|
Thread: Level hex editing | This thread is pages long: 1 2 3 4 5 · «PREV / NEXT» |
|
CrazyPill
Hired Hero
|
posted April 11, 2008 06:25 PM |
|
|
Anybody knows about cheating software like Artmoney? So use it. In H5_Game.exe you'll find only values for levels from 0 to 12. Other level expirience values are calculated during game runtime.
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 06:30 PM |
|
|
Hey CrazyPill
How exactly do you use ArtMoney to do that? Because that program displays the run-time addresses (I know they have an offset), but then the memory could also be dynamically allocated.. I'm not much into reverse engineering but I only use disassemblers for that purpose.
can you briefly explain how to do it with ArtMoney?
|
|
CrazyPill
Hired Hero
|
posted April 11, 2008 07:09 PM |
|
|
OK.
1. Run ArtMoney.
2. Run Heroes.
3. Start any map.
4. Alt+Tab to Artmoney
5. Find 2 values sequence in Heroes 5 process. I use 3e8(1000 decimal) and 7d0(2000 decimal). You'll get 3 results. Result with highest memory address should be the right one. And you can remember this address - it is constant for every game version.
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 07:11 PM |
|
|
Yes but I thought you'd modify the application file (.exe), or not? (but that's probably cheap as you can simply subtract the offset (usually 0x00400000 or something) and find the real offset in the file).
I tried the above method for other games and never got any results maybe in Heroes it's less 'protected'
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 07:12 PM |
|
|
So how does the memory address whilst the game is running relate to the part that needs changing in the exe? (Please forgive a n00b .)
____________
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 07:13 PM |
|
|
Ah right, there's a standard amount to subtract is there?
____________
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 07:14 PM |
|
|
actually that can be modified (but programmers usually never do it as it's a too subtle 'finishing touch' and too lazy for that) -- it's somewhere in the exe format, but usually it's a standard number (also I don't remember if it's exactly the one I posted, coz I didn't do a disassembly in a long time).
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 07:31 PM |
|
|
So the numbers we're looking at here are per-program i.e. the number refers to an address within the HoMM5 address space?
So the program code is loaded in somewhere, and there is also data stored in another bit of memory, and the stack too?
____________
|
|
CrazyPill
Hired Hero
|
posted April 11, 2008 07:34 PM |
|
|
This memory range exist only in memory. Windows executable PE format allows different sizes of sections on disk and in memory.
Patching exe file is much more complicated in this case, because you have to inject data table instead part of code of function calculating those values.
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 07:36 PM |
|
|
So is it possible to edit those experience levels?
____________
|
|
yasmiel
Supreme Hero
Former Chessmaster
|
posted April 11, 2008 08:02 PM |
|
Edited by yasmiel at 20:13, 11 Apr 2008.
|
I've been able to hex edit first 12 levels so far, but no luck for further values so far, since they are referenced through, not directly written as a value, as Crazy Pill indicated.
I was hoping that increments the formula uses are written down as Floats, but there is no trace of 2.7, 1.7 or similar floats.
____________
|
|
Warmonger
Promising
Legendary Hero
fallen artist
|
posted April 11, 2008 08:16 PM |
|
|
I suppose you did check 10% and things like these 170%?
Anyway, I'm glad someone is still working on it. Now I have to keep fingers crossed, as my knowledge about these issues is little
____________
The future of Heroes 3 is here!
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 08:19 PM |
|
|
Quote: I've been able to hex edit first 12 levels so far, but no luck for further values so far, since they are referenced through, not directly written as a value, as Crazy Pill indicated.
If they're calculated with a formula, you'll really need a disassembler to find the algorithm (asm instructions) that compute this, but it'll be a hell, and not only that, but also could be impossible (if the size doesn't fit the new algorithm, you will need to inject, and that doesn't always work).
But let's say there are the increments -- did you try some fixed point representations? (you said you tried float)
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 08:39 PM |
|
|
How are floats and fixed-points represented as hex / binary?
