2009-05-06, 10:33 PM
PS: In the meantime, the most helpful thing everyone could be doing is mapping out the data segment. All you gotta do is make a test project. Say if you wanna find HP... make the player's starting HP some value, then run the game (or testmap if you have privileges to dump that) and once your in the game and your HP is clearly displayed, open taskmanager, and find the process, right click and choose dump (works that way with Vista at least)
The dumped file will be over 150MBs, so only try this if you're machine is pretty hearty. Now open it in your text editor, and go to the SoM data segment (Just look for Holy in the text, and page up a little ways until you see something (edited: for the record f037 will change depending on the game) like 0000 0000 f037 4000. That is where the initialized data segment officially starts for the record (theoretically it's possible these values might've been changed in your dump -- whatever they're used for, but not likely)
Anyway, search for the weird value you set your HP to in the data segment. And once you think you've found it (or a number of candidates) ...repeat the process with a diff HP, and see if one of your candidates reflects the change. If so you've found the HP. If we find out all of this stuff is in a very centralized area, that will be quite useful (and there might then be a way to more directly experiment with the running binary... but if not, we'll all know where to look
)
Chances are HP/MP and everything (including stuff we can't already get at!!) is all very close together, so please, if you have a second, try to find them for us~
Edited: Some notes...
The code segment in the exe starts at 1000... looks like 33c0 568b f189 4608. A disassembler I have puts it at 401000 (401000 is the virtual address, though I dunno what that is off the top of my head)
I'm sort of looking into code injection techniques
edited: This appears to be the sanest route to me (https://www.programmersheaven.com/2/Inje...table-file)
The dumped file will be over 150MBs, so only try this if you're machine is pretty hearty. Now open it in your text editor, and go to the SoM data segment (Just look for Holy in the text, and page up a little ways until you see something (edited: for the record f037 will change depending on the game) like 0000 0000 f037 4000. That is where the initialized data segment officially starts for the record (theoretically it's possible these values might've been changed in your dump -- whatever they're used for, but not likely)
Anyway, search for the weird value you set your HP to in the data segment. And once you think you've found it (or a number of candidates) ...repeat the process with a diff HP, and see if one of your candidates reflects the change. If so you've found the HP. If we find out all of this stuff is in a very centralized area, that will be quite useful (and there might then be a way to more directly experiment with the running binary... but if not, we'll all know where to look
)Chances are HP/MP and everything (including stuff we can't already get at!!) is all very close together, so please, if you have a second, try to find them for us~
Edited: Some notes...
The code segment in the exe starts at 1000... looks like 33c0 568b f189 4608. A disassembler I have puts it at 401000 (401000 is the virtual address, though I dunno what that is off the top of my head)
I'm sort of looking into code injection techniques
edited: This appears to be the sanest route to me (https://www.programmersheaven.com/2/Inje...table-file)