Hex Editing - Guide: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 1: | Line 1: | ||
{{wip}} | |||
The following article describes some basics of hex edition. Offsets (and code itself in some locations) may vary based on game version. | The following article describes some basics of hex edition. Offsets (and code itself in some locations) may vary based on game version. |
Revision as of 13:10, 16 September 2024
The following article describes some basics of hex edition. Offsets (and code itself in some locations) may vary based on game version.
Heroes of Might and Magic III is coded in Assembly x86. Each byte (a set of 2 hexadecimal characters) corresponds to either a function, or a value for an already determined function. The only exception is byte 0x90, which is non-coding and may be used to f.e. fill empty space.
Upper majority of creature stats, abilities, etc. is coded within the *.exe. While it may not be readable or understandable to a layman, in short time one can comprehend a lot of the code and find reason and rhyme in it (or at least, parts of it).
To open (and edit) the *.exe files, one needs a hex editor, f.e. frhed or another similar software.
Basics
Majority of HotA additions are not directly in the h3hota.exe (or h3hota HD.exe), but instead in Hota.dat (and partly in HotA.dll).
Numbers
All (or almost all) numbers are written in Little Endian - the bytes are placed in reverse order. As an example, 0xA624C (0x before a number signifies it's hexadecimal) in Little Endian is written as 4C 62 0A 00. Note, that the system recognizes that a number is negative based on the fact that it's greater than half the number range: greater than 0x80 for a single byte, and greater than 0x80000000 for a 4-byte value.
Some numbers use a IEE-754 coding. It is recommended to use a calculator for such values, such as the one available on save-editor.com.
Keep in mind that most (but, surprisingly, not all) lists start at 0, not at 1, so the first element is element 0 and not element 1.
QWORD and DWORD pointers are Little Endian representations of an address within the *.exe file, with 0x400000 added to them because of the way the game reads the code. Therefore if you want the DWORD pointer to find 0x27e484, you write it as 84 e4 67 00. DWORDs use IEE-754, while QWORDs use an 8-byte double-precision IEE-754 value.
Heroes
Heroes are very easy to edit. Hero data is stored in two sets, one containing general hero data and the other containing only hero specialties. Heroes are generally ordered by their faction (Castle, Rampart, Tower, etc.) and then their class (might or magic). Following standard heroes, are all campaign heroes.
Hero Data
Hero data is written as follows:
GG 000000 RR 000000 HH 000000 SO 000000 OL 000000 ST 000000 TL 000000 SB 000000 SP 000000 U1 000000 U2 000000 U3 000000 PS 000000 PL 000000 R0 AS CO,
where:
- GG = Gender: 00 is male, 01 is female,
- RR = Race: 00 is a Demon, 01 is a Dwarf, 02 is an Efreeti, 03 is a half-elf (Gelu), 04 is a Genie (and Yog), 05 is a Gnoll, 06 is a Goblin, 07 is a Human, 08 is a Lich / Skeleton, 09 is a Lizardman, 0A is a Minotaur, 0B is an Ogre, 0C is a Troglodyte and 0D a Vampire. As far as I'm aware, these are not used anywhere else and don't even include a descriptor. Also, Mutare Drake is a Human.
- HH = Hero's Class. Classes go in order of factions, and within a faction the might class is refered first. Therefore 00 = Knight, 01 = Cleric, 02 = Ranger, 03 = Druid, etc. Note, that HotA classes essentially "follow" this encoding.
- SO = First skill (ref. ID)
- OL = First skill's proficiency level (00 = Basic, * 01 = Advanced, 02 = Expert)
- ST = Second skill (ref. ID). If there is no second skill, instead, FFFFFFFF is used, replacing ST and the zeroes following it.
- TL = Second skill level. If there is no second skill, 00 is used (Basic).
- SB = Spell Book. 00 = absent, 01 = present.
- SP = Spell (ref. ID). If no spell is present, FFFFFFFF is used instead.
- U1, U2, U3 = Starting army unit reference IDs.
- PS = Small Portrait DWORD pointer, which leads to plaintext name of the portrait in the H3bitmap.lod.
- PL = Large Portrait, same as above. 00 = false, 01 = true.
- R0 = allowed in RoE maps by default. 00 = false, 01 = true.
- AS = Present by default in all non-RoE maps. 00 = false, 01 = true.
- CO = Campaign-only. 00 = false, 01 = true.
Hero Specialties
Hero specialties are written one by one in the same order as heroes appear in, starting from 0x00278420.
The specialties look as follows:
TT 000000 ID 000000 AA 000000 DD 000000 DM 000000 U4 000000 U5 000000
TT - Specialty type. The following specialty types exist:
- 00 = Skill specialty (+5% skill effect per level)
- 01 = Basic Unit specialty (+1 speed, +1 Attack and Defense every <unit level> levels)
- 02 = Resource (+1 gems per day, etc.)
