Third Tutorial Minigame

The Mogician

The Mogician

Expert Cheater
Table Maker
Joined
Mar 4, 2017
Messages
586
I decided to give a go at the tutorial minigames since I didn't realize there was such a thing.

Step 3 has a platformer game that you have to beat with 3 mooks running around. You have to step on all of the red blocks to "unlock" the door. However, once you unlock the door, the mooks instantly block the door from the top and the left, which means you cannot reach the door through conventional means.

So my current approach is to find the horizontal and vertical coordinates, get their pointers, make a makeshift "fly" system with hotkeys, use these to step on the blocks, then teleport over to the door, bypassing the mooks.

Here is my file for this game. Numpad 4 and 6 makes the Mario go left and right. Numpad 8 and 2 makes the Mario go up and down. The vertical movement is very janky so I suggest doing the "flight" with pause, once you get to the "ready to land" position, unpause, let the Mario step on the block and turn it green. Once you get all the blocks green and the mooks are ready to be a sore loser, hit numpad 5 and Mario will be teleported to the door instantly without touching the mooks.

Did anybody figure out the other approaches to this game? I think the blocks might governed under a switch system which toggles them from red to green once stepped on, but I had no luck finding it. They also mentioned something with collision, which I have no idea how to approach.
 

Attachments

The_Podstanar

The_Podstanar

Expert Cheater
Table Maker
Joined
Sep 4, 2019
Messages
50
The Mogician said:
Did anybody figure out the other approaches to this game? I think the blocks might governed under a switch system which toggles them from red to green once stepped on, but I had no luck finding it. They also mentioned something with collision, which I have no idea how to approach.
Well a lot of things can be done here, i'll show you the one you mentioned above.
Game has flag(bool) that if set will kill player. It is being set at gtutorial-x86_64.exe+DA78:


Setting BP on RET at gtutorial-x86_64.exe+DAB5 and checking top of stack(RSP) will lead to this func's caller at gtutorial-x86_64.exe+3AF64:


Nothing fancy here, if we analyze this func a bit it's clear that caller cleans the stack(cdecl). So for example, just changing PUSH RBX to RET at gtutorial-x86_64.exe+3AF20 will skip this entirely and we will have disable collision(godmode) type cheat. Example:
Code:
[ENABLE]

"gtutorial-x86_64.exe"+3AF20:
db C3

[DISABLE]

"gtutorial-x86_64.exe"+3AF20:
db 53
Easy as that ;)
 
Top