 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
bimbong29
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2023
Posts: 1
|
 Posted: Fri Oct 20, 2023 9:36 am Post subject: Need Help Finding 'Initial Trait Talent Points' Game Code in |
 |
|
Hello Cheat Engine Forum Community,
I hope this message finds you well. I am currently playing the game "Scroll of Taiwu," and I'm facing a bit of a challenge when it comes to locating the game code for 'initial trait talent points.' I've scoured various forums and resources, but I'm still having trouble identifying the correct value type for this particular game attribute.
To provide more context, at the beginning of the game, during character customization, you are given 10 free points that can be allocated as you see fit to obtain bonuses. However, I've been unable to find the game code related to 'initial trait talent points.' I suspect that it should be an exact value, but I'm quite confused about the value type of the code. Is it a 2-byte, 4-byte, 8-byte, string, binary, float, or double?
I've attempted to use different data types in Cheat Engine, but so far, I haven't had any luck pinpointing the code. I've also tried scanning for unknown initial values and then changed the points to see what's being altered, but I still haven't had any success in isolating the correct code.
If anyone in the community has experience with the game "Scroll of Taiwu" and has successfully identified the code for 'initial trait talent points,' I would greatly appreciate your guidance and expertise on this matter. Any tips, suggestions, or insights on how to locate this specific value type within Cheat Engine would be extremely valuable to me.
Thank you for your time and assistance. I'm looking forward to learning from your experiences and hopefully making some progress in modifying this game attribute.
Best regards,
bimbong29
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Fri Oct 20, 2023 1:22 pm Post subject: |
|
|
| bimbong29 wrote: | | I suspect that it should be an exact value... |
This isn't necessarily true. It could be the game stores how many points you've allocated for each skill.
It's made using Unity, so you can use CE's mono features to help. Attach to the game, then main CE window -> Mono -> Activate mono features.
Note: I'm running this game using a weird setup through Wine. I can't get the game to load fully (can't test this myself), but I was able to activate mono features. The assembly on your computer might look different.
The function UI_NewGame:UpdatePoints looks interesting. It seems to allocate a new array for the _selectedPoints field every time it's called, so you can't simply search for those values.
The function seems to use the _selectedAbilities field to update this. Modifying that would be annoying, but looking further down in the function, there appear to be floating point constants relating to the max free points available:
| Code: | UI_NewGame:UpdatePoints+44b - 48 8B 8E 08010000 - mov rcx,[rsi+00000108]
UI_NewGame:UpdatePoints+452 - 83 79 18 00 - cmp dword ptr [rcx+18],00 { 0 }
UI_NewGame:UpdatePoints+456 - 0F86 17040000 - jbe UI_NewGame:UpdatePoints+873
UI_NewGame:UpdatePoints+45c - 48 63 49 20 - movsxd rcx,dword ptr [rcx+20]
UI_NewGame:UpdatePoints+460 - F3 0F2A C1 - cvtsi2ss xmm0,ecx
UI_NewGame:UpdatePoints+464 - F3 0F5A C0 - cvtss2sd xmm0,xmm0
UI_NewGame:UpdatePoints+468 - F3 0F10 0D 60040000 - movss xmm1,[UI_NewGame:UpdatePoints+8d0] { (10.00) }
UI_NewGame:UpdatePoints+470 - F3 0F5A C9 - cvtss2sd xmm1,xmm1
UI_NewGame:UpdatePoints+474 - F2 0F5E C1 - divsd xmm0,xmm1
UI_NewGame:UpdatePoints+478 - 48 8B C8 - mov rcx,rax
UI_NewGame:UpdatePoints+47b - F2 0F10 C8 - movsd xmm1,xmm0
UI_NewGame:UpdatePoints+47f - F2 0F5A C9 - cvtsd2ss xmm1,xmm1
|
The important point is the `movss` instruction that loads the float 10 into the xmm register. There are other instructions like this too later on for the first 3 values of the _selectedPoints array:
| Code: | UI_NewGame:UpdatePoints+468 - F3 0F10 0D 60040000 - movss xmm1,[UI_NewGame:UpdatePoints+8d0] { (10.00) }
...
