Jump to content


Photo
- - - - -

A brief look at Population in AoE


  • Please log in to reply
2 replies to this topic

#1 Psych

Psych

    Member

  • Members
  • 1689 posts

Posted 18 April 2008 - 01:04 PM

_.: Understanding Age of Empires: Rise of Rome - Population Hacking :._


To properly follow this, you will need:

- Basic understanding of gamehacking (ie. finding addresses, searching for pointers etc)
- Cheat Engine
- Age of Empires: Rise of Rome (i'm using the v1.0a update, but you can use whatever I suppose)



Ok, I dug out ye olde AoE Gold Edition and got it installed. First game on my new machine, wow graphics capability really tested here, lol!
No, fair play to microsoft for turning out these games, they are still some of the best IMO :wink:

Anyway, what i'm about to say holds true for both the original AoE games and the AoEII games. Its the population stuff. You can get a pointer that equates to the current population count. That works, although every now and again you have to keep on top of the house-building situation. A little annoying thing to have to do. With a simple change of an opcode we will make it work well. The same principle applies even if things slightly differ.

Fire up CE...

Ok, so you can easily search for the current population count (float value), in my case '10'. Create some more peeps and we're up to '12'. Search again and we are down to 2 values.
Put them both in the CT and change the values of them one at a time to find the right one. Its the top one (lowest value). This one directly affects the other one anyway. So delete the useless one.

We can right-click and do a pointer-scan on this address. Its a level-4 pointer, so get that done and stick the results in the table. You may end up with 2 working pointers, either one is fine, they worked all the time with me.
Freeze one of the pointers and build a couple more units. While doing this keep an eye on the max population count. Notice what happened? The max pop count decreases by the number of new units you created. So the game is doing a simple equation to work out what the max value should be. Keep the pointer frozen here...

*I suggest bringing up the chat window in-game and typing "steroids", the instant build cheat to speed up the process here-on out.

Build some more houses. Max population limit has gone up as expected. So why does the game decrease the max population value when you freeze the current pop value? There must be another variable to this, or it is performing some equation to work this out.

Right so we have an unknown value to find.
Unfreeze the pointer in CE. Now build a house one more time. Hmmm.. Search for the difference between the max pop and the current pop, the two values that are displayed for you in-game. You most likely get inundated with results, so build another house or kill a villager and search again. You should get the one value. Add it into the CT. This is our unknown value, which is obviously the difference between the max and current pop.

Pointer-scan this one like you did earlier, might as well do it then if you come back to play with it later it will still be pointing to a valid offset. Level-4 scan again. You'll get two results like before, but they both work. Delete one of them if you like. Make sure the value is set to float and not 4-byte. We want to see what we're doing here.
Freeze this pointer.
Go back into game and build another house. What happens this time?

Well we can build as many villagers as we like now because the current population value will never exceed the max population value! No more house building ever! Cool. But wait... you have to realize that the max population is also increasing along with your current population as you build units, with the offset of what you froze the pointer value at.
We can build and build and build new units, but we will soon hit out populating limit. Do this yourself to try it out. Again, you could work around it, by maybe destroying some houses, but thats not what we want to be doing.

We need to simultaneously stop the game from increasing the max population value (our main goal for the beginning), and also stop it from warning us about needing to build more houses (ie. the current pop has reached the max pop). So freeze both those pointers, see what happens. The aim here is to get the best of both worlds and get a fully working population hack.

Great so this works a treat. Because we are freezing the 'max - current' value (the offset if you like) it means that our current pop will never exceed our max pop and we will no longer have to build houses. And because the current pop value is frozen, it means that none of the values will increase anymore so we will never hit a population cap!

Ok so this could be left as it is. We have two level-4 pointers that we can freeze or change when we like, they will never alter. But for me this isn't good enough. Two reasons for me include, you have to freeze two pointers (wouldn't be so bad freezing just one address), and also this will only work for your population, not everyone elses. We want it to include the enemy armies too and any other human players (if your the server host) so we have have all-out battles.

To do this we will need to find a routine that both the player and computer access when building/destroying units.
Set a write breakpoint on one of the pointers, any will work the result is the same for both in this game. When it asks for a choice, pick the "find what reads from the address pointed at by this pointer" (yeah its a mistake in CE, we want to find what 'writes' to the address pointed at by this pointer, but ignore it). Build a new unit or kill one of the old ones to make the current pop value change.
We get this:
45D000: fstp dword ptr [eax]
"Store Real". Its updating the value of our population. We will simply 'NOP' this address out with two NOPs. Nothing 'code-injection' is needed here.
If we NOP this address we will stop it from happening. Think about this one. If we stop the current population value from changing, we will effectively also stop the max population from been calculated too, because as far as the game is concerned nothing is different from what it was.

Click 'show disassembler' in the small breakpoint window, and choose 'auto-assemble' from the tools menu.
Write in the following toggleable script:
[enable]

45d000:
nop
nop

[disable]

45d000:
fstp dword ptr [eax]
Done! A working population hack for Rise of Rome. This can be followed exactly for the original Age of Empires with maybe the exception of different addresses (I haven't done this myself). It is basically the same game, but it is a different .exe for the expansion so it wouldn't suprise me if things differed slightly.

The above method works for Age of Kings and the Conquerors too.
What suprised me the most about this series is that I have seen 'No', I mean not one memory-based population hack. Just mod-alternatives that might add in triggers to the map. Really suprised me. I may have missed one for the original series, but for Age of Empires II I know for definate that none have been uploaded to the web for public.

Hope that helps someone :wink:

Attached Files



#2 Comrad_Zer0

Comrad_Zer0

    Member

  • Members
  • 49 posts

Posted 22 June 2008 - 05:23 PM

Hmmm I seem to be having a problem [I know this post is old but this is bugging me]
I cannot use the "pointer scan" option to find the pointers because I turn up with no addresses.
Why and how do I fix this?
◄░PsYcH()░►

-Favorite song-
Norma Jean: The Human Face Divine

*professional musician!
*Intermediate gamehacker
*some what..◄░PsYcH()░►

#3 0xFEE1DEAD

0xFEE1DEAD

    n00bie

  • Members
  • 2 posts

Posted 14 October 2011 - 10:36 PM

I have been searching for the difference between max. population and actual population. After I found the value, I searched what writes to it. Then I NOP'ed it. Anything worked fine until I won and wanted to start a new game. As soon as I clicked on 'start game', it crashed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users