Druidstone: The Secret of the Menhir Forest

[krmit]

Game Name: Druidstone: The Secret of the Menhir Forest
Game Version: 1.0 [PLAZA release]
Options Required: Inf. actions, inf. movement points
Game/Steam Website: [Link]

[aerioth]

and inf. hearts please

[krmit]

and inf. hearts please

With inf ap no one can't damage your heroes)

[aerioth]

True but they can still hurt you when you end your turn, I don't want to just go around killing everything then move onto the next map, I want to play properly but just not lose hearts on my go.

[linkchaos]

xp modifier would be nice too

[Sagoingne]

Heck, I was just looking for a way to add some gold, as scanning for exact value or range of value isn't cutting it

[krmit]

@Sagoingne
Gold (and upgrade points) are float.

[Sagoingne]

@krmit Thanks, I'll try that, then!

[Kentda]

Gems location seems to change after missions. So it doesnt seem to be a static address.

XP was found as Double.

[MintDrop]

I found power gems with float but doesn't work with gold. Anyone found a way to edit gold?

[krmit]

@MintDrop
Gold founds just as gems, by exact search

[Marc]

What I found out so far:
Health is encrypted and stored as 4 Byte Value. (Update: I really should have checked the data-type double... stupid!)

As it seems, the encryption is static so we can search for the encrypted value.
2 Health = 1072693248
4 Health = 1074790400
5 Health = 1075052544
6 Health = 1075314688
7 Health = 1075576832

Code: Select all

druidstone.exe+2129 - 44 8B 55 34           - mov r10d,[rbp+34]
druidstone.exe+212D - 44 23 50 0C           - and r10d,[rax+0C]
druidstone.exe+2131 - 45 6B D2 18           - imul r10d,r10d,18
druidstone.exe+2135 - C6 45 0A 00           - mov byte ptr [rbp+0A],00 { 0 }
druidstone.exe+2139 - 4C 03 55 28           - add r10,[rbp+28]
druidstone.exe+213D - 49 BB 000000000080FDFF - mov r11,FFFD800000000000 { 0 }
druidstone.exe+2147 - 49 09 C3              - or r11,rax
druidstone.exe+214A - 4D 39 5A 08           - cmp [r10+08],r11
druidstone.exe+214E - 75 3F                 - jne druidstone.exe+218F
--------------------------   R10 = Hitpoints
druidstone.exe+2150 - 49 83 3A FF           - cmp qword ptr [r10],-01 { 255 }
druidstone.exe+2154 - 74 23                 - je druidstone.exe+2179
druidstone.exe+2156 - F6 45 08 04           - test byte ptr [rbp+08],04 { 4 }
druidstone.exe+215A - 0F85 81000000         - jne druidstone.exe+21E1
druidstone.exe+2160 - 4C 8B 1C CA           - mov r11,[rdx+rcx*8]
--------------------------   R10 = Hitpoints. the following instruction writes to our live
druidstone.exe+2164 - 4D 89 1A              - mov [r10],r11
druidstone.exe+2167 - 8B 06                 - mov eax,[rsi]
druidstone.exe+2169 - 0FB6 CC               - movzx ecx,ah
druidstone.exe+216C - 0FB6 E8               - movzx ebp,al
druidstone.exe+216F - 48 83 C6 04           - add rsi,04 { 4 }
druidstone.exe+2173 - C1 E8 10              - shr eax,10 { 16 }
druidstone.exe+2176 - FF 24 EB              - jmp qword ptr [rbx+rbp*8]
druidstone.exe+2179 - 4C 8B 5D 20           - mov r11,[rbp+20]
druidstone.exe+217D - 4D 85 DB              - test r11,r11
druidstone.exe+2180 - 74 D4                 - je druidstone.exe+2156

Problem is: this code is accessing LOTs of addresses.

have fun,
Marc

[GreenHouse]

What I found out so far:
Health is encrypted and stored as 4 Byte Value.

Nothing is encrypted. But it's annoying having to deal with a function that does everything.

[klais]

Thanks Marc for the contribution, that helps alot!

[gvargas]

For me gold, gems and exp were double...