- 03 = Spell (+3% efficiency per level for most spells, sometimes special bonuses instead)
- 04 = Static Unit specialty (static bonus to attack, defense, damage, speed, or any combination of them), f.e. Xeron, Kalt, Haart Lich, etc.
- 05 = Speed (Sir Mullich only)
- 06 = Unit Upgrade specialty (Gelu, Dracon, Bidley, etc.)
- 07 = Dragon Specialty (Mutare, Mutare Drake)
ID = Reference ID of the specialized in Skill, Unit, Resource or Spell. (Not needed for Dragon and Speed specialties, where it is 00 and an unnecessary, unused 02, respectively). AA = Attack bonus for Static Unit specialists. DD = Defense bonus for Static Unit specialists. DM = Damage bonus for Static Unit specialists. U4 = Second unit (ref. ID) that can be upgraded (only used by Unit Upgrade specialists; otherwise left as 00. Note, that using the same unit twice for Unit Upgrade specialty essentially removes second unit from being upgradable; meanwhile using 00 sets the ID to Pikemen.) U5 = Resulting unit ref. ID from the upgrade (only for Unit Upgrade specialists).
Note, that using a Unit Upgrade specialist, reference ID of unupgraded creatures ought to be used. F.e., Gelu references Archers and Wood Elves, but code naturally allows also for their upgrades to be improved with his specialty. This does not occur the other way around; specifying ID or U2 as an upgraded creature, will make the upgrade impossible for unupgraded creatures.
Sir Mullich's unit specialty amount (0x02) is located at 0x0E6669.
The amount of resources obtained from a gold specialty is saved at 0x0E4681 (as 350).
Only Xyron is specified to add speed thanks to his static unit specialty. This is (most likely) saved at the following address: 0x4b1b3 ???.
Note, that many "possible" specialties don't exist and simply won't do anything; examples include Tactics specialty, Teleport specialty, etc.
Editing HotA Heroes
Hota heroes are coded in the HotA.dat, in the following order: (names written in plain text are also coded in plain text)
07 000000 hero<ref_id> 12 000000 Heroes\hero_<ref_id>.str FACTION #large_portrait_file_name.pcx 0c000000 #small_portrait_file_name.pcx XX 000000 Specialty_Name YY 000000 Specialty Bonus: Object ZZ 000000 {Full Object} specialty_description PP 000000 HeroName QQ 000000 Biography 00000000 01 5c 0000 (number of zeroes may vary) GG 000000 RR 000000 HH 000000 SO 000000 OL 000000 ST 000000 TL 000000 SB 000000 SP 000000 U1 000000 U2 000000 U3 000000 PS 000000 PL 000000 R0 AS C0 00 00000000 00000000 1m 000000 1M 000000 2m 000000 2M 000000 3m 000000 3M 000000 08 000000 I8 TT 000000 ID 000000 AA 000000 DD 000000 DM 000000 U4 000000 U5 000000
- FACTION = 09 000000 00000000 0b 000000 for Cove heroes and 09 000000 00000000 00000000 07 000000 for Factory heroes,
- #large_portrait_file_name.pcx, #small_portrait_file_name.pcx: # and the appropriate file name, f.e. #HPLP06.pcx
- XX = ???
- Specialty_Name is f.e. "Sea Dogs" or "Nix".
- YY = ???
- Specialty Bonus: Object refers to the following types of text: "Spell Bonus: Air Shield", "Creature Bonus: Sea Dogs", etc.
- ZZ = ???
- {Full Object} is a text in curly parentheses {} stating again the specialty, f.e. "{Estates}", or "{Pirates, Corsairs and Sea Dogs}".
- specialty_description: Plain text description.
- PP = ??? (but seems to be mostly 05 or 06)
- QQ = ???, seems to be some sort of an ID as it seems to be unique for each hero; it is not, however, the reference ID.
- 1m = minimum number of the first creature type in hero's starting army
- 1M = maximum number of the first creature type in hero's starting army
- 2m = minimum number of the second creature type in hero's starting army
- 2M = maximum number of the second creature type in hero's starting army
- 3m = minimum number of the third creature type in hero's starting army
- 3M = minimum number of the third creature type in hero's starting army
- I8 = reference ID + 8 for heroes before ref ID 178 and reference ID + 7 for heroes after ref ID 178 (essentially, 0xb9 is skipped)
Heroes in HotA.dat start at 0x23dd and end at 0x9886. Note, that for editing text itself it's best to use programs such as HotA Editor, instead of a direct hex-editing.
External links:
- heroescommunity.com - Editing heroes in memory - Includes a large number of various Reference IDs
- heroescommunity.com - How to edit Hota? - Thread with majority of useful information, scrambled across 112 forum pages.
- BTB2's hacking guide - primarily detailing creation of his own mod, but including tips, explanations and some of the Reference IDs