MAFIA ADSRESSES //GOLOD55 10.08.16


address = 006614C0(006C3B18 for 1.2) = tacho_line slerp_rot value(0-1 float)
address = 006614E4(006C3B3C for 1.2) = fuel_line slerp_rot value(0-1 float)
address = 0063B348 = some moving speed coeff for cars(+traffcars)\tommy(+traffpeds)(0.001 float)(adr = 00624f78 maybe for 1.2)
address = 0063B2d0 = coeff for odometer value and speed (0.1(0.1 km for last odo_register?) float)
address = 0066149C = tommy car speed km/h (get_value)
address = 661534(6C3B8C for 1.2) = flt value of cardamage_indicator(get_value). command getcardamage uses this value too(?)
address = 6f94a4 = gametime counter?

---
650468    .   0.4     _.
---
mafiascript 
{0x23D29C, 0x226924, 0x22792C}; // float;      (    )
{0x23D2A0, 0x226928, 0x227930}; // float;   ( x  y)    
---
fps_limit:
1.0 Game.exe: 0x005F95BC
1.1 Game.exe: 0x005BE02C
1.2 Game.exe: 0x005BE7CC

6A10 - push 10h, if to make push 00 then no fps_limit.

10h = default ticktime (1000/10h=63fps)

-
0018FA60 stores current ticktime
-

00661a04  =  ?    .  - = xxxxx1yyy  1=sec

---
 - _:
Game.exe+261A04
Game.exe+2F94A4

---
 1.0:
0063E390  float 230 = cache_distance(?)
005A89Ca  float 200 = ?     -50.        3.
006F94D8  float   = scene2 .(    ).      (  2   Skip Max Distance  ,   )
006F94D4  float (0.3...1.0) =    .

  2     .

00647E90 - scene2 dist for 1.2
---

. 

00656110 - 0
00656161 - 0
0065608c - 1. 

 00656110 (?)

005E3DD8 - 88 1D 10616500  - mov [Game.exe+256110],bl <<


-
mafiascript 
004021E5:
dd (float) // appearance_distance

004021ED:
dd (float) // disappearance_distance
    1.1

---

   (   )  1.0:

mov     eax, dword ptr [0x65115c]
mov     ecx, [eax+0x10]
mov     eax, [ecx+0x17C]
add     eax, 0x00000040    -  


---

tunnel fix (    ).
     16  12 (Byte 10h -> 0Ch)     "sector tunel".

mov     edi, offset aSectorTunelmnh
mov     esi, eax
mov     ecx, 10h

 : 

00467D52\0042108E\00420F1E  for 1.0\1.1\1.2
---

65536C =  .    \\.  . ?  2    4:
1:
 =2
 =5     3 (2+ 1+1+1 =5?) 0044B704 - A3 6C536500 - mov [Game.exe+25536C],eax <<
     
2:
=00  
=01   ( =00 )
=02  


---
GOLOD55 
address 006613D4 (maybe u use it in mse1.5)
value 1 hides whole hud like mse_command
GOLOD55 
incar hud value = 6. if we set 0 then no car_hud and no health_hud. but radar and MAP works
GOLOD55 
i think we need to change mse_command. let param will be this direct value
GOLOD55 
so rd3 may use value 0 for carhud_disabling. value 1 is usefull for screenshots
GOLOD55 
ooo value 4 is ideal for rd3. no car_hud but others are fine
GOLOD55 
interesting..when we get taxiped value = 140 (+clocks+compass) but when we re_seat into taxi then car_hud activates and value = 142
GOLOD55 
looks like this byte using bitflags
GOLOD55 
bitflags(from the left):
 
1 1=+compass
2 no effect
3 no effect(1=-radar)
4 no effect
5 1=+clocks
6 1=+wingmann
7 1=+car_hud
8 1=off whole hud(even map)

GOLOD55 
so in order to disable car_hud only we need get current 006613D4 value and to zero bitflag #7
GOLOD55 
so we may create 2 commands. mse_carhud_off  and mse_hud_off
GOLOD55 
the only problem is that when u re_seatting into car then car_hud activates again automatically. instead of whole_hud_off situation. but its no big problem for rd3 gameplay

-
:
address 006613D4 -     
address 006613D5 -  00.  02     "!"(02  -       )
address 006613D6 - ..
 00 - 
 01 -   showcardamage( )
 02 - .
 03 =01+02
 04 -  .   _
 05 =01+04
 06 =02+04
 07 =01+02+04

     ..
 08 - 
 09 =01
 ...

--
address 006613D7  byte = wingmann_indicators:

00=00000000 = 1  
10=00010000 = 2  
30=00110000 = 3  
70=01110000 = 4  
F0=11110000 = 5  

 next=2x+1

   _.  = OR 8 = XXXX1000 =  +(    ,      )


---
hood map:

sub_54D180(sub_5FB060 for 1.2):
 63B298 =  (10),        - 
 63B29C =    
 63B52C =   
 63B920 = 0.5(double) -      
 63B6EC = freeride_score scale


ps2map   : 26193062 . U/V=0.8550440744368266406


 63b340(6236C0 for 1.2) = scaleX (0.4)
63c16c(622B08 for 1.1, 623B08 for 1.2) = scaleY (0.55) x*U/V				  3=0.18333333

 63B2D0(6234bc for 1.2) = map_window scaleX(from right)
 63B358(6237c8 for 1.2) = map_window scaleX(from left)
 63BD58(6236b8 for 1.2) = map_window scaleY(from down)
 63d284(627914 for 1.2) = map_window scaleY(from up)

  63B32C(6232f8 for 1.2) = some statcoeff for posX?
 63D290(627920 for 1.2) = posX
63D298(626920 for 1.1, 627928 for 1.2) = map_slide_speedX 				 =0.00023

 63D288(627918 for 1.2) = some statcoeff for posY?
63D28C(626914 for 1.1, 62791c for 1.2) = posY						impiric = 0.868  
63d294(62691C for 1.1, 627924 for 1.2) = map_slide_speedY. x*U/V			  3   =-0.0001694

 63C51C(624bdc for 1.2) = setcompass map_scale\map_window_sizeX\backposX coeff
63D278(626900 for 1.1, 627908 for 1.2) = setcompass map_scale\map_window_sizeY\backposY coeff x/(U/V).   3=5.454545021
 63B5BC(623c10 for 1.2) = setcompass backposX
 63D274(627904 for 1.2) = setcompass backposY


-
63B300(624b0c for 1.2) (-0.5) = setcompass slide limit+Y	x*U/V=-0.1660 * .    
63B2C4(6232fc for 1.2) (0.5)  = setcompass slide limit-Y  	     =0.1660 * .    

....
 55208C   55213A(  .  2).      2   -+0.5 ( 5520e0  552132)

      (\).    ,         .   - -  .

   2433528  2  - 006521F8  006521FC (-0.1660  +0.1660)..
   :
1) 00B36300  F8216500 
0015208E(2001a0 for 1.2)
001520A3(2001b5 for 1.2)
001520B7(2001c9 for 1.2)
001520C7(2001d9 for 1.2)
001520D4(2001e6 for 1.2)
001520E0(2001f2 for 1.2) float -0.5 -> -0.1660
2) C4B26300  FC216500
001520EA(2001fc for 1.2)
001520F9(20020b for 1.2)
0015210D(20021f for 1.2)
00152117(200229 for 1.2)
00152126(200238 for 1.2)
00152132(200244 for 1.2) float 0.5 -> 0.1660

!    -      . ..    ,        11.     .

       63D278(!)



============================================================================================================================
car_base=:
(value at 6F9464)+e4+98  for mafia 1.0
(value at 6367b4)+24+e4+98  for mafia 1.1
(value at 63788C)+24+e4+98  for mafia 1.2


(value at 6F9464)+2B0C = __( )   \ . _  .



--------------
+4 = some car_lock status? 00,02 etc=norm; 01,03 etc=tommy may only use doors but no engine and others

+10 = actor_type value(4, dword)

+5D/+5E(same for 1.2) byte/byte - if = 01/00 then ok. if = 00/01 then engine is blocked(0 rpm), at engine starting attempt: failing with fail-sound. do not do 00/01 when engine is on(sounds dont stop). + car_shadow dissappearing lag?

+5F(+350 for 1.2) byte - =0 when car is out of camera view, =1 when car is in camera view

+94 = some rpm acceleration coeff(if >1 then car accelerates itself)

+B4  - copies +2018

+19c(+11C for 1.2) = current parent's(sector) frm_id for this car

+1BC	float 100	default health of car optics(?)
+1C0	float 70
+1C4	float 20

+1F0 = pointer of car_optics block start
+1F4 = pointer of car_optics block end

it has subblocks with 20h size, structure:
+0			pointer of car_optics dummy (LIGHTRE06)
+4			pointer of billboard (BILLBOARD12)
+8			pointer of decal_obj
+			pointer of light_obj
+10	0X00FFFF	optics_type
+14	00000080	?
+18	0000C842	100 float = health.     +1BC	
+1C	00000000	?


+200 = pointer of car_projector block start
+204 = pointer of car_projector block end
+208 = +204 (?)

+220((+1a0 for 1.2)) = float =~0.7. car_speed makes it less

+228(+1a8 for 1.2) = car using time(in sec). its stops in ~ 7sec after we go out of a car

+23C(+1bc for 1.2) = if 0 then traffcars ignore our car(breaking)

+244(+1C4 for 1.2) = handbreak using(1/0, byte)

+294 byte =last car deal status? 0-0B? bitflags?
1=car moving 
2= car stays with engine on(but without driver?)
3= car got breaking
4=engine off
5
6=car stays with engine off
9 when car isnt calmed(at repair)
..

+297 byte =0 when car moves or when engine is off, =1 when car stays
+298 long = some timer linked to +294 value changing

+2A0(+220 for 1.2) = some engine_power coeff(0..1, float). each engine_health changing recalculates this value

+2A4(+224 for 1.2) = engine_health(0-100 float)
+2A8((+228 for 1.2)) = engine_health_max

+2D0(+250 for 1.2) = SMOKE_MOTOR vector

+2DC(+25C for 1.2) = gear_box health(0-100 float)
+2E0((+260 for 1.2)) = gear_box health_max

+308(+288 for 1.2) - stores value=address of deform_block begin
+30C(+28c for 1.2) - stores value=address of deform_block end.
 
each deform_subblock has 13 dword params. so subblocks count = delta(end-begin)/13*4. each car obj with any deform_subtype has here own subblock.
subblock struct:
+00 long1 = frame identificator
+04 long2 = some address
+08 long3 = some address 
+0C long4 = deform_type id
+10 long5 = some address
+14 long6 = some address
+18 float7 = max of health
+1C float8 = deform_antidurability(for example if 0 then glass will dieing without texture changing; =0 for body,spz,..)
+20 float9 = current health
+24 float10 = health_durability(0...100)
+28\+2C\+30 = some equel longs for all objs in this list

sub_4D1A80: loc_4D1AFC(for 1.2) - reading deform_types..
deform_type id table:
01= body 
02= bumper
03= glass
04= mirror
05= light
06= wing
07= spz
08= door *no deform_obj in list?
09= roof


sub_468BC0: loc_4694CC(for 1.0) - operates with deform_block..
loc_469502: - cycle 34h(=13*4 bytes)
mov     ecx, [edi+308h]
sub     ebp, 34h

also cycle
loc_47083E:
sub     edx, 34h

sub_426EC0 for 1.2 works with 1-7 deform_type ids


+3C4(+344 for 1.2) = HEAD vector. quickload remembers edited vector

+438 = pointer of car_frame 
 structure:
 +0C  = pointer of actor
 +40  = coord_vector
 +80  = coord_vector
 +100 = pointer of scene2 name(primsector has 00000000)
 +104 = pointer of obj name itself(primsector has 00000000)
 +10C = pointer of parent
 +110 = obj_type id(09=model_obj, 06=dummy, ...01=mesh?, 0D=sector?)
 +154 = pointer of model name (Models\taxi00.i3d)

+468 = some vector of SWHEEL

+474 = strange value. if 0 then 00000 odom_value on hud, no speed_line and blackscreen. when u try to drive

+484 = coord_vector of car_camera(external cams may be moved manually(till vector rewrited by exe))

+490(+628 for 1.2) = engine on\off(1/0 float). no sound stopping with 0

+4A4(+428 for 1.2) float - handbreak using(increasing(up to 4.0 for taxi) at holding key, decreasing to 0 when dont)

+4b4 = float 1. if 0 then automatic gearbox works strange. almost like manual one

+4b8 = 1 when car stays, 0 when speed >0, when we decreasing speed it listing float values 0 - 1

+500(+484 for 1.2) = -15200 at taxi(-10*car_weight?) = gravity force. "i beleive i can fly"-effect at 0 :)

+508 = smthng linked to rpm

+50C/510/514(+490/494/498 for 1.2) - dinamic result push-vector for car(around xyz of Primary sector), decreasing while time[vect=0,10,0 is nice for circle drifting impulse]

+518(+49C for 1.2) - friction force of tires(~0.5 makes nice drift-effect. good for snow_mods)

+520(+4A4 for 1.2) float - handbreak using(increasing(up to 60000 for ~ 4sec for taxi) at holding key, = 0 when dont), working together with +4A4

+524\528\52c(+4a8\4ac\4b0 for 1.2) = push_factor vector(xyz)
+530\534\538(+4b4\4b8\4bc for 1.2) = push_factor vector for stand car(w/o tommy)

+54c(+4D0 for 1.2) = exhaust effect# (long)

+550 byte -      ,    ,  .

+560(+4E4 for 1.2) = linked to rpm(less idle and less rpm aceleration up to oig.idle RPM)
+564(+4E8 for 1.2) = linked to engine_power acceleration+rpm(value #7 in vehicles - Max power at idling RPM). 
similar to +2018 but holding max rpm provides less engine_power acceleration.

+56 = PowerBandKwMax(param# 9)
+570 = PowerBandRPMlo / 60 (param# 10)
+574 = PowerBandRPMhi / 60 (param# 11)
+578 = redlineRPM / 60 (param# 4)

+584(+508 for 1.2) = fuel eating speed_coeff(float)

+588 = same as +4b8

+590 float (1000.5) = speed_limiter(m/sec). when we activate M limiter then value = 16.5(*3.6=60km/h)

+5b0(+534 for 1.2) = wheels count. if to reduce by 1 then wheels will off(starting back-right wheel from)

+5b8(+53c for 1.2) = gearbox A\M (1\0, byte(long))

+5c4 = same as +574 but no effect when param PowerBandRPMhi was edited

+5d4 ...+5e8 = idleRPM / 60  = for sounds 0 volume(?)
+604 ...+618 = same as +5d4

+624 = param# 54

+628 = param# 55

+62c = 1 when prm is increasing, otherwise = 0(float)

+634 = current rpm_line position(rotation) 0...idleRPM/60...maxRPM/60(float)
+638 = similar +634 but for some sound?
fld     dword ptr [esi+634h]
fdiv    dword ptr [esi+1F88h]
fmul    ds:flt_63BD5C


+648(+5CC for 1.2) = gear# (ffffff7f\0\1\2\3\..., long)
+64c = copies value of +648 when it changes

+654(+5d8 for 1.2) = max gear count(long)

+658 = gear R ratio(param# 21)
+660 = gear 1 ratio(param# 24)
+664 = gear 2 ratio(param# 27)
+668 = gear 3 ratio(param# 30)
+66 = gear 4 ratio(param# 33)
+670 ...
+674 ...
+678 ...
+67 ...
+680 ...
+684 = gear 10 ratio

+688(+60C for 1.2) = car speed (m/sec)
+68c(+610 for 1.2) = same as +688
+690(+614 for 1.2) = same as +688
+694(+618 for 1.2) = same as +688

+698(+61c for 1.2) = RPM coeff. better then +1f88(no idle_lag, no sound_lags). savegames dont save it.

+6a0(+624 for 1.2) = some sound slerp value(?)(0...1 float)

+6A4(+628 for 1.2) float - reacts on engine off\on status(0\1). maybe +724 writing this.

+6bc = param# 14

+60 = strange value. if 0 then gearbox works strange
+6c4 = same as +6c0

+6e0(+664 for 1.2) = car weight(float)
+6e4(+668 for 1.2) = same value as +6e0 but no effect ingame

+6e8(+66C for 1.2) = weight vector(3 floats. its 1st) (params 67,68,69 in vehicles)

+6f4(+678 for 1.2) float - multiplier for wheels turn angle(not for swheel+hands_anim)(angle may be summary >360grad hehe)
+6fc(+680 for 1.2) float - copies +6f4
+700(+684 for 1.2) float - turning speed of wheels,swheel,hands_anim
+710(+694 for 1.2) = max_result_turn_angle for wheels(0 by default; when we start turning then something cals this value and write here immmediately(+ or - sign))
+714(+698 for 1.2) = current turn_angle of wheels(starting from 0  up to +710 value max)
+718(+69C for 1.2) = some coeff for turn_angle for wheels(?)(abs)
+720(+6A4 for 1.2) = wheels turning(float 0, when wheels start turn then it increasing up to +718 value max)
loc_473513:
fld     dword ptr [esi+714h]
fdiv    dword ptr [esi+6F4h]
fmul    ds:flt_63BD60


+724(+6A8 for 1.2) byte  - reacts on engine off\on status(0/1). if to make 0 at engine on then we cant stop engine and cant go out of a car. lags with idle_sounds. 

