Jump to content
Sign in to follow this  
Avenger

scripting state exploits

Recommended Posts

By analysing the executable code, i found that using the

scripting state modifier (282) opcode, it is possible to modify even more stats directly.

It requires more checks which stat could be modified and which isn't, but there are

definitely more opportunities than i thought before.

Examples:

1141 - detect illusions (non permanent)

1142 - set traps (non permanent)

 

These stats are not a big deal, because they could be modified by specific opcodes, but there could be a few stats that are not directly modifiable, and still reachable by this opcode.

This opcode modifies a dword, but only the lowest byte counts, so it is not always useful.

 

It could be that someone else already found out these undocumented cases, i'm just unaware of them.

Later i'll list more if needed. (If someone is curious about a specific stat, i can look for it as priority).

 

Also, since this feature is based on a bug+the internal representation of the actors, it won't work with SoA (or GemRB).

Edited by Avenger

Share this post


Link to post

I tried embedding an effect to a creature that set scripting state 1141 to 30 and the game crashed on loading attempts - guess you're doing this with temporary effects?

 

It's very strange and interesting :rant:

Share this post


Link to post

Do you have tob patched to 26498 ?

I tried it with an item, but this doesn't count.

What counts is the internal representation of the creature.

If they added or just rearranged the variables between patches, then this won't work (or crashes).

Edited by Avenger

Share this post


Link to post

Okay, for some stupid reason I'd decided to enter your numbers in hex when they're clearly in base ten :rant: So some large numbers are off limits still, just not the ones you were talking about.

 

State 1139 doesn't crash as either an embedded effect nor as an item effect and modifies pick pockets.

Share this post


Link to post

Opps, yes. Sorry for the confusion, i'm happy you could repeat my feat :rant:

Each number does something (carpet bombs into the creature structure by modifying a dword to "x 0 0 0" where x is the lowest byte of param #1).

Sadly not all stats are dwords, this means, some stats are off-alignment with the base offset of the scripting states array. This causes that some values will overwrite 2 stats (zeroing one out, and altering the other into a very large value), or overwriting a pointer (crash), or causing weird effects (xp overwriting to an 1 byte value is rarely useful).

 

What useful this effect might achieve is to affect unavailable stats (like the undead turning level). I hope that is possible, but it is hard to find.

It is very easy to find if this effect could modify specific stats that are already modified by some effect. (about 10 minutes work for me).

Share this post


Link to post

My error on the assumptions, I understand you now :rant:

 

I thought Turn Undead level was just level and modifiable with the Level Drain opcode and negative values, but it's been so long since I've tested it that I'm probably wrong.

Share this post


Link to post
My error on the assumptions, I understand you now :rant:

 

I thought Turn Undead level was just level and modifiable with the Level Drain opcode and negative values, but it's been so long since I've tested it that I'm probably wrong.

Turn undead level is affected by the spell casting ability, i think.

Pallies are lower than clerics.

Share this post


Link to post

I doubt it and the hack probably doesn't work on ees either.

Share this post


Link to post

I doubt it and the hack probably doesn't work on ees either.

 

After some testing, it does work on moving higher, IE, 10 increases Melee_THAC0_Bonus and 23 increased PICKPOCKET_MTP_BONUS.

 

I am not sure how to go "negative" with it. I thought maybe it maxed out at 1024 entries, and thusly, maybe 1000 and lower would point to stats prior to 156 SCRIPTINGSTATE1.

Share this post


Link to post
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...