Heroes of Might and Magic Community
visiting hero! Register | Today's Posts | Games | Search! | FAQ/Rules | AvatarList | MemberList | Profile


Age of Heroes Headlines:  
5 Oct 2016: Heroes VII development comes to an end.. - read more
6 Aug 2016: Troubled Heroes VII Expansion Release - read more
26 Apr 2016: Heroes VII XPack - Trial by Fire - Coming out in June! - read more
17 Apr 2016: Global Alternative Creatures MOD for H7 after 1.8 Patch! - read more
7 Mar 2016: Romero launches a Piano Sonata Album Kickstarter! - read more
19 Feb 2016: Heroes 5.5 RC6, Heroes VII patch 1.7 are out! - read more
13 Jan 2016: Horn of the Abyss 1.4 Available for Download! - read more
17 Dec 2015: Heroes 5.5 update, 1.6 out for H7 - read more
23 Nov 2015: H7 1.4 & 1.5 patches Released - read more
31 Oct 2015: First H7 patches are out, End of DoC development - read more
5 Oct 2016: Heroes VII development comes to an end.. - read more
[X] Remove Ads
LOGIN:     Username:     Password:         [ Register ]
HOMM1: info forum | HOMM2: info forum | HOMM3: info mods forum | HOMM4: info CTG forum | HOMM5: info mods forum | MMH6: wiki forum | MMH7: wiki forum
Heroes Community > Heroes 4 - Lands of Axeoth > Thread: H4 dll researching
Thread: H4 dll researching This thread is 2 pages long: 1 2 · NEXT»
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted September 19, 2018 12:21 PM
Edited by Karmakeld at 21:03, 17 Oct 2018.

H4 dll researching

I'm dedicating this tread to the research of creating dll extensions for Heroes 4.

The modding community has come a long way duing the past few years, and theories about how to add new Creatures, Creature Banks, Hero Portraits etc all appear to be well researched and documented, but we still face the obstacle of no one having the knowledge of how to succesfully create jumps or make dll extensions, in order to add this new content to the game.
But we're never getting any closer if we don't start looking into it.

In addition to actual programming research regarding how to make dll files, I think we should gather up any useful information here, regarding hex codes, how they're called, how images are read etc, to make it easier to add and test new content.

So I hereby invite modders and programmers to join the research and share your knowledge.
-------------
Edit:
I found this on the Russian Equi forum.. The way I read it, I get the impression this has to do with making 'jumps'.. Someone with more modding/programming knowledge than me, might be able to explain....


Creature ability guide (by Lost) v.16.06.2003

(How to add, remove or change the abilities of Heroes 4 WoW monsters)

Adding abilities

would be simple if the procedure calls were not so close to each other. It would seem to insert one push, change the address of the procedure - and that's it. But no. There is no place for pusha. What to do?

And that's what. We remove all push, mov and call for the creature from the procedure. We replace them with a bunch of nop and one call - in a place where there is no such tightness of code. In the PE headers of Windows files, there is usually free space starting at 2e0 and ending with FFF. It also can be used under the code. That is, from the old place all the code is removed, it remains only to call to a new place (for example, 300). At the new place, you need to write the same as on the old one, plus add a new push with the desired ability, change the address of the called procedure, and transfer control back to FillAbilities using ret.

Let's make the earth elementals new ability - stone skin and stone gaze. Here is what you need to do.

