Heroes of Might and Magic Community
visiting hero! Register | Today's Posts | Games | Search! | FAQ/Rules | AvatarList | MemberList | Profile


Age of Heroes Headlines:  
5 Oct 2016: Heroes VII development comes to an end.. - read more
6 Aug 2016: Troubled Heroes VII Expansion Release - read more
26 Apr 2016: Heroes VII XPack - Trial by Fire - Coming out in June! - read more
17 Apr 2016: Global Alternative Creatures MOD for H7 after 1.8 Patch! - read more
7 Mar 2016: Romero launches a Piano Sonata Album Kickstarter! - read more
19 Feb 2016: Heroes 5.5 RC6, Heroes VII patch 1.7 are out! - read more
13 Jan 2016: Horn of the Abyss 1.4 Available for Download! - read more
17 Dec 2015: Heroes 5.5 update, 1.6 out for H7 - read more
23 Nov 2015: H7 1.4 & 1.5 patches Released - read more
31 Oct 2015: First H7 patches are out, End of DoC development - read more
5 Oct 2016: Heroes VII development comes to an end.. - read more
[X] Remove Ads
LOGIN:     Username:     Password:         [ Register ]
HOMM1: info forum | HOMM2: info forum | HOMM3: info mods forum | HOMM4: info CTG forum | HOMM5: info mods forum | MMH6: wiki forum | MMH7: wiki forum
Heroes Community > Heroes 3.5 - WoG and Beyond > Thread: Heroes 3 Hacking Reference Guide
Thread: Heroes 3 Hacking Reference Guide This thread is 42 pages long: 1 10 20 ... 27 28 29 30 31 ... 40 42 · «PREV / NEXT»
phoenix4ever
phoenix4ever


Legendary Hero
Heroes is love, Heroes is life
posted October 10, 2022 09:14 PM
Edited by phoenix4ever at 21:15, 10 Oct 2022.

Hi BTB

I just did a little testing, as I had an idea:
I changed Advanced Protection From Fire from 50% resistance to 100%, which in theory should make them completely immune to Fire Damage spells.
I was hoping it would pop up with the messsage saying "this creature is immune to this spell" or whatever that standard message is. However creatures with Advanced Protection From Fire can still be hit by fire spells, but they do 0 damage.
Do you know anything about the above?  

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 11, 2022 12:09 AM

Parascus said:
Do you have a clue what I have done wrong? Is the information sufficient?

Kind regards

Parascus


It's a LOT easier to read if you open the game in Cheat Engine and copy/paste from there, since that will also include the corresponding ASM commands. And since your problem is most likely a bad jump, you'll be able to see that right away.

Also, the reason we allow healing units at full health is so that we're able to remove status effects from units that have not taken any damage.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 11, 2022 08:09 PM

Hi BTB,

not only have I managed to attach Heroes III to Cheat Engine I also could debug a bit. Yes and can say there are several lines I understand. But unfortunatelly I'm far from total comprehension. Here is the code:

Heroes3 HD.exe+E4B86 - D8 05 DCB96300        - fadd dword ptr ["Heroes3 HD.exe"+23B9DC]
Heroes3 HD.exe+E4B8C - 8B E5                 - mov esp,ebp
Heroes3 HD.exe+E4B8E - 5D                    - pop ebp
Heroes3 HD.exe+E4B8F - C3                    - ret
Heroes3 HD.exe+E4B90 - 55                    - push ebp
Heroes3 HD.exe+E4B91 - 8B EC                 - mov ebp,esp
Heroes3 HD.exe+E4B93 - 83 EC 08              - sub esp,08
Heroes3 HD.exe+E4B96 - 57                    - push edi
Heroes3 HD.exe+E4B97 - 85 F6                 - test esi,esi
Heroes3 HD.exe+E4B99 - 74 58                 - je "Heroes3 HD.exe"+E4BF3
Heroes3 HD.exe+E4B9B - 0FBE 81 E4000000      - movsx eax,byte ptr [ecx+000000E4]
Heroes3 HD.exe+E4BA2 - 84 C0                 - test al,al
Heroes3 HD.exe+E4BA4 - 74 4D                 - je "Heroes3 HD.exe"+E4BF3
Heroes3 HD.exe+E4BA6 - 3C 01                 - cmp al,01
Heroes3 HD.exe+E4BA8 - 74 32                 - je "Heroes3 HD.exe"+E4BDC
Heroes3 HD.exe+E4BAA - 3C 02                 - cmp al,02
Heroes3 HD.exe+E4BAC - 74 17                 - je "Heroes3 HD.exe"+E4BC5
Heroes3 HD.exe+E4BAE - 31 FF                 - xor edi,edi
Heroes3 HD.exe+E4BB0 - 0FBE 87 98EA6300      - movsx eax,byte ptr [edi+"Heroes3 HD.exe"+23EA98]
Heroes3 HD.exe+E4BB7 - 50                    - push eax
Heroes3 HD.exe+E4BB8 - 8B CE                 - mov ecx,esi
Heroes3 HD.exe+E4BBA - E8 71F6F5FF           - call "Heroes3 HD.exe"+44230
Heroes3 HD.exe+E4BBF - 47                    - inc edi
Heroes3 HD.exe+E4BC0 - 83 FF 04              - cmp edi,04
Heroes3 HD.exe+E4BC3 - 7C EB                 - jl "Heroes3 HD.exe"+E4BB0
Heroes3 HD.exe+E4BC5 - 31 FF                 - xor edi,edi
Heroes3 HD.exe+E4BC7 - 0FBE 87 9CEA6300      - movsx eax,byte ptr [edi+"Heroes3 HD.exe"+23EA9C]
Heroes3 HD.exe+E4BCE - 50                    - push eax
Heroes3 HD.exe+E4BCF - 8B CE                 - mov ecx,esi
Heroes3 HD.exe+E4BD1 - E8 5AF6F5FF           - call "Heroes3 HD.exe"+44230
Heroes3 HD.exe+E4BD6 - 47                    - inc edi
Heroes3 HD.exe+E4BD7 - 83 FF 04              - cmp edi,04
Heroes3 HD.exe+E4BDA - 7C EB                 - jl "Heroes3 HD.exe"+E4BC7
Heroes3 HD.exe+E4BDC - 31 FF                 - xor edi,edi
Heroes3 HD.exe+E4BDE - 0FBE 87 A0EA6300      - movsx eax,byte ptr [edi+"Heroes3 HD.exe"+23EAA0]
Heroes3 HD.exe+E4BE5 - 50                    - push eax
Heroes3 HD.exe+E4BE6 - 8B CE                 - mov ecx,esi
Heroes3 HD.exe+E4BE8 - E8 43F6F5FF           - call "Heroes3 HD.exe"+44230
Heroes3 HD.exe+E4BED - 47                    - inc edi
Heroes3 HD.exe+E4BEE - 83 FF 05              - cmp edi,05
Heroes3 HD.exe+E4BF1 - 7C EB                 - jl "Heroes3 HD.exe"+E4BDE
Heroes3 HD.exe+E4BF3 - C7 45 FC 40400000     - mov [ebp-04],00004040
Heroes3 HD.exe+E4BFA - 5F                    - pop edi
Heroes3 HD.exe+E4BFB - EB 89                 - jmp "Heroes3 HD.exe"+E4B86
Heroes3 HD.exe+E4BFD - 90                    - nop
Heroes3 HD.exe+E4BFE - 90                    - nop
Heroes3 HD.exe+E4BFF - 90                    - nop

In 63EA98 the bytes are: 2A 2D 34 36 32 3B 3D 3E 46 47 49 4A 4B

I understand that there are 3 sections to remove the spells, first on expert, second on advanced and third the basic level. E4B9B (and following) decides if there is any first aid skill and if it is advanced or basic it jumps to the corresponding section.
Section 1 (expert) should remove 2A Curse, 2D Weakness, 34 Misfortune, and 36 Slow
Section 2 (advanced) should remove 32 Sorrow, 3B Berserk, 3D Forgetfulness, and 3E Blind
Section 3 (basic) should remove 46 Petrify, 47 Poison, 49 Disease, 4A Paralyze, 4B Aging

One thing I do not understand is, how the healing works. I asume that the code of E4BF3 is adding 100 HP. But in the game it adds only 1 point.

And one more thing; In your list of spells you do not remove Bind. Is this becausee it is not really a spell affectig the body of the unit but is an external problem (roots binding the unit to the ground)?

Best regards

Parascus

____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 11, 2022 09:20 PM

Parascus said:
One thing I do not understand is, how the healing works. I asume that the code of E4BF3 is adding 100 HP. But in the game it adds only 1 point.


