Baldur's Gate 3

Add topics here with methods, analysis, code snippets, mods etc. for a certain game that normally won't make it in the Tables or Requests sections.
romkansk
Novice Cheater
Novice Cheater
Posts: 21
Joined: Tue Apr 04, 2017 1:04 pm
Reputation: 11

Re: Baldur's Gate 3

Post by romkansk »

So far there doesn't seem to be any way to cheat the amount of prepared spells, other then stat modifier, so I was trying to allow changing prepared spells during combat.

I think I was able to find the funtion responsible for changing prepared spells, and there's jump that seem to be triggering the error message during compbat but even bypassing that spells still don't change. There doesn't seem to be any significant change during the rest of the function execution as far as I can tell, and I'm pretty much out of ideas.. Any advice would be appreciated at this point.

Jump responsible for error message:

Code: Select all

bg3.exe+DAA028 - 74 53                 - je bg3.exe+DAA07D
EDIT. The whole thing seems to be event based.. there's multiple places that listen to those events, i.e. memorizing and forgetting spells are different events, but I can't seem to figure out why there's no event in combat.. I think maybe those places "unsubscribe" from events or I didn't find the place that's firing it..
The function I found is pretty much the only one still triggered in combat.
Anyway still stuck.

EDIT2. For anyone who wants to find functions which handle spell preparation you can look for a number of prepared spells. There should be 4 of them and one that actually impacts which slot new spell will take. Then you can look for calls which access it, though do check a stacktrace because there might be a generic function that executes actuall access instruction but the funtion itself is call from "event handler" as I understand it.

EDIT3: Welp, looks like Zanzer added "Unlimited prepared spells" script to his table so I guess this is no longer needed.

Full funtion text below, so it's easier to search for AOB for anyone trying to look into it.
Spoiler

