The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
This is caused by needlessly copying the string argument to a local variable limited to 64 bytes. If the line exceeds this buffer, the game crashes.
We fix it by removing the copy function and simply passing the pointer to the original text data.
Address
Code
eb 19
90
jmpshort+19hnop
Fix buffer overflows (replace EAX)
(buffer_overflow_rep_eax)
Address
Code
8b45 18
moveax,[ebp+18]
Fix buffer overflows (replace ECX)
(buffer_overflow_rep_ecx)
Address
Code
8b4d 18
movecx,[ebp+18]
Text alignment
Boss title alignment
(boss_title_align)
Description
* Call GetTextExtent on string to render
Add 4 to compensate for multiple TextOut layers
Convert to float
Address
Code
8b 45 18
50
e8 [GetTextExtent]
83 c0 04
50
3e db 04 e4
58
The English patch has its own hackish text length calculation, replacing the original string length loop before the FPU operations. We don't need that loop anyway, so we jump over it.
The rest is the same as above, just with different stack addresses and a jump over nonsensical calculations at the end.
And yes, this is binarily identical for player bombs and enemy spells!
NOPing out a multiplication with 15 followed by a division by 16 correctly aligns spell card names as expected.
Why ZUN did that is beyond me.
Address
Code
90 90 90 90 90 90
90 90 90 90 90 90
nop(*0bh)
Spell cards
Prepare ECL instruction register for spell ID fetching
(spell_prepare)
Description
Loads ESI with a pointer to the ECL instruction structure and reorders a couple of assignments to not break the code.
ESI is not read or modified between this hack and spell_fetch_id where we need it.
With the ECL instruction structure in ESI, we can optimize the element accesses, and end up with just enough space to fetch the spell card number into ECX.
(This crashes the game without spell_prepare applied, maybe we should do something about that.)
Address
Code
0fbf4e 0e
89f0
83c0 10
50
0fbf56 0c
movsxecx,wordptrds:[esi+0e]; ECX = spell card numbermoveax,esiaddeax,10; EAX = spell card namepusheax; insert breakpoint heremovsxedx,wordptrds:[esi+0c]; EDX = face ID
Compatibility
Remove English patch spell translation lookup in the Result screen
(unpatch_result_spell)
Description
Necessary because we wouldn't be able to set any spell breakpoint, since the addresses we'd need differ between the original and the English patch.
And since we have to do something about it anyway, we also keep the spell number in EAX to save one breakpoint.