add th12 everything for bullet-cap

Makefile

@@ -175,6 +175,7 @@ bullet-cap: \
 	$(BULLET_CAP_PATCH)/global.js \
 	$(BULLET_CAP_PATCH)/$(TH10_VER).js \
 	$(BULLET_CAP_PATCH)/$(TH11_VER).js \
+	$(BULLET_CAP_PATCH)/$(TH12_VER).js \
 
 $(BULLET_CAP_PATCH)/global.yaml: $(BULLET_CAP_PATCH)/global.asm
 	@echo "# this yaml file is auto-generated" >$@
@@ -201,6 +202,7 @@ debug-counters: \
 	$(DEBUG_COUNTERS_PATCH)/global.js \
 	$(DEBUG_COUNTERS_PATCH)/$(TH10_VER).js \
 	$(DEBUG_COUNTERS_PATCH)/$(TH11_VER).js \
+	$(DEBUG_COUNTERS_PATCH)/$(TH12_VER).js \
 
 $(DEBUG_COUNTERS_PATCH)/global.yaml: $(DEBUG_COUNTERS_PATCH)/global.asm
 	@echo "# this yaml file is auto-generated" >$@
@@ -227,7 +229,8 @@ SPRITE_DEATH_PATCH=$(REPO)/sprite_death_fix
 sprite-death-fix: \
 	$(SPRITE_DEATH_PATCH)/$(TH10_VER).js \
 	$(SPRITE_DEATH_PATCH)/$(TH11_VER).js \
+	$(SPRITE_DEATH_PATCH)/$(TH12_VER).js \
 
-$(SPRITE_DEATH_PATCH)/th%.js: $(SPRITE_DEATH_PATCH)/th%.yaml
-	scripts/convert-yaml.py $^ >$@
+$(SPRITE_DEATH_PATCH)/th%.js: $(SPRITE_DEATH_PATCH)/binhacks.yaml
+	scripts/convert-yaml.py $^ >$@ --cfg $$(echo "$(@F)" | cut -f1 -d.)
 

patches/bullet_cap/binhacks.asm

@@ -14,8 +14,13 @@
 %include "util.asm"
 %include "common.asm"
 
-; An innocuous place in the function that starts the game thread.
-; 0x420ec8
+; ==========================================
+; There aren't many places that are guaranteed to run exactly once,
+; so to avoid contention with other patches we choose an innocuous place
+; in the function that starts the game thread, and simply make our
+; changes idempotent.
+
+; 0x420ec8  (e883b20200)
 install_10:  ; HEADER: AUTO
     call initialize  ; REWRITE: [codecave:AUTO]
 
@@ -24,30 +29,49 @@ install_10:  ; HEADER: AUTO
     call  eax
     abs_jmp_hack 0x420ecd
 
-install_11:  ; 0x42a51e
+; 0x42a51e  (be703a4c00)
+install_11:  ; HEADER: AUTO
     call initialize  ; REWRITE: [codecave:AUTO]
 
     ; original code
     mov   esi, 0x4c3a70
     abs_jmp_hack 0x42a523
 
+; 0x43051e  (bed8f04c00)
+install_12:  ; HEADER: AUTO
+    call initialize  ; REWRITE: [codecave:AUTO]
+
+    ; original code
+    mov   esi, 0x4cf0d8
+    abs_jmp_hack 0x430523
+
+; ==========================================
+; Patch for where games without cancel item freelists increment the next index.
+;
 ; Due to the compiler optimizing this check into a bitwise operation,
 ; we can't use the same value-substituting machinery we use for everything else.
 
