05-23-2014, 12:41 AM
(This post was last modified: 05-25-2014, 07:24 AM by Ikran Ahiyìk.)
Hello I'm new here, but let's get started.
It's about the 10 and 30 limit of troops in Battle mode. I've read this thread and tried,
> http://www.lf-empire.de/forum/showthread.php?tid=2364
using Cheat Engine successfully (temporarily - I didn't patch it) removed the limit, and found some addresses. However, what I really want is to change it rather than remove it, since I don't want the numbers ever reach 3 digits, or keep the convenient way to change the troop numbers back to 0, or whatever. Following the address and open with Olly I see something close...
(edit: copied more instructions into here)
I'd guess the two lines marked "<<<<", 4395EE and 439618, are what I'm looking for. Now I want 10/30 to be changed to 60/90, so I edit the two numbers to 3C and 5A. However, in executing this edited LF2, the limits are still 10/30. I don't know why, and this is the reason why I post here. Could anybody help checking it out please...?
P.S. I've tried to edit something other that that: line 43962B, 1 into 2, and then it worked for being 2 troops added every time I press A, for all troops on the screen.
OK. Problem solved. Details below:
I don't know why exactly, but it worked.
There are 6 limits totally. 4 of them are for the 4 rows in the preparation screen, i.e. Bandits to Marks "In Screen" as Row 1, their Reserve as Row 2, Monks to milks (not beers!) "In Screen" as Row 3 and their Reserve as Row 4. The addresses of the 4 rows are 4395AA, 4395C5, 4395E2 and 43960C. Another 2 are... my originally marked lines... beers - the remaining, at 4395EE and 439618.
It's obvious for how to edit the beer limits. Let's move on to the other boxes, the 4 Rows. The trickier part (just addition in fact...) is that they do not record the number directly, but added the value of EDX, which is 1, 2, 3 or 4 at the positions. To change the limits basically just have to take care of this EDX too. For "In Screen" refers to below, if I want it to be 99, I should actually note down 98 which is 62 in hex, and so on for the others.
A better organized view:
4395AA - Default: 9 (9) - "In Screen" limits subtracted by 1, for id: 30-34, 39 (Bandit, Hunter, Jack, Sorcerer, Justin, Mark)
4395C5 - Default: 1C (28) - Reserve limits subtracted by 2, for entities same as above
4395E2 - Default: 7 (7) - "In Screen" limits subtracted by 3, for id: 35-37, 122 (Monk, Jan, Knight, milk)
4395EE - Default: 0A (10) - "In Screen" limits, for id: 123 (beer)
43960C - Default: 1A (26) - Reserve limits subtracted by 4, for entities same as 4395E2
439618 - Default: 1E (30) - Reserve limits, for id: 123 (beer)
It's about the 10 and 30 limit of troops in Battle mode. I've read this thread and tried,
> http://www.lf-empire.de/forum/showthread.php?tid=2364
using Cheat Engine successfully (temporarily - I didn't patch it) removed the limit, and found some addresses. However, what I really want is to change it rather than remove it, since I don't want the numbers ever reach 3 digits, or keep the convenient way to change the troop numbers back to 0, or whatever. Following the address and open with Olly I see something close...
ASM-Code:
0043958C 890C85 80D34400 MOV DWORD PTR DS:[EAX*4+44D380],ECX 00439593 890C85 741B4500 MOV DWORD PTR DS:[EAX*4+451B74],ECX 0043959A 75 16 JNZ SHORT lf2hexed.004395B2 0043959C 8BC8 MOV ECX,EAX 0043959E 0FAFCD IMUL ECX,EBP 004395A1 03CF ADD ECX,EDI 004395A3 8D0C8D F8D54400 LEA ECX,DWORD PTR DS:[ECX*4+44D5F8] 004395AA 8D72 09 LEA ESI,DWORD PTR DS:[EDX+9] 004395AD E9 75000000 JMP lf2hexed.00439627 004395B2 83FA 02 CMP EDX,2 004395B5 75 13 JNZ SHORT lf2hexed.004395CA 004395B7 8BC8 MOV ECX,EAX 004395B9 0FAFCD IMUL ECX,EBP 004395BC 03CF ADD ECX,EDI 004395BE 8D0C8D 50D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D650] 004395C5 8D72 1C LEA ESI,DWORD PTR DS:[EDX+1C] 004395C8 EB 5D JMP SHORT lf2hexed.00439627 004395CA 83FA 03 CMP EDX,3 004395CD 75 26 JNZ SHORT lf2hexed.004395F5 004395CF 8BC8 MOV ECX,EAX 004395D1 0FAFCD IMUL ECX,EBP 004395D4 83FF 04 CMP EDI,4 004395D7 7D 0E JGE SHORT lf2hexed.004395E7 004395D9 03CF ADD ECX,EDI 004395DB 8D0C8D 10D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D610] 004395E2 8D72 07 LEA ESI,DWORD PTR DS:[EDX+7] 004395E5 EB 40 JMP SHORT lf2hexed.00439627 004395E7 8D0C8D 20D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D620] 004395EE BE 0A000000 MOV ESI,0A <<<<<<<<<<<<<<<< 004395F3 EB 32 JMP SHORT lf2hexed.00439627 004395F5 83FA 04 CMP EDX,4 004395F8 75 25 JNZ SHORT lf2hexed.0043961F 004395FA 8BC8 MOV ECX,EAX 004395FC 0FAFCD IMUL ECX,EBP 004395FF 3BFA CMP EDI,EDX 00439601 7D 0E JGE SHORT lf2hexed.00439611 00439603 03CF ADD ECX,EDI 00439605 8D0C8D 68D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D668] 0043960C 8D72 1A LEA ESI,DWORD PTR DS:[EDX+1A] 0043960F EB 16 JMP SHORT lf2hexed.00439627 00439611 8D0C8D 78D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D678] 00439618 BE 1E000000 MOV ESI,1E <<<<<<<<<<<<<<<< 0043961D EB 08 JMP SHORT lf2hexed.00439627 0043961F 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34] 00439623 8B7424 34 MOV ESI,DWORD PTR SS:[ESP+34] 00439627 85DB TEST EBX,EBX 00439629 74 03 JE SHORT lf2hexed.0043962E 0043962B 8301 01 ADD DWORD PTR DS:[ECX],1 0043962E 833D BC134500 00 CMP DWORD PTR DS:[4513BC],0 00439635 74 12 JE SHORT lf2hexed.00439649 00439637 8301 05 ADD DWORD PTR DS:[ECX],5 0043963A 8B19 MOV EBX,DWORD PTR DS:[ECX] 0043963C 3BDE CMP EBX,ESI 0043963E 7E 09 JLE SHORT lf2hexed.00439649 00439640 8D6E 05 LEA EBP,DWORD PTR DS:[ESI+5] 00439643 3BDD CMP EBX,EBP 00439645 7D 02 JGE SHORT lf2hexed.00439649 00439647 8931 MOV DWORD PTR DS:[ECX],ESI ;Set the value to maximum <- if D is pressed, in a condition that would make the final value exceed the maximum (eg. 26-29 reserves) 00439649 833D B8134500 00 CMP DWORD PTR DS:[4513B8],0 00439650 74 03 JE SHORT lf2hexed.00439655 00439652 8301 FF ADD DWORD PTR DS:[ECX],-1 00439655 8B19 MOV EBX,DWORD PTR DS:[ECX] 00439657 85DB TEST EBX,EBX 00439659 7D 04 JGE SHORT lf2hexed.0043965F 0043965B 8931 MOV DWORD PTR DS:[ECX],ESI ;Set the value to maximum <- if J is pressed while the value is originally 0 0043965D EB 0A JMP SHORT lf2hexed.00439669 0043965F 3BDE CMP EBX,ESI 00439661 7E 06 JLE SHORT lf2hexed.00439669 00439663 C701 00000000 MOV DWORD PTR DS:[ECX],0 ;Set the value to 0 <- if A or D is pressed while the value is already full 00439669 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+18] 0043966D 3BFE CMP EDI,ESI 0043966F 8BCF MOV ECX,EDI 00439671 7E 02 JLE SHORT lf2hexed.00439675 |
I'd guess the two lines marked "<<<<", 4395EE and 439618, are what I'm looking for. Now I want 10/30 to be changed to 60/90, so I edit the two numbers to 3C and 5A. However, in executing this edited LF2, the limits are still 10/30. I don't know why, and this is the reason why I post here. Could anybody help checking it out please...?
P.S. I've tried to edit something other that that: line 43962B, 1 into 2, and then it worked for being 2 troops added every time I press A, for all troops on the screen.
SOLVED
OK. Problem solved. Details below:
I don't know why exactly, but it worked.
There are 6 limits totally. 4 of them are for the 4 rows in the preparation screen, i.e. Bandits to Marks "In Screen" as Row 1, their Reserve as Row 2, Monks to milks (not beers!) "In Screen" as Row 3 and their Reserve as Row 4. The addresses of the 4 rows are 4395AA, 4395C5, 4395E2 and 43960C. Another 2 are... my originally marked lines... beers - the remaining, at 4395EE and 439618.
