Garrett on 28/9/2013 at 18:12
good news :)
SunBeam on 29/9/2013 at 15:08
Progress report:
1. Ported everything in DarkHook to Cheat Engine, since it easily allows to look-up functions by searching for patterns.
2. Options available so far (not necessarily in the below order):
- LockCheat;
- Fly Mode;
- No Clip (based on the _gPhysicsOn BOOL);
- Infinite Item Timeout (was bugging me a while back);
- God Mode (fixed this one as mentioned in previous posts: when you enable the option, take damage, heal, etc., health will get replenished via _ObjGetMaxHitPoints/_ObjSetHitPoints <-
add_hp command is available only in DromEd build of T2, but no one said I can't use the functions it calls ;));
- Super Speed (mimic-ing speed potion effects, via _AddSpeedScale/_RemoveSpeedScale - values can be changed as you please);
- AI Awareness (toggleable via _g_fAIAwareOfPlayer BOOL);
- PlayersOnly (thought it would be a nice addition; the feature relies on _ai_sleep_all/_ai_wake_all functions, which I had to rip from DromEd, as they are missing in the game build);
3. TODO:
- Player Invisibility (mimic-ing invisibility potion effects);
- Unlimited Items (fixing this one to allow incrementals);
- find a way to display floats on screen (players coordinates) via WinAPI functions - these might come in handy when people ask something like: "hey, where's that sceptre?" -> boing, screenshot with coordinates on it :)
[ I will write here some relevant/irrelevant facts as a Notepad; pains me to lose analysis in the mist of years ]
In order to achieve proper "Unlimited Items" - people have notified me that in those maps where you have spiderlings that shoot webs at you, those webs are counted as items, thus with Unlimited Items on you can't decrement their number - I've decided to go the other way around. Code in charge with sub-ing stacked value is here (in DromEd 1.18):
004E81B7 |. 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C]
004E81BB |. 48 DEC EAX << -- this doesn't have to get executed
004E81BC |. 894424 1C MOV DWORD PTR SS:[ESP+1C],EAX
004E81C0 |. 8B0E MOV ECX,DWORD PTR DS:[ESI]
004E81C2 |. 50 PUSH EAX
004E81C3 |. 57 PUSH EDI
004E81C4 |. 56 PUSH ESI
004E81C5 |. FF51 48 CALL DWORD PTR DS:[ECX+48]
So, if DEC EAX is NOP-ed, we get unlimited items. Including spiderling webs :)
Starting from the beginning - loaded up DromEd, loaded miss2.mis and checked the Objects Hierarchy:
Inline Image:
http://i.imgur.com/qezzaHT.pngThen I selected an Invisibility Potion and found where the "use_item" command is parsed and executed. I've reached up to this point where _pFrobInfoProp pointer is used, in conjunction with selected item from player Inventory (via cInventory::Selection):
0060B6C1 . 53 PUSH EBX
0060B6C2 . 8D4E 08 LEA ECX,DWORD PTR DS:[ESI+8]
0060B6C5 . E8 96BBF1FF CALL ?GetDonor@cStoredProperty@@QBEHH@Z
EBX would be the item_id, ESI holds _pFrobInfoProp and cStoredProperty::GetDonor function is called. Upon exiting the function, I got the value you see in above picture for Potions in EAX: -2546 :)
So that got me thinking:
- reach the decrement location;
- call GetDonor with item_id and _pFrobInfoProp parameters;
- if returned property id is different than [build_list_here], then do normal code; else, don't decrement;
I wonder if I can get parent donor id (the Tulz id: -1951). That would be nice, since I won't have to build a filtering list.
