Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Fri May 18, 2018 3:56 pm

[URL='https://i.imgur.com/a/mEcBm7C.png']Image[/URL]



The same opcode that controls weapon health is the same one that controls every other destroyable item in the game including enemy health. NOP'ing this instruction makes everything invincible. I'm attempting to isolate weapon health. I've watched/read numerous tutorials, but there seems to be something different in this case that I'm not understanding. Once I get to step 4 (see linked image), I'm met with tons of addresses. Many of which are constantly changing. This is where I get stuck.



I added several of the addresses to the "dissect data structures" tool and the only purple address I'm seeing is this one [URL='https://i.imgur.com/a/7wVEZ9d.jpg']here[/URL], but this doesn't seem correct.



Need some assistance. Creating unbreakable weapons would be a huge feature for this game, but I clearly don't know what I'm doing.



thanks in advance

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Fri May 18, 2018 4:12 pm

There are other ways of comparing things out. What I do first is looking at the register states of the adress and compare those against other adresses if you find differences between the adress your looking for and the adresses copy them to notepad restart the game or in your case even cemu and look at the adress register states you copied and compare those to the new ones if one or more of them are the same after an restart you can use them to compare them or you can do the same with the stack. If you don't undertsand what i meant here is an example:



Adress you want:

rax=1

rbx=2



Adress you don't want:

rax=3

rbx=4



In that case you could copy both values of the registers because there different restart the game and after the restart they maybe look like this:



Adress you want:

rax=1

rbx=9



Adress you don't want:

rax=3

rbx=7



As you can see rbx changed but rax didn't therefore you could use rax to compare.
Last edited by Bloodybone on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Fri May 18, 2018 4:53 pm

[USER=7561]@Bloodybone[/USER]

[URL='https://i.imgur.com/a/xOWbv6o.jpg']This[/URL] is what I'm seeing in the registers, but I'm not clear how to know which register represents what? (enemy health, weapon health, tree health, etc.)
Last edited by Drivium on Thu Jan 01, 1970 12:00 am, edited 2 times in total.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Fri May 18, 2018 5:58 pm

[QUOTE="Drivium, post: 46289, member: 1978"][USER=7561]@Bloodybone[/USER]

[URL='https://i.imgur.com/a/xOWbv6o.jpg']This[/URL] is what I'm seeing in the registers, but I'm not clear how to know which register represents what? (enemy health, weapon health, tree health, etc.)[/QUOTE]

What i meant is if you have The Adress that you wan't you can press Find out what acesses/writes and then look at the register states copy them select another random adress do the same compare those two copy the diffrences in the registers and restart the game and see what changed and what didn't and those who didn't change you can use.

1526669096

I could also make a Video if you still don't understand what I mean. (If you want)
Last edited by Bloodybone on Fri May 18, 2018 6:44 pm, edited 4 times in total.

Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Fri May 18, 2018 6:51 pm

[QUOTE="Bloodybone, post: 46292, member: 7561"]I want! That would be a huge help. I'm a visual dude. :)

I could also make a Video if you still don't understand what I mean. (If you want)[/QUOTE]

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Fri May 18, 2018 8:25 pm

[URL='https://streamable.com/e6yhg']Here[/URL] is my Video its not that good and my english isn't the best so I'm sorry for that but I hope you understand what I mean... :)

Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Fri May 18, 2018 11:03 pm

[QUOTE="Bloodybone, post: 46308, member: 7561"][URL='https://streamable.com/e6yhg']Here[/URL] is my Video its not that good and my english isn't the best so I'm sorry for that but I hope you understand what I mean... :)[/QUOTE]



Thank you for the tutorial! I think I got it! Here is my working code:

[CODE]

[ENABLE]



aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$1000,2171BFF3)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)

[/CODE]



Another question - how could I invert that to give me a one hit kill for enemies?
Last edited by Drivium on Fri May 18, 2018 11:18 pm, edited 3 times in total.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Sat May 19, 2018 11:14 am

[USER=1978]@Drivium[/USER] First you should find the difference between the enemies health and other stuff as you did before. I would recommend registers between the values of the enemies are the same but for other stuff is different. For Example:

Enemy 1:

rax=1

rbx=3



Enemy 2:

rax=2

rbx=3



Other Value:

rax=6

rbx=4



In that example rbx is the same between both enemies and it is different between the other value but rax is different for every value but you don't wan't to compare every enemy out. If you've done that I can give you an example code that should onehitkill the enemies.
Last edited by Bloodybone on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Sat May 19, 2018 5:37 pm

[QUOTE="Bloodybone, post: 46359, member: 7561"][USER=1978]@Drivium[/USER] First you should find the difference between the enemies health and other stuff as you did before. I would recommend registers between the values of the enemies are the same but for other stuff is different. For Example:

Enemy 1:

rax=1

rbx=3



Enemy 2:

rax=2

rbx=3



Other Value:

rax=6

rbx=4



In that example rbx is the same between both enemies and it is different between the other value but rax is different for every value but you don't wan't to compare every enemy out. If you've done that I can give you an example code that should onehitkill the enemies.[/QUOTE]



I'd be happy with every other item in the game being 1 hit destroy (enemies, trees, boxes). Yes, if you have some example code, that'd be perfect.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Sat May 19, 2018 5:54 pm

[QUOTE="Drivium, post: 46379, member: 1978"]I'd be happy with every other item in the game being 1 hit destroy (enemies, trees, boxes). Yes, if you have some example code, that'd be perfect.[/QUOTE]

Ok I if that is what you wan't this should work:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov r14d,0

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]



If the above doesn't work this maybe could:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

bswap r14d

mov r14d,0

bswap r14d

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]
Last edited by Bloodybone on Thu Jan 01, 1970 12:00 am, edited 2 times in total.

Drivium
Fearless Donors
Fearless Donors
Posts: 151
Joined: Tue Apr 04, 2017 2:47 am
Reputation: 22

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Drivium » Sat May 19, 2018 6:12 pm

[QUOTE="Bloodybone, post: 46381, member: 7561"]Ok I if that is what you wan't this should work:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov r14d,0

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]



If the above doesn't work this maybe could:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

bswap r14d

mov r14d,0

bswap r14d

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE][/QUOTE]





Both of these examples make enemies die as soon you enable it. Is there a way to make it so you have to strike them before they die? Maybe a way to subtract the full value of their current health after being hit? r10 for weapons = 80001 and all others seem to be 0, if that helps.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by Bloodybone » Sat May 19, 2018 6:21 pm

[QUOTE="Drivium, post: 46384, member: 1978"]Both of these examples make enemies die as soon you enable it. Is there a way to make it so you have to strike them before they die? Maybe a way to subtract the full value of their current health after being hit? r10 for weapons = 80001 and all others seem to be 0, if that helps.[/QUOTE]

I guess the opcode is accesing the adress maybe find what writes to the adress so like what writes to enemy health then hit one and tell me what you find.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1655
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 298

Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

Post by SunBeam » Sun May 20, 2018 12:18 pm

Here come the requests :) Check the epic thread of this topic, you'll make sense fast. Stop at "I don't know what I'm doing" first :)

Post Reply

Who is online

Users browsing this forum: No registered users