Content for everyone
Technical stuff
Links
YouTube Videos
|
Bugfixes for score related bugsGeneral information about scoring --------------------------------- There are 3 kinds of scores: - Points for collecting items or performing actions (e.g. handcuffing a criminal). - Points for absolving a room or chapter (e.g. when you walk to the doorlock in the hospital, you have absolved the room and get rewarded). The score may vary on the number of movements you have done in the room. - Points for solving a puzzle. These points are time-based. If a cheat is applied, you wont get any points. Technical information --------------------- The BLOWNAWY.SAV savegame contains various data about puzzles and rooms. Rooms and puzzles are placed in an ordered list. Each item can be either a puzzle or a room. For puzzles, there the score is time-based. For rooms, the score is based on number of movements. At 0x000 is an int32-array with the information how much time was spent on a puzzle. For rooms, the value is always 0, since there is no time-measurement for rooms. At 0x0A0 is an int32-array with the information how often the player changed the screen in a specific room (walked, looked around etc.). For puzzles, the value is always 0, because you cannot scroll or walk inside a puzzle. At 0x140 is an byte-array with the status of the room or puzzle. 00 = The room was not entered / The puzzle was not played 01 = The room/puzzle is current entered / during play 02 = The puzzle was solved with a cheat 03 = The puzzle was solved by the player. / The room was finished (i.e. you started the last puzzle in the room and won't come back to the room navigation) 04 = The puzzle failed 05 = The puzzle or room cannot be played/entered, because a previous puzzle failed Obviously, you will only get points if the state is 03. In the EXE file, offset approx 0x5e8C4, there is a lookup-table with information how many points the room/puzzle gets and how much time is allowed to get which amount of score etc. (to be analyzed further). Added to your score is field 0x16C in the savegame file, which contains points that were given due to collecting of items, or things you have done: + 10 points for finding knucks at living room + 10 points for finding motorcycle at living room + 10 points for finding carbon paper at living room + 10 points for for finding small missile at living room + 10 points for handcuffing criminal in the tunnel Subtracted are penality points at field 0x16E: - 20 points for hitting a dead wire at thermal maze - 1 point for misplaced chemical at the mercury game - 5 points for wrong tone at the xylophone game - 5 points for each fallen log at the train game Here is the list of all rooms/puzzles that get score: --------------------------------------------------------------------------------------------------------- Offset in savestate file: Index Type Description Score State #Moves TimeSpent Remarks --------------------------------------------------------------------------------------------------------- 0 ROOM Hospital 20 0x140 0xA0 (0x00) 1 PUZZLE 15-door 20 0x141 (0xA4) 0x04 2 ROOM Living room 50 0x142 0xA8 (0x08) see