Recifense
Master Cheater
Reputation: 6
Joined: 17 Mar 2008
Posts: 253
Location: Brazil - Pernambuco - Recife
|
 Posted: Fri Nov 06, 2009 8:59 am Post subject: Dawn of Magic 2 - V 1.11 (GM and More) |
 |
|
Hi guys,
Here is my contribution for "Dawn of Magic 2" Version 1.11. The script contains the following features:
- God Mode;
- Item durability;
- Quick XP;
It is for CE 5.5
Here is the script:
| Code: |
//=========================================
// Dawn of Magic 2
// Game Version : 1.11
// Script Version: 1.0
// CE Version : 5.5
// GodMode, Durability, XP
// 07-Oct-2009
//=========================================
[ENABLE]
alloc(MyCode,1024)
//=========================================
// Declaration section
label(_GodMode)
label(_BackGM)
label(_ExitGM)
label(_MonDur)
label(_BackMD)
label(_ExitMD)
label(_MonD0)
label(_MonXP)
label(_BackMX)
label(_ExitMX)
label(_MonX0)
label(_MonX1)
label(pHero)
label(pItem)
label(iEBP)
label(iEnableGM)
label(iEnableMD)
label(iEnableMX)
registersymbol(MyCode)
registersymbol(pHero)
registersymbol(pItem)
registersymbol(iEnableGM)
registersymbol(iEnableMD)
registersymbol(iEnableMX)
registersymbol(iEBP)
//=========================================
// Hacking Points
dawnofmagic2.exe+05433b:
jmp _GodMode
nop
_BackGM:
dawnofmagic2.exe+0af07a:
jmp _MonDur
nop
nop
_BackMD:
dawnofmagic2.exe+05635a:
jmp _MonXP
nop
_BackMX:
MyCode:
//=========================================
// God Mode
_GodMode:
fst dword ptr [esi+00000290] // Original code
cmp dword ptr [esi+000001c0],1 // Player ?
jne _ExitGM // Jump if false
mov [pHero],esi // Save ptr for debugging
cmp dword ptr [iEnableGM],0
je _ExitGM // Jump if feature is disabled
push eax
mov eax,[esi+000002a0] // Get max HP
mov [esi+00000290],eax // Update Cur HP
mov eax,[esi+000002a4] // Get Max Mana
mov [esi+00000294],eax // Update Cur Mana
mov eax,[esi+000002a8]
mov [esi+00000298],eax
mov eax,[esi+000002ac]
mov [esi+0000029c],eax
pop eax
_ExitGM:
jmp _BackGM // Back to main code
//=========================================
_MonDur:
add dword ptr [esi+00000100],ff // Original code
mov [pItem],esi // Save pointer for debugging
cmp dword ptr [iEnableMD],0
je _ExitMD // Jump if feature is disabled
mov ecx,#1000 // Get minimum durability
cmp ecx,[esi+000000fc] // durability >= minimum?
jle _MonD0 // Jump if true
mov [esi+000000fc],ecx // Update max durability
_MonD0:
mov ecx,[esi+000000fc] // Get max Durability
mov [esi+00000100],ecx // Update Cur Durability
_ExitMD:
jmp _BackMD // Back to main code
//=========================================
_MonXP:
cmp dword ptr [iEnableMX],0
je _ExitMX // Jump if feature is disabled
mov eax,ebp // Get XP base multiplier
mov [iEBP],ebp // Save it for debugging
mov ecx,[esi+00000264] // Get XP encrypted
xor ecx,6e93c812 // Decrypt part 1
ror ecx,07 // Decrypt part 2
cmp ecx,eax // Current value < base value?
jl _MonX1 // Jump if true (<)
_MonX0:
add eax,ebp // EAX = Multiplier * n
cmp ecx,eax // Current value > Multiplier * n?
