Aspras wrote:IMO the best way to do this would be by using auto-hack to find what accesses the address of specialization points and then studying the area around the addresses that showed up using a debugger.
That could work... But, this is a complex game which allow multiple players to have their own logins. And since this availability of specialization works for every logins in the same PC, i believe that the flags which hold their availability don’t reside around specialization points (which we know differs from between each logins)...
In fact, i did study the values around it, and i am sure there are nothing such (also, i can say for sure that specialization point is float). I’ll post the Hex Editor screen shot soon, and this is the unpatched version...
[Psych] wrote:I highly doubt an update/version difference is going to change the datatypes the game uses for it's variables. There isn't going to be one guy who, on his game, has found HP using LONG, and another dude bringing it up as FLOAT :-/ It is, however, possible that one datatype is used for the real value, and another used for the ghost value, which is present in some games (maybe in this one; I don't know).
I agree with him...
Aspras wrote:The addresses I had found were definitely not ghost ones. I remember using a .lssave file when I had the unpatched version of the game where all the addresses were unsigned long , thats why I mentioned they were unsigned long when I posted the first injection and those few pointers in the first place. What I suspect might have happened is me having searched for 4 byte addresses using cheat engine instead of mhs and then having transfered the pointers to mhs and used unsigned long instead of float.
Well, Float uses the same size as Unsigned Long (4 bytes integer). However, which data-type is really used by the game, IMO, can be determined by:
- Use the common sense of the value. We should assume that 0x3F800000 is 1.0 Float than some integer value.
- Auto-Hack the values and see what kind of ASM operators access them. (This is probably the best way should there are no debugging protections)
Still, correct me if i’m wrong...
---------------------------------------------------------------------------------------------------------------------------------------------
EDIT:
Here are the screen shots:
MHS Main List (i used the same LSSave as my previous post):
And here’s what it looks like in MHS Hex Editor:
i highlighted the address specialization points address at 0x2B6C220C...
Notice that:
- Current ATTRIBUTE POINTS value found in address: 0x2B6C212C, 0x41200000 = 10.00 float
- Current SKILL POINTS value found in address: 0x2B6C219C, 0x41F00000 = 30.00 float
- Current TALENT/SPELL POINTS value found in address: 0x2B6C212C, 0x41D80000 = 27.00 float
- Current SPECIALIZATION POINTS value found in address: 0x2B6C220C, 0x40800000 = 4.00 float
all of them are Floats data-type and been tested as the working ones...
Also notice that each of them reside few bytes after the Unicode Strings which describe their purpose. And if we study those values around a bit, we will found some interesting values that may have something to do with the lists like max value etc...