[Age Of Mythology v1.0] Resource / Population Hacking (best viewed at 1024x768) [PREFACE] This is my quick and dirty solution to a resource hack for Age Of Mythology. I will say that [sheep]'s method is by far more efficient as it only modifies YOUR resources. With this method the game will modify everyones resources, including the computer. [HACKING RESOURCES] //Begin basic n00b tutorial now So the problem per say with Age Of Mythology is that the game used a single function to set the values for a number of things. It uses the function so that peasants gather resources, like gold from a gold mine or food from a sheep. This routine was also responsible for changing the values of the resources depending on if you had gained or lost some. Also it seems to affect the "tooltip" part of the game, where if you hold your mouse over something to build, it will tell you how many resources are required. By NOP'ing some of this function it would display the stats for the cost of a peasant. Which in my opinion is very bad and looks very amatuer. So anyway to get to this routine in the first place, you need to locate the value of one of the four resources. Let me tell you that they are encrypted with a simple XOR opperation so you will have to use a "changed" / "not changed" to get at them. Eventually you should come down to like 3-5 addresses, all 4 bytes each, and in order. For me i had 42059C8, 42059C9, 42059CA. Next put a BPM W on the address and see if SOFTICE pops. (If you are using TSearch, the autohack option is the same thing as a BPM) * Referenced by a CALL at Addresses:.. :00585D38 :00585E3D :00585E90 :00585F0A :00585F5D :00585FC1 :0058601D :00586060 :0058662C :00585DB0 55 push ebp :00585DB1 8BEC mov ebp, esp :00585DB3 51 push ecx :00585DB4 8B01 mov eax, dword ptr [ecx] :00585DB6 8945FC mov dword ptr [ebp-04], eax :00585DB9 8B4D08 mov ecx, dword ptr [ebp+08] :00585DBC 8B450C mov eax, dword ptr [ebp+0C] :00585DBF 8B55FC mov edx, dword ptr [ebp-04] :00585DC2 33048D6C9F9B00 xor eax, dword ptr [4*ecx+009B9F6C] :00585DC9 89048A mov dword ptr [edx+4*ecx], eax <~~~ Softice pops here. :00585DCC 8BE5 mov esp, ebp ~~~~ [edx+4*ecx] is the location :00585DCE 5D pop ebp ~~~~ of our resource. :00585DCF C20800 ret 0008 If we NOP this line we will get a variety of errors that make this a bad method of doing this hack. This prevents new values from being written into memory, so the game will never adjust resource values or anything else. Your villagers will chop wood forever, yet never take in a single piece of wood. Also that display error I mentioned earlier occurs. So here is our dilemma, we want to prevent the game from adjusting the values but we can't do it here. Okay well, it took me a while to figure it out because I wasn't thinking clearly. If we look at the routine in WinDasm we see that this routine is called 9 times. If you double click on any of the CALL addresses you will go to that part of the code. I looked through each of the nine functions and :0058601D contained something interesting. * Referenced by a (U)nconditional or (C)onditional Jump at Address:.. :0058602A(C) :00585FFE 56 push esi :00585FFF 8BCF mov ecx, edi :00586001 E87AFDFFFF call 00585D80 :00586006 D95C2410 fstp dword ptr [esp+10] :0058600A 56 push esi :0058600B 8BCB mov ecx, ebx :0058600D E86EFDFFFF call 00585D80 :00586012 D86C2410 fsubr dword ptr [esp+10] <~~~ Its a Float subtract function. :00586016 51 push ecx ~~~~ Change the fsubr (6C hex) :00586017 8BCF mov ecx, edi ~~~~ to fadd (44 hex) :00586019 D91C24 fstp dword ptr [esp] :0058601C 56 push esi :0058601D E88EFDFFFF call 00585DB0 <~~~ You land here. :00586022 A17028A300 mov eax, dword ptr [00A32870] :00586027 46 inc esi :00586028 3BF0 cmp esi, eax :0058602A 7CD2 jl 00585FFE If you look up a couple lines above the call to the Move Value Into Memory function (call 00585DB0) you will see that there is a float subtract function. You can either NOP it, or change it to FADD so when you spend resources, you gain them rather then loose them. [HACKING POPULATION] Population is controlled by another routine, the value is XOR encrypted as well. You should get 3-4 addresses again, BPM on the last one with SI and you should pop here: * Referenced by a CALL at Addresses:.. :00534ECB :00535C45 :00535C5F :0053A24D :00535760 55 push ebp :00535761 8BEC mov ebp, esp :00535763 83EC08 sub esp, 00000008 :00535766 8BD1 mov edx, ecx :00535768 8B4204 mov eax, dword ptr [edx+04] :0053576B 8945FC mov dword ptr [ebp-04], eax :0053576E A104549B00 mov eax, dword ptr [009B5404] :00535773 8B4DFC mov ecx, dword ptr [ebp-04] :00535776 03C9 add ecx, ecx :00535778 D3C0 rol eax, cl :0053577A 8945F8 mov dword ptr [ebp-08], eax :0053577D 8B4DF8 mov ecx, dword ptr [ebp-08] :00535780 334D08 xor ecx, dword ptr [ebp+08] :00535783 894A30 mov dword ptr [edx+30], ecx <~~~ SI breaks here. :00535786 8BE5 mov esp, ebp :00535788 5D pop ebp :00535789 C20400 ret 0004 If you NOP :00535783 you can build as much as you want, and your population will not increase. //end n00b tutorial [CONCLUSION] In conclusion, if you trace back far enough eventually you will find where the game code actually modifies your values using your run of the mill inc/dec add/sub operations so from there you can change it to whatever you want. However as noted above, the computer also uses the same routines to adjust its values so when it spends, it will gain the resources too. This is why [sheep]'s solution is proper. Mine is the simple solution, but simple isn't always better. ^chaos^ idxchaos@hotmail.com www.s-i-n.com/chaos/trainerology.htm <~~greets~~> [sheep], MiCRal, Archmage, MrNOP, Visual Perfection, MiraMax, cppdude. #gamehacking on efnetT>