bug notice #1 3 ROOM News agency 30 0x143 0xAC (0x0C) 4 PUZZLE Thermal maze 70 0x144 (0xB0) 0x10 5 ROOM Laboratory Entrance Hall 10 0x145 0xB4 (0x14) 6 ROOM Laboratory Maze 40 0x146 0xB8 (0x18) 7 PUZZLE Laboratory Fuse Game 20 0x147 (0xBC) 0x1C 8 PUZZLE Laboratory Keycard Game 30 0x148 (0xC0) 0x20 9 PUZZLE Laboratory Mercury Game 40 0x149 (0xC4) 0x24 10 ROOM Toystore Entrance Hall 20 0x14A 0xC8 (0x28) 11 ROOM Toystore Sam's Room 10 0x14B 0xCC (0x2C) 12 PUZZLE Toystore Xylophone 20 0x14C (0xD0) 0x30 13 PUZZLE Toystore Train Game 30 0x14D (0xD4) 0x34 14 PUZZLE Toystore Marble Game 30 0x14E (0xD8) 0x38 15 PUZZLE Toystore Grid Game 30 0x14F (0xDC) 0x3C 16 PUZZLE Template Game 30 0x150 (0xE0) 0x40 17 PUZZLE Helicopter Game 1 30 0x151 (0xE4) 0x44 18 PUZZLE Helicopter Game 2 30 0x152 (0xE8) 0x48 19 ROOM Bomb van 20 0x153 0xEC (0x4C) 20 PUZZLE Phone Game 40 0x154 (0xF0) 0x50 21 PUZZLE Detonator 1 20 0x155 (0xF4) 0x54 22 ROOM Tunnel 100 0x156 0xF8 (0x58) 23 PUZZLE 34-door 30 0x157 (0xFC) 0x5C 24 PUZZLE Make-A-Word 30 0x158 (0x100) 0x60 25 PUZZLE Slider door 40 0x159 (0x104) 0x64 26 ROOM Justus's room 10 0x15A 0x108 (0x68) 27 PUZZLE 1357 Nim Game 80 0x15B (0x10C) (0x6C) 28 PUZZLE Detonator 2 20 0x15C (0x110) (0x70) 29 (not assigned) 0x15D (0x114) (0x74) 30 (not assigned) 0x15E (0x118) (0x78) 31 (not assigned) 0x15F (0x11C) (0x7C) 32 (not assigned) 0x160 (0x120) (0x80) 33 (not assigned) 0x161 (0x124) (0x84) 34 (not assigned) 0x162 (0x128) (0x88) 35 (not assigned) 0x163 (0x12C) (0x8C) 36 (not assigned) 0x164 (0x130) (0x90) 37 (not assigned) 0x165 (0x134) (0x94) 38 (not assigned) 0x166 (0x138) (0x98) 39 (not assigned) 0x167 (0x13C) (0x9C) --------------------------------------------------------------------------------------------------------- Sum 950 Bonus points (0x16C): ITEM Motorcycle 10 ITEM Knucks 10 ITEM Carbon Paper 10 ITEM Small missile 10 ACTION Handcuff criminal 10 Penality points (0x16E): ACTION Thermal Maze dead wire (-20) ACTION Mercury Puzzle wrong chemical (- 1) ACTION Xylophone wrong tone (- 5) ACTION Train game falled log (- 5) --------------------------------------------------------------------------------------------------------- Sum 1000 --------------------------------------------------------------------------------------------------------- BUGFIX #1: TV Poker Score Bug (included in my my patch) ============================= When you solve the video poker with a cheat, the room (!) #2 (living room) will get the state "2" (solved with cheats). This has 2 effects: 1. The game now thinks that you have finished the living room (including all hostages), because state "2" means something is solved. So, your maximum points will immediately increase by 50 (they should actually increase in the moment you end the living room and move to the next chapter with Lizzy). 