Dissembly 3: Another loop bug

[Skybuck]

Loop code 1:

2770:000001EF B8F02F              mov  ax,2FF0
2770:000001F2 50                  push ax
2770:000001F3 FF7606              push word [bp+06]           ss:[EFAA]=30A5
2770:000001F6 9A98066828          call 2868:0698
2770:000001FB 83C404              add  sp,0004
2770:000001FE 8986F0FE            mov  [bp-0110],ax           ss:[EE94]=598A
2770:00000202 2BC0                sub  ax,ax
2770:00000204 50                  push ax
2770:00000205 8B86FEFE            mov  ax,[bp-0102]           ss:[EEA2]=00B0
2770:00000209 99                  cwd
2770:0000020A 33C2                xor  ax,dx
2770:0000020C 2BC2                sub  ax,dx
2770:0000020E B90500              mov  cx,0005
2770:00000211 D3F8                sar  ax,cl
2770:00000213 33C2                xor  ax,dx
2770:00000215 2BC2                sub  ax,dx
2770:00000217 0386FEFE            add  ax,[bp-0102]           ss:[EEA2]=00B1
2770:0000021B 99                  cwd
2770:0000021C D1E0                shl  ax,1
2770:0000021E D1D2                rcl  dx,1
2770:00000220 52                  push dx
2770:00000221 50                  push ax
2770:00000222 FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:00000226 9A44216828          call 2868:2144
2770:0000022B 83C408              add  sp,0008
2770:0000022E FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:00000232 B80100              mov  ax,0001
2770:00000235 50                  push ax
2770:00000236 B80200              mov  ax,0002
2770:00000239 50                  push ax
2770:0000023A 8D86FCFE            lea  ax,[bp-0104]           ss:[EEA0]=0857
2770:0000023E 50                  push ax
2770:0000023F 9AC4066828          call 2868:06C4
2770:00000244 83C408              add  sp,0008
2770:00000247 FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:0000023E 50                  push ax
2770:0000023F 9AC4066828          call 2868:06C4
2770:00000244 83C408              add  sp,0008
2770:00000247 FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:0000024B 9A9C056828          call 2868:059C
2770:00000250 83C402              add  sp,0002
2770:00000253 B8F32F              mov  ax,2FF3
2770:00000256 50                  push ax
2770:00000257 FF7606              push word [bp+06]           ss:[EFAA]=30A5
2770:0000025A 9A98066828          call 2868:0698
2770:0000025F 83C404              add  sp,0004
2770:00000262 8986F0FE            mov  [bp-0110],ax           ss:[EE94]=598A
2770:00000266 81BEFCFEFF01        cmp  word [bp-0104],01FF    ss:[EEA0]=099E
2770:0000026C 764E                jbe  000002BC ($+4e)        (no jmp)
2770:0000026E 81BEFCFE3030        cmp  word [bp-0104],3030    ss:[EEA0]=099E
2770:00000274 7446                je   000002BC ($+46)        (no jmp)
2770:00000276 2BC0                sub  ax,ax
2770:00000278 50                  push ax
2770:00000279 50                  push ax
2770:0000027A FFB6FCFE            push word [bp-0104]         ss:[EEA0]=099E
2770:0000027E FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:00000282 9A44216828          call 2868:2144
2770:00000287 83C408              add  sp,0008
2770:0000028A 8D8600FF            lea  ax,[bp-0100]           ss:[EEA4]=412A
2770:0000028E 50                  push ax
2770:0000028F B8F62F              mov  ax,2FF6
2770:00000292 50                  push ax
2770:00000293 FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:00000297 9AB6086828          call 2868:08B6
2770:0000029C 83C406              add  sp,0006
2770:0000029F FF7608              push word [bp+08]           ss:[EFAC]=2126
2770:000002A2 8D8600FF            lea  ax,[bp-0100]           ss:[EEA4]=522A
2770:000002A6 50                  push ax
2770:000002A7 9AF0286828          call 2868:28F0
2770:000002AC 83C404              add  sp,0004
2770:000002AF 0BC0                or   ax,ax
2770:000002B1 7403                je   000002B6 ($+3)         (no jmp)
2770:000002B3 E9DC00              jmp  00000392 ($+dc)        (down)

Loop code 2:

2770:00000392 FF86FEFE            inc  word [bp-0102]         ss:[EEA2]=00B1
2770:00000396 8A86FEFE            mov  al,[bp-0102]           ss:[EEA2]=00B1
2770:0000039A 2AE4                sub  ah,ah
2770:0000039C 8986FEFE            mov  [bp-0102],ax           ss:[EEA2]=00B1
2770:000003A0 FFB6F0FE            push word [bp-0110]         ss:[EE94]=598A
2770:000003A4 9A9C056828          call 2868:059C
2770:000003A9 83C402              add  sp,0002
2770:000003AC E940FE              jmp  000001EF ($-1c0)       (up)

Call code 1:

2868:00000698 55                  push bp
2868:00000699 8BEC                mov  bp,sp
2868:0000069B 83EC02              sub  sp,0002
2868:0000069E 56                  push si
2868:0000069F 9AA2166828          call 2868:16A2
2868:000006A4 8BF0                mov  si,ax
2868:000006A6 0BF6                or   si,si
2868:000006A8 7412                je   000006BC ($+12)        (no jmp)

Call code 2:

2868:000016A2 55                  push bp
2868:000016A3 8BEC                mov  bp,sp
2868:000016A5 83EC02              sub  sp,0002
2868:000016A8 56                  push si
2868:000016A9 BE5A59              mov  si,595A
2868:000016AC 8B0E725A            mov  cx,[5A72]              ds:[5A72]=59F2
2868:000016B0 F6440683            test byte [si+06],83        ds:[212C]=6F59
2868:000016B4 7516                jne  000016CC ($+16)        (down)

Loop code 3:

2868:000016B0 F6440683            test byte [si+06],83        ds:[5990]=0600
2868:000016B4 7516                jne  000016CC ($+16)        (down)
2868:000016B6 2BC0                sub  ax,ax
2868:000016B8 894402              mov  [si+02],ax             ds:[598C]=0000
2868:000016BB 884406              mov  [si+06],al             ds:[5990]=0600
2868:000016BE 894404              mov  [si+04],ax             ds:[598E]=0000
2868:000016C1 8904                mov  [si],ax                ds:[598A]=0000
2868:000016C3 C64407FF            mov  byte [si+07],FF        ds:[5991]=0006
2868:000016C7 8BC6                mov  ax,si
2868:000016C9 EB0C                jmp  short 000016D7 ($+c)   (down)

Well lot's of code to go through, I have a save game near AD 2000. I'll try the fix tool first if that not working maybe I come back to this posting.

Youtube video link to gameplay for this, me/French vs USA/Russia/Mongols:

Would be cool to finish it...