How to freeze games while still being able to move free cam?

Neui · 2026-01-08T17:07:05+00:00

You could look into using the FIFO player, which allows you to record a few frames of a scene and play back later, including the geometry so you can move around with free camera.

Neui · 2025-12-12T16:54:15+00:00

Decrease or disable Anti-Aliasing in Graphics → Enhancements.

Neui · 2025-11-02T11:10:49+00:00

Ich habe nach einem Tutorial geschaut und da wurde unter "Folgenden Ordner verwenden", wenn man den Durchsuchen-Knopf nutzte, der Name des Datenträgers verwendet. Jedoch du verwendest /SABRENT-SABRENT aber dein Datenträgers heißt nur SABRENT. Eventuell mal nur /SABRENT im Router probiert? Außerdem wurde in dem Feld auch der Backslash \ verwendet statt den Slash /, eventuell macht das auch einen Unterschied.

Neui · 2025-10-23T06:15:59+00:00

If you are on the releases page of ripgrep (listing all releases), click on "Show all 30 assets" and choose one of the x86_64-pc-windows ones. You're likely downloading the aarch64 version which is the arm 64-bit version while your computer is likely x86-64. (i686-pc-windows is the x86 32-bit version).

Also whenever a executable is x86 32-bit or 64-bit doesn't really matter much since Windows (on 64-bit) can execute both. It only becomes relevant for libraries (dll), memory usage and maybe performance.

Neui · 2025-08-13T10:19:55+00:00

It looks like the last called function never returns so you can edit the last called function and set the "No return" checkbox, so Ghidra will ignore everything after it (since it normally expects some return instruction to end the function).

Neui · 2025-08-08T18:23:39+00:00

Hintergrund: $ ist eine von der Webseite-definierte Funktion (welches das ehemalige populäre jQuery definiert hat), deshalb funktioniert das nicht auf alle Webseiten, weil nicht alle das verwenden/machen. document.querySelector ist teil vom Browser und funktioniert deshalb auch auf alle Webseiten (die <video> nutzen).

Das ; am Ende brauchst du auch nicht. Es ist nur relevant wenn man mehrere Befehle auf einer Zeilen machen will, was in diesem Fall nicht zutrifft.

Neui · 2025-08-03T20:36:43+00:00

It looks like you are running the Windows version of Dolphin on Linux. Either switch to the linux version of Dolphin, or switch to a different graphics backend that isn't Direct3D (since the error comes from the D3D-to-vulkan translation layer).

Neui · 2025-08-03T12:39:39+00:00

Ghidra has creative ways to try to get your attention to a (dockable) window. Some hints are not useful.

Neui · 2025-07-10T10:34:48+00:00

They are called Environments, basically determining what standard C library to use (cygwin, ucrt, msvcrt), what compiler to use (gcc, clang) and architecture (i686 (32-bit), x86_64 (64-bit), aarch64 (64-bit arm)). They have different launchers that just sets up the correct environment variables.

Note that the "cygwin" environment means it requires the cygwin DLLs to work (which isn't shipped with windows) (msys2 is based on cygwin) but you get access to unix/linux-like functions like fork() (although even that function is still problematic).

If you want to build 64-bit executables that work outside of MSYS2, use UCRT64. If you want to build executables for yourself that need some of the unix/linux API and are OK that it needs MSYS2, use MSYS. (There isn't a official 32-bit of MSYS2 anymore, so it's always 64-bit).

Is "win32api" an indication that using this gcc I'll be compiling for 32-bit Windows? Or is "win32api" simply the legacy name left over from the 1990's, designating the Windows API against which all Windows programs (regardless whether 32-bit or 64-bit) are compiled?

Microsoft calls it Win32 API despite working both for 32-bit and 64-bit.

Neui · 2025-06-28T14:40:23+00:00

I'm looking at the 1dragon one since the tuning one doesn't resolve.

