Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
MONEY HACK
Money in Dragon Age showed in x GOLD, y SILVER, and z BRONZE.
Now note that:
1 GOLD = 100 SILVER
1 SILVER = 100 BRONZE
that makes 1 GOLD = 10000 BRONZE
so if, for example, your money is 14 GOLD, 1 SILVER, and 76 BRONZE, then you have to search for: 140000 + 100 + 76 = 140176. The data type is Unsigned Long.
ToolAngels on the sideline,
Puzzled and amused.
Why did Father give these humans free will?
Now they're all confused.
Don't these talking monkeys know that Eden has enough to go around?
Plenty in this holy garden, silly monkeys.
Where there's one you're bound to divide it right in two.
DAOrigins.exe+91F59B:
mov [DAOrigins.exe+91F5C1],edi
lea esi,[edi+00000190]
jmp DAOrigins.exe+21477e
DAOrigins.exe+214778:
jmp DAOrigins.exe+91F59B
nop
DAOrigins.exe+7C7865:
mov [DAOrigins.exe+91F58C],eax
mov ecx,[eax]
call gmatrix2d::gety+232410
jmp DAOrigins.exe+2CB809
DAOrigins.exe+2CB802:
jmp DAOrigins.exe+7C7865
nop
nop
HP
[[["DAOrigins.exe"+0x91F5C1]+0x194]+0x1C]+0x5C
XP
[[["DAOrigins.exe"+0x91F5C1]+0x194]+0x4C]+0x4C
ATTRIBUTE PTS
[[["DAOrigins.exe"+0x91F5C1]+0x194]+0x88]+0x4C
[[[[[["DAOrigins.exe"+0x91F58C]]+0x28+0x14]+0x4]]+0xC]+0xC
DAOrigins.exe+3C05F1:
jmp DAOrigins.exe+7BC699
nop
nop
DAOrigins.exe+7BC699:
cmp [DAOrigins.exe+7BC391],0
je DAOrigins.exe+7BC417
push eax
mov eax,DAOrigins.exe
cmp eax,[DAOrigins.exe+7BC315]
jne DAOrigins.exe+7BC495
mov [DAOrigins.exe+7BC599],esi
pop eax
mov ecx,edi
call gsysfile::getfilestat+208bb0
jmp DAOrigins.exe+3c05f8
DAOrigins.exe+7BC417:
push eax
mov [DAOrigins.exe+7BC315],DAOrigins.exe
mov [DAOrigins.exe+7BC391],1
jmp DAOrigins.exe+7BC6B8
DAOrigins.exe+7BC495:
mov [DAOrigins.exe+7BC391],0
pop eax
jmp DAOrigins.exe+7BC699
DAOrigins.exe+7dfb8b:
mov [DAOrigins.exe+7be3e4],ebx
test ecx,ecx
lea esi,[ebx+00000190]
jmp DAOrigins.exe+315e07
DAOrigins.exe+315dff:
jmp DAOrigins.exe+7dfb8b
nop
nop
nop
XP
[[["DAOrigins.exe"+0x7be3e4]+0x194]+0x4C]+0X4C
GOLD
["DAOrigins.exe"+0x7BC599]+0x9C
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0xN*0x4]+0x4C
0070C730 | 83EC 08 | sub esp, 8 |
0070C733 | 56 | push esi |
0070C734 | 8BF1 | mov esi, ecx |
0070C736 | 8B56 04 | mov edx, dword ptr [esi+4] |
0070C739 | 85D2 | test edx, edx |
0070C73B | 75 04 | jnz 0070C741 |
0070C73D | 33C9 | xor ecx, ecx |
0070C73F | EB 08 | jmp 0070C749 |
0070C741 | 8B4E 08 | mov ecx, dword ptr [esi+8] |
0070C744 | 2BCA | sub ecx, edx |
0070C746 | C1F9 02 | sar ecx, 2 |
0070C749 | 85D2 | test edx, edx |
0070C74B | 74 24 | je 0070C771 |
0070C74D | 8B46 0C | mov eax, dword ptr [esi+C] |
0070C750 | 2BC2 | sub eax, edx |
0070C752 | C1F8 02 | sar eax, 2 |
0070C755 | 3BC8 | cmp ecx, eax |
0070C757 | 73 18 | jnb 0070C771 |
0070C759 | 8B46 08 | mov eax, dword ptr [esi+8] |
0070C75C | 8B4C24 10 | mov ecx, dword ptr [esp+10] |
0070C760 | 8B11 | mov edx, dword ptr [ecx] |
0070C762 | 8910 | mov dword ptr [eax], edx | <--- The injection goes here...
