Weapon Hacking

ow.

 

ow.

Sorry~
But I figure I'll abuse the lazy guy until he's not lazy.

 

not quite lazy, but more, um, ireallyhavetodomyhomeworkrightnoworiwontleaveeighthgrade.
ya know?

 

also, dooey, I never credited you for the elegance of that idea. That offsets been up for a while, but I don't think anybody but you's ever actually looked into it.
so.
kudos.

 

The weapon mix and match one?

 

Okay. I'm gonna play around with the exe's assembly. Basically I wanna make a machine gun that has faster bullets and shoots faster making it dificult to use with only a a couple of ammo and low damage. I'm just messing around with values and all that. What i'll do is just edit this every time I find something wierd or useful.
So far: CPU Disasm
Address Hex dump Command Comments
004052B5 894A 04 MOV DWORD PTR DS:[EDX+4],ECX

By changing that to 4...it shoots level 1 snake bullets that act like machine gun bullets.
I don't understand what the value means cause some of the other values i change it to make it do other wierd things like make the bullets stick to one place, make just the shooting effect and nothing else, make an invisible bullet that dissapears about 1 space in front of you later.

 

edx+4 is an offset, changing the 4 will change where it points to, and thus make it do odd, and unexpected things.

and yep dooey.

 

I can tell you how, but I won't make it for you:

First, you need to make the fireball go up, by changing the ADD to SUB like Lace did.

By following this example, I've been making a version of the lightning and the balls that make the lightning when you walk under them. I plan to use them in my own custom boss thing. So i've changed 251, the lightning itself, so it fires upwards which was too easy. What i'm having difficulty with is changing 250, the balls that turn into lightning so that they do so when you jump over them not walk under them. Any help is appreciated

 

That one is going to be tricky and will probably involve some research on your part. My guess is that somewhere in the code is a block that would look like this in pseudo-code:
(Note that this is an educated guess on my part, and Pixel has been known to code in unexpected ways before.)

if (quotes's y-position < lightning ball's y-position) {
     fire lightning();
}

Which, in assembly, would translate to a simple CMP and then a JGE. Once you find where that is, you could just change the JGE to JLE, but first you would need to know if you have the right block. I haven't looked at the lightning ball code, so if its short enough, you could just try it for every function that is called (especially look for ones that create new NPC's, which would be CALL 46EFD0) also you could try and figure out which RAM offset contains quote's y-position, then look for CMP's using it. Guessing would probably also increase your understanding of how the code works, which is always useful. I know I found like half of the stuff I know from making educated guesses and seeing what happens. Anyway, if thats not clear or you need some more details, feel free to ask!

Also, I'm glad to hear you find hacking so easy! Taking my weapon hacking example and applying it to something completely different is impressive!

And if you figure this out, let me know what the offset is for quotes y-position, I haven't been able to find it yet.

 

I wish I could hack. I'm fascinated by the different things you can do with it x3 Unfortuantly even the basic stuff seems to go right over my head lol.

I look forward to seeing more of the stuff you guys make with it though~

 

It's a little over my head aswell but even by just making minor changes you can get pretty cool results.

 

I wouldn't even know where to begin for the minor changes X_X I mean I'd need to know at least what the minor changes I make would affect. Otherwise I'd have to play through the entire game every time to see if I changed anything noticeable xD

 

What i mean is things like changing ADD to SUB like i did or just playing round with values from offsets that have already been found.
NPC Pointer
You can play with some npc offsets here. Even if you can't understand them you can be amused by what you get editing values. If you get something interesting you can take a note of it or even save it.

Also, i'm sure this can be fixed easily but what I'm trying to do is play with some values again but whenever I try to search for an offset, all the offsets just say ADD BYTE PTR DS:[EAX],AL so I can't edit anything. Sorry if it's been answered before as well.

 

what that is doing is basically using a variable instead of a constant. So it seems like most of the values you are editing are like this:

ADD [EAX],100

which in pseudo-code is

[EAX] = [EAX] + 100

and the ones you are talking about now would be more like

[EAX] = [EAX] + AL

so you can still change AL to a constant, and if, for example, you see that the lightning slowly moves up, then [EAX] is probably the y-speed. You can then look backwards through the code to find the last time AL was changed and what it was changed to, and figure stuff out from there.

Doing it this way is more likely to cause bugs, and also can be harder to see whats actually changing, so good luck!

PS - here are all the known RAM offsets for the NPC's (thanks to Runelancer)

+0x00: InUse
+0x08: X
+0x0C: Y
+0x10: MoveX
+0x14: MoveY
+0x28: NPCID
+0x4C: Direction
+0x54: Display_L
+0x58: Display_U
+0x5C: Display_R
+0x60: Display_D
+0x64: FrameNum
+0x68: FrameID
+0x6C: ObjectTimer
+0x74: ScriptState
+0x78: ScriptTimer

so the line you posted changes the "InUse" variable of the NPC, which could do a number of things such as delete the NPC completely, put it in its inactive state (ever notice how some enemies stop moving if you are far enough away?) or stuff like that. I haven't looked at NPCs a lot, so I really have no idea yet.

