|
|
AlexSpl
Responsible
Supreme Hero
|
posted November 06, 2024 11:01 AM |
|
Edited by AlexSpl at 11:05, 06 Nov 2024.
|
Quote:
Is there any way to add a function to universities, that allows you to pay 2000 gold to delete a skill?
See if this can be of any help. Short answer, as always  It's hard to achieve in hex.
|
|
phoenix4ever
Legendary Hero
Heroes is love, Heroes is life
|
|
posted November 06, 2024 12:02 PM |
|
|
AlexSpl said:
Short answer, as always It's hard to achieve in hex.
Damn, I knew it, but thanks any way Alex. 
|
|
Phoenix4ever
Legendary Hero
Heroes is love, Heroes is life
|
|
posted November 07, 2024 07:48 AM |
|
|
Okay how about this one Alex:
Can Sorcery be set to directly affect Spell Power, similarly to how Intelligence affects Knowledge? (I don't like how it only affects damage spells.)
|
|
SilverG
Known Hero
|
|
posted November 07, 2024 12:49 PM |
|
Edited by SilverG at 14:25, 07 Nov 2024.
|
Ahoy,
can anyone tell me where I can edit (in HEx) the amounts of resources (bonus) by the 6 Artifacts (Everflowing Crystal Cloak -> Inexhaustible Cart of Lumber)?
And where can I find the bonus that the Vial of Dragon Blood gives to all the Dragons?
Thank you...
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 07, 2024 01:28 PM |
|
|
Quote:
Can Sorcery be set to directly affect Spell Power, similarly to how Intelligence affects Knowledge? (I don't like how it only affects damage spells.)
Yes, it can. But, I suppose, you should remove the current effect of Sorcery first.
v18 = this->SSLevel[SKILL_SORCERY];
v23 = *&sorcery_factor[v18];
if ( v18 > 0 )
{
v19 = &akHeroSpecificAbilities[this->id];
if ( !v19->specialityType && v19->specializedID == SKILL_SORCERY )
{
Level = this->Level;
v23 = (Level * 0.050000001 + 1.0) * v23;
}
}
Quote:
can anyone tell me where I can edit (in HEx) the amounts of resources (bonus) by the 6 Artifacts (Everflowing Crystal Cloak -> Inexhaustible Cart of Lumber)?
See 0x4B8A07 and below.
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 07, 2024 02:38 PM |
|
|
Quote:
And where can I find the bonus that the Vial of Dragon Blood gives to all the Dragons?
See 0x4E63F8 -
while ( equipped->type != ARTIFACT_VIAL_OF_DRAGON_BLOOD )
{
++v6;
++equipped;
if ( v6 >= 19 )
{
m_targetCombo = akArtifactTraits[127].m_targetCombo;
if ( m_targetCombo == COMBO_NONE || !hero::IsWieldingArtifact(v3, combo_artifacts[m_targetCombo].type) )
goto LABEL_18;
break;
}
}
if ( traits->attributes < 0 )
{
defenseSkill = traits->defenseSkill;
traits->attackSkill += 5;
traits->defenseSkill = defenseSkill + 5;
}
|
|
SilverG
Known Hero
|
|
posted November 07, 2024 03:15 PM |
|
|
AlexSpl said:
Quote:
And where can I find the bonus that the Vial of Dragon Blood gives to all the Dragons?
See 0x4E63F8 -
while ( equipped->type != ARTIFACT_VIAL_OF_DRAGON_BLOOD )
{
++v6;
++equipped;
if ( v6 >= 19 )
{
m_targetCombo = akArtifactTraits[127].m_targetCombo;
if ( m_targetCombo == COMBO_NONE || !hero::IsWieldingArtifact(v3, combo_artifacts[m_targetCombo].type) )
goto LABEL_18;
break;
}
}
if ( traits->attributes < 0 )
{
defenseSkill = traits->defenseSkill;
traits->attackSkill += 5;
traits->defenseSkill = defenseSkill + 5;
}
Thanks... sadly there is no such offset in H3HD.exe 
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 07, 2024 03:43 PM |
|
Edited by AlexSpl at 15:54, 07 Nov 2024.
|
Checked it out. It exists even in the HotA HD. But, probably, if it's the case, it's being modified in run-time. If so, you have to look for that portion of the code in dll, and this is another level.
