Jump to content

Dune 2 Concrete bug fix


segra

Recommended Posts

here it is guys... the patch SD2 fans have been waiting for, for a long time smile.png

I've tested this with, Original SuperDune2 and SD2Classic

and from the quick searching i did, it appears this hex string appears in ALL versions of the executable

Open your dune2 exe in your favourite hex editor (hex workshop is pretty good imo)

search for hex values (this set only appears once)

B4 00 25 03 00 3B 06

replace with

B4 00 25 07 00 3B 06

asm dump of the modified area:

seg010:0DFC B4 00                          mov     ah, 0

seg010:0DFE 25 03 00                       and     ax, 3           ; the concrete bug smile.png

seg010:0E01 3B 06 2C 3A                    cmp     ax, gameHumanTeamID

0: Harkonnen

1: Atreides

2: Ordos

3: Fremen

4: Sardaukar

5: Mercenary

Its quite evident the problem here, when playing SD2 the HumanTeamID is always 3,4,5

Which means AX will be 0 for Sard/Merc after the AND (as only the last 2 bits are kept)

Have a nice day smile.png

post-5746-12833239833513_thumb.jpg

Link to comment
Share on other sites

omg... that's great :)

It's exactly what I've been looking for, but I really couldn't get through the DOS code in my disassembler. Thank you so much :)

Bizarre though... I thought it was just a loop that didn't go far enough, but this is actual sabotaging of the extra sides.

You seem to have done quite a bit of research into Dune II. I couldn't get through, since I couldn't get IDA to link to the the data sections correctly, which destroyed all string references in the code... they're kind of a vital lead to getting started with identifying functions.

We had another problem concerning the fact the ingame main menu strings aren't centered in the european version (they are in the American version though). I wanted to fix that by tracing the IDs from the strings file for the strings used on the main menu (a method which works fine in C&C), but these string IDs are also in separate data sections here. Do you think you could help us out with that? Once I know where to look I'll probably be able to do the hack myself.

Link to comment
Share on other sites

hmm, which version is the european version?

ive got battle for arrakis, and building of a dynasty here.. and neither has the menu text centered (both are 1.07)

i also checked dynasty 1.0

but, i did locate the information your after in 1.07

ill detail arrakis and the SD2 Classic (dynasty), as the EXE is slightly different in each case

Battle for Arrakis 1.07:

Menu String ID Table:  dseg:219D

exe hex address: 0x3A1BD - 0x3A1EC

This data appears as, (one for each version of the menu)

1b: play a game

1c: replay intro

5c: load a game

1d: exit game

14e: hall of fame

1B00, 1C00, 1D00

0000, 0000, 0000

1B00, 1C00, 5C00, 1D00

0000, 0000

1B00, 1C00, 1D00, 4E01

0000, 0000

1B00, 1C00, 5C00, 1D00, 4E01

This part of the code, pushes the menu ID onto the stack then obtains a pointer from a previously loaded data file (DUNE.ENG in this case) to the string. ptr is returned in dx/ax, then stored on the stack (in a ptr array)

ovr189:1E8D FF B7 9D 21                    push    word_455BD[bx]  ; ID

ovr189:1E91 9A 5F 00 D4 1D                call    getDataItemPtr

it then continues on and loads the DUNE logo, prints the version number in the corner.. before coming to

ovr189:2059 9A 25 00 E9 42                call    j_drawMenu

drawmenu start of function:

ovr197:0108 55                            push    bp

this takes a few arguments, such as a pointer to the menu data (ptr to string ptrs stored on the stack before).

I havnt investigated any further as of yet

Building of a Dynasty 1.07:

Menu String ID Table: dseg:1C0D

exe hex address: 0x3970D - 0x3973C

ovr189:1E8D FF B7 0D 1C                push    word_44B0D[bx]

ovr189:1E91 9A 58 00 D8+                call    sub_1DDD8

ovr189:2059 9A 25 00 97 42                    call    sub_42995    < drawmenu

drawmenu start of function:

ovr197:0108 55                                push    bp

Link to comment
Share on other sites

neat :)

I'll look into that when I got some more time.