2. Since the living room is marked as solved with cheats, you will never get these 50 points, even though you should get them once you have handled all hostages. Search: 52 B8 11 00 00 00 E8 15 77 01 00 89 C2 B8 1D 00 00 00 E8 09 77 01 00 85 D2 74 23 85 C0 74 1F 8B 15 8C C9 04 00 85 D2 7C 0E A1 90 C9 04 00 01 D0 C6 80 40 01 00 00 02 B8 01 00 00 00 5A C3 31 C0 5A C3 8D 80 00 00 00 00 8D 92 00 00 00 00 8B C0 Replace: 52 B8 11 00 00 00 E8 15 77 01 00 89 C2 B8 1D 00 00 00 E8 09 77 01 00 85 D2 74 28 85 C0 74 24 8B 15 8C C9 04 00 85 D2 7C 13 A1 90 C9 04 00 83 FA 02 74 09 01 D0 C6 80 40 01 00 00 02 B8 01 00 00 00 5A C3 31 C0 5A C3 90 8D 92 00 00 00 00 8B C0 _check_cheat proc near ; returns 1 for "solved" or 0 for "not solved" 0: 52 push edx 1: b8 11 00 00 00 mov eax,0x11 ; "W" scan code 6: e8 15 77 01 00 call 0x17720 b: 89 c2 mov edx,eax d: b8 1d 00 00 00 mov eax,0x1d ; Left Ctrl scan code 12: e8 09 77 01 00 call 0x17720 17: 85 d2 test edx,edx 19: 74 28 je 0x43 1b: 85 c0 test eax,eax 1d: 74 24 je 0x43 1f: 8b 15 8c c9 04 00 mov edx,DWORD PTR ds:0x4c98c ; 0x4c98c = current room or puzzle ID !!must stay at exactly this code offset (due to relocations)!! 25: 85 d2 test edx,edx 27: 7c 13 jl 0x3c 29: a1 90 c9 04 00 mov eax,ds:0x4c990 ; 0x4c990 = address to the savestate structure !!must stay at exactly this code offset (due to relocations)!! 2e: 83 fa 02 cmp edx,0x2 ; Patch added by Daniel Marschall 31: 74 09 je 0x3c ; Patch added by Daniel Marschall 33: 01 d0 add eax,edx 35: c6 80 40 01 00 00 02 mov BYTE PTR [eax+0x140],0x2 ; set state 2 = solved with cheats 3c: b8 01 00 00 00 mov eax,0x1 41: 5a pop edx 42: c3 ret 43: 31 c0 xor eax,eax 45: 5a pop edx 46: c3 ret 47: 90 nop ; Padding for alignment 48: 8d 92 00 00 00 00 lea edx,[edx+0x0] ; Padding for alignment 4e: 8b c0 mov eax,eax ; Padding for alignment _check_cheat endp BUGFIX #2: Switch room/Helicopter movements bug (included in my my patch) =============================================== Like the TV game and the Concentration game, the switch room and the helicopter room don't have a room/puzzle number assigned and therefore should not be written into the savegame file. When you move inside a room, the game will update the moments counter for the room the player is currently in. However, the switch room and the helicopter room did not set the internal room number to "-1" (meaning the player is currently doing nothing score-relevant, like the TV game or the Concentration game). Therefore, the attribute "movements" will be updated on the last known puzzle/room! Examples: * When you enter the helicopter after playing the template game, your movements in the helicopter will be added to the template game. The template game is a puzzle and should not have movements! * When you restart the game and then load the helicopter room from a savestate, the internal room number will be "0" (hospital). Therefore, if you move in the helicopter, your movement counter for the hospital room will be affected. * When you played the last hostage game (thermal maze, mercury game or grid game), and then process to the switch room, then the movements in the switchroom will be added to the last played puzzle! This might affect score on that puzzle. Note: I have verified that puzzles won't be affected by the movement-counter and rooms are not affected by the timer. So in a normal gameplay, this bug should not have an effect. However, if you do restart the game and then load a switch room or helicopter