Code: Select all

bg3.exe+DA9F20 - 4C 8B DC              - mov r11,rsp
bg3.exe+DA9F23 - 55                    - push rbp
bg3.exe+DA9F24 - 53                    - push rbx
bg3.exe+DA9F25 - 57                    - push rdi
bg3.exe+DA9F26 - 41 55                 - push r13
bg3.exe+DA9F28 - 48 8D 6C 24 98        - lea rbp,[rsp-68]
bg3.exe+DA9F2D - 48 81 EC 68010000     - sub rsp,00000168 { 360 }
bg3.exe+DA9F34 - 48 8B 05 EDD38704     - mov rax,[bg3.exe+5627328] { (-693681996) }
bg3.exe+DA9F3B - 48 33 C4              - xor rax,rsp
bg3.exe+DA9F3E - 48 89 45 50           - mov [rbp+50],rax
bg3.exe+DA9F42 - 48 8B B9 48030000     - mov rdi,[rcx+00000348]
bg3.exe+DA9F49 - 4C 8B E9              - mov r13,rcx
bg3.exe+DA9F4C - 48 89 54 24 40        - mov [rsp+40],rdx
bg3.exe+DA9F51 - 48 85 FF              - test rdi,rdi
bg3.exe+DA9F54 - 0F84 2E040000         - je bg3.exe+DAA388
bg3.exe+DA9F5A - 48 63 81 54030000     - movsxd  rax,dword ptr [rcx+00000354]
bg3.exe+DA9F61 - 4D 89 7B D8           - mov [r11-28],r15
bg3.exe+DA9F65 - 4C 6B F8 38           - imul r15,rax,38
bg3.exe+DA9F69 - 4C 03 FF              - add r15,rdi
bg3.exe+DA9F6C - 49 3B FF              - cmp rdi,r15
bg3.exe+DA9F6F - 0F84 0B040000         - je bg3.exe+DAA380
bg3.exe+DA9F75 - 49 89 73 10           - mov [r11+10],rsi
bg3.exe+DA9F79 - 4D 89 63 18           - mov [r11+18],r12
bg3.exe+DA9F7D - 4D 89 73 20           - mov [r11+20],r14
bg3.exe+DA9F81 - 0F1F 40 00            - nop dword ptr [rax+00]
bg3.exe+DA9F85 - 66 66 66 0F1F 84 00 00000000  - nop word ptr [rax+rax+00000000]
bg3.exe+DA9F90 - 48 8B 07              - mov rax,[rdi]
bg3.exe+DA9F93 - 48 8D 4C 24 30        - lea rcx,[rsp+30]
bg3.exe+DA9F98 - 48 89 44 24 30        - mov [rsp+30],rax
bg3.exe+DA9F9D - 48 8B 02              - mov rax,[rdx]
bg3.exe+DA9FA0 - 48 89 44 24 38        - mov [rsp+38],rax
bg3.exe+DA9FA5 - E8 A6C88902           - call bg3.exe+3646850
bg3.exe+DA9FAA - 0FB6 D8               - movzx ebx,al
bg3.exe+DA9FAD - 84 C0                 - test al,al
bg3.exe+DA9FAF - 74 1F                 - je bg3.exe+DA9FD0
bg3.exe+DA9FB1 - 48 8B 4C 24 30        - mov rcx,[rsp+30]
bg3.exe+DA9FB6 - 4C 8D 44 24 28        - lea r8,[rsp+28]
bg3.exe+DA9FBB - 48 89 4C 24 28        - mov [rsp+28],rcx
bg3.exe+DA9FC0 - 48 8D 55 D0           - lea rdx,[rbp-30]
bg3.exe+DA9FC4 - 48 8B 4C 24 38        - mov rcx,[rsp+38]
bg3.exe+DA9FC9 - E8 92E5FFFF           - call bg3.exe+DA8560
bg3.exe+DA9FCE - EB 1C                 - jmp bg3.exe+DA9FEC
bg3.exe+DA9FD0 - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DA9FD3 - C7 44 24 70 FFFFFFFF  - mov [rsp+70],FFFFFFFF { -1 }
bg3.exe+DA9FDB - 66 0F7F 44 24 50      - movdqa [rsp+50],xmm0
bg3.exe+DA9FE1 - 48 8D 44 24 50        - lea rax,[rsp+50]
bg3.exe+DA9FE6 - 66 0F7F 44 24 60      - movdqa [rsp+60],xmm0
bg3.exe+DA9FEC - 0F10 44 24 30         - movups xmm0,[rsp+30]
bg3.exe+DA9FF1 - 48 8D 4D 80           - lea rcx,[rbp-80]
bg3.exe+DA9FF5 - 88 5D C0              - mov [rbp-40],bl
bg3.exe+DA9FF8 - 0F10 08               - movups xmm1,[rax]
bg3.exe+DA9FFB - 0F29 45 80            - movaps [rbp-80],xmm0
bg3.exe+DA9FFF - 0F10 40 10            - movups xmm0,[rax+10]