Could you search for 0.7 maybe?
____________
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 08:47 PM |
|
|
Fixed point means something like "2.5" but with a fixed number of bits assigned to the 'fractional part' and a fixed number of bits assigned to the 'whole part'. Problem is of course that you do not know how many are for the parts, and for that matter the total number of bits (but that's usually a multiple of a byte, word or double word). Note that I do not claim this is necessarily easy, and in fact I probably would give up (if I were to do it), but it's still an option that should be tried if all else fails.
Floating point is a lot more complicated -- you can search "IEEE floating point standard" to get some articles that explain it, but manually it's quite hard to 'see' or 'encode' a specific value (especially since it's in binary and most people are used to decimal). Personally I use FASM (flat assembler) to encode floats, but that's probably beyond your knowledge (an assembler is like a compiler, encodes programs from source code).
Basically Float has a mantissa (usually with 23 bits) filling the lower bits -- this mantissa is like the 'significand' (or however it's spelled in math). The left-most bit of the mantissa is implied to be '1', so it is not stored, but watch out for this nonetheless! You multiply this mantissa by 2^n to get the 'true' value. 'n' is called the exponent, which is stored in 8 bits, but it is 128-biased (not with two's complement as normal integers usually are). The final bit is the sign (positive if 0, negative if 1).
(ps: the above information on float (i.e the number of bits) might not be correct but it's what I remember at the moment, didn't consult the specifications).
(probably this post doesn't make much sense, does it?)
|
|
yasmiel
Supreme Hero
Former Chessmaster
|
posted April 11, 2008 08:53 PM |
|
Edited by yasmiel at 20:57, 11 Apr 2008.
|
Yes, i can search for 0.7, but we need 2.7 or 1.7. After all, thats how percentages in the game are shown. (i.e expert gating is 0.45 written down as a floating point)
Anyway, I'm checking for double precision (64-bit) floating point representations now and there seem to be some matches but will need further checking (it could be something completely irrelevant, in fact that is even more likely )
And btw, i do not feel so good to try doing fixed points
Floating points will do, then I'm off to checking for some easier findings like changes.
Btw, doing this for one day has its nostalgy charm (reminding me of good old Motorola 68000 ASM, but i figure i will be bored again in a halfday or so ))
____________
|
|
CrazyPill
Hired Hero
|
posted April 11, 2008 09:10 PM |
|
|
OMG. Stop flooding forum. There is HC for personal questions. 2 float point single precision constants are used in those formulas 1.2 and 0.1
EDIT1: Precisely expirience grow is 1.2 for levels 13 to 24 and (lv - 13)*0.1 for levels 25 to 40. So if you alter these constants you can tune up grow coeff.
EDIT2: Knowing this info cannot help. Constants are shared between several functions :-(
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
posted April 11, 2008 09:11 PM |
|
|
How do you know?
If you have discovered the instructions for the formula, can you please post them?
|
|
yasmiel
Supreme Hero
Former Chessmaster
|
posted April 11, 2008 09:13 PM |
|
Edited by yasmiel at 21:56, 11 Apr 2008.
|
Yes, posting them would help more than yelling when we go in the wrong direction (which can happen alot if doing this "blindly" like I am now).
So, help if you can.
EDIT:
Btw, these do not count as personal questions, they are in a thread that responds to particular question, and any post that brings us closer to solution is wanted, not considered spam).
Seems you are much more familiar with the h5 code than we are, but sharing the info in the forum is preferred to personal mailings.
Anyway, thanks for the help so far!
____________
|
|
Gnoll_Mage
Responsible
Supreme Hero
|
posted April 11, 2008 11:00 PM |
|
|
Yes indeed, I wouldn't want to be missing out on all this, and we need your knowledge CrazyPill! How did you find out all that stuff you wrote?
@TheDeath - I understand! Thanks.
____________
|
|
|