-; 0x41bdf9
+; 0x41bdf9  (4281e2ff070080)
 fix_next_cancel_10:  ; HEADER: AUTO
     push edx
     call next_cancel_index  ; REWRITE: [codecave:AUTO]
     mov  edx, eax
     abs_jmp_hack 0x41be0a
 
-; 0x42454d
+; 0x42454d  (4181e1ff070080)
 fix_next_cancel_11:  ; HEADER: AUTO
     push ecx
     call next_cancel_index  ; REWRITE: [codecave:AUTO]
     mov  ecx, eax
     abs_jmp_hack 0x42455e
 
+; 0x427859  (4281e2ff070080)
+fix_next_cancel_12:  ; HEADER: AUTO
+    push edx
+    call next_cancel_index  ; REWRITE: [codecave:AUTO]
+    mov  edx, eax
+    abs_jmp_hack 0x42786a
+
 ; defined in global.yaml  ; DELETE
 initialize:  ; DELETE
 next_cancel_index:  ; DELETE

patches/bullet_cap/binhacks.yaml

@@ -27,7 +27,20 @@ binhacks:
         - "C7042423A54200    " # mov dword [esp], %1
         - "C3                " # ret
 
-  /fields-if(any(th10, th11)):
+    /fields-if(th12):
+      addr: "0x43051e"
+      expected: "bed8f04c00"
+      codecave:
+        - "E8[codecave:ExpHP.bullet-cap.initialize]" # call initialize
+
+        # original code
+        - "BED8F04C00        " # mov   esi, 0x4cf0d8
+        # abs_jmp_hack 0x430523
+        - "E800000000        " # call %%next
+        - "C7042423054300    " # mov dword [esp], %1
+        - "C3                " # ret
+
+  /fields-if(any(th10, th11, th12)):
     ExpHP.bullet-cap.fix-next-cancel:
       /fields-if(th10):
         addr: "0x41bdf9"
@@ -52,3 +65,27 @@ binhacks:
           - "E800000000        " # call %%next
           - "C704245E454200    " # mov dword [esp], %1
           - "C3                " # ret
+
+      /fields-if(th12):
+        addr: "0x427859"
+        expected: "4281e2ff070080"
+        codecave:
+          - "52                " # push edx
+          - "E8[codecave:ExpHP.bullet-cap.next-cancel-index]" # call next_cancel_index
+          - "89C2              " # mov  edx, eax
+          # abs_jmp_hack 0x42786a
+          - "E800000000        " # call %%next
+          - "C704246A784200    " # mov dword [esp], %1
+          - "C3                " # ret
+
+  # UFO actually has a bug in some of its loops over items where it misses the
+  # last 16 cancel items because he forgot to include UFOs in the iteration count.
+  #
+  # Fix these now so that they get picked up by our search and replace.
+  /fields-if(th12):
+    ExpHP.bullet-cap.fix-ufo-item-bugs:
+      addr:
+        - "0x427243"  # ItemManager::on_draw
+        - "0x427b5d"  # involves PLAYER, seems to be dead code though
+      expected: "580a0000"
+      code: "680a0000"

patches/bullet_cap/th10.v1.00a.asm

@@ -98,7 +98,3 @@ iat_funcs:  ; HEADER: ExpHP.bullet-cap.iat-funcs
 .GetModuleHandleA: dd 0x466198
 .GetModuleHandleW: dd 0
 .GetProcAddress: dd 0x466158
-
-; defined in global.yaml
-initialize:
-next_cancel_index:

patches/bullet_cap/th11.v1.00a.asm

@@ -95,6 +95,3 @@ iat_funcs:  ; HEADER: ExpHP.bullet-cap.iat-funcs
 .GetModuleHandleA: dd 0
 .GetModuleHandleW: dd 0x48b174
 .GetProcAddress: dd 0x48b170
-
-; defined in global.yaml
-initialize:

patches/bullet_cap/th12.v1.00b.asm

@@ -0,0 +1,103 @@
+; AUTO_PREFIX: ExpHP.bullet-cap.
+
+%include "util.asm"
+%include "common.asm"
+
+; Address range spanned by .text
+address_range:  ; HEADER: AUTO
+    dd 0x401000
+    dd 0x497ad5
+
+bullet_replacements:  ; HEADER: AUTO
+istruc ListHeader
+    at ListHeader.old_cap, dd 0x7d0
+    at ListHeader.elem_size, dd 0x9f8
+iend
+    dd 0x7d0
+    dd SCALE_1
+    dd BLACKLIST_BEGIN
+    dd 0x41ec14 - 4  ; in Gui::on_tick
+    dd 0x464867 - 4  ; weird, possibly unused function
+    dd 0x478506 + 2  ; coincidental appearance in a jump
+    dd BLACKLIST_END
+
+    dd 0x7d1
+    dd SCALE_1
+    dd REPLACE_ALL
+
+    dd 0x4de716  ; offset of dummy bullet state
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd 0x4debdc  ; offset of bullet.anm
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd 0x4debe0  ; size of bullet manager
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd 0x4deb78  ; size of bullet array
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd LIST_END
+
+laser_replacements:  ; HEADER: AUTO
+istruc ListHeader
+    at ListHeader.old_cap, dd 0x100
+    at ListHeader.elem_size, dd 0
+iend
+    dd 0x100
+    dd SCALE_1
+    dd WHITELIST_BEGIN
+    ; This sucker got inlined but we can just look at the crossrefs of LaserLine::constructor.
+    dd 0x428461 - 4
+    dd 0x41bc4c - 4
+    dd 0x42a164 - 4
+    dd 0x42a766 - 4
+    dd 0x42b6c6 - 4
+    dd 0x42bd07 - 4
+    dd WHITELIST_END
+    dd LIST_END
+
+cancel_replacements:  ; HEADER: AUTO
+istruc ListHeader
+    at ListHeader.old_cap, dd 0x800
+    at ListHeader.elem_size, dd 0x9d8
+iend
+    dd 0xa68  ; array size (includes non-cancel items)
+    dd SCALE_1
+    dd BLACKLIST_BEGIN
+    dd 0x429b2a - 4  ; reading a field from a laser
+    dd 0x435a04 - 4  ; Player::constructor
+    dd BLACKLIST_END
+
+    ; offsets of fields after array
+    dd 0x666fd4  ; num items alive
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+    dd 0x666fd8  ; next cancel item index
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+    dd 0x666fdc  ; num cancel items spawned this frame
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+    dd 0x666fe0  ; num ufos spawned during this stage
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+    dd 0x666fe4  ; ItemManager size
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd 0x666fc0  ; array size
+    dd SCALE_SIZE
+    dd REPLACE_ALL
+
+    dd LIST_END
+
+iat_funcs:  ; HEADER: ExpHP.bullet-cap.iat-funcs
+.GetLastError: dd 0x4980e4
+.GetModuleHandleA: dd 0
+.GetModuleHandleW: dd 0x498174
+.GetProcAddress: dd 0x498170