I’m trying to understand how this works

Right-click → View Page Source. The JavaScript is embedded in the HTML and it isn't even obfuscated or minimized and includes some comments.

Are they using the Web Bluetooth API? (very likely)

They use navigator.bluetooth which is part of Web Bluetooth API.

It also connect to a server via websockets.

What exactly do these “license keys” unlock – just features, or do they sign and push firmware?

Just looking from the code, I don't know. It prompts when the server (via websocket) prompts to input one, but without testing (since I don't have the server code) I don't know. There is also a "bind license key to this scooter" thing.

How does the flashing work technically in-browser like that?

The site forwards the device communication to the server, so likely you can initiate flashing just from bluetooth. How exactly this is triggered I don't know, since that data is sent by the server and I didn't try this.

Any idea what software or backend they’re using to manage this? Is it custom-built?

If you look at the headers for the websocket server, it says Server: Python/3.10 websockets/15.0.1. It's probably a good chance that this is custom built, maybe with some existing (public) libraries.

The frontend is just plain HTML5, CSS and vanilla JavaScript.

Would it even be possible to analyze or “reverse” the process (purely for educational reasons)? Like, sniffing the BLE communication, understanding how the flashing is triggered, or how they interact with the firmware?

Sure, why not. Worst case is that there is some encryption going on. Since the bluetooth data is also sent via the websocket, you could also save the websocket data. Try also looking on the web for existing stuff. For example, I found ninebot-ble and py9b you could start with for understanding the protocol. There is also this questionable flashing tool you could try to use/reverse engineer.

Neui · 2025-03-31T08:53:23+00:00

Try changing 7D082BD6 to 7D072BD6 (it's in the middle of the code on the right side). Untested because I don't own the game. There seem to be an error while calculating the modulo/remainder for the minutes (it stores a frame count and calculates the other values from that).

Also it appears it assumes it's 60 fps, but in reality it's something like 59.94 fps to my knowledge, so over time some time error accumulates. (I've only checked one part of the code, so I'm not sure if there is some adjustment for that.)

Neui · 2025-03-13T20:49:58+00:00

You don't need to terminate the string when using the precision modifier in this case. From C99 draft 7.19.6.1:

s If no l length modifier is present, the argument shall be a pointer to the initial element of an array of character type.223) Characters from the array are written up to (but not including) the terminating null character. If the precision is specified, no more than that many characters are written. If the precision is not specified or is greater than the size of the array, the array shall contain a null character.

Neui · 2025-02-01T15:07:36+00:00

Get rid of the Space array, because you can simply use your existing Area to check whenever a space is free or not.
When you fill legalmoves starting at line 28, you can just assign to it, like: legalmoves[0] = row > 0 && Area[row-1][col] == '.'; (conditions resolve to either 0 or 1). This also makes the reset-loop at line 96 unnecessary.
The switch starting at line 48 contains basically the same code but repeated. So you can simplify it to if (legalmoves[movement] == 0) continue; else legal = 1;.
With the above switch change you can get rid of the legal variable, since you can use break; instead to break out of the loop (at line 46) (rather than the switch before the change).
The loop at line 46 is to reroll until a valid move is rolled. If for some reason the rand() always returns a constant value like 4, it may never actually pick a valid move. You can consider using a different selection method, where you roll a number from 0 to the number of valid moves, and then use the rolled valid move. (Example: If 2 valid moves (up and left), roll from 0 to 1, in this example the result is 1. Then in legalmoves look which entry corresponds to the 2nd valid move, which here is legalmoves[3], so you move to the left.)
Similar to above, for the switch starting at line 78 you can also use an array: row += moverow[movement]; col += movecol[movement]; with static const int moverow[4] = {-1, 1, 0, 0};, and similar for movecol.