1. Find the address of the earth elemental in table .65494E
2. There should be the following:
CODE: SELECT ALL

.0065494E: 6A28                         push        028
.00654950: 6A11                         push        011
.00654952: 6A12                         push        012
.00654954: B9C81AAB00                   mov         ecx,000AB1AC8
.00654959: E8A2060000                   call       .000655000
3. As you can see, the elemental has 2 abilities - 28 (Magic Resistance) and 11 (Elemental). Let's add 2 more to it - Stone Skin (43) and Stone Gaze (42).
4. Copy to the notepad or just push all the push'i and mov ecx, 000AB1AC8 on a piece of paper
5. Replace the first push with call 300, wipe everything else with a nop. It should turn out like this:
CODE: SELECT ALL

.0065494E: E8ADB9DAFF                   call       .000654300
.00654953: 90                           nop
.00654954: 90                           nop
.00654955: 90                           nop
.00654956: 90                           nop
.00654957: 90                           nop
.00654958: 90                           nop
.00654959: 90                           nop
.0065495A: 90                           nop
.0065495B: 90                           nop
.0065495C: 90                           nop
.0065495D: 90                           nop
.0065495E: 6A15                         push        015  (начало следующего создани&#1103
6. Now go to 300, F3, Enter and write the following lines there:
CODE: SELECT ALL

00000300: 6A28                         push        028 <- &#1089;&#1082;&#1086;&#1087;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1086; &#1089;&#1086; &#1089;&#1090;&#1072;&#1088;&#1086;&#1075;&#1086; &#1084;&#1077;&#1089;&#1090;&#1072;
00000302: 6A11                         push        011 <- &#1089;&#1082;&#1086;&#1087;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1086; &#1089;&#1086; &#1089;&#1090;&#1072;&#1088;&#1086;&#1075;&#1086; &#1084;&#1077;&#1089;&#1090;&#1072;
00000304: 6A43                         push        043 <- &#1076;&#1086;&#1073;&#1072;&#1074;&#1083;&#1077;&#1085;&#1085;&#1099;&#1077; &#1072;&#1073;&#1080;&#1083;&#1082;&#1080;
00000306: 6A42                         push        042 <- &#1076;&#1086;&#1073;&#1072;&#1074;&#1083;&#1077;&#1085;&#1085;&#1099;&#1077; &#1072;&#1073;&#1080;&#1083;&#1082;&#1080;
00000308: 6A12                         push        012 <- &#1089;&#1082;&#1086;&#1087;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1086; &#1080;&#1079; &#1089;&#1090;&#1072;&#1088;&#1086;&#1075;&#1086; &#1084;&#1077;&#1089;&#1090;&#1072;
0000030A: B9C81AAB00                   mov         ecx,000AB1AC8 <- &#1089;&#1082;&#1086;&#1087;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1086; &#1080;&#1079; &#1089;&#1090;&#1072;&#1088;&#1086;&#1075;&#1086; &#1084;&#1077;&#1089;&#1090;&#1072;
0000030F: E89C502500                   call       .0006553B0  (&#1085;&#1072;&#1076;&#1086; &#1074;&#1074;&#1086;&#1076;&#1080;&#1090;&#1100; call 2553b0)
00000314: C3                           retn
7. Click F9. We leave from Hiew, we launch and we look. The elemental now has 4 abilities.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
kkfkkkfk
kkfkkkfk


Adventuring Hero
Nothing is impossible
posted October 18, 2018 08:32 AM

I sum up a little.
The address is related to the game version.
The addresses listed here are all in English.

If you are using versions of other languages, you need to calculate the offset.

Each serial number corresponds to one profession. They are unique.
Defining addresses determines professional effects.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted October 18, 2018 11:35 PM

I'll have to look again, but chances are it could very well be the Russian version of WoW - as it's from the russian forum. Also now I see I should probably post some screenshots as some of the code is displayed differently in the original forum post.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
iliveinabox05
iliveinabox05


Honorable
Famous Hero
posted October 19, 2018 02:27 AM

Also keep in mind that hiew seems to be a hex editor, which also has a disassembler built in, so it's just editing the exe. Still useful information though.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
kkfkkkfk
kkfkkkfk


Adventuring Hero
Nothing is impossible
posted October 19, 2018 04:58 AM

HIEW32 is not recommended.
There are some better tools.
Such as IDA Pro and Ollydbg

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
iliveinabox05
iliveinabox05


Honorable
Famous Hero
posted October 19, 2018 06:04 PM

I'm just saying that's what he was using in the quote, which is not using a dll.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
AlexSpl
AlexSpl


Responsible
Supreme Hero
posted October 19, 2018 06:39 PM

I recommend to use patcher_x86. First, modify the executable to make it able to load dlls. Then write your own dlls to modify everything you wish.

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted October 20, 2018 01:18 AM
Edited by NimoStar at 01:20, 20 Oct 2018.

Modyfying thius Earth Elemental abilities is using .exe editing, not .dll editing...


(I have done it in my mod. Changed Teleport to Stone Skin)

Also gave Earth Elementals spellcasting, but that is another story - You need to give them spell points and power in creature table, then add the spells in mass_spells equilibris .exe section.

**

It would be nice to actually research how to make new DLLs for the game, or hopw are the sections of the DLL called from the actual .exe code.

For example, Summoning and Necromancy creatures are defined in the Equilibris .dll - This seems to overwrite the hexes in the .exe

When using equilibris DLLs, changing the hexes for necromancy and summoning creatures in the original .exe will have no effect.
____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
radmutant69
radmutant69


Promising
Known Hero
posted October 20, 2018 09:55 AM

Well, here is the necromancy stuff in the dll:



At least in the 3.55 one. I never tried to find the summoning in it..

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted October 20, 2018 08:10 PM

Yes, those are the creatures hexes. i was able to change them in 3.51, guess in 3.55 is the same.

But what is more interesting is, how does the .DLL know what part of the exe to replace? where is that coded? I guess a little back.

People that know how to mod h3 could help with this, as there are many H3 dll mods/hacks... someone care to ask one of the experts on that?
____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted October 20, 2018 10:20 PM

NimoStar said:

People that know how to mod h3 could help with this, as there are many H3 dll mods/hacks... someone care to ask one of the experts on that?


I don't see why you couldn't be the one..? But it's a good suggestion, I'll ask in the H3 forum.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted October 21, 2018 05:34 AM

Because I already had the idea

And because i'm asocial lol
____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted November 03, 2018 01:35 PM

I think Morglin just provided us with the answer. iLiVe watch the video in the link and let's get started

Morglin said:
Learn how to reverse engineering.

Yes, that sounds hard, but it's definitely possible. There's a lot of tuorials on the web. For example: how to inject your own .dll to .exe:
https://www.youtube.com/watch?v=oYRqfpCLed8.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted November 09, 2018 11:30 AM

Nice idea, but overly vague :V

Well Ilive is a programmer, which one of the rest of us active here is? kffkk?
____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted November 09, 2018 10:21 PM

I asked FrostyMuadib, a while back if he could help out, he hoped to have time in mid october, but either he forgot or he didn't have time. I'll try to mail him again.
Also we had Duzeom on CH (also a programmer) but he's been absent for a while and hasn't replied my mail.
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Karmakeld
Karmakeld


Responsible
Supreme Hero
posted January 06, 2019 11:02 AM

Not sure how I missed this post, but TheUnknown specifies
how to make jumps
____________

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
RoseKavalier
RoseKavalier


Admirable
Supreme Hero
posted January 07, 2019 12:16 AM
Edited by RoseKavalier at 00:18, 07 Jan 2019.

AlexSpl said:
I recommend to use patcher_x86. First, modify the executable to make it able to load dlls. Then write your own dlls to modify everything you wish.


Karmakeld said:
I think Morglin just provided us with the answer. iLiVe watch the video in the link and let's get started

Morglin said:
Learn how to reverse engineering.

Yes, that sounds hard, but it's definitely possible. There's a lot of tuorials on the web. For example: how to inject your own .dll to .exe:
https://www.youtube.com/watch?v=oYRqfpCLed8.



All you really need to do: replicate what is in that video and then heed AlexSpl's advice. If you don't want to start calculating hex offsets nonstop, use something like OllyDbg where editing is easier.
patcher_x86 handles all the dirty hex editing for you and allows you to bridge in C++ instead of Assembly.

Get patcher_x86 here:
patcher_x86

You can also use this auto-translated version:
patcher_x86 translated header

After that, read AlexSpl's tutorial (it's in Russian but auto translate does a great job of it). It's meant for heroes3 but once you start figuring out addresses in h4, you can modify things much more easily without wasting 50% of your time trying to do hex editing.
patcher_x86 tutorial

Your biggest job will be figuring out offsets after this, which can be done with something like CheatEngine or something more complicated but powerful like IDA.

Best of luck.
____________
My Let's Plays: Metataxer's Revenge - The Empire of The World 2

 Send Instant Message | Send E-Mail | View Profile | PP | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted January 07, 2019 10:35 AM

Interesting. Thanks.

However, this:

Quote:
If you don't want to start calculating hex offsets nonstop, use something like OllyDbg where editing is easier.


Seems pretty hard to use, moreso than the rest of the software we are using so far


You are saying with this, i don't have to calculate hex offsets myself?

That was the main problem I had whan trying to modyfy thinhgs (for example, adding extra abilities to creatures). I could just not calculate hex offsets correctly to make the jumps, particularly because they have some weird formats like big endian, etc.

____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
RoseKavalier
RoseKavalier


Admirable
Supreme Hero
posted January 07, 2019 03:05 PM

A debugger like OllyDbg lets you see Assembly code, especially when you start understanding it, is infinitely easier to understand than hex dump. Sure it takes a bit of time to get used to but reversing without a debugger and/or disassembler is just a big waste of time.

Creating the initial link to your DLL is easier with OllyDbg than with just any hex editor because you only need to write what you want without calculating offsets by hand. It's exactly what's in the video linked.

Once your DLL is linked to the program, you will never again need to hex edit, everything will be done through the DLL itself. All you will require is to figure out for example, which function calculates hero movement on a given day and then you can modify any part of it easily.
It can be as simple as adding +1 movement or rewriting the entire function yourself. Same thing with abilities and pretty much everything else.
____________
My Let's Plays: Metataxer's Revenge - The Empire of The World 2

 Send Instant Message | Send E-Mail | View Profile | PP | Quote Reply | Link
NimoStar
NimoStar


Responsible
Legendary Hero
Modding the Unmoddable
posted January 07, 2019 10:57 PM
Edited by NimoStar at 22:58, 07 Jan 2019.

So you can understand what I am talking about:

The part about abilities in H4 is that the list is not a programmable set of instructions.

Its just like this

6A A0 6A B1 6A 07...

Those aren't instructions by themselves, its just a dataset for the part of the code which is the implementation.

We don't need to change the implementation, at least that wasn't the idea now (anyways the abilities implemented themselves are quite adequate), just that creatures are "Hardcoded" to have a certain number of abilities - for example, just 1 for the minotaur - and there is no space in the code to put more. Reading assembly code is not going to change that.

Therefore what equi team had done is: Take an "unused" chunk of space in h4 .exe code; replace the part on the Orc on the original list for an instruction to jump to that offset; and put after the altered part an instruction to jump back (tyhe formerly "blank" space has more hexes to write a longer list of abilities than the original). The only "programming" bits are the instruction which is a single hex, so seeing it in assembly instead of in hexadecimal is not going to make a difference in that.

Calculating the offsets is the hard part to make the jumps go to the exact hex needed.

I am not saying those tools aren't useful, just that they don't seem to do that, do they?
____________
Never changing = never improving

 Send Instant Message | Send E-Mail | View Profile | Quote Reply | Link
Jump To: « Prev Thread . . . Next Thread » This thread is 2 pages long: 1 2 · NEXT»
Post New Poll    Post New Topic    Post New Reply

Page compiled in 0.0657 seconds