 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
ananth
How do I cheat?
![]() Reputation: 1
Joined: 13 Jul 2013
Posts: 5
|
 Posted: Thu Oct 19, 2017 7:21 am Post subject: Devil May Cry 4 Special Edition Cheat Scripts |
  |
|
This post is about writing a cheat script for Devil May Cry 4 Special Edition Step by step. I must thank VergilGanesh for his excellently crafted trainer tutorial for the original DMC4. I am considering his method as base as its easy to get things explained in that way. The 2015 special edition features game play as the Lady, Trish and the naturally invincible vergil.
For this game i would like to list down the following cheat scripts:
1. Infinite Health
2. One Hit Kill
3. Infinite Devil Trigger
4. Easy Orbs
5. Easy Proud Souls
6. Infinite Max Act - Nero
7. Infinite Disaster Guage - Dante (Pandora)
8. Infinite Royal Guard - Dante
9. Infinite Concentration Meter - Vergil
10. Infinite Timer
So lets begin,
1. Infinite Health
Following its predecessor this game follows the shared code instruction. so to begin with, each bar of health is stored as a float address. So open cheat engine and the game and select process and Devil may cry 4 special edition. Each bar of health is 1000 float so if you have your health bar fully upgraded that is two full lines then the health with which you start is 20000 float and similarly if you have not upgraded the health meter at all you start with float 6000. So scan for your initial health address as exact value float and then get hit and scan you will end up with 3 results and the first one generally is your health address, to cross check add address and freeze it to ensure it totals up to your health. Right click on this address and find what writes to this address. You should ideally come across this address if you have done things right till now
View the code in disassembler by selecting the disassembler option and right click on the code to identify "what addressess access this instruction" and then hit a few enemies without killing them. You will find a list being populated in the small pop up with addresses and their health values. in th bottom right of the box, it would specify 4 Bytes change it to float and you must note the player health and enemies health. Select all the addresses and dissect data or ctrl+d
Use control +a to add multiple addresses the more enemies the easier to spot our codes. The offset has to be subtracted from the original code. 30 is the offset so:
player code-30
enemy one code - 30
enemy two code -30 (so on and so forth)
Classify Player in Group 1 and reclassify the enemies in a seperate group and then run the structure to identify the addresses. If you notice carefully,
30 will have the player s current health and the enemies current health. 34 will have the maximum health of the player and the enemies. you can notice various addresses having common values for the enemies and a different one for the player. Note few offsets, close game choose a different set of enemies and you will then follow the same process and identify offset and note carefully, offset E0, will have value 0 for player and 2 for enemies. This is our offset for the script. With the research done lets put it to test and write the code.
| Code: | alloc(newmem,2048)
label(returnhere)
label(normalhealth)
label(exit)
newmem:
cmp [edi+E0],00000000 //compare with 0 (as player offset value is 0)
jne normalhealth //jump if not equal
mov eax,[edi+34] // mov eax to max health
mov [edi+30],eax // mov max health to current health
jmp exit
normalhealth:
movss [edi+30],xmm0 // orignial code where enemies will jump to.
exit:
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+22DDE0:
jmp newmem
returnhere:
|
With the above code in place add to cheat table and you should have your infinite health for all the characters.
2. One Hit Kill
Follow the same steps as above for the infinite health code but there would be a small change in the coding alone.
| Code: |
alloc(newmem,2048)
label(returnhere)
label(instantenemydeath)
label(exit)
newmem:
cmp [edi+E0],00000000
jne instantenemydeath
mov eax,[edi+34]
mov [edi+30],eax
jmp exit
instantenemydeath:
mov [edi+30],00000000 // instead of xmm0 replace 0 foe death
exit:
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+22DDE0:
jmp newmem
returnhere:
|
This must grant you invincibility and make your enemies shiver at the fragility of their lives 
3. Infinite Devil Trigger
Time to remove the limitation and unleash the devil within.
Each slot of the DT guage amounts to 1000 float. so first scan float with the amount of your DT guage either 3000 min without upgrade or a 10000 max with upgrade. then activate DT to lose some DT and then scan to find 3 addresses and the first address represents the DT guage of the player. freeze and maximise it to check. Unfreeze the address and right click to find what writes to this address and then activate DT and wait a while for two things:
1. The initial burst of DT
2. The DT drain on usage
Now we will ideally find codes this way:
| Code: |
movss [esi+00002504] // For initial burst
movss [esi+00002504] // For Drain on usage
|
For the first code which is for initial burst of DT, just nop the address to remove the usage of DT. to test the same, in the writing address box, right click and nop the instruction and activate DT to find out that the DT initial activation doesnt cost anything but after that the guage starts getting consumed. so after you find the address right click to identify which address reduces and which address works for the constant drain.