+D0C(+C90 for 1.2) float = 0.3(for taxi), temporally zeroing at engine starting

+D14 = SWHEEL identificator

+D18(+C9C for 1.2) byte = engine status off\on(0\1)[only get value]

sub_538220..(operates with engine off?)
00538595 - C6 86 A80C0000 00 - mov byte ptr [esi+00000CA8],00
005384C1 - C6 86 A80C0000 01 - mov byte ptr [esi+00000CA8],01
delta=+70

loc_538595:  (engine offing)
mov     byte ptr [esi+0CA8h], 0     <- +D18
mov     byte ptr [esi+6B4h], 0      <- +724
mov     byte ptr [esi+66Ch], 0      <- +6DC



sub_5178E0..(loc_5178EE)..(operates with engine on/off?)
delta=+70

mov     al, byte ptr [esp+8+arg_0]
mov     dword ptr [esi+0C9Ch], 459C4000h     <- =+D0C =5000 float? hm
cmp     al, bl
mov     [esi+66Ch], bl		    <- 66c+70=+6dc
jz      short loc_517921


mov     byte ptr [esi+0CA8h], 1     <- ca8+70=+d18
mov     byte ptr [esi+6B4h], 1	    <- 6b4+70=+724



+D1C(+CA0 for 1.2) = fuel count(float)

+D24(+CA8 for 1.2) = contains raw-address of wheels_addresses_block(they going one-by-one, the count is described by +5B0(+534 for 1.2) seem), the sequence is whl0, whl1, whr0, whr1.
sub_470D30(sub_429850 for 1.2): working with gearbox health, engine health, fuelcount and wheels(checking if car may drive?)

wheel block = 1E8 bytes(488dec):
+0 long1 = address of wheel name(TomyhoAuto.WHR1)
+4 long2 = wheel identificator
+8 long3 = parent identificator
+c long4 = ?
+10/+14/+18 floats5/6/7 = local coord-vector(via changing Y we may make lowrider feature); repair doesnt change it, fullload defaults its
+11C float72 = wheel turnangle multiplier(1.0); repair doesnt change it, fullload defaults its
+120 byte=29h when car stays, =09h when car moves 
+122 byte=01 when wheel rotates "forward", =00 when "back"(=rnd(0\1) value when car stays)
+12C long76 = some address
+130 long77 = some address
+134 long78 = some address
+140 long81 = some address
+144 long82 = some address
+148 long83 = some address
+14C long84 = some address
+184 float98 = max delta for wheel axis(at breaking)
+188 float99 = curent delta for wheel axis
+18C float100 = current health
+190 float101 = max health
+194 float102 = durability



+D54, +d58 = byte FF or FD. if to make EF or ED then it will be car_invisible effect(no colls with primitives)


+d55, +d59 byte = 211(215) when car is out of camera view, = 219(223) when car is in camera view

+D90 = pointer on some block start; block has some subblocks with 24h sizes
+D94 = pointer on some block end 

+E54 = pointer of 'BODY'

+E58 = address of vehicles.bin values block

----------------------
addresses = +(E58...EA4) = params# 1...20  in vehicles.

next 11 floats = +(E58...ED0) = gear_ratio values going(for gears R 123456789 10) = params# 21,24,27,30,33,36,39,42,45,48,51
next 11 floats = +(ED4...EFC) = gear_up values(%% of maxRPM) = params# 22,25,28,31,34,37,40,43,46,49,52
next 11 floats = +(F00...F28) = gear_down values(%% of maxRPM) = params# 23,26,29,32,35,38,41,44,47,50,53

next 19 floats = +(F2C...F74) = params# 54...72

next the huge DWH block of values going(10floats*24) = +(F78...1334)
 10 floats =  params 73,105,137...361
 10 floats =  params 74,106,138...362
 ..(params 77... are not float but long)*
 ...params 96,100,160...384

 next 8 unknown params going = +(1338...1354)

 next float part going(10floats*5) = +(1358...141C)
 10 floats =  params 100,132...388
 ...
 10 floats = params 104,136...392

next 10 floats = +(1420...1444) = params# 393...402

+1448 = param 403 (short?)
+144A...144F = params 404-409(byte?)

+1450 = param 410(float)
+1454 = param 411(byte) = if roof exists 0\1
+1458 = param 412 = exhaust effect id(idle)(long)
+145C = param 413 = exhaust effect id(moving)(float)
+1460...1474 = params 414...419(float)
.....
----------------------

+1f88(+200C for 1.2) = maxRPM(+e68)/60

+1F8C(+2010 for 1.2) = fueltank capacity (float)

+1f90(+2014 for 1.2) = odom value (float)

+1FFC(+20BC for 1.2) = unknown health_max(swichshowenergy case2)
+2000(+20C0 for 1.2) = unknown_detail durability(float 0-100; >100 isnt correct)
+2004(+20C4 for 1.2) = unknown health(swichshowenergy case2)
sub_469AD0: (loc_469CC4) - repairs this detail(also fueltank)


+2014(+20D4 for 1.2) byte = 00, =01 when car enters sector tunelmnh; handle setting 01 activates car_optics(lightba+projector)
working with +19c(+11C for 1.2)

+2018(20D8 for 1.2) = RPM acceleration coeff(1, float). ~similar to +2A0 but: no idle rolling, no recalculation with engine_health. savegames saving its ok. car_repair doesnt work with this value. ideal for NOS. also it makes drift_effect. 
+201C(+20DC for 1.2) - copies this value.
+B4   - copies this value.

loc_467C32..
mov     eax, [ebp+2018h]
mov     [ebp+201Ch], eax

loc_467C53:
mov     al, [ebp+4]
mov     ecx, [ebp+201Ch]
mov     edi, [ebp+19Ch]
mov     [ebp+0B4h], ecx


+2028(+20E8 for 1.2) long = 0; increasing when +202c!0 up to his value. after that=car_explosion
+202C(+20EC for 1.2) long = time_delay before car_explosion
+2030(+20F0 for 1.2) = byte 0. if 1 then it is car explosion flag. it may be at engine or fuletank dieing. engine death generates time(10000..16000 msec) before explosion
loc_467B34 operates with it


+2078(+2138 for 1.2) = FUEL vector

+2084(+2144 for 1.2) = TANK vector

+2094(+2154 for 1.2) = fuel leaving current_coeff ( 6,9,.. long)
+2098(+2158 for 1.2) = fuel leaving original_coeff ( 6,9,.. long)
when current_coeff<original_coeff then fuel start leaving with some speed=coeff2-coeff1 (usually delta=1 ingame)
i cant find these coeffs in vehicles. taxi has coeff 6, other car has 9.. maybe they are calculated from other vehicles data. settankhitcount overwrites both these coeffs with value we set

+20AC(+216c for 1.2) = car time after the last breaking(colls with pavement too),(in msec)(long). its stops in ~ 7sec after we go out of a car, any breaking zeroes value.
+20B0(+2170 for 1.2) = 0(byte), =1 when car wheel colls with pavement.

+20B8(+2178 for 1.2) = car_switchshowenergy param2 (byte; =3 by default)

+20BC(+217C for 1.2) byte = writes 0 when car go out tunelmnh
loc_467DA5(loc_420F72 for 1.2):
mov     byte ptr [ebp+2014h], 0
mov     byte ptr [ebp+20BCh], 0

+20CC = car name (like 'TAXI') string 20h?

+2100(+21C0 for 1.2)
 0F 00 00 00.    +2104.     (0F=00001111),     .
+2104:  FF FF FF FF.    -  - (   ?)
FF = 11111111  
FE = 11111110  0(,..      _uo)
FD = 11111101  1
FB = 11111011  2
F7 = 11110111  3
F0 = 11110000  4    

+21F4 =  ??

--

+1B0 byte = 0/1 ? 1 blocking car moving. repair makes 0(00519668 - 89 81 40010000  - mov [ecx+00000140],eax)

+1F94 byte = 0/1 ? zeroed ingame

+1FBC byte = 0/1 ? linked to +2118

+1FF1 byte = 1; 0 hasnt understandable effect. repair makes it = 1

+2031 byte = car_lock_all 0/1 (manual changing doesnt lock\unlock car, command blocking other "bytes" also seem)

+2033 byte = 0/1 ? repair zeroes it

+2035 byte = 0, =1 when tommy seats as driver

+2046 byte = 0/1 ? angry_byte

+204C byte = 0/1 ? zeroed ingame

+204D byte = car_breakmotor 0/1

+2071 byte = 0/1 some car_managing blocking. if to set manually 1 then doors and engine on\off is avaliable. 
at go out from car 00464974 - 88 9E 71200000  - mov [esi+00002071],bl recalculates it to zero)

+210  		    ...   (?)
+2110		  .   =280h  
+2114		=+2110 ?

+2118 dword = pointer of car low_shadow frame(OBJ_ Box01)

+211C byte = car_lock 0/1

+2148 byte = 0/1 ?

+214B byte = 0/1 ? repair zeroes it

+2158 byte = 0/1 ? zeroed ingame

+2159 byte = 0/1 ? repair zeroes it

+215B byte = 0/1 ? zeroed ingame


=============================

+294:       [esi+00000224],    esi=car_base+70 
        14 ,     4:
sub_50F7F0	0050FAF3 
sub_519650	00519687(+1   )
sub_52C3B0	0052C4A5 
sub_52C3B0	0052D3AA( 2 ) 


+297:
sub_52DFA0	0052E20F - 89 86 24020000  - mov [esi+00000224],eax	   
sub_517460	005175E9 - 81 A1 24020000 FFFFFFFE - and [ecx+00000224],FEFFFFFF     .
sub_52C3B0	0052CE53 - 89 8E 24020000  - mov [esi+00000224],ecx     

      (-,  1 )
sub_52C3B0	0052CFC0 - 89 86 24020000  - mov [esi+00000224],eax	
sub_52EA80	0053315C - 89 85 24020000  - mov [ebp+00000224],eax
sub_52C3B0	0052D463 - 89 86 24020000  - mov [esi+00000224],eax 

sub_517600	00517751 - 89 81 24020000  - mov [ecx+00000224],eax      
sub_517460	005175E9 - 81 A1 24020000 FFFFFFFE - and [ecx+00000224],FEFFFFFF   

\( 10h)
sub_519650	00519678 - 89 91 24020000  - mov [ecx+00000224],edx
sub_52C3B0	0052C4A5 - 89 86 24020000  - mov [esi+00000224],eax -    
sub_519650	00519687 - 89 91 24020000  - mov [ecx+00000224],edx

sub_52EA80	00532B46 - 89 85 24020000  - mov [ebp+00000224],eax -   ()      ()


 (1 )
sub_52C3B0	0052CE41 - 89 86 24020000  - mov [esi+00000224],eax -  +     _  
sub_50F7F0	0050FAF3 - 89 B5 24020000  - mov [ebp+00000224],esi 
sub_52C3B0	0052D3AA - 89 9E 24020000  - mov [esi+00000224],ebx 
sub_52C3B0	0052C4A5
sub_519650	00519687
sub_52C3B0	0052CFC0
sub_52D480	0052DE4C
sub_52DFA0	0052DFD2
sub_52C3B0	0052CBB6 
sub_52C3B0	0052C493
sub_52C3B0	0052C41D
=======================================================================================================
 :


sub_521A40 loc_521CFD: -    
mov     eax, [esi+298h]
add     eax, edi
mov     ecx, [eax+18h]
mov     [eax+20h], ecx

---
  :

sub_521D30	00521D86 - 89 91 8C010000  - mov [ecx+0000018C],edx
mov     edx, [ecx+190h]
mov     [ecx+18Ch], edx

   : -   
sub_521D30	00521D86 - 89 91 8C010000  - mov [ecx+0000018C],edx 

   esi=car_identificator+70

---
 :
0046AA37 - D9 98 8C010000  - fstp dword ptr [eax+0000018C] <<     6 
0046AA8E - C7 81 8C010000 00000000 - mov [ecx+0000018C],00000000  1 
===============================================
 car_swichshowenergy:

sub_6139C0 -  ,    661534(6C3B8C for 1.2)    showcardamage( 0  1)

(loc_613DFE):
call    sub_4707C0
fsubr   ds:flt_63B2BC
fstp    dword_661534

(loc_55616b for 1.2):
call    sub_429450
fsubr   ds:flt_623238
fstp    dword_6C3B8C


   -  sub_4707C0:

  car_swichshowenergy   car_base+20B8. - =3(;   )
    4 :

loc_4707E0:             ; jumptable 004707D9 case 0
fld     dword ptr [ecx+2DCh]			<-+2DC(+25C for 1.2) = gear_box health
fdiv    dword ptr [ecx+2E0h]
retn

loc_4707ED:             ; jumptable 004707D9 case 1
fld     dword ptr [ecx+2A4h]			<-+2A4(+224 for 1.2) = engine_health
fdiv    dword ptr [ecx+2A8h]
retn

loc_4707FA:             ; jumptable 004707D9 case 2
fld     dword ptr [ecx+2004h]			<-unknown health
fdiv    dword ptr [ecx+1FFCh]
retn

loc_470807:             ; jumptable 004707D9 case 3
mov     eax, [ecx+308h]				<-+308(for 1.0) - stores value=address of deform_block begin. health of the 1st deform_body in 4ds
test    eax, eax
jz      short loc_47084C ; default


:
    .  (0...1) -  %%  _,      , .    ..
  4 ( 4  car_switchshowenergy  0  3)[  2    .  _,   =3, ]. 
 4 cases:
0 =   
1 =   .       ,           (      )
2 =  . (,  "  ",     __, ""    ).            _,  .
3 =      _.           _,        deform_body  4.

--
     :
loc_466B26
--

   ..
1.  707D4 -   3  4: 83F803 -> 83F804
2.   70878  F8216500 -   case4   (002521f8)
3.   002521f8  :
fld     dword ptr [ecx+2094h]
fdiv    dword ptr [ecx+2098h]
retn

D98194200000D8B198200000C3

--
 5    06226500      00252206..


-----



----------

mov edx,[ecx+0xd24]
dec eax
mov    edx,DWORD PTR [edx+eax*4-4]
fld     dword ptr [edx+0x18c]
fdiv    dword ptr [edx+0x190]
ret
8B91240D0000488B5482FCD9828C010000D8B290010000C3
.  4



----------

fld     ds:flt_63B2BC
mov edx,[ecx+0xd24]
dec eax
mov    edx,DWORD PTR [edx+eax*4-4]
fld    dword ptr [edx+0x18c]
fdiv   dword ptr [edx+0x190]
fcom st(1)
jb 39
pop edx
ret
D905BCB263008B91240D0000488B5482FCD9828C010000D8B290010000D8D172395AC3

39
fxch st(1)
pop edx
ret
D9C95AC3

 ()

-----------------------
fld     ds:flt_63B2BC
mov edx,[ecx+0xd24]
dec eax
mov    edx,DWORD PTR [edx+eax*4-4]
fld    dword ptr [edx+0x18c]
fdiv   dword ptr [edx+0x190]
pop edx
pop eax
cmp edx,eax
jb 34
fld dword ptr [edx]
retn
D905BCB263008B91240D0000488B5482FCD9828C010000D8B2900100005A5839D00F8234000000D902C3

34
fld dword ptr [eax]
retn
D900C3

 ()

-----------------------
ASM 
The code would look something like this:

mov     edx, [ecx+5B0h]
fld1
test edx, edx
je end						7428 

next_wheel:
mov eax,[ecx+0xd24]

dec edx
mov    eax,DWORD PTR [eax+edx*4]
fld    dword ptr [eax+0x18c]
fdiv   dword ptr [eax+0x190]
fcom st(1)
fstsw ax
test ah, 1 (?) ; check for st(0) < st(1)
je next						7402

fxch st(1)

next:
fstp st(0)
test edx, edx
jne next_wheel					75d8                   

end:
ret
8B91B0050000D9E885D274288B81240D00004A8B0490D9808C010000D8B090010000D8D19BDFE0F6C4017402D9C9DDD885D275D8C3
!




----------------

fld1	D9E8
fld     ds:flt_63B2BC	D905BCB26300
===================================================================================

+1f88 = -   /.           _( .. .  _).   .. (   ) -   ,      .
--
    1f88 = maxRPM(+e68)/60;  ()  (  ):
+5D0
+814
+83C
+8BC
+8E4
+964
+98C
+B08 = gear0 sound
+B0C = gear1 sound
+B10 = gear2 sound
+B14 = gear3 sound
+B30 = important for sound fading at 80-100%
+B34
+B38
+BB0
+BD8
+C58 = ambi sound?
+C5C
+C60 = R sound
+C80 
+C84
+C88

      +1F88.


===============================================================================================

:

2094\2098  -   (   6  9?).      1. 
   -    .  2094=0  +2030  1 =  .
--
  = 2.
--
 =0.02 -   .
--
   00027e38 -     .  .
loc_467E28 .
============
sub_466B80 operates with car physics
sub_468BC0
============
sub_51A920       timegettime

loc_51A973:
push    53h -     ,      ,    .

============
loc_467FFA:
mov     ecx, ebp
call    sub_44C750    calling for SEAT*(?)

=========

?? +2B0C long =   . _ .

sub_48EE60  .       (16   7)...


=============

?? +e4+5db4 =   100,      _

==================
loc_470DB2:
   +5B0( )     .