bg3.exe+DAA003 - 8B 40 20              - mov eax,[rax+20]
bg3.exe+DAA006 - 0F29 4D 90            - movaps [rbp-70],xmm1
bg3.exe+DAA00A - 0F29 45 A0            - movaps [rbp-60],xmm0
bg3.exe+DAA00E - 89 45 B0              - mov [rbp-50],eax
bg3.exe+DAA011 - E8 9AE0FFFF           - call bg3.exe+DA80B0
bg3.exe+DAA016 - 48 8B C8              - mov rcx,rax
bg3.exe+DAA019 - 48 89 44 24 28        - mov [rsp+28],rax
bg3.exe+DAA01E - 48 8B D8              - mov rbx,rax
bg3.exe+DAA021 - E8 BA07B3FF           - call bg3.exe+8DA7E0
bg3.exe+DAA026 - 84 C0                 - test al,al
bg3.exe+DAA028 - 74 53                 - je bg3.exe+DAA07D
bg3.exe+DAA02A - B2 01                 - mov dl,01 { 1 }
bg3.exe+DAA02C - 48 8B CB              - mov rcx,rbx
bg3.exe+DAA02F - E8 3CECB2FF           - call bg3.exe+8D8C70
bg3.exe+DAA034 - 49 8B 9D 90000000     - mov rbx,[r13+00000090]
bg3.exe+DAA03B - 66 89 44 24 20        - mov [rsp+20],ax
bg3.exe+DAA040 - 48 85 DB              - test rbx,rbx
bg3.exe+DAA043 - 0F84 0D030000         - je bg3.exe+DAA356
bg3.exe+DAA049 - 49 63 85 9C000000     - movsxd  rax,dword ptr [r13+0000009C]
bg3.exe+DAA050 - 48 8D 0C C0           - lea rcx,[rax+rax*8]
bg3.exe+DAA054 - 48 8D 34 CB           - lea rsi,[rbx+rcx*8]
bg3.exe+DAA058 - 48 3B DE              - cmp rbx,rsi
bg3.exe+DAA05B - 0F84 F5020000         - je bg3.exe+DAA356
bg3.exe+DAA061 - 48 8B 03              - mov rax,[rbx]
bg3.exe+DAA064 - 48 8D 4B 08           - lea rcx,[rbx+08]
bg3.exe+DAA068 - 48 8D 54 24 20        - lea rdx,[rsp+20]
bg3.exe+DAA06D - FF 10                 - call qword ptr [rax]
bg3.exe+DAA06F - 48 83 C3 48           - add rbx,48 { 72 }
bg3.exe+DAA073 - 48 3B DE              - cmp rbx,rsi
bg3.exe+DAA076 - 75 E9                 - jne bg3.exe+DAA061
bg3.exe+DAA078 - E9 D9020000           - jmp bg3.exe+DAA356
bg3.exe+DAA07D - 80 7F 30 00           - cmp byte ptr [rdi+30],00 { 0 }
bg3.exe+DAA081 - 0F84 A2020000         - je bg3.exe+DAA329
bg3.exe+DAA087 - 48 8D 4D 80           - lea rcx,[rbp-80]
bg3.exe+DAA08B - E8 60DEFFFF           - call bg3.exe+DA7EF0
bg3.exe+DAA090 - 80 7F 10 01           - cmp byte ptr [rdi+10],01 { 1 }
bg3.exe+DAA094 - 48 8B D8              - mov rbx,rax
bg3.exe+DAA097 - 0F10 47 18            - movups xmm0,[rdi+18]
bg3.exe+DAA09B - 0F11 45 00            - movups [rbp+00],xmm0
bg3.exe+DAA09F - 75 6A                 - jne bg3.exe+DAA10B
bg3.exe+DAA0A1 - 49 8B B5 C0000000     - mov rsi,[r13+000000C0]
bg3.exe+DAA0A8 - 83 7E 58 00           - cmp dword ptr [rsi+58],00 { 0 }
bg3.exe+DAA0AC - 74 4C                 - je bg3.exe+DAA0FA
bg3.exe+DAA0AE - 48 8D 4D 00           - lea rcx,[rbp+00]
bg3.exe+DAA0B2 - E8 E9EC9E02           - call bg3.exe+3798DA0
bg3.exe+DAA0B7 - 48 63 4E 58           - movsxd  rcx,dword ptr [rsi+58]
bg3.exe+DAA0BB - 33 D2                 - xor edx,edx
bg3.exe+DAA0BD - 48 F7 F1              - div rcx
bg3.exe+DAA0C0 - 48 8B 46 50           - mov rax,[rsi+50]
bg3.exe+DAA0C4 - 48 63 CA              - movsxd  rcx,edx
bg3.exe+DAA0C7 - 8B 14 88              - mov edx,[rax+rcx*4]
bg3.exe+DAA0CA - 85 D2                 - test edx,edx
bg3.exe+DAA0CC - 78 2C                 - js bg3.exe+DAA0FA
