NPC Hacking

~ Sticky ~

 

Help, please!
My code is working fine... At the start...
The Critter moves up and moves down, but only once, why? D:

 mov edx,[ebp+0008]
mov eax,[edx+0074]
cmp eax,0x00
je A
cmp eax,0x01
je B
cmp eax,0x02
je C
jmp D
A mov edx,[ebp+0008]
mov ecx,[ebp-0030]
mov [edx+0054],ecx
mov ecx,[ebp-002C]
mov [edx+0058],ecx
mov ecx,[ebp-0028]
mov [edx+005C],ecx
mov ecx,[ebp-0024]
mov [edx+0060],ecx
add eax,0x01
mov [edx+0074],eax
xor eax,eax
mov [edx+0014],0xFFFFFD00
jmp D
B mov ecx,[edx+0014]
add ecx,0x10
mov [edx+0014],ecx
mov ebx,[edx+0078]
cmp ebx,0xFF
jne D
xor ebx,ebx
add eax,0x01
mov [edx+0074],eax
mov [edx+0014],0x00000300
jmp D
C mov ecx,[edx+0014]
sub ecx,0x10
mov [edx+0014],ecx
mov ebx,[edx+0078]
cmp ebx,0xFF
jne D
xor ebx,ebx
sub eax,0x01
mov [edx+0074],eax
mov [edx+0014],0xFFFFFD00
jmp D
D mov ebx,[edx+0078]
add ebx,0x01
mov [edx+0078],ebx
mov edx,[ebp+0008]
mov ecx,[edx+000C]
mov ebx,[edx+0014]
add ecx,ebx
mov [edx+000C],ecx
mov edx,[ebp+0008]
mov ecx,[edx+0068]
shl ecx,0x04
lea eax,[ebp+ecx-60]

 

I'm a little short on time (it's 2:30 am and I work tomorrow) but you should pay a bit more attention to your code. For instance, you clear ebx a few times for no reason. Or you jump to D when it's exactly 1 instruction away.

Also, don't use ebx. That register is reserved for memory addressing stuff and you will introduce some very weird bugs if you use it without knowing what you're doing. Replacing it will probably fix your problem.

 

For instance, you clear ebx a few times for no reason.

Yes of course, to set the ScriptTimer back to Zero To let it count to 0xFF again and then switch states.

Or you jump to D when it's exactly 1 instruction away.

Fixed.

Also, don't use ebx.

Fixed.

I completly deleted the ScriptTimer now.
Seems like you can't set it to zero/clear it/subtract it.

  mov edx,[ebp+0008]
mov eax,[edx+0074]
cmp eax,0x00
je A
cmp eax,0x01
je B
cmp eax,0x02
je C
jmp D
A mov edx,[ebp+0008]
mov ecx,[ebp-0030]
mov [edx+0054],ecx
mov ecx,[ebp-002C]
mov [edx+0058],ecx
mov ecx,[ebp-0028]
mov [edx+005C],ecx
mov ecx,[ebp-0024]
mov [edx+0060],ecx
inc eax
mov [edx+0074],eax
xor eax,eax
mov [edx+0014],0xFFFFFD00
jmp D
B mov ecx,[edx+0014]
add ecx,0x10
mov [edx+0014],ecx
cmp ecx,0x00000000
jne D
inc eax
mov [edx+0074],eax
mov [edx+0014],0x00000300
jmp D
C mov ecx,[edx+0014]
sub ecx,0x10
mov [edx+0014],ecx
cmp ecx,0x00000000
jne D
sub eax,0x01
mov [edx+0074],eax
mov [edx+0014],0xFFFFFD00
D mov edx,[ebp+0008]
mov ecx,[edx+000C]
mov eax,[edx+0014]
add ecx,eax
mov [edx+000C],ecx
xor eax,eax
mov edx,[ebp+0008]
mov ecx,[edx+0068]
shl ecx,0x04
lea eax,[ebp+ecx-60]

 

Well, your ebx gets overwritten, so like I said you're clearing it for nothing.

