mov ecx, dword ptr [0e626d8h]
mov dx, word ptr [eax + ecx + 0186b8h]
b8 86 01 00. Again, if you have the same version of the executable that I do, you will find these bytes at 0x3641e6 from the beginning of the file. Change them to 00 00 50 00. That is sufficient to get the chocobo races working on my machine. (Note that there may be other difficulties associated with running FF7 under Windows NT/2K/XP, though many of those are solved by the Application Compatibility Toolkit from Microsoft.)
I'm sure someone could develop a patch that does the hex editing automatically for me / everyone else to give to their less computer literate friends who don't know how to dig around in a hex editor?
jedwin: If you need to distribute a patch-type-thingy, you could wrap it up as a Cetra patch (blatent plug!). It'll do the basic things like backing up the main EXE first, and checking that the data in the position is correct before modifying it ... just a thought ;)
...unless, of course, it's an problem with the main EXE. In which case you'd have to patch the main program file, which would be near-impossible.
On 2002-04-21 17:59, Qhimm wrote:
Not that I'm trying to bash this feat (I think it's great work), but some conclusions were incorrect. Even though 0xE626D8 is part of the uninitialized data segment, that doesn't necessarily make it a NULL pointer. The fact that no instructions reference this address means nothing either, since data is most likely written in large chunks (most likely the entire large structure at once), so the reference would be found much earlier in the address space. Still, someone messed up bigtime when dealing with this struct, so in effect we have a NULL pointer anyway. Right conclusion, different route.
mov edx, offset foo
mov [edx+1234h], bar
On 2002-04-21 18:32, Goku7 wrote:
As for distributing the answer as a patch.....What about Dag's patchmaker program? The difference engine it seems to use might work well for this kinda thing.....
On 2002-04-20 21:04, jedwin wrote:
There are no other accesses to the variable at 0e626d8h, which essentially, since it is in the uninitialized data segment, means that it is a NULL pointer. Under Windows 95/98, for no apparent reason, the pages corresponding to the addresses from 0x10000-0x20000 are mapped to something which looks to me like 16-bit code. So, since the offset puts it safely into that region, it doesn't crash.
Ahh, except running this under Windows 98, setting a memory breakpoint on that address in Softice indicates that that variable is not set before it is used. I am fully aware that it is common to do things like:Code: [Select]
mov edx, offset foo
mov [edx+1234h], bar
but Softice doesn't lie. :)
mov esi, offset src
mov edi, offset dest
mov ecx, somesize
rep stosb
On 2002-04-22 05:05, Qhimm wrote:
True, but what I was referring to was this type of reference:Code: [Select]
mov esi, offset src
mov edi, offset dest
mov ecx, somesize
rep stosb
Where src is an offset say 100 bytes before the offset in question. In this
case, disassemblers and debuggers (IDA, softice etc.) pick up the operand
reference to src, but a breakpoint does not catch the actual writings to the
other offsets affected.
I find it interesting that you could fix it simply by changing the offset,
though. That would mean the read data can't exactly be critical to the
operation of the minigame...
On 2002-04-22 11:09, dgp9999 wrote:
Sounds like it's a success. Were you saying that it hapenned in a SNES game on Windows XP? It wouldn't be suprising. All they need is to get one memory address wrong and you're screwed. To bad I can't a get a decent copy of Windows XP to try it out on, I don't suppose any one could help me out? :wink:
The patch works on 1.2... if you apply it manually. As in hex editor.
CatsClaw=Grey Mouser?
But don't we all aim for that?
An updated version of the chocobo patch is now available here (http://www.qhimm.com/ff7_chocobo_patch.zip). No changes to the patch itself, but now it supports the german(?) version, hereafter referred to as 1.00g.
Maybe it's a bad stick of RAM?
1) It works with the "Secret" compatibility update from Microsoft! Here's how you can make it work:
1) Download and install this file:
http://msdn.microsoft.com/compatibility/act.exe
2) Run AppFix.exe, located in the applications subdirectory in the ACT install folder.
3) Play FF7!
The bug effects EVERYONE on XP, and its the exact same thing across the board.
Just pray to god now that you aren't blessed with the cosmo crash.
Quote from: DarkdevilJust pray to god now that you aren't blessed with the cosmo crash.
Haha, and pray to god you didnt just jinx the poor guy too! :wink:
Nope, Its XP.
Everyone on this forum has different setups, and everyone gets the chocobo crash.
The cosmo crash is a different matter. We can't find out what makes it lock up at that place.
No, Even is we replace the movie with a dummy it stil crashes.
Messiah99 wrote:
Darkdevil wrote:
Just pray to god now that you aren't blessed with the cosmo crash.
Haha, and pray to god you didnt just jinx the poor guy too!
I'm not there yet. Knowing my luck though, I think it might crash.
Does it always happen with XP though? Does it depend on the version used (EA/Edios)? Does it depend on the grapics crads used (I'm using a Nvida Geforce 4)?
Nope I have no idea.
intell pentium4
SIS650 (vid card)
windows XP
software rendering
Also I cant see the movies.
Is that all you need?
About the XP patch.
Read: http://forums.qhimm.com/viewtopic.php?t=1656
In my case she doesnt count as if i every try to "obtain" her, the game crashed at the mystery ninja battle...
Its strange, I can get into the battle, It will go zoom in on her and then will CTD....
Dont you have to go through Gongaga to get to cosmo....
Quote from: DarkdevilDont you have to go through Gongaga to get to cosmo....
No, the first time I played I actually missed Gonaga entirely until after the Temple Of The Ancients when you wake up there. Not sure how that happened, but it did, haha.
Woah there.
Avatar size WAY too big.
Read the rules please.
i open Patch, it says...Isn't the patch for 1.02? If the patch says 'Unable to identify blahblah...', surely you tried applying patch to wrong version of exe file(unless it is corrupted or modified by any way).
''Unable to identify game executable. Do you wish to attempt adaptive patching?''
I choose yes
and it says...
''Could not locate XP vulnerability. This does no appear to be an unpatched FF7 executable''
I've tried to patch the 1.00 version, I don't know if I'm doing wrong, but that thing just overwrite my exe file, and it says that it is not the file or something....
Isn't the patch for 1.02? If the patch says 'Unable to identify blahblah...', surely you tried applying patch to wrong version of exe file(unless it is corrupted or modified by any way).