savegame, then your movements in that room will be added to your hospital room movements, and therefore you might lose your 20 points for the hospital room, if you move too often. Search: 8D 80 00 00 00 00 52 8B 15 8C C9 04 00 85 D2 7C 0C A1 90 C9 04 00 FF 84 90 A0 00 00 00 31 C0 5A C3 8D 40 00 8B C9 53 51 56 57 89 C7 89 D6 BA 14 BB 02 00 B8 18 BB 02 00 E8 3C 6B 01 00 89 C1 85 C0 0F 84 8E 00 00 00 BB E8 12 00 00 BA A0 B2 04 00 E8 E0 6B 01 00 3D E8 12 00 00 74 31 BB A0 B2 04 00 31 D2 8B C0 89 D8 83 C2 24 E8 76 0E 00 00 30 E4 88 A2 C4 B0 04 00 31 C0 81 C3 E4 01 00 00 89 82 E4 B0 04 00 81 FA 68 01 00 00 75 D8 BB 68 01 00 00 BA E8 B0 04 00 89 C8 E8 97 6B 01 00 3D 68 01 00 00 74 26 31 C0 31 D2 8D 80 00 00 00 00 8D 92 00 00 00 00 83 C0 24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 89 C8 E8 CA 74 01 00 EB 47 BA A0 B2 04 00 8D 9A E8 12 00 00 8D 80 00 00 00 00 89 D0 81 C2 E4 01 00 00 E8 F3 0D 00 00 39 DA 75 EF 31 C0 31 DA 8D 80 00 00 00 00 8D 52 00 8B DB 83 C0 24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 85 F6 7C 40 89 F2 C1 E2 04 29 F2 8D 14 D5 00 00 00 00 01 F2 BB A0 B2 04 00 8D 14 95 00 00 00 00 89 F8 01 D3 31 D2 8D 44 20 00 40 8A 0B 43 42 88 48 FF 81 FA E4 01 00 00 72 F0 C7 05 58 4B 04 00 03 00 00 00 31 C0 5F 5E 59 5B C3 8D 80 00 00 00 00 8D 92 00 00 00 00 8D 40 00 Replace: 8d 80 00 00 00 00 52 8b 15 8c c9 04 00 85 d2 7c 11 a1 90 c9 04 00 05 40 01 00 00 e8 47 01 00 00 90 90 31 c0 5a c3 53 51 56 57 89 C7 89 D6 BA 14 BB 02 00 B8 18 BB 02 00 E8 3C 6B 01 00 89 C1 85 C0 0F 84 8E 00 00 00 BB E8 12 00 00 BA A0 B2 04 00 E8 E0 6B 01 00 3D E8 12 00 00 74 31 BB A0 B2 04 00 31 D2 8B C0 89 D8 83 C2 24 E8 76 0E 00 00 30 E4 88 A2 C4 B0 04 00 31 C0 81 C3 E4 01 00 00 89 82 E4 B0 04 00 81 FA 68 01 00 00 75 D8 BB 68 01 00 00 BA E8 B0 04 00 89 C8 E8 97 6B 01 00 3D 68 01 00 00 74 26 31 C0 31 D2 8D 80 00 00 00 00 8D 92 00 00 00 00 83 C0 24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 89 C8 E8 CA 74 01 00 EB 47 BA A0 B2 04 00 8D 9A E8 12 00 00 8D 80 00 00 00 00 89 D0 81 C2 E4 01 00 00 E8 F3 0D 00 00 39 DA 75 EF 31 C0 31 DA 8D 80 00 00 00 00 8D 52 00 8B DB 83 C0 24 88 90 C4 B0 04 00 89 90 E4 B0 04 00 3D 68 01 00 00 75 EA 85 F6 7C 40 89 F2 C1 E2 04 29 F2 8D 14 D5 00 00 00 00 01 F2 BB A0 B2 04 00 8D 14 95 00 00 00 00 89 F8 01 D3 31 D2 8D 44 20 00 40 8A 0B 43 42 88 48 FF 81 FA E4 01 00 00 72 F0 C7 05 58 4B 04 00 03 00 00 00 31 C0 5F 5E 59 5B C3 f4 80 3c 10 01 75 07 ff 84 90 60 ff ff ff c3 0: 8d 80 00 00 00 00 lea eax,[eax+0x0] 6: 52 push edx 7: 8b 15 8c c9 04 00 mov edx,DWORD PTR ds:0x4c98c d: 85 d2 test edx,edx f: 7c 11 jl 0x22 11: a1 90 c9 04 00 mov eax,ds:0x4c990 16: 05 40 01 00 00 add eax,0x140 ; Patched by Daniel Marschall: 1b: e8 47 01 00 00 call 0x167 ; This code area did just contain 20: 90 nop ; inc DWORD PTR [eax+edx*4+0xa0] 21: 90 nop ; We split data into a code gap to extend functionality 22: 31 c0 xor eax,eax 24: 5a pop edx 25: c3 ret 26: 53 push ebx 27: 51 push ecx 28: 56 push esi 29: 57 push edi 2a: 89 c7 mov edi,eax 2c: 89 d6 mov esi,edx 2e: ba 14 bb 02 00 mov edx,0x2bb14 33: b8 18 bb 02 00 mov eax,0x2bb18 38: e8 3c 6b 01 00 call 0x16b79 3d: 89 c1 mov ecx,eax 3f: 85 c0 test eax,eax 