If you look at the line you changed to make the lightning go up, I would be willing to bet that it was using the "MoveY" and/or the "Y" variables.

 

Potential new weapon?

Okay.
Again I was playing with some values but this time I was looking for a simliar offset that i found on the machine gun (The one I changed to 4 so it would fire snake bullets with the properties of machine gun bullets) but on the blade. These were easy to find. 406F1F (Facing Left), 406F2B (Facing Up [I think] 406F37 (Facing right) and 406F43 (Facing Down?). In each of these values there should be MOV DWORD PTR DS:[ECX+1c],(800 or -800 depending on which offset you use). So I was messing around with 1c and changed it to 3.
What happened here was it made a fireball bullet behind me that would fall straight down and fall through walls without a shot limit. So I changed 1c in all of those offsets to 1c but I noticed that facing left just made a blade that stayed in it's place but I noticed that the facing left value had -800 not 800 so I changed it to 800 and it worked perfectly.

Now you're thinking hey? that's kinda useless. Well I am still working on it so I may need some help with it. Now what I'm gonna try and do is make it so that it moves in a random direction. I noticed that the blood effect you get when you shoot an enemy moves in a random direction. I'm sure that there is some kind of value in there that makes it do so rather than in one specific direction.

Any help is aprreciated.

 

That sounds great! I made a bubbler the moved in a random direction, so its definately possible.

Here are the values for the weapons:

current bullet info   = 499C98 + bullet ID*0x80
= 
= +8
= +C
X-Position            = +10
Y-Position            = +14
X-Velocity            = +18
Y-Velocity            = +1C
Was initialized       = +28
Damage                = +2C
Current Frame         = +30
Shot Direction        = +38
Timer                 = +4C
Max Distance          = +54

1C is indeed the Y-velocity.

Also for the random direction thing, you might find this useful: a random number generator! To use it, write this code:

PUSH max
PUSH min
CALL 40F350

returns to EAX

So say if I wanted to make the speed of the bullet be a random number between 400 and 500, I could say

PUSH 500
PUSH 400
CALL 40F350

MOV [E_X+1C],EAX

Hope that helps!

 

Here are the values for the weapons:

current bullet info   = 499C98 + bullet ID*0x80
= 
= +8
= +C
X-Position            = +10
Y-Position            = +14
X-Velocity            = +18
Y-Velocity            = +1C
Was initialized       = +28
Damage                = +2C
Current Frame         = +30
Shot Direction        = +38
Timer                 = +4C
Max Distance          = +54

Okay. I'm a little confused about this. I see these values alot when looking at the blade's assembly. when I changed 18 and 1c to 3, this didn't change the blade's speed at all it changed the way the blade acted completely. Is this bit of code up here used like a hex editor and to find the value I need, I find the first offset of the weapon, go e.g 18 offsets down and you will get the offset that will show how the x velocity of the weapon. Or is 18 meant to be the default Y velocity?

 

Not quite. All the bullet data (position, speed, how long it has been in existence, ect) is stored in RAM at a certain place. At the start of the bullet function, that place is put into [EBP+8], which is why you see MOV E_X,[EBP+8] all the time (note: whenever I use E_X, the blank is A, C, or D) That list simply says what each bit of data does. So say you see a line saying: MOV [E_X+18],1000 you can see the +18 bit, look at the list and see that +18 is the X-velocity, then know that the line is settng the X-velocity to 1000.

 

okay, i have no idea what your talking about. I have a hex editor, bu the link that was put up on the first page is broken. this might be a little late to ask, but, 1)could you put up a working link?
2)I have no idea what all the numbers in the hex editor mean, like when
I searched for the $8F0000 or whatever was said where the
weapons start I get. 8F 00 00 00 8B 4D F0 89 4D DC 8B 55 F4 89 55 EO 8B, etc. What does this mean?
3)How would I program/make the pictures for a completly new
weapon and be able to get it in game?
4)Do I only have to edit Doukutsu.exe?

 

Lurk more, please

okay, i have no idea what your talking about. I have a hex editor, bu the link that was put up on the first page is broken. this might be a little late to ask, but, 1)could you put up a working link?
2)I have no idea what all the numbers in the hex editor mean, like when
I searched for the $8F0000 or whatever was said where the
weapons start I get. 8F 00 00 00 8B 4D F0 89 4D DC 8B 55 F4 89 55 EO 8B, etc. What does this mean?
3)How would I program/make the pictures for a completly new
weapon and be able to get it in game?
4)Do I only have to edit Doukutsu.exe?

All of these questions have already been answered, if you had lurked a bit more...
For one, I recommend Translhextion. {Even divides the 8 bits into nice chunks...}

For two, look back in this thread a bit. They already explained that {Or, I might be wrong, and that's in another thread. But that's what the Search Button's for!!}

For three, you're looking in the wrong place. Those are graphic files, and a lot easier then weapon hacking. This is the wrong place to be asking for those...
Go search around in the other threads =/

For four, for everything but levels {Editors will handle that, though} and graphics, you only need to edit the .EXE

Now, go use the Search Button more. All four of these I learned without a single question asked =/