SPELLS.2da

[Avenger]

It looks like SHORT from my POV

006336BF  |> \837D 10 00	CMP DWORD PTR SS:[EBP+10],0

 

But I can't confirm or deny anything, as (i) most of this is above me, and (ii) I haven't tested anything.

 

-Galactygon

Nope, the 10 should be the byte after BP+

So you got a single byte to work with. You probably can make it unsigned though, if you change the jump opcode.

[Ascension64]

The 0x10 specifies the [EBP+10] in the instruction, so you only want to change the BYTE at 0x2336C8.

 

Probably better to PATCH_IF (BYTE_AT 0x2336C8 = 49) in case someone's executable is a bit funny, or you could be safer and check the entire region for consistency so that people don't try to use it on SoA 23037 or ToB 26499 beta.

 

Not sure why you would want anything more than the signed byte has to offer. Just looked at the code again, and three-digit prefixes won't work because the string concatenation truncates the index to two digits "SPWI%d%02d".

 

Not sure if you ever get to level 8 or 9 spells, but there are SPWI853 and SPWI950+.