Jump to content
Sign in to follow this  


Recommended Posts

It looks like SHORT from my POV
006336BF  |> \837D 10 00	CMP DWORD PTR SS:[EBP+10],0


But I can't confirm or deny anything, as (i) most of this is above me, and (ii) I haven't tested anything.



Nope, the 10 should be the byte after BP+

So you got a single byte to work with. You probably can make it unsigned though, if you change the jump opcode.

Share this post

Link to post

The 0x10 specifies the [EBP+10] in the instruction, so you only want to change the BYTE at 0x2336C8.


Probably better to PATCH_IF (BYTE_AT 0x2336C8 = 49) in case someone's executable is a bit funny, or you could be safer and check the entire region for consistency so that people don't try to use it on SoA 23037 or ToB 26499 beta.


Not sure why you would want anything more than the signed byte has to offer. Just looked at the code again, and three-digit prefixes won't work because the string concatenation truncates the index to two digits "SPWI%d%02d".


Not sure if you ever get to level 8 or 9 spells, but there are SPWI853 and SPWI950+.

Edited by Ascension64

Share this post

Link to post
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...