That one's my fault, actually. Someone reported a similar problem in my mod a few days ago, and it's due to me accidentally omitting a load command for the floating math.

Refresh my guide and it should show up correctly.

Parascus said:
And one more thing; In your list of spells you do not remove Bind. Is this becausee it is not really a spell affectig the body of the unit but is an external problem (roots binding the unit to the ground)?


Yeah, Bind was always ignored by Cure for the reason you mentioned.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 12, 2022 02:56 PM
Edited by Parascus at 15:12, 12 Oct 2022.

Hi BTB,

thanks for your info. Now it works! The hacking still goes on.

A question to cheat engine and your experience. Does the function "Scan for codecaves" shows you areas in the code which can be used for additional programming and is it reliable?

Best regards

Parascus
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 12, 2022 05:36 PM

Parascus said:
Does the function "Scan for codecaves" shows you areas in the code which can be used for additional programming and is it reliable?


I've never used it since space really isn't an issue for me, so I can't say.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 12, 2022 07:31 PM

Hi BTB,

Thanks for the info ... I've done a little test: I had inserted the buff of health and scanned for free space. Allthough there should be enough space after the buff code it didn't show in the scan. I asume that is not the function I had in mind ;-)

I hope I do not enoy you to much with my low level questions, but in hacking I'm just a noob. So I'd like to ask you a further question in finding the correct code to start with debugging. I know that for the display of morale the images of imrlxx.def (H3sprite.lod) are used. I also found the address whre this name is stored in the executable (28c6d0). Is there a way to find the usage of this address in the executable? I tried to find it with 28c6d0, d0c628, c6d0, d0c6, but had ironically no luck.

Have a nice evening

Parascus
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 12, 2022 11:26 PM

Parascus said:
I hope I do not enoy you to much with my low level questions,


The only reason I know as much as I do is because I had a very patient teacher who would spend hours helping me figure snow out. You're not annoying me at all.

Parascus said:
I also found the address whre this name is stored in the executable (28c6d0). Is there a way to find the usage of this address in the executable?


Yeah, very simple. Open Cheat Engine and then click memory viewer.

Go to 68c6d0 in the bottom panel (hex view) and right-click the first byte of the filename. Select "data breakpoint" and "break on access".

Now open up a unit's info screen in-game and Cheat Engine will halt the process the moment that address is accessed for any reason.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
AlexSpl
AlexSpl


Responsible
Supreme Hero
posted October 13, 2022 10:52 PM
Edited by AlexSpl at 22:56, 13 Oct 2022.

I started from dancing with "free spaces". Actually, it's a useful training (learning asm, etc.), but I must underline that this is a childish approach. I don't even speak of how the fighting against opcodes is time-consuming and error-prone. Just learn some C++ and you will get absolute freedom, your code will be controllable and debug-friendly. Otherwise it will take you years to implement something wowsers-invoking with just a hex-editor and even with the Cheat Engine. Why, the hell, Cheat Engine, if you have a free IDA? Give a try to plugins. Basically, they are the same thing you're doing. You can even translate your asm/opcodes patches to plugins directly

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
deathstare
deathstare


Adventuring Hero
posted October 20, 2022 01:44 AM

BTB said:
http://btb2.free.fr/mods/h3/hacking.txt

This is a reference guide that I've cultivated over the last several years of relevant information for hacking this game. It's written to be accessible to beginners, but contains many examples of custom code that will be of value to intermediate and advanced modders alike.

As of this point, the guide is effectively finished. I've accomplished all that I set out to do with the game and feel that there is nothing more I have to add to it. I'll keep touching it up here and there and fixing any errors that are found, but no more information is planned to be added.


I can't access the site.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 20, 2022 04:52 AM

deathstare said:
BTB said:
http://btb2.free.fr/mods/h3/hacking.txt

This is a reference guide that I've cultivated over the last several years of relevant information for hacking this game. It's written to be accessible to beginners, but contains many examples of custom code that will be of value to intermediate and advanced modders alike.

As of this point, the guide is effectively finished. I've accomplished all that I set out to do with the game and feel that there is nothing more I have to add to it. I'll keep touching it up here and there and fixing any errors that are found, but no more information is planned to be added.


I can't access the site.


