Content for everyone
Technical stuff
Links
YouTube Videos
|
Bugfixes for score related bugs(Interested in the LESS technical part of the scoring system? Then click here.)
General information about scoring
---------------------------------
There are 3 kinds of scores:
- Points for collecting items or performing actions (e.g. handcuffing a criminal).
- Points for absolving a room or chapter (e.g. when you walk to the doorlock in the hospital,
you have absolved the room and get rewarded). The score may vary on the number of movements
you have done in the room.
- Points for solving a puzzle. These points are time-based.
If a cheat is applied, you wont get any points.
Technical information
---------------------
The BLOWNAWY.SAV savegame contains various data about puzzles and rooms.
Rooms and puzzles are placed in an ordered list.
Each item can be either a puzzle or a room.
For puzzles, there the score is time-based. For rooms, the score is based on number of movements.
At 0x000 is an int32-array with the information how much time was spent on a puzzle.
For rooms, the value is always 0, since there is no time-measurement for rooms.
At 0x0A0 is an int32-array with the information how often the player changed the screen
in a specific room (walked, looked around etc.).
For puzzles, the value is always 0, because you cannot scroll or walk inside a puzzle.
At 0x140 is an byte-array with the status of the room or puzzle.
00 = The room was not entered / The puzzle was not played
01 = The room/puzzle is current entered / during play
02 = The puzzle was solved with a cheat
03 = The puzzle was solved by the player. / The room was finished
(i.e. you started the last puzzle in the room and won't come back to the room navigation)
04 = The puzzle failed
05 = The puzzle or room cannot be played/entered, because a previous puzzle failed
Obviously, you will only get points if the state is 03.
In the EXE file, offset approx 0x5e8C4, there is a lookup-table with information
how many points the room/puzzle gets and how much time is allowed to get which amount
of score etc. (to be analyzed further).
Added to your score is field 0x16C in the savegame file, which contains points that were given due to
collecting of items, or things you have done:
+ 10 points for finding knucks at living room
+ 10 points for finding motorcycle at living room
+ 10 points for finding carbon paper at living room
+ 10 points for for finding small missile at living room
+ 10 points for handcuffing criminal in the tunnel
Subtracted are penality points at field 0x16E:
- 20 points for hitting a dead wire at thermal maze
- 1 point for misplaced chemical at the mercury game
- 5 points for wrong tone at the xylophone game
- 5 points for each fallen log at the train game
Here is the list of all rooms/puzzles that get score:
---------------------------------------------------------------------------------------------------------
Max Offset in savestate file:
Index Type Description Score State #Moves TimeSpent Remarks
---------------------------------------------------------------------------------------------------------
0 ROOM Hospital 20 0x140 0xA0 (0x00)
1 PUZZLE 15-door 20 0x141 (0xA4) 0x04
2 ROOM Living room 50 0x142 0xA8 (0x08) see bug notice #1
3 ROOM News agency 30 0x143 0xAC (0x0C)
4 PUZZLE Thermal maze 70 0x144 (0xB0) 0x10
5 ROOM Laboratory Entrance Hall 10 0x145 0xB4 (0x14)
6 ROOM Laboratory Maze 40 0x146 0xB8 (0x18)
7 PUZZLE Laboratory Fuse Game 20 0x147 (0xBC) 0x1C
8 PUZZLE Laboratory Keycard Game 30 0x148 (0xC0) 0x20
9 PUZZLE Laboratory Mercury Game 40 0x149 (0xC4) 0x24
10 ROOM Toystore Entrance Hall 20 0x14A 0xC8 (0x28)
11 ROOM Toystore Sam's Room 10 0x14B 0xCC (0x2C)
12 PUZZLE Toystore Xylophone 20 0x14C (0xD0) 0x30
13 PUZZLE Toystore Train Game 30 0x14D (0xD4) 0x34
14 PUZZLE Toystore Marble Game 30 0x14E (0xD8) 0x38
15 PUZZLE Toystore Grid Game 30 0x14F (0xDC) 0x3C
16 PUZZLE Template Game 30 0x150 (0xE0) 0x40
17 PUZZLE Helicopter Game 1 30 0x151 (0xE4) 0x44
18 PUZZLE Helicopter Game 2 30 0x152 (0xE8) 0x48
19 ROOM Bomb van 20 0x153 0xEC (0x4C)
20 PUZZLE Phone Game 40 0x154 (0xF0) 0x50
21 PUZZLE Detonator 1 20 0x155 (0xF4) 0x54
22 ROOM Tunnel 100 0x156 0xF8 (0x58)
23 PUZZLE 34-door 30 0x157 (0xFC) 0x5C
24 PUZZLE Make-A-Word 30 0x158 (0x100) 0x60
25 PUZZLE Slider door 40 0x159 (0x104) 0x64
26 ROOM Justus's room 10 0x15A 0x108 (0x68)
27 PUZZLE 1357 Nim Game 80 0x15B (0x10C) (0x6C)
28 PUZZLE Detonator 2 20 0x15C (0x110) (0x70)
29 (not assigned) 0x15D (0x114) (0x74)
30 (not assigned) 0x15E (0x118) (0x78)
31 (not assigned) 0x15F (0x11C) (0x7C)
32 (not assigned) 0x160 (0x120) (0x80)
33 (not assigned) 0x161 (0x124) (0x84)
34 (not assigned) 0x162 (0x128) (0x88)
35 (not assigned) 0x163 (0x12C) (0x8C)
36 (not assigned) 0x164 (0x130) (0x90)
37 (not assigned) 0x165 (0x134) (0x94)
38 (not assigned) 0x166 (0x138) (0x98)
39 (not assigned) 0x167 (0x13C) (0x9C)
---------------------------------------------------------------------------------------------------------
Sum 950
Bonus points (0x16C):
ITEM Motorcycle 10
ITEM Knucks 10
ITEM Carbon Paper 10
ITEM Small missile 10
ACTION Handcuff criminal 10
Penality points (0x16E):
ACTION Thermal Maze dead wire (-20)
ACTION Mercury Puzzle wrong chemical (- 1)
ACTION Xylophone wrong tone (- 5)
ACTION Train game falled log (- 5)
---------------------------------------------------------------------------------------------------------
Sum 1000
---------------------------------------------------------------------------------------------------------
DATA STRUCTURE
==============
// Data structure: roomScoreInfo[29] is located at EXE offset 0x5e79c
struct roomScoreInfo {
int32_t index;
int32_t roomScore;
int32_t puzzleScore;
int32_t roomAllowSteps;
int32_t roomExtraStepPenality;
int32_t puzzleAllowTime;
int32_t puzzleExtraTimePenalityNumerator;
int32_t puzzleExtraTimePenalityDenumerator;
}
The score table found at offset 0x5e79c has the following contents:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Room/Puzzle Index Room score Puzzle score Room allow Room extra step Puzzle time Puzzle extra tim. Puzzle extra Formula interpreted
steps penality allowed penal. numerat. penal. denum. (step=steps, time=seconds)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hospital (room) 00 00 00 00 14 00 00 00 (20) 00 00 00 00 0D 00 00 00 (13) 02 00 00 00 (2) 00 00 00 00 00 00 00 00 00 00 00 00 20 - max(0,step-13)*2
