from pathlib import Path


def u16(data, off):
    return data[off] | (data[off + 1] << 8)


def set_bytes(buf, off, blob):
    buf[off:off+len(blob)] = blob


def set_u16(buf, off, value):
    buf[off] = value & 0xFF
    buf[off+1] = (value >> 8) & 0xFF


data = bytearray(Path(r'd:\Ghidra\Crusader\REGRET.EXE').read_bytes())
code_off = 0xD2840
code = bytes.fromhex('55 8B EC 56 57 53 06 A1 2C 71 8B 16 2E 71 0B C2 74 4E C4 5E 06 83 EB 36 26 8B 47 02 D1 E0 D1 E0 C4 1E 30 44 01 C3 26 8B 37 26 8B 7F 02 8B C6 0B C7 74 2D C4 5E 06 26 FF B7 E3 00 26 FF B7 E1 00 26 FF B7 DC 00 26 FF B7 DA 00 26 FF B7 D8 00 26 FF B7 D6 00 57 56 52 50 9A FF FF 00 00 83 C4 14 FF 76 0C FF 76 0A FF 76 08 FF 76 06 9A FF FF 00 00 83 C4 08 07 5B 5F 5E 5D CB')
set_bytes(data, code_off, code)
patches = {
    0xD2C94: bytes.fromhex('03 00 FB 10 80 00 40 20'),
    0xD2E0C: bytes.fromhex('03 00 99 20 7D 00 F5 02'),
    0xD2E14: bytes.fromhex('03 00 AD 20 7F 00 8B 03'),
}
for off, blob in patches.items():
    set_bytes(data, off, blob)

for rec_off in [0xD2C94,0xD2E0C,0xD2E14,0xD2E1C]:
    rec = data[rec_off:rec_off+8]
    src = u16(rec, 2)
    segidx = rec[4]
    target_off = u16(rec, 6)
    selector = 0x1000 + ((segidx - 1) << 3)
    op_off = 0xD0800 + src
    set_u16(data, op_off, target_off)
    set_u16(data, op_off+2, selector)

print('2040-20dc=', data[0xD2840:0xD28DD].hex(' '))