Code for initial burst:
| Code: |
alloc(newmem,2048)
label(returnhere)
newmem:
nop
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+4C87A9:
jmp newmem
nop
nop
nop
returnhere:
|
The above code will nullify the initial burst of DT guage. Now on to the constant reduction. Select the code into disassembler mode and then dissect data and reducde 04 from the address and define data structure and you will notice your current DT guage is shown as part of 04 Offset and Max DT guage is shown as part of 08. Hence we are now set to write the code for stoppage of constant consumption of DT guage.
| Code: |
alloc(newmem,2048)
label(returnhere)
newmem:
mov eax,[esi+00002508]
mov [esi+00002504],eax
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+4C889E:
jmp newmem
nop
nop
nop
returnhere:
|
The above code should give you infinite DT guage free from initial burst and constant consumption.
Now on to another aspect of DT guage in Special Edition of the game. When you play as vergil you get your DT guage consumed for usage of Spiral swords. The drain happens even if the above two codes are in place. so i would suggest you first freeze the initial burst and constant consumption code and then do a fresh scan, for the number of devil guage on float basis as above and then use spiral swords and then search for decreased value and then you will find 3 values and the first one generally locks on to the desired address. Freeze it and right click to find what writes to the address and you should find this code:
| Code: |
movss [esi+00002504] // For usage of DT for spiral swords.
|
Now that we know the code, we just have to nop it to get ultimate infinite devil trigger.
| Code: |
alloc(newmem,2048)
label(returnhere)
newmem:
nop
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+4D004B:
jmp newmem
nop
nop
nop
returnhere:
|
Now you have infinite DT without loss of Initial Burst, Constant Drain and loss on usage of Spiral Swords. 
4. Easy Orbs
Go in game and scan for the number of orbs you have with 4bytes. get more orbs by fighting and you will have an increased count, scan for the same and identify the code and right click to find what writes to the address and then gain more orbs and you will find this address.
| Code: | | add [esi+00000184],edi |
Now all you have to do is replace the add with imul to multiply orbs quicker. The code will be:
| Code: | alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
imul edi,edi,0000000A //Increases orbs by multiplying what you get by 10
originalcode:
add [esi+00000184],edi
exit:
jmp returnhere |
If you want to increase them faster you could use 64 (x100) A(x10). now you can get all you want faster than you think. If you want your orbs not to decrease on usage, scan for orbs on purchase and you will still find another code for decreasing orbs.
| Code: | | add [esi+00000184],edi |
just noping this would make sure your orbs doesnt decrease on use. Make sure to find them one by one so that you dont end up doing the opposite 
5. Easy Proud Souls
The same method as above to arrive at the code:
| Code: | | add [esi+00000284],edi |
you know the drill now, add goes out and imul replaces it:
| Code: | alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
imul edi,edi,00000003
originalcode:
add [esi+00000284],edi
exit:
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+1ADBE6:
jmp newmem
nop
returnhere: |
6. Infinite Max Act - Nero
The red sword feature makes this character worthwhile to play. He has to charge it up and loses it after an attack, we are gonna make it last forever. fill up 3 bars by charging up and scan for 3 using 4 bytes, then use search for decreased value and then again charge and search for 3 after filling up all 3 and then eureka, you arrive at your address. right click to find out what writes to the address and go to the disassembler and dissect data for the following code:
when you dissect it reducing 04 from the address, you find offset 04 with your current max act and 08 with your maximum max act. So now we head on to write the code:
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
mov [ecx+08],00000003
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+518932:
jmp newmem
returnhere: |
There s our infinite Max Act.
7. Infinite Disaster Guage - Dante (Pandora)
Full pandora bar has a float value of 10000. Now head over as dante use gunslinger and search for unknown initial value and use the pandora to find your address which belongs to the disaster guage. now right click and find what writes to the address.
movss [esi+00017994],xmm1 // For flying using pandora
movss [esi+00017994],xmm1 // For Increasing Pandora Meter
Now we have to nop the decrease on flying code
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
nop
jmp returnhere
|
Now to the increase code which we are going to move to full meter always The full meter has a float value of 10000:
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
mov [esi+00017994],(float)10000
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+551DC9:
jmp newmem
nop
nop
nop
returnhere: |
Now on using the pandora you notice a code to decrease the guage:
| Code: | | movss [ebx+00017994],xmm0 |
Now we nop the code to ensure it doesnt decrease on usage.
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
nop
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+50B78B:
jmp newmem
nop
nop
nop
returnhere: |
8. Infinite Royal Guard - Dante
Full Royalguard bar has a Float value of 30000.
Similarly there are two codes for Royal guard on scanning with unknown initial value to an increase or decrease, you arrive at the value and find what writes to the address by right clicking and you arrive at these addresses:
| Code: | movss [esi+00017530],xmm1 //For increasing RG meter
movss [eax+00017530],xmm0 //For usage of RG meter |
Now we need to nop the second one for which the code is as follows:
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
nop
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+548013:
jmp newmem
nop
nop
nop
returnhere: |
Now on to getting the maximum RG meter since the beginning. We need to find the maximum value of RG meter which is 30000. The code is as follows:
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
mov [esi+00017530],(float)30000
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+4DCE47:
jmp newmem
nop
nop
nop
returnhere: |
This will give you infinite RG meter and usage.