15-Door (puzzle) 01 00 00 00 00 00 00 00 14 00 00 00 (20) 00 00 00 00 00 00 00 00 1E 00 00 00 (30) 01 00 00 00 (1) 0A 00 00 00 (10) 20 - max(0,time-30)*(1/10)
Living Room (room) 02 00 00 00 32 00 00 00 (50) 00 00 00 00 20 00 00 00 (32) 05 00 00 00 (5) 00 00 00 00 00 00 00 00 00 00 00 00 50 - max(0,step-32)*5
News Agency (room) 03 00 00 00 1E 00 00 00 (30) 00 00 00 00 06 00 00 00 (6) 05 00 00 00 (5) 00 00 00 00 00 00 00 00 00 00 00 00 30 - max(0,step- 6)*5
Thermal Maze (puzzle) 04 00 00 00 00 00 00 00 46 00 00 00 (70) 00 00 00 00 00 00 00 00 32 00 00 00 (50) 01 00 00 00 (1) 01 00 00 00 (1) 70 - max(0,time-50)
Lab Entrance (room) 05 00 00 00 0A 00 00 00 (10) 00 00 00 00 04 00 00 00 (4) 04 00 00 00 (4) 00 00 00 00 00 00 00 00 00 00 00 00 10 - max(0,step- 4)*4
Lab Maze (room) 06 00 00 00 28 00 00 00 (40) 00 00 00 00 0C 00 00 00 (12) 05 00 00 00 (5) 00 00 00 00 00 00 00 00 00 00 00 00 40 - max(0,step-12)*5
Lab Fuse Game (puzzle) 07 00 00 00 00 00 00 00 14 00 00 00 (20) 00 00 00 00 00 00 00 00 0F 00 00 00 (15) 01 00 00 00 (1) 04 00 00 00 (4) 20 - max(0,time-15)*(1/4)
Lab Keycard Game (puzzle) 08 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 5A 00 00 00 (90) 01 00 00 00 (1) 0B 00 00 00 (11) 30 - max(0,time-90)*(1/11)
Lab Mercury (puzzle) 09 00 00 00 00 00 00 00 28 00 00 00 (40) 00 00 00 00 00 00 00 00 E7 03 00 00 (999) 00 00 00 00 (0) 01 00 00 00 (1) 40
Toystore Entrance (room) 0A 00 00 00 14 00 00 00 (20) 00 00 00 00 06 00 00 00 (6) 04 00 00 00 (4) 00 00 00 00 00 00 00 00 00 00 00 00 20 - max(0,step- 6)*4
Toystore Sam (room) 0B 00 00 00 0A 00 00 00 (10) 00 00 00 00 02 00 00 00 (2) 04 00 00 00 (4) 00 00 00 00 00 00 00 00 00 00 00 00 10 - max(0,step- 2)*4
Toystore Xylophone (puzzle) 0C 00 00 00 00 00 00 00 14 00 00 00 (20) 00 00 00 00 00 00 00 00 E7 03 00 00 (999) 00 00 00 00 (0) 01 00 00 00 (1) 20
Toystore Train Game (puzzle) 0D 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 E7 03 00 00 (999) 00 00 00 00 (0) 01 00 00 00 (1) 30
Toystore Marble Game (puzzle) 0E 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 14 00 00 00 (20) 03 00 00 00 (3) 16 00 00 00 (22) 30 - max(0,time-20)*(3/22)
Toystore Grid (puzzle) 0F 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 3C 00 00 00 (60) 01 00 00 00 (1) 06 00 00 00 (6) 30 - max(0,time-60)*(1/6)
Template Game (puzzle) 10 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 1E 00 00 00 (30) 01 00 00 00 (1) 05 00 00 00 (5) 30 - max(0,time-30)*(1/5)
Helicopter Game 1 (puzzle) 11 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 1E 00 00 00 (30) 01 00 00 00 (1) 05 00 00 00 (5) 30 - max(0,time-30)*(1/5)
Helicopter Game 2 (puzzle) 12 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 0A 00 00 00 (10) 03 00 00 00 (3) 02 00 00 00 (2) 30 - max(0,time-10)*(3/2)
Bomb Van (room) 13 00 00 00 14 00 00 00 (20) 00 00 00 00 02 00 00 00 (2) 04 00 00 00 (4) 00 00 00 00 00 00 00 00 00 00 00 00 20 - max(0,step- 2)*4
Phone Game (puzzle) 14 00 00 00 00 00 00 00 28 00 00 00 (40) 00 00 00 00 00 00 00 00 1E 00 00 00 (30) 01 00 00 00 (1) 05 00 00 00 (5) 40 - max(0,time-30)*(1/5)