Can you guys name a mission with spiderlings in it? I wanna test it directly..EDIT #1:
I've managed to find where the bloody operation is performed when picking up an item (like a potion) from the ground. Once you do that, engine will combine objects via their hierarchy IDs and update the stack count, like so:
SetAmount:
push 64
push [_pSelectedWeaponID]
mov eax,[_gStackCountProp]
lea ecx,[eax+8]
call _cStoredProperty_Set
That's a snippet I made to update the currently selected weapon in inventory to 100. I have not tested it on my sword or blackjack, but on arrows it works flawlessly. If I switch _pSelectedWeaponID with _pSelectedItemID, then I can apply same logic to currently selected item (potions, mines). I believe in this way there won't be any need for unlimited everything, when you can selectively choose what to boost :)
EDIT #2:
Well, it works on sword and blackjack too :D
Inline Image:
http://i.imgur.com/HU10VRN.pngBest regards,
Sun
SunBeam on 30/9/2013 at 14:40
Quote Posted by Albert
Life of The Party. Oh, those things. Nope, I don't remember. :p
Also, with NewDark, aren't you able to load up your .dll stuff directly with the executable, or are you going about this differently now? Just curious.
Hi Albert,
Will use Cheat Engine instead, since it provides multiple functionality: ability to work with patterns, macros, threads, etc. I recommend you install it (if you've never used it thus far) - no, it's not advertising - from this location: (
http://cheatengine.org/).
Back on the subject, I tried to figure a way to make the patterns universal for the Thief family. Thing is, some of the functions or locations I need and look for have different aspects, due to the compilers used by the developers. Compilers and code optimization. Not to mention the NewDark ones (1.19 and above) are somehow recompiled - version of C++ is different than the original .exes, hence functions are somewhat different code-wise.
Best regards,
Sun
DJ Riff on 30/9/2013 at 18:12
Quote Posted by SunBeam
Can you guys name a mission with spiderlings in it? I wanna test it directly..Shipping and Receiving, at Mynell's.
ZylonBane on 1/10/2013 at 17:51
Quote Posted by DJ Riff
Shipping and Receiving, at Mynell's.
Or, y'know, on the pirate ship.
SunBeam on 11/10/2013 at 14:27
Reporting in with a bit of progress.
So far I've gotten my hands on all parts of the game (Thief 1, Thief Gold, Thief 2, all DromEds and NewDark versions). It will be a bit tricky to map out the functions from old DromEd to the NewDark one, since, as mentioned, the executables seem recoded - whoever made them, took their time to map out all functions to a new compiler and due to the way C++ works and probably optimizations, the code, although performing same or similar tasks, will be changed in looks.
I've fixed God Mode and found a workaround for the arrows/items quantities.
The menu so far:
Inline Image:
http://i40.tinypic.com/osy1ld.jpgI need to tweak a bit the
ai_wake_all function - I noticed that if you blackjack or kill an AI, and then use
ai_wake_all, it will respawn them (although they will do nothing but stand there).
Will be back with updates after this weekend. Keep close :P
Best regards,
Sun
DJ Riff on 12/10/2013 at 07:57
Any chance on show_cell view mode? :angel: If it's not too much hassle of course.
Can these modes be triggered by internal FM scripting? Can I make a "Flying Potion" or "God Mode Potion" for example?
SunBeam on 12/10/2013 at 09:25
@DJ Riff: I figured out how to set amounts to inventory items for now. I'll investigate how creation works in DromEd later on. I'm thinking that once I got it mastered (the whole generating process) I'd spawn it at Garrett's X/Y coordinates +5/10m in front of the player. That way you could grab it from mid-air (for now). Later, I'll figure out how - although I think I know, since I've stumbled across the property - to add spawned item directly to your inventory.
Progress report. Mapped out everything less the weapons/items amounts. The calling conventions to known functions have changed a bit. Not to mention the functions were simplified. I'm guessing that happens when you tear code apart - you get to identify portions of it that are useless and can be easily removed.
I'll check how show_cell works and if it's available both in the game release and DromEd (the NewDark ones).
BR,
Sun
malau on 22/10/2013 at 03:14
It's great your back after how many years with no replies ? Don't know why I had the impulse to check this old thread today, glad I did though.
It's a pity you are using cheat engine. Even having Cheat Engine on your hard disk can get you perma-banned from many online games !