9. Infinite Concentration Meter - Vergil
Now this is one amazing feature in the special edition to motivate players to reprise the role of the cool headed demon offspring of sparda and play as the cold and calm demon vergil. the more composed and timely your attacks the meter gets filled. A fuller meter means a more devastating vergil. When you scan for the initial value as unknown float and find the final address, you will right click to see what writes to this address, you will arrive at the following 3 codes:
| Code: | movss [esi+00007B58],xmm0
movss [esi+00007B58],xmm0
movss [esi+00007B58],xmm0 |
Now all we have to do is, mov all these three codes to the max value of this meter which is 300. So the code has to be written in the same manner for all 3 of the codes.
| Code: | alloc(newmem,2048)
label(returnhere)
newmem:
mov [esi+00007B58],(float)300
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+D6F99: |
Write the same code for all 3 addresses and you will have this meter always full for vergil and then you can keep "you shall die"ing
10. Infinite Timer
Choose Mission 10 and ride down the elevator and your timer starts counting down. Use float and unknown initial value and dec value to arrive at the final address which is:
| Code: | | movss [esi+00000384],xmm2 |
now all we have to do is nop this code and we have all we need. the code is:
| Code: | alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
nop
originalcode:
//movss [esi+00000384],xmm2
exit:
jmp returnhere
"DevilMayCry4SpecialEdition.exe"+19B7A8:
jmp newmem
nop
nop
nop
returnhere: |
Now we have unlimited timer too.
With this i think i have covered the major aspects. Do let me know if this works or if you have trouble getting these to work. If you do want any additional codes let me know. What i have left out is auto max charge for guns and infinite grenade for lady. If you guys want the same do leave a comment i will pen it down. I am no expert but have tried this out. I know am late on the release, but would like to help those who need help. The game s great especially with dante and vergil being on it. Hope you guys find this useful and enjoy.
|
|
| Back to top |
|
 |
123iamking
Newbie cheater
![]() Reputation: 0
Joined: 06 Sep 2015
Posts: 12
|
| Posted: Thu Apr 19, 2018 2:38 am Post subject: Is it possible to get health's pointer in Devil May Cry 4 SE |
|
|
So I can get the health
| Quote: | | Each bar of health is 1000 float so if you have your health bar fully upgraded that is two full lines then the health with which you start is 20000 float and similarly if you have not upgraded the health meter at all you start with float 6000. |
but when I tried to get the health pointer (as Cheat Engine Tutorial 6 taught me), I stuck at searching the pointer: Please check the image attachment, I tried to post the image at imgur but I'm not allowed because I'm new.
so Is it possible to get health's pointer in Devil May Cry 4 SE?
| Description: |
|
| Filesize: |
53.41 KB |
| Viewed: |
26475 Time(s) |
|
|
|
| Back to top |
|
|
123iamking
Newbie cheater
![]() Reputation: 0
Joined: 06 Sep 2015
Posts: 12
|
| Posted: Sun May 13, 2018 2:56 am Post subject: Re: Is it possible to get health's pointer in Devil May Cry |
|
|
| 123iamking wrote: |
so Is it possible to get health's pointer in Devil May Cry 4 SE? |
Yes, it is.
The health pointer is:
Base: 400000+f59f00
offset 1: 1B00
offset 2: 24
The full cheat table code is
| Code: | <?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="24">
<CheatEntries>
<CheatEntry>
<ID>4</ID>
<Description>"[getAddressList().getMemoryRecordByDescription('Max Health').Value]"</Description>
<LastState Value="" RealAddress="00000000"/>
<GroupHeader>1</GroupHeader>
</CheatEntry>
<CheatEntry>
<ID>0</ID>
<Description Activated="1">"Health"</Description>
<VariableType>Float</VariableType>
<Address>400000+f59f00</Address>
<Offsets>
<Offset>1B00</Offset>
<Offset>24</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"Max Health"</Description>
<VariableType>Float</VariableType>
<Address>400000+f59f00</Address>
<Offsets>
<Offset>1B04</Offset>
<Offset>24</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>5</ID>
<Description>"[getAddressList().getMemoryRecordByDescription('Max Devil Trigger').Value]"</Description>
<LastState Value="" RealAddress="00000000"/>
<GroupHeader>1</GroupHeader>
</CheatEntry>
<CheatEntry>
<ID>2</ID>
<Description Activated="1">"Devil Trigger"</Description>
<VariableType>Float</VariableType>
<Address>400000+f59f00</Address>
<Offsets>
<Offset>2504</Offset>
<Offset>24</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>3</ID>
<Description>"Max Devil Trigger"</Description>
<VariableType>Float</VariableType>
<Address>400000+f59f00</Address>
<Offsets>
<Offset>2508</Offset>
<Offset>24</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
<UserdefinedSymbols/>
</CheatTable>
|
[/code]
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
