Qhimm.com Forums
Miscellaneous Forums => Scripting and Reverse Engineering => Topic started by: dziugo on 2012-09-05 09:09:41
-
Disclaimer: As there is no non-official launcher, the game is still protected with SecuROM, even with changes below applied. You have to own the game/needed files to be able to use it.
Note: This is a tutorial to change the FF7 ReRelease (2012) to work with the old 1.02 exe and retain the ability to make use of the new graphics engine. It doesn't convert the NEW version to OLD.
As you might know, the recent FF7 ReRelease includes the new DX-based graphics engine, and is protected with SecuROM so it doesn't get too easy to use it with the old exe. Here is a quick tutorial how to make it usable. Why? Because we then have a 1.02 exe (which can be modded with anything compatible with 1.02 exe) and use the cool graphics engine which came with the rerelease.
Changes in the new engine by dotemu feat. Aali: The DLL is protected with SecuROM SLL, and has corrupted Export table + rerouted Entry point (so when it's loaded with proper SecuROM-protected exe, it unprotects itself).
Restoring exports and the entry point of the AF3DN.P:
HEX Addresses for 1.06 AF3DN.P
Restoring entry point:
00000128: 65 C7
00000129: 84 E0
0000012A: 13 01
Restoring exports:
dotemuRegDeleteValueA:
00005FA0: 00 33
00005FA1: 00 C0
00005FA2: 00 C2
00005FA3: 00 08
dotemuRegCloseKey:
00006040: 00 33
00006041: 00 C0
00006042: 00 C2
00006043: 00 04
dotemuRegOpenKeyExA:
0001DB20: 00 E8
0001DB21: 00 9B
0001DB22: 00 40
0001DB23: 00 FF
0001DB24: 00 FF
0001DB25: 00 33
0001DB26: 00 C0
0001DB27: 00 C2
0001DB28: 00 14
dotemuRegQueryKeyExA:
0001DB30: 00 8B
0001DB31: 00 44
0001DB32: 00 24
0001DB33: 00 14
0001DB34: 00 56
0001DB35: 00 8B
0001DB36: 00 74
0001DB37: 00 24
0001DB38: 00 0C
0001DB39: 00 E8
0001DB3A: 00 F2
0001DB3B: 00 FA
0001DB3C: 00 FF
0001DB3D: 00 FF
0001DB3E: 00 5E
0001DB3F: 00 C2
0001DB40: 00 18
dotemuRegSetValueExA:
0001DB50: 00 56
0001DB51: 00 8B
0001DB52: 00 74
0001DB53: 00 24
0001DB54: 00 0C
0001DB55: 00 57
0001DB56: 00 8B
0001DB57: 00 7C
0001DB58: 00 24
0001DB59: 00 1C
0001DB5A: 00 E8
0001DB5B: 00 31
0001DB5C: 00 FF
0001DB5D: 00 FF
0001DB5E: 00 FF
0001DB5F: 00 5F
0001DB60: 00 5E
0001DB61: 00 C2
0001DB62: 00 18
Ok, now we'll mod an old 1.02 exe to be used with new engine. This is one way of doing it - we mimick what dotemu has done, but don't change the size of the exe. All we have to do is to reroute ADVAPI calls (registry related) to the functions within the new engine (RegOpenKeyExA becomes dotemuRegOpenKeyExA etc.).
Manually mapping AF3DN.P:
HEX Addresses for 1.02 ff7.exe (english)
New RVAs for imports:
003B4C00: 90 4B
003B4C04: 7C 62
003B4C08: 6C 7A
003B4C0C: 5A 8F
003B4C10: 4C 90
003B4C11: 8E 88
Correction of first/original thunk RVA (duplicating to free some space):
003B73F0: 90 00
003B73F1: 88 60
Correction of module name RVA:
003B73FC: A2 A6
Texts#1:
003B7490: 90 00
003B7491: 8E 00
003B7492: 3B 64
003B7493: 00 6F
003B7494: 7C 74
003B7495: 8E 65
003B7496: 3B 6D
003B7497: 00 75
003B7498: 6C 52
003B7499: 8E 65
003B749A: 3B 67
003B749B: 00 43
003B749C: 5A 6C
003B749D: 8E 6F
003B749E: 3B 73
003B749F: 00 65
003B74A0: 4C 4B
003B74A1: 8E 65
003B74A2: 3B 79
Texts#2:
003B7A4C: 17 00
003B7A4D: 01 64
003B7A4E: 52 6F
003B7A4F: 65 74
003B7A50: 67 65
003B7A51: 43 6D
003B7A52: 6C 75
003B7A53: 6F 52
003B7A54: 73 65
003B7A55: 65 67
003B7A56: 4B 44
003B7A58: 79 6C
003B7A59: 00 65
003B7A5A: 41 74
003B7A5B: 01 65
003B7A5C: 52 56
003B7A5D: 65 61
003B7A5E: 67 6C
003B7A5F: 53 75
003B7A61: 74 41
003B7A62: 56 00
003B7A63: 61 00
003B7A64: 6C 64
003B7A65: 75 6F
003B7A66: 65 74
003B7A67: 45 65
003B7A68: 78 6D
003B7A69: 41 75
003B7A6A: 00 52
003B7A6B: 00 65
003B7A6C: 2E 67
003B7A6D: 01 51
003B7A6E: 52 75
003B7A70: 67 72
003B7A71: 4F 79
003B7A72: 70 56
003B7A73: 65 61
003B7A74: 6E 6C
003B7A75: 4B 75
003B7A77: 79 45
