Use table-offset signature for Brutal Peeps HP patch

src/SendCommands.cc

@@ -846,9 +846,10 @@ static std::shared_ptr<AsyncPromise<C_ExecuteCodeResult_B3>> send_brutal_peeps_h
 
     constexpr uint32_t scan_start = 0x16760000;
     constexpr uint32_t scan_end = 0x16A90000;
-    constexpr uint32_t signature_size = 64;
+    constexpr uint32_t signature_offset = 0x00002800;
+    constexpr uint32_t signature_size = 0x80;
 
-    if (bp_entry->size < signature_size) {
+    if (bp_entry->size < (signature_offset + signature_size)) {
       c->log.warning_f("Skipping Brutal Peeps HP client patch: BattleParamEntry_on.dat too small for signature");
       return nullptr;
     }
@@ -863,9 +864,10 @@ static std::shared_ptr<AsyncPromise<C_ExecuteCodeResult_B3>> send_brutal_peeps_h
     std::string suffix;
     append_u32l(suffix, scan_start);
     append_u32l(suffix, scan_end);
+    append_u32l(suffix, signature_offset);
     append_u32l(suffix, signature_size);
     append_u32l(suffix, 0); // patched below after diff generation
-    suffix.append(vanilla_data, signature_size);
+    suffix.append(vanilla_data + signature_offset, signature_size);
 
     uint32_t patch_entry_count = 0;
     for (uint32_t offset = 0; offset < target_data.size(); offset++) {
@@ -880,10 +882,10 @@ static std::shared_ptr<AsyncPromise<C_ExecuteCodeResult_B3>> send_brutal_peeps_h
       patch_entry_count++;
     }
 
-    suffix[12] = static_cast<char>(patch_entry_count & 0xFF);
-    suffix[13] = static_cast<char>((patch_entry_count >> 8) & 0xFF);
-    suffix[14] = static_cast<char>((patch_entry_count >> 16) & 0xFF);
-    suffix[15] = static_cast<char>((patch_entry_count >> 24) & 0xFF);
+    suffix[16] = static_cast<char>(patch_entry_count & 0xFF);
+    suffix[17] = static_cast<char>((patch_entry_count >> 8) & 0xFF);
+    suffix[18] = static_cast<char>((patch_entry_count >> 16) & 0xFF);
+    suffix[19] = static_cast<char>((patch_entry_count >> 24) & 0xFF);
 
     auto fn = s->client_functions->get("PsoPeepsBrutalPeepsHP", c->specific_version);
 
@@ -900,8 +902,8 @@ static std::shared_ptr<AsyncPromise<C_ExecuteCodeResult_B3>> send_brutal_peeps_h
 
     c->enabled_flags |= fn->client_flag;
 
-    c->log.info_f("Brutal Peeps HP client patch sent: tier={} mult={:g} patch_entries={} scan={:08X}-{:08X}",
-        tier, mult, patch_entry_count, scan_start, scan_end);
+    c->log.info_f("Brutal Peeps HP client patch sent: tier={} mult={:g} patch_entries={} signature_offset={:05X} scan={:08X}-{:08X}",
+        tier, mult, patch_entry_count, signature_offset, scan_start, scan_end);
 
     return promise;
 

system/client-functions/PsoPeepsBrutalPeepsHPBB.s

@@ -14,28 +14,27 @@ start:
   push   esi
   push   edi
   push   ebp
-  push   0                                  # [esp] = last matched table base / 0
 
   jmp    get_data_ptr
 
 get_data_ptr_ret:
-  pop    ebx                                # ebx = suffix payload
+  pop    ebx                                  # ebx = suffix payload
 
-  mov    esi, [ebx]                         # scan_start
+  mov    esi, [ebx]                           # scan_start, scans for signature address, not table base
 
 scan_again:
-  mov    edx, [ebx + 4]                     # scan_end
-  mov    ecx, [ebx + 8]                     # signature_size
-  sub    edx, ecx                           # scan limit = end - sig_size
+  mov    edx, [ebx + 4]                       # scan_end
+  mov    ecx, [ebx + 12]                      # signature_size
+  sub    edx, ecx                             # scan limit = end - sig_size
   cmp    esi, edx
-  ja     return
+  ja     not_found
 
   xor    ebp, ebp
-  lea    edi, [ebx + 16]                    # signature ptr
+  lea    edi, [ebx + 20]                      # signature ptr
 
 compare_again:
   cmp    ebp, ecx
-  jae    found_table
+  jae    found_signature
 
   mov    al, [esi + ebp]
   cmp    al, [edi + ebp]
@@ -48,33 +47,35 @@ next_candidate:
   inc    esi
   jmp    scan_again
 
-found_table:
-  # esi = one matching BattleParam table base
-  mov    [esp], esi                         # remember last match for return_value
+found_signature:
+  # esi = signature address; table base = esi - signature_offset
+  mov    ebp, esi
+  sub    ebp, [ebx + 8]                       # ebp = BattleParam table base
 
-  mov    ecx, [ebx + 12]                    # patch entry count
-  mov    edi, [ebx + 8]                     # signature_size
-  lea    edi, [ebx + edi + 16]              # patch entries after header+signature
+  mov    ecx, [ebx + 16]                      # patch entry count
+  mov    edi, [ebx + 12]                      # signature_size
+  lea    edi, [ebx + edi + 20]                # patch entries after header+signature
 
 patch_again:
   test   ecx, ecx
-  jz     after_patch
+  jz     done
 
-  mov    edx, [edi]                         # offset from table base
-  mov    al, [edi + 4]                      # byte value
-  mov    [esi + edx], al
+  mov    edx, [edi]                           # offset from table base
+  mov    al, [edi + 4]                        # byte value
+  mov    [ebp + edx], al
 
   add    edi, 5
   dec    ecx
   jmp    patch_again
 
-after_patch:
-  inc    esi                                # continue scanning after this match
-  jmp    scan_again
+done:
+  mov    eax, ebp                             # return found table base
+  jmp    return
+
+not_found:
+  xor    eax, eax
 
 return:
-  mov    eax, [esp]                         # 0 if none found, else last matched base
-  add    esp, 4
   pop    ebp
   pop    edi
   pop    esi
@@ -87,9 +88,10 @@ get_data_ptr:
 # Server suffix starts here:
 #   uint32_t scan_start
 #   uint32_t scan_end
+#   uint32_t signature_offset
 #   uint32_t signature_size
 #   uint32_t patch_entry_count
-#   signature bytes
+#   signature bytes from table+signature_offset
 #   repeated patch entries:
 #     uint32_t offset
 #     uint8_t value