EndlessItems

That very confusing name is a bad gag. It comes from being related to the inventory and the quit-command in the engine's default menu. When variable #3350 is currently 1, the game opens the inventory when the menu is called by an event. Also, when using quit, switch #1006 will be activated and the menu gets closed.

The patch for 2000-1.07 is done very unsafe, the variable mentioned above gets addressed directly without any memory-checks or usage of official functions. After new-game, the variable (or a higher ID) should be initialized before calling the menu by event for the first time.

RPG2000
1.00	UNKNOWN	2000-05-07	2000-06-19	2000-07-11	2000-11-13	2000-11-15	2000-12-27 1.07	2001-05-05 1.10	2003-03-27 1.50	2003-06-25 1.51/1.52	2015-07-05 1.60	2015-09-15 1.61	2017-09-14 1.62
✕	✕	✕	✕	✕	✕	✕	✔	✔	✔	✔	✔	✔	✔

RPG2003
1.00	UNKNOWN1	UNKNOWN2	1.0.2.1 1.0.2.1	1.0.3.0 1.0.4.0	1.0.5.0 1.0.5.0	1.0.6.0 1.0.6.0	1.0.7.0 1.0.7.0	1.0.8.0 1.0.8.0	1.0.9.1 1.0.9.1	1.10	1.11	1.12	mp210414
✔	✕	✕	✕	✔	✔	✕	✕	✔	✔	✔	✔	✔	✔

Choose a version to change what code and bytes are displayed.

2000-1.07 2003-1.08

Segment 1/5

Offsets

RPG2000
2000-12-27 1.07
004796C8h 00078AC8h

RPG2003
1.0.8.0 1.0.8.0
004A0978h 0009FD78h

Sourcecode

__004796C8h:
			CALL PROC__00469E84h			; TLcfgSystem.SetSwitch
			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			CALL PROC__0046A4A0h
			MOV EDX, EAX
			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			CALL PROC__0046A0A8h
			MOV EAX, EBX
			CALL PROC__00479C00h
			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			MOV BYTE PTR [EAX+05h], 0
			JMP __0047ADBDh
__004796FEh:
			PUSHA
			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			MOV EAX, [EAX+28h]			; Variables Array
			MOV ESI, [EAX+3454h]			; Variable #3350 (very unstable way to read)
			CMP ESI, 1
			JE __0047971Fh
			POPA
			MOV EAX, [0049AECCh]
			JMP __00479BCDh
__0047971Fh:
			POPA
			MOV EAX, [0049AECCh]
			MOV EAX, [EAX]
			MOV EBX, ESI
			POP ESI
			JMP __00479CC9h
PROC__0047972Fh:
			MOV EBX, EAX
			PUSH 40340000h
			PUSH 0
			MOV EAX, EBX
			CALL PROC__0046B538h
			MOV BYTE PTR [EBX+0Ch], 0
			MOV EAX, [EBX+1Ch]
			MOV EDX, [EAX]
			CALL [EDX+24h]
			MOV EAX, [EBX+18h]
			CALL PROC__00477F24h
			PUSH 40340000h
			PUSH 0
			MOV EAX, EBX
			CALL PROC__0046B4C0h
			RET
PROC__00479762h:
			MOV EBX, EAX
			PUSH 40340000h
			PUSH 0
			MOV EAX, EBX
			CALL PROC__0046B538h
			MOV EAX, EBX
			CALL PROC__00479C00h
			RET

__004A0978h:
			CALL PROC__0048B398h			; TLcfgSystem.GetVariable
			CMP EAX, 0
			POP EAX
			JNZ __004A098Dh
			MOV EAX, [004CDFCCh]
			JMP __004A1027h
__004A098Dh:
			JMP __004A111Dh

Bytes

E8B707FFFF
A1A4AB4900 8B00 E8C70DFFFF
8BD0 A1A4AB4900 8B00 E8C109FFFF
8BC3 E812050000
A1A4AB4900 8B00 C6400500 E9BF160000
60 A1A4AB4900 8B00 8B4028 8BB054340000 83FE01 740B
61 A1CCAE4900 E9AE040000
61 A1CCAE4900 8B00 8BDE 5E E99A050000
8BD8 6800003440 6A00 8BC3 E8F91DFFFF
C6430C00 8B431C 8B10 FF5224 8B4318 E8D1E7FFFF
6800003440 6A00 8BC3 E85F1DFFFF C3

