Level 10 Color/Palette Corruption

Second part of the best game ever made.
Post Reply
User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 5743
Joined: April 9th, 2009, 10:58 pm

Level 10 Color/Palette Corruption

Post by Norbert »

Immediately starting PoP2 level 10 (with: PRINCE.EXE makinit/yippeeyahoo level10) gives color/palette corruption.
I think it's a myth that this is crack related. I tried all the EXE versions in The Ultimate Collection (TUC) v1.3 and here are the results:

Code: Select all

                 horse cutscene | correct palette after cutscene | correct palette immediately to level 10
IR Prince.exe:   YES            | YES                            | NO
IR PrinceC1.exe: YES            | YES                            | NO
IR PrinceC2.exe: YES            | YES                            | NO
IR PrinceC3.exe: YES            | YES                            | NO
IR PrinceC4.exe: YES            | YES                            | NO
1.0 Prince.exe:  YES            | YES                            | NO (asks codes)
1.0 PrinceC1.exe NO             | NO                             | NO
1.0 PrinceC2.exe YES            | YES                            | NO (asks codes)
1.1 Prince.exe:  YES            | YES                            | NO (asks codes)
1.1 PrinceC1.exe NO             | NO                             | NO
1.0 PrinceC2.exe doesn't appear to be cracked, because it asks codes.
Immediately starting PoP2 level 10 always corrupts the colors/palette.
The crack messes up the horse cutscene and palette after the cutscene.

[Edit: If the prince starts in another room (not 22 but 11, for example), that appears to fix the problem.]
David
The Prince of Persia
The Prince of Persia
Posts: 2846
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Level 10 Color/Palette Corruption

Post by David »

I noticed something: 1.0 PrinceC1.exe has no cutscenes at all if I start it with LEVELn (but they come back if I press alt-R).
Also, in this version, if I press alt-N on level 9, then the incorrect palette of level 10 will be the palette of the ruins.
However, if I start level 10 with the cheat code in any version, the palette will be the default Mode 13h palette (rainbows). (Make a screenshot with ctrl-F5 and look at its palette.)
So, it seems that the palette of level 10 is loaded when the cutscene ends (either because it reached the end or the user interrupted it), or when a saved game is loaded. But not when the level is started from the command line.
Andrew
Wise Scribe
Wise Scribe
Posts: 313
Joined: July 16th, 2009, 4:39 pm

Re: Level 10 Color/Palette Corruption

Post by Andrew »

Norbert wrote:1.0 PrinceC2.exe doesn't appear to be cracked, because it asks codes.
My memory's a bit hazy (and I can't check now), but are you sure it isn't cracked? IIRC it's one of those where any code you select is accepted.
User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 5743
Joined: April 9th, 2009, 10:58 pm

Re: Level 10 Color/Palette Corruption

Post by Norbert »

Andrew wrote:IIRC it's one of those where any code you select is accepted.
Oh, didn't think of that; good point.
David
The Prince of Persia
The Prince of Persia
Posts: 2846
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Level 10 Color/Palette Corruption

Post by David »

Yes, it accepts any code.
It would be useful to have a list or table about what each crack does.
David
The Prince of Persia
The Prince of Persia
Posts: 2846
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Level 10 Color/Palette Corruption

Post by David »

(I wanted to EDIT but the forum says "You can no longer edit or delete that post.")
Looks like we wrote our posts at the same time. Again! :)

Also, it seems to me that the only crack for PoP2 1.1 in TUC has the same problem as 1.0 PrinceC1.exe: there are no cutscenes if a level is loaded directly.
The problem seems to be that the copy protection routine is fully disabled. But then

Search for 20 00 49 00 32 00 0A 01 00, and change that last 00 to 01.

I also found out how to fix the palette corruption bug:
Search for 16 75 07 80 3E, change 16 to 00.
But then the screen will go back after the cutscene for a moment.

Search for 83 7E 06 00 74 13 B8 AC 0D, change 74 13 to 90 90.
User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 5743
Joined: April 9th, 2009, 10:58 pm

Re: Level 10 Color/Palette Corruption

Post by Norbert »

David wrote:(I wanted to EDIT but the forum says "You can no longer edit or delete that post.")
I've just changed those (post edit and post remove) setting from 60 minutes to 4320 minutes (3 days).
(I'm keeping it limited to prevent things like programmer removing his 690 public posts last August.)
Andrew
Wise Scribe
Wise Scribe
Posts: 313
Joined: July 16th, 2009, 4:39 pm

Re: Level 10 Color/Palette Corruption

Post by Andrew »

David wrote:Also, it seems to me that the only crack for PoP2 1.1 in TUC has the same problem as 1.0 PrinceC1.exe: there are no cutscenes if a level is loaded directly.
The problem seems to be that the copy protection routine is fully disabled. But then

Search for 20 00 49 00 32 00 0A 01 00, and change that last 00 to 01.

I also found out how to fix the palette corruption bug:
Search for 16 75 07 80 3E, change 16 to 00.
But then the screen will go back after the cutscene for a moment.

Search for 83 7E 06 00 74 13 B8 AC 0D, change 74 13 to 90 90.
I applied these 3 hex edits to PoP2 1.1's PrinceC.exe as well as to the original Prince.exe for PoP2 IR, 1.0 and 1.1, but while the palette corruption bug is indeed fixed the screen still blanks out momentarily after the cutscene at the end of level 9.

Also there's a difference between PoP2 IR and 1.0/1.1, which is if you interrupt the horse cutscene in IR then level 10 loads not with a corrupt palette but with only the prince and potions and enemies visible. Everything else is black!

