Confirm Trade Button (EP5x)

[sominus]

Well, this is embarrassing...

But I can't fix the confirm trade button on EP5 game.exe

Been testing with Olly and CE, found what I think is the code, and all I got was the confirm button removed, and the OK button is there, but is somehow 'disabled' (can't click on it).

Also made a lot of other tests which resulted in game crashes.

This is (I think) the code block (unless I'm very wrong) I found:

(warning long code ahead)

 Spoiler

Code:

00511360  /$ 8B4424 04      MOV EAX,DWORD PTR SS:[ESP+4]
00511364  |. 53             PUSH EBX
00511365  |. 56             PUSH ESI
00511366  |. 8BF1           MOV ESI,ECX
00511368  |. 8B4C24 10      MOV ECX,DWORD PTR SS:[ESP+10]
0051136C  |. 894E 08        MOV DWORD PTR DS:[ESI+8],ECX
0051136F  |. 8946 04        MOV DWORD PTR DS:[ESI+4],EAX
00511372  |. A1 D48D8600    MOV EAX,DWORD PTR DS:[868DD4]
00511377  |. 33DB           XOR EBX,EBX
00511379  |. 83F8 0F        CMP EAX,0F
0051137C  |. 68 00020000    PUSH 200
00511381  |. 8D4E 2C        LEA ECX,DWORD PTR DS:[ESI+2C]
00511384  |. 68 00010000    PUSH 100
00511389  |. 75 11          JNZ SHORT gameReta.0051139C
0051138B  |. C786 A4120000 >MOV DWORD PTR DS:[ESI+12A4],1
00511395  |. 68 004A6C00    PUSH gameReta.006C4A00                   ;  ASCII "1on1_battle.tga"
0051139A  |. EB 0B          JMP SHORT gameReta.005113A7
0051139C  |> 899E A4120000  MOV DWORD PTR DS:[ESI+12A4],EBX
005113A2  |. 68 F4496C00    PUSH gameReta.006C49F4                   ;  ASCII "change.tga"
005113A7  |> 68 50CC6B00    PUSH gameReta.006BCC50                   ; |Arg1 = 006BCC50 ASCII "data/interface"
005113AC  |. E8 EF830300    CALL gameReta.005497A0                   ; \gameReta.005497A0
005113B1  |. 6A 20          PUSH 20                                  ; /Arg4 = 00000020
005113B3  |. 68 00020000    PUSH 200                                 ; |Arg3 = 00000200
005113B8  |. 68 D8496C00    PUSH gameReta.006C49D8                   ; |Arg2 = 006C49D8 ASCII "change_submit_button.tga"
005113BD  |. 68 50CC6B00    PUSH gameReta.006BCC50                   ; |Arg1 = 006BCC50 ASCII "data/interface"
005113C2  |. 8D8E 90120000  LEA ECX,DWORD PTR DS:[ESI+1290]          ; |
005113C8  |. E8 D3830300    CALL gameReta.005497A0                   ; \gameReta.005497A0
005113CD     833D D48D8600 >CMP DWORD PTR DS:[868DD4],0F
005113D4  |. 0F84 2A010000  JE gameReta.00511504
005113DA  |. 8B0D D4917100  MOV ECX,DWORD PTR DS:[7191D4]
005113E0  |. 8B11           MOV EDX,DWORD PTR DS:[ECX]
005113E2  |. 6A 4D          PUSH 4D
005113E4  |. FF52 04        CALL DWORD PTR DS:[EDX+4]
005113E7  |. 84C0           TEST AL,AL
005113E9     0F84 15010000  JE gameReta.00511504
005113EF     6A 20          PUSH 20
005113F1     68 00020000    PUSH 200
005113F6  |. 68 BC496C00    PUSH gameReta.006C49BC                   ; |Arg2 = 006C49BC ASCII "change_decision_button.tga"
005113FB  |. 68 50CC6B00    PUSH gameReta.006BCC50                   ; |Arg1 = 006BCC50 ASCII "data/interface"
00511400  |. 8D8E 80120000  LEA ECX,DWORD PTR DS:[ESI+1280]          ; |
00511406  |. E8 95830300    CALL gameReta.005497A0                   ; \gameReta.005497A0
0051140B     53             PUSH EBX
0051140C     68 0000803F    PUSH 3F800000
00511411  |. 53             PUSH EBX
00511412  |. 68 0000803F    PUSH 3F800000
00511417  |. 68 0000403F    PUSH 3F400000
0051141C  |. 68 0000803F    PUSH 3F800000
00511421  |. 53             PUSH EBX
00511422  |. 68 0000403F    PUSH 3F400000
00511427  |. 68 0000003F    PUSH 3F000000
0051142C  |. 68 0000803F    PUSH 3F800000
00511431  |. 53             PUSH EBX
00511432  |. 68 0000403F    PUSH 3F400000
00511437  |. 68 0000003F    PUSH 3F000000
0051143C  |. 68 0000803F    PUSH 3F800000
00511441  |. 53             PUSH EBX
00511442  |. 68 0000003F    PUSH 3F000000
00511447  |. 68 0000803E    PUSH 3E800000
0051144C  |. 68 0000803F    PUSH 3F800000
00511451  |. 53             PUSH EBX
00511452  |. 68 0000803E    PUSH 3E800000
00511457  |. 53             PUSH EBX