Also, I hope, you've subtracted the base -
00401000 ; Format : Portable executable for 80386 (PE)
00401000 ; Imagebase : 400000
00401000 ; Timestamp : 31313931 (Mon Feb 26 04:38:09 1996)
00401000 ; Section 1. (virtual address 00001000)
00401000 ; Virtual size : 00238BF2 (2329586.)
00401000 ; Section size in file : 00239000 (2330624.)
00401000 ; Offset to raw data for section: 00001000
00401000 ; Flags 60000020: Text Executable Readable
00401000 ; Alignment : default
00401000 ; OS type : MS Windows
00401000 ; Application type: Executable 32bit
|
|
SilverG
Known Hero
|
|
posted November 07, 2024 06:20 PM |
|
|
AlexSpl said:
Checked it out. It exists even in the HotA HD. But, probably, if it's the case, it's being modified in run-time. If so, you have to look for that portion of the code in dll, and this is another level.
Also, I hope, you've subtracted the base -
00401000 ; Format : Portable executable for 80386 (PE)
00401000 ; Imagebase : 400000
00401000 ; Timestamp : 31313931 (Mon Feb 26 04:38:09 1996)
00401000 ; Section 1. (virtual address 00001000)
00401000 ; Virtual size : 00238BF2 (2329586.)
00401000 ; Section size in file : 00239000 (2330624.)
00401000 ; Offset to raw data for section: 00001000
00401000 ; Flags 60000020: Text Executable Readable
00401000 ; Alignment : default
00401000 ; OS type : MS Windows
00401000 ; Application type: Executable 32bit
I have subtracted the 400000 form the 4E63F8 = 000E63F8 and get this line: 33 C9 8D 83 2D 01 00 00 (this in H3HD.exe)....
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 07, 2024 06:29 PM |
|
|
Well, it's exactly where the above mentioned fragment of code starts from. OK, try to look a bit down - 0x4E6446. It's where
traits->attackSkill += 5;
+= 5 part starts.
add edx, eax
add ecx, eax
eax being your five, and edx and ecx - attack and defense accordingly.
|
|
SilverG
Known Hero
|
|
posted November 07, 2024 07:52 PM |
|
|
Ooooooooooooh.... .... so THAT's where it is... Damn, I have given up after the second line... 
As for the resources given by the 6 Artifacts?
Thanks
And... uhm.. sorry for the trouble.
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 08, 2024 12:41 AM |
|
|
This may be tricky to modify in hex, as there is no direct number of resources involved. See 0x4B8A07 and below.
|
|
SilverG
Known Hero
|
|
posted November 08, 2024 09:01 AM |
|
Edited by SilverG at 13:03, 08 Nov 2024.
|
AlexSpl said:
This may be tricky to modify in hex, as there is no direct number of resources involved. See 0x4B8A07 and below.
You are right... all I can see is
@B8AB3 01 00 00 00 - add [eax], eax, add [rax], eax
@B8B58 89 01 00 00 00 mov[ecx],eax, mov [rcx],eax...
This might be it... or?
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 08, 2024 01:35 PM |
|
|
|
See push 8Ch? 8C being the ID of Cornucopia. Then you can see lea edx, [eax+eax*4] (8D 14 80 in hex), it uses eax returned by NumOfGivenArtifacts. eax + eax * 4 = eax * 5, which gives you +5 to production. You may try to write there lea edx, [eax+eax*8] (8D 14 C0) to set production to +9, for example.
|
|
Csaros
Hired Hero
|
|
posted November 11, 2024 12:06 PM |
|
|
Hey Alex!
I found your NewEagleEye.dll plugin on handbookhmm.ru forum. How did you achieve the "heroes learn spells during battle" effect? When I look at the LearnSpellFromEagleEye function in void_17's database I don't see a point where the function even tries to check if the battle is complete (the function is actually really short). Where is it hidden? How did you manage to edit that part? I believe making Eagle Eye apply in combat is the bare minimum to make it moderately usable.
About wisdom requirement for eagle eye: Is that the check at 0x69C1F?
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 11, 2024 04:28 PM |
|
|
Quote:
I found your NewEagleEye.dll plugin on handbookhmm.ru forum. How did you achieve the "heroes learn spells during battle" effect?
The latest version of this plugin is here. See the spoiler below the download link. There you can find the source code of the plugin. Look for addresses in the code.
