Fable: The Lost Chapters Mod Scene
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Fable TLC » Development » Advanced Modding » Executable Functions
Executable Functions [message #33113] Sun, 28 October 2007 23:46 Go to next message
Keshire is currently offline  Keshire
Messages: 1266
Registered: July 2005

Administrator
sub_C05FD0 - zlib crc32 function
sub_CBFB7D - main scripts.bin script parser/engine (over 80kb of code in a SINGLE function...)
sub_CD52D0 - compiled script registering process( best place to add our own stuff into)

sub_5D1FC - hero stats function PC (maybe)
sub_5CE0E6 - hero stats display UI (maybe)
sub_409730 - Enum profile and game save files
sub_99AD80 - open file handler
sub_99A6A0 - open file
sub_4A21F0 - fablesav parser/loader
sub_40D350 - main profile loader, calls below
sub_40BCA0 - profile parser
sub_9F1D20 - boot.ini loader


sub_CE6CF0 - S_GF (Register)
sub_CE75B0 - S_GF (Main)
sub_CE7640
sub_CE7650
sub_CE7670 - S_GF (Story Flow)
sub_CEF3B0 - S_GF (NewQuestCard)
sub_CEF550 - S_GF (Barrowfield)
sub_CEF8E0 - S_GF (Save)
sub_CEF950 - S_GF (Game Flow)
sub_CEF9A0
sub_CEFA00
sub_CEFA20 - S_GFA (Main)
sub_CEFAB0
sub_CEFAC0 - S_GFA (Tutorial)
sub_CEFCC0 - S_GFA (MultiCheck)
sub_CEFFB0 - S_GFA (HealthCheck)
sub_CF0180 - S_GFA (WillCheck)
sub_CF02A0 - S_GFA (RenownCheck)
sub_CF0540
sub_CF0560 - S_GFA (Stats)
sub_CF0640 - S_GFA (Gameflow Assistant)

[Updated on: Mon, 29 October 2007 21:59]

Report message to a moderator

Re: Executable Functions [message #33165 is a reply to message #33113] Mon, 29 October 2007 22:23 Go to previous messageGo to next message
Keshire is currently offline  Keshire
Messages: 1266
Registered: July 2005

Administrator
DemonDoor_Start                                .text 00E6E2E0 0000008B R . . . . . . 
DemonDoors                                     .text 00E75590 00000036 R . . . . . . 
Fisticuffs_Complete                            .text 00E82190 00000083 R . . . . . . 
Fisticuffs_Create                              .text 00E82220 000002AB R . . . . . . 
Fisticuffs_Crowd                               .text 00E83A20 0000019B R . . . . . . 
Fisticuffs_Cutscene                            .text 00E8A1D0 000000C8 R . . . . . . 
Fisticuffs_Introduced                          .text 00E84B50 00000021 R . . . . . . 
Fisticuffs_KHG_Win                             .text 00E8B020 000006D4 R . . . . . . 
Fisticuffs_Main_                               .text 00E84B80 0000226C R . . . . . . 
Fisticuffs_NPC_Create                          .text 00E8A2B0 00000CBF R . . . . . . 
Fisticuffs_Tyler                               .text 00E87030 00003107 R . . . . . . 
PAAWB_NPC                                      .text 00EC12E0 000000F1 R . . . . . . (Picnic Area After Wasp Battle script)
RPS_BANDIT_ARCHER                              .text 00EC32F0 000007BB R . . . . . . (Random Population Sim Script Functions)
RPS_BANDIT_GRUNT                               .text 00EC3AD0 000000D6 R . . . . . . 
RPS_Exit                                       .text 00EC1CD0 0000021C R . . . . . . 
RPS_Main                                       .text 00EC1850 0000008B R . . . . . . 
RPS_Morality                                   .text 00EC1EF0 00000344 R . . . . . . 
RPS_NPC                                        .text 00EC1910 0000024C R . . . . . . 
RPS_Spawn                                      .text 00EC29F0 00000739 R . . . . . . 
RPS_TRADER                                     .text 00EC3130 000000EB R . . . . . . 
SM_Main                                        .text 00ED3A90 0000008B R . . . . . . (Statue Master Functions)
SM_Markers                                     .text 00ED3B30 0000057A R . . . . . . 
S_QGT                                          .text 00D50600 00000047 R . . . . . . 
S_QGT_GuildTrain_Main                          .text 00D3BB50 0000008B R . . . . . . 
S_VPAAWB                                       .text 00EC1780 00000036 R . . . . . . 
S_VPAAWB_Main                                  .text 00EC1240 0000008B R . . . . . . 
S_VRPS                                         .text 00EC3BC0 00000039 R . . . . . . 
S_VSM                                          .text 00ED4A40 00000036 R . . . . . . 
ScriptMain                                     .text 00CDE2F0 00000036 R . . . . . . 
Script_Global                                  .text 00CE19A0 00000036 R . . . . . . 
TH_Cutscene_Triggers                           .text 00EDED10 00000583 R . . . . . . (Wandering heroes Script Functions)
TH_Main                                        .text 00EDEC70 0000008B R . . . . . . 
TH_Scenes                                      .text 00EE1DC0 00000077 R . . . . . . 