+D24 =  raw-,        (-   +5B0, ) 
  488 :
  = 
 5,6,7 =  -(    )
 98 = .  
 99 =   
 100 =  
 101 = .
 102 = 
=====================================================

==============================================================================================================

_:

8,9,12 - 
14-

   
sub_5D4D10 -   17 
005D4D1D - 8B 47 14  - mov eax,[edi+14]
005D4D39 - 8B 77 14  - mov esi,[edi+14]

sub_5DA4B0 -   7 
005DA4C8 - C7 46 14 00000000 - mov [esi+14],00000000
005DA517 - 89 56 14  - mov [esi+14],edx
.       (   )

  19 (0-18)


------
e4+200  cam_vector. it changing with external car_cameras +when they are free rotated

 :
004CA525 - 89 16  - mov [esi],edx 
005846F2 - 89 08  - mov [eax],ecx

 :
005846FC - 89 48 04  - mov [eax+04],ecx
004CA537 - 89 46 04  - mov [esi+04],eax

 :
00584703 - 89 48 08  - mov [eax+08],ecx
004CA542 - 89 4E 08  - mov [esi+08],ecx 


==============================




===================================================================
-----------
lea     ecx, dword_650458[eax]   =    eax
-------------
GOLOD55 
+e4+98+ab8+118 - some counter. long. increasing at car moving
but other is interesting more..
GOLOD55 
im loking who writes it and  i see..
1001C75F - 41 - inc ecx
1001C760 - 83 F8 01 - cmp eax,01
1001C763 - 89 8F 18010000  - mov [edi+00000118],ecx <<
1001C769 - 75 15 - jne ls3df.I3D_frame::UpdateWMatrixProc+210
1001C76B - 8B 87 D8010000  - mov eax,[edi+000001D8]
ls3df writes it

====================
sub_522F70 = C_Vehicle::SetPower ? (23F4E0 in PS2)
sub_523FA0 = C_Vehicle::UpdateRotationWheels ? (257770 in PS2)


=======================
sub_52AA30
---
sub_469AD0 = car_repair?
 
sub_469AD0...call sub_50F7F0 -   ()	
loc_50FCFD = repair of wheels(matrix)?
(loc_50fdbc) -   .        .

 ...
1)  1 (jz      loc_50F8A2  -> jmp      loc_50F8A2)    -   . 0F84 ->90E9
2) -  1( loc_50F8A2 ) (jle     short loc_50F912  -> jmp     loc_50F912) -   . 7E->EB
3) -  2( loc_50F912 ) (jnz     short loc_50F928 -> jmp loc_50F979) -    ..->e955000000
   ,   ,     (  50)(E961010000)


======================
   -:

sub_5DA4B0	005DA68E - 8B 38  - mov edi,[eax] - 1     


sub_5D4DD0	005D7698 - D9 00  - fld dword ptr [eax]  -      (  ?)

----------
sub_5D4DD0 -   ?

===================
sub_52AA30  -  ?
===================
+D14 = SWHEEL identificator

====================
006619C0 = freeride_score ( +. =  ).       

:
sub_54D130	0054D13C - 89 86 90960000  - mov [esi+00009690],eax

EAX=000007D8
EBX=00000014
ECX=00658330
EDX=00000001
ESI=00658330
EDI=00000014
ESP=0018F0E8
EBP=37CCDFF8
EIP=0054D142
---
:
0054F033 - 81 BD 90960000 FFFFFF7F - cmp [ebp+00009690],7FFFFFFF

=====

6619C4 -  ,    .   63 +00 -   
--
24 =  $
30...39 =  0123456789
61...7A =       1.0 
--

 :
006290A8 - 88 02  - mov [edx],al <<

  00:
0062500A - 80 20 00 - and byte ptr [eax],00 <<


 
==============================================================================================================
 0067202C(006D35D4 for 1.1, 006D46A4 for 1.2)      ()
---
 661A14(006C2F9C for 1.1, 006C406C for 1.2) -  -   (0\1)
       :
0054BE4E - 88 86 E4960000  - mov [esi+000096E4],al <<
ESI=00658330

-

     (    )
00551324 - 8A 85 E4960000  - mov al,[ebp+000096E4] <<
EAX=30082200
EBX=0A807D60
ECX=CF58D3B0
EDX=00000000
ESI=FFFFFFFF
EDI=09013150
ESP=0018EE14
EBP=00658330
EIP=0055132A
   -  
-
      ..
  001DEFD9   call    sub_5C7DA0  (     ,  1   661A14      )

EAX=02C90888
EBX=00000000
ECX=14EC79D8
EDX=03020000
ESI=07E97EC0
EDI=07E9A998
ESP=0018F5D8
EBP=00000000
EIP=005DEFC5
-





 :

1.  call    sub_5C7DA0   40226500(00252240)

call 0x00073266
E8C28DFEFF()    E862320700


2.      00252240: 8B4424048981A4900000 C20400


3.    :

mov     ebx, [0x67202C]
cmp     ebx,0x0000003c
je  back	
mov     byte ptr [0x661A14],1
back:
mov     ebx,0
ret    0x4				


8B1D2C20670083FB3C7407C605141A660001BB00000000 C20400

 8B4424048981A49000008B1D2C20670083FB3C7407C605141A660001BB00000000C20400


!    .    .



4.   :


mov     ebx, [0x67202C]
cmp     ebx,0x0000003c
je  back
cmp     ebx,0x00000069
je  back
cmp     ebx,0x000000A5
je  back
cmp     ebx,0x000000C3
je  back
cmp     ebx,0x000000C5
je  back
cmp     ebx,0x000000F0
je  back
cmp     ebx,0x000000F3
je  back
cmp     ebx,0x00000113
je  back
cmp     ebx,0x00000115
je  back
cmp     ebx,0x00000122
je  back
cmp     ebx,0x00000145
je  back
cmp     ebx,0x00000154
je  back
cmp     ebx,0x000001AE
je  back
cmp     ebx,0x000001D1
je  back
cmp     ebx,0x000001D2
je  back
cmp     ebx,0x000001FE
je  back
cmp     ebx,0x00000208
je  back
cmp     ebx,0x00000217
je  back
cmp     ebx,0x00000221
je  back
cmp     ebx,0x00000230
je  back
cmp     ebx,0x00000231
je  back	
mov     byte ptr [0x661A14],1
back:
mov     ebx,0
ret    0x4

8B1D2C20670083FB3C0F84BD00000083FB3C0F84B400000083FB690F84AB00000081FBA50000000F849F00000081FBC30000000F849300000081FBC50000000F848700000081FBF0000000747F81FBF3000000747781FB13010000746F81FB15010000746781FB22010000745F81FB45010000745781FB54010000744F81FBAE010000744781FBD1010000743F81FBD2010000743781FBFE010000742F81FB08020000742781FB17020000741F81FB21020000741781FB30020000740F81FB310200007407C605141A660001C20400


    :

8B4424048981A49000008B1D2C20670083FB3C0F84B400000083FB690F84AB00000081FBA50000000F849F00000081FBC30000000F849300000081FBC50000000F848700000081FBF0000000747F81FBF3000000747781FB13010000746F81FB15010000746781FB22010000745F81FB45010000745781FB54010000744F81FBAE010000744781FBD1010000743F81FBD2010000743781FBFE010000742F81FB08020000742781FB17020000741F81FB21020000741781FB30020000740F81FB310200007407C605141A660001BB00000000C20400



=============================================

cardamagevisible

6560E4 -   (0\1), ?        .
--

   005C8DB0 - 88 0D E4606500  - mov [Game.exe+2560E4],cl <<

sub_5C8DB0 proc near
mov     byte_6560E4, cl
retn
sub_5C8DB0 endp

--
    004C9899 - A0 E4606500 - mov ax,[Game.exe+2560E4] <<



=============================================

661538 -      (),      .
--

   sub_54A9D0:

arg_0= dword ptr  4
mov     eax, [esp+arg_0]
mov     [ecx+9208h], eax <<
push    eax
add     ecx, 9214h
push    offset aD       ; "%d"
push    ecx             ; Dest
call    _sprintf
add     esp, 0Ch
retn    4


EAX=0000004F
EBX=00000000
 ECX=00658330
EDX=00000000
ESI=0AC2CA80
EDI=00000001
ESP=0018F820
EBP=0AC2D588
EIP=0054A9DA
--

  _54A9D0   :

loc_5DF009:
mov     eax, [esi+0E4h]        - _
fld     dword ptr [eax+644h]   -  
fdiv    dword ptr [eax+604h]   -  . 
fmul    ds:flt_63B31C
call    __ftol
push    eax
jmp     short loc_5DF02B
..
loc_5DF02B:
mov     ecx, offset unk_658330
call    sub_54A9D0
...


============================================
       (     ):

loc_467D4A:             ; "sector tunelmnh"
mov     edi, offset aSectorTunelmnh
mov     esi, eax
mov     ecx, 10h	<<    .   2(   1!) 10h->0Eh 

    'sector tunelmn'        'sector tunelmnx'.
   _   (   2   ).

PS         16 ,     = 15 ..
        _     ,  4   ,     ""  00(  4  .      00)

PS2      4  2  'sector Box01' -> 'sector tunel'        12 (mov     ecx, 0Ch).
 12     'sector Box01'  2 (  ,    );            .
   'mnh'   -  .

--
   -    12 ('sector tunel')

:

1.0:
:	mov     ecx, 10h	
:		00467D51	(  : 00467D52)	
: 	B910000000  B90C000000


1.1:
:	mov     ecx, 10h	
:		0042108D	(  : 0042108E)	
: 	B910000000  B90C000000


1.2:
:	mov     ecx, 10h	
:		00420F1D	(  : 00420F1E)	
: 	B910000000  B90C000000

----------------

   game.exe:

    .  'sector tunelmnh 1',   mnh   (00hex).
   16     .
      ,   2.

     ( ),     20h  mnh   00h.
,        (  2 ),        ,           .

PS   .    ,   2    :    -( _   -).
  16       (      ).

PS2     '..mnh 1'   ,      'sector tunelmnh'   00   20,       ,   -    (     2   mnh .  ).

:     .

----------------

 :

  	00467D31	mov     eax, [ebp+19Ch]		<<+19   _id   (,  ). 
(     	0052DE00 - 89 87 2C010000  - mov [edi+0000012C],eax <<)

        edi(   frm_id  (  edi   - ))         (      ).



================

  ..

   005A89Ca ( )  Game.exe+2F94D4( ).

=======================================

 ...



.   :

004B372A - 42 - inc edx
004B372B - 8B C2  - mov eax,edx
004B372D - 89 96 B0000000  - mov [esi+000000B0],edx <<
004B3733 - 3B C1  - cmp eax,ecx
004B3735 - 7C 0A - jl Game.exe+B3741

EAX=0000000B
EBX=0000000C
ECX=00000018
EDX=0000000B
ESI=03EA3610
EDI=00000014
ESP=0018F920
EBP=07E67EC0
EIP=004B3733

-
    :

004B3733 - 3B C1  - cmp eax,ecx
004B3735 - 7C 0A - jl Game.exe+B3741
004B3737 - C7 86 B0000000 00000000 - mov [esi+000000B0],00000000 <<
004B3741 - 8B 86 80000000  - mov eax,[esi+00000080]
004B3747 - 5F - pop edi

EAX=00000018
EBX=0000000D
ECX=00000018
EDX=00000018
ESI=03EA3610
EDI=00000001
ESP=0018F920
EBP=07E67EC0
EIP=004B3741








============================================

 _..

  =.  :
004FA98D - 89 96 18020000  - mov [esi+00000218],edx <<
004F72E6 - 89 8D 18020000  - mov [ebp+00000218],ecx <<

 2   .    .      .
 esi+0000021   .   - esi+00000220

..   (  Z-),    +220(        . +218)

esi+23 = .  (). .. Z-  esi+244

--
sub_5010B0     .  +220  +218  

  sub_4FBA80 -  +220  .

  .
----

  Z....


      .
    -     -.     100  50%

   +220   (  ),        +218
    ,       ,  .   +220   ,     .+218  +21,    .


   _    +220.      . 
    +220  +21,       ,     .

---


sub_5010B0  ..    . .   (         )
   . 656161(  ),  0    1      .
---


 _:

+24h = _ 
+58h =    (02daf220 = )
+68h =   ,   .+100     2(+104 =  )
+70h = 1()   0    (     )
+74h =       ( - =  +220)
+7h =       ( - =  +238h).  .
+80h =   ,     -     .
+84h...up to 214h = block 400dec (for 100 cars max) with some longs(result rnd for each car?)
+214 =   (   63h)
+218 = .  
+21 =    2(   +220  _)
+220 =  (        . +218)
+234 =   _ 
+238 =    _
+23 = _ (.).      (?)


-
 +74h =    .      +220(       100 ).   -     .
     .

    :

+0   =01    .   ,   (   ).   		  .
+4  ?
+8  
+      
+10 
+14 ?
+18  = .   ,         +0  1  0
+1 ?


loc_4F771C  ,   -   (+4 ,   0=  )
-

005010D7 - 8B 86 20020000  - mov eax,[esi+00000220] <<
005010DD - 33 FF  - xor edi,edi
005010DF - 85 C0  - test eax,eax

EAX=0000000E
EBX=00000012
ECX=0CC86AE8
EDX=0063CE20
ESI=0CC86AE8
EDI=00000012
ESP=0018F920
EBP=07587EC0
EIP=005010DD

-

call    sub_4EDAC0       ??

---
    sub_4FBA80    ?     -    

loc_4FEEC1:     +220? 
 +1    220  (  ),       .


-
 ...   +70,   +218       _

-----
 2 _  !

dim_flt 10
dim_act 10

findactor 2, "cars"
findactor 3, "cars2"

rnd 0, 2
gosub ToggleTraffic

commandblock 0

label Main
ctrl_read 1, HORN
if flt[1] = 1, -1, Main
gosub ToggleTraffic
wait 2000
goto Main

label ToggleTraffic
if flt[0] = 0, -1, Traf2
freeride_scoreset 333
act_setstate 2, INACTIVE
act_setstate 3, ACTIVE
let flt[0] = 1
return

label Traf2
act_setstate 3, INACTIVE
act_setstate 2, ACTIVE
let flt[0] = 0
return

 :

    _  (      2)

        , .    .

-
1 - 2  +:

      ( )   ( +70=0)  .
      ...
      2( _ ,   - ).     (=, =),    ?
  .    ,  -    _.      .
        .


    -        (-)   .,   ...           ,  .
      10.

-

..
      .rdata:0063CE50                 dd offset nullsub_7 ( sub_4FBA80)



push ebx
push eax


mov    	eax, DWORD PTR [0x652318]
test   	eax, [ebx+0x220]
jz      on

mov     eax, [ebx+0x220]
mov    	DWORD PTR [0x652318], eax


jb	lil220

mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	off
jmp     on



lil220:
mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	on


off:
mov     byte ptr [ebx+0x70], 0
jmp     return

on:
mov     byte ptr [ebx+0x70], 1


return:
pop eax
pop ebx
ret

--
...
5350A118236500858320020000742F8B8320020000A318236500720F8B8344020000A920030000720FEB138B8344020000A9200300007206C6437000EB04C6437001585BC3


 0:  53                      push   ebx
 1:  50                      push   eax
 2:  a1 18 23 65 00          mov    eax,ds:0x652318
 7:  85 83 20 02 00 00       test   DWORD PTR [ebx+0x220],eax
 d:  74 2f                   je     3e <on>
 f:  8b 83 20 02 00 00       mov    eax,DWORD PTR [ebx+0x220]
 15: a3 18 23 65 00          mov    ds:0x652318,eax
 1a: 72 0f                   jb     2b <lil220>
 1c: 8b 83 44 02 00 00       mov    eax,DWORD PTR [ebx+0x244]
 22: a9 20 03 00 00          test   eax,0x320
 27: 72 0f                   jb     38 <off>
 29: eb 13                   jmp    3e <on>
 0000002b <lil220>:
 2b: 8b 83 44 02 00 00       mov    eax,DWORD PTR [ebx+0x244]
 31: a9 20 03 00 00          test   eax,0x320
 36: 72 06                   jb     3e <on>
 00000038 <off>:
 38: c6 43 70 00             mov    BYTE PTR [ebx+0x70],0x0
 3c: eb 04                   jmp    42 <return>
 0000003e <on>:
 3e: c6 43 70 01             mov    BYTE PTR [ebx+0x70],0x1
 00000042 <return>:
 42: 58                      pop    eax
 43: 5b                      pop    ebx
 44: c3                      ret 




----------
   1.0:

00652318 -   -   .   ..
0065231 -  .

-

:

0063CE50 -  00B76000  1236500 (      )

0065231 -   (0x46 ,  90  )

      .       

----------

    sub_4FBA80:

   004FBAA9  ..

mov     al, [ebx+70h]			<<       ( )
mov     [esp+270h+var_200], 45610000h   <<         .
test    al, al
jz      loc_4FBDE5

    ..

call	sub_XXXXXXXX    E8 6E681500
mov     al, [ebx+70h]	8A 4370
test    al, al		84 C0
jz      loc_4FBDE5	0F 8429030000



 
)  ..

8A4370 C744247000006145 84C00F8429030000	>>	E86E6815009090908A437084C00F8429030000



)  ..


mov    DWORD PTR [esp+0x70],0x45610000
mov    	eax, DWORD PTR [0x652318]
test   	eax, [ebx+0x220]
jz      on

mov     eax, [ebx+0x220]
mov    	DWORD PTR [0x652318], eax

jb	lil220

mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	off
jmp     on

lil220:
mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	on

off:
mov     byte ptr [ebx+0x70], 0
jmp     return

on:
mov     byte ptr [ebx+0x70], 1


return:
ret


C744247000006145A118236500858320020000742F8B8320020000A318236500720F8B8344020000A920030000720FEB138B8344020000A9200300007206C6437000EB04C6437001C3 909090


 .  ,   . 



-----
 ..

mov    DWORD PTR [esp+0x70],0x45610000
mov    	eax, DWORD PTR [0x652318]
cmp   	eax, [ebx+0x220]
jz      on

mov     eax, [ebx+0x220]
mov    	DWORD PTR [0x652318], eax

jb	lil220

mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	off
jmp     on

lil220:
mov     eax,DWORD PTR [ebx+0x244]
test 	eax, 800
jb	on

off:
mov     byte ptr [ebx+0x70], 0
jmp     return

on:
mov     byte ptr [ebx+0x70], 1


return:
ret

c cmp   eax, [ebx+0x220]    . . .
--


mov    DWORD PTR [esp+0x70],0x45610000
mov    	eax, DWORD PTR [0x652318]
cmp   	eax, [ebx+0x220]
jz      on

mov     eax, [ebx+0x220]
mov    	DWORD PTR [0x652318], eax

jb	lil220

mov     eax,DWORD PTR [ebx+0x244]
cmp 	eax, 800
jb	off
jmp     on

lil220:
mov     eax,DWORD PTR [ebx+0x244]
cmp 	eax, 800
jb	on

off:
mov     byte ptr [ebx+0x70], 0
jmp     return

on:
mov     byte ptr [ebx+0x70], 1


return:
ret

 -   80 ,  % 20  - .    .

--


mov    DWORD PTR [esp+0x70],0x45610000
mov    	eax, DWORD PTR [0x652318]
cmp   	eax, [ebx+0x220]
jl      put
jmp return


put:
mov     eax, [ebx+0x220]
mov    	DWORD PTR [0x652318], eax

return:
ret


C744247000006145A1182365003B8320020000742F8B8320020000A318236500720F8B83440200003D200300007E0FEB138B83440200003D200300007E06C6437000EB04C6437001C3


---
 _:

+68h =   .    ..  +8 =   , .     

+70h = 1()   0    (     )

+24h = _ 
+214 =   (   63h)
+218 = .  
+21 =    2(   +220  _)
+220 =  (        . +218)
+23 = _ (.)


---

  ._..


mov     eax,DWORD PTR [ebx+0x24]
sub     eax,DWORD PTR [ebx+0x23]




-
 

mov eax,x
sub eax,0x3f800000
sar eax,1
add eax,0x3f800000
mov x,eax


--
  

fld [eax]
fsqrt
fstp [eax]

--
      . .   .


fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp   
fstp    dword ptr [0x652318]
ret


D94324D8A33C020000D8C8D9432CD8A344020000D8C8DEC1D91D18236500C3


 0:  d9 43 24                fld    DWORD PTR [ebx+0x24]
 3:  d8 a3 3c 02 00 00       fsub   DWORD PTR [ebx+0x23c]
 9:  d8 c8                   fmul   st,st(0)
 b:  d9 43 2c                fld    DWORD PTR [ebx+0x2c]
 e:  d8 a3 44 02 00 00       fsub   DWORD PTR [ebx+0x244]
 14: d8 c8                   fmul   st,st(0)
 16: de c1                   faddp  st(1),st
 18: d9 1d 18 23 65 00       fstp   DWORD PTR ds:0x652318
 1e: c3                      ret 

!

-----------
      _..

fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp 

fstp    DWORD PTR [eax]
cmp     eax, [0x652318]
jb      off

mov     DWORD PTR [0x652318], eax
mov     byte ptr [ebx+0x70], 1
jmp     return

off:
mov     byte ptr [ebx+0x70], 0
jmp     return

return:
ret

D94324D8A33C020000D8C8D9432CD8A344020000D8C8DEC1D9183B0518236500720BA318236500C6437001EB06C6437000EB00C3

 

--


fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt

fstp    DWORD PTR [eax]
mov     eax, [eax]
cmp     eax, DWORD PTR [0x652318]
jl      off

mov     DWORD PTR [0x652318], eax
mov     byte ptr [ebx+0x70], 1
jmp     return

off:
mov     byte ptr [ebx+0x70], 0

return:
ret

  9     .   .


---=======------------==========

     .
      _( ebx).

..        _.         .            .

        .
        ...

     :  \             ebx (         ,             . ebx    )..
     [ebx+0],    0063EC20(     _),  ebx       .
    ebx+0   .


---

    4 ..

call	sub_XXXXXXXX    E8 6E681500	>> call	sub_XXXXXXXX    E8 73681500

  ..

00652318	 		FFFFFFFF
0065231C	 _ebx		00004000 (.   +0)


---
    ebx

mov     eax, DWORD PTR [0x65231C]
cmp     DWORD PTR [eax], 0x63CE20
jz	ok
mov     DWORD PTR [0x65231C], ebx

ok:
ret

.      ebx.
      00004000     00000000  FFFFFFFF      .

---

       ebx..


mov     eax, DWORD PTR [0x65231C]
cmp     DWORD PTR [eax], 0x63CE20
jz	ok

mov     DWORD PTR [0x65231C], ebx

fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt

fstp    DWORD PTR [eax]
mov     eax, [eax]
mov     DWORD PTR [0x652318], eax

ok:
ret



.     .

---


  .(  ebx)..


mov     eax, DWORD PTR [0x65231C]
cmp     DWORD PTR [eax], 0x63CE20
jz	ok
mov     DWORD PTR [0x65231C], ebx
 mov     DWORD PTR [0x652318], 0xFFFFFFFF
 ret


ok:

fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt

fstp    DWORD PTR [eax]
mov     eax, [eax]
mov     DWORD PTR [0x652318], eax



ret


.....



------------------------
       .     20 .     10??
       ,      .
    ,     .(   ?),    .   ,     (100%        ).


   63CE20.       _?..

sub_4F65A0

push    esi
mov     esi, ecx
call    sub_44B6D0
xor     eax, eax
mov     dword ptr [esi], offset off_63CE20
mov     [esi+220h], eax
mov     [esi+21Ch], eax
mov     [esi+234h], eax
mov     [esi+238h], eax
mov     dword ptr [esi+10h], 0Ch
mov     dword ptr [esi+228h], 43160000h
mov     dword ptr [esi+22Ch], 432A0000h
mov     dword ptr [esi+224h], 43340000h
mov     eax, esi
mov     dword_65615C, 3F800000h
mov     dword_656158, 3F800000h
mov     dword_656154, 3F800000h
pop     esi
retn

--

sub_4F6630 proc near
push    esi
mov     esi, ecx
mov     eax, [esi+234h]
mov     dword ptr [esi], offset off_63CE20
push    eax             ; lpMem
call    sub_6243AC
add     esp, 4
mov     dword ptr [esi+234h], 0
mov     ecx, esi
pop     esi
jmp     sub_44B740

--

sub_44A780 proc near
or      eax, 0FFFFFFFFh
retn    4
sub_44A780 endp

 0044A780       0063CE20.
 1        ,      ?

    3 .   .   .
rdata:0063CE20 off_63CE20      dd offset sub_44A780    ; DATA XREF: sub_4F65A0+Ao
.rdata:0063CE20                                         ; sub_4F6630+9o ...

-      .
--


--------

     ..

3 :


1) 004B972A - 8B 11  - mov edx,[ecx] <<         = 02,   = 45.     .         .  .

 3    .  2)..

2) 0044C8BC - 8B 01  - mov eax,[ecx] <<   eax=0063CE20,  ecx   .   eax   .  -          edi = 02  45.   


3) sub_44BEA0
0044BF11 - 8B 06  - mov eax,[esi] <<     .    .     =  .     .
      +70.

0044BF11 - 8B 06  - mov eax,[esi] <<
0044BF13 - FF 50 34  - call dword ptr [eax+34]
0044BF16 - 8B 16  - mov edx,[esi]

EAX=0063CE20 
EBX=00000053 
ECX=3970A938 << 
EDX=41B91D5B 
ESI=3970A938 << 
EDI=00000053 
ESP=0018F930 
EBP=07617EC0
EIP=0044BF13 

-
   :
loc_5BBB93:                             ; CODE XREF: .text:005BBB47j
.text:005BBB93                 mov     ecx, [edi]
.text:005BBB95                 push    1
.text:005BBB97                 call    sub_44BEA0
.text:005BBB9C                 jmp     loc_5C76DA  


       sub_5010B0(         ( sub_4FBA80)):
            sub_44BEA0.
       .    sub_4FBA80.


   loc_5E102B.    sub_44BEA0   .


==================================================

    sub_44BEA0:

  ..

00652318	 		FFFFFFFF
0065231C	 _esi		00004000 (.   +0)
00652320            

---

  ..

sub_44BEA0 proc near

arg_0= dword ptr  4

push    esi
mov     esi, ecx
mov     eax, [esi+68h]
mov     ecx, [eax+110h]
cmp     ecx, 9
jnz     short loc_44BEC

  2 .           .    E8 78642000 90909090


  ..


sub_44BEA0 proc near

arg_0= dword ptr  4

push    esi
mov     esi, ecx
call    loc_652320
nop
nop
nop
nop
cmp     ecx, 9
jnz     short loc_44BECE




----
 ..


 :


push eax
mov     eax, [esi+0x74]
test    eax, eax
jz      no
mov     al, BYTE PTR [0x00656161]
test    al, al
jnz     no

mov     eax, [esi+0x10]
cmp     eax, 0x0C
jne	no
mov     DWORD PTR [0x65231C], esi


no:
pop eax
mov     eax, [esi+0x68]
mov     ecx, [eax+0x110]
ret

508B467485C07417A06161650084C0750E8B461083F80C750689351C236500588B46688B8810010000C3


.        . +2       .
       .  .

 !  +70=1      .          .




cmp     DWORD PTR [eax], 0x63CE20
jne	no





















    DWORD PTR [eax]
mov     eax, [eax]
cmp     eax, DWORD PTR [0x652318]
jl      off

mov     DWORD PTR [0x652318], eax
mov     byte ptr [ebx+0x70], 1
jmp     return

off:
mov     byte ptr [ebx+0x70], 0

return:
ret














---
mov     byte ptr [0x661A14],1

mov     [ecx+0x9208], eax		0:  67 89 81 08 92 00 00    mov    DWORD PTR [ecx+0x9208],eax 
=====================================

   .
 . 1962ED14    0...1

    ..

00572886 - D8 4E 2C  - fmul dword ptr [esi+2C] <<
00572889 - D9 5C 24 10  - fstp dword ptr [esp+10]
0057288D - D9 46 1C  - fld dword ptr [esi+1C]

EAX=1962EA08
EBX=101C1530
ECX=1962ECE8
EDX=0063D6B4
ESI=1962ECE8
EDI=1962E9B0
ESP=0018F89C
EBP=FFFFFFBF
EIP=00572889


      ..

0056F1EA - D9 40 2C  - fld dword ptr [eax+2C] <<


  4     ..

0060B6F2 - 66 C7 00 0000 - mov word ptr [eax],0000 <<

0060B6F7 - 66 C7 40 02 0000 - mov word ptr [eax+02],0000 <<

0023348C - C1 E9 02 - shr ecx,02 <<

0060B18A - 80 64 C6 03 AF - and byte ptr [esi+eax*8+03],-51 <<
EAX=00000004
EBX=00000007
ECX=00990918
EDX=000159F0
ESI=1962ECF4
EDI=00000B89
ESP=0018F994
EBP=00000000
EIP=0060B18F


--
   0056F1EA.   ,   3 .  :  3        ..

sub_5608F0 proc near

arg_0= dword ptr  4
arg_4= dword ptr  8
arg_8= dword ptr  0Ch
arg_C= dword ptr  10h
arg_10= dword ptr  14h

mov     eax, [esp+arg_0]
mov     ecx, [esp+arg_4]
mov     edx, [esp+arg_8]
mov     dword_671ED0, eax
mov     eax, [esp+arg_C]
mov     dword_671ED4, ecx
mov     ecx, [esp+arg_10]
mov     dword_671EDC, edx
mov     dword_671EE0, eax
mov     dword_671EE4, ecx

 3      .   -     .

--

   671EDC  2 ..

00560959 - A1 DC1E6700 - mov eax,[Game1.0+.exe+271EDC] <<
0056095E - 8B 15 E41E6700  - mov edx,[Game1.0+.exe+271EE4]
00560964 - A3 54616500 - mov [Game1.0+.exe+256154],eax

EAX=3E968BA5
EBX=00000001
ECX=00671FB0
EDX=234CECB0
ESI=3975620C
EDI=00000001
ESP=0018F160
EBP=39756200
EIP=0056095E

 ...      656154
             671EE0   -  64C058
             671EE4  -  65615C   64C05C

mov     eax, dword_671EDC
mov     edx, dword_671EE4
mov     dword_656154, eax
mov     eax, dword_671EE0
mov     dword_65615C, edx
mov     dword_64C058, eax
mov     dword_64C05C, edx
mov     eax, [ecx+94h]
mov     [ecx+98h], eax


-
   656154..

0559112 - 8B 15 DC1E6700  - mov edx,[Game1.0+.exe+271EDC] <<
00559118 - 89 84 24 78010000  - mov [esp+00000178],eax
0055911F - A1 E81E6700 - mov eax,[Game1.0+.exe+271EE8]

EAX=00000008
EBX=00000000
ECX=3F53A2EB
EDX=3E968BA5
ESI=00671FB0
EDI=00000000
ESP=0018EE34
EBP=00000074
EIP=00559118

..


..
sub_5012E0

0050188A - 0F8B 8E250000 - jnp Game1.0+.exe+103E1E
00501890 - DB 86 1C020000  - fild dword ptr [esi+0000021C]	  <<<<  	(2 )			
00501896 - D8 0D 54616500  - fmul dword ptr [Game1.0+.exe+256154] <<     
0050189C - E8 4F311200 - call Game1.0+.exe+2249F0
005018A1 - 8B C8  - mov ecx,eax
                    mov [esi+220h], ecx				<<<   +220.      21

EAX=2370003F
EBX=2A6C94D8
ECX=00000000
EDX=23706400
ESI=23706268
EDI=00000013
ESP=0018F82C
EBP=00000000
EIP=0050189C

      .

       +21...
  mov [esi+220h], ecx      652321.( 898E20020000  E8790A150090)
  :

mov [esi+220h], ecx
mov [esi+21Ch], ecx
ret

898E20020000898E1C0200003

!  21  220.

 ..       .       (   ,    esi             .)

!             2  .    (, , )


-----------------------------------------------

   (       )


1.   mov [esi+220h], ecx      652320.( 898E20020000  E8780A150090)

005A89CA = . 


   652320..


push   eax

fld    DWORD PTR [0x005A89CA] 
fld    DWORD PTR [0x00423103]
fdivp 

fld    DWORD PTR [ecx]
fmulp
fstp   DWORD PTR [0x652318]

mov    ecx, DWORD PTR [0x652318]
mov    DWORD PTR [esi+0x220], ecx

pop    eax
ret    


 .    .    __ftol(     ).
     21   .
 

-
   __ftol :

00501896	fmul    dword_656154   call sub_652320 ( D80D54616500   E8850A150090)
fild   DWORD PTR [esi+0x21c]  - .  .     



   652320..


   ..


fld     DWORD PTR [0x005A89CA] 
fld     DWORD PTR [0x0063B5F4]
fdivp

fild    DWORD PTR [esi+0x21C]
fmul    
fmul    DWORD PTR [0x00656154]
ret

.

--

  200-400..

mov    DWORD PTR [0x00652318], 0xFFFFFFFF
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x0063B5F4]
fdivp  st(1),st
fstp   DWORD PTR [esi+0x220]

cmp    DWORD PTR [esi+0x220],0x3f800000
jl    let1
cmp    DWORD PTR [esi+0x220],0x40000000
jg    let2

fld    DWORD PTR [esi+0x220]

ok:
fild   DWORD PTR [esi+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
ret

let1:
fld1
jmp    ok

let2:
fld1
fld1
faddp  st(1),st
jmp    ok 

C70518236500FFFFFFFFD905D8946F00D905F4B56300DEF9D99E2002000081BE200200000000803F7C2181BE20020000000000407F19D98620020000DB861C020000DEC9D80D54616500C3D9E8EBEDD9E8D9E8DEC1EBE590

!   ,  .00652318   ffffffff


----

   ..
1   
2   
3





--

fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt

fstp    DWORD PTR [eax]

=========================================================================
    2 ....



  ...
  ..
00652318	00000000	   
0065231C	00000000	  .
00652320	00007A43	250  ( / )
00652324	00000000	
00652328	0000A041	20 .   .\  .
0065232C	69000000		

---
 1    00652330.

00501896	fmul    dword_656154   call sub_652320 ( D80D54616500   E8950A150090)
fild   DWORD PTR [esi+0x21c]  - .  .     (6 )


  1   00632330..

mov    DWORD PTR [0x00652318], 0xFFFFFFFF
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fstp   DWORD PTR [esi+0x220]

cmp    DWORD PTR [esi+0x220],0x3f800000
jl    let1
cmp    DWORD PTR [esi+0x220],0x40000000
jg    let2

fld    DWORD PTR [esi+0x220]

ok:
fild   DWORD PTR [esi+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
ret

let1:
fld1
jmp    ok

let2:
fld1
fld1
faddp  st(1),st
jmp    ok 

C70518236500FFFFFFFFD905D8946F00D90520236500DEF9D99E2002000081BE200200000000803F7C2181BE20020000000000407F19D98620020000DB861C020000DEC9D80D54616500C3D9E8EBEDD9E8D9E8DEC1EBE590

-----------------------------------------------
2...


   sub_4FBA80:


 004FBA9C..

 
mov     al, byte_656161
test    al, al
jnz     loc_4FEED8

    ..

call    sub_656390   ( A061616500   E8EF681500)
test    al, al
jnz     loc_4FEED8


-
    2:
mov     al, byte_656161
A061616500
-
---

 ..


mov     BYTE PTR [ebx+0x70], 1
mov     al, BYTE PTR [0x00656161]
ret

C6437001A061616500C3

.

---
 2..

  220  21     .  ftol( fist)

fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
mov    al, BYTE PTR [0x00656161]
ret

let1:
fld1
jmp    ok

let2:
fld1
fld1
faddp  st(1),st
jmp    ok 

D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F7C2C813D24236500000000407F24D90524236500DB831C020000DEC9D80D54616500DB9B20020000A061616500C3D9E8EBE2D9E8D9E8DEC1EBDA

!

-

   ..




fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]
fst    DWORD PTR [ebx+0x224]
add    DWORD PTR [ebx+0x224],0x41A00000
fst    DWORD PTR [ebx+0x228]
sub    DWORD PTR [ebx+0x228],0x41A00000
fstp   DWORD PTR [ebx+0x22C]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
mov    al, BYTE PTR [0x00656161]
ret

let1:
fld1
jmp    ok

let2:
fld1
fld1
faddp  st(1),st
jmp    ok 

D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F7C50813D24236500000000407F48D90524236500D91524236500D80D20236500D99324020000D99328020000D99B2C020000D90524236500DB831C020000DEC9D80D54616500DB9B20020000A061616500C3D9E8EBBED9E8D9E8DEC1EBB6

  4   ..

+224 - 
+228 -   
+22 -   
+230 =  .      228  22.   .     

-
   ..



fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
mov    al, BYTE PTR [0x00656161]
ret

let1:
fld1
jmp    ok

let2:
fld1
fld1
faddp  st(1),st
jmp    ok 

D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F7C62813D24236500000000407F5AD90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB9B20020000A061616500C3D9E8EBACD9E8D9E8DEC1EBA4

.     .

-

    220     218..

push ecx
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok 


51D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8C94000000813D24236500000000400F8F8B000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B20020000741F7C08898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E97BFFFFFFD9E8D9E8DEC1E970FFFFFF

eax .  ( edx)   4().
ecx .
!


----
  1, ..

00501896	fild   DWORD PTR [esi+0x21c]   fild   DWORD PTR [0x0065232C] ( 6  DB861C020000   DB052C236500)
0065232C	69000000 ( 69h   ,  )		

..     +220  105 ( ,     ), ..    

 2     ,   +21 .	

   00652318   .

     fmul    dword_656154 (6 ),    .

----

  ...


00652318	00000000	   
0065231C	00404000	  


   0065231C = ,     .      .
  ,     :      0063CE20,   ,    .
  ,     ..

        00400000.


----

   2    63ce20..


push ecx

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je	ok3
 add	DWORD PTR [0x00652318],1
mov     DWORD PTR [0x0065231C],ebx



ok3:

fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok 


518B0D1C2365008B0981F920CE6300740D83051823650001891D1C236500D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8C94000000813D24236500000000400F8F8B000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B20020000741F7C08898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E97BFFFFFFD9E8D9E8DEC1E970FFFFFF

!
            63ce20,
    ,      ebx (  ) .



---
    ..




push ecx

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je	dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:
fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x6524F0]

mov     ecx, DWORD PTR [0x6524F0]
cmp     ecx, DWORD PTR [0x00652318]
ja      more
mov     DWORD PTR [0x00652318], ecx
mov     DWORD PTR [0x0065231C], ebx




more:


fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok

518B0D1C2365008B0981F920CE63007410891D1C236500C7051823650000401C46D94324D8A33C020000D8C8D9432CD8A344020000D8C8DEC1D9FAD91DF02465008B0DF02465003B0D18236500770C890D18236500891D1C236500D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8C94000000813D24236500000000400F8F8B000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B20020000741F7C08898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E97BFFFFFFD9E8D9E8DEC1E970FFFFFF


       ..      .  .
     . +70 (0\1).
 .
     (       ).


---



push ecx

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je	dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:
fld     dword ptr [ebx+0x24]
fsub    dword ptr [ebx+0x23C]
fmul    st
fld     dword ptr [ebx+0x2C]
fsub    dword ptr [ebx+0x244]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je      same

cmp     ecx, DWORD PTR [0x00652318]
ja      more

mov     DWORD PTR [0x0065231C], ebx

same:
mov     DWORD PTR [0x00652318], ecx

more:

fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok

518B0D1C2365008B0981F920CE63007410891D1C236500C7051823650000401C46D94324D8A33C020000D8C8D9432CD8A344020000D8C8DEC1D9FAD91D242365008B0D242365003B1D1C236500740E3B0D18236500770C891D1C236500890D18236500D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8C94000000813D24236500000000400F8F8B000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B20020000741F7C08898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E97BFFFFFFD9E8D9E8DEC1E970FFFFFF


  .   +70..



----------
:    +70=0   _. 

 :

004FBAF5 - 8B 0D 5C116500  - mov ecx,[Game1.0+.exe+25115C]
004FBAFB - 8B 51 10  - mov edx,[ecx+10]

EAX=44FFEFAD
EBX=03B99040
ECX=420FCBCA
EDX=03B9927C
ESI=09123190
EDI=03B9927C
ESP=0018F6B8
EBP=0018F928
EIP=004FBAF5

         2..

 esi   _,     .
 2 -      esi,       ..


 jz loc_4FBDE5    ,    +70=0   .
  _  Esi..


-

push ecx

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:
push eax
mov     eax, dword ptr [0x65115c]
mov     ecx, [eax+0x10]
mov     eax, [ecx+0x17C]
add     eax, 0x00000040

fld     dword ptr [eax]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [eax+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]
pop eax

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less
cmp    ecx, 0x00000069
jle   69
mov    ecx, 0x00000069
69:
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok


518B0D1C2365008B0981F920CE63007410891D1C236500C7051823650000401C4650A15C1165008B48108B817C01000083C040D900D86324D8C8D94008D8632CD8C8DEC1D9FAD91D242365008B0D24236500583B1D1C23650074123B0D182365007712891D1C236500C6437001890D18236500EB04C6437000D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8CA2000000813D24236500000000400F8F99000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B20020000742D7C1683F9690F8E41000000B969000000898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E96DFFFFFFD9E8D9E8DEC1E962FFFFFF

!      .
 2   .     .
   105   +220 ( )

---
        ,        ...

   ..
ebx+68 .      .. +100.     .

   = DEFTRAFF_


--
       ..0x00652540 -  


push ecx

mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]
mov     DWORD PTR [0x00652530], ecx

push edi
push esi
mov     edi, 0x00652540
mov     esi, ecx
mov     ecx, 0x00000007
repe cmpsb
pop esi
pop edi
jnz    nodef
 add     DWORD PTR [0x00652534], 1

fild   DWORD PTR [ebx+0x21c]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
jmp    ok2

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:
push eax
mov     eax, dword ptr [0x65115c]
mov     ecx, [eax+0x10]
mov     eax, [ecx+0x17C]
add     eax, 0x00000040

fld     dword ptr [eax]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [eax+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]
pop eax

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less

cmp    ecx, 0x00000069
jl    ok3
mov    ecx, 0x00000069
ok3:

mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok

518B4B688B8900010000890D302565005756BF4025650089CEB907000000F3A65E5F751E83053425650001DB831C020000D80D54616500DB9B20020000E93B0100008B0D1C2365008B0981F920CE63007410891D1C236500C7051823650000401C4650A15C1165008B48108B817C01000083C040D900D86324D8C8D94008D8632CD8C8DEC1D9FAD91D242365008B0D24236500583B1D1C23650074123B0D182365007712891D1C236500C6437001890D18236500EB04C6437000D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8C9E000000813D24236500000000400F8F95000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B2002000074297C1283F9697C05B969000000898B20020000EB158B8B200200003B8B18020000740783AB2002000001A06161650059C3D9E8E971FFFFFFD9E8D9E8DEC1E966FFFFFF9090

!    (    220* )
      (   69,   69 ).


---




-       ..



push ecx
 push eax
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]
 mov     eax, ecx

push edi
push esi
mov     edi, 0x00652540
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb

jnz    nodef
fild   DWORD PTR [ebx+0x21c]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
jmp    ok2

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [eax]
 mov     [0x006619C4], esi
 mov     esi, [eax+4]
 mov     [0x006619C8], esi


same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less

cmp    ecx, 0x00000069
jl    ok3
mov    ecx, 0x00000069
ok3:

mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1

ok2:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
 pop eax
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok


51508B4B688B890001000089C85756BF4025650089CEB909000000F3A67517DB831C020000D80D54616500DB9B20020000E94B0100008B0D1C2365008B0981F920CE63007410891D1C236500C7051823650000401C468B0D5C1165008B49108B897C01000083C140D901D86324D8C8D94108D8632CD8C8DEC1D9FAD91D242365008B0D242365003B1D1C23650074233B0D182365007723891D1C236500C64370018B308935C41966008B70048935C8196600890D18236500EB04C6437000D905D8946F00D90520236500DEF9D905D4946F00DEC9D91D24236500813D242365000000803F0F8CA1000000813D24236500000000400F8F98000000D90524236500D91524236500D80D20236500D9932C020000D80528236500D99324020000D82528236500D82528236500D99B28020000D90524236500DB831C020000DEC9D80D54616500DB1D242365008B0D242365003B8B2002000074297C1283F9697C05B969000000898B20020000EB158B8B200200003B8B18020000740783AB2002000001A0616165005E5F5859C3D9E8E96EFFFFFFD9E8D9E8DEC1E963FFFFFF


----------
...   180.     00652320.      180.

...

    :

:
00652320(float)	00003443	TrfDistLimit(m)		280
00652330(float)	00002041	TrfGenericArea(%)	10	
00652334(long)	01000000	TrfDistFollowByCameraDist(0\1)	1
0065233C(long)	64000000	TrfCarsCountMax(for actor)(0-100)	100		

-:
 :   
 :   DEFTRAFF_*

 :
00652318(float)	00000000	MinActorDist
0065231C(dword) 00404000	ActiveActorIdentificator
00652324	00000000	temp
00652328(float)	0000A041	delta_dist
00652328(long)	69000000	TrfcarsCountMax
00652340(string)		text 'DEFTRAFF_'
00652338(float) 00003443	DefaultTrfDist 180


---


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz   nodef

cmp    DWORD PTR [ebx+0x220], 0x00000069
jne   ok2
fild   DWORD PTR [ebx+0x21c]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
jmp   ok2

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     dist
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000


dist:

mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less

cmp    ecx, 0x00000069
jl    ok3
mov    ecx, 0x00000069
ok3:

mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
cmp    DWORD PTR [ebx+0x70],0
jz    ok2
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1


ok2:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok


      +70=0   (    +220   :       +70=1)



------------------------


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz   nodef

cmp    DWORD PTR [ebx+0x220], 0x00000064
jne   ok2
fild   DWORD PTR [ebx+0x21c]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
jmp   ok2

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0x461C4000

mov     DWORD PTR [0x0065233C], 0
count:
add     BYTE PTR [0x0065233C], 1
jmp    ok2

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x0065231C]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    ok2

dist:
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less

cmp    ecx, 0x00000064
jl    ok3
mov    ecx, 0x00000064
ok3:

mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
cmp    DWORD PTR [ebx+0x70],0
jz    ok2
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1


ok2:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok



  .
BYTE PTR [0x0065233C]
BYTE PTR [0x0065233D]

     105  100  .
0065232 = 64000000


---

push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz   nodef

mov    ecx, DWORD PTR [ebx+0x220]
cmp    ecx, DWORD PTR [0x0065232C]
jne   ok2
fild   DWORD PTR [ebx+0x21c]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]
jmp   ok2

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0xFFFFFFFF

mov     DWORD PTR [0x0065233C], 0
count:
add     BYTE PTR [0x0065233C], 1
jmp    ok2

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x0065231C]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    ok2

dist:
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x00652320]
fdivp  st(1),st
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

cmp    DWORD PTR [0x00652324],0x3f800000
jl    let1
cmp    DWORD PTR [0x00652324],0x40000000
jg    let2

fld    DWORD PTR [0x00652324]

ok:
fst    DWORD PTR [0x00652324]
fmul   DWORD PTR [0x00652320]

fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fsub   DWORD PTR [0x00652328]
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fild   DWORD PTR [ebx+0x21c]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    ok2
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok3
mov    ecx, DWORD PTR [0x0065232C]

ok3:
mov    DWORD PTR [ebx+0x220],ecx
jmp   ok2

less:
cmp    DWORD PTR [ebx+0x70],0
jz    ok2
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    ok2
sub    DWORD PTR [ebx+0x220],1


ok2:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

let1:
fld1
jmp   ok

let2:
fld1
fld1
faddp  st(1),st
jmp   ok

---------



push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

mov     ecx, DWORD PTR [ebx+0x220]
cmp     ecx, DWORD PTR [0x0065232C]
jne    return
fild    DWORD PTR [ebx+0x21c]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0xFFFFFFFF

mov     DWORD PTR [0x0065233C], 0
count:
add     BYTE PTR [0x0065233C], 1
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x0065231C]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jz    return
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return
less:
cmp    DWORD PTR [ebx+0x70],0
jz    return
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret




 .  .  .
  0   ( ),  1     (  0  ,     ).
 64000000        1.



-------------------------------------


    1..

00501890	fild   DWORD PTR [esi+0x21c]  
		fmul    dword_656154 

  
		fild   DWORD PTR [0x00652350] ( 6  DB861C020000   DB0550236500)  6 . 
   DB0550236500909090909090

      fist   DWORD PTR ds:0x65231A (db151A236500)?    00006400
    65231c  652318

---
2..


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

cmp     DWORD PTR [ebx+0x220], 0x00000064
jne    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0xFFFFFFFF
mov     DWORD PTR [0x0065233C], 0

count:
add     BYTE PTR [0x0065233C], 1

fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
mov     ecx, DWORD PTR [0x0065232C]
cmp     ecx, DWORD PTR [ebx+0x220]
jge    return
mov     DWORD PTR [ebx+0x220], ecx
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x0065231C]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same

cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor

more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return
less:
cmp    DWORD PTR [ebx+0x70],0
jz    return
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret



       (   ,    TrfCarsCountMax(0-100)).
         TrfCarsCountMax  (     ),       (  =6,    2),      . ..  6   .


---


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

cmp     DWORD PTR [ebx+0x220], 0x00000064
jne    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:

mov	ecx, DWORD PTR [0x0065231C]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x0065231C], ebx
mov     DWORD PTR [0x00652318], 0xFFFFFFFF
mov     DWORD PTR [0x0065233C], 0

count:
add     BYTE PTR [0x0065233C], 1

fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
mov     ecx, DWORD PTR [0x0065232C]
cmp     ecx, DWORD PTR [ebx+0x220]
jge    return
mov     DWORD PTR [ebx+0x220], ecx
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x0065231C]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
cmp     BYTE PTR [0x65233C], 2
jl     actor
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x0065231C]
je     same
cmp     ecx, DWORD PTR [0x00652318]
ja     more

mov     DWORD PTR [0x0065231C], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x00652318], ecx
jmp    actor
more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return
less:
cmp    DWORD PTR [ebx+0x70],0
jz    return
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

 ..  ..


------------------------------------------------

                 ...

   1..

00501890	fild   DWORD PTR [esi+0x21c]  
		fmul    dword_656154 

  
		fild   DWORD PTR [0x00652350] 
		fist   DWORD PTR [0x0065231A]

   DB0550236500db151A236500    XXXX6400    .


   2    65231c  652318..

--

push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

cmp     DWORD PTR [ebx+0x220], 0x00000064
jne    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:
mov	ecx, DWORD PTR [0x00652318]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x00652318], ebx
mov     DWORD PTR [0x0065231c], 0xFFFFFFFF
mov     DWORD PTR [0x0065233C], 0

count:
add     BYTE PTR [0x0065233C], 1

fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
mov     ecx, DWORD PTR [0x0065232C]
cmp     ecx, DWORD PTR [ebx+0x220]
jge    return
mov     DWORD PTR [ebx+0x220], ecx
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x00652318]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
cmp     BYTE PTR [0x65233C], 2
jl     actor
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x00652318]
je     same
cmp     ecx, DWORD PTR [0x0065231C]
ja     more

mov     DWORD PTR [0x00652318], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x0065231C], ecx
jmp    actor
more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return
less:
cmp    DWORD PTR [ebx+0x70],0
jz    return
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


    (:    750).   220    218 .
    .
..     ,        .  : 2     9    220  = 11,.    .
    ,      . 
            220?

    220     70=0.   ,   .
      .
    .  .         220.
---

       . .


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

cmp     DWORD PTR [ebx+0x220], 0x00000064
jne    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:
mov	ecx, DWORD PTR [0x00652318]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x00652318], ebx
mov     DWORD PTR [0x0065231c], 0xFFFFFFFF
mov     DWORD PTR [0x0065233C], 0

count:
add     BYTE PTR [0x0065233C], 1

fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
mov     ecx, DWORD PTR [0x0065232C]
cmp     ecx, DWORD PTR [ebx+0x220]
jge    return
mov     DWORD PTR [ebx+0x220], ecx
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x00652318]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
cmp     BYTE PTR [0x65233C], 2
jl     actor
mov     ecx, dword ptr [0x65115c]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x00652318]
je     same
cmp     ecx, DWORD PTR [0x0065231C]
ja     more

mov     DWORD PTR [0x00652318], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x0065231C], ecx
jmp    actor
more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return

less:
mov     BYTE PTR [ebx+0x70], 0
mov    cl,BYTE PTR [0x0065233F]
cmp    cl,BYTE PTR [ebx+0x220]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:

cmp     BYTE PTR [0x65233C], 1
jl     back
cmp     ebx, DWORD PTR [0x00652318]
jne    caradd
mov     cl, BYTE PTR [0x0065233E]
mov     BYTE PTR [0x0065233F], cl
mov     BYTE PTR [0x0065233E], 0
caradd:
mov     cl, BYTE PTR [ebx+0x218]
add     BYTE PTR [0x0065233E], cl

back:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


-----

       220   .
[0x0065233E]    +70.    01  .


push ecx
push edi
push esi
mov     ecx, [ebx+0x68]
mov     ecx, [ecx+0x100]

mov     edi, 0x00652340
mov     esi, ecx
mov     ecx, 0x00000009
repe cmpsb
jnz    nodef

mov     cl, BYTE PTR [0x0065233E]
mov     BYTE PTR [ebx+0x70], cl
cmp     DWORD PTR [ebx+0x220], 0x00000064
jne    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
jmp    return

nodef:
mov	ecx, DWORD PTR [0x00652318]
mov     ecx,[ecx]
cmp     ecx, 0x0063CE20
je     chkcount
mov     DWORD PTR [0x00652318], ebx
mov     DWORD PTR [0x0065231c], 0xFFFFFFFF
mov     DWORD PTR [0x0065233C], 0
mov     BYTE PTR [0x0065233E], 1

count:
add     BYTE PTR [0x0065233C], 1

fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]
mov     ecx, DWORD PTR [0x0065232C]
cmp     ecx, DWORD PTR [ebx+0x220]
jge    return
mov     DWORD PTR [ebx+0x220], ecx
jmp    return

chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x00652318]
jne    count
mov     BYTE PTR [0x0065233D], 1
jmp    return

dist:
cmp     BYTE PTR [0x65233C], 2
jl     actor
mov     ecx, dword ptr [0x65115C]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x00652318]
je     same
cmp     ecx, DWORD PTR [0x0065231C]
ja     more

mov     DWORD PTR [0x00652318], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x0065231C], ecx
jmp    actor
more:
mov     BYTE PTR [ebx+0x70], 0

actor:
cmp    DWORD PTR [0x00652334], 0
jz    return
fld    DWORD PTR [0x006F94D8]
fld    DWORD PTR [0x006F94D4]
fmulp  st(1),st
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [0x00652324]

mov    BYTE PTR [0x0065233E],1

mov    ecx,DWORD PTR [0x00652324]
cmp    ecx,DWORD PTR [ebx+0x220]
jl    less

cmp    ecx, DWORD PTR [0x0065232C]
jle   ok
mov    ecx, DWORD PTR [0x0065232C]
ok:
mov    DWORD PTR [ebx+0x220],ecx
jmp   return

less:
mov    BYTE PTR [0x0065233E],0
cmp    DWORD PTR [ebx+0x70],0
jz    return
mov    ecx,DWORD PTR [ebx+0x220]
cmp    ecx,DWORD PTR [ebx+0x218]
jz    return
sub    DWORD PTR [ebx+0x220],1


return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

---

.     _  ..


push ecx
push edi
push esi
mov    ecx, [ebx+0x68]
mov    ecx, [ecx+0x100]

mov    edi, 0x00652340
mov    esi, ecx
mov    ecx, 0x00000009
repe cmpsb
jz    def220


mov    ecx, DWORD PTR [0x00652318]
mov    ecx,[ecx]
cmp    ecx, 0x0063CE20
je    chkcount
mov    DWORD PTR [0x00652318], ebx
mov    DWORD PTR [0x0065231c], 0xFFFFFFFF
mov    DWORD PTR [0x0065233C], 0

count:
mov    BYTE PTR [ebx+0x70], 0
add    BYTE PTR [0x0065233C], 1

cmp    DWORD PTR [0x00652334], 0
jz    def220


fld    DWORD PTR [0x006F94D8]
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0065232C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp     BYTE PTR [0x0065233D], 1
je     dist   
cmp     ebx, DWORD PTR [0x00652318]
jne    count
mov     BYTE PTR [0x0065233D], 1
mov     BYTE PTR [ebx+0x70], 1
jmp    return

dist:
cmp     BYTE PTR [0x65233C], 2
jl     return
mov     ecx, dword ptr [0x65115C]
mov     ecx, [ecx+0x10]
mov     ecx, [ecx+0x17C]
add     ecx, 0x00000040

fld     dword ptr [ecx]
fsub    dword ptr [ebx+0x24]
fmul    st
fld     dword ptr [ecx+8]
fsub    dword ptr [ebx+0x2C]
fmul    st
faddp
fsqrt
fstp    DWORD PTR [0x00652324]
mov     ecx, DWORD PTR [0x00652324]

cmp     ebx, DWORD PTR [0x00652318]
je     same
cmp     ecx, DWORD PTR [0x0065231C]
jge    return

mov     esi, DWORD PTR [0x00652318]
mov     BYTE PTR [esi+0x70], 0
mov     DWORD PTR [0x00652318], ebx
mov     BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov     DWORD PTR [0x0065231C], ecx
jmp    return


def220:
cmp     DWORD PTR [ebx+0x220], 0x00000064
jnz    return
fild    DWORD PTR [ebx+0x21C]
fmul    DWORD PTR [0x00656154]
fistp   DWORD PTR [ebx+0x220]

return:
mov     al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


---

     ..
 +70=1  ..
   ..


push ecx
push edi
push esi
mov    ecx, [ebx+0x68]
mov    ecx, [ecx+0x100]

mov    edi, 0x00652340
mov    esi, ecx
mov    ecx, 0x00000009
repe cmpsb
jz    def220

cmp    BYTE PTR [0x0065231D], 0
jne   dist

mov    ecx, DWORD PTR [0x00652318]
mov    ecx,[ecx]
cmp    ecx, 0x0063CE20
je    chkcount
mov    DWORD PTR [0x00652318], ebx
mov    DWORD PTR [0x0065233c], 0xFFFFFFFF


count:
mov    BYTE PTR [ebx+0x70], 0
add    BYTE PTR [0x0065231C], 1

cmp    DWORD PTR [0x00652334], 0
jz    def220


fld    DWORD PTR [0x006F94D8]
fstp   DWORD PTR [0x00652324]

mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0065232C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp    BYTE PTR [0x0065231D], 1
je    dist   
cmp    ebx, DWORD PTR [0x00652318]
jne   count
mov    BYTE PTR [0x0065231D], 1
mov    BYTE PTR [ebx+0x70], 1
jmp   return

dist:
cmp    BYTE PTR [0x65231C], 1
je    return
mov    ecx, dword ptr [0x65115C]
mov    ecx, [ecx+0x10]
mov    ecx, [ecx+0x17C]
add    ecx, 0x00000040

fld    dword ptr [ecx]
fsub   dword ptr [ebx+0x24]
fmul   st
fld    dword ptr [ecx+8]
fsub   dword ptr [ebx+0x2C]
fmul   st
faddp
fsqrt
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652324]

cmp    ebx, DWORD PTR [0x00652318]
je    same
cmp    ecx, DWORD PTR [0x0065233C]
jge   return

mov    esi, DWORD PTR [0x00652318]
mov    BYTE PTR [esi+0x70], 0
mov    DWORD PTR [0x00652318], ebx
mov    BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov    DWORD PTR [0x0065233C], ecx
jmp   return


def220:
cmp    DWORD PTR [ebx+0x220], 0x00000064
jnz   return
fild   DWORD PTR [ebx+0x21C]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret

---

 .
     . 
  -     (    ,       ),    dist    (      mse_trfactgenericstatus 0\1)

push ecx
push edi
push esi
mov    esi, [ebx+0x68]
mov    esi, [esi+0x100]
mov    edi, 0x00652340
mov    ecx, 0x00000009
repe cmpsb
jz    def220

cmp    BYTE PTR [0x0065231D], 0
jne   dist

mov    ecx, DWORD PTR [0x00652318]
mov    ecx, [ecx]
cmp    ecx, 0x0063CE20
je    chkcount
mov    DWORD PTR [0x00652318], ebx
mov    DWORD PTR [0x0065233C], 0xFFFFFFFF

count:
add    BYTE PTR [0x0065231C], 1
mov    BYTE PTR [ebx+0x70], 0

cmp    DWORD PTR [0x00652334], 0
jz    def220

fld    DWORD PTR [0x006F94D8]
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0065232C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp    BYTE PTR [0x0065231D], 1
je    dist   
cmp    ebx, DWORD PTR [0x00652318]
jne   count
mov    BYTE PTR [0x0065231D], 1
mov    BYTE PTR [ebx+0x70], 1
jmp   return


dist:
cmp    BYTE PTR [0x65231C], 1
je    return
mov    ecx, dword ptr [0x65115C]
mov    ecx, [ecx+0x10]
mov    ecx, [ecx+0x17C]
add    ecx, 0x00000040

fld    dword ptr [ecx]
fsub   dword ptr [ebx+0x24]
fmul   st
fld    dword ptr [ecx+8]
fsub   dword ptr [ebx+0x2C]
fmul   st
faddp
fsqrt
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652324]

cmp    ebx, DWORD PTR [0x00652318]
je    same
cmp    ecx, DWORD PTR [0x0065233C]
jge   return

mov    esi, DWORD PTR [0x00652318]
mov    BYTE PTR [esi+0x70], 0
mov    DWORD PTR [0x00652318], ebx
mov    BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov    DWORD PTR [0x0065233C], ecx
jmp   return


def220:
cmp    DWORD PTR [ebx+0x220], 0x00000064
jnz   return
fild   DWORD PTR [ebx+0x21C]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


---
     ..


push ecx
push edi
push esi
mov    esi, [ebx+0x68]
mov    esi, [esi+0x100]
mov    edi, 0x00652340
mov    ecx, 0x00000009
repe cmpsb
jz    def220

cmp    BYTE PTR [0x0065231D], 0
jne   dist

mov    ecx, DWORD PTR [0x00652318]
mov    ecx, [ecx]
cmp    ecx, 0x0063CE20
je    chkcount
mov    DWORD PTR [0x00652318], ebx
mov    DWORD PTR [0x0065233C], 0xFFFFFFFF

fld    DWORD PTR [0x00652320]
fabs
fstp   DWORD PTR [0x00652320]
fld    DWORD PTR [0x00652330]
fabs
fstp   DWORD PTR [0x00652330]
cmp    DWORD PTR [0x00652330], 0x3f800000
jle   next
mov    DWORD PTR [0x00652330], 0x3f800000
next:
fild   DWORD PTR [0x0065232C]
fabs
fistp   DWORD PTR [0x0065232C]
cmp    DWORD PTR [0x0065232C], 100
jle   count
mov    DWORD PTR [0x0065232C], 100

count:
add    BYTE PTR [0x0065231C], 1
mov    BYTE PTR [ebx+0x70], 0

cmp    DWORD PTR [0x00652334], 0
jz    def220

fld    DWORD PTR [0x006F94D8]
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0065232C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp    BYTE PTR [0x0065231D], 1
je    dist   
cmp    ebx, DWORD PTR [0x00652318]
jne   count
mov    BYTE PTR [0x0065231D], 1
mov    BYTE PTR [ebx+0x70], 1
jmp   return


dist:
cmp    BYTE PTR [0x65231C], 1
je    return
mov    ecx, dword ptr [0x65115C]
mov    ecx, [ecx+0x10]
mov    ecx, [ecx+0x17C]
add    ecx, 0x00000040

fld    dword ptr [ecx]
fsub   dword ptr [ebx+0x24]
fmul   st
fld    dword ptr [ecx+8]
fsub   dword ptr [ebx+0x2C]
fmul   st
faddp
fsqrt
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652324]

cmp    ebx, DWORD PTR [0x00652318]
je    same
cmp    ecx, DWORD PTR [0x0065233C]
jge   return

mov    esi, DWORD PTR [0x00652318]
mov    BYTE PTR [esi+0x70], 0
mov    DWORD PTR [0x00652318], ebx
mov    BYTE PTR [ebx+0x70], 1

 mov     esi, [ebx+0x68]
 mov     esi, [esi+0x100]
 mov     edi, [esi]
 mov     [0x006619C4], edi
 mov     edi, [esi+4]
 mov     [0x006619C8], edi

same:
mov    DWORD PTR [0x0065233C], ecx
jmp   return


def220:
cmp    DWORD PTR [ebx+0x220], 0x00000064
jnz   return
fild   DWORD PTR [ebx+0x21C]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


--------------

 

push ecx
push edi
push esi
mov    esi, [ebx+0x68]
mov    esi, [esi+0x100]
mov    edi, 0x00652340
mov    ecx, 0x00000009
repe cmpsb
jz    def220

cmp    BYTE PTR [0x0065231D], 0
jne   dist

mov    ecx, DWORD PTR [0x00652318]
mov    ecx, [ecx]
cmp    ecx, 0x0063CE20
je    chkcount
mov    DWORD PTR [0x00652318], ebx
mov    DWORD PTR [0x0065233C], 0xFFFFFFFF

fld    DWORD PTR [0x00652320]
fabs
fstp   DWORD PTR [0x00652320]
fld    DWORD PTR [0x00652330]
fabs
fstp   DWORD PTR [0x00652330]
cmp    DWORD PTR [0x00652330], 0x3f800000
jle   next
mov    DWORD PTR [0x00652330], 0x3f800000
next:
fild   DWORD PTR [0x0065232C]
fabs
fistp   DWORD PTR [0x0065232C]
cmp    DWORD PTR [0x0065232C], 100
jle   count
mov    DWORD PTR [0x0065232C], 100

count:
add    BYTE PTR [0x0065231C], 1
mov    BYTE PTR [ebx+0x70], 0

cmp    DWORD PTR [0x00652334], 0
jz    def220

fld    DWORD PTR [0x006F94D8]
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652320]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x00652324], ecx
jle   limok
mov    DWORD PTR [0x00652324], ecx

limok:
fld    DWORD PTR [0x00652324]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x00652328]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x00652328]
fmul   DWORD PTR [0x00652330]
fld    DWORD PTR [0x00652324]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x00652324]
fld    DWORD PTR [0x00652338]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0065232C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp    BYTE PTR [0x0065231D], 1
je    dist   
cmp    ebx, DWORD PTR [0x00652318]
jne   count
mov    BYTE PTR [0x0065231D], 1
mov    BYTE PTR [ebx+0x70], 1
jmp   return


dist:
cmp    BYTE PTR [0x65231C], 1
je    return
mov    ecx, dword ptr [0x65115C]
mov    ecx, [ecx+0x10]
mov    ecx, [ecx+0x17C]
add    ecx, 0x00000040

fld    dword ptr [ecx]
fsub   dword ptr [ebx+0x24]
fmul   st
fld    dword ptr [ecx+8]
fsub   dword ptr [ebx+0x2C]
fmul   st
faddp
fsqrt
fstp   DWORD PTR [0x00652324]
mov    ecx, DWORD PTR [0x00652324]

cmp    ebx, DWORD PTR [0x00652318]
je    same
cmp    ecx, DWORD PTR [0x0065233C]
jge   return

mov    esi, DWORD PTR [0x00652318]
mov    BYTE PTR [esi+0x70], 0
mov    DWORD PTR [0x00652318], ebx
mov    BYTE PTR [ebx+0x70], 1

same:
mov    DWORD PTR [0x0065233C], ecx
jmp   return


def220:
cmp    DWORD PTR [ebx+0x220], 0x00000064
jnz   return
fild   DWORD PTR [ebx+0x21C]
fmul   DWORD PTR [0x00656154]
fistp  DWORD PTR [ebx+0x220]

return:
mov    al, BYTE PTR [0x00656161]
pop esi
pop edi
pop ecx
ret


5157568B73688BB600010000BF40236500B909000000F3A60F84BE010000803D1D236500000F854B0100008B0D182365008B0981F920CE63000F8412010000891D18236500C7053C236500FFFFFFFFD90520236500D9E1D91D20236500D90530236500D9E1D91D30236500813D302365000000803F7E0AC705302365000000803FDB052C236500D9E1DB1D2C236500833D2C236500647E0AC7052C2365006400000080051C23650001C6437000833D34236500000F8422010000D905D8946F00D91D242365008B0D2023650085C9740E390D242365007E06890D24236500D90524236500D9932C020000D80528236500D99324020000D82528236500D80D30236500D90524236500DEE9D9E1D99B28020000D90524236500D90538236500DEF9DB831C020000DEC9D80D54616500DB9B200200008B0D2C236500398B200200000F8EB1000000898B20020000E9A6000000803D1D23650001741C3B1D182365000F853CFFFFFFC6051D23650001C6437001E981000000803D1C2365000174788B0D5C1165008B49108B897C01000083C140D901D86324D8C8D94108D8632CD8C8DEC1D9FAD91D242365008B0D242365003B1D18236500741C3B0D3C2365007D378B3518236500C6467000891D18236500C6437001890D3C236500EB1B83BB20020000647512DB831C020000D80D54616500DB9B20020000A0616165005E5F59C3




----
:
00652334(long)	01000000	TrfDistGetCameraDist(0\1)		1
 00652320(float)00008C43	TrfDistLimit(m)				280
 00652330(float)CDCCCC3D*	TrfGenericArea(%)			10	
 0065232C(long)	64000000	TrfCarsCountLimit(0-100)		100		

* float=%/100

-:
 :   
 :   DEFTRAFF_*

 :
00652318(dword) 00006400	ActiveActorIdentificator
0065231C(byte)  00		MultiactorsCounter
0065231D(byte)  00		CounterStopflag
00652324	00000000	temp
00652328(float)	0000A041	delta_dist
00652338(float) 00003443	DefaultTrfDist 180
0065233C(float)	00000000	MinActorsDist
00652340(string)		text 'DEFTRAFF_'
00652350(long)	64000000	DefaultTrfCarsCountMax	



==============================================

   1.0\1.2 ...


