Please Help with H3ERA Hero experience per level Hacking

International board General discussion
#1

According to ERM Help, there is problem in WoG/ERA in hero leveling after 75 level and later.

I found VCMI code for leveling and it doesn’t have this problem.

void CHeroHandler::loadExperience()
{
	expPerLevel.push_back(0);
	expPerLevel.push_back(1000);
	expPerLevel.push_back(2000);
	expPerLevel.push_back(3200);
	expPerLevel.push_back(4600);
	expPerLevel.push_back(6200);
	expPerLevel.push_back(8000);
	expPerLevel.push_back(10000);
	expPerLevel.push_back(12200);
	expPerLevel.push_back(14700);
	expPerLevel.push_back(17500);
	expPerLevel.push_back(20600);
	expPerLevel.push_back(24320);
	expPerLevel.push_back(28784);
	expPerLevel.push_back(34140);
	while (expPerLevel[expPerLevel.size() - 1] > expPerLevel[expPerLevel.size() - 2])
	{
		int i = expPerLevel.size() - 1;
		expPerLevel.push_back (expPerLevel* + (expPerLevel* - expPerLevel*) * 1.2);
	}
	expPerLevel.pop_back();//last value is broken
}

I’ve Isolated the function in ERA to some Adresses

004DA6DE

CPU Disasm
Address   Hex dump          Command                                  Comments
004DA690  /$  55            PUSH EBP                                 ; h3era.004DA690(guessed void)
004DA691  |.  8BEC          MOV EBP,ESP
004DA693  |.  83EC 08       SUB ESP,8
004DA696  |.  53            PUSH EBX
004DA697  |.  8BD9          MOV EBX,ECX
004DA699  |.  56            PUSH ESI
004DA69A  |.  57            PUSH EDI
004DA69B  |.  8D73 01       LEA ESI,[EBX+1]
004DA69E  |.  83FE 0C       CMP ESI,0C
004DA6A1  |.  7F 0A         JG SHORT 004DA6AD
004DA6A3  |.  0FBF3C75 869C MOVSX EDI,WORD PTR DS:[ESI*2+679C86]
004DA6AB  |.  EB 52         JMP SHORT 004DA6FF
004DA6AD  |>  0FBF3D 9E9C67 MOVSX EDI,WORD PTR DS:[679C9E]
004DA6B4  |.  0FBF05 9C9C67 MOVSX EAX,WORD PTR DS:[679C9C]
004DA6BB  |.  8BCF          MOV ECX,EDI
004DA6BD  |.  2BC8          SUB ECX,EAX
004DA6BF  |.  894D FC       MOV DWORD PTR SS:[LOCAL.1],ECX
004DA6C2  |.  DB45 FC       FILD DWORD PTR SS:[LOCAL.1]
004DA6C5  |.  DD5D F8       FSTP QWORD PTR SS:[LOCAL.2]
004DA6C8  |.  DD45 F8       FLD QWORD PTR SS:[LOCAL.2]
004DA6CB  |.  DC0D 20AC6300 FMUL QWORD PTR DS:[63AC20]               ; FLOAT 1.200000000000000
004DA6D1  |.  E8 BED81300   CALL 00617F94
004DA6D6  |.  03F8          ADD EDI,EAX
004DA6D8  |.  83FE 0D       CMP ESI,0D
004DA6DB  |.  8945 FC       MOV DWORD PTR SS:[LOCAL.1],EAX
004DA6DE  |.  7E 1F         JLE SHORT 004DA6FF
004DA6E0  |.  83C6 F3       ADD ESI,-0D
004DA6E3  |>  DB45 FC       /FILD DWORD PTR SS:[LOCAL.1]
004DA6E6  |.  DD5D F8       |FSTP QWORD PTR SS:[LOCAL.2]
004DA6E9  |.  DD45 F8       |FLD QWORD PTR SS:[LOCAL.2]
004DA6EC  |.  DC0D 20AC6300 |FMUL QWORD PTR DS:[63AC20]              ; FLOAT 1.200000000000000
004DA6F2  |.  E8 9DD81300   |CALL 00617F94
004DA6F7  |.  03F8          |ADD EDI,EAX
004DA6F9  |.  4E            |DEC ESI
004DA6FA  |.  8945 FC       |MOV DWORD PTR SS:[LOCAL.1],EAX
004DA6FD  |.^ 75 E4         \JNZ SHORT 004DA6E3
004DA6FF  |>  83FB 0C       CMP EBX,0C
004DA702  |.  7F 13         JG SHORT 004DA717
004DA704  |.  0FBF345D 869C MOVSX ESI,WORD PTR DS:[EBX*2+679C86]
004DA70C  |.  8BC7          MOV EAX,EDI
004DA70E  |.  5F            POP EDI
004DA70F  |.  2BC6          SUB EAX,ESI
004DA711  |.  5E            POP ESI
004DA712  |.  5B            POP EBX
004DA713  |.  8BE5          MOV ESP,EBP
004DA715  |.  5D            POP EBP
004DA716  |.  C3            RETN
004DA717  |>  0FBF35 9E9C67 MOVSX ESI,WORD PTR DS:[679C9E]
004DA71E  |.  0FBF15 9C9C67 MOVSX EDX,WORD PTR DS:[679C9C]
004DA725  |.  8BC6          MOV EAX,ESI
004DA727  |.  2BC2          SUB EAX,EDX
004DA729  |.  8945 FC       MOV DWORD PTR SS:[LOCAL.1],EAX
004DA72C  |.  DB45 FC       FILD DWORD PTR SS:[LOCAL.1]
004DA72F  |.  DD5D F8       FSTP QWORD PTR SS:[LOCAL.2]
004DA732  |.  DD45 F8       FLD QWORD PTR SS:[LOCAL.2]
004DA735  |.  DC0D 20AC6300 FMUL QWORD PTR DS:[63AC20]               ; FLOAT 1.200000000000000
004DA73B  |.  E8 54D81300   CALL 00617F94
004DA740  |.  03F0          ADD ESI,EAX
004DA742  |.  83FB 0D       CMP EBX,0D
004DA745  |.  8945 FC       MOV DWORD PTR SS:[LOCAL.1],EAX
004DA748  |.  7E 1F         JLE SHORT 004DA769
004DA74A  |.  83C3 F3       ADD EBX,-0D
004DA74D  |>  DB45 FC       /FILD DWORD PTR SS:[LOCAL.1]
004DA750  |.  DD5D F8       |FSTP QWORD PTR SS:[LOCAL.2]
004DA753  |.  DD45 F8       |FLD QWORD PTR SS:[LOCAL.2]
004DA756  |.  DC0D 20AC6300 |FMUL QWORD PTR DS:[63AC20]              ; FLOAT 1.200000000000000
004DA75C  |.  E8 33D81300   |CALL 00617F94
004DA761  |.  03F0          |ADD ESI,EAX
004DA763  |.  4B            |DEC EBX
004DA764  |.  8945 FC       |MOV DWORD PTR SS:[LOCAL.1],EAX
004DA767  |.^ 75 E4         \JNZ SHORT 004DA74D
004DA769  |>  8BC7          MOV EAX,EDI
004DA76B  |.  5F            POP EDI
004DA76C  |.  2BC6          SUB EAX,ESI
004DA76E  |.  5E            POP ESI
004DA76F  |.  5B            POP EBX
004DA770  |.  8BE5          MOV ESP,EBP
004DA772  |.  5D            POP EBP
004DA773  \.  C3            RETN