[Updated on: Mon, 29 October 2007 22:34]

Report message to a moderator

Re: Executable Functions [message #66458 is a reply to message #33113] Tue, 24 April 2012 00:40 Go to previous messageGo to next message
EternalNoob
Messages: 47
Registered: January 2006
Location: The Pit of Hell
Dev Console = 0x009ED190

This has been disabled in some way.

Update: 

As far as I can tell, the console is intact, all the routines for initializing it, and it's graphics, etc, exist. (It's all running too, it's just never enabled by the game.)


Unknown = 0x0099EBF0

This takes two visible parameters. It also requires an object reference pointer in the register ECX. (Likely a "this" pointer.)

Update: 

I believe this is used by the games "IntelligentPointers", basically, if an object exist, it finds it, otherwise it creates it, and makes a pointer to it, for reference tracking\access, etc,.


Decrease Will:
0x0057B1F1 - (add [esi+58h], eax)

This could be used to remove magic cost, or, to create a multiplier to increase the cost.


Increase\Decrease Gold (Shops, maybe more..)
0x0057B338 - (mov [esi+3Ch], eax)


Static References:

GameDirectory = 0x013BCA10
HInstance = 0x013BD6EC

CThingManager = 0x013B8A1C
GraphicDataBank = 0x013B8A08
MeshDataBank = 0x013B8A04
QuestManager = 0x013B89FC
CGameJoystickManager = 0x013B89A0
CStreamingFontBank = 0x013B8998
CThingObjectDef 0x013B8C14
CInventoryItemDef 0x013B8C18
CUserProfileManager = 0x013B7D4C
CGraphicBankManager = 0x013B837C
CShaderRenderManager = 0x013B8380
CRenderManager = 0x013B8384
CInputManager = 0x013B8388
CFontManager = 0x013B838C
CDisplayManager = 0x013B8390
CSoundManager = 0x013B8394
CGame = 0x013B83D0
CMainGameComponent = 0x013B86A0
CManager@NUISystem = 0x013B8710
CPlayerDef = 0x013B878C 
CPlayerGUI = 0x013B8790
CGameDefinitionManager = 0x013B879C
CEngineManager = 0x013BA854
CTCAICreatureWillPowerIndicator = 0x013BA89C
CCameraModeDef = 0x013BA8D8
CSkeletalMorphResourceManager = 0x013BAB10

I haven't verified all of these, they could be static, or the values could be temporarily stored there. (I'll have to keep checking them, and make sure they always stay the same.)

I hit the damn static lottery. :)


These are the layouts of class instances mapped in memory.