jge _MonX0 // Jump if true
_MonX1:
dec eax // Level almost complete
rol eax,07 // Encrypt part 1
xor eax,6e93c812 // Encrypt part 2
mov [esi+00000264],eax // Update XP
_ExitMX:
mov ecx,[esi+00000264] // Original code
jmp _BackMX // Back to main code
//=========================================
// Variables
pHero:
dd 0
pItem:
dd 0
iEBP:
dd 0
iEnableGM:
dd 1
iEnableMD:
dd 1
iEnableMX:
dd 1
//=========================================
// Original Codes
[DISABLE]
dawnofmagic2.exe+05433b:
fst dword ptr [esi+00000290]
dawnofmagic2.exe+0af07a:
add dword ptr [esi+00000100],ff
dawnofmagic2.exe+05635a:
mov ecx,[esi+00000264]
dealloc(MyCode)
unregistersymbol(MyCode)
unregistersymbol(pHero)
unregistersymbol(pItem)
unregistersymbol(iEnableGM)
unregistersymbol(iEnableMD)
unregistersymbol(iEnableMX)
unregistersymbol(iEBP)
|
Here are some info for adapting this script for other versions of this game:
| Code: |
_GodMode:
00454325 - d9 c9 - fxch st(1)
00454327 - d9 5c 24 20 - fstp dword ptr [esp+20]
0045432B - d9 44 24 20 - fld dword ptr [esp+20]
0045432F - d9 c0 - fld st(0)
00454331 - d8 c2 - fadd st(0),st(2)
00454333 - d9 5c 24 20 - fstp dword ptr [esp+20]
00454337 - d9 44 24 20 - fld dword ptr [esp+20]
0045433B - d9 96 90 02 00 00 - fst dword ptr [esi+00000290] <---- Hacking Point
00454341 - dd 05 60 1b 78 00 - fld qword ptr [00781b60] : 0000
00454347 - dc c2 - fadd st(2),st(0)
00454349 - d9 ca - fxch st(2)
0045434B - d9 9e 98 02 00 00 - fstp dword ptr [esi+00000298]
00454351 - d9 86 a0 02 00 00 - fld dword ptr [esi+000002a0]
00454357 - d8 e3 - fsub st(0),st(3)
00454359 - d9 5c 24 08 - fstp dword ptr [esp+08]
0045435D - d8 e2 - fsub st(0),st(2)
0045435F - d9 5c 24 20 - fstp dword ptr [esp+20]
|
| Code: |
_MonDur:
004AF04D - 00 25 ff ff 7f 00 - add [007fffff],ah : 00
004AF053 - 0d 00 00 80 3f - or eax,3f800000
004AF058 - 89 44 24 04 - mov [esp+04],eax
004AF05C - d9 44 24 04 - fld dword ptr [esp+04]
004AF060 - dc 25 c8 c1 77 00 - fsub qword ptr [0077c1c8] : 0000
004AF066 - d9 5c 24 04 - fstp dword ptr [esp+04]
004AF06A - d9 44 24 04 - fld dword ptr [esp+04]
004AF06E - d9 05 08 c3 77 00 - fld dword ptr [0077c308] : 3C23D70A
004AF074 - df - fcomi st(0),st(1)
004AF075 - f1 - db f1
004AF076 - dd d8 - fstp st(0)
004AF078 - 76 07 - jna rpgcharacter_c::serialize+41c1
004AF07A - 83 86 00 01 00 00 ff - add dword ptr [esi+00000100],ff <---- Hacking Point
004AF081 - 5e - pop esi
004AF082 - 59 - pop ecx
004AF083 - c3 - ret
004AF084 - cc - int 3
|
| Code: |
_MonXP:
0045633C - e8 3f dc 2e 00 - call 00743f80
00456341 - 89 44 24 10 - mov [esp+10],eax
00456345 - 99 - cdq
00456346 - 83 e2 03 - and edx,03
00456349 - 03 c2 - add eax,edx
0045634B - c1 f8 02 - sar al,02
0045634E - 83 f8 01 - cmp eax,01
00456351 - 8b e8 - mov ebp,eax
00456353 - 7f 05 - jg rpgcharacterstatsinfo_c::moduleinit+822a
00456355 - bd 01 00 00 00 - mov ebp,00000001
0045635A - 8b 8e 64 02 00 00 - mov ecx,[esi+00000264] <---- Hacking Point
00456360 - 81 f1 12 c8 93 6e - xor ecx,6e93c812
00456366 - c1 c9 07 - ror ecx,07
00456369 - 8b c1 - mov eax,ecx
0045636B - 99 - cdq
0045636C - f7 fd - idiv ebp
0045636E - 8b f8 - mov edi,eax
|
| Code: |
Dawn of Magic:
[0A890088] = ptr to hero
1857627538 (6EB92592) = 21979 (2021)
1857589650 (6EB89192) = 22195 (1805)-216
1857580562 (6EB86E12) = 22348 (1652)-153
XP = (disp*128)xor(6E93C812)
28d66ef0
28d67720
str seila
base + 0000 = 0077cdec
base + 05a0 = another_struct
base + 0830 = f?
110101011000111001111111000100 = 35639FC4
011100111111100010011010101100 = 1CFE26AC
101101010010011000100000010010 = 2D498812
001001010110101001001100010000 = 95A9310
00000000000000000000000110000000 = 00000180
00000000000000000000000000000011 = 00000003
00000000000000000001100000000000 = 00001800
==================================================
Dawn of Magic 2:
struct hero:
0000 = 0078ac6c
0068 = iGold
006c = iLifePortions
0070 = iChiPortions
0074 = iPoisonPortions
01c0 = i1 (Player)
0254 = iStrength (encrypted)
0258 = iIntellect(encrypted)
025C = iEnergy (encrypted)
0264 = iXP (encrypted)
0290 = fcHP
0290 = fcMana
02A0 = fmHP
02A4 = fmMana
struct item:
0000 = 0078b024
00fc = imDurability
0100 = icDurability
|
Thatīs it.
Cheers!
| Description: |
|
Download |
| Filename: |
DawnOfMagic2_GM_more.CEA |
| Filesize: |
4.12 KB |
| Downloaded: |
24 Time(s) |
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