00511458     8B46 08        MOV EAX,DWORD PTR DS:[ESI+8]
0051145B  |. 6A 01          PUSH 1
0051145D  |. 8B4E 04        MOV ECX,DWORD PTR DS:[ESI+4]
00511460     6A 20          PUSH 20
00511462  |. 68 00020000    PUSH 200
00511467  |. 68 BC496C00    PUSH gameReta.006C49BC                   ;  ASCII "change_decision_button.tga"
0051146C  |. 53             PUSH EBX
0051146D  |. 6A 1B          PUSH 1B
0051146F  |. 6A 41          PUSH 41
00511471  |. 6A 20          PUSH 20
00511473  |. 68 80000000    PUSH 80
00511478  |. 68 BE010000    PUSH 1BE
0051147D  |. 6A 1C          PUSH 1C
0051147F  |. 50             PUSH EAX
00511480  |. 51             PUSH ECX
00511481  |. 8D8E D0060000  LEA ECX,DWORD PTR DS:[ESI+6D0]
00511487  |. E8 A4730100    CALL gameReta.00528830
0051148C     53             PUSH EBX
0051148D     68 0000803F    PUSH 3F800000
00511492  |. 53             PUSH EBX
00511493  |. 68 0000803F    PUSH 3F800000
00511498  |. 68 0000403F    PUSH 3F400000
0051149D  |. 68 0000803F    PUSH 3F800000
005114A2  |. 53             PUSH EBX
005114A3  |. 68 0000403F    PUSH 3F400000
005114A8  |. 68 0000003F    PUSH 3F000000
005114AD  |. 68 0000803F    PUSH 3F800000
005114B2  |. 53             PUSH EBX
005114B3  |. 68 0000403F    PUSH 3F400000
005114B8  |. 68 0000003F    PUSH 3F000000
005114BD  |. 68 0000803F    PUSH 3F800000
005114C2  |. 53             PUSH EBX
005114C3  |. 68 0000003F    PUSH 3F000000
005114C8  |. 68 0000803E    PUSH 3E800000
005114CD  |. 68 0000803F    PUSH 3F800000
005114D2  |. 53             PUSH EBX
005114D3  |. 68 0000803E    PUSH 3E800000
005114D8  |. 53             PUSH EBX
005114D9  |. 8B56 08        MOV EDX,DWORD PTR DS:[ESI+8]
005114DC  |. 6A 01          PUSH 1
005114DE  |. 8B46 04        MOV EAX,DWORD PTR DS:[ESI+4]
005114E1  |. 6A 20          PUSH 20
005114E3  |. 68 00020000    PUSH 200
005114E8  |. 68 D8496C00    PUSH gameReta.006C49D8                   ;  ASCII "change_submit_button.tga"
005114ED  |. 53             PUSH EBX
005114EE  |. 6A 1B          PUSH 1B
005114F0  |. 6A 41          PUSH 41
005114F2  |. 6A 20          PUSH 20
005114F4  |. 68 80000000    PUSH 80
005114F9  |. 68 BE010000    PUSH 1BE
005114FE     6A 69          PUSH 69
00511500  |. 52             PUSH EDX
00511501  |. 50             PUSH EAX
00511502  |. EB 76          JMP SHORT gameReta.0051157A
00511504     53             PUSH EBX
00511505     68 0000803F    PUSH 3F800000
0051150A     53             PUSH EBX
0051150B     68 0000803F    PUSH 3F800000
00511510     68 0000403F    PUSH 3F400000
00511515     68 0000803F    PUSH 3F800000
0051151A     53             PUSH EBX
0051151B     68 0000403F    PUSH 3F400000
00511520     68 0000003F    PUSH 3F000000
00511525     68 0000803F    PUSH 3F800000
0051152A     53             PUSH EBX
0051152B     68 0000403F    PUSH 3F400000
00511530     68 0000003F    PUSH 3F000000
00511535     68 0000803F    PUSH 3F800000
0051153A     53             PUSH EBX
0051153B     68 0000003F    PUSH 3F000000
00511540     68 0000803E    PUSH 3E800000
00511545     68 0000803F    PUSH 3F800000
0051154A     53             PUSH EBX
0051154B     68 0000803E    PUSH 3E800000
00511550     53             PUSH EBX
00511551     8B4E 08        MOV ECX,DWORD PTR DS:[ESI+8]
00511554     6A 01          PUSH 1
00511556     8B56 04        MOV EDX,DWORD PTR DS:[ESI+4]
00511559  |. 6A 20          PUSH 20
0051155B     68 00020000    PUSH 200
00511560  |. 68 D8496C00    PUSH gameReta.006C49D8                   ;  ASCII "change_submit_button.tga"
00511565  |. 53             PUSH EBX
00511566  |. 6A 1B          PUSH 1B
00511568  |. 6A 41          PUSH 41
0051156A  |. 6A 20          PUSH 20
0051156C  |. 68 80000000    PUSH 80
00511571     68 BE010000    PUSH 1BE
00511576     6A 42          PUSH 42
00511578  |. 51             PUSH ECX
00511579  |. 52             PUSH EDX
0051157A  |> 8D8E F8000000  LEA ECX,DWORD PTR DS:[ESI+F8]
00511580  |. E8 AB720100    CALL gameReta.00528830
00511585     D905 A0B07000  FLD DWORD PTR DS:[70B0A0]
