Jump to content

scripting state exploits


Recommended Posts

By analysing the executable code, i found that using the

scripting state modifier (282) opcode, it is possible to modify even more stats directly.

It requires more checks which stat could be modified and which isn't, but there are

definitely more opportunities than i thought before.


1141 - detect illusions (non permanent)

1142 - set traps (non permanent)


These stats are not a big deal, because they could be modified by specific opcodes, but there could be a few stats that are not directly modifiable, and still reachable by this opcode.

This opcode modifies a dword, but only the lowest byte counts, so it is not always useful.


It could be that someone else already found out these undocumented cases, i'm just unaware of them.

Later i'll list more if needed. (If someone is curious about a specific stat, i can look for it as priority).


Also, since this feature is based on a bug+the internal representation of the actors, it won't work with SoA (or GemRB).

Link to comment

Do you have tob patched to 26498 ?

I tried it with an item, but this doesn't count.

What counts is the internal representation of the creature.

If they added or just rearranged the variables between patches, then this won't work (or crashes).

Link to comment

Okay, for some stupid reason I'd decided to enter your numbers in hex when they're clearly in base ten :rant: So some large numbers are off limits still, just not the ones you were talking about.


State 1139 doesn't crash as either an embedded effect nor as an item effect and modifies pick pockets.

Link to comment

Opps, yes. Sorry for the confusion, i'm happy you could repeat my feat :rant:

Each number does something (carpet bombs into the creature structure by modifying a dword to "x 0 0 0" where x is the lowest byte of param #1).

Sadly not all stats are dwords, this means, some stats are off-alignment with the base offset of the scripting states array. This causes that some values will overwrite 2 stats (zeroing one out, and altering the other into a very large value), or overwriting a pointer (crash), or causing weird effects (xp overwriting to an 1 byte value is rarely useful).


What useful this effect might achieve is to affect unavailable stats (like the undead turning level). I hope that is possible, but it is hard to find.

It is very easy to find if this effect could modify specific stats that are already modified by some effect. (about 10 minutes work for me).

Link to comment
My error on the assumptions, I understand you now :rant:


I thought Turn Undead level was just level and modifiable with the Level Drain opcode and negative values, but it's been so long since I've tested it that I'm probably wrong.

Turn undead level is affected by the spell casting ability, i think.

Pallies are lower than clerics.

Link to comment

I doubt it and the hack probably doesn't work on ees either.


After some testing, it does work on moving higher, IE, 10 increases Melee_THAC0_Bonus and 23 increased PICKPOCKET_MTP_BONUS.


I am not sure how to go "negative" with it. I thought maybe it maxed out at 1024 entries, and thusly, maybe 1000 and lower would point to stats prior to 156 SCRIPTINGSTATE1.

Link to comment


This topic is now archived and is closed to further replies.

  • Create New...