Detonator 1 (puzzle) 15 00 00 00 00 00 00 00 14 00 00 00 (20) 00 00 00 00 00 00 00 00 0A 00 00 00 (10) 03 00 00 00 (3) 05 00 00 00 (5) 20 - max(0,time-10)*(3/5)
Tunnel (room) 16 00 00 00 64 00 00 00 (100) 00 00 00 00 19 00 00 00 (25) 0A 00 00 00 (10) 00 00 00 00 00 00 00 00 00 00 00 00 100 - max(0,step-25)*10
34-Door (puzzle) 17 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 3C 00 00 00 (60) 01 00 00 00 (1) 0A 00 00 00 (10) 30 - max(0,time-60)*(1/10)
Make-a-Word (puzzle) 18 00 00 00 00 00 00 00 1E 00 00 00 (30) 00 00 00 00 00 00 00 00 28 00 00 00 (40) 03 00 00 00 (3) 14 00 00 00 (20) 30 - max(0,time-40)*(3/20)
Slider Door (puzzle) 19 00 00 00 00 00 00 00 28 00 00 00 (40) 00 00 00 00 00 00 00 00 1E 00 00 00 (30) 01 00 00 00 (1) 06 00 00 00 (6) 40 - max(0,time-30)*(1/6)
Justus (room) 1A 00 00 00 0A 00 00 00 (10) 00 00 00 00 02 00 00 00 (2) 04 00 00 00 (4) 00 00 00 00 00 00 00 00 00 00 00 00 10 - max(0,step- 2)*4
1357 Nim Game (puzzle) 1B 00 00 00 00 00 00 00 50 00 00 00 (80) 00 00 00 00 00 00 00 00 3C 00 00 00 (60) 01 00 00 00 (1) 06 00 00 00 (6) 80 - max(0,time-60)*(1/6)
Detonator 2 (puzzle) 1C 00 00 00 00 00 00 00 14 00 00 00 (20) 00 00 00 00 00 00 00 00 E7 03 00 00 (999) 00 00 00 00 (0) 01 00 00 00 (1) 20
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BUGFIX #1: TV Poker Score Bug (included in my my patch)
=============================
When you solve the video poker with a cheat, the room (!) #2 (living room) will get the state "2" (solved with cheats).
This has 2 effects:
1. The game now thinks that you have finished the living room (including all hostages), because state "2" means something is solved.
So, your maximum points will immediately increase by 50 (they should actually increase in the moment you end the living room and move to the next chapter with Lizzy).
2. Since the living room is marked as solved with cheats, you will never get these 50 points,
even though you should get them once you have handled all hostages.
Search:
52 B8 11 00 00 00 E8 15 77 01 00 89 C2 B8 1D 00 00 00 E8 09 77 01 00 85
D2 74 23 85 C0 74 1F 8B 15 8C C9 04 00 85 D2 7C 0E A1 90 C9 04 00 01 D0
C6 80 40 01 00 00 02 B8 01 00 00 00 5A C3 31 C0 5A C3 8D 80 00 00 00 00
8D 92 00 00 00 00 8B C0
Replace:
52 B8 11 00 00 00 E8 15 77 01 00 89 C2 B8 1D 00 00 00 E8 09 77 01 00 85
D2 74 28 85 C0 74 24 8B 15 8C C9 04 00 85 D2 7C 13 A1 90 C9 04 00 83 FA
02 74 09 01 D0 C6 80 40 01 00 00 02 B8 01 00 00 00 5A C3 31 C0 5A C3 90
8D 92 00 00 00 00 8B C0
_check_cheat proc near ; returns 1 for "solved" or 0 for "not solved"
0: 52 push edx
1: b8 11 00 00 00 mov eax,0x11 ; "W" scan code
6: e8 15 77 01 00 call 0x17720
b: 89 c2 mov edx,eax
d: b8 1d 00 00 00 mov eax,0x1d ; Left Ctrl scan code
12: e8 09 77 01 00 call 0x17720
17: 85 d2 test edx,edx
19: 74 28 je 0x43
1b: 85 c0 test eax,eax
1d: 74 24 je 0x43
1f: 8b 15 8c c9 04 00 mov edx,DWORD PTR ds:0x4c98c ; 0x4c98c = current room or puzzle ID !!must stay at exactly this code offset (due to relocations)!!
25: 85 d2 test edx,edx
27: 7c 13 jl 0x3c
29: a1 90 c9 04 00 mov eax,ds:0x4c990 ; 0x4c990 = address to the savestate structure !!must stay at exactly this code offset (due to relocations)!!