CThingManager:

Base = CThingManager (VFTable: 0x01245C44)
Base + 1Ch = CMainGameComponent
Base + 20h = CGameDefinitionManager
Base + 24h = CWorld
Base + 28h = CWorldMap
Base + 30h = CPlayerManager
Base + 8Ch = Unknown

CPlayerManager:

Base = CPlayerManager (VFTable: 0x01231CD0)
Base + 0Ch = CPlayer
Base + 10h = Unknown
Base + 1Ch = Unknown

CPlayer:

Base = CPlayer (VFTable: 0x01231CC4)
Base + 0Ch = CGamePlayerInterface
Base + 34h = CIntelligentPointer@VCThingPlayerCreature

CIntelligentPointer@VCThingPlayerCreature:

Base + 4h = CThingPlayerCreature

CThingPlayerCreature:

Base = CThingPlayerCreature (VFTable: 0x012457FC)
Base + 0B0h = Max Health (Float)
Base + 0B4h = Current Health (Float)

CTCHeroStats:

Base = CTCHeroStats (VFTable: 0x0124F70C)
Base + 4h = CThingPlayerCreature (VFTable: 0x012457FC)
Base + 38h = Unknown
Base + 3Ch = Current Gold
Base + 40h = Highest Amount of Money Ever Had
Base + 48h = Total Money Acquired
Base + 4Ch = Total Money Spent
Base + 58h = Current Will
Base + 5Ch = Max Will
Base + 70h = Renown
Base + FCh = Total Fines

CSystemManager:

Base + 58h = CInputManager
Base + 60h = CDisplayManager
Base + 7Ch = CSoundManager
Base + 84h = CFontManager

CDisplayManager:

Base + 8h = CRenderManager

CDrawPerceivers@NPlayerGui:

Base + 38h = Perceiver Count

CGameCameraManager:

Base + 114h = Unknown
Base + 118h = Unknown
Base + 128h = Unknown

CInventoryItemDef:

Base + 4h = Unknown

[Updated on: Sat, 02 June 2012 18:17]

Report message to a moderator

Re: Executable Functions [message #66742 is a reply to message #33113] Fri, 01 June 2012 08:37 Go to previous messageGo to next message
Keshire is currently offline  Keshire
Messages: 1266
Registered: July 2005

Administrator
What would be extremely helpful would be able to modify the cdefs loaded in memory so that we can try finding out some of the stuff we don't know about their properties.

Also we want to hook the scripting language into something outside the exe that we can add to.



Apathy Cannot Inspire.
Ambivalence cannot lead.
Loved me. Feared me.
Changed me. Killed me.
Anything would be something.
But nothing is worst of all.

[Updated on: Fri, 01 June 2012 08:39]

Report message to a moderator

Re: Executable Functions [message #66744 is a reply to message #66742] Fri, 01 June 2012 12:14 Go to previous messageGo to next message
asmcint is currently offline  asmcint
Messages: 1360
Registered: April 2010
Location: Behind the beef

Moderator
Quote:

we want to hook the scripting language into something outside the exe that we can add to.

Both EternalNoob and xenn were talking about this at one point. Specifically, hooking it into a dll file. In fact, that conversation, should you feel like reading it, can be found at the following link: http://fabletlcmod.com/forum/index.php?t=msg&th=9150& ;start=0&


Read the site rules, as well as individual thread rules, stickies and announcements, and use search, or you will have smartassy or exasperated ownage rained down upon you by the site's crack team of mods and admins. Also, you can find all you need to get started on modding here.
Re: Executable Functions [message #66745 is a reply to message #66742] Fri, 01 June 2012 12:33 Go to previous messageGo to next message
EternalNoob
Messages: 47
Registered: January 2006
Location: The Pit of Hell
Snip..

