Remove random damage

[Vodner]

I've managed to put together some memory patches that peg damage, soak, and reduce to the average values. Sadly this is only for the 1.143 client - I'm not sure how the WSE client and server are handled. Still, hopefully this might remove some of the work involved.

Old way of generating a number between 0 and 1 for the damage calcs:
  (rand(0..32767) % 15817) / 15817.0
New way of generating the same number:
  7908 / 15817.0
(i.e. just 0.5; the patch is smaller this way though)

I'm not entirely certain why they don't just divide the result of the RNG by 32767.0, but there's probably a good reason.

Code: [Select]

Note: these are in-memory addresses, not offsets in the binary.

client patch:
0x004E1051 - BA E4 1E 00 00 90 90 90 90 90 90 90 90
0x004E1088 - BA E4 1E 00 00 90 90 90 90 90 90 90 90
0x004E10E4 - BA E4 1E 00 00 90 90 90 90 90 90 90 90

dedicated server patch:
0x00459895 - BA E4 1E 00 00 90 90 90 90 90 90 90 90
0x004598CC - BA E4 1E 00 00 90 90 90 90 90 90 90 90
0x00459928 - BA E4 1E 00 00 90 90 90 90 90 90 90 90

original client values:
0x004E1051 - E8 15 0C 19 00 99 B9 C9 3D 00 00 F7 F9
0x004E1088 - E8 DE 0B 19 00 99 B9 C9 3D 00 00 F7 F9
0x004E10E4 - E8 82 0B 19 00 99 B9 C9 3D 00 00 F7 F9

original server values:
0x00459895 - E8 66 31 09 00 99 B9 C9 3D 00 00 F7 F9
0x004598CC - E8 2F 31 09 00 99 B9 C9 3D 00 00 F7 F9
0x00459928 - E8 D3 30 09 00 99 B9 C9 3D 00 00 F7 F9

The differences in the original values are just due to the relative location of the RNG function changing.

I tried debugging the WSE client (without joining any servers, just to track down the equivalent function), then it occurred to me that there may be some sort of cheat detection that would lead to my getting banned for having a debugger attached. At any rate, I doubt the devs are updating the WSE client by just patching the binary anyways.

e:
I've put together a small program for testing the changes in single-player. Everything seems to work. Source (ugly, sorry) and executable are here.

Take the 'mb_warband_old.exe' (this is just Warband v1.143) from your 'cRPG\WSE' directory, and copy it to your root Warband directory. Extract 'warband_derandom.exe' to your root Warband directory. Run 'warband_derandom.exe', and then proceed to test things in single-player.

No attempt is made to verify that 'mb_warband_old.exe' is actually Warband 1.143. If it isn't, chances are it will crash.

e:e:
Offsets for the 1.143 dedicated server are 0x00459895, 0x004598CC, and 0x00459928. Same patches as above.

[Kafein]

Surely the RNG is used for other things than just damage calculation

[Vodner]

Surely the RNG is used for other things than just damage calculation

It's doesn't patch the RNG. It patches the result from the RNG, in three spots.

(click to show/hide)

Example of one of the three spots:
Old code:

Code: [Select]

004E1051   E8 150C1900      CALL mb_warba.00671C6B          ; Get a random number from 0-32767
004E1056   99               CDQ                             ; Prep EDX for IDIV
004E1057   B9 C93D0000      MOV ECX,3DC9                    ; ECX = 15817
004E105C   F7F9             IDIV ECX                        ; Divide EAX (the random number from above) by ECX
004E105E   895424 10        MOV DWORD PTR SS:[ESP+10],EDX   ; Store the remainder on the stack
004E1062   DB4424 10        FILD DWORD PTR SS:[ESP+10]      ; Load the remainder as a float
004E1066   DC35 60688900    FDIV QWORD PTR DS:[896860]      ; Divide by 15817.0
004E106C+  Do stuff with the random number between 0 and 1 stored on the top of the FP stackNew code:

Code: [Select]

004E1051   BA E41E0000      MOV EDX,1EE4                    ; Take the number 7908
004E1056   90               NOP
004E1057   90               NOP
004E1058   90               NOP
004E1059   90               NOP
004E105A   90               NOP
004E105B   90               NOP
004E105C   90               NOP
004E105D   90               NOP
004E105E   895424 10        MOV DWORD PTR SS:[ESP+10],EDX   ; Store it on the stack
004E1062   DB4424 10        FILD DWORD PTR SS:[ESP+10]      ; Load it as a float
004E1066   DC35 60688900    FDIV QWORD PTR DS:[896860]      ; Divide by 15817.0
004E106C+  As above, do stuff with the number

[Kafein]

It's doesn't patch the RNG. It patches the result from the RNG.

You mean the code for this weird half modulo stuff is copied everywhere they want a [0,1[ interval ? lol

[Vodner]

You mean the code for this weird half modulo stuff is copied everywhere they want a [0,1[ interval ? lol

The code is used in an enormous number of spots, which means it's probably just a macro, or an inlined function.

e:
The integer part of it is also used in many spots. 15817 is prime, so I suspect there was a good reason for choosing it when no floating point operations are done (and in the places where they are done, they are likely just reusing the same macro or inlined function).

[Kafein]

Why would they modulo by half, doesn't make sense