2e: 83 fa 02 cmp edx,0x2 ; Patch added by Daniel Marschall
31: 74 09 je 0x3c ; Patch added by Daniel Marschall
33: 01 d0 add eax,edx
35: c6 80 40 01 00 00 02 mov BYTE PTR [eax+0x140],0x2 ; set state 2 = solved with cheats
3c: b8 01 00 00 00 mov eax,0x1
41: 5a pop edx
42: c3 ret
43: 31 c0 xor eax,eax
45: 5a pop edx
46: c3 ret
47: 90 nop ; Padding for alignment
48: 8d 92 00 00 00 00 lea edx,[edx+0x0] ; Padding for alignment
4e: 8b c0 mov eax,eax ; Padding for alignment
_check_cheat endp
BUGFIX #2: Switch room/Helicopter movements bug (included in my my patch)
===============================================
Like the TV game and the Concentration game, the switch room and the helicopter room
don't have a room/puzzle number assigned and therefore should not be written into the savegame file.
When you move inside a room, the game will update the movements counter for the room
the player is currently in. However, the switch room and the helicopter room did not
set the internal room number to "-1" (meaning the player is currently doing nothing score-relevant,
like the TV game or the Concentration game). Therefore, the attribute "movements" will be updated
on the last known puzzle/room!
Examples:
* When you enter the helicopter after playing the template game, your movements in the
helicopter will be added to the template game. The template game is a puzzle and should not
have movements!
* When you restart the game and then load the helicopter room from a savestate, the
internal room number will be "0" (hospital). Therefore, if you move in the helicopter,
your movement counter for the hospital room will be affected.
* When you played the last hostage game (thermal maze, mercury game or grid game),
and then process to the switch room, then the movements in the switchroom will be added
to the last played puzzle! This might affect score on that puzzle.
Note: I have verified that puzzles won't be affected by the movement-counter and rooms
are not affected by the timer. So in a normal gameplay, this bug should not have an effect.
However, if you do restart the game and then load a switch room or helicopter savegame,
then your movements in that room will be added to your hospital room movements,
and therefore you might lose your 20 points for the hospital room, if you move too often.
Search:
8D 80 00 00 00 00 52 8B 15 8C C9 04 00 85 D2 7C 0C A1 90 C9 04 00 FF 84
90 A0 00 00 00 31 C0 5A C3 8D 40 00 8B C9 53 51 56 57 89 C7 89 D6 BA 14
BB 02 00 B8 18 BB 02 00 E8 3C 6B 01 00 89 C1 85 C0 0F 84 8E 00 00 00 BB
E8 12 00 00 BA A0 B2 04 00 E8 E0 6B 01 00 3D E8 12 00 00 74 31 BB A0 B2
04 00 31 D2 8B C0 89 D8 83 C2 24 E8 76 0E 00 00 30 E4 88 A2 C4 B0 04 00
31 C0 81 C3 E4 01 00 00 89 82 E4 B0 04 00 81 FA 68 01 00 00 75 D8 BB 68
01 00 00 BA E8 B0 04 00 89 C8 E8 97 6B 01 00 3D 68 01 00 00 74 26 31 C0