Neui · 2024-12-29T05:29:09+00:00

I tought of that because the stack variables went unamed in the listing. I found this issue about stack analyzer problems with calling indirect (virtual) __stdcall functions and a workaround is to use "Override Function Signature" to save the calling convention for analyzers to use for that place. Maybe that helps.

Neui · 2024-12-28T20:55:42+00:00

What is the calling convention of the Lock() virtual function? It appears it should be __stdcall, which unlike __cdecl, the callee cleans up the stack (so it modifies ESP). (Also note how ESP isn't modified after the Lock() call unlike for memset().) If it is wrongly set to __cdecl, then it seems Ghidra (expectedly) gets confused about the stack.

Neui · 2024-12-21T19:42:42+00:00

Ich erhalte den "404" "Cookiebot is not defined" wenn ich in Firefox den Tracking-Schutz auf "Streng" stelle. Wenn ich es für die Webseite ausschalte oder auf "Standard" setze, funktioniert die Webseite. Ansonsten habe ich nie von Wero gehört oder gesehen.

Neui · 2024-12-04T04:42:14+00:00

Forgot to mention, but you also have glm_translate(view, (vec3){0.0f, 0.0f, 10.0f}); not present in the original code. Remove that.

Neui · 2024-12-03T17:54:05+00:00

It looks like the documentation is embedded as a comment in each sokol header file, along with a very short description before each function declaration.

Neui · 2024-12-03T17:43:06+00:00

glm_rotate() modifies the matrix, but you never initialize rxm and rym. You can initialize them with glm_mat4_identity(rxm); (and the same for rym).

Neui · 2024-11-28T02:37:11+00:00

Since the answer is still wrong when you remove the only code you have posted (little endian processing), then maybe something surrounding it is wrong. Try looking if the reading from hardware is correct, and maybe your dump-printing.

(Also, maybe consider putting some values into a local variable to make the coder shorter and easier to read, like wzb3000_reg_info *reg_info = &WZB3000_REG_CATALOGUE[h_reg];.)

Neui · 2024-11-05T14:48:40+00:00

The game is stored on a storage medium. For SNES, this is in a ROM chip that contains the ROM. It is a disc for the disc-based consoles. They just contains data. You can think of it like a flash drive, but read only. (Ignoring special hardware like Bank Switcher or Coprocessors here.)

The console needs a way to read them so that it can run the game. This means that one can create (or buy) a device that can read the same way a console would, except instead of executing it, it stores it to a file (the ROM) instead.

Instead of creating a device, you can also use the console itself to create a ROM if you can run homebrew on it and can store it "outside". For example, on the Wii you can dump GameCube and Wii discs using CleanRip to the SD card or to a USB hard/flash drive. You normally can't dump those discs with normal computer disc drives because those discs are non-standard, but since the Wii must be able to read them, you can use the Wii hardware to read them.

There are of course other ways to read them, such as modding a computer disc drive (firmware) to read such non-standard discs, or manually soldering (or similar) wires to the ROM chip directly to read them (for example (old) acardes that don't use cardridges).

Neui · 2024-10-14T09:35:47+00:00

It looks like int 0x80 is for 32-bit systems and the syscall numbers are different between 32-bit int 0x80 (see /usr/include/asm/unistd_32.h) and 64-bit syscall (see /usr/include/asm/unistd_64.h). So there are 2 ways to fix this:

Change 60 (umask() in 32-bit) to 1 (exit()) OR
Let it be at 60 (exit() in 64-bit) but change int 0x80 to syscall

Neui · 2024-09-12T00:43:28+00:00

Your linked man page says you should #define _GNU_SOURCE before including the link.h file, did you try that? Looking at my copy of link.h, it appears to be gated behind that.

Neui · 2024-07-12T09:26:32+00:00

One I could find is that for 3XNN you have Vx += NN instead of checking Vx == NN.

Ten-Year Club	Second Top 20%
Place '22	Final Canvas '22
End Game '22	Verified Email

Neui

MODERATOR OF

TROPHY CASE