UI_NewGame:UpdatePoints+4d0 - F3 0F10 0D E8030000 - movss xmm1,[UI_NewGame:UpdatePoints+8c0] { (10.00) }
...
UI_NewGame:UpdatePoints+538 - F3 0F10 0D 70030000 - movss xmm1,[UI_NewGame:UpdatePoints+8b0] { (10.00) } |
I don't know what the first 3 values in the _selectedPoints array are, but the 4th appears to be their sum:
| Code: | UI_NewGame:UpdatePoints+563 - 48 8B 86 08010000 - mov rax,[rsi+00000108]
UI_NewGame:UpdatePoints+56a - 48 8B C8 - mov rcx,rax
UI_NewGame:UpdatePoints+56d - 83 79 18 00 - cmp dword ptr [rcx+18],00 { 0 }
UI_NewGame:UpdatePoints+571 - 0F86 E7020000 - jbe UI_NewGame:UpdatePoints+85e
UI_NewGame:UpdatePoints+577 - 48 63 49 20 - movsxd rcx,dword ptr [rcx+20]
UI_NewGame:UpdatePoints+57b - 48 8B 96 08010000 - mov rdx,[rsi+00000108]
UI_NewGame:UpdatePoints+582 - 83 7A 18 01 - cmp dword ptr [rdx+18],01 { 1 }
UI_NewGame:UpdatePoints+586 - 0F86 CB020000 - jbe UI_NewGame:UpdatePoints+857
UI_NewGame:UpdatePoints+58c - 48 63 52 24 - movsxd rdx,dword ptr [rdx+24]
UI_NewGame:UpdatePoints+590 - 03 CA - add ecx,edx
UI_NewGame:UpdatePoints+592 - 48 8B 96 08010000 - mov rdx,[rsi+00000108]
UI_NewGame:UpdatePoints+599 - 83 7A 18 02 - cmp dword ptr [rdx+18],02 { 2 }
UI_NewGame:UpdatePoints+59d - 0F86 AD020000 - jbe UI_NewGame:UpdatePoints+850
UI_NewGame:UpdatePoints+5a3 - 48 63 52 28 - movsxd rdx,dword ptr [rdx+28]
UI_NewGame:UpdatePoints+5a7 - 03 CA - add ecx,edx
UI_NewGame:UpdatePoints+5a9 - 83 78 18 03 - cmp dword ptr [rax+18],03 { 3 }
UI_NewGame:UpdatePoints+5ad - 0F86 96020000 - jbe UI_NewGame:UpdatePoints+849
UI_NewGame:UpdatePoints+5b3 - 89 48 2C - mov [rax+2C],ecx |
There's another 10 constant used here along with the total:
| Code: | UI_NewGame:UpdatePoints+602 - BA 0A000000 - mov edx,0000000A { 10 }
UI_NewGame:UpdatePoints+607 - 48 8B 86 08010000 - mov rax,[rsi+00000108]
UI_NewGame:UpdatePoints+60e - 83 78 18 03 - cmp dword ptr [rax+18],03 { 3 }
UI_NewGame:UpdatePoints+612 - 0F86 2A020000 - jbe UI_NewGame:UpdatePoints+842
UI_NewGame:UpdatePoints+618 - 48 63 40 2C - movsxd rax,dword ptr [rax+2C]
UI_NewGame:UpdatePoints+61c - 2B D0 - sub edx,eax
... |
That gets passed around to a few calls. No clue what it's used for. Maybe it's something important, maybe it's just drawing text to the screen.