It's obvious for how to edit the beer limits. Let's move on to the other boxes, the 4 Rows. The trickier part (just addition in fact...) is that they do not record the number directly, but added the value of EDX, which is 1, 2, 3 or 4 at the positions. To change the limits basically just have to take care of this EDX too. For "In Screen" refers to below, if I want it to be 99, I should actually note down 98 which is 62 in hex, and so on for the others.
A better organized view:
4395AA - Default: 9 (9) - "In Screen" limits subtracted by 1, for id: 30-34, 39 (Bandit, Hunter, Jack, Sorcerer, Justin, Mark)
4395C5 - Default: 1C (28) - Reserve limits subtracted by 2, for entities same as above
4395E2 - Default: 7 (7) - "In Screen" limits subtracted by 3, for id: 35-37, 122 (Monk, Jan, Knight, milk)
4395EE - Default: 0A (10) - "In Screen" limits, for id: 123 (beer)
43960C - Default: 1A (26) - Reserve limits subtracted by 4, for entities same as 4395E2
439618 - Default: 1E (30) - Reserve limits, for id: 123 (beer)
ASM-Code:
00439589 83FA 01 CMP EDX,1 ;Where the "1" from. See below. 0043958C 890C85 80D34400 MOV DWORD PTR DS:[EAX*4+44D380],ECX 00439593 890C85 741B4500 MOV DWORD PTR DS:[EAX*4+451B74],ECX 0043959A 75 16 JNZ SHORT lf2hexed.004395B2 0043959C 8BC8 MOV ECX,EAX 0043959E 0FAFCD IMUL ECX,EBP 004395A1 03CF ADD ECX,EDI 004395A3 8D0C8D F8D54400 LEA ECX,DWORD PTR DS:[ECX*4+44D5F8] 004395AA 8D72 09 LEA ESI,DWORD PTR DS:[EDX+9] ;The number 9 here is the limit of "In Screen" troops (Row 1) subtracted by 1. 004395AD E9 75000000 JMP lf2hexed.00439627 004395B2 83FA 02 CMP EDX,2 ;Where the "2" from. See below. 004395B5 75 13 JNZ SHORT lf2hexed.004395CA 004395B7 8BC8 MOV ECX,EAX 004395B9 0FAFCD IMUL ECX,EBP 004395BC 03CF ADD ECX,EDI 004395BE 8D0C8D 50D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D650] 004395C5 8D72 1C LEA ESI,DWORD PTR DS:[EDX+1C] ;The number 28 (1C) here is the limit of Reserved (Row 2) troops subtracted by 2. 004395C8 EB 5D JMP SHORT lf2hexed.00439627 004395CA 83FA 03 CMP EDX,3 ;Where the "3" from. See below. 004395CD 75 26 JNZ SHORT lf2hexed.004395F5 004395CF 8BC8 MOV ECX,EAX 004395D1 0FAFCD IMUL ECX,EBP 004395D4 83FF 04 CMP EDI,4 004395D7 7D 0E JGE SHORT lf2hexed.004395E7 004395D9 03CF ADD ECX,EDI 004395DB 8D0C8D 10D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D610] 004395E2 8D72 07 LEA ESI,DWORD PTR DS:[EDX+7] ;The number 7 here is the limit of "In Screen" troops (Row 3) subtracted by 3. 004395E5 EB 40 JMP SHORT lf2hexed.00439627 004395E7 8D0C8D 20D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D620] 004395EE BE 0A000000 MOV ESI,0A ;This is the "In Screen" beer limit 0A (10). 004395F3 EB 32 JMP SHORT lf2hexed.00439627 004395F5 83FA 04 CMP EDX,4 ;Where the "4" from. See below. 004395F8 75 25 JNZ SHORT lf2hexed.0043961F 004395FA 8BC8 MOV ECX,EAX 004395FC 0FAFCD IMUL ECX,EBP 004395FF 3BFA CMP EDI,EDX 00439601 7D 0E JGE SHORT lf2hexed.00439611 00439603 03CF ADD ECX,EDI 00439605 8D0C8D 68D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D668] 0043960C 8D72 1A LEA ESI,DWORD PTR DS:[EDX+1A] ;The number 26 (1A) here is the limit of Reserved (Row 4) troops subtracted by 4. 0043960F EB 16 JMP SHORT lf2hexed.00439627 00439611 8D0C8D 78D64400 LEA ECX,DWORD PTR DS:[ECX*4+44D678] 00439618 BE 1E000000 MOV ESI,1E ;This is the Reserve beer limit 1E (30). 0043961D EB 08 JMP SHORT lf2hexed.00439627 0043961F 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34] 00439623 8B7424 34 MOV ESI,DWORD PTR SS:[ESP+34] 00439627 85DB TEST EBX,EBX |