx
mov bl, [edx + ecx] # Copy one byte from source to dest
mov [eax + ecx], bl
test ecx, ecx
jne memcpy_again
pop ebx
mov edx, [esp + 0x0C] # edx = jump callsite
# If the callsite size is zero, just write the address directly
cmp dword [esp + 0x10], 0
jne write_call_or_jmp
mov [edx], eax
jmp done
# Write the call or jmp opcode
write_call_or_jmp:
lea ecx, [eax - 5]
sub ecx, edx # ecx = (dest code addr) - (jump callsite) - 5
cmp dword [esp + 0x10], 0
setl al
or al, 0xE8
mov [edx], al # Write E8 (call), or E9 (jmp) if size was negative
mov [edx + 1], ecx # Write delta
# Write as many nops after the call opcode as necessary
mov ecx, 5
mov eax, [esp + 0x10]
cmp eax, 0
jge write_nop_again
neg eax
write_nop_again:
cmp ecx, eax
jge done
mov byte [edx + ecx], 0x90
inc ecx
jmp write_nop_again
done:
ret 0x10
@@ -0,0 +1,83 @@
# This file defines the following function:
# void [/std] write_call_to_code(
# const void* patch_code @ [esp + 0x04],
# size_t patch_code_size @ [esp + 0x08],
# size_t call_count @ [esp + 0x0C],
# void* call_opcode_address @ [esp + 0x10],
# ssize_t call_opcode_bytes @ [esp + 0x14],
# ...);
# This function allocates memory for patch_code, copies patch_code to that
# memory, then writes a call or jmp opcode to call_opcode_address that calls
# the code in the allocated memory region. The allocated memory is never freed.
# call_opcode_bytes specifies how many bytes at the callsite should be
# overwritten. This value must be at least 5; the first 5 bytes are overwritten
# with the call/jmp opcode itself; the rest are overwritten with nop opcodes.
# This function pops its arguments off the stack before returning (including
# all the varargs).
write_call_to_code:
# [esp + 0x04] = code ptr
# [esp + 0x08] = code size
# [esp + 0x0C] = callsite count
# [esp + 0x10] = callsite address
# [esp + 0x14] = callsite size
# ... (further callsite address/size pairs)
# Allocate memory for the copied code
mov ecx, [0x00AA8F84]
push dword [esp + 0x08]
mov eax, 0x007A984C
call eax # malloc7
test eax, eax
je done
# Copy the code to the newly-allocated memory
# eax = dest pointer (from malloc7 call above)
mov edx, [esp + 0x04] # edx = source pointer
mov ecx, [esp + 0x08] # ecx = source size
push ebx
memcpy_again:
dec ecx
mov bl, [edx + ecx] # Copy one byte from source to dest
mov [eax + ecx], bl
test ecx, ecx
jne memcpy_again
pop ebx
# Write the call opcodes
xchg ebx, [esp + 0x0C] # Save ebx; get callsite count
mov [esp - 0x08], esi
mov [esp - 0x0C], eax
mov esi, 0x10 # Stack offset of first callsite pair
next_callsite:
mov edx, [esp + esi] # edx = jump callsite
lea ecx, [eax - 5]
sub ecx, edx # ecx = (dest code addr) - (jump callsite) - 5
mov byte [edx], 0xE8
mov [edx + 1], ecx # Write E8 (call) followed by delta
# Write as many nops after the call opcode as necessary
mov ecx, 5
mov eax, [esp + esi + 4]
write_nop_again:
cmp ecx, eax
jge this_callsite_done
mov byte [edx + ecx], 0x90
inc ecx
jmp write_nop_again
this_callsite_done:
mov eax, [esp - 0x0C]
add esi, 8
dec ebx
jnz next_callsite
mov ecx, esi
mov ebx, [esp + 0x0C]
mov esi, [esp - 0x08]
done:
mov eax, [esp]
add esp, ecx
jmp eax