A bit of advice, look deeper into the registers for quick builds.
Set a breakpoint before you amend the code, and keep note of eax.
See if it changes when you build, or when the computer builds.
For an example this is what the coding is like for FABLE.
Code:
10abf
mov eax,esi
mov [00548a62],eax
cmp [eax],127293c - is it going to be NPC?
je 10ae2 - jump here if so
cmp [eax],12457fc - is it going to be player?
je 10af1 - jump here if so
fstp [esi+b4] - if none above, move current stack value to pointer
jmp 6a6338 - jump back to game
fstp [esi+b4] - NPC health routine, change to mov [esi+b4],00 for 1hit kill
nop
nop
nop
nop - nops needed for mov instruction later since its needs 10 bytes
jmp 6a6338 - jump back to game
fstp [esi+b4] - hero's health, nop out for infinite health. Or you can force a value in?
jmp 6a6338 - jump back to game..
6a6332
jmp 10abf - jump to code injection
nop
If we want 1 hit kill, rename 2nd fstp to mov [esi+b4],00
Basically when playing the game, I set a breakpoint at the real address when calculating out dmg done and removing, so i get hit game broke into debugger checked eax value, hit bad guy, broke back seen new value, tried a few times to make sure.
So then I had these 2 values...
012457fc was the players' eax value
0127293c is the NPCs'
With a bit more digging (Fable will be more complicated than Warhammer so I doubt you will need to do this)... I found out where it stored these values before moving em, then found out it used the same address each time [00548a62].
If warhammer is the same idea, then just look before the code you want to manipulate, you will eventually find the evidence you need. But I doubt it, dont have the game so cant help you any further.