View previous topic :: View next topic |
Author |
Message |
deama1234 Master Cheater Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sat Sep 07, 2019 1:37 pm Post subject: Anyone know how to find the dice roll function in NWN? |
|
|
I'm trying to find the dice roll function in neverwinter nights. So when you attack and enemy, you roll a dice roll, if you combine the result with your attack bonus and the result of that is equal to or greater than to your enemy's AC stat, then you hit them.
Anyway, I can't seem to figure out how to find it. I tried searching for HP, found the taking damage function, tried tracing that back up the stack but eventually ended up at some global function that was executed constantly. There is a console command that allows you to just casually roll a dice roll, but again, that doesn't really help because after you roll and get the result, that instance of it is I guess destroyed or not used again, so I can't use that to trace it up so to speak.
Anyone have any ideas? I can't figure this out. I did hear that the game uses the C native random library to generate the dice roll, anyone know how to find that? Does it have a specific address with which I can locate it?
Thanks.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sat Sep 07, 2019 2:08 pm Post subject: |
|
|
A rand() implementation from the C library looks like this:
Code: |
.text:10309D40 ; int __cdecl rand()
.text:10309D40 _rand proc near ; CODE XREF: sub_100874A0+164↑p
.text:10309D40 ; sub_100874A0+17E↑p ...
.text:10309D40 call __getptd
.text:10309D45 mov ecx, [eax+14h]
.text:10309D48 imul ecx, 343FDh
.text:10309D4E add ecx, 269EC3h
.text:10309D54 mov [eax+14h], ecx
.text:10309D57 mov eax, ecx
.text:10309D59 shr eax, 10h
.text:10309D5C and eax, 7FFFh
.text:10309D61 retn
.text:10309D61 _rand endp
|
So you can try searching for the hardcoded data:
- 0x343FD
- 0x269EC3
Keep in mind though, everything else that uses randomization will share this function more than likely. In a game, that is going to be a lot of things.
You can use CE's 'Unrandomizer' option to see if it is affected when using it but again it will affect lots of other things too.
_________________
- Retired. |
|
Back to top |
|
|
deama1234 Master Cheater Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Sat Sep 07, 2019 2:47 pm Post subject: |
|
|
This would be my first time searching, do I just go into "find assembly code" and type in something like "add ecx, 269EC3"? Or is there a better way?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun Sep 08, 2019 12:08 pm Post subject: |
|
|
Search for 4 byte value, hex, and look for either:
343FD
269EC3
_________________
- Retired. |
|
Back to top |
|
|
deama1234 Master Cheater Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Mon Sep 09, 2019 6:44 am Post subject: |
|
|
Ah, unfortunetely I can't find it, so it seems they used a modified version or something else, damn.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Mon Sep 09, 2019 8:36 am Post subject: |
|
|
Did you search through all memory? (main window defaults to writable 4-byte aligned)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Sep 09, 2019 2:13 pm Post subject: |
|
|
Due to the fact that it is a standard library call, it is going to most likely reside in Read-Only/Executable memory. Meaning it won't writable by default. Because of this, you may need to check the 'Writable' box on the main CE window until it's filled with a square instead of a checkjoe. This will tell CE to scan for non-writable memory as well.
_________________
- Retired.
Last edited by atom0s on Tue Sep 10, 2019 4:21 pm; edited 1 time in total |
|
Back to top |
|
|
deama1234 Master Cheater Reputation: 3
Joined: 20 Dec 2014 Posts: 328
|
Posted: Tue Sep 10, 2019 9:41 am Post subject: |
|
|
Ah, of course!
I managed to find 2 same entires, one doesn't seem to be used at all, whilst the other one is used for everything. I need to specifically look for if the value is a 1 and then just change it to a 2, or maybe a 0 if it will work in the game.
Thanks guys!
|
|
Back to top |
|
|
|