003B7A78: 45 78
003B7A79: 78 41
003B7A7A: 41 00
003B7A7C: 36 64
003B7A7D: 01 6F
003B7A7E: 52 74
003B7A80: 67 6D
003B7A81: 51 75
003B7A82: 75 52
003B7A84: 72 67
003B7A85: 79 4F
003B7A86: 56 70
003B7A87: 61 65
003B7A88: 6C 6E
003B7A89: 75 4B
003B7A8B: 45 79
003B7A8C: 78 45
003B7A8D: 41 78
003B7A8E: 00 41
003B7A90: 20 00
003B7A91: 01 64
003B7A92: 52 6F
003B7A93: 65 74
003B7A94: 67 65
003B7A95: 44 6D
003B7A96: 65 75
003B7A97: 6C 52
003B7A99: 74 67
003B7A9A: 65 53
003B7A9B: 56 65
003B7A9C: 61 74
003B7A9D: 6C 56
003B7A9E: 75 61
003B7A9F: 65 6C
003B7AA0: 41 75
003B7AA1: 00 65
003B7AA2: 41 45
003B7AA3: 44 78
003B7AA4: 56 41
003B7AA5: 41 00
003B7AA6: 50 41
003B7AA7: 49 46
003B7AA9: 32 44
003B7AAA: 2E 4E
003B7AAB: 64 2E
003B7AAC: 6C 50
003B7AAD: 6C 00
The last step, is to rename ff7.exe with ff7_en.exe and place it in the rerelease directory along with the modified AF3DN.P. Then you can just use the launcher and it should work (at least, works for me).
Didn't have time to check this, but it might be possible to use the new engine the way the custom opengl driver is used (through registry entries). It would still have to go through the launcher (unless you replace the Launcher - FF7 IPC module) and use the launcher-made config files, so I'm not interested in doing that.
Coming soon this year: Non-official launcher allowing for off-line play and disabling the cloud saves feature! Yay!
-
Don't understand all .. ;D but.. Whith this method, we could have better graphics than the 2012 ff7 converted to 98 and all modded with bottleg ?
It already looks fantastic like this 8)
-
Don't understand all .. ;D but.. Whith this method, we could have better graphics than the 2012 ff7 converted to 98 and all modded with bottleg ?
It already looks fantastic like this 8)
Hmm... If I understood you correctly: With this method you can have all pros of the 2012 rerelease (the new gaphics engine + oggs + better FMVs) and still be able to apply patches that modify 1.02 ff7.exe. The patcher should still be aware of this modded copy being the rerelease (-> some files being in the lang folder) but if the main executable is concerned, it's just good to go (provided it doesn't check the file's checksum).
-
U sir are great, can you please make it a little more noob friendly hehehe ? i would really love to use this
-
Does this mean we can export our edited video into 1920x1080p working format. Because there were restrictions about the video format in the old version.
-
Leo can you please help how to achieve this?
-
Achieve what? I'm asking a question about new ff7 video format support. I hope I was understandable though...
-
Sorry i dind't explain better, if you can help the noobs like me to preform this mod
Thanks
-
I guess it's just a process you have to follow the instructions above. I haven't tried it yet since I do not own the new game but I'm thinking of it if I can use my high definition videos with the game without any video/sound issues.
-
My question is the first row is the hex adress of the chage and the other 2 rows are the old and the new string? Thanks
-
My question is the first row is the hex adress of the chage and the other 2 rows are the old and the new string? Thanks
Yes, that's correct.
-
Im facing a strange error after modding the ff7.exe and the af3dn.p file when running
The exe it says something like it cant find the entry dotemuRegSetValueExA in the af3dn.p but its strange as the af3dn.p file had all the strings the 3 collumn from your mod ??? As it should can you send me your files or take a look on mines??? Sorry to bother and thanks
https://docs.google.com/file/d/0Bxt51MAjKyi0TEFLZmR2Z2gxWFk/edit link to my files ;)
-
The access to the files is restricted. I'll edit this post once you give me access to it, and I look at it.
-
Sorry my bad forgot to make it public, now its done hehehe
Thakns bro.