41: 0f 84 8e 00 00 00 je 0xd5 47: bb e8 12 00 00 mov ebx,0x12e8 4c: ba a0 b2 04 00 mov edx,0x4b2a0 51: e8 e0 6b 01 00 call 0x16c36 56: 3d e8 12 00 00 cmp eax,0x12e8 5b: 74 31 je 0x8e 5d: bb a0 b2 04 00 mov ebx,0x4b2a0 62: 31 d2 xor edx,edx 64: 8b c0 mov eax,eax 66: 89 d8 mov eax,ebx 68: 83 c2 24 add edx,0x24 6b: e8 76 0e 00 00 call 0xee6 70: 30 e4 xor ah,ah 72: 88 a2 c4 b0 04 00 mov BYTE PTR [edx+0x4b0c4],ah 78: 31 c0 xor eax,eax 7a: 81 c3 e4 01 00 00 add ebx,0x1e4 80: 89 82 e4 b0 04 00 mov DWORD PTR [edx+0x4b0e4],eax 86: 81 fa 68 01 00 00 cmp edx,0x168 8c: 75 d8 jne 0x66 8e: bb 68 01 00 00 mov ebx,0x168 93: ba e8 b0 04 00 mov edx,0x4b0e8 98: 89 c8 mov eax,ecx 9a: e8 97 6b 01 00 call 0x16c36 9f: 3d 68 01 00 00 cmp eax,0x168 a4: 74 26 je 0xcc a6: 31 c0 xor eax,eax a8: 31 d2 xor edx,edx aa: 8d 80 00 00 00 00 lea eax,[eax+0x0] b0: 8d 92 00 00 00 00 lea edx,[edx+0x0] b6: 83 c0 24 add eax,0x24 b9: 88 90 c4 b0 04 00 mov BYTE PTR [eax+0x4b0c4],dl bf: 89 90 e4 b0 04 00 mov DWORD PTR [eax+0x4b0e4],edx c5: 3d 68 01 00 00 cmp eax,0x168 ca: 75 ea jne 0xb6 cc: 89 c8 mov eax,ecx ce: e8 ca 74 01 00 call 0x1759d d3: eb 47 jmp 0x11c d5: ba a0 b2 04 00 mov edx,0x4b2a0 da: 8d 9a e8 12 00 00 lea ebx,[edx+0x12e8] e0: 8d 80 00 00 00 00 lea eax,[eax+0x0] e6: 89 d0 mov eax,edx e8: 81 c2 e4 01 00 00 add edx,0x1e4 ee: e8 f3 0d 00 00 call 0xee6 f3: 39 da cmp edx,ebx f5: 75 ef jne 0xe6 f7: 31 c0 xor eax,eax f9: 31 da xor edx,ebx fb: 8d 80 00 00 00 00 lea eax,[eax+0x0] 101: 8d 52 00 lea edx,[edx+0x0] 104: 8b db mov ebx,ebx 106: 83 c0 24 add eax,0x24 109: 88 90 c4 b0 04 00 mov BYTE PTR [eax+0x4b0c4],dl 10f: 89 90 e4 b0 04 00 mov DWORD PTR [eax+0x4b0e4],edx 115: 3d 68 01 00 00 cmp eax,0x168 11a: 75 ea jne 0x106 11c: 85 f6 test esi,esi 11e: 7c 40 jl 0x160 120: 89 f2 mov edx,esi 122: c1 e2 04 shl edx,0x4 125: 29 f2 sub edx,esi 127: 8d 14 d5 00 00 00 00 lea edx,[edx*8+0x0] 12e: 01 f2 add edx,esi 130: bb a0 b2 04 00 mov ebx,0x4b2a0 135: 8d 14 95 00 00 00 00 lea edx,[edx*4+0x0] 13c: 89 f8 mov eax,edi 13e: 01 d3 add ebx,edx 140: 31 d2 xor edx,edx 142: 8d 44 20 00 lea eax,[eax+eiz*1+0x0] 146: 40 inc eax 147: 8a 0b mov cl,BYTE PTR [ebx] 149: 43 inc ebx 14a: 42 inc edx 14b: 88 48 ff mov BYTE PTR [eax-0x1],cl 14e: 81 fa e4 01 00 00 cmp edx,0x1e4 154: 72 f0 jb 0x146 156: c7 05 58 4b 04 00 03 mov DWORD PTR ds:0x44b58,0x3 15d: 00 00 00 160: 31 c0 xor eax,eax 162: 5f pop edi 163: 5e pop esi 164: 59 pop ecx 165: 5b pop ebx 166: c3 ret 167: f4 hlt ; Patched by Daniel Marschall: 168: 80 3c 10 01 cmp BYTE PTR [eax+edx*1],0x1 ; This code area was previously a padding 16c: 75 07 jne 0x175 ; Before increasing the movement counter 16e: ff 84 90 60 ff ff ff inc DWORD PTR [eax+edx*4-0xa0] ; we check if the room has the status 1 (playing) 175: c3 ret ; otherwise it is impossible to move! Note: There is another occurence of "inc dword ptr [eax+edx*4+0A0h]" , which is probably never called. It seems to be in a routine that gets called when you enter/leave the cabinet??? |
|
Please also see my pages for other Imagination Pilots games: Blown Away | Panic in the Park | Waldo at the Circus | Waldo Exploring Geography | Eraser Turnabout | Virtual K'Nex |
|