Trying to find a bounds check in MS Flight Simulator 2004 + FSX - halp!?

Discussion in 'Technical Discussion' started by Travelsonic, Jan 7, 2021.

  1. Travelsonic

    Travelsonic

    Member
    811
    14
    18
    So on/off for a while now, I've been trying to make a mod for Microsoft Flight Simulator (2004, and FSX specifically) that will allow for much greater user-defined weather options.

    For instance, my first change is making it so that the values for wind layers, and wind gusts are not bound to a range of 0 <= X <= 200 for sustained speeds, and 0 <= X <= 220 for wind gusts, but instead have a value range of -2,147,483,648 <= X <= 2,147,483,647 (min/max values of a signed 32-bit integer).

    I've found in memory locations that store min and max values for these things, and in memory where the user's input is stored. I've also found, and killed the check that replaces the user's value with the aforementioned max value when said value is too high, or replaces it with the minimum value when too low.

    The problem is, there is still one bounds check that I am struggling to find, and it is pissing me off. Basically, there is another check that is done which, if failed, will pop up a dialog box notifying the user of the value range they are allowed, and stops them from closing the dialog box / saving their changes.

    I have mostly been using Cheat Engine for this endeavor - finding memory addresses and then finding when they are read from, or written to, which got me this far, but is proving a bit ... inadequate for this it seems, unless I am a total duncecap/missing anything. I wonder though if I need to figure out how to find event handlers that are used/called. I am struggling to figure out where to turn to next, and pissing myself off in the process. XD

    Maybe I just need to bounce ideas off of people, and get ideas. I am SO damn close to achieving this part of my goal.
     
  2. MarkeyJester

    MarkeyJester

    Vague Memories Resident Jester
    2,048
    125
    43
    Japan
    I would suggest finding the ASCII text within the exe which displays in the dialog box, if it displays value ranges it might use a syntaxical symbol for displaying a number pushed as a parameter (similar to (sn)printf with %), so do a partial search of the text in the dialog which does not include the numbers nor specific names which can swap out, for example, if the dialog were to display "Error, Jason has passed the boundary 2000 x 1800 blah blah", then you would search specifically for "has passed the boundary" and omit the name or numbering scheme.

    Once the string is found, you will then have an address to said text, and can freely search to references to that ASCII address in order to find the dialog box call, if you can find that call, you can then work backwards and find the trigger responsible, and if you fail to find the bounds checks as you want, you can always bypass the dialog box and any code before or after which prevents the game from resuming and prevents you from saving, so even though the bounds are tripped, it's as good as doing nothing.

    Take the above is a minor guide only, for it's circumstantial and may depend on how it's programmed and what type of dialog is being called, whether it's the API or something in-build, and just rendered via normal drawing. But it may be a good start. I suspect given it's a game from 2004 it might be considerably simple and not involving any confusing flat-design shenanigans.
     
  3. Travelsonic

    Travelsonic

    Member
    811
    14
    18
    Tried finding the string for the error dialog in question, and it seemed to lead to quite the chain of events (if I was using stack tracing correctly, at least).

    I have been having a little better luck using ghidra in conjunction with cheat engine when it comes to navigating this tangled web. So far, I have had a better time with whittling down the possible functions where this bounds checking could occur, even think I found where the individual error messages are stored, but it is still a monotonous task.