Quote:
When I look at the LearnSpellFromEagleEye function in void_17's database I don't see a point where the function even tries to check if the battle is complete (the function is actually really short). Where is it hidden? How did you manage to edit that part?
It's called void __thiscall combatManager:oVictory(combatManager *this, int winningGroup) (see 0x476DA0). This method calls void __thiscall combatManager::show_eagle_eye(combatManager *this, int winning_group, int dialog_timeout) (see 0x476910).
|
|
Csaros
Hired Hero
|
|
posted November 11, 2024 05:53 PM |
|
|
|
I've read the code back and forth, checked the disassembeled code from the idb at all the addresses you mentioned in the code, and I'll be fully honest I'm still not sure how to edit this code in a hex editor to make it work for HotA (which does not accept plugins). Should I just remove the call to the eagle eye code at 00477281 and add one somewhere within the active combat manager, so f.e. 005A9660 or 00476910? Which one of these do you think would be best to place it in?
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 11, 2024 06:23 PM |
|
Edited by AlexSpl at 18:27, 11 Nov 2024.
|
Full implementation in hex would be huge. I don't even want to imagine how much free space you need for this. But if you want to try and have enough time for this, start from
_PI->WriteHexPatch(0x469C23, (char*)"EB");
_PI->WriteHexPatch(0x476996, (char*)"E9 DD 01 00 00");
WriteHexPatch() directly writes bytes. These two lines just remove the original effect.
Then you need this -
_PI->WriteLoHook(0x5A0262, learnSpell);
This is a low hook. Basically, it's a 5 bytes long jmp to your code. You have to write jmp at the address of the first argument (0x5A0262). But you should manually control all the registers and write jmp back.
Then the worst part - you have to write this -
int __stdcall learnSpell(LoHook* h, HookContext* c)
{
_Hero_* hero = o_BattleMgr->hero[1 - o_BattleMgr->current_side];
if (hero)
{
int spell = *(int*)(c->ebp + 8);
if (spell != ID_NONE && !hero->spell[spell] && hero->doll_art[AS_SPELL_BOOK].id == AID_SPELL_BOOK &&
o_Spell[spell].level <= hero->second_skill[HSS_WISDOM] + 2 && o_Spell[spell].level <= hero->second_skill[HSS_EAGLE_EYE] + 2)
{
int dice = Randint(1, 100);
int eagleEyeProb = (int)(CALL_1(float, __thiscall, 0x4E4690, hero) * 100.0);
if (dice <= eagleEyeProb)
{
spells[n++] = spell;
hero->spell[spell] = true;
hero->spell_level[spell] = true;
}
}
heroToLearn = hero;
}
c->return_address = 0x5A02D9;
return NO_EXEC_DEFAULT;
}
in hex, which already maybe diffucult. And think about how many potential errors you would, probably, do while porting.
|
|
nero468
Tavern Dweller
|
|
posted November 11, 2024 10:48 PM |
|
|
Spell duration
Hello,
is there an easy way to change the duration of spells trough hex editing.
|
|
AlexSpl
Responsible
Supreme Hero
|
|
posted November 12, 2024 02:15 PM |
|
Edited by AlexSpl at 21:15, 12 Nov 2024.
|
Quote:
Hello,
is there an easy way to change the duration of spells trough hex editing.
You can do it @ 44467Eh. See there mov ecx, [esi+ebx*4+198h] (8B 8C 9E 98 01 00 00)? ecx being the remaining duration of a spell with ID = ebx. esi here conveniently points to your army. 7 bytes are more than enough to make jmp to free space. There you can freely play with esi (to check your army properties and change the duration accordingly) and ebx (to check spell's ID). Don't forget to return a new duration in eax (no, you haven't just misread, not in ecx) and save ecx (you may also use ecx here to make sure a target hasn't the ebx spell yet, to zero the current duration, and many more funny things).
Btw, durations of Disrupting Ray, Berserk, and Blind Bind set to 255 and can be found elsewhere (see 0x444634). Duration of Frenzy is found at 0x444678.
* * *
Well, forgot about Spell Power It's in eax there, yet... you must return your spell's new duration also in eax.
You can use 0x44467E for your jmp as well even for the above mentioned exclusions, as long as you don't just need to change 255 turns for 4, for example.
|
|
|
|
This Popular Thread is pages long: 