Anyway, I'd try changing those constants to something else. e.g. add the floats to the address list, change them to 20. Maybe change that other integer 10 constant to 20 too. (in my case, I could add UI_NewGame:UpdatePoints+603 to the address list as a 4-byte int)
If that doesn't work, try making a code injection that sets each value in the array to 0 and see what happens. I'd try putting the injection point just before the floating point stuff. The 4th value is set to the sum of the first 3 values after this, so it should also be 0.
| Code: | findmonomethod(uiUpdatePoints,:UI_NewGame:UpdatePoints)
define(address,uiUpdatePoints+44B)
define(bytes,48 8B 8E 08 01 00 00 83 79 18 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,address)
label(exit)
label(return)
newmem:
mov rcx,[rsi+00000108]
cmp [rcx+18],2
jbe exit // should already have at least 3 values in the array
mov [rcx+20],0
mov [rcx+24],0
mov [rcx+28],0
exit:
jmp return
address:
jmp newmem
nop 2
return:
[DISABLE]
address:
db bytes
// mov rcx,[rsi+00000108]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: UI_NewGame:UpdatePoints+44b
UI_NewGame:UpdatePoints+41d: 48 8B C8 - mov rcx,rax
UI_NewGame:UpdatePoints+420: 48 8B 00 - mov rax,[rax]
UI_NewGame:UpdatePoints+423: FF 90 50 04 00 00 - call qword ptr [rax+00000450]
UI_NewGame:UpdatePoints+429: 83 3F 00 - cmp dword ptr [rdi],00
UI_NewGame:UpdatePoints+42c: 41 BA 08 0A 44 0D - mov r10d,0D440A08
UI_NewGame:UpdatePoints+432: 48 8B CF - mov rcx,rdi
UI_NewGame:UpdatePoints+435: BA 00 AF E0 2E - mov edx,2EE0AF00
UI_NewGame:UpdatePoints+43a: 48 8D 6D 00 - lea rbp,[rbp+00]
UI_NewGame:UpdatePoints+43e: 49 BB 56 8D BA 10 00 00 00 00 - mov r11,0000000010BA8D56
UI_NewGame:UpdatePoints+448: 41 FF D3 - call r11
// ---------- INJECTING HERE ----------
UI_NewGame:UpdatePoints+44b: 48 8B 8E 08 01 00 00 - mov rcx,[rsi+00000108]
// ---------- DONE INJECTING ----------
UI_NewGame:UpdatePoints+452: 83 79 18 00 - cmp dword ptr [rcx+18],00
UI_NewGame:UpdatePoints+456: 0F 86 17 04 00 00 - jbe UI_NewGame:UpdatePoints+873
UI_NewGame:UpdatePoints+45c: 48 63 49 20 - movsxd rcx,dword ptr [rcx+20]
UI_NewGame:UpdatePoints+460: F3 0F 2A C1 - cvtsi2ss xmm0,ecx
UI_NewGame:UpdatePoints+464: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
UI_NewGame:UpdatePoints+468: F3 0F 10 0D 60 04 00 00 - movss xmm1,[UI_NewGame:UpdatePoints+8d0]
UI_NewGame:UpdatePoints+470: F3 0F 5A C9 - cvtss2sd xmm1,xmm1
UI_NewGame:UpdatePoints+474: F2 0F 5E C1 - divsd xmm0,xmm1
UI_NewGame:UpdatePoints+478: 48 8B C8 - mov rcx,rax
UI_NewGame:UpdatePoints+47b: F2 0F 10 C8 - movsd xmm1,xmm0
} |
All this could be purely UI values and the real work is being done elsewhere. e.g. maybe some "onClick" function checks if you have enough points available, or maybe the "DoStartNewGame" function does something weird with the _selectedAbilities field.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
XoLife
How do I cheat?
![]() Reputation: 0
Joined: 31 Jan 2017
Posts: 4
|
| Posted: Wed Dec 27, 2023 1:41 pm Post subject: Update? |
|
|
@bimbong29
Were you able to find anything on this?
_________________
(CHEERS) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