Do you have a correctly linked IDA database I could use though? Or a way to link these sections so the references work? I really can't work with it as it is now... the memory manager screws it all up when loading the file.

I uploaded all of the exe files here

http://nyerguds.arsaneus-design.com/dune/d2exes.rar

Those aren't the complete game of course... I'm sure I could get you a download link for each one though if I look around a bit. These exes were only collected for creating my Dune II editor

[edit]

Full versions uploaded here:

http://nyerguds.arsaneus-design.com/dune/dune2versions/

d2changelang.zip - language changer tool for the EU versions

d2crack.zip - cracked exes of 1.00 and 1.07 US versions

d2patch107.zip - the official 1.07 patch for the US version

d2sound_eu.zip - eu setup program hacked to display all sound choices like the US patch

d2sound_us.zip - official us setup program patch to make it display all sound choices

dune2.ico - improvement of the win 3.11 icon included with the game :)

dune2_demo.zip - demo version (unplayable demo; follows a script file)

dune2_eu_1.07.zip - europeran 1.07 version

dune2_hs_1.07.zip - europeran 1.07 version, HitSquad release (some differences with normal EU one)

dune2_us_1.00.zip - US 1.00 version.

dune2_us_1.07.zip - US 1.07 version. This one should show the centering menus I talked about

dune2manual.pdf - the game manual. Needed to pass the 'security checks' ingame. Hacked versions of the exe have been going around, but right now I don't know where to find one to see how the security thing can be disabled.

[edit]

folder updated... now all exes in my packs should be unhacked, and the hacked exes are in a separate zipfile

Link to comment
Share on other sites

nah my ida database has only a few things mapped out, ive been doing most of my work in softice under win2k in vmware

i do plan on eventually fixing all the offsets, data struct offsets tho, naming all the main functions

your editor looks good, that will help with the hardcoded data struct mapping :)

Link to comment
Share on other sites

The editor was requested by MrFlibble so he could port Super Dune II to version 1.07. It's made with the informaion from an existing Dune II v1.00 editor.

The exe editing thread has some more information related to the hardcoded data of houses and the main menu.

Link to comment
Share on other sites

i should be able to send u my database soon.. shuold be more useful then

btw, protection is easy to remove ;)

seg023:0414 83 3E A6 38+                cmp    missionNumberPrevious, 1

seg023:0419 74 07                      jz      short copyProtection

seg023:041B 83 3E A6 38+                cmp    missionNumberPrevious, 7

seg023:0420 75 69                      jnz    short loc_226BB

seg023:0422

seg023:0422            copyProtection:                        ; CODE XREF: gameCheckStatus+170j

seg023:0422 B8 D2 3B                    mov    ax, seg seg152

Link to comment
Share on other sites

ive got battle for arrakis, and building of a dynasty here.. and neither has the menu text centered (both are 1.07)

The menu text that is centered is not on the title screen, but in the menu that you get when pressing the "Options" button during a mission. The menu items there, as well as in the load game/save game dialogue, are centered in v1.0, v1.07US and v1.07HS, but not centered in v1.07EU. This is because they made the menu items numbered for French and German (e.g. "1. Spiel laden" etc.) in that version, and a numbered list doesn't look good when the lines are centered.

Link to comment
Share on other sites

interesting how many different versions exist, the copy i own is battle for arrakis 1.07 but has the text centered

it comes with the german/french data too and under both the text is centered without numbers

hmm

Link to comment
Share on other sites

No... take the French game. If the first unit command is "Attaquer" and the second is "Aller á", they both have the first starting letter... so after assigning the "A" to the "Attaquer" command, the EU game automatically determines that "L" is the shortcut for the "Aller á" command; it takes the first letter of the string that's not already in use by another command.

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...