Hex Editing - Guide: Difference between revisions

From Heroes 3 wiki
Jump to navigation Jump to search
mNo edit summary
(rephrasing)
Line 19: Line 19:
Some numbers use a IEE-754 coding. It is recommended to use a calculator for such values, such as the one available on [https://www.save-editor.com/tools/converter_ieee_754.html save-editor.com].  
Some numbers use a IEE-754 coding. It is recommended to use a calculator for such values, such as the one available on [https://www.save-editor.com/tools/converter_ieee_754.html save-editor.com].  


A common mistake is to assume that 0x00 is the same as our human 0. In most (but, surprisingly, not all) cases, the code uses zero-based numbering, i.e. 0x0 is decimal 1, 0x1 is decimal 2, etc.  
Keep in mind that most (but, surprisingly, not all) lists start at 0, not at 1, so the first element is element 0 and not element 1.


QWORD and DWORD pointers are Little Endian representations of an address within the *.exe file, with 0x400000 added to them because of the way the game reads the code. Therefore if you want the DWORD pointer to find 0x27e484, you write it as 84 e4 67 00. DWORDs use IEE-754, while QWORDs use an 8-byte double-precision IEE-754 value.  
QWORD and DWORD pointers are Little Endian representations of an address within the *.exe file, with 0x400000 added to them because of the way the game reads the code. Therefore if you want the DWORD pointer to find 0x27e484, you write it as 84 e4 67 00. DWORDs use IEE-754, while QWORDs use an 8-byte double-precision IEE-754 value.  

Revision as of 19:13, 15 September 2024

This guide is a work in progress.

The following article describes some basics of hex edition. Offsets (and code itself in some locations) may vary based on game version.

Heroes of Might and Magic III is coded in Assembly x86. Each byte (a set of 2 hexadecimal characters) corresponds to either a function, or a value for an already determined function. The only exception is byte 0x90, which is non-coding and may be used to f.e. fill empty space.

Upper majority of creature stats, abilities, etc. is coded within the *.exe. While it may not be readable or understandable to a layman, in short time one can comprehend a lot of the code and find reason and rhyme in it (or at least, parts of it).

To open (and edit) the *.exe files, one needs a hex editor, f.e. frhed or another similar software.

Basics

Majority of HotA Horn of the Abyss additions are not directly in the h3hota.exe (or h3hota HD.exe), but instead in Hota.dat (and partly in HotA.dll).

Numbers

All (or almost all) numbers are written in Little Endian - the bytes are placed in reverse order. As an example, 0xA624C (0x before a number signifies it's hexadecimal) in Little Endian is written as 4C 62 0A 00. Note, that the system recognizes that a number is negative based on the fact that it's greater than half the number range: greater than 0x80 for a single byte, and greater than 0x80000000 for a 4-byte value.

Some numbers use a IEE-754 coding. It is recommended to use a calculator for such values, such as the one available on save-editor.com.

Keep in mind that most (but, surprisingly, not all) lists start at 0, not at 1, so the first element is element 0 and not element 1.

QWORD and DWORD pointers are Little Endian representations of an address within the *.exe file, with 0x400000 added to them because of the way the game reads the code. Therefore if you want the DWORD pointer to find 0x27e484, you write it as 84 e4 67 00. DWORDs use IEE-754, while QWORDs use an 8-byte double-precision IEE-754 value.


Heroes

Heroes are very easy to edit. Hero data is stored in two sets, one containing general hero data and the other containing only hero specialties. Heroes are generally ordered by their faction (Castle, Rampart, Tower, etc.) and then their class (might or magic). Following standard heroes, are all campaign heroes.