bg3.exe+DAA0CE - 66 90                 - nop 2
bg3.exe+DAA0D0 - 8B CA                 - mov ecx,edx
bg3.exe+DAA0D2 - 48 C1 E1 04           - shl rcx,04 { 4 }
bg3.exe+DAA0D6 - 48 03 4E 70           - add rcx,[rsi+70]
bg3.exe+DAA0DA - 44 8B F2              - mov r14d,edx
bg3.exe+DAA0DD - 48 8D 55 00           - lea rdx,[rbp+00]
bg3.exe+DAA0E1 - E8 FA71A000           - call bg3.exe+17B12E0
bg3.exe+DAA0E6 - 84 C0                 - test al,al
bg3.exe+DAA0E8 - 0F85 6C010000         - jne bg3.exe+DAA25A
bg3.exe+DAA0EE - 48 8B 46 60           - mov rax,[rsi+60]
bg3.exe+DAA0F2 - 42 8B 14 B0           - mov edx,[rax+r14*4]
bg3.exe+DAA0F6 - 85 D2                 - test edx,edx
bg3.exe+DAA0F8 - 79 D6                 - jns bg3.exe+DAA0D0
bg3.exe+DAA0FA - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA0FD - 33 C0                 - xor eax,eax
bg3.exe+DAA0FF - 0F11 45 20            - movups [rbp+20],xmm0
bg3.exe+DAA103 - C6 45 28 01           - mov byte ptr [rbp+28],01 { 1 }
bg3.exe+DAA107 - 66 89 45 20           - mov [rbp+20],ax
bg3.exe+DAA10B - 83 7B 18 00           - cmp dword ptr [rbx+18],00 { 0 }
bg3.exe+DAA10F - 74 57                 - je bg3.exe+DAA168
bg3.exe+DAA111 - 48 8D 4D 00           - lea rcx,[rbp+00]
bg3.exe+DAA115 - E8 86EC9E02           - call bg3.exe+3798DA0
bg3.exe+DAA11A - 48 63 4B 18           - movsxd  rcx,dword ptr [rbx+18]
bg3.exe+DAA11E - 33 D2                 - xor edx,edx
bg3.exe+DAA120 - 48 F7 F1              - div rcx
bg3.exe+DAA123 - 48 8B 43 10           - mov rax,[rbx+10]
bg3.exe+DAA127 - 48 63 CA              - movsxd  rcx,edx
bg3.exe+DAA12A - 8B 14 88              - mov edx,[rax+rcx*4]
bg3.exe+DAA12D - 85 D2                 - test edx,edx
bg3.exe+DAA12F - 78 37                 - js bg3.exe+DAA168
bg3.exe+DAA131 - 0F1F 40 00            - nop dword ptr [rax+00]
bg3.exe+DAA135 - 66 66 66 0F1F 84 00 00000000  - nop word ptr [rax+rax+00000000]
bg3.exe+DAA140 - 8B CA                 - mov ecx,edx
bg3.exe+DAA142 - 48 C1 E1 04           - shl rcx,04 { 4 }
bg3.exe+DAA146 - 48 03 4B 30           - add rcx,[rbx+30]
bg3.exe+DAA14A - 8B F2                 - mov esi,edx
bg3.exe+DAA14C - 48 8D 55 00           - lea rdx,[rbp+00]
bg3.exe+DAA150 - E8 8B71A000           - call bg3.exe+17B12E0
bg3.exe+DAA155 - 84 C0                 - test al,al
bg3.exe+DAA157 - 0F85 29010000         - jne bg3.exe+DAA286
bg3.exe+DAA15D - 48 8B 43 20           - mov rax,[rbx+20]
bg3.exe+DAA161 - 8B 14 B0              - mov edx,[rax+rsi*4]
bg3.exe+DAA164 - 85 D2                 - test edx,edx
bg3.exe+DAA166 - 79 D8                 - jns bg3.exe+DAA140
bg3.exe+DAA168 - 33 C0                 - xor eax,eax
bg3.exe+DAA16A - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA16D - 0F11 45 10            - movups [rbp+10],xmm0
bg3.exe+DAA171 - 66 89 45 10           - mov [rbp+10],ax
bg3.exe+DAA175 - 41 B4 01              - mov r12b,01 { 1 }
bg3.exe+DAA178 - 48 8B 45 10           - mov rax,[rbp+10]
bg3.exe+DAA17C - 83 7B 58 00           - cmp dword ptr [rbx+58],00 { 0 }
bg3.exe+DAA180 - 41 BE FFFFFFFF        - mov r14d,FFFFFFFF { -1 }
bg3.exe+DAA186 - 48 89 45 10           - mov [rbp+10],rax
bg3.exe+DAA18A - 74 4C                 - je bg3.exe+DAA1D8
