Bound scenario fixup trigger-kind retags
This commit is contained in:
parent
e57b07c9bc
commit
76396ee12e
4 changed files with 30 additions and 1 deletions
|
|
@ -740,7 +740,7 @@ address,size,name,subsystem,calling_convention,prototype_status,source_tool,conf
|
|||
0x00442ad3,14,locomotive_policy_map_primary_issue_id_to_engine_family_index,simulation,cdecl,inferred,objdump + caller xrefs + local disassembly + stream-save correlation,3,"Inverse sibling of `0x00442a85` in the same locomotive-policy strip. The helper subtracts base issue id `0x0f0`, and when the resulting compact index rises above `0x6f` it removes the inserted gap `0x69` to recover the original primary engine-family or policy index. Current grounded caller is the stream-save path `0x00430ff2`, which uses this inverse map when serializing the primary issue band back into the compact save-side index space. This is the safest current read for the primary issue-id-to-index inverse rather than a free-standing subtractive helper.","objdump + caller xrefs + local disassembly + stream-save correlation + locomotive-policy correlation"
|
||||
0x00442ae1,14,locomotive_policy_map_secondary_issue_id_to_engine_family_index,simulation,cdecl,inferred,objdump + caller xrefs + local disassembly + stream-save correlation,3,"Inverse sibling of `0x00442aac` in the same locomotive-policy strip. The helper subtracts base issue id `0x15f`, and when the resulting compact index rises above `0x65` it removes the inserted gap `0x16` to recover the original secondary engine-family or policy index. Current grounded caller is the stream-save path `0x00431007`, which uses this inverse map when serializing the secondary issue band back into the compact save-side index space. This is the safest current read for the secondary issue-id-to-index inverse rather than another subtractive arithmetic stub.","objdump + caller xrefs + local disassembly + stream-save correlation + locomotive-policy correlation"
|
||||
0x00442ba0,143,shell_export_live_setup_preview_payload_record_and_normalize_pixel_block_0x100x0x100,shell,thiscall,inferred,objdump + caller inspection + local disassembly + payload-export correlation,3,"Concrete live-payload export helper in the setup and map-bundle strip. The helper copies one `0x403c2`-byte live payload record from `[this+0x66be]` into the caller buffer, forces the leading validity byte to `1`, patches the exported world dimensions from `[0x0062c120+0x2155/+0x2159]` into offsets `+0x01/+0x05`, mirrors two live shell-controlled sidecar dwords from `[0x006d4024+0x11471a]` and `[0x006d4024+0x11471e]` into offsets `+0x09/+0x0a`, mirrors the low byte of shared dword `0x0062bec4` into offset `+0x0b`, and then normalizes the embedded pixel block at `+0x03c2` through `0x0047a120` with fixed dimensions `0x100 x 0x100`. That sidecar-byte trio is tighter now too: the later package-save tail reads `[world+0x66c8]` and `[world+0x66c9]` as the companion-image and companion-payload sidecar gates, so the exported payload bytes `+0x0a` and `+0x0b` are the same two save-side gate lanes inside the copied `0x66be` block. Current local save-side evidence also shows `0x0062bec4` being reseeded by `shell_map_file_world_bundle_coordinator` `0x00445de0` from the shell-owned selector pair `[0x006d4024+0x11472a/+0x11472e]` before this exporter runs, while the broader settings owner `shell_settings_window_handle_message_dispatch_and_persist_display_runtime_sidecar_family` `0x00464c80` toggles the same shell dwords `0x11471a/0x11471e/0x11472a/0x11472e` and enforces the grounded implication rules `!0x11471e -> clear 0x11472a` and `(0x11472a || 0x11472e) -> set 0x11471e`. The two current save-side callers now split cleanly: package-save branch `0x00444f42` calls `0x00442ba0` and then immediately re-enters `0x00441ec0`, while the `.smp` serializer branch at `0x00446312` calls `0x00442ba0` and then emits `0x2ee0`, writes the full `0x403c2` payload through `0x00531030`, and closes `0x2ee1` directly. This is the safest current read for the live setup-preview payload exporter rather than a generic memcpy wrapper.","objdump + caller inspection + local disassembly + payload-export correlation + companion-image correlation + bundle-tag correlation + payload-size correlation + sidecar-gate correlation + save-coordinator correlation + shell-sidecar-selector correlation + save-branch-split correlation"
|
||||
0x00442c30,3600,shell_apply_scenario_name_specific_post_load_world_and_object_fixups,shell,thiscall,inferred,objdump + caller inspection + local disassembly + scenario-string correlation,4,"Broad post-load fixup owner reached from `world_entry_transition_and_runtime_bringup` at `0x00444b50`. The helper compares the caller-supplied scenario title against many fixed `.rdata` names including `Go West!`, `Germany`, `France`, `State of Germany`, `New Beginnings`, `Dutchlantis`, `Britain`, `New Zealand`, `South East Australia`, `Tex-Mex`, `Germantown`, `The American`, `Central Pacific`, and `Orient Express`, with several branches further gated by campaign-scenario byte `[this+0x66de]`. The matched bodies are no longer just generic title-side edits. Current local disassembly now grounds several concrete examples: the non-campaign `Go West!` branch retags linked world-object row `7` named `Open Aus` by promoting byte `[obj+0x7f9]` from `1` to `2` when its nested opcode-`0x1b` payload is still in the expected starter state; the campaign-gated `Go West!`/`Germany`/`Orient Express` side nudges selected city float pairs `[city+0x25a/+0x25e]` upward when they remain below fixed thresholds; the `Central Pacific` branch injects repeated localized `Company Track Miles`-style text lines into the shell band `[this+0x4f30]` through `0x0051e5d0`; later branches copy paired ten-dword record blocks when specific object-name/class pairs match; patch secondary-raster bits through the fixed table `0x005ee508..0x005ee5cc`; mutate opcode payload dwords and bytes inside collections rooted at `0x0062be18`, `0x0062bae0`, and `0x006ada80`; and update one later collection at `0x0062b268`. This is the safest current read for the scenario-name-specific post-load fixup owner rather than a generic string-dispatch helper.","objdump + caller inspection + local disassembly + scenario-string correlation + live-world mutation correlation + post-load-fixup correlation + campaign-flag correlation"
|
||||
0x00442c30,3600,shell_apply_scenario_name_specific_post_load_world_and_object_fixups,shell,thiscall,inferred,objdump + caller inspection + local disassembly + scenario-string correlation,4,"Broad post-load fixup owner reached from `world_entry_transition_and_runtime_bringup` at `0x00444b50`. The helper compares the caller-supplied scenario title against many fixed `.rdata` names including `Go West!`, `Germany`, `France`, `State of Germany`, `New Beginnings`, `Dutchlantis`, `Britain`, `New Zealand`, `South East Australia`, `Tex-Mex`, `Germantown`, `The American`, `Central Pacific`, and `Orient Express`, with several branches further gated by campaign-scenario byte `[this+0x66de]`. The matched bodies are no longer just generic title-side edits. Current local disassembly now grounds several concrete examples: the non-campaign `Go West!` branch retags linked world-object row `7` named `Open Aus` by promoting byte `[obj+0x7f9]` from `1` to `2` when its nested opcode-`0x1b` payload is still in the expected starter state; the campaign-gated `Go West!`/`Germany`/`Orient Express` side nudges selected city float pairs `[city+0x25a/+0x25e]` upward when they remain below fixed thresholds; the `Central Pacific` branch injects repeated localized `Company Track Miles`-style text lines into the shell band `[this+0x4f30]` through `0x0051e5d0`; later branches copy paired ten-dword record blocks when specific object-name/class pairs match; patch secondary-raster bits through the fixed table `0x005ee508..0x005ee5cc`; mutate opcode payload dwords and bytes inside collections rooted at `0x0062be18`, `0x0062bae0`, and `0x006ada80`; and update one later collection at `0x0062b268`. The event-side trigger-kind boundary is tighter now too: the grounded `[event+0x7ef]` writes inside this helper are still only the `SP - GOLD` retag at `0x00443526` (`row 1`, `1 -> 5`) and the `Labor` retag at `0x00443601` (`row 0x0d`, `0 -> 2`), while the surrounding event-side branches at `0x004436ca`, `0x004438e8`, `0x00443948`, and `0x004439a8` only patch modifier bytes `[event+0x7f9/+0x7fa]` or nested payload dwords under already-existing trigger kinds `6`, `5`, `1`, `2`, `3`, or `9`. No grounded branch here seeds `[event+0x7ef] = 8`. This is the safest current read for the scenario-name-specific post-load fixup owner rather than a generic string-dispatch helper.","objdump + caller inspection + local disassembly + scenario-string correlation + live-world mutation correlation + post-load-fixup correlation + campaign-flag correlation + event-trigger-kind-retag correlation"