Hero Data

Hero data is written as follows:

GG 000000 RR 000000 HH 000000 SO 000000 OL 000000 ST 000000 TL 000000 SB 000000 SP 000000 U1 000000 U2 000000 U3 000000 PS 000000 PL 000000 R0 AS CO,

where: GG = Gender: 00 is male, 01 is female, RR = Race: 00 is a Demon, 01 is a Dwarf, 02 is an Efreeti, 03 is a half-elf (Gelu), 04 is a Genie (and Yog), 05 is a Gnoll, 06 is a Goblin, 07 is a Human, 08 is a Lich / Skeleton, 09 is a Lizardman, 0A is a Minotaur, 0B is an Ogre, 0C is a Troglodyte and 0D a Vampire. As far as I'm aware, these are not used anywhere else and don't even include a descriptor. Also, Mutare Drake is a Human. HH = Hero's Class. Classes go in order of factions, and within a faction the might class is refered first. Therefore 00 = Knight, 01 = Cleric, 02 = Ranger, 03 = Druid, etc. Note, that HotA classes essentially "follow" this encoding. SO = First skill (ref. ID) OL = First skill's proficiency level (00 = Basic, 01 = Advanced, 02 = Expert) ST = Second skill (ref. ID). If there is no second skill, instead, FFFFFFFF is used, replacing ST and the zeroes following it. TL = Second skill level. If there is no second skill, 00 is used (Basic). SB = Spell Book. 00 = absent, 01 = present. SP = Spell (ref. ID). If no spell is present, FFFFFFFF is used instead. U1, U2, U3 = Starting army unit reference IDs. PS = Small Portrait DWORD pointer, which leads to plaintext name of the portrait in the H3bitmap.lod. PL = Large Portrait, same as above. 00 = false, 01 = true. R0 = allowed in RoE maps by default. 00 = false, 01 = true. AS = Allowed in all expansion (Armageddon's Blade or Shadow of Death) maps by default. 00 = false, 01 = true. CO = Campaign-only.

Hero Specialties

Hero specialties are written one by one in the same order as heroes appear in, starting from 0x00278420.

The specialties look as follows:

TT 000000 ID 000000 AA 000000 DD 000000 DM 000000 U2 000000 U3 000000

TT - Specialty type. The following specialty types exist:

  • 00 = Skill specialty (+5% skill effect per level)
  • 01 = Basic Unit specialty (+1 speed, +1 Attack and Defense every <unit level> levels)
  • 02 = Resource (+1 gems per day, etc.)
  • 03 = Spell (+3% efficiency per level for most spells, sometimes special bonuses instead)
  • 04 = Static Unit specialty (static bonus to attack, defense, damage, speed, or any combination of them), f.e. Xeron, Kalt, Haart Lich, etc.
  • 05 = Speed (Sir Mullich only)
  • 06 = Unit Upgrade specialty (Gelu, Dracon, Bidley, etc.)
  • 07 = Dragon Specialty (Mutare, Mutare Drake)

ID = Reference ID of the specialized in Skill, Unit, Resource or Spell. (Not needed for Dragon and Speed specialties, where it is 00 and an unnecessary, unused 02, respectively). AA = Attack bonus for Static Unit specialists. DD = Defense bonus for Static Unit specialists. DM = Damage bonus for Static Unit specialists. U2 = Second unit (ref. ID) that can be upgraded (only used by Unit Upgrade specialists; otherwise left as 00. Note, that using the same unit twice for Unit Upgrade specialty essentially removes second unit from being upgradable; meanwhile using 00 sets the ID to Pikemen.) U3 = Resulting unit ref. ID from the upgrade (only for Unit Upgrade specialists).

Note, that using a Unit Upgrade specialist, reference ID of unupgraded creatures ought to be used. F.e., Gelu references Archers and Wood Elves, but code naturally allows also for their upgrades to be improved with his specialty. This does not occur the other way around; specifying ID or U2 as an upgraded creature, will make the upgrade impossible for unupgraded creatures.

Sir Mullich's unit specialty amount (0x02) is located at 0x0E6669.

The amount of resources obtained from a gold specialty is saved at 0x0E4681 (as 350).

Only Xyron is specified to add speed thanks to his static unit specialty. This is (most likely) saved at the following address: 0x4b1b3 ???.

Note, that many "possible" specialties don't exist and simply won't do anything; examples include Tactics specialty, Teleport specialty, etc.


External links: