Yes, it's mike3.
I think I've SOLVED the weird tome mystery!
To do it, I used ADOM gamma 12 and GDB (GNU Debugger). The crack
proceeded as follows:
I started up GDB with "GDB adomg12.exe". Then, after using some EXE
looking to get the procedure name, I used "disassemble ReadBook". This
produced the following assembler dump:
Dump of assembler code for function ReadBook:
0xc96d8 <ReadBook>: push %ebp
0xc96d9 <ReadBook+1>: mov %esp,%ebp
0xc96db <ReadBook+3>: sub $0xc,%esp
0xc96de <ReadBook+6>: movl $0x0,0xfffffff8(%ebp)
0xc96e5 <ReadBook+13>: mov 0x8(%ebp),%edx
0xc96e8 <ReadBook+16>: mov (%edx),%eax
0xc96ea <ReadBook+18>: cmp $0x202,%eax
0xc96ef <ReadBook+23>: je 0xc98a4 <ReadBook+460>
0xc96f5 <ReadBook+29>: cmp $0x202,%eax
0xc96fa <ReadBook+34>: jg 0xc9718 <ReadBook+64>
0xc96fc <ReadBook+36>: cmp $0x58,%eax
0xc96ff <ReadBook+39>: je 0xc9a54 <ReadBook+892>
0xc9705 <ReadBook+45>: cmp $0x1c2,%eax
0xc970a <ReadBook+50>: je 0xc9968 <ReadBook+656>
0xc9710 <ReadBook+56>: jmp 0xc9a68 <ReadBook+912>
0xc9715 <ReadBook+61>: lea 0x0(%esi),%esi
0xc9718 <ReadBook+64>: cmp $0x289,%eax
0xc971d <ReadBook+69>: je 0xc9a54 <ReadBook+892>
0xc9723 <ReadBook+75>: cmp $0x29e,%eax
0xc9728 <ReadBook+80>: je 0xc9730 <ReadBook+88>
0xc972a <ReadBook+82>: jmp 0xc9a68 <ReadBook+912>
0xc972f <ReadBook+87>: nop
0xc9730 <ReadBook+88>: movl $0x0,0xfffffff8(%ebp)
0xc9737 <ReadBook+95>: push $0xc91a9
0xc973c <ReadBook+100>: call 0x1dd8 <Message>
0xc9741 <ReadBook+105>: add $0x4,%esp
0xc9744 <ReadBook+108>: call 0x22a0 <More>
0xc9749 <ReadBook+113>: push $0xc91ea
0xc974e <ReadBook+118>: call 0x1dd8 <Message>
0xc9753 <ReadBook+123>: add $0x4,%esp
0xc9756 <ReadBook+126>: call 0x22a0 <More>
0xc975b <ReadBook+131>: push $0x2
0xc975d <ReadBook+133>: call 0x1f430 <GetAttribute>
0xc9762 <ReadBook+138>: add $0x4,%esp
0xc9765 <ReadBook+141>: mov %eax,%eax
0xc9767 <ReadBook+143>: cmp $0x31,%eax
0xc976a <ReadBook+146>: jg 0xc9798 <ReadBook+192>
0xc976c <ReadBook+148>: push $0xc921b
0xc9771 <ReadBook+153>: call 0x2204 <You>
0xc9776 <ReadBook+158>: add $0x4,%esp
0xc9779 <ReadBook+161>: push $0xc925d
0xc977e <ReadBook+166>: call 0xc6bac <D>
0xc9783 <ReadBook+171>: add $0x4,%esp
0xc9786 <ReadBook+174>: mov %eax,%eax
0xc9788 <ReadBook+176>: push %eax
0xc9789 <ReadBook+177>: call 0x20b4c <ConfusePC>
0xc978e <ReadBook+182>: add $0x4,%esp
Notice the calls to "ConfusePC" and "GetAttribute". To see if this has
to do with the WT, I proceeded to use "call Message(0xc91a9)". This
gives "This book is filled with strange texts written in weird
letters.(gdb)". That means that this very first code of the ReadBook
gene has to do with the weird tome! And the way the calls are
positioned follows the EXACT SAME SEQUENCE as the weird tome. Later
on, I get to the following interesting point:
0xc9841 <ReadBook+361>: call 0x1dd8 <Message>
0xc9846 <ReadBook+366>: add $0x4,%esp
0xc9849 <ReadBook+369>: call 0x22a0 <More>
0xc984e <ReadBook+374>: push $0xc940f
0xc9853 <ReadBook+379>: call 0x2204 <You>
0xc9858 <ReadBook+384>: add $0x4,%esp
0xc985b <ReadBook+387>: jmp 0xc989c <ReadBook+452> <---
0xc985d <ReadBook+389>: lea 0x0(%esi),%esi
0xc9860 <ReadBook+392>: movl $0xc9424,0xfffffff4(%ebp)
0xc9867 <ReadBook+399>: push $0xc94bb
0xc986c <ReadBook+404>: call 0x2204 <You>
0xc9871 <ReadBook+409>: add $0x4,%esp
0xc9874 <ReadBook+412>: call 0x22a0 <More>
0xc9879 <ReadBook+417>: push $0xc94da
0xc987e <ReadBook+422>: call 0x1dd8 <Message>
0xc9883 <ReadBook+427>: add $0x4,%esp
0xc9886 <ReadBook+430>: call 0x22a0 <More>
0xc988b <ReadBook+435>: mov 0xfffffff4(%ebp),%eax
0xc988e <ReadBook+438>: push %eax
0xc988f <ReadBook+439>: push $0xc9512
0xc9894 <ReadBook+444>: call 0x2204 <You>
0xc9899 <ReadBook+449>: add $0x8,%esp
0xc989c <ReadBook+452>: jmp 0xc9a75 <ReadBook+925>
0xc98a1 <ReadBook+457>: lea 0x0(%esi),%esi
Now, if you see the "You, Message, You" sequence, you can see that it
follows clearly: "You = 'manage to deciper the secret', Message = 'It
describes a means to find the scroll of omnipotence', You = 'You have
to %s to find it.'". When using that "call Message (something)" test,
I confirmed this. Then I used a hex editor to trasnform that jmp
instruciton ino a nop (no operation) one, to allow the segregated-off
code to work. Then I ran the game with a WADOMF'd charcater and got
"You have to ABEF0AH<blah blah blah> to find it.". That means that
either a. the WT is a hoax, or b. it does do something but the code
for it just doesn't exist in ADOM g12 (that would expain the
jump-over). Now the message that is displayed is either gibberish in
case a, or an encrypted message in case b. Right now, I belive that
the WT is nothing, but I still wonder about later versions. Hacking
them will be more difficult. Cryptanalysis of the ciphered message
hasn't yielded any gold yet.
> Yes, it's mike3.
> I think I've SOLVED the weird tome mystery!
I posted a similar article a while ago.
Check it out.
Knowledge belongs to the World.
That's why I'm here for.
as for solving the mystery? no, you havent... you havent until you can give
steps to read it, how to find the SoO, and the reading requirements, and the
oh, and i mean REAL steps:)
btw, you know the dude who signs the scroll in the HMV... has anyone ever
wished for him?
Maybe you should research that.
Isn't the universe an amazing place? I wouldn't
live anywhere else.
Although g12 isn't exactly a current version, I support the red herring
theory for 1.1.1.
Phiz. I took a look at the debug dump, and it was an unconditional
jump over the part that would give you the SoO. There is no way to
access it if it is an ALWAYS jump. Once oyu get to the part about
"hinting at some sort of powerful magic", the unconditional jump
always executes and thus it is impossible to view it.
I haven't hacked version 1.1.1 yet, but if that unconditional jump is
still there, then I will know for a FACT that the WT/SoO/RRI is a
whole load of garbage put in the ADOM program by TB to keep people
occupied. Then again, it might be a "stay tuned..." message hinting at
the sequel to ADOM, JADE.
Alhacrast... seeing that it's an anagram for Charlatas, I doubt it would
Anyway, I tried wishing for Alhacrast - nothing happens and no message
> On 1 Feb 2004 14:19:54 -0800, mike...@yahoo.com (mike3) wrote:
>>"Zaxx" <olivier-benard_f***sp...@wanadoo.fr> wrote in message
>>> Eurteoff wrote:
>>> > mike3 wrote
>>> > btw, you know the dude who signs the scroll in the HMV... has
>>> > anyone ever wished for him?
>>> Alhacrast... seeing that it's an anagram for Charlatas, I doubt it
>>> would do anything.
>>And the "Lubaf" = "fabul" = "fable". "WT" = "Weird Tome" = "Scroll of
>>Omnipotence" = "Red Rooster Inn" = "Red Herring" = "HOAX! HOAX! HOAX!"
> Anyway, I tried wishing for Alhacrast - nothing happens and no message
> is given.
Same for Lubaf - "that is a stupid wish".
Yup. You can't wish for something that just plain never even existed.
I'm thinking of trying out the IDA debugger/disassembler on ADOM 1.0.0
or up with a CRC-disabled version/hacked save file with 99 everything
and 100% for all skills, bard, etc. and see where the program stops
when you get to the "fail to decipher it" point and see if that same
unconditional jump I saw in the GDB disasembly of g12 is still there.
If so, then I'll have PROOF POSITIVE that the WT, RRI, SOO, etc. are a
load of crap put in by TB to tease the player.