[Updated on: Sat, 02 June 2012 18:04]

Report message to a moderator

Re: Executable Functions [message #71722 is a reply to message #66458] Mon, 04 March 2019 15:07 Go to previous messageGo to next message
blastedt is currently offline  blastedt
Messages: 5
Registered: May 2016
Location: Blastedt

EternalNoob wrote on Tue, 24 April 2012 00:40
[
Unknown = 0x0099EBF0

This takes two visible parameters. It also requires an object reference pointer in the register ECX. (Likely a "this" pointer.)

Update: 

I believe this is used by the games "IntelligentPointers", basically, if an object exist, it finds it, otherwise it creates it, and makes a pointer to it, for reference tracking\access, etc,.
0x99EBF0 is a string constructor. The game uses something called "CCharString" likely to provide wrapper functions and such. In the following image, Mac code (with built-in labels) is left, with the corresponding PC code is on the right. You can see the 99ebf0 call corresponds to a Mac call of CCharString's constructor (taking a char* and its length). This code is from the Necropolis tablet scripting.
https://i.imgur.com/y4yKcRN.png (Please ignore that I've accidentally named the destructor the same thing - 99ebf0 is the constructor, and 99eae0 is the destructor.)

Similarly, 0x9ed190 *is* related to the console - this is CConsole::Initialise(CConsole*, char, EInputKey, CFontBank*).

Sorry to necro an old thread, but this is pretty much the only existing resource on reverse engineering Fable, and I'd rather add to it than make a redundant thread.


Blastedt

[Updated on: Mon, 04 March 2019 16:57]

Report message to a moderator

Re: Executable Functions [message #71724 is a reply to message #71722] Thu, 21 March 2019 09:30 Go to previous messageGo to next message
plopk45 is currently offline  plopk45
Messages: 63
Registered: October 2009
I'm still hoping this community comes back , would love to be able to create more quests even though I know this hasn't been possible since the game has existed. A man can dream eh. :(

http://i1019.photobucket.com/albums/af315/lindamason5/jackofblades_zpse75c43d3.png image, by plopk45
Re: Executable Functions [message #71737 is a reply to message #33113] Tue, 04 June 2019 18:10 Go to previous messageGo to next message
blastedt is currently offline  blastedt
Messages: 5
Registered: May 2016
Location: Blastedt

if you change the byte 01375741 aka Fable.exe+F75741 from one to zero, you can leave quest zones instead of being forced to reload

---
Debug profiles:

the routine at Fable.exe+7030 is labeled CUserProfileManager::IsDebugProfile. Bytepatch information:

Toggle Spoiler

This bytepatch fools the game into believing you are playing on a "debug profile". It has the currently noted effects:
1. you may world save whenever you want
2. all empty save slots except the first one are hidden
3. saves are saved in "Save04" instead of "Manual - Save04"
World saving inside a quest seems to work fine - you are put back in the quest at the same state when you load. Needs a lot more testing though.


Blastedt

[Updated on: Sat, 27 July 2019 22:25]

Report message to a moderator

Re: Executable Functions [message #71769 is a reply to message #71737] Sun, 17 May 2020 17:14 Go to previous message
JohnDoe is currently offline  JohnDoe
Messages: 3007
Registered: October 2007

Retired
Yea I'm late to this, I know.

blastedt wrote on Tue, 04 June 2019 20:10
Cool stuff
Cool stuff!

These are similar consequences of sandboxing the game from the getgo by disabling gameflow from the user.ini. But if quests are functional, this could prove quite useful indeed. I'm curious...

When sandboxing the game, creating and loading a save brings the player back to the physical location at which the save was made, as opposed to the nearest active holy site map script. I wonder if that's the case for this hack as well. Good stuff, wish we were active enough to fuck around with it properly.
Previous Topic: BigTools
Next Topic: Important Notes
Goto Forum:
  


Current Time: Tue Dec 03 09:14:24 PST 2024

Total time taken to generate the page: 0.14313 seconds