What we need basically is a no-excess-bytes-affected minimalist patch (or patches in case of differences) for the original PoP2 IR, 1.0 and 1.1 Prince.exe which:

1) Disables the copy protection level
2) Doesn't affect the cutscenes
3) Fixes the level 10 palette loading failure/corruption bug
4) Doesn't cause the blank-out after the level 9 ending cutscene

Did I miss anything? :P
David
The Prince of Persia
The Prince of Persia
Posts: 2846
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Level 10 Color/Palette Corruption

Post by David »

Oh my, looks like I somehow submitted an unfinished version of my post! :roll: Sorry!
Anyway, it has all three hacks I wanted to post.

1) is done by the first hack, I hope.
Also, I meant the third hack to be used instead of the second, not together.
But then the horse will disappear for a moment after the screen switches to the temple screen.

That's odd, because it is intended to force a palette load at the beginning of a level even if the game wants to disable it.
Palette load and screen blanking is disabled in those rooms where a cutscene may end.
These are level 6 room 27 (carpet), level 8 room 9 (father's sword), level 10 room 22 (horse) and level 14 room 1 (horse again).
Andrew
Wise Scribe
Wise Scribe
Posts: 313
Joined: July 16th, 2009, 4:39 pm

Re: Level 10 Color/Palette Corruption

Post by Andrew »

David wrote:So, it seems that the palette of level 10 is loaded when the cutscene ends (either because it reached the end or the user interrupted it), or when a saved game is loaded. But not when the level is started from the command line.
The bold section's important, and explains why in IR if the 'galloping horse' cut-scene is interrupted with a keypress then level 10's completely black (except for animated objects). They fixed that at least in 1.0 and 1.1, so interrupting the cut-scene still results in the proper palette for level 10.
David wrote:Search for 20 00 49 00 32 00 0A 01 00, and change that last 00 to 01.
David, can you please explain the section of the code that contains the above using your annotated low-level assembly style (not the high-level style of the disassembly)? I'd like to understand how the code works here and what exactly changing 00 to 01 does. Thanks.
David
The Prince of Persia
The Prince of Persia
Posts: 2846
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Level 10 Color/Palette Corruption

Post by David »

Andrew wrote: David, can you please explain the section of the code that contains the above using your annotated low-level assembly style (not the high-level style of the disassembly)? I'd like to understand how the code works here and what exactly changing 00 to 01 does. Thanks.
I'm not sure what do you mean by "low-level assembly" and "high-level style of the disassembly".

The EXE that I disassembled is the same as PoP2_IR\PrinceC2.exe from TUC.

Here is the part that is changed by my hack:

Code: Select all

data:03DA 20 00                cprot_rect?     dw 32
data:03DC 49 00                                dw 73
data:03DE 32 00                                dw 50
data:03E0 0A 01                                dw 266
data:03E2 00 00                copyprot_shown  dw 0 ; <-- this
And the code that uses it:

Code: Select all

seg005:1292                      do_copyprot     proc far
... skipped the local variables ...
seg005:1292 55                                   push    bp              ; changed in 1.0 C1, 1.1 C1
seg005:1293 8B EC                                mov     bp, sp
seg005:1295 83 EC 10                             sub     sp, 10h
seg005:1298 57                                   push    di
seg005:1299 56                                   push    si
seg005:129A BE 01 00                             mov     si, 1
seg005:129D 83 3E E2 03 00                       cmp     copyprot_shown, 0 ; changed in IR C1, IR C4
seg005:12A2 74 03                                jz      loc_6577
seg005:12A4 E9 1A 01                             jmp     loc_6691
seg005:12A7                      loc_6577:
seg005:12A7 89 36 E2 03                          mov     copyprot_shown, si ; si=1 ; mark that it was already shown
... skipped a part, copy protection screen is shown here ...
seg005:13C1                      loc_6691:
seg005:13C1 0B F6                                or      si, si   ; if copyprot_shown was true (nonzero) then si=1
seg005:13C3 75 0E                                jnz     loc_66A3 ; then this will jump
seg005:13C5 B8 01 00                             mov     ax, 1
seg005:13C8 50                                   push    ax              ; exit_code
seg005:13C9 B8 30 04                             mov     ax, offset aCopyProtection ; "Copy protection failure."
seg005:13CC 1E                                   push    ds
seg005:13CD 50                                   push    ax              ; message
seg005:13CE 9A 0C 00 E8 1D                       call    quit_with_msg
seg005:13D3                      loc_66A3:
seg005:13D3 5E                                   pop     si
seg005:13D4 5F                                   pop     di
seg005:13D5 8B E5                                mov     sp, bp
seg005:13D7 5D                                   pop     bp
seg005:13D8 CA 02 00                             retf    2
seg005:13D8                      do_copyprot     endp
Andrew
Wise Scribe
Wise Scribe
Posts: 313
Joined: July 16th, 2009, 4:39 pm

Re: Level 10 Color/Palette Corruption

Post by Andrew »

David wrote:I'm not sure what do you mean by "low-level assembly" and "high-level style of the disassembly".
What I was trying to find the words to say was that while both are useful, since multiple versions are involved I find it slightly easier to relate the following to the EXE because of the actual file offsets:

Code: Select all

0000856D:i833EE20300            cmp (w)   [+03E2],+00       ; copyprot screen shown?
00008572:i7403                  je        file:00008577     ; no, show it
00008574:iE91A01                jmpn      file:00008691     ; yes, don't show it
as compared to this:

Code: Select all

seg005:129D 83 3E E2 03 00      cmp       copyprot_shown, 0 ; changed in IR C1, IR C4
seg005:12A2 74 03               jz        loc_6577
seg005:12A4 E9 1A 01            jmp       loc_6691
Anyway, thanks a lot, I finally understand how this is working now. :)
Post Reply