8BD8 6800003440 6A00 8BC3 E8C61DFFFF
89D8 E887040000
C3

E81BAAFEFF
83F800 58 750A A1CCDF4C00 E99A060000
E98B070000

Segment 2/5

Offsets

RPG2000
2000-12-27 1.07
00479BC8h 00078FC8h

RPG2003
1.0.8.0 1.0.8.0
004A1022h 000A0422h

Sourcecode

			JMP __004796FEh
__00479BCDh:
			(...)

			JMP __004A234Ah
__004A1027h:
			(...)

Bytes

E931FBFFFF

E923130000

Segment 3/5

Offsets

RPG2000
2000-12-27 1.07
--- ---

RPG2003
1.0.8.0 1.0.8.0
004A10D5h 000A04D5h

Sourcecode

(Segment doesn't exist in this version.)

			JMP __004A2701h
			NOP
			NOP
__004A10DCh:
			(...)

Bytes

--

E927160000 90 90

Segment 4/5

Offsets

RPG2000
2000-12-27 1.07
00479C80h 00079080h

RPG2003
1.0.8.0 1.0.8.0
004A2328h 000A1728h

Sourcecode

			PUSH EBX
			PUSH EAX
			PUSH ESI
			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			MOV EAX, [EAX+28h]			; Variables Array
			MOV ESI, [EAX+3454h]			; Variable #3350 (very unstable way to read)
			CMP ESI, 1
			POP ESI
			POP EAX
			JE __00479CA1h
			CALL PROC__0047972Fh
			JMP __00479CA6h
__00479CA1h:
			CALL PROC__00479762h
__00479CA6h:
			POP EBX
			RET
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP
			NOP

__004A2328h:
			MOV EAX, [EAX]
			CALL PROC__0048B398h			; TLcfgSystem.GetVariable
			CMP EAX, 0
			POP EAX
			JNE __004A2341h
			MOV EBX, EAX
			PUSH 40340000h
			JMP __004A10DCh
__004A2341h:
			MOV EAX, EBX
			CALL PROC__004A1054h
			POP EBX
			RET
__004A234Ah:
			PUSH EAX
			MOV EAX, [004CDC7Ch]			; TLcfgSystem
			MOV EAX, [EAX]
			MOV EDX, 3350				; VariableID
			JMP __004A0978h

Bytes

53 50 56 A1A4AB4900 8B00 8B4028 8BB054340000 83FE01 5E 58 7407
E890FAFFFF
EB05
E8BCFAFFFF
5B C3 90 90 90 90 90 90 90 90 90 90 90 90 90

8B00 E86990FEFF
83F800 58 750C
8BD8 6800003440 E99BEDFFFF
89D8 E80CEDFFFF
5B C3

Segment 5/5

Offsets

RPG2000
2000-12-27 1.07
0047AA57h 00079E57h

RPG2003
1.0.8.0 1.0.8.0
004A26F3h 000A1AF3h

Sourcecode

			MOV EAX, [0049ABA4h]			; TLcfgSystem
			MOV EAX, [EAX]
			MOV EDX, 1006				; QuitSwitch ID
			MOV CL, 1				; Set to ON
			JMP __004796C8h
			NOP
			NOP

			MOV EDX, 1006				; QuitSwitch ID
			MOV CL, 1				; Set to ON
			CALL PROC__0048B33Ch			; TLcfgSystem.SetSwitch
			JMP __004A2726h
__004A2701h:
			PUSH EAX
			MOV EDX, 3350				; VariableID
			MOV EAX, [004CDC7Ch]			; TLcfgSystem
			NOP
			JMP __004A2328h

Bytes

A1A4AB4900 8B00 BAEE030000 B101 E95EECFFFF
90 90

BAEE030000 B101 E83D8CFEFF
EB25
50 BA160D0000 A17CDC4C00 90 E916FCFFFF