bg3.exe+DAA18C - 48 8D 4D 00           - lea rcx,[rbp+00]
bg3.exe+DAA190 - E8 0BEC9E02           - call bg3.exe+3798DA0
bg3.exe+DAA195 - 48 63 4B 58           - movsxd  rcx,dword ptr [rbx+58]
bg3.exe+DAA199 - 33 D2                 - xor edx,edx
bg3.exe+DAA19B - 48 F7 F1              - div rcx
bg3.exe+DAA19E - 48 8B 43 50           - mov rax,[rbx+50]
bg3.exe+DAA1A2 - 48 63 CA              - movsxd  rcx,edx
bg3.exe+DAA1A5 - 8B 14 88              - mov edx,[rax+rcx*4]
bg3.exe+DAA1A8 - 85 D2                 - test edx,edx
bg3.exe+DAA1AA - 78 2C                 - js bg3.exe+DAA1D8
bg3.exe+DAA1AC - 0F1F 40 00            - nop dword ptr [rax+00]
bg3.exe+DAA1B0 - 8B CA                 - mov ecx,edx
bg3.exe+DAA1B2 - 48 C1 E1 04           - shl rcx,04 { 4 }
bg3.exe+DAA1B6 - 48 03 4B 70           - add rcx,[rbx+70]
bg3.exe+DAA1BA - 8B F2                 - mov esi,edx
bg3.exe+DAA1BC - 48 8D 55 00           - lea rdx,[rbp+00]
bg3.exe+DAA1C0 - E8 1B71A000           - call bg3.exe+17B12E0
bg3.exe+DAA1C5 - 84 C0                 - test al,al
bg3.exe+DAA1C7 - 0F85 C9000000         - jne bg3.exe+DAA296
bg3.exe+DAA1CD - 48 8B 43 60           - mov rax,[rbx+60]
bg3.exe+DAA1D1 - 8B 14 B0              - mov edx,[rax+rsi*4]
bg3.exe+DAA1D4 - 85 D2                 - test edx,edx
bg3.exe+DAA1D6 - 79 D8                 - jns bg3.exe+DAA1B0
bg3.exe+DAA1D8 - 33 C0                 - xor eax,eax
bg3.exe+DAA1DA - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA1DD - 0F11 45 30            - movups [rbp+30],xmm0
bg3.exe+DAA1E1 - C6 45 38 01           - mov byte ptr [rbp+38],01 { 1 }
bg3.exe+DAA1E5 - 66 89 45 30           - mov [rbp+30],ax
bg3.exe+DAA1E9 - 39 43 58              - cmp [rbx+58],eax
bg3.exe+DAA1EC - 74 4E                 - je bg3.exe+DAA23C
bg3.exe+DAA1EE - 48 8D 0D 3BE0A004     - lea rcx,[bg3.exe+57B8230] { (0) }
bg3.exe+DAA1F5 - E8 A6EB9E02           - call bg3.exe+3798DA0
bg3.exe+DAA1FA - 48 63 4B 58           - movsxd  rcx,dword ptr [rbx+58]
bg3.exe+DAA1FE - 33 D2                 - xor edx,edx
bg3.exe+DAA200 - 48 F7 F1              - div rcx
bg3.exe+DAA203 - 48 8B 43 50           - mov rax,[rbx+50]
bg3.exe+DAA207 - 48 63 CA              - movsxd  rcx,edx
bg3.exe+DAA20A - 8B 14 88              - mov edx,[rax+rcx*4]
bg3.exe+DAA20D - 85 D2                 - test edx,edx
bg3.exe+DAA20F - 78 2B                 - js bg3.exe+DAA23C
bg3.exe+DAA211 - 8B CA                 - mov ecx,edx
bg3.exe+DAA213 - 48 C1 E1 04           - shl rcx,04 { 4 }
bg3.exe+DAA217 - 48 03 4B 70           - add rcx,[rbx+70]
bg3.exe+DAA21B - 8B F2                 - mov esi,edx
bg3.exe+DAA21D - 48 8D 15 0CE0A004     - lea rdx,[bg3.exe+57B8230] { (0) }
bg3.exe+DAA224 - E8 B770A000           - call bg3.exe+17B12E0
bg3.exe+DAA229 - 84 C0                 - test al,al
bg3.exe+DAA22B - 0F85 80000000         - jne bg3.exe+DAA2B1
bg3.exe+DAA231 - 48 8B 43 60           - mov rax,[rbx+60]
bg3.exe+DAA235 - 8B 14 B0              - mov edx,[rax+rsi*4]
bg3.exe+DAA238 - 85 D2                 - test edx,edx
bg3.exe+DAA23A - 79 D5                 - jns bg3.exe+DAA211
bg3.exe+DAA23C - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA23F - 33 C0                 - xor eax,eax
bg3.exe+DAA241 - 0F11 45 40            - movups [rbp+40],xmm0
bg3.exe+DAA245 - C6 45 48 01           - mov byte ptr [rbp+48],01 { 1 }
bg3.exe+DAA249 - 66 89 45 40           - mov [rbp+40],ax
bg3.exe+DAA24D - 45 84 E4              - test r12b,r12b
bg3.exe+DAA250 - 75 7A                 - jne bg3.exe+DAA2CC
bg3.exe+DAA252 - 48 8B 45 10           - mov rax,[rbp+10]
bg3.exe+DAA256 - 8B 00                 - mov eax,[rax]
bg3.exe+DAA258 - EB 74                 - jmp bg3.exe+DAA2CE
bg3.exe+DAA25A - 49 69 CE E0000000     - imul rcx,r14,000000E0 { 224 }
bg3.exe+DAA261 - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA264 - 0F11 45 20            - movups [rbp+20],xmm0
bg3.exe+DAA268 - 48 03 8E 80000000     - add rcx,[rsi+00000080]
bg3.exe+DAA26F - 48 89 4D 20           - mov [rbp+20],rcx
bg3.exe+DAA273 - 0F84 92FEFFFF         - je bg3.exe+DAA10B
bg3.exe+DAA279 - 0F10 41 18            - movups xmm0,[rcx+18]
bg3.exe+DAA27D - 0F11 45 00            - movups [rbp+00],xmm0
bg3.exe+DAA281 - E9 85FEFFFF           - jmp bg3.exe+DAA10B
bg3.exe+DAA286 - 48 8B 43 40           - mov rax,[rbx+40]
bg3.exe+DAA28A - 45 32 E4              - xor r12b,r12b
bg3.exe+DAA28D - 48 8D 04 B0           - lea rax,[rax+rsi*4]
bg3.exe+DAA291 - E9 E6FEFFFF           - jmp bg3.exe+DAA17C
bg3.exe+DAA296 - 48 8B 83 80000000     - mov rax,[rbx+00000080]
bg3.exe+DAA29D - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA2A0 - 48 8D 14 B0           - lea rdx,[rax+rsi*4]
bg3.exe+DAA2A4 - 0F11 45 30            - movups [rbp+30],xmm0
bg3.exe+DAA2A8 - 48 89 55 30           - mov [rbp+30],rdx
bg3.exe+DAA2AC - 44 8B 32              - mov r14d,[rdx]
bg3.exe+DAA2AF - EB 9C                 - jmp bg3.exe+DAA24D
bg3.exe+DAA2B1 - 48 8B 83 80000000     - mov rax,[rbx+00000080]
bg3.exe+DAA2B8 - 0F57 C0               - xorps xmm0,xmm0
bg3.exe+DAA2BB - 48 8D 14 B0           - lea rdx,[rax+rsi*4]
bg3.exe+DAA2BF - 0F11 45 40            - movups [rbp+40],xmm0
bg3.exe+DAA2C3 - 48 89 55 40           - mov [rbp+40],rdx
bg3.exe+DAA2C7 - 44 8B 32              - mov r14d,[rdx]
bg3.exe+DAA2CA - EB 81                 - jmp bg3.exe+DAA24D
bg3.exe+DAA2CC - 33 C0                 - xor eax,eax
bg3.exe+DAA2CE - 41 3B C6              - cmp eax,r14d
bg3.exe+DAA2D1 - 7C 56                 - jl bg3.exe+DAA329
bg3.exe+DAA2D3 - 48 8B 4C 24 28        - mov rcx,[rsp+28]
bg3.exe+DAA2D8 - B2 01                 - mov dl,01 { 1 }
bg3.exe+DAA2DA - E8 91E9B2FF           - call bg3.exe+8D8C70
bg3.exe+DAA2DF - 49 8B 9D A8000000     - mov rbx,[r13+000000A8]
bg3.exe+DAA2E6 - 66 89 44 24 22        - mov [rsp+22],ax
bg3.exe+DAA2EB - 48 85 DB              - test rbx,rbx
bg3.exe+DAA2EE - 74 66                 - je bg3.exe+DAA356
bg3.exe+DAA2F0 - 49 63 85 B4000000     - movsxd  rax,dword ptr [r13+000000B4]
bg3.exe+DAA2F7 - 48 8D 0C C0           - lea rcx,[rax+rax*8]
bg3.exe+DAA2FB - 48 8D 34 CB           - lea rsi,[rbx+rcx*8]
bg3.exe+DAA2FF - 48 3B DE              - cmp rbx,rsi
bg3.exe+DAA302 - 74 52                 - je bg3.exe+DAA356
bg3.exe+DAA304 - 0F1F 40 00            - nop dword ptr [rax+00]
bg3.exe+DAA308 - 0F1F 84 00 00000000   - nop dword ptr [rax+rax+00000000]
