Haven't read that. I'll start looking for it. Might be. Thing is, with Infernal, I actually found a trace, but it needs more in-depth research.
For instance,
sub [eax+538],ecx had a "brother" up ahead like :
Quote:
mov edx,[esi+56C]
...
mov eax,edx
sub [eax+538],ecx
|
So, if you look at that, you got 2 offsets : 56C and 538. I looked in-depth for a stable link to
esi. Searched for a pointer to it, and found plenty (about 600). Debugged it and all I got were opcodes like "mov eax,[edi]" =| I eventually found a pointer for it, was level 3. Kinda like : B6xxxx + 2F0 + 56C + 538. The pointer was static, but once I changed level or reloaded, everything died. Come to think about it, if this game is similar to Archangel in engine, it's all kinda self-explained. I remember I hit the same issues while playing that game...
I think the method I wrote about is quite simple. I'll read your Fable article, and see if I can find anything matching my situation
Oh, almost forgot !
Infernal command lines :
1.
/window - start the game in windowed mode (I believe it's 800x600)
2.
/safe - start game in safe mode (for some reason, I get an error msg box stating I have to reinstall the game - yeah, missing some files)
3.
/nops - am yet to discover what this does (no p - player? - s - something?)
4.
/ulkytutft67gfj655gy - no, it's not a joke, it's a command line - I believe it's used to disable some debugging protection features from both LUA/SolidShield - still checking
Enjoy ! I'll be back later...
P.S.: Once this thread gets big, you can move it to the Coding section.
P.S.2: Looking for a way to pop that window up - the one you see in that PE Explorer pic