|
||||
0x0044c450,96,world_rebuild_all_grid_cell_candidate_cargo_service_bitsets,map,thiscall,inferred,objdump + local disassembly + caller inspection,3,"Late world-reactivation sweep inside `world_entry_transition_and_runtime_bringup` `0x00443a50`. The helper walks the full live world grid rooted at `[this+0x2129]` through dimensions `[this+0x2145/+0x2149]`, resolves each cell pointer, and re-enters `placed_structure_rebuild_candidate_cargo_service_bitsets` `0x0042c690` on every cell record. Current grounded caller is the later world-entry tail at `0x444b24`, immediately after `world_clear_and_reseed_region_center_world_grid_flag_bit` `0x0044c4b0` and before the route-style link rebuild at `0x468300`, so this is the current safest read for the world-wide grid-cell cargo-service-bitset refresh wrapper rather than another generic world-grid loop.","objdump + local disassembly + caller inspection + world-grid correlation + cargo-service correlation"
|
||||
0x0044c4b0,192,world_clear_and_reseed_region_center_world_grid_flag_bit,map,cdecl,inferred,objdump + local disassembly + caller inspection,3,"Late world-reactivation helper inside `world_entry_transition_and_runtime_bringup` `0x00443a50`. The first sweep walks the full live world grid rooted at `[0x0062c120+0x2129]` through dimensions `[+0x2145/+0x2149]` and clears bit `0x10` in each cell byte `[cell+0xe6]`. It then walks the live region collection at `0x0062bae0`, keeps only regions whose class byte `[region+0x23e]` is zero, resolves one representative center cell through `world_region_resolve_center_world_grid_cell` `0x00455f60`, and sets that same bit on the resolved cell. Current grounded caller is the later world-entry tail at `0x444b19`, between the post-bundle runtime refresh phase and the later shell or company-cache follow-ons, so this is the current safest read for the region-center world-grid flag reseed pass rather than another generic grid scrub.","objdump + local disassembly + caller inspection + region-grid correlation"
|
||||
0x0044c570,256,world_mark_secondary_raster_clear_cell_mask_0x3e_as_class_2_and_cache_bounds,map,thiscall,inferred,objdump + caller xrefs + local disassembly + secondary-raster correlation,3,"Small secondary-raster mutation helper beneath the later marked-cell scan and overlay-cache family. After clamping the caller cell coordinates against the current secondary-grid dimensions, the helper resolves the byte raster rooted at `[this+0x2135]` using row stride `[this+0x2155] + 1` and only proceeds when the target byte has no bits in mask `0x3e` and the parallel class predicate `world_secondary_raster_query_cell_class_in_set_1_3_4_5` `0x00534e10` also reports false. On the admit path it widens cached min/max bounds `[this+0x21c6..+0x21d2]`, increments the marked-cell count `[this+0x21d6]`, and then rewrites the target raster byte with `(byte & 0xc3) | 0x02`, i.e. it preserves the outer two bits and the low bit while forcing the masked class field to `0x02`. Current grounded caller is the later radial mutation branch at `0x0044e8e7`, and the written bounds/count fields are the same ones later scanned by `world_scan_secondary_grid_marked_cell_bounds` `0x0044ce60`, so this is the safest current read for the small secondary-raster cell-marker helper rather than another generic bounds updater.","objdump + caller xrefs + local disassembly + secondary-raster correlation + marked-cell-bound correlation"
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
|
|
@ -172,6 +172,13 @@ editor strip rather than to ordinary post-load simulation bringup.
|
|||
- `0x0062bae0`
|
||||
- `0x006ada80`
|
||||
- `0x0062b268`
|
||||
- The event-side trigger-kind boundary is narrower now too:
|
||||
- grounded `[event+0x7ef]` writes inside `0x00442c30` are still only:
|
||||
- `0x00443526`: event row `1`, `1 -> 5`
|
||||
- `0x00443601`: event row `0x0d`, `0 -> 2`
|
||||
- the surrounding surfaced event branches only patch modifier bytes `[event+0x7f9/+0x7fa]`
|
||||
or nested payload dwords under already-existing kinds `6`, `5`, `1`, `2`, `3`, or `9`
|
||||
- no grounded branch in `0x00442c30` seeds `[event+0x7ef] = 8`
|
||||
|
||||
## Explicit Trigger-Kind Retags Already Grounded
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue