FearLess Cheat Engine

Posted: **Fri Apr 06, 2018 7:05 pm**

Squall8 wrote: ↑
Wed Mar 07, 2018 6:04 am
As Cielos and Sunbeam mentioned, enabling scripts in the Title Menu helps. As Cielos just stated, the game is crashing due to the long jump issue. If you are still experiencing crashing or bugs with the scripts then let me know.

Steam Version. It crashes every time, I activate an option

Posted: **Sat Apr 07, 2018 6:19 am**

Luna?!

Getting closer by the week. Got the model loading in fine, just need a bit more time to finish it. :> Who needs the SDK that's coming when we have Cheat Engine?

[Link]

Posted: **Sat Apr 07, 2018 3:13 pm**

FadeTM wrote: ↑
Wed Apr 04, 2018 10:16 pm
@cielos we need your help to make visible everywhere the glaive. For now it works only in insomnia. We tried with OleMagne but we need your help: he was able to fix the invisible problem for snow aranea and old cor, but for the glaive there is a different thing to do, related to the quest. So if you can help us finding how to do it, it would be really appreciated!

I never looked into how model loading works in this game, I haven't even checked how OleMagne did it yet.

last time I did a model swapping script was for the resident evil revelation 2 I think. which was quite fun to figure out how the game loadup the model files, the attack/moving move-set files and stuff. but it's a pain in the ass to cover all the scenarios to trick the game to believe it has loaded the correct character and just move on with the story... it's kinda boring to trace all the stuff. so...

anyway, MAYBE you gotta examine how the game load from the comrades save as well when it loads the model up in insomina (spell?)? so that you can force building the "missing link" in other areas as well?

///******************************///

OleMagne wrote: ↑
Sat Apr 07, 2018 6:19 am
Luna?! Getting closer by the week. Got the model loading in fine, just need a bit more time to finish it. :> Who needs the SDK that's coming when we have Cheat Engine?

[Link]

that's exciting news~
I see you are swapping Noctis model with her, will she just move like Nocits as well? which would be kinda... funny...
did you try to force load her model when adding her as a guest? if so, does she came with a special set of fighting moves?
or can we, for example, swap iris model with luna? than we can drive around and doing side quest and stuff?
or swap with Aranea, and driving around the snow mountains in Prompto episode with her.. (imagining her with Aranea attack moves now. which should be quite cool I think...)
I'm playing other games now, and getting ready to replay assassin's creed origins once the "animus control panel" (or whatever it's called) is out.
but it kinda let me want to replay this game a bit before that.
can't wait!

Posted: **Sat Apr 07, 2018 3:31 pm**

Cielos wrote: ↑
Sat Apr 07, 2018 3:13 pm
that's exciting news~
I see you are swapping Noctis model with her, will she just move like Nocits as well? which would be kinda... funny...
did you try to force load her model when adding her as a guest? if so, does she came with a special set of fighting moves?
or can we, for example, swap iris model with luna? than we can drive around and doing side quest and stuff?
or swap with Aranea, and driving around the snow mountains in Prompto episode with her.. (imagining her with Aranea attack moves now. which should be quite cool I think...)
I'm playing other games now, and getting ready to replay assassin's creed origins once the "animus control panel" (or whatever it's called) is out.
but it kinda let me want to replay this game a bit before that.
can't wait!

The constraints and kinematics being used are Noctis' yeah. And yes, I am "kinda" force-loading her through the guest loader, swapping out Araneas models for hers so that the models are at least loaded into memory. I could do this with any other file, but with a guests I know the game won't crash. Otherwise Noctis is just invisible when changing his outfits out for hers. It also only disables the field model, not the menu model. Weird.

Still trying to find the function that does this so I can do it manually, but it's moving ever so slowly. SDK is out soon enough and from what they showed yesterday. Yowza!

Anyways, the loader currently holds a value in RBX found in your guest script. 2B 36 01 01 8F C7 01 01 8F C7 01 01 <- The bolded one, signifying Aranea (no clue what 2B 36 would be - state? type?). RSI is holding the data-path for the model to load. No clue where it reads them from.

If anyone wants to take a look, view the "Advanced Options" in this table for the addresses that accesses a model's data-path.

Notes:

Code: Select all

Char debug:
Onhit Aranea:
====
RBX points to charvalues, 8F C7 (normal aranea btw)
RCX+28 has charvalues (8F C7 01 01)
RSI has character file (ebex)

Second hit: (probably model)
Second hit, RSI holds same
Second hit, R12 has character model (gmdl)
Second hit, R14 has same

===

Check if RBX holds:
16893839 // Aranea

Wonder if Ida would be better than CE and x64dbg for this.

EDIT: Also, she does have combat moves, and even a modelname_player.pka file.

Posted: **Sat Apr 07, 2018 3:51 pm**

going out soon, but

SDK is out soon enough and from what they showed yesterday. Yowza!

what did they show? I didn't know about it. link please? I want to go Yowza too!

Posted: **Sat Apr 07, 2018 3:58 pm**

Cielos wrote: ↑
Sat Apr 07, 2018 3:51 pm
going out soon, but
SDK is out soon enough and from what they showed yesterday. Yowza!
what did they show? I didn't know about it. link please? I want to go Yowza too!

[Link]

Damn you for having a family. If I ever found you on Discord your assembly knowledge, time, and brain, would be mine.

Took me 6 hours to "understand" your guest script to be able to load winter aranea and old cor. But it ended up helping me in finding this bit of code.

I'll upload a script to play as Luna. Due to constraints it'll look weird AF and her kinematics aren't loaded so I can't change those either, but.

EDIT: Hell, we could do Regis if we wanted to. Or bahamut. Ifrit. Mmm. I love CE.

Hmm, since Luna apparently has a _player package she might be able to be called via the player_change func.

Posted: **Sat Apr 07, 2018 5:09 pm**

Last edit: [Link]

Here's a table to force-load Lunafreya's model into memory and "play" as her... For safety reasons (in regards to not fucking up some other models), I'm only doing a check for Aranea so she needs to be in your party. Either load a save with her in the guest slot or use Cielos' table and choose Aranea as your guest.

This is ONLY so other people can take a crack at finding this function. The Luna model will still be using Noctis' constraints, physics, kinematics, and above all else, animations. We're only loading her character model, nothing else. Trying to set the other settings manually will result in a crash as they do not exist in memory yet.

Do note that you shouldn't be using the default outfit for Noctis. Her skin will be black and it'll look like so bad that it looks like black-face.

PS: Yes you can play as anything loaded in memory without this and it'll be just as fucked up. Yes you can load whatever NPC you want and run around as them with this. Still, just as fucked up.

You'll be stuck in the menu just as if you'd choose Luna as a guest. This is because she lacks a mainmenu file and things get broken. Use "Map" and go back to last resting place to get out.

Again; NOT FOR GENERAL USE! Don't download this if you don't intend to help. It looks like this:

Default outfit on Noctis (blackface):
[Link]

Other outfit on Noctis (normal):
[Link]

Bonus:
[Link]

Table contains the 'best' looking model to use. The other 2 models just gets parts stretched to oblivion.

Update 3

Now supports debug release (sans play-as-luna script). Opcodes are close enough that debugging this version should be fine, and maybe even easier since it's 83megs vs 243megs and has a shitton more strings and func. names.

Order of the codes mirror those of the release version so you know which one is which.

Includes a lua script from CE's wiki to auto-attach to ffxv_s.exe and pause it immediately for those who want to test stuff at launch. Script comes from [Link]. I only added "pause()".

Quick update

Added VCRuntime to make it easier to debug. I think this is the one that loads files into memory, but how it gets the values in register is beyond me. It runs AFTER the other two calls.

Added symbols for convenience.
In mem viewer use these as addresses -> Go to:
For "ffxv_s.exe"+5976437: CHECKME_FFXV
For "VCRUNTIME140.dll"+CCFE: CHECKME_VC

NOTES 20180408, 22:48

Got new stuff loaded into memory, but I must be missing something. Hmm.

NOTES 20180408, 20:39

Well that wasn't it. Removed it to avoid confusion. Time wasted. :<

NOTES 20180408, 10:19

CharaResourceManager::RegisterIndependentCharaEntry : character/nh/nh10/entry/nh10_000.ebex
...
[CharaResourceManager] +++ load +++ : character/nh/nh10/entry/nh10_000.ebex

NOTES 20180407, 23:30

ffxv_s.exe+5976466 accesses it first. Not sure how it's used, but it hits Aranea quite a few times via rax+rsi+14 before ffxv_s.exe+5976437 accesses it, and WAAAY before VCRUNTIME140.dll+CCFE. Could be a part of a bigger function that reads/writes from/to an array (or perhaps it IS the array?). Idk.

NOTES 20180407, 21:42

Aranea normal
2B 36 01 01 8F C7 01 01 8F C7 01 01

Aranea winter:
CE 28 05 01 CD 28 05 01 CD 28 05 01

==== ffxv_s.exe+5976437 (cmp [rsi+14],#808544366 -- checking rbx (holds char id, 8F C7 -- 4B: 16893839) crashes? :S

RBX points to charvalues, 8F C7 (normal aranea, winter is CD 28 ref above)
RCX+28 the same
RSI has character file (ebex)

Second hit: (probably model)
Second hit, RSI holds same
Second hit, R12 has character model (gmdl)
Second hit, R14 has same

==== VCRUNTIME140.dll+CCFE (cmp [rcx+rdx+14],#808544366)

VCRuntime (first hit):
RAX is after model (string)
RSI,R10 holds model: data://character/nh/nh10/entry/nh10_000.ebex@

VCRuntime (second hit):
RAX is after model (string)
RSI,R10 holds model: data://character/nh/nh10/entry/nh10_000.ebex (without @)
RCX+RDX <- Model gets loaded into this?!

VCRuntime (third hit):
RSI,R10 holds model: data://character/nh/nh10/entry/nh10_000.ebex@
======
Root: /datas/
Files set in memory by common/autobuild.earc
Charfiles set by data/character/bin/resident-character.win32.bins

Posted: **Sun Apr 08, 2018 3:00 am**

im having problems activating inf item and inf meal duration

i have the "fit girl repack" version 1138403, can someone help me?

Posted: **Sun Apr 08, 2018 9:36 am**

OleMagne wrote: ↑
Sat Apr 07, 2018 5:09 pm

arrrrrr.... sorry may be I was bothering u , I change the chara address to 0009 to 0000F or out sider the rang still cannot find my create chara in

comrade mode , In main stori Ch13 there a quest u can meet your creat chara , to be guest (but not show in the equip menu) , thats I think .... must be have a address for this chara , becasue I was so dump is quest can chara will be canel and gone if u go outside the area ,

Can u help us to find this chara address ? (also I still finding but my cpu is slow and waiting so long for the load save data

)

Posted: **Sun Apr 08, 2018 2:24 pm**

What is the difference between "Activate Summons" and "Instant Summon"?

Posted: **Sun Apr 08, 2018 6:35 pm**

Alaswing wrote: ↑
Sun Apr 08, 2018 3:00 am
im having problems activating inf item and inf meal duration i have the "fit girl repack" version 1138403, can someone help me?

yeah this is for the STEAM version not the cracked version.

Posted: **Mon Apr 09, 2018 12:29 am**

Hello, infinite health and one hit kill does not seem to work on Episode Gladiolus, or perhaps I'm doing something wrong. I checked both boxes but nothing. :/

Posted: **Mon Apr 09, 2018 11:54 am**

can cheat engine unlock things like datalog entries, recipe entries and bestiary entries? i missed some things. i have to replay chapters after i finish the game if i am to get everything, but the problem if i do replay chapter then i have to play until the end. i really dont want to do that. it will be MUCH easier if i can cheat and unlock the missing things

Posted: **Mon Apr 09, 2018 12:04 pm**

Acichia wrote: ↑
Mon Apr 09, 2018 12:29 am
Hello, infinite health and one hit kill does not seem to work on Episode Gladiolus, or perhaps I'm doing something wrong. I checked both boxes but nothing. :/

no need for those. you can get the same effects by using infinite items and infinite elemental energy

to get the one hit kill make a spell and max it out to 999 potency by adding 99 zu beaks. the spell will hit with damage 99,999 so that is like 1 hit kill. when you finish all your spell then repeat and make more

to get infinite health use a mega phoenix each time your health is too low to restore all health for all and you can do that as much as you want because you have unlimited mega phoenix

Posted: **Mon Apr 09, 2018 4:51 pm**

This bitch is missing files.

The reason why Cielos' guest table can't add Luna (0x10) is because her files as a buddy reference data://character/nh/nh04/entry/nh04_010_player.ebex (this is .earc). We don't have this. Either they took them out before release, tucked them into another file (hopefully not just as a reference...), or it's not released yet. Same with a few Episode Ardyn references that have been there for a while, and the FF14 armors they took out on March 22 (last modified time for my model_050 earcs).

She's also missing a nh04_xxx_mainmenu.ebex which is why the menu locks up, but this is FR. We don't give a shit about imposed rules.

FearLess Cheat Engine

Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)

Re: Final Fantasy XV (Steam)