You sure you're using the right link? Works fine for me.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 22, 2022 11:06 AM

Hi BTB,

I now tried to change some further things in my Heroes mod but as always with beginners I have several questions:

1) Thank you for the hint how to set a break point on reading a value. You can imagine that I tried to find out how the offset of the luck and morale image is calculated. ut I had no luck. Is it really not an easy "take the luck value, substract the number of negative luck images and thanyou have your image number to use"?

2) I wanted to change (or rather create) a speciality on the visions spell to "Always on expert level". But the spell id is below the first spell on the table. So it is not as easy as with hypnotize (which works pretty fine). Is there a away I can set the "beginning spell" of the table to another ID?

3) I wonder how many heroes there are? On my list I get down to Xeron but there seem to be more heroes.

4) I just tried your frenzy overhaul. Is there any way to also do the "defense costs" related to the level of fire magic? E.g. all defense points unksilled, 3/4th of it havin basic, 1/2 of it with advanced and 1/4th with expert? If you have a hint where I can learn more about assembler, registers and so on, it would be nice. My last week was full of guessing what might be loaded into the registers but most of the time I had no luck.

Best regards and a nice weekend

Parascus
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Phoenix4ever
Phoenix4ever


Legendary Hero
Heroes is love, Heroes is life
posted October 22, 2022 12:21 PM

^^ Just so you know, AI is unable to cast Visions. (and several other adventure and combat spells.)

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 22, 2022 01:23 PM

@Phoenix4Ever: Yes I know, but we love to "spy" on creatures and computer enemies.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Phoenix4ever
Phoenix4ever


Legendary Hero
Heroes is love, Heroes is life
posted October 22, 2022 03:15 PM

Fair enough. It just always bothered me that AI can't use Luna's specialty, but oh well.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 22, 2022 03:38 PM

Welllll ... sometimes I've the feeling, the computer uses some cheat codes. Strugeling 3 weeks to get the capitol and manage to get the 4th level of creature and: "Hello my human darling, here I am and look how many Black Dragons I brought with" But the main goal is to strengthen the other specialites and skills so it is we do not depend only on wisdom, earth and air magic and logistics. I think the First Aid boost is a realy handy thing and I boosted up scouting to a higher radius, so it is not an useless skill.

Best wishes

Parascus
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Phoenix4ever
Phoenix4ever


Legendary Hero
Heroes is love, Heroes is life
posted October 22, 2022 05:21 PM
Edited by Phoenix4ever at 17:24, 22 Oct 2022.

Well AI DOES cheat with resources, it gets extra income from mines and more starting resouces, depending on what difficulty you play on.

Yeah it gets kinda boring always choosing Wisdom, Earth, Air and Log. (I moved Dimension Door to Fire and only 1 cast per day, so Air at least does'nt feel like a must have anymore and Fire is a little better.)

What did you do about First Aid again?, something about removing negative effects, like Cure?
That seems like a nice buff, I might implement that, if I can figure it out.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Parascus
Parascus


Adventuring Hero
posted October 22, 2022 05:55 PM

Hi Phoenix4Ever,

yeah, moving the spells is a thing i could do as well. I will give it a thought.

Thanks to BTB it is easy to do the changes. I had to turn off the fear spell but becausee the Azure Dragon is raae I won't miss it. So here is what I did (and I hope i didn't forget something):

First Aid can be controlled every time with:
07391B: 00
074605: EB

Healing and magical effects:
07387A: 00
07609B: 00
0E4B86: D8 05 DC B9 63 00 8B E5 5D C3 55 8B EC 83 EC 08 57 85 F6 74 58 0F BE 81 E4 00 00 00 84 C0 74 4D 3C 01 74 32 3C 02 74 17 31 FF 0F BE 87 98 EA 63 00 50 8B CE E8 71 F6 F5 FF 47 83 FF 04 7C EB 31 FF 0F BE 87 9C EA 63 00 50 8B CE E8 5A F6 F5 FF 47 83 FF 04 7C EB 31 FF 0F BE 87 A0 EA 63 00 50 8B CE E8 43 F6 F5 FF 47 83 FF 05 7C EB C7 45 FC 40 40 00 00 5F EB 89 90 90 90
23EA98: 2A 2D 34 36 32 3B 3D 3E 46 47 49 4A 4B 00 00 00

