hack the dice rolls in neverwinter nights?
Posted: Wed Sep 04, 2019 3:51 pm
I'm stuck on trying to hack the dice rolls on Neverwinter nights, I can't think of any way to find them. I don't suppose anyone tried it before or maybe knows how?
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="26">
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"old, don't touch"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
pop edx
pop ebx
pop eax
mov eax,#18
jmp exit
originalcode:
and eax,00007FFF
push eax
push ebx
push edx
mov ebx,#20
div ebx
cmp edx,#19
je newmem
pop edx
pop ebx
pop eax
exit:
jmp returnhere
"nwmain.exe"+44C118:
jmp originalcode
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"nwmain.exe"+44C118:
and eax,00007FFF
//Alt: db 25 FF 7F 00 00
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"no natural 20s"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : nwmain.exe
Version:
Date : 2019-09-10
Author : deama
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,nwmain.exe,25 FF 7F 00 00 C3) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
pop edx
pop ebx
pop eax
mov eax,#18
jmp return
code:
and eax,00007FFF
///////////////////////////
push eax
push ebx
push edx
mov ebx,#20
div ebx
cmp edx,#19
je newmem
pop edx
pop ebx
pop eax
///////////////////////////
jmp return
INJECT:
jmp code
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 25 FF 7F 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "nwmain.exe"+44C118
"nwmain.exe"+44C0F4: 8B 4C 24 04 - mov ecx,[esp+04]
"nwmain.exe"+44C0F8: 89 48 14 - mov [eax+14],ecx
"nwmain.exe"+44C0FB: C3 - ret
"nwmain.exe"+44C0FC: E8 B2 3C 00 00 - call nwmain.exe+44FDB3
"nwmain.exe"+44C101: 8B 48 14 - mov ecx,[eax+14]
"nwmain.exe"+44C104: 69 C9 FD 43 03 00 - imul ecx,ecx,000343FD
"nwmain.exe"+44C10A: 81 C1 C3 9E 26 00 - add ecx,00269EC3
"nwmain.exe"+44C110: 89 48 14 - mov [eax+14],ecx
"nwmain.exe"+44C113: 8B C1 - mov eax,ecx
"nwmain.exe"+44C115: C1 E8 10 - shr eax,10
// ---------- INJECTING HERE ----------
"nwmain.exe"+44C118: 25 FF 7F 00 00 - and eax,00007FFF
// ---------- DONE INJECTING ----------
"nwmain.exe"+44C11D: C3 - ret
"nwmain.exe"+44C11E: CC - int 3
"nwmain.exe"+44C11F: CC - int 3
"nwmain.exe"+44C120: 83 EC 08 - sub esp,08
"nwmain.exe"+44C123: DD 14 24 - fst qword ptr [esp]
"nwmain.exe"+44C126: E8 1D 71 00 00 - call nwmain.exe+453248
"nwmain.exe"+44C12B: E8 0D 00 00 00 - call nwmain.exe+44C13D
"nwmain.exe"+44C130: 83 C4 08 - add esp,08
"nwmain.exe"+44C133: C3 - ret
"nwmain.exe"+44C134: 8D 54 24 04 - lea edx,[esp+04]
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
<CheatCodes>
<CodeEntry>
<Description>Change of test ebp,ebp</Description>
<Address>0064A295</Address>
<ModuleName>nwmain.exe</ModuleName>
<ModuleNameOffset>24A295</ModuleNameOffset>
<Before>
<Byte>6C</Byte>
<Byte>24</Byte>
<Byte>40</Byte>
<Byte>75</Byte>
<Byte>3D</Byte>
</Before>
<Actual>
<Byte>85</Byte>
<Byte>ED</Byte>
</Actual>
<After>
<Byte>74</Byte>
<Byte>39</Byte>
<Byte>66</Byte>
<Byte>8B</Byte>
<Byte>45</Byte>
</After>
</CodeEntry>
<CodeEntry>
<Description>Change of jne nwmain.exe+24A2B9</Description>
<Address>0064A2AC</Address>
<ModuleName>nwmain.exe</ModuleName>
<ModuleNameOffset>24A2AC</ModuleNameOffset>
<Before>
<Byte>FF</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
<Byte>3B</Byte>
<Byte>C1</Byte>
</Before>
<Actual>
<Byte>75</Byte>
<Byte>0B</Byte>
</Actual>
<After>
<Byte>BF</Byte>
<Byte>01</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
</After>
</CodeEntry>
<CodeEntry>
<Description>Change of call dword ptr [edx+7C]</Description>
<Address>006BF170</Address>
<ModuleName>nwmain.exe</ModuleName>
<ModuleNameOffset>2BF170</ModuleNameOffset>
<Before>
<Byte>56</Byte>
<Byte>55</Byte>
<Byte>57</Byte>
<Byte>8B</Byte>
<Byte>C8</Byte>
</Before>
<Actual>
<Byte>FF</Byte>
<Byte>52</Byte>
<Byte>7C</Byte>
</Actual>
<After>
<Byte>E9</Byte>
<Byte>CB</Byte>
<Byte>FE</Byte>
<Byte>FF</Byte>
<Byte>FF</Byte>
</After>
</CodeEntry>
<CodeEntry>
<Description>Change of mov eax,[esp+10]</Description>
<Address>7754DEC0</Address>
<ModuleName>ntdll.dll</ModuleName>
<ModuleNameOffset>2DEC0</ModuleNameOffset>
<Before>
<Byte>35</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
</Before>
<Actual>
<Byte>8B</Byte>
<Byte>44</Byte>
<Byte>24</Byte>
<Byte>10</Byte>
</Actual>
<After>
<Byte>89</Byte>
<Byte>6C</Byte>
<Byte>24</Byte>
<Byte>10</Byte>
<Byte>8D</Byte>
</After>
</CodeEntry>
<CodeEntry>
<Description>Change of call nwmain.exe+44FDB3</Description>
<Address>0084C0FC</Address>
<ModuleName>nwmain.exe</ModuleName>
<ModuleNameOffset>44C0FC</ModuleNameOffset>
<Before>
<Byte>04</Byte>
<Byte>89</Byte>
<Byte>48</Byte>
<Byte>14</Byte>
<Byte>C3</Byte>
</Before>
<Actual>
<Byte>E8</Byte>
<Byte>B2</Byte>
<Byte>3C</Byte>
<Byte>00</Byte>
<Byte>00</Byte>
</Actual>
<After>
<Byte>8B</Byte>
<Byte>48</Byte>
<Byte>14</Byte>
<Byte>69</Byte>
<Byte>C9</Byte>
</After>
</CodeEntry>
</CheatCodes>
<UserdefinedSymbols/>
<Structures StructVersion="2">
<Structure Name="unnamed structure" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" RLECompression="1" AutoCreateStructsize="4096">
<Elements>
<Element Offset="0" Vartype="4 Bytes" Bytesize="4" RLECount="404" DisplayMethod="Unsigned Integer"/>
</Elements>
</Structure>
</Structures>
<Comments>Info about this table:
</Comments>
</CheatTable>