ProdigySim/cvomitupdatepatch.asm

## cvomitupdatepatch.asm
; Boomer vomit fix
; Basically, we need to patch the 8 bytes at 002AF6F8 to load a ptr to
; 0x10 bytes before the 30tick gpGlobals->frametime
; something like mov eax, ADDR_OF_FAKE_GPGLOBALS; nop; nop;

.text:002AF6E6 loc_2AF6E6:                             ; CODE XREF: CVomit::UpdateAbility(void)+6A2j
.text:002AF6E6                                         ; CVomit::UpdateAbility(void)+6D4j
.text:002AF6E6                 mov     eax, [ebp+var_48]
.text:002AF6E9                 mov     [ebp+var_6C], eax
.text:002AF6EC                 mov     eax, [ebp+var_44]
.text:002AF6EF                 mov     [ebp+var_68], eax
.text:002AF6F2                 mov     eax, [ebp+var_40]
.text:002AF6F5                 mov     [ebp+var_64], eax
.text:002AF6F8                 mov     ecx, ds:(gpGlobals_ptr - 0DB0FF4h)[ebx] ; Load gpGlobals_ptr to ecx, 6 bytes
.text:002AF6FE                 mov     eax, [ecx] ; Load gpGlobals into eax, 2 bytes
.text:002AF700                 fld     dword ptr [eax+10h] ; read gpGlobals->frametime (tick interval),  3 bytes
.text:002AF703                 fld     [ebp+var_184]
.text:002AF709                 fmul    st, st(1)
.text:002AF70B                 fadd    [ebp+var_44]
.text:002AF70E                 fld     [ebp+var_188]
.text:002AF714                 fmul    st, st(2)
.text:002AF716                 fadd    [ebp+var_40]
.text:002AF719                 fxch    st(2)
.text:002AF71B                 fmul    [ebp+var_180]
.text:002AF721                 fadd    [ebp+var_48]
.text:002AF724                 fstp    [ebp+var_48]
.text:002AF727                 fstp    [ebp+var_44]
.text:002AF72A                 fstp    [ebp+var_40]
.text:002AF72D                 fld     [ebp+var_190]
.text:002AF733                 fadd    dword ptr [eax+10h] ; read gpGlobals->frametime, 3 bytes
.text:002AF736                 fst     [ebp+var_190]
.text:002AF73C                 fld     [ebp+var_1A0]
.text:002AF742                 fxch    st(1)
.text:002AF744                 fucomip st, st(1)
.text:002AF746                 fstp    st
.text:002AF748                 ja      loc_2AFDAC
.text:002AF74E                 mov     eax, dword ptr ds:(z_vomit_debug+1Ch - 0DB0FF4h)[ebx]
.text:002AF754                 mov     ecx, [eax+30h]
.text:002AF757                 test    ecx, ecx
.text:002AF759                 jnz     loc_2AFC56


.rodata:00B45404 flt_B45404      dd 0.033333335 ; I believe this is a dd of the 30tick frametime in memory, but I don't know much in terms of finding this at runtime

; If we can load 16 bytes before this constant into eax, we should be golden.
	; Boomer vomit fix
	; Basically, we need to patch the 8 bytes at 002AF6F8 to load a ptr to
	; 0x10 bytes before the 30tick gpGlobals->frametime
	; something like mov eax, ADDR_OF_FAKE_GPGLOBALS; nop; nop;

	.text:002AF6E6 loc_2AF6E6: ; CODE XREF: CVomit::UpdateAbility(void)+6A2j
	.text:002AF6E6 ; CVomit::UpdateAbility(void)+6D4j
	.text:002AF6E6 mov eax, [ebp+var_48]
	.text:002AF6E9 mov [ebp+var_6C], eax
	.text:002AF6EC mov eax, [ebp+var_44]
	.text:002AF6EF mov [ebp+var_68], eax
	.text:002AF6F2 mov eax, [ebp+var_40]
	.text:002AF6F5 mov [ebp+var_64], eax
	.text:002AF6F8 mov ecx, ds:(gpGlobals_ptr - 0DB0FF4h)[ebx] ; Load gpGlobals_ptr to ecx, 6 bytes
	.text:002AF6FE mov eax, [ecx] ; Load gpGlobals into eax, 2 bytes
	.text:002AF700 fld dword ptr [eax+10h] ; read gpGlobals->frametime (tick interval), 3 bytes
	.text:002AF703 fld [ebp+var_184]
	.text:002AF709 fmul st, st(1)
	.text:002AF70B fadd [ebp+var_44]
	.text:002AF70E fld [ebp+var_188]
	.text:002AF714 fmul st, st(2)
	.text:002AF716 fadd [ebp+var_40]
	.text:002AF719 fxch st(2)
	.text:002AF71B fmul [ebp+var_180]
	.text:002AF721 fadd [ebp+var_48]
	.text:002AF724 fstp [ebp+var_48]
	.text:002AF727 fstp [ebp+var_44]
	.text:002AF72A fstp [ebp+var_40]
	.text:002AF72D fld [ebp+var_190]
	.text:002AF733 fadd dword ptr [eax+10h] ; read gpGlobals->frametime, 3 bytes
	.text:002AF736 fst [ebp+var_190]
	.text:002AF73C fld [ebp+var_1A0]
	.text:002AF742 fxch st(1)
	.text:002AF744 fucomip st, st(1)
	.text:002AF746 fstp st
	.text:002AF748 ja loc_2AFDAC
	.text:002AF74E mov eax, dword ptr ds:(z_vomit_debug+1Ch - 0DB0FF4h)[ebx]
	.text:002AF754 mov ecx, [eax+30h]
	.text:002AF757 test ecx, ecx
	.text:002AF759 jnz loc_2AFC56


	.rodata:00B45404 flt_B45404 dd 0.033333335 ; I believe this is a dd of the 30tick frametime in memory, but I don't know much in terms of finding this at runtime

	; If we can load 16 bytes before this constant into eax, we should be golden.