bg3.exe+DAA310 - 48 8B 03              - mov rax,[rbx]
bg3.exe+DAA313 - 48 8D 4B 08           - lea rcx,[rbx+08]
bg3.exe+DAA317 - 48 8D 54 24 22        - lea rdx,[rsp+22]
bg3.exe+DAA31C - FF 10                 - call qword ptr [rax]
bg3.exe+DAA31E - 48 83 C3 48           - add rbx,48 { 72 }
bg3.exe+DAA322 - 48 3B DE              - cmp rbx,rsi
bg3.exe+DAA325 - 75 E9                 - jne bg3.exe+DAA310
bg3.exe+DAA327 - EB 2D                 - jmp bg3.exe+DAA356
bg3.exe+DAA329 - 48 8B 4C 24 28        - mov rcx,[rsp+28]
bg3.exe+DAA32E - 48 8D 54 24 48        - lea rdx,[rsp+48]
bg3.exe+DAA333 - 49 8B B5 B8000000     - mov rsi,[r13+000000B8]
bg3.exe+DAA33A - 0FB6 5F 30            - movzx ebx,byte ptr [rdi+30]
bg3.exe+DAA33E - E8 FDDCB2FF           - call bg3.exe+8D8040
bg3.exe+DAA343 - 4C 8D 47 08           - lea r8,[rdi+08]
bg3.exe+DAA347 - 44 0FB6 CB            - movzx r9d,bl
bg3.exe+DAA34B - 48 8B CE              - mov rcx,rsi
bg3.exe+DAA34E - 48 8B 10              - mov rdx,[rax]
bg3.exe+DAA351 - E8 EAE3AEFF           - call bg3.exe+898740
bg3.exe+DAA356 - 48 8B 54 24 40        - mov rdx,[rsp+40]
bg3.exe+DAA35B - 48 83 C7 38           - add rdi,38 { 56 }
bg3.exe+DAA35F - 49 3B FF              - cmp rdi,r15
bg3.exe+DAA362 - 0F85 28FCFFFF         - jne bg3.exe+DA9F90
bg3.exe+DAA368 - 4C 8B B4 24 A8010000  - mov r14,[rsp+000001A8]
bg3.exe+DAA370 - 4C 8B A4 24 A0010000  - mov r12,[rsp+000001A0]
bg3.exe+DAA378 - 48 8B B4 24 98010000  - mov rsi,[rsp+00000198]
bg3.exe+DAA380 - 4C 8B BC 24 60010000  - mov r15,[rsp+00000160]
bg3.exe+DAA388 - 33 FF                 - xor edi,edi
bg3.exe+DAA38A - 41 39 BD 54030000     - cmp [r13+00000354],edi
bg3.exe+DAA391 - 7E 45                 - jle bg3.exe+DAA3D8
bg3.exe+DAA393 - 0F1F 40 00            - nop dword ptr [rax+00]
bg3.exe+DAA397 - 66 0F1F 84 00 00000000  - nop word ptr [rax+rax+00000000]
bg3.exe+DAA3A0 - 48 63 C7              - movsxd  rax,edi
bg3.exe+DAA3A3 - 48 6B D8 38           - imul rbx,rax,38
bg3.exe+DAA3A7 - 49 03 9D 48030000     - add rbx,[r13+00000348]
bg3.exe+DAA3AE - 48 8D 4B 28           - lea rcx,[rbx+28]
bg3.exe+DAA3B2 - E8 89059E02           - call bg3.exe+378A940
bg3.exe+DAA3B7 - 48 8D 4B 08           - lea rcx,[rbx+08]
bg3.exe+DAA3BB - E8 80059E02           - call bg3.exe+378A940
bg3.exe+DAA3C0 - FF C7                 - inc edi
bg3.exe+DAA3C2 - 41 3B BD 54030000     - cmp edi,[r13+00000354]
bg3.exe+DAA3C9 - 7C D5                 - jl bg3.exe+DAA3A0
bg3.exe+DAA3CB - 41 C7 85 54030000 00000000 - mov [r13+00000354],00000000 { 0 }
bg3.exe+DAA3D6 - EB 07                 - jmp bg3.exe+DAA3DF
bg3.exe+DAA3D8 - 41 89 BD 54030000     - mov [r13+00000354],edi
bg3.exe+DAA3DF - 48 8B 4D 50           - mov rcx,[rbp+50]
bg3.exe+DAA3E3 - 48 33 CC              - xor rcx,rsp
bg3.exe+DAA3E6 - E8 95553303           - call bg3.exe+40DF980
bg3.exe+DAA3EB - 48 81 C4 68010000     - add rsp,00000168 { 360 }
bg3.exe+DAA3F2 - 41 5D                 - pop r13
bg3.exe+DAA3F4 - 5F                    - pop rdi
bg3.exe+DAA3F5 - 5B                    - pop rbx
bg3.exe+DAA3F6 - 5D                    - pop rbp
bg3.exe+DAA3F7 - C3                    - ret 