0051158B     53             PUSH EBX
0051158C  |. 53             PUSH EBX
0051158D  |. 53             PUSH EBX
0051158E  |. 53             PUSH EBX
0051158F  |. 53             PUSH EBX
00511590  |. 53             PUSH EBX
00511591  |. 53             PUSH EBX
00511592  |. 53             PUSH EBX
00511593  |. 53             PUSH EBX
00511594  |. 68 0000803F    PUSH 3F800000
00511599  |. 53             PUSH EBX
0051159A  |. 68 0000403F    PUSH 3F400000
0051159F  |. 68 0000003F    PUSH 3F000000
005115A4  |. 68 0000803F    PUSH 3F800000
005115A9  |. 53             PUSH EBX
005115AA  |. 68 0000003F    PUSH 3F000000
005115AF  |. 68 0000803E    PUSH 3E800000
005115B4  |. 68 0000803F    PUSH 3F800000
005115B9  |. 53             PUSH EBX
005115BA  |. 68 0000803E    PUSH 3E800000
005115BF  |. 53             PUSH EBX
005115C0     6A 01          PUSH 1
005115C2  |. 6A 20          PUSH 20
005115C4  |. 68 80000000    PUSH 80
005115C9  |. 68 74E16B00    PUSH gameReta.006BE174                   ;  ASCII "talk1_close_button.tga"
005115CE  |. 53             PUSH EBX
005115CF  |. 6A 16          PUSH 16
005115D1  |. 6A 16          PUSH 16
005115D3  |. 6A 20          PUSH 20
005115D5  |. 6A 20          PUSH 20
005115D7     E8 38BE0B00    CALL gameReta.005CD414
005115DC  |. D905 9CB07000  FLD DWORD PTR DS:[70B09C]
005115E2     50             PUSH EAX
005115E3     E8 2CBE0B00    CALL gameReta.005CD414
005115E8     8B4E 04        MOV ECX,DWORD PTR DS:[ESI+4]
005115EB     50             PUSH EAX
005115EC     8B46 08        MOV EAX,DWORD PTR DS:[ESI+8]
005115EF     50             PUSH EAX
005115F0  |. 51             PUSH ECX
005115F1  |. 8D8E A80C0000  LEA ECX,DWORD PTR DS:[ESI+CA8]
005115F7  |. E8 34720100    CALL gameReta.00528830
005115FC  |. 891D 04DE8600  MOV DWORD PTR DS:[86DE04],EBX
00511602  |. 891D 08DE8600  MOV DWORD PTR DS:[86DE08],EBX
00511608  |. 891D 0CDE8600  MOV DWORD PTR DS:[86DE0C],EBX
0051160E  |. 891D 10DE8600  MOV DWORD PTR DS:[86DE10],EBX
00511614  |. 891D 14DE8600  MOV DWORD PTR DS:[86DE14],EBX
0051161A  |. 891D 18DE8600  MOV DWORD PTR DS:[86DE18],EBX
00511620  |. B9 EDDD8600    MOV ECX,gameReta.0086DDED
00511625  |. B8 ACDC8600    MOV EAX,gameReta.0086DCAC
0051162A  |. 8D9B 00000000  LEA EBX,DWORD PTR DS:[EBX]
00511630  |> 33D2           /XOR EDX,EDX
00511632  |. 8DB0 C0FEFFFF  |LEA ESI,DWORD PTR DS:[EAX-140]
00511638  |. 8916           |MOV DWORD PTR DS:[ESI],EDX
0051163A  |. 8956 04        |MOV DWORD PTR DS:[ESI+4],EDX
0051163D  |. 8956 08        |MOV DWORD PTR DS:[ESI+8],EDX
00511640  |. 8956 0C        |MOV DWORD PTR DS:[ESI+C],EDX
00511643  |. 8956 10        |MOV DWORD PTR DS:[ESI+10],EDX
00511646  |. 8956 14        |MOV DWORD PTR DS:[ESI+14],EDX
00511649  |. 8956 18        |MOV DWORD PTR DS:[ESI+18],EDX
0051164C  |. 8956 1C        |MOV DWORD PTR DS:[ESI+1C],EDX
0051164F  |. 8956 20        |MOV DWORD PTR DS:[ESI+20],EDX
00511652  |. 8956 24        |MOV DWORD PTR DS:[ESI+24],EDX
00511655  |. 8BF0           |MOV ESI,EAX
00511657  |. 8916           |MOV DWORD PTR DS:[ESI],EDX
00511659  |. 8956 04        |MOV DWORD PTR DS:[ESI+4],EDX
0051165C  |. 8956 08        |MOV DWORD PTR DS:[ESI+8],EDX
0051165F  |. 8956 0C        |MOV DWORD PTR DS:[ESI+C],EDX
00511662  |. 8956 10        |MOV DWORD PTR DS:[ESI+10],EDX
00511665  |. 8956 14        |MOV DWORD PTR DS:[ESI+14],EDX
00511668  |. 8956 18        |MOV DWORD PTR DS:[ESI+18],EDX
0051166B  |. 8956 1C        |MOV DWORD PTR DS:[ESI+1C],EDX
0051166E  |. 8956 20        |MOV DWORD PTR DS:[ESI+20],EDX
00511671  |. 8956 24        |MOV DWORD PTR DS:[ESI+24],EDX
00511674  |. 8859 FF        |MOV BYTE PTR DS:[ECX-1],BL
00511677  |. 8819           |MOV BYTE PTR DS:[ECX],BL
00511679  |. 8859 01        |MOV BYTE PTR DS:[ECX+1],BL
0051167C  |. 83C0 28        |ADD EAX,28
0051167F  |. 83C1 03        |ADD ECX,3
00511682  |. 3D ECDD8600    |CMP EAX,gameReta.0086DDEC
00511687  |.^7C A7          \JL SHORT gameReta.00511630
00511689  |. 5E             POP ESI
0051168A  |. 5B             POP EBX
0051168B  \. C2 0800        RETN 8

