Cheat Engine

deama1234

I'm trying to find the dice roll function in neverwinter nights. So when you attack and enemy, you roll a dice roll, if you combine the result with your attack bonus and the result of that is equal to or greater than to your enemy's AC stat, then you hit them.

Anyway, I can't seem to figure out how to find it. I tried searching for HP, found the taking damage function, tried tracing that back up the stack but eventually ended up at some global function that was executed constantly. There is a console command that allows you to just casually roll a dice roll, but again, that doesn't really help because after you roll and get the result, that instance of it is I guess destroyed or not used again, so I can't use that to trace it up so to speak.

Anyone have any ideas? I can't figure this out. I did hear that the game uses the C native random library to generate the dice roll, anyone know how to find that? Does it have a specific address with which I can locate it?

Thanks.

atom0s · Posted: Sat Sep 07, 2019 2:08 pm Post subject:

A rand() implementation from the C library looks like this:

deama1234 · Posted: Sat Sep 07, 2019 2:47 pm Post subject:

This would be my first time searching, do I just go into "find assembly code" and type in something like "add ecx, 269EC3"? Or is there a better way?

atom0s · Posted: Sun Sep 08, 2019 12:08 pm Post subject:

Search for 4 byte value, hex, and look for either:
343FD
269EC3

deama1234 · Posted: Mon Sep 09, 2019 6:44 am Post subject:

Ah, unfortunetely I can't find it, so it seems they used a modified version or something else, damn.

ParkourPenguin · Posted: Mon Sep 09, 2019 8:36 am Post subject:

Did you search through all memory? (main window defaults to writable 4-byte aligned)

atom0s · Posted: Mon Sep 09, 2019 2:13 pm Post subject:

Due to the fact that it is a standard library call, it is going to most likely reside in Read-Only/Executable memory. Meaning it won't writable by default. Because of this, you may need to check the 'Writable' box on the main CE window until it's filled with a square instead of a checkjoe. This will tell CE to scan for non-writable memory as well.

deama1234 · Posted: Tue Sep 10, 2019 9:41 am Post subject:

Ah, of course!
I managed to find 2 same entires, one doesn't seem to be used at all, whilst the other one is used for everything. I need to specifically look for if the value is a 1 and then just change it to a 2, or maybe a 0 if it will work in the game.

Thanks guys!