31 D2 8D 80 00 00 00 00 8D 92 00 00 00 00 83 C0 24 88 90 C4 B0 04 00 89
90 E4 B0 04 00 3D 68 01 00 00 75 EA 89 C8 E8 CA 74 01 00 EB 47 BA A0 B2
04 00 8D 9A E8 12 00 00 8D 80 00 00 00 00 89 D0 81 C2 E4 01 00 00 E8 F3
0D 00 00 39 DA 75 EF 31 C0 31 DA 8D 80 00 00 00 00 8D 52 00 8B DB 83 C0
24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 85 F6 7C 40
89 F2 C1 E2 04 29 F2 8D 14 D5 00 00 00 00 01 F2 BB A0 B2 04 00 8D 14 95
00 00 00 00 89 F8 01 D3 31 D2 8D 44 20 00 40 8A 0B 43 42 88 48 FF 81 FA
E4 01 00 00 72 F0 C7 05 58 4B 04 00 03 00 00 00 31 C0 5F 5E 59 5B C3 8D
80 00 00 00 00 8D 92 00 00 00 00 8D 40 00
Replace:
8d 80 00 00 00 00 52 8b 15 8c c9 04 00 85 d2 7c 11 a1 90 c9 04 00 05 40
01 00 00 e8 47 01 00 00 90 90 31 c0 5a c3 53 51 56 57 89 C7 89 D6 BA 14
BB 02 00 B8 18 BB 02 00 E8 3C 6B 01 00 89 C1 85 C0 0F 84 8E 00 00 00 BB
E8 12 00 00 BA A0 B2 04 00 E8 E0 6B 01 00 3D E8 12 00 00 74 31 BB A0 B2
04 00 31 D2 8B C0 89 D8 83 C2 24 E8 76 0E 00 00 30 E4 88 A2 C4 B0 04 00
31 C0 81 C3 E4 01 00 00 89 82 E4 B0 04 00 81 FA 68 01 00 00 75 D8 BB 68
01 00 00 BA E8 B0 04 00 89 C8 E8 97 6B 01 00 3D 68 01 00 00 74 26 31 C0
31 D2 8D 80 00 00 00 00 8D 92 00 00 00 00 83 C0 24 88 90 C4 B0 04 00 89
90 E4 B0 04 00 3D 68 01 00 00 75 EA 89 C8 E8 CA 74 01 00 EB 47 BA A0 B2
04 00 8D 9A E8 12 00 00 8D 80 00 00 00 00 89 D0 81 C2 E4 01 00 00 E8 F3
0D 00 00 39 DA 75 EF 31 C0 31 DA 8D 80 00 00 00 00 8D 52 00 8B DB 83 C0
24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 85 F6 7C 40
89 F2 C1 E2 04 29 F2 8D 14 D5 00 00 00 00 01 F2 BB A0 B2 04 00 8D 14 95
00 00 00 00 89 F8 01 D3 31 D2 8D 44 20 00 40 8A 0B 43 42 88 48 FF 81 FA
E4 01 00 00 72 F0 C7 05 58 4B 04 00 03 00 00 00 31 C0 5F 5E 59 5B C3 f4
80 3c 10 01 75 07 ff 84 90 60 ff ff ff c3
0: 8d 80 00 00 00 00 lea eax,[eax+0x0]
6: 52 push edx
7: 8b 15 8c c9 04 00 mov edx,DWORD PTR ds:0x4c98c
d: 85 d2 test edx,edx
f: 7c 11 jl 0x22
11: a1 90 c9 04 00 mov eax,ds:0x4c990
16: 05 40 01 00 00 add eax,0x140 ; Patched by Daniel Marschall:
1b: e8 47 01 00 00 call 0x167 ; This code area did just contain
20: 90 nop ; inc DWORD PTR [eax+edx*4+0xa0]
21: 90 nop ; We split data into a code gap to extend functionality
22: 31 c0 xor eax,eax
24: 5a pop edx
25: c3 ret
26: 53 push ebx
27: 51 push ecx
28: 56 push esi
29: 57 push edi
2a: 89 c7 mov edi,eax
2c: 89 d6 mov esi,edx
2e: ba 14 bb 02 00 mov edx,0x2bb14
33: b8 18 bb 02 00 mov eax,0x2bb18
38: e8 3c 6b 01 00 call 0x16b79
3d: 89 c1 mov ecx,eax
3f: 85 c0 test eax,eax
41: 0f 84 8e 00 00 00 je 0xd5
47: bb e8 12 00 00 mov ebx,0x12e8
4c: ba a0 b2 04 00 mov edx,0x4b2a0
51: e8 e0 6b 01 00 call 0x16c36
56: 3d e8 12 00 00 cmp eax,0x12e8
5b: 74 31 je 0x8e
5d: bb a0 b2 04 00 mov ebx,0x4b2a0
62: 31 d2 xor edx,edx
64: 8b c0 mov eax,eax
66: 89 d8 mov eax,ebx
68: 83 c2 24 add edx,0x24
6b: e8 76 0e 00 00 call 0xee6