boobgoblin
What is cheating?
What is cheating?
Posts: 3
Joined: Mon Aug 14, 2023 2:46 am
Reputation: 0

Re: Baldur's Gate 3

Post by boobgoblin »

Is there a way to actually de-level or reset to an earlier level? Unfortunately messed around with a level cap mod and went too far.

Longanlon
What is cheating?
What is cheating?
Posts: 1
Joined: Tue Aug 22, 2023 5:39 am
Reputation: 0

Re: Baldur's Gate 3

Post by Longanlon »

I get an error in Registered commands: <<Lua error in the string at line 2:[string "local syntaxcheck,memrec=....."]:6: attempt to comare numbers with nil>>

So, Registered commands doesn't activate. My game is modded. Is there anything I can do to fix the issue?

BossAriston
Noobzor
Noobzor
Posts: 6
Joined: Wed Aug 23, 2023 3:41 pm
Reputation: 0

Re: Baldur's Gate 3

Post by BossAriston »

Hi guys.
Like some, I taught my wizard too many spells and now he doesn't level up anymore due to the level bug that locks you out if you don't have new spells to learn because you already know them all.
Can anyone tell me how to use cheat engine or other program to make my wizard (Gale) forget a couple of spells, otherwise I can't level up because I used too many scrolls.
I hope it exists because I would like to continue the game with a strong wizard and not blocked by a bug.

Tidgelet
What is cheating?
What is cheating?
Posts: 1
Joined: Thu Jan 11, 2024 11:18 am
Reputation: 0

Re: Baldur's Gate 3

Post by Tidgelet »

Hey awesome folks, looking for some help.

Important game breaking issue has occurred.
When I killed orin I didn’t get the “get orin’s stone” quest cleared. So I had a look and saw there was a get orin stone flag and did it and it cleared the quest.
However when I fought gortash when I killed him, and checked his body it played to orin picking up her dagger and focusing on the stone in its hilt video. Nothing to do with gortash.

It then didn’t clear the get gortash stone quest and when I go up take boat to the pool and elder brain it says you are not ready you have to have all the stones from the emperor.

Would love some recommended flags to try enable or something to be able to override so can move on?

Also whilst I’m here is there anyway to watch/ and flag I had gales act 2 romance scene I found how to trigger act 3s one but yeah the act 2 was put in ridiculous place so missed it .

Thanks
Tidge

Post Reply

Who is online

Users browsing this forum: No registered users