Tried nooping, jumping, etc. Watching the code in an old game.exe that had no confirm button, but can't make it work.

If anyone has a some info about this?

PS: The game.exe Im using is 3.301.376 bytes in size. Is not the 3.289.088 one released here.

[andr3y_you96]

The part of code that you posted its only for graphic if im not wrong. When i was looking into it i was able to remove the graphic of the confirm button but the OK button was still disabled.
I can give you the offessets for the 3.289.088 bytes game.exe where i made the change to jump the confirm button, there should be something similar in yours too.
I simply changed JE (jump if equal) to JMP (jump). I dont realy remember how i found this 2 offesets.

Code:

00513023 - E9 C5000000           - jmp 005130ED
00513038 - E9 B0000000           - jmp 005130ED

[sominus]

Well I was looking in the wrong place.

Those 2 jumps you posted indeed fixed the problem.
Now the confirm button is still visible but disabled (but I'm sure they can be removed), and the OK button works fine, no more DC.

Thanks a lot.

[thetruestarr1337]

for the confirm button, it sounds dirty but you could clear the image in the interface folder

[sominus]

Already replaced the confirm with a static text, but yeah, it's a dirty solution lol.

[harlantk]

Quote:

Originally Posted by andr3y_you96

The part of code that you posted its only for graphic if im not wrong. When i was looking into it i was able to remove the graphic of the confirm button but the OK button was still disabled.
I can give you the offessets for the 3.289.088 bytes game.exe where i made the change to jump the confirm button, there should be something similar in yours too.
I simply changed JE (jump if equal) to JMP (jump). I dont realy remember how i found this 2 offesets.

Code:

00513023 - E9 C5000000           - jmp 005130ED
00513038 - E9 B0000000           - jmp 005130ED

Thank you andr3y_you96 for this fix. Using game.exe (Size: 3,302,376) I did not change address 00513023 but DID change the address 00513038 to JMP and that worked perfectly enabled the OK Button and disabled the confirm button. I had lock up issues when changing both to JMP for future reference if others have this issue as well. Try changing the latter one only instead.
Thank you again andr3y_you96

Harlan