0063CE20\00624C98 -  

004FBA9C\004AFC5C   mov     al, byte_63D809  	 -    2



--
   1.0
mov     eax, off_65115C    
mov     ecx, [eax+10h]
mov     esi, [ecx+17Ch]
add     esi, 40h


   1.2
mov     eax, off_63788C
mov     ecx, [eax+10h]
mov     esi, [ecx+17Ch]
add     esi, 40h

--

1  1.2:

Game1.2.exe+B5A50 - DB 86 1C020000        - fild dword ptr [esi+0000021C]
Game1.2.exe+B5A56 - D8 0D FCD76300        - fmul dword ptr [Game1.2.exe+23D7FC] { [1.00] }

  4B5A50..
 DB861C020000D80DFCD76300    


--
 .  0063AA78  1.2..

   1.0:

:
00652334(long)	01000000	TrfDistGetCameraDist(0\1)		1		0063AA94
 00652320(float)00008C43	TrfDistLimit(m)				280		0063AA80
 00652330(float)CDCCCC3D*	TrfGenericArea(%)			10		0063AA90
 0065232C(long)	64000000	TrfCarsCountLimit(0-100)		100		0063AA8C	

* float=%/100

-:
 :   
 :   DEFTRAFF_*

 :
00652318(dword) 00006400	ActiveActorIdentificator	0063AA78
0065231C(byte)  00		MultiactorsCounter		0063AA7C
0065231D(byte)  00		CounterStopflag			0063AA7D
00652324	00000000	temp				0063AA84	
00652328(float)	0000A041	delta_dist			0063AA88
00652338(float) 00003443	DefaultTrfDist 180		0063AA98
0065233C(float)	00000000	MinActorsDist			0063AA9C
00652340(string)		text 'DEFTRAFF_'		0063AAA0
00652350(long)	64000000	DefaultTrfCarsCountMax		0063AAB0


--
 2    0063AAC0


   1.2...



push ecx
push edi
push esi
mov    esi, [ebx+0x68]
mov    esi, [esi+0x100]
mov    edi, 0x0063AAA0
mov    ecx, 0x00000009
repe cmpsb
jz    def220

cmp    BYTE PTR [0x0063AA7D], 0
jne   dist

mov    ecx, DWORD PTR [0x0063AA78]
mov    ecx, [ecx]
cmp    ecx, 0x00624C98
je    chkcount
mov    DWORD PTR [0x0063AA78], ebx
mov    DWORD PTR [0x0063AA9C], 0xFFFFFFFF

fld    DWORD PTR [0x0063AA80]
fabs
fstp   DWORD PTR [0x0063AA80]
fld    DWORD PTR [0x0063AA90]
fabs
fstp   DWORD PTR [0x0063AA90]
cmp    DWORD PTR [0x0063AA90], 0x3f800000
jle   next
mov    DWORD PTR [0x0063AA90], 0x3f800000
next:
fild   DWORD PTR [0x0063AA8C]
fabs
fistp   DWORD PTR [0x0063AA8C]
cmp    DWORD PTR [0x0063AA8C], 100
jle   count
mov    DWORD PTR [0x0063AA8C], 100

count:
add    BYTE PTR [0x0063AA7C], 1
mov    BYTE PTR [ebx+0x70], 0

cmp    DWORD PTR [0x0063AA94], 0
jz    def220

fld    DWORD PTR [0x00647E90]
fstp   DWORD PTR [0x0063AA84]
mov    ecx, DWORD PTR [0x0063AA80]
test   ecx, ecx
jz    limok
cmp    DWORD PTR [0x0063AA84], ecx
jle   limok
mov    DWORD PTR [0x0063AA84], ecx

limok:
fld    DWORD PTR [0x0063AA84]
fst    DWORD PTR [ebx+0x22C]
fadd   DWORD PTR [0x0063AA88]
fst    DWORD PTR [ebx+0x224]
fsub   DWORD PTR [0x0063AA88]
fmul   DWORD PTR [0x0063AA90]
fld    DWORD PTR [0x0063AA80]
fsubp
fabs
fstp   DWORD PTR [ebx+0x228]

fld    DWORD PTR [0x0063AA84]
fld    DWORD PTR [0x0063AA88]
fdivp  st(1),st
fild   DWORD PTR [ebx+0x21C]
fmulp  st(1),st
fmul   DWORD PTR [0x0063D7FC]
fistp  DWORD PTR [ebx+0x220]

mov    ecx, DWORD PTR [0x0063AA8C]
cmp    DWORD PTR [ebx+0x220], ecx
jle   return 
mov    DWORD PTR [ebx+0x220], ecx
jmp   return


chkcount:
cmp    BYTE PTR [0x0063AA7D], 1
je    dist   
cmp    ebx, DWORD PTR [0x0063AA78]
jne   count
mov    BYTE PTR [0x0063AA7D], 1
mov    BYTE PTR [ebx+0x70], 1
jmp   return


dist:
cmp    BYTE PTR [0x0063AA7C], 1
je    return
mov    ecx, dword ptr [0x63788C]
mov    ecx, [ecx+0x10]
mov    ecx, [ecx+0x17C]
add    ecx, 0x00000040

fld    dword ptr [ecx]
fsub   dword ptr [ebx+0x24]
fmul   st
fld    dword ptr [ecx+8]
fsub   dword ptr [ebx+0x2C]
fmul   st
faddp
fsqrt
fstp   DWORD PTR [0x0063AA84]
mov    ecx, DWORD PTR [0x0063AA84]

cmp    ebx, DWORD PTR [0x0063AA78]
je    same
cmp    ecx, DWORD PTR [0x0063AA9C]
jge   return

mov    esi, DWORD PTR [0x0063AA78]
mov    BYTE PTR [esi+0x70], 0
mov    DWORD PTR [0x0063AA78], ebx
mov    BYTE PTR [ebx+0x70], 1

same:
mov    DWORD PTR [0x0063AA9C], ecx
jmp   return


def220:
cmp    DWORD PTR [ebx+0x220], 0x00000064
jnz   return
fild   DWORD PTR [ebx+0x21C]
fmul   DWORD PTR [0x0063D7FC]
fistp  DWORD PTR [ebx+0x220]

return:
mov    al, BYTE PTR [0x0063D809]
pop esi
pop edi
pop ecx
ret














---
 ?

mov     dword_63D804, 3F800000h
mov     dword_63D800, 3F800000h
mov     dword_63D7FC, 3F800000h

-

mov     eax, dword_6D454C -  
mov     edx, dword_6D4554
mov     dword_63D7FC, eax -  
mov     eax, dword_6D4550
mov     dword_63D804, edx
mov     dword_632638, eax
mov     dword_63263C, edx
mov     eax, [ecx+94h]























		


---------------

 1.0:
0063E390  float 230 = cache_distance(?)
005A89Ca  float 200 = ?     -50.        3.
006F94D8  float   = scene2 .(    ).      (  2   Skip Max Distance  ,   )
006F94D4  float (0.3...1.0) =    .

  2     .





================================
ASM 
Hm the camera rotation vector: 0x006F910C/0x006BCA1C/0x006BDAEC for 1.0/1.1/1.2
Not sure if that's what you're after.
Position might be nearby.





========================
  _   ( )..

:

 
+70  = 1
+218 (   )
+21  
+220    21

   sub_5012E0(   ).    .


:
   +21
---

  sub_5012E0( 220  21)  : 
    (  ),        220   21,      21.     +21   !



    2.

===========================




===================
4F794B:

mov     edx, [esi+218h]
mov     edi, dword_656168
add     edx, edi
mov     edi, [esi+220h]
cmp     edx, edi
jl      short loc_4F796E

  656168   ,    218    220.

     656164

      +150h  +155h  

--

sub_5053A0   656168  1    0.

loc_5050E4:    1
mov     edx, dword_656168
mov     edi, [esp+1B4h+var_1A0]
inc     edx
mov     dword_656168, edx


--
   :

005060D5 - 8B 44 24 44  - mov eax,[esp+44]
005060D9 - 46 - inc esi
005060DA - 89 35 64616500  - mov [Game1.0+.exe+256164],esi <<
005060E0 - 50 - push eax
005060E1 - 8B 08  - mov ecx,[eax]

-
   :

005050EA - 8B 7C 24 14  - mov edi,[esp+14]
005050EE - 42 - inc edx
005050EF - 89 15 68616500  - mov [Game1.0+.exe+256168],edx <<
005050F5 - 8B 47 08  - mov eax,[edi+08]
005050F8 - 8B 57 0C  - mov edx,[edi+0C]


==================================

 ..
 
004FB1D6	fcom    ds:flt_63CED0  (1.57)    63B364 (3.14)

 (


004FB9F1	fcom    ds:flt_63CED0  (1.57)    63B364 (3.14)

 (

00fb384		fcom    ds:flt_63CED0


00FB412..

00FC783..

004FA17A..

======================================================
  _..

+21F4 =  ?? 

005C6327  push 21F4h
00468E01  push 21F4h
0050211F 
005049f5
00505457
0050617f
005CCFEC
005FEE0E      - sub_5FED70     36 .     .

  25F4    400h   _. 
     .          21f8   400h

       (    3_)


-
sub_474CF0     21F4  2250 .    _(   _ 04    .    +0 )
==========================================================



==================================================================
    sub_52A670 ?
--

  +D14   	sub_52D480:


0052DC00 - 8B 87 A40C0000  - mov eax,[edi+00000CA4] <<
0052DC06 - 3B C3  - cmp eax,ebx
0052DC08 - 74 2C - je Game.exe+12DC36

EAX=0A75B800 -  
EBX=00000000
ECX=2000001D
EDX=00000005
ESI=3DA9FBE8
EDI=0AC600B8
ESP=0018F810
EBP=0AC604CC
EIP=0052DC06

 
 0A75B800( +0h) = 100982E8 .   _   .          call dword [xxx+yyh]


 +100h =  TomyhoAuto.SWHEEL
 +104h =      SWHEEL 


--

  Game.exe+24C888 ( SWHEEL)      . N    (38  )
  3 .
    .    (   +D14 = 01000000)

10094463 - 8A 27  - mov ah,[edi] <<
10094465 - 47 - inc edi
10094466 - 38 C4  - cmp ah,al

EAX=101C5341
EBX=090737A8
ECX=00000000
EDX=00000001
ESI=0AC4119C
EDI=0064C888
ESP=0018E030
EBP=0018E03C
EIP=10094465
--

   HEAD (0064C7FC)    39   .

10094463 - 8A 27  - mov ah,[edi] <<
10094465 - 47 - inc edi
10094466 - 38 C4  - cmp ah,al

EAX=101C4846
EBX=0B0C8980
ECX=00000005
EDX=00000020
ESI=0B144A9C
EDI=0064C7FC
ESP=0018F4A8
EBP=0018F4B4
EIP=10094465


==================================================
    ..

     .  1-9  3..


101C1428

101C12A0


  \ '1'   101C1428+2  80h

   :

ESC=+1


==========================================
   :

loc_44FAAD:
inc     eax
mov     [esp+14Ch+var_F4], eax
push    eax
lea     eax, [esp+150h+Dest]
push    offset aDummy0I ; "Dummy0%i"
push    eax             ; Dest
call    _sprintf
mov     eax, [ebp+68h]
add     esp, 0Ch
lea     edx, [esp+14Ch+Dest]
mov     ecx, [eax]
push    0FFFFh
push    edx
push    eax
call    dword ptr [ecx+38h]
mov     esi, eax
test    esi, esi
mov     [ebx+6Ch], esi
jz      loc_44FF22


---
    4   (      .      4 ).  ebx       (       ).
loc_45036D:
inc     ebx
lea     edx, [ebx-1]
cmp     edx, 3
jl      loc_44FFCF


---
    4   . eax      .

loc_44FF28:
mov     edx, [esp+14Ch+var_130]
mov     eax, [esp+14Ch+var_F4]
add     ebx, 4
add     edx, 40h
cmp     eax, 4



======================================

loc_5C2157:                             ; CODE XREF: .text:005BB32Cj
.text:005C2157                                         ; DATA XREF: .text:off_5C7700o
.text:005C2157                 mov     ecx, off_65115C ; jumptable 005BB32C case 205
.text:005C215D                 call    sub_4253A0
.text:005C2162                 mov     ecx, [eax]
.text:005C2164                 push    eax
.text:005C2165                 call    dword ptr [ecx+0F0h]    --   \. 205=?  
.text:005C216B                 jmp     loc_5C76DA 



=====================================
    (10 = +00)

loc_4DB322:
mov     esi, eax
mov     edi, offset aMetro_i3d ; "metro.i3d"
mov     ecx, 0Ah		;     05      'metro'
xor     eax, eax
repe cmpsb
jnz     short loc_4DB33B


metro mask editing:
mafia1.0: address 004DB32A, changing 0A ->05
mafia1.2: address 0048A3FA, changing 0A ->05

=================================
 :

sub_477330 proc near
push    esi
mov     esi, ecx
call    sub_44B6D0
mov     dword ptr [esi], offset off_63BEB8         -  34
mov     dword ptr [esi+10h], 22h                   - _ 34 
mov     eax, esi
pop     esi
retn

---
loc_5FF2F1:             ; jumptable 005FED95 case 33
push    88h           - 


---

00655314 =  _     .  .  2016 .....2?  2+
006552CC =  _.  .    =  .( .  74  )



---

    +60h :

sub_1002D5B0:   SetRot3@S_matrix       -    sub_1001A4A0
1002D6AA - D9 58 08  - fstp dword ptr [eax+08]
1002D6AD - D8 44 24 00  - fadd dword ptr [esp+00]
1002D6B1 - D9 58 10  - fstp dword ptr [eax+10] <<
1002D6B4 - D9 44 24 04  - fld dword ptr [esp+04]
1002D6B8 - D8 44 24 18  - fadd dword ptr [esp+18]

EAX=16BAF370
EBX=0E5E11C8
ECX=16BAF3BC
EDX=00000002
ESI=16BAF320 -   
EDI=16BAF370
ESP=0018F6F8
EBP=0E5E1118
EIP=1002D6B4


sub_1001A4A0:
1001A4EA - D9 46 60  - fld dword ptr [esi+60]
1001A4ED - D8 8E 94000000  - fmul dword ptr [esi+00000094]
1001A4F3 - D9 5E 60  - fstp dword ptr [esi+60] <<
1001A4F6 - D9 86 94000000  - fld dword ptr [esi+00000094]
1001A4FC - D8 4E 64  - fmul dword ptr [esi+64]

EAX=16BAF370
EBX=0E5E11C8
ECX=16BAF3BC
EDX=00000002
ESI=16BAF320
EDI=101C11D0
ESP=0018F724
EBP=0E5E1118
EIP=1001A4F6

=======================================================

  _ (0063BC08):

80 33 47 00 90 35 47 00 50 37 47 00 40 3B 47 00 
40 3E 47 00 70 B4 44 00 60 8A 54 00 80 8A 54 00 
A0 8A 54 00 20 3B 47 00 50 89 54 00 00 89 54 00 
00 B7 60 00 40 68 46 00 80 6B 46 00 60 AD 59 00 
20 2C 46 00 B0 53 42 00 30 2D 46 00 A0 4F 46 00 
90 50 46 00 50 4F 46 00 40 2F 47 00 60 2F 47 00 
30 31 47 00 90 5D 46 00 80 66 46 00 60 0F 47 00 
40 11 47 00 40 4A 57 00 B0 C1 46 00 70 A6 46 00 
B0 A5 46 00 50 BA 46 00 A0 CF 44 00 00 77 47 00 
F0 76 47 00 60 11 47 00 90 C6 59 00 C0 AB 59 00 
50 AD 59 00 50 B8 53 00


====================
sub_10018BB0 -    (12 )


====================

sub_5DC240    ((), ( , , , _  ), , ).
   . .