0070C764 | 83C0 04 | add eax, 4 |
0070C767 | 8946 08 | mov dword ptr [esi+8], eax |
0070C76A | 5E | pop esi |
0070C76B | 83C4 08 | add esp, 8 |
0070C76E | C2 0400 | retn 4 |
0070C771 | 57 | push edi |
0070C772 | 8B7E 08 | mov edi, dword ptr [esi+8] |
0070C775 | 3BD7 | cmp edx, edi |
0070C777 | 76 05 | jbe 0070C77E |
0070C779 | E8 D2261A00 | call 008AEE50 |
0070C77E | 8B4424 14 | mov eax, dword ptr [esp+14] |
0070C782 | 50 | push eax |
0070C783 | 57 | push edi |
0070C784 | 56 | push esi |
0070C785 | 8D4C24 14 | lea ecx, dword ptr [esp+14] |
0070C789 | 51 | push ecx |
0070C78A | 8BCE | mov ecx, esi |
0070C78C | E8 8F270000 | call 0070EF20 |
0070C791 | 5F | pop edi |
0070C792 | 5E | pop esi |
0070C793 | 83C4 08 | add esp, 8 |
0070C796 | C2 0400 | retn 4 |
FullAccess( DAOrigins.exe+0x0030C762, 5 )
FullAccess( DAOrigins.exe+0x00000400, 4 )
[ENABLE]
Alloc ( MyCode, 2048 )
Label ( OverwrittenCode )
Label ( Exit )
Label ( Return )
DAOrigins.exe+0x0030C762 :
jmp MyCode
Return :
MyCode :
cmp byte ptr [eax+10], 0x30
jne OverwrittenCode
cmp byte ptr [eax+14], 0x18
jne OverwrittenCode
cmp byte ptr [eax+18], 0xC0
jne OverwrittenCode
cmp dword ptr [edx], 0xAC70A8
jne OverwrittenCode
mov dword ptr [DAOrigins.exe+0x00000400], edx
OverwrittenCode :
mov dword ptr [eax], edx
add eax, 4
Exit :
jmp Return
[DISABLE]
Dealloc ( MyCode )
DAOrigins.exe+0x0030C762 :
mov dword ptr [eax], edx
add eax, 4
EXPERIENCE
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x13*0x4]+0x4C
ATTRIBUTE POINTS
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x22*0x4]+0x4C
SPECIALIZATION POINTS
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x26*0x4]+0x4C
SKILL POINTS
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x23*0x4]+0x4C
TALENT/SPELL POINTS
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x24*0x4]+0x4C
HP CURRENT
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x7*0x4]+0x5C
HP MAX
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x7*0x4]+0x4C
STAMINA/MANA CURRENT
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x8*0x4]+0x5C
STAMINA/MANA MAX
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x8*0x4]+0x4C
ATT. STRENGTH
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x1*0x4]+0x4C
ATT. DEXTERITY
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x2*0x4]+0x4C
ATT. WILLPOWER
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x3*0x4]+0x4C
ATT. MAGIC
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x4*0x4]+0x4C
ATT. CUNNING
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x5*0x4]+0x4C
ATT. CONSTITUTION
[[[["DAOrigins.exe"+0x400]+0x8]+0x194]+0x6*0x4]+0x4C
POINTER for MAIN HAND EQUIPMENT
[["DAOrigins.exe"+0x400]+0x424]+(0x1*0x30)+0x80
POINTER for MINOR HAND EQUIPMENT
[["DAOrigins.exe"+0x400]+0x424]+(0x2*0x30)+0x80
POINTER for BODY ARMOR
[["DAOrigins.exe"+0x400]+0x424]+(0x5*0x30)+0x80
Aspras wrote:...regarding attribute and spell points. Im not sure whether we are talking about the same variables, when i say attribute points i mean the points available to you to add to strength , dexterity and not the attributes themselves. Either way I found the address of spell points and attribute points by searching for unsigned long and not float
Aspras wrote:Its definitely because we have different versions of the game. The first version of my game I got by downloading a RELOADED release and thats probably why everything was unsigned long (even hp). Then I used the official v1.02 patch and then a crack by another group so I guess m game is all messed up haha.
Aspras wrote:I didnt know you could have several specializations at once Maybe we could find a way to make a specialization unlocker hack.
Aspras wrote:Its definitely because we have different versions of the game. The first version of my game I got by downloading a RELOADED release and thats probably why everything was unsigned long (even hp).
Users browsing this forum: No registered users and 0 guests