Use IDA if you wish to repeat this, start by 'G'oing to address 4A7E21.
In a hex editor, the "searching" for the signature 85 D2 0F 85 38 00 00 00 8B 45 E0 C1 E0 04 33 C9 will get you to the same spot if you don't have IDA. The first part, 85 D2 corresponds with 'test edx, edx'.
-----------------------------------------------
One of the byte variables I 'renamed' to NPC_genderbyte. This helps with visibility.
This code determines Gender. As you can see, there is a 66% chance to be female (this is Micropose's default!).
A roll of 0 will make the leader male, a roll of 1 or 2 will set nothing - however when the game is initalized all leaders are set to female, so no change = female.
A cheap hack to make all leaders female would be changing this line:
.text:004A7E21 test edx, edx
Simply make the test always true. We know ecx was just set to 3, so test ecx, ecx (instead of 'edx') would
be the same as 'test 3, 3' and that is always true. 100% female. (test ecx, ecx uses opcodes 85 C9 instead of 85 D2 -- see the top of this post)
A cheap hack to make all leaders male would be changing the same line to always fail.
i.e., test 0, 0 or test ecx, 0.
----------------------
I really don't want to release copies of the executable or utilities that change the binary, but I thought I should share this little discovery.
In a hex editor, the "searching" for the signature 85 D2 0F 85 38 00 00 00 8B 45 E0 C1 E0 04 33 C9 will get you to the same spot if you don't have IDA. The first part, 85 D2 corresponds with 'test edx, edx'.
Code:
.text:004A7E14 call _rand
.text:004A7E19 mov ecx, 3
.text:004A7E1E cdq
.text:004A7E1F idiv ecx
.text:004A7E21 test edx, edx
.text:004A7E23 jnz loc_4A7E61
.text:004A7E29 mov eax, [ebp-32]
.text:004A7E2C shl eax, 4
.text:004A7E2F xor ecx, ecx
.text:004A7E31 mov cl, NPC_genderbyte[eax+eax*2]
.text:004A7E38 test ecx, ecx
.text:004A7E3A jnz loc_4A7E53
.text:004A7E40 mov eax, [ebp+var_20]
.text:004A7E43 shl eax, 4
.text:004A7E46 mov NPC_genderbyte[eax+eax*2], 1
.text:004A7E4E jmp loc_4A7E61
.text:004A7E53 ; -----------------------------------------------------------------
.text:004A7E53
.text:004A7E53 loc_4A7E53: ; CODE XREF: sub_4A7209+C31j
.text:004A7E53 mov eax, [ebp-32]
.text:004A7E56 shl eax, 4
.text:004A7E59 mov NPC_genderbyte[eax+eax*2], 0
.text:004A7E61
.text:004A7E61 loc_4A7E61: ; CODE XREF: sub_4A7209+C1Aj
.text:004A7E61 ; sub_4A7209+C45j
.text:004A7E61 mov eax, [ebp-32]One of the byte variables I 'renamed' to NPC_genderbyte. This helps with visibility.
This code determines Gender. As you can see, there is a 66% chance to be female (this is Micropose's default!).
A roll of 0 will make the leader male, a roll of 1 or 2 will set nothing - however when the game is initalized all leaders are set to female, so no change = female.
A cheap hack to make all leaders female would be changing this line:
.text:004A7E21 test edx, edx
Simply make the test always true. We know ecx was just set to 3, so test ecx, ecx (instead of 'edx') would
be the same as 'test 3, 3' and that is always true. 100% female. (test ecx, ecx uses opcodes 85 C9 instead of 85 D2 -- see the top of this post)
A cheap hack to make all leaders male would be changing the same line to always fail.
i.e., test 0, 0 or test ecx, 0.
----------------------
I really don't want to release copies of the executable or utilities that change the binary, but I thought I should share this little discovery.