[REQ]Bard's Tale Trilogy(2018) (Steam)

DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
Game Name: Bard's Tale Trilogy
Game Engine: Unity
Game Version: 2.0x
Options Requested:
Inf HP
Inf SP
Character Editor
Gold
Garth's sells everything
Unlimited Charges (Magic Items)
Inf Ammo
Add XP

Game/Steam Website: https://store.steampowered.com/app/843260/
Other Info: Honestly, the Character Editor is really on the "Would Be Nice" side. Version 2.0x includes Tales of the Unknown and The Destiny Knight. Might require separate things, but may not, as Krome has been trying to streamline as much as possible. Thanks.
 
DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
I know I said that a Character Editor would be nice.

The things I really want are the things that would cut the grind down -Infinite HP, Infinite SP, and (maybe) Gold.If we change the HP/SP value and freeze it, that'd be be the "Could Use" list.

The rest is considered "Would be Nice." I've been thinking about it, and thought the list might be a tad overmuch, especially when I'm not in a position to cough up for it.
 
Clasmir

Clasmir

What is cheating?
Joined
Nov 16, 2018
Messages
2
It is very easy to find the raw numbers but I have not had success finding an AOB that will stick. Using the "find who writes to this address" gets me only so far. Trying to backtrack assuming it is a multi-level pointer doesn't seem to help either. There is a fundamental piece I'm missing.

I'm still learning and I wonder if reverse engineering someone else's AOB would help me figure out how they arrived there.
 
DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
I haven't managed to get that far... Although I doubt anyone would mind if you reversed their work to build your own.
 
DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
Is there maybe a scripting tutorial, then?

If push comes to shove, I can make a (probably very poor) attempt.
 
DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
Does anyone still remember this set of games? Like Clasmir above, I can find the raw numbers easily enough, but I can't get anything to stay put for longer than a millisecond and a half.
 
fearless123456

fearless123456

Expert Cheater
Joined
Jan 30, 2019
Messages
70
Scripts for v.4.28 - Gold, Health and Mana
Gold - buy stuff twice to update
Health and Mana - updates after your turn
Code:
<i>
</i><?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      5
      <Description>"Get some gold"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Money1,GameAssembly.dll,48 89 47 68 48 8B 0D 2C 84 C3 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+207F01)

label(code)
label(return)

newmem:

code:
  mov [rdi+68],#999999
  mov rcx,[GameAssembly.dll+E40338]
  jmp return

Money1:
  jmp newmem
  nop 6
return:
registersymbol(Money1)

[DISABLE]

Money1:
  db 48 89 47 68 48 8B 0D 2C 84 C3 00

unregistersymbol(Money1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+207F01

"GameAssembly.dll"+207EDA: F6 81 27 01 00 00 02  -  test byte ptr [rcx+00000127],02
"GameAssembly.dll"+207EE1: 74 0E                 -  je GameAssembly.dll+207EF1
"GameAssembly.dll"+207EE3: 83 B9 D8 00 00 00 00  -  cmp dword ptr [rcx+000000D8],00
"GameAssembly.dll"+207EEA: 75 05                 -  jne GameAssembly.dll+207EF1
"GameAssembly.dll"+207EEC: E8 DF 87 E5 FF        -  call GameAssembly.dll+606D0
"GameAssembly.dll"+207EF1: 48 2B DE              -  sub rbx,rsi
"GameAssembly.dll"+207EF4: 45 33 C0              -  xor r8d,r8d
"GameAssembly.dll"+207EF7: 48 8B D3              -  mov rdx,rbx
"GameAssembly.dll"+207EFA: 33 C9                 -  xor ecx,ecx
"GameAssembly.dll"+207EFC: E8 2F 95 13 00        -  call GameAssembly.dll+341430
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+207F01: 48 89 47 68           -  mov [rdi+68],rax
"GameAssembly.dll"+207F05: 48 8B 0D 2C 84 C3 00  -  mov rcx,[GameAssembly.dll+E40338]
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+207F0C: 48 8B 91 B8 00 00 00  -  mov rdx,[rcx+000000B8]
"GameAssembly.dll"+207F13: 48 8B 0A              -  mov rcx,[rdx]
"GameAssembly.dll"+207F16: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+207F19: 0F 84 A0 00 00 00     -  je GameAssembly.dll+207FBF
"GameAssembly.dll"+207F1F: 45 33 C0              -  xor r8d,r8d
"GameAssembly.dll"+207F22: 48 8B D0              -  mov rdx,rax
"GameAssembly.dll"+207F25: E8 A6 6A FA FF        -  call GameAssembly.dll+1AE9D0
"GameAssembly.dll"+207F2A: 48 8B 5C 24 30        -  mov rbx,[rsp+30]
"GameAssembly.dll"+207F2F: 48 8B 74 24 38        -  mov rsi,[rsp+38]
"GameAssembly.dll"+207F34: 48 83 C4 20           -  add rsp,20
}
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      8
      <Description>"Add health"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(health,GameAssembly.dll,44 39 AD 84 00 00 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+1D727F)

label(code)
label(return)

newmem:

