Dawn of Magic Message Board  

For those without unl membership:

Gold is 4 byte value and not encrypted.
Spell points are byte value and not encrypted.
Skill points are byte value and not encrypted.
Exp is 4 byte value and is encrypted. Perform rol 07 then xor 6e93c812 on the value you want to add, then inject that encrypted value into memory. If you're smart you'll know you can reverse that and use that to find the value in ram. (hint: it's at Game_c:MoveToMap+8E28) on the unpatched version.

Stat points are a float value that rounds, i.e. 0.553 = 1 and .972 also = 1 and 3 = 3 but you'll never really see a interger style value, more likely 2.76893377201 = 3.

I have memory values for where the code points but they are probably only valid for my machine. Programs load in different places on different builds due to several reasons, so kinda pointless for me to list them. Thought they work for me.

Word on exp. If you over fill the bar to give yourself the next level (say you go from 10 to 11 or whatever) then you won't get the stat value point for leveling. You need to get "almost" enough to level then kill something to push you over then you get the benifits of the level. So if you need to have 6000 points to level give yourself only 5999 then kill something.

How wonderful!
I'm eagerly to know how you get encryption algorithm of exp?

I just followed the asm code.

I have a calculator that does rol and ror and xor, but I also wrote some custom functions in MS Excel that can do rol, ror, and xor so I made a spreadsheet for dawn of magic. I don't think I can post attachments or I'd give it to everyone.

In any case, if you want to find the value for your exp you have to do some basic encryption. For example: Let's say your current in-game exp is 2500. You can't search for 2500 in memory because it's been encrypted. You have to first encrypt 2500 then search for that encrypted value. To do that you have to rol 2500, 07. That gives a new value of 32000. That's a decimal value. In hex it's 7d00. Dawn of magic uses a static value of (in hex) 6e93c812 for the xor of exp. So xor 7d00, 6e93c812. The result is 6e972a12. 2500 = 6e972a12. So if you're looking for exp value of 2500 you search for 6e972a12. Then go kill something and search again. Say you just killed something and gained exp and your new current exp is 2612. Do the above and you'll get the encrypted value: 6e96d212. Do it again and again till you find the right one in memory.

Now let's say you found the right value in memory. Just edit the value and put in the encrypted value you want. Let's say you want to have 6000 exp now. You have to use the above to figure out what the encrypted value should be, in this case it's 6e987012, and replace the current value with that. In game you'll notice your exp changes to 6000.

i have basic memory hack skill and knowledge to get unencrypted address
learnt about asm language,also

how to get the asm code?
is it analyzed by a particular software during the game running?
if so, what software do you use for it?
if not, could you please tell me how to get the asm code?

btw,i tried to rol 2500,7 with debug,but got 57860
-a 100
14AD:0100 mov ax,9c4
14AD:0103 mov cl,7
14AD:0105 rol ax,cl
14AD:0107
-g 107

AX=E204 BX=0000 CX=0007 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=14AD ES=14AD SS=14AD CS=14AD IP=0107 OV UP EI PL NZ NA PO NC
14AD:0107 52 PUSH DX
-q

[Edited by CannonFodderEX, 6/7/2007 3:45:50 AM]

ax = 16 bit.
eax = 32 bit.

ROL for 16 bit won't return the same answer as it does for 32 bit.

Try it on a 32bit register and you'll see what I mean.



[Edited by wankmeoff, 7/3/2007 5:00:52 PM]