Editing weapon damage

Sword - level 3 - changing the 'hit' value (0x01) to something other than 64 sets it off automatically when used, rather than waiting to hit an enemy.

 

Err...

I would like to see a pic of your Justin *lol*

And I am quite surprised that you are called ugly in school.

*OFFTOPICNESSFTWWTF?*

And btw where do you find all those addressesS? >.>

I don't get any of this >< *noobs about*

 

You can see a picture of me if you wanna. :/ Wait till I get back to Singapore.
---
Use a Hex editor, Addresses > Go To, type in the address. :/

 

Oh. DOTZ

I shall go try it right now

 

Personally I'd be messing around with weaponry right away if it weren't for one thing...

I can't work how to use ICY Hexplorer to find the offsets.... ARGH!

 

Hmmm.. I just took a look at Hexplorer and it sounds good but doesn't look so good. Too flashy for a hex editor and none of the screenshots show the disassembler even though it's in the feature list. I'm recommend XVI32 for general hex editing. It's simple and gets the job done.

As for finding offsets, I find that using a disassembler is the best way to get data addresses. I use PEBrowse because I haven't found anything better that's free. You can go looking for patterned data in a hex editor but if it doesn't contain text data it can be very difficult.

By disassembling the the code section you can look for specific code blocks that tell you where useful data might be. This takes the pseudo code form:

1. load some variable (the offset)
2. multiply the offset by the data segment size (0x3C for bullet data)
3. add an address (this is where the data begins)

For Example starting at offset 0x020C25 you have a reference to the map data section.

0x420C14: 68D4C74800             PUSH        0x48C7D4           ; .rdata:stage 
0x420C19: 8D55E8                 LEA         EDX,[EBP-0x18]     
0x420C1C: 52                     PUSH        EDX                
0x420C1D: E8DE040600             CALL        0x481100           
0x420C22: 83C408                 ADD         ESP,0x8            
0x420C25: 8B4508                 MOV         EAX,DWORD PTR [EBP+0x8]
0x420C28: 69C0C8000000           IMUL        EAX,EAX,0xC8       
0x420C2E: 0500F04B00             ADD         EAX,0x4BF000       ; .csmap:0x30 0x00 0x00 0x00 
0x420C33: 50                     PUSH        EAX                
0x420C34: 8D4DE8                 LEA         ECX,[EBP-0x18]     
0x420C37: 51                     PUSH        ECX                
0x420C38: 68DCC74800             PUSH        0x48C7DC           ; .rdata:%s\Prt%s 
0x420C3D: 8D95D8FEFFFF           LEA         EDX,[EBP-0x128]    
0x420C43: 52                     PUSH        EDX                
0x420C44: E8C7030600             CALL        0x481010

In this case you can tell this code segment is preping for the call to the function @ 0x481010 (file address of 0x081010). Remember that most disassemblers will show offsets in the memory space and not the file space. In general, programs are set to be loaded with an offset of 0x400000. So the Actual data it's reading starts at address 0x08C7DC and not 0x48C7DC.

Hope that helps any aspiring Hackers/Modders to find interesting things in the code. I don't know all that much assembly myself and still haven't worked out where any data read from external files goes in memory.