Worms United (1996) code injection problem
Posted: Sat Mar 09, 2019 5:36 pm
Hello everyone, i'm searching someone that can help me with a problem i've encountered so far:
I'm relatively new to assembly and cheat engine and i'm doing this for learning and make this old game more fun.
So basically i want to replicate some "Gamemodes" that newer worms game have to this old game by making a cheat table, stuff like DoubleDamage, random weapon for every turn by setting to 0 ammo to every weapon except to a random one.
The problem I've encountered is about the double damage, I can't identify in the game where the damage get's calculated, by far the things i've discovered are:
The game runs over DosBOX 0.74 which's Virtual Memory base address is at 0x01D3A1A0
Then with some searches i figured out the addresses for every worm HP bar in the game, the game store the value as a byte value (Max 255)
With the addressess and HexCalc i got the offsets so that i don't have to find them every single time I open the game.
When everything was set up, I went to a worm hpbar address to check what code writes on that address (Find out what instructions writes on this address)
Now the problem is, there's no sub code here, i mean i supposed that damage was calculated by a subtraction, instead there is a mov, so i guessed that simply the game ovverride the old life value with a new life value by that mov code, exactly it goes like this:
mov [eax+ecx],ebx
I confirmed my guess because cheking eax+ecx result them in being EAX the base vmem address, and ecx the offset to that worm hpbar.
No matter which worm it is always this one function that changes their life.
Now the problem is i would like to change the value of the damage dealt to the worm, but I can't find neither the value itself by normally searching for it, neither find some clue in the code where this happens, theorically in EBX there should be stored the new life value (Old life - damage taken), but there is no sub whatsoever the code near that line.
I've tried changing the ebx register manually for example : Mov [eax+ecx],50 because i thought that insteand of use the new value it would simply set the worm life to 50 but it just crashes immediatly after.
Also i figured out that in the ESI is registered the damage value for the turn, in this case is 33 (51), the turn after i dealt 15 dmg and it was F so it should be correct, so i tried to change the ESI value but nothing happens at all...
Hope someone can help me, thanks everyone for any reply!
I'm relatively new to assembly and cheat engine and i'm doing this for learning and make this old game more fun.
So basically i want to replicate some "Gamemodes" that newer worms game have to this old game by making a cheat table, stuff like DoubleDamage, random weapon for every turn by setting to 0 ammo to every weapon except to a random one.
The problem I've encountered is about the double damage, I can't identify in the game where the damage get's calculated, by far the things i've discovered are:
The game runs over DosBOX 0.74 which's Virtual Memory base address is at 0x01D3A1A0
Then with some searches i figured out the addresses for every worm HP bar in the game, the game store the value as a byte value (Max 255)
With the addressess and HexCalc i got the offsets so that i don't have to find them every single time I open the game.
When everything was set up, I went to a worm hpbar address to check what code writes on that address (Find out what instructions writes on this address)
Now the problem is, there's no sub code here, i mean i supposed that damage was calculated by a subtraction, instead there is a mov, so i guessed that simply the game ovverride the old life value with a new life value by that mov code, exactly it goes like this:
mov [eax+ecx],ebx
I confirmed my guess because cheking eax+ecx result them in being EAX the base vmem address, and ecx the offset to that worm hpbar.
No matter which worm it is always this one function that changes their life.
Now the problem is i would like to change the value of the damage dealt to the worm, but I can't find neither the value itself by normally searching for it, neither find some clue in the code where this happens, theorically in EBX there should be stored the new life value (Old life - damage taken), but there is no sub whatsoever the code near that line.
I've tried changing the ebx register manually for example : Mov [eax+ecx],50 because i thought that insteand of use the new value it would simply set the worm life to 50 but it just crashes immediatly after.
Also i figured out that in the ESI is registered the damage value for the turn, in this case is 33 (51), the turn after i dealt 15 dmg and it was F so it should be correct, so i tried to change the ESI value but nothing happens at all...
Hope someone can help me, thanks everyone for any reply!