D mov ebx,[edx+0078]
add ebx,0x01
mov [edx+0078],ebx

Right here, you reload the timer into ebx, overwriting whatever value you put into it before.

You should follow manually where your code goes in all 3 states and see what happens. Simply writing the code isn't enough - you also have to understand what it does.

 

That's the old code, and it was for increasing the ScriptTimer
Before I just forget to update the ScriptTimer after clearing EBX.
Anyway, you can't clear it.

 

Anyway, you can't clear it.

Sure you can. Data is data, whatever it's used for.

mov edx,[ebp+0008]
mov eax,[edx+0078]
xor eax,eax
mov [edx+0078],eax

The danger with keeping data in a register for a long time is that you might forget what you're doing to it. In your old code, that's what happened: you would clear ebx (which contained the timer), but later reload the timer's value into it (so it's no longer cleared), added 1 to that, and loaded it back into [edx+0078]. This only resulted in it incrementing by 1, not clearing.

 

I inserted the clearing later. But it still didn't work.

 

I inserted the clearing later. But it still didn't work.

Post some code and we'll see what went wrong...

Edit

42B42C 8B 45 08					mov eax,[ebp+0008]
42B42F C7 40 78 00 00 00 00			mov [eax+0078],00000000

Pretty much the first timer-based NPC I stumbled on. The elevator resets it in order to continue moving after it switches "floors".

 

Post some code and we'll see what went wrong...

It was this code:

 mov edx,[ebp+0008]
mov eax,[edx+0074]
cmp eax,0x00
je A
cmp eax,0x01
je B
cmp eax,0x02
je C
jmp D
A mov edx,[ebp+0008]
mov ecx,[ebp-0030]
mov [edx+0054],ecx
mov ecx,[ebp-002C]
mov [edx+0058],ecx
mov ecx,[ebp-0028]
mov [edx+005C],ecx
mov ecx,[ebp-0024]
mov [edx+0060],ecx
add eax,0x01
mov [edx+0074],eax
xor eax,eax
mov [edx+0014],0xFFFFFD00
jmp D
B mov ecx,[edx+0014]
add ecx,0x10
mov [edx+0014],ecx
mov ebx,[edx+0078]
cmp ebx,0xFF
jne D
xor ebx,ebx
mov [edx+0078],ebx
add eax,0x01
mov [edx+0074],eax
mov [edx+0014],0x00000300
jmp D
C mov ecx,[edx+0014]
sub ecx,0x10
mov [edx+0014],ecx
mov ebx,[edx+0078]
cmp ebx,0xFF
jne D
xor ebx,ebx
mov [edx+0078],ebx
sub eax,0x01
mov [edx+0074],eax
mov [edx+0014],0xFFFFFD00
jmp D
D mov ebx,[edx+0078]
add ebx,0x01
mov [edx+0078],ebx
mov edx,[ebp+0008]
mov ecx,[edx+000C]
mov ebx,[edx+0014]
add ecx,ebx
mov [edx+000C],ecx
mov edx,[ebp+0008]
mov ecx,[edx+0068]
shl ecx,0x04
lea eax,[ebp+ecx-60]

It works like this:

Start:

Jump to either A, B, C, or D.

A:

Inserting framerects
Set the scriptstate to B
Set the speed
Jump to D

B:

Speed velocity
If ScriptTimer = 255 then set the scriptstate to C
Reset the ScriptTimer
Set the new speed
Jump to D

C:

Speed velocity
If ScriptTimer = 255 then set the scriptstate to B
Reset the ScriptTimer
Set the new speed

D:

Increase the ScriptTimer
Drawing routine

 

I see no reason why that code shouldn't work, unless you've left out some part of it or changed something. >"<

Have a look at the example I posted. It, too, clears that timer at various points.