patches/bullet_cap/th12.v1.00b.js

@@ -0,0 +1,32 @@
+{
+    "COMMENT": "This file is autogenerated.  Please do not edit it directly.  See the convert-yaml.py script.",
+    "codecaves": {
+        "ExpHP.bullet-cap.address-range": "00104000 // D57A4900",
+        "ExpHP.bullet-cap.bullet-replacements": "D0070000 // F8090000 // D0070000 // 00000000 // FFFFFFFF // 10EC4100 // 63484600 // 08854700 // 00000000 // D1070000 // 00000000 // FFFFFFFF00000000 // 16E74D00 // 01000000 // FFFFFFFF00000000 // DCEB4D00 // 01000000 // FFFFFFFF00000000 // E0EB4D00 // 01000000 // FFFFFFFF00000000 // 78EB4D00 // 01000000 // FFFFFFFF00000000 // 00000000",
+        "ExpHP.bullet-cap.laser-replacements": "00010000 // 00000000 // 00010000 // 00000000 // 01000000 // 5D844200 // 48BC4100 // 60A14200 // 62A74200 // C2B64200 // 03BD4200 // 00000000 // 00000000",
+        "ExpHP.bullet-cap.cancel-replacements": "00080000 // D8090000 // 680A0000 // 00000000 // FFFFFFFF // 269B4200 // 005A4300 // 00000000 // D46F6600 // 01000000 // FFFFFFFF00000000 // D86F6600 // 01000000 // FFFFFFFF00000000 // DC6F6600 // 01000000 // FFFFFFFF00000000 // E06F6600 // 01000000 // FFFFFFFF00000000 // E46F6600 // 01000000 // FFFFFFFF00000000 // C06F6600 // 01000000 // FFFFFFFF00000000 // 00000000",
+        "ExpHP.bullet-cap.iat-funcs": "E4804900 // 00000000 // 74814900 // 70814900",
+        "of(ExpHP.bullet-cap.install)": "E8[codecave:ExpHP.bullet-cap.initialize] // BED8F04C00 // E800000000 // C7042423054300 // C3",
+        "of(ExpHP.bullet-cap.fix-next-cancel)": "52 // E8[codecave:ExpHP.bullet-cap.next-cancel-index] // 89C2 // E800000000 // C704246A784200 // C3"
+    },
+    "binhacks": {
+        "ExpHP.bullet-cap.install": {
+            "addr": "0x43051e",
+            "expected": "bed8f04c00",
+            "code": "E9 [codecave:of(ExpHP.bullet-cap.install)]"
+        },
+        "ExpHP.bullet-cap.fix-next-cancel": {
+            "addr": "0x427859",
+            "expected": "4281e2ff070080",
+            "code": "E9 [codecave:of(ExpHP.bullet-cap.fix-next-cancel)] // CCCC"
+        },
+        "ExpHP.bullet-cap.fix-ufo-item-bugs": {
+            "addr": [
+                "0x427243",
+                "0x427b5d"
+            ],
+            "expected": "580a0000",
+            "code": "680a0000"
+        }
+    }
+}

patches/debug_counters/.gitignore

@@ -1,2 +1 @@
 global.yaml
-th*.yaml

patches/debug_counters/th10.v1.00a.asm

@@ -50,7 +50,7 @@ istruc ArraySpec
     at ArraySpec.struct_ptr, dd 0x477818
     at ArraySpec.length_is_addr, dd 0
     at ArraySpec.length_correction, dd 0
-    at ArraySpec.array_length, dd 0x96
+    at ArraySpec.array_length, dd 150
     at ArraySpec.array_offset, dd 0x14
     at ArraySpec.field_offset, dd 0x3dc
     at ArraySpec.stride, dd 0x3f0
@@ -61,7 +61,7 @@ cancel_item_data:  ; HEADER: AUTO
 istruc ArraySpec
     at ArraySpec.struct_ptr, dd 0x477818
     at ArraySpec.length_is_addr, dd 1
-    at ArraySpec.length_correction, dd -0x96 ; true cancel item cap never appears in code
+    at ArraySpec.length_correction, dd -150 ; true cancel item cap never appears in code
     at ArraySpec.array_length, dd 0x41af16 - 4
     at ArraySpec.array_offset, dd 0x24eb4
     at ArraySpec.field_offset, dd 0x3dc

patches/debug_counters/th11.v1.00a.asm

@@ -51,7 +51,7 @@ istruc ArraySpec
     at ArraySpec.struct_ptr, dd 0x4a8e90
     at ArraySpec.length_is_addr, dd 0
     at ArraySpec.length_correction, dd 0
-    at ArraySpec.array_length, dd 0x96
+    at ArraySpec.array_length, dd 150
     at ArraySpec.array_offset, dd 0x14
     at ArraySpec.field_offset, dd 0x464
     at ArraySpec.stride, dd 0x478
@@ -62,7 +62,7 @@ cancel_item_data:  ; HEADER: AUTO
 istruc ArraySpec
     at ArraySpec.struct_ptr, dd 0x4a8e90
     at ArraySpec.length_is_addr, dd 1
-    at ArraySpec.length_correction, dd -0x96 ; true cancel item cap never appears in code
+    at ArraySpec.length_correction, dd -150 ; true cancel item cap never appears in code
     at ArraySpec.array_length, dd 0x423490 - 4
     at ArraySpec.array_offset, dd 0x29e64
     at ArraySpec.field_offset, dd 0x464