00617F94

CPU Disasm
Address   Hex dump          Command                                  Comments
00617F94  /$  55            PUSH EBP
00617F95  |.  8BEC          MOV EBP,ESP
00617F97  |.  83C4 F4       ADD ESP,-0C
00617F9A  |.  9B            WAIT
00617F9B  |.  D97D FE       FSTCW WORD PTR SS:[LOCAL.1+2]
00617F9E  |.  9B            WAIT
00617F9F  |.  66:8B45 FE    MOV AX,WORD PTR SS:[LOCAL.1+2]
00617FA3  |.  80CC 0C       OR AH,0C
00617FA6  |.  66:8945 FC    MOV WORD PTR SS:[LOCAL.1],AX
00617FAA  |.  D96D FC       FLDCW WORD PTR SS:[LOCAL.1]
00617FAD  |.  DF7D F4       FISTP QWORD PTR SS:[LOCAL.3]
00617FB0  |.  D96D FE       FLDCW WORD PTR SS:[LOCAL.1+2]
00617FB3  |.  8B45 F4       MOV EAX,DWORD PTR SS:[LOCAL.3]
00617FB6  |.  8B55 F8       MOV EDX,DWORD PTR SS:[LOCAL.2]
00617FB9  |.  C9            LEAVE
00617FBA  \.  C3            RETN

What I need to fix the code? I want VCMI formula in ERA. I hope it is a minor change…***

#2

VCMI dynamically allocates exp levels and holds them as 64-bit integer. Can’t be easily fixed in assembler.

#3

I know, but any code that match would be welcome.
I see it uses DWORD which is 32bit integer - oops!

VCMI stores the table somewhere, while h3sod/h3wog/h3era doess a loop.
I want to use full potential of DWORD, and make game feel better.

Could you provide any Assembler code which preserves I/O but calculates properly?

#4

Oooh now I know - it is DWORD (signed) which is the limit, checked it on the spreadsheet - lvl 77 is above sign change