Alcostg/Binary hacks
< Alcostg
Jump to navigation
Jump to search
 |
Development of this patch has moved to GitHub. Please use the Issues page there to discuss possible improvements or additions to this patch, or simply send a pull request. For now, the existing wiki pages of this patch will remain for the sake of documentation, but they are no longer functional. |
 |
This page is locked for editing because it contains crucial data required for the basic operation of the patch engine. Please discuss possible improvements or additions on the Talk page; after review, these may then be added to the main page here. |
Bugs
Fix buffer overflow in spell name rendering (replace pointer)(overflow_spell_rep) |
||
|---|---|---|
| Description | ... taking advantage of the fact that EBX still contains the original pointer. | |
| Address |
|
|
| Code | 90 90 90 90 nop (*4)
|
|
Spells
Spell card alignment(spell_align) |
||
|---|---|---|
| Description | Once again, everything in one hack. | |
| Address |
|
|
| Code | 8b9ce4 a0000000 8b8e 64030000 8b7e 70 d1e9 83e1 01 51 ffb4e4 a0000000 ff35 00e24800 53 e8 [GetTextExtentForFont] 83c0 04 50 db04e4 58 eb 24 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 85c0 mov ebx,dword ptr ss:[esp+0A0] ; we'll need this twice
mov ecx,dword ptr ds:[esi+364]
mov edi,dword ptr ds:[esi+70]
shr ecx,1
and ecx,00000001
push ecx
push dword ptr ss:[esp+0A0] ; not EBX!
push dword ptr ds:[alcostg.48e200] ; spell font
push ebx
call [GetTextExtentForFont]
add eax,4
push eax
fild dword ptr ss:[esp]
pop eax
jmp short +0x24
nop (*0x24)
test eax,eax
|
|