=======================
         :

loc_5A809D:
push    edi
lea     edx, [esp+1A0h+Dest]
push    offset aModelSNotFound ; "model \"%s\" not found."	;  
push    edx             ; Dest
call    _sprintf
add     esp, 0Ch
lea     eax, [esp+19Ch+Dest]
push    0               ; uType
push    offset Caption  ; "Chybi model"				;  
push    eax             ; lpText
mov     eax, dword_6F9528
push    eax
mov     ecx, [eax]
call    dword ptr [ecx+10h]
push    eax             ; hWnd
call    ds:MessageBoxA						;    ?

push    edi             ; lpMem
call    sub_6243AC
add     esp, 4
lea     ecx, [esp+19Ch+var_9C]
mov     [esp+19Ch+var_4], 2
call    sub_566200
lea     ecx, [esp+19Ch+var_F8]
mov     [esp+19Ch+var_4], 0FFFFFFFFh
call    sub_566200
mov     eax, 4
jmp     short loc_5A8160



-
005F9A17: 	call sub_624070 -  .     ..

loc_62408F:             
push    15h		; uType
push    0               ; lpCaption
push    offset aPleaseInsertMa ; "Please insert MAFIA CD 1"
push    0               ; hWnd
call    esi ; MessageBoxA


===================================================

sub_4EA120  -   floatreg_push

    (             ,   ,        ?)

--

   _..

 _:
+0	08C06300	 _ 63C008

+10	05000000	_(05=)
+14	01000000	? ??
+18	ZZZZ0000	  _    (?)( ,  ;    8401  8501 = 388  389 = .  )
+1C	0X000000	? 
+20	0		?
 34  (?)
+54	0		?
+58			  (?)  
+5	01010001	_    (?)
+60	0		?
+64			_     (?)(01000000  ,00000100    change_mission, 00010100   load_z_mesta,.)
+68			  (     )
+6			?   
+70	A406300	 ?
+74	0		? 
+78			  
+7	0X000000	?
+80			 
+84			 
+88			 
+8C	0X000000	?   (   04,    0F).  +78=0,   00000000
+90	0Y000000	?   (   04,    0F).  +78=0,   FFFFFFFF
+94			?  _  2000     0(    ctrl_read,        ,    )
+98			? 0  ?
+9			? 0  ?
+A0	0X000000	?
+A4			? 0  ?
+A8			? 0  ?
+AC			? 0  ?
+B0	0		? ?
+B4			   
+B8			   flt [dim_flt]
+BC			=-   (  flt = +BC*4)
+C0			   act [dim_act]
+C4			=-   (  act = +C4*4)
+C8			   frm [dim_frm]
+CC			=-   (  frm = +CC*4)
..



===============================================

.  truckmorhp00.4ds         - HEAD.[7.5,1]





===========================================

DEBUGGING

 101C1233  = 01.  ,   log.txt  .

   =01: 
1.0:  15a7a  LS3D.DLL,  6  881D33121C10  
1.2:  1591  LS3D.DLL,  6  881D93521C10


DEBUGGING unlocking:

mafia1.0: address 10015a7a, nops 6 bytes 881D33121C10
mafia1.2: address 1001591, nops 6 bytes 881D93521C10

-
  101C1588     .


-
sub_10003DC0.      
sub_100482F0.     

-
sub_10079606   -   .    DDERR_NOZBUFFERHW

-
sub_40CCA0 -  



==========================
 101B0568  .  _      .    .

+90 (101B05F8)    8.        .

---

 101C16AC  = 00\01 = \

 1011688\101178 =  =   \  .





========================================================


    :

   _+AE ( 00\20 = if car in camera)..
  2  .    4  :


100402EA - 8B 86 AC000000  - mov eax,[esi+000000AC] <<
1004030C - 8B 86 AC000000  - mov eax,[esi+000000AC] <<
1004090E - 8B 8E AC000000  - mov ecx,[esi+000000AC] <<
1004091F - 89 8E AC000000  - mov [esi+000000AC],ecx <<

    sub_10040060        .
    -  (      )   = 2000.

    ,    _(  ).
    (    ,        )

  sub_10041A60         10h.  (  _     _)....



========================================================
        :


 .  0063BC08 ()    

473380
473590
473750
473B40
473E40
44B470
548A60
548A80
548AA0
473B20
548950
548900
466840 =+34  .     .     340-420    . 
 52C3B0       .
   52C3B0   51A920

466B80      .   .
59AD60
462C20
4253B0
462D30
464FA0
465090
464F50
472F40
472F60
473130
465D90     cars low shadow
466680
470F60
471140
46C1B0
46A670
46A5B0
46BA50
44CFA0
477700
471160
59C690   . , ..
59ABC0
59AD50
53B850

   .





===============================================================================




       no_occluder..


   :

1001AE00  .   ,   ._    .
1001C800  .  ,      .     .

 .     .

-----

sub_10041A60

    call  sub_10040060  -  .  (  )




---
  -  .  _   _ .

   _ - @plsloup.4ds

--
..

:  _ <1154   .

-
: off77seg54          _.  @plsloup.4ds
	 off217seg27 -   .  plot07.4ds

-
:      .    []  .      .
   =1(+214 )


  .  ,   
  F1

findframe 2,"GameCamera"

label Main1
commandblock 0
ctrl_read 10, objectives
if flt[10] = 1, -1, Main1

findframe 4,"Tommy"
frm_getworldpos 4,4
let flt[8]=1000
findframe 1,"Primary sector"
frm_getnumchildren 1,0
freeride_scoreset flt[0]

commandblock 1

label poi
//freeride_scoreset flt[0]
if flt[0]=0,Main1,-1
let flt[0]=flt[0]-1
findframe 1,"Primary sector"
frm_getchild 1,flt[0]
frm_getworldpos 1,1
vect_sub_vect 1,4
vect_magnitude 1,7
if flt[7]<flt[8],-1,poi

compareframes 1,2,10
if flt[10]=0,-1,poi

let flt[8]=flt[7]
 let flt[9]=7
setcompass 1
frm_getchild 1,0
frm_ison 1,9
frm_setalpha 1,9
mse_debug_watch
freeride_scoreset flt[9]
goto poi


-
:     - .  "@"  ..   (   ).
    3 .      "9".

-
 _ ..
   +13 ().   ...2 :


1. sub_10040060        --

			     mov  ecx, dword_100ABBF4	;     (_?)
1004092B - 89 8E 3C010000  - mov [esi+0000013C],ecx <<



2. sub_100622D0     .     .     sub_1005ED80 (5 )
100622E6 - 89 88 3C010000  - mov [eax+0000013C],ecx <<



-
    :

		 		 
+AC		7D 01 00 20		7D 01 20 20

  3. 



-
off77seg54       _   . .
off77seg9        _ 
off217seg27 -   .  plot07

  _..
   -    _:

5  1, 1 2, 1 43 - .
    _+84 (_)..

1	00604D07 - 8B 06  - mov eax,[esi]	 +84
2	1001C871 - 8B 16  - mov edx,[esi]	 +44
1	005A8D38 - 8B 08  - mov ecx,[eax]	 +18
1	1001C8B0 - 8B 17  - mov edx,[edi]	 +44
43	005FFE82 - 8B 28  - mov ebp,[eax]	  ,  +7
1	005FFE17 - 8B 08  - mov ecx,[eax]	 +84
1	005FFE2F - 8B 08  - mov ecx,[eax]	  


--
            .     +1E4(  ),  +214 .
 +214  1   .
    +1E4..


sub_100369E0:       OBJ_  LENS  .     +68.    .    .     .
10036C51 - 89 BC 83 E4010000  - mov [ebx+eax*4+000001E4],edi <<



-
    +214 :

    (+.),    3    :

100626D1 - D8 8F 14020000  - fmul dword ptr [edi+00000214] <<
100377C1 - D8 8B 14020000  - fmul dword ptr [ebx+00000214] <<
10037E38 - D8 88 14020000  - fmul dword ptr [eax+00000214] <<


      (  ),   2 ( 41  ):

sub_100368C0: -  +84(_)
100368CE - D9 81 14020000  - fld dword ptr [ecx+00000214] <<
10036900 - 89 81 14020000  - mov [ecx+00000214],eax <<		    , 

     (  +1E4, +214  )   .   .
  .       ( +214=1,    0 ),   2  ,    .


,  +214       3   (    ).
      +214.  -     @      _ >1154..
  ( + )  +214   .   .

-
  ..     :

sub_604CE0 -   sub_5A8F90,   (     ) sub_5A8A20,     push offset aOffIsegI ; "off%iseg%i".
1	00604D07 - 8B 06  - mov eax,[esi]	 +84 -     

   .   sub_5A8A20   ( ).

     0  +214 .......

00604D0A	push    0	-     +214 .      .   ( )
		push    esi
		mov     [esi+4], ebp
		call    dword ptr [eax+84h]


  ....
...
005A90BA:
mov     eax, [ebx]
push    2BCh			-   (?).    FFFF      !
push    esi			-  +30
push    ebx			-  +30
call    dword ptr [eax+30h]	-   (_   ), +30 = sub_1001BD60
mov     ecx, off_65115C
push    eax
call    sub_604CE0              -   

   sub_604CE0  :
...
00604CF5:
mov     bx, word ptr [esp+18h+arg_4]
cmp     bx, 53h				 - bx  53h    .      FFFF   .
jl      loc_604EDB



    -  :

push 2BCh  -   push  FFFFh (68BC020000 -> 68FFFF0000)

 1.0 \ 1.1 \ 1.2 = 005A90BC \ 00402C6C \ 00402C8C



==========================================================================

 101B03D0   -   .  _.  :


sub_10041A60 -  . . 		- 10041A78 - 89 1D D0031B10  - mov [ls3df.dll+1B03D0],ebx <<

sub_10041270 -  .   .	- 10041276 - A1 D0031B10 - mov eax,[ls3df.dll+1B03D0] <<

sub_10040060 -  . .    .
	- 1004019A - A1 D0031B10 - mov eax,[ls3df.dll+1B03D0] <<
	- 100407B2 - A1 D0031B10 - mov eax,[ls3df.dll+1B03D0] <<




---

sub_10037940 -  _ 


 101C1410 =  00\01


 :
+FC	65179e70 - d3d8.dll
+C8	65179bc0 - d3d8.dll



---
sub_56E500    stop gate vers base.     (?  63DEC4)

sub_56C1D0   

sub_5771B0    .   63DEC4


sub_6005A0 -   2?



=====================================================================================
WEAPON


player_base= [6F9464]+[e4]

+4A0 =    
+4A4 =     
+4A8 =     

+564 =    weapon
+568 = 
+5AC =   weapon.zaver1 (?) ()  

-
sub_55BE70   -     (-1  +4A4).       ( ).

  004A5F49 - 8B 50 04  - mov edx,[eax+04] <<


-
    :

loc_4AD81C:             ; jumptable 004AD815 cases 6-8
mov     eax, [esi+564h]			;    weapon
push    0FFFFh				; ffff=  ?
push    offset aCylinder ; "cylinder"	;  
push    eax
mov     ecx, [eax]
call    dword ptr [ecx+38h]		;   .  , . eax=   
jmp     loc_4ADA78



--
   37    ...

sub_48A0D0 -  37( _ 0063C280).   4 .


  :

loc_5BDA53:              ; jumptable 005BB32C case 85   -  CREATEWEAPONFROMFRAME
...
005BDBF4     call  sub_48A0D0


 37:
+0	80C26300	 _ (63C280=37)
+4	0
+8	0
+	0100
+10	25000000	_ = 37
+14	01
+18			= .   ( 37(?)  1)
+1	00000000
+20	0
+24			_.      .  (  ).
+28
+2
+30
..
+4			   ( 2   ?)
..
+10			_  .    .
..


   :
+0			    2 :  ?( +48= .  (1)    )
+4			     (    )
+	0000
+1	02000000
..
+4	00000000


-
     "1. "   (   )..

int __cdecl write_char(int, FILE *File, int) _write_char proc near:
006290A8 - 88 02  - mov [edx],al <<
006290AA - FF 01  - inc [ecx]
006290AC - 0FB6 C0  - movzx eax,al

EAX=00000031
EBX=00000000
ECX=0018F7E4
EDX=07CEC388	  .     +40("2. ").   -0  =02000000( ?)
ESI=0018F784
EDI=0018F7B8
ESP=0018F544
EBP=0018F544
EIP=006290AA





-
      -  ..
            .





===================================================

 ,  :

sub_4AE830 proc near
push    esi
push    edi
mov     esi, ecx
call    sub_44B6D0
mov     ecx, 12h
xor     eax, eax
lea     edi, [esi+74h]
rep stosd
mov     dword ptr [esi], offset off_63C568
mov     dword ptr [esi+10h], 1Fh		; 31
mov     eax, esi
pop     edi
pop     esi
retn


==================================================

DOOR0

   DOOR0  ..


2      \(40    40   ):

005242A8 - 8B 0E  - mov ecx,[esi] <<

sub_523FA0(float):   -  \ .     "".  =.
...
mov     ecx, [esi]
call    dword ptr [ecx+18h]
...


1001C8B0 - 8B 17  - mov edx,[edi] <<     +18h?


--
 .   2 :

sub_519A70(int, float, char) -     (  ?)

sub_52D480 -   ,  .





---
  DOOR2.[DEFORM BODY,I]    2 .    - 

 I :

loc_50A5B4:
cmp     byte ptr [eax+esi], 49h			; 49=  I
jnz     short loc_50A5C2
or      byte ptr [esp+1C4h+var_E4], 4		;   4  -  .  or 4 =  1  3  
loc_50A5C2:
mov     eax, [edx]
push    10001h
push    offset aWindow  ; "WINDOW*"
...



  :
or      byte ptr [esp+1C4h+var_E4], 0Ch		;    .  1  3  4  



  :  I  ,           .

    I       
     ,   .

===============================================

 SEAT     CFCCCC3D..

  100978C0, ,  SEAT0.   ,  BODY.

     ,    . -?


=============================================

address 006613D5  = 00\02 =   .

  ..

:

2209	004C7AE1 - A3 D4136600 - mov [006613D4],eax
66	004C7375 - A3 D4136600 - mov [006613D4],eax
2198	004C9082 - A3 D4136600 - mov [006613D4],eax

sub_56CCC0:
5	0056CD20 - A3 D4136600 - mov [006613D4],eax	;    1 
5	0056E16E - 89 0D D4136600  - mov [006613D4],ecx	;    1 


--
:  ..

    0 1 :

004A2792 - 8B 0D D4136600  - mov ecx,[006613D4]
004A279B - 89 0D D4136600  - mov [006613D4],ecx
004A2B19 - 8B 15 D4136600  - mov edx,[006613D4]
004A2B23 - 89 15 D4136600  - mov [006613D4],edx

   :

00491D91 - 8B 0D D4136600  - mov ecx,[006613D4]		1 
00491D9D - 89 0D D4136600  - mov [006613D4],ecx		1 

 ..
0054E978 - 8B 85 A4900000  - mov eax,[ebp+000090A4]
004CB443 - A1 D4136600 - mov eax,[006613D4]
004CB452 - A3 D4136600 - mov [006613D4],eax
004C9998 - A1 D4136600 - mov eax,[006613D4]
004C99A7 - A3 D4136600 - mov [006613D4],eax


    1 :

004A31D4 - 8B 15 D4136600  - mov edx,[006613D4]
004A31E2 - 89 15 D4136600  - mov [006613D4],edx

  :

2 ..
004CCCE9 - A1 D4136600 - mov eax,[006613D4]
004CCCF9 - A3 D4136600 - mov [006613D4],eax
004CCCFE - A1 D4136600 - mov eax,[006613D4]
004CCD08 - A3 D4136600 - mov [006613D4],eax

1 ..
0049F1CA - A1 D4136600 - mov eax,[006613D4]
0049F1D2 - A3 D4136600 - mov [006613D4],eax



---

sub_56CCC0    , .  sub_42A660 -       63B45C(   _  _)..

sub_411640:
mov     dword ptr [esi], offset off_63B488 		-   _
mov     dword ptr [esi+0A9Ch], offset off_63B45C  	- 
 



===================================================
  :


I3D_frame::SetName()    sub_1001B4B0( ).   PRTB   MaraJe(   ).

-
sub_1001BDB0      .    .   .

-
sub_1004E6B0   .     


==================================================


sub_4CDB60   -   .   .



============================================

sub_558180 loads savegames seem

  3 (2 )...

GOLOD55 
i found file name into 558180
mov eax,[esi+7C]   stores 48020000. it is = 584 dec = mafia00X.584 = freeride saveloading
mov ecx,[esi+28]  stores X seem

GOLOD55 
aa we going to loc_5F9C65:    ; jumptable 005F9C5E case 19
eax=02
i loading freeride
so sub_5F99B0  calling our 558180 at loc_5F9C65

GOLOD55 
mov     ecx, offset word_671FB0        this address is our esi in 558180
so it is constant for 1.0
so we may set filename as we want


-----
 sub_5F99B0.   16  -     ..


-
 :
mov     dword ptr [eax+4], 23101976h	-    .  ?    3  .
mov     dword ptr [eax+8], 10072002h

      76191024,        .     ,  .            .

   ,    +  (     ?)

   ,    .

   3    76191024,       .       _.


==============================

:      .


---
 :
Game.exe+2724C8 =   (=0\1\2).

 (  )   :
0054E31E - A1 C8246700 - mov eax,[Game.exe+2724C8] <<

 
loc_54E2E8:
test    byte ptr [ebp+90A4h], 20h -     (?) ebp=658330,   =4  \ , 					=E4   (C6\E6   )
jz      loc_54E8A8


---
  _(6F9464+e4+xx),  :

xx=71=75 -  ()   (   ).

xx=1E5 = =0   (\\ ), = 1  .




---

        1E5-.