70: 30 e4 xor ah,ah
72: 88 a2 c4 b0 04 00 mov BYTE PTR [edx+0x4b0c4],ah
78: 31 c0 xor eax,eax
7a: 81 c3 e4 01 00 00 add ebx,0x1e4
80: 89 82 e4 b0 04 00 mov DWORD PTR [edx+0x4b0e4],eax
86: 81 fa 68 01 00 00 cmp edx,0x168
8c: 75 d8 jne 0x66
8e: bb 68 01 00 00 mov ebx,0x168
93: ba e8 b0 04 00 mov edx,0x4b0e8
98: 89 c8 mov eax,ecx
9a: e8 97 6b 01 00 call 0x16c36
9f: 3d 68 01 00 00 cmp eax,0x168
a4: 74 26 je 0xcc
a6: 31 c0 xor eax,eax
a8: 31 d2 xor edx,edx
aa: 8d 80 00 00 00 00 lea eax,[eax+0x0]
b0: 8d 92 00 00 00 00 lea edx,[edx+0x0]
b6: 83 c0 24 add eax,0x24
b9: 88 90 c4 b0 04 00 mov BYTE PTR [eax+0x4b0c4],dl
bf: 89 90 e4 b0 04 00 mov DWORD PTR [eax+0x4b0e4],edx
c5: 3d 68 01 00 00 cmp eax,0x168
ca: 75 ea jne 0xb6
cc: 89 c8 mov eax,ecx
ce: e8 ca 74 01 00 call 0x1759d
d3: eb 47 jmp 0x11c
d5: ba a0 b2 04 00 mov edx,0x4b2a0
da: 8d 9a e8 12 00 00 lea ebx,[edx+0x12e8]
e0: 8d 80 00 00 00 00 lea eax,[eax+0x0]
e6: 89 d0 mov eax,edx
e8: 81 c2 e4 01 00 00 add edx,0x1e4
ee: e8 f3 0d 00 00 call 0xee6
f3: 39 da cmp edx,ebx
f5: 75 ef jne 0xe6
f7: 31 c0 xor eax,eax
f9: 31 da xor edx,ebx
fb: 8d 80 00 00 00 00 lea eax,[eax+0x0]
101: 8d 52 00 lea edx,[edx+0x0]
104: 8b db mov ebx,ebx
106: 83 c0 24 add eax,0x24
109: 88 90 c4 b0 04 00 mov BYTE PTR [eax+0x4b0c4],dl
10f: 89 90 e4 b0 04 00 mov DWORD PTR [eax+0x4b0e4],edx
115: 3d 68 01 00 00 cmp eax,0x168
11a: 75 ea jne 0x106
11c: 85 f6 test esi,esi
11e: 7c 40 jl 0x160
120: 89 f2 mov edx,esi
122: c1 e2 04 shl edx,0x4
125: 29 f2 sub edx,esi
127: 8d 14 d5 00 00 00 00 lea edx,[edx*8+0x0]
12e: 01 f2 add edx,esi
130: bb a0 b2 04 00 mov ebx,0x4b2a0
135: 8d 14 95 00 00 00 00 lea edx,[edx*4+0x0]
13c: 89 f8 mov eax,edi
13e: 01 d3 add ebx,edx
140: 31 d2 xor edx,edx
142: 8d 44 20 00 lea eax,[eax+eiz*1+0x0]
146: 40 inc eax
147: 8a 0b mov cl,BYTE PTR [ebx]
149: 43 inc ebx
14a: 42 inc edx
14b: 88 48 ff mov BYTE PTR [eax-0x1],cl
14e: 81 fa e4 01 00 00 cmp edx,0x1e4
154: 72 f0 jb 0x146
156: c7 05 58 4b 04 00 03 mov DWORD PTR ds:0x44b58,0x3
15d: 00 00 00
160: 31 c0 xor eax,eax
162: 5f pop edi
163: 5e pop esi
164: 59 pop ecx
165: 5b pop ebx
166: c3 ret
167: f4 hlt ; Patched by Daniel Marschall:
168: 80 3c 10 01 cmp BYTE PTR [eax+edx*1],0x1 ; This code area was previously a padding
16c: 75 07 jne 0x175 ; Before increasing the movement counter
16e: ff 84 90 60 ff ff ff inc DWORD PTR [eax+edx*4-0xa0] ; we check if the room has the status 1 (playing)
175: c3 ret ; otherwise it is impossible to move!
Note: There is another occurence of "inc dword ptr [eax+edx*4+0A0h]" , which is probably never called.
It seems to be in a routine that gets called when you enter/leave the cabinet???
|
|
Please also see my pages for other Imagination Pilots games: Blown Away | Panic in the Park | Waldo at the Circus | Waldo Exploring Geography | Eraser Turnabout | Virtual K'Nex |
|