First Aid adding health buff (instead of Fear, original suggestion of BTB is Diplomacy Artifacts):
0E671D: E8 01 E2 F7 FF 5F
064923: B9 B8 03 67 00 8A 44 39 10 C0 E8 04 A8 01 74 15 8A 44 39 04 40 8B 4D FC 50 8A 81 E4 00 00 00 59 0F AF C1 01 C3 8B 46 4C 01 D8 C3

Remove Fear:
064920: C2 04 00

And don't forget the texts in SSTRAITS:
First Aid "{Basic First Aid}

Basic First Aid removes physical effects Petrify, Poison, Disease, Paralyze, and Aging, healing up to 100 HP to the selected unit." "{Advanced First Aid}

Advanced First Aid removes physical and mental effects Petrify, Poison, Disease, Paralyze, Aging, Sorrow, Berserk, Forgetfulness, and Blind, healing up to 100 HP to the selected unit." "{Expert First Aid}

Expert First Aid  removes physical and mental effects Petrify, Poison, Disease, Paralyze, Aging, Sorrow, Berserk, Forgetfulness, Blind,Curse, Weakness, Misfortune, and Slow, healing up to 100 HP to the selected unit."

Once again credits to BTB who also helped me getting it done/run. You can find the passage with this code in his document by looking for "& First Aid".

Do you also use HxD? I found out it is extremley convenient to jump with Ctrl+G to the address and use Ctrl+B to paste the content.

What I do not know is the speciality effect and therefore removed it from the heroes. But an idea would be to do the health buff only in case of speciality.

Best regards

Parascus





____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Phoenix4ever
Phoenix4ever


Legendary Hero
Heroes is love, Heroes is life
posted October 22, 2022 07:54 PM
Edited by Phoenix4ever at 19:56, 22 Oct 2022.

Okay, I like being able to control the tent even without First Aid skill. The ability to remove negative effects is also great. I don't think I will mess with Azure Dragons though, I do have one of their dwellings in my map, even though it's very rare anyone buys them. (They are also expensive as heck.) Health buff also seems a bit weird to me.
I already increased hp and defense of the tent and made it heal more with First Aid, so it's at least a little better than before.

No, I use Hex Editor Neo, I think it's called. Works great and I have had no problems with it at all.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
BTB
BTB


Famous Hero
Moist & Creamy
posted October 22, 2022 09:51 PM

Parascus said:
1) Thank you for the hint how to set a break point on reading a value. You can imagine that I tried to find out how the offset of the luck and morale image is calculated. ut I had no luck. Is it really not an easy "take the luck value, substract the number of negative luck images and thanyou have your image number to use"?


What are you trying to do, exactly?

Parascus said:
2) I wanted to change (or rather create) a speciality on the visions spell to "Always on expert level". But the spell id is below the first spell on the table. So it is not as easy as with hypnotize (which works pretty fine). Is there a away I can set the "beginning spell" of the table to another ID?


In this case, what you'd want to do is check the spell ID before it subtracts OD at 4E6291 and then jump to the Fortune routine on a match. You'll need to jump to free space to do this, of course.


Parascus said:

3) I wonder how many heroes there are? On my list I get down to Xeron but there seem to be more heroes.


Xeron is the last hero.

Parascus said:

4) I just tried your frenzy overhaul. Is there any way to also do the "defense costs" related to the level of fire magic? E.g. all defense points unksilled, 3/4th of it havin basic, 1/2 of it with advanced and 1/4th with expert?


Not sure about that one offhand. 4422C9 is where we jump to for defense becoming zero, so you can put a break on that and then just keep doing "step into" and watch for a command that sets either ESI or EDI+58 to 0.

Parascus said:

If you have a hint where I can learn more about assembler, registers and so on, it would be nice. My last week was full of guessing what might be loaded into the registers but most of the time I had no luck.


What you're doing now is honestly the best way to learn, at least it was for me. If I have a guess about what the value in a regitser does or what an opcode does, I just put a pause on it and change it in real time and see what happens.

For example, in the above command, ESI or EDI is most likely the variable set to the data structure for the unit stack being affected, and +58 of that data block will be their defense. This is assuming that I'm correct in my assumption about how the defense is set to 0, which I possibly may not be.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Jump To: « Prev Thread . . . Next Thread » This thread is 42 pages long: 1 10 20 ... 27 28 29 30 31 ... 40 42 · «PREV / NEXT»
Post New Poll    Post New Topic    Post New Reply

Page compiled in 0.0838 seconds