Trying to find a bounds check in MS Flight Simulator 2004 + FSX - halp!?

Discussion in 'Technical Discussion' started by Travelsonic, Jan 7, 2021.

  1. Travelsonic

    Travelsonic

    Member
    819
    17
    18
    So on/off for a while now, I've been trying to make a mod for Microsoft Flight Simulator (2004, and FSX specifically) that will allow for much greater user-defined weather options.

    For instance, my first change is making it so that the values for wind layers, and wind gusts are not bound to a range of 0 <= X <= 200 for sustained speeds, and 0 <= X <= 220 for wind gusts, but instead have a value range of -2,147,483,648 <= X <= 2,147,483,647 (min/max values of a signed 32-bit integer).

    I've found in memory locations that store min and max values for these things, and in memory where the user's input is stored. I've also found, and killed the check that replaces the user's value with the aforementioned max value when said value is too high, or replaces it with the minimum value when too low.

    The problem is, there is still one bounds check that I am struggling to find, and it is pissing me off. Basically, there is another check that is done which, if failed, will pop up a dialog box notifying the user of the value range they are allowed, and stops them from closing the dialog box / saving their changes.

    I have mostly been using Cheat Engine for this endeavor - finding memory addresses and then finding when they are read from, or written to, which got me this far, but is proving a bit ... inadequate for this it seems, unless I am a total duncecap/missing anything. I wonder though if I need to figure out how to find event handlers that are used/called. I am struggling to figure out where to turn to next, and pissing myself off in the process. XD

    Maybe I just need to bounce ideas off of people, and get ideas. I am SO damn close to achieving this part of my goal.
     
  2. MarkeyJester

    MarkeyJester

    Vague Memories Resident Jester
    2,059
    158
    43
    Japan
    I would suggest finding the ASCII text within the exe which displays in the dialog box, if it displays value ranges it might use a syntaxical symbol for displaying a number pushed as a parameter (similar to (sn)printf with %), so do a partial search of the text in the dialog which does not include the numbers nor specific names which can swap out, for example, if the dialog were to display "Error, Jason has passed the boundary 2000 x 1800 blah blah", then you would search specifically for "has passed the boundary" and omit the name or numbering scheme.

    Once the string is found, you will then have an address to said text, and can freely search to references to that ASCII address in order to find the dialog box call, if you can find that call, you can then work backwards and find the trigger responsible, and if you fail to find the bounds checks as you want, you can always bypass the dialog box and any code before or after which prevents the game from resuming and prevents you from saving, so even though the bounds are tripped, it's as good as doing nothing.

    Take the above is a minor guide only, for it's circumstantial and may depend on how it's programmed and what type of dialog is being called, whether it's the API or something in-build, and just rendered via normal drawing. But it may be a good start. I suspect given it's a game from 2004 it might be considerably simple and not involving any confusing flat-design shenanigans.
     
  3. Travelsonic

    Travelsonic

    Member
    819
    17
    18
    Tried finding the string for the error dialog in question, and it seemed to lead to quite the chain of events (if I was using stack tracing correctly, at least).

    I have been having a little better luck using ghidra in conjunction with cheat engine when it comes to navigating this tangled web. So far, I have had a better time with whittling down the possible functions where this bounds checking could occur, even think I found where the individual error messages are stored, but it is still a monotonous task.
     
  4. Travelsonic

    Travelsonic

    Member
    819
    17
    18
    This is really pissing me off.

    I don't understand how the original bounds are being used for bounds checking, even after the bounds are already altered. No matter what I alter, the bounds checking is there.

    There is a location in memory that stores the user-inputted wind gust speed as a string, and changing/forcing that to change did nothing either.

    I'm really running out of ideas. ~_~
     
    Last edited: Jan 21, 2021
  5. Travelsonic

    Travelsonic

    Member
    819
    17
    18
    So the memory values I have found seem to only impact what the user is allowed to scroll the value to in the respective dialog box, as well as what the value is replaced with upon hitting "enter" (which of course is the max value, when the user value is above that).

    Ugh, back to square one I guess.
     
  6. Travelsonic

    Travelsonic

    Member
    819
    17
    18
    WHY THE HELL DID I NOT THINK OF IT BEFORE!

    I could have just analyzed the weather data provided alongside a saved flight (along with an idea of the potential different units of measurements used).

    I realized this when I was in the bathroom the other day (where else do all good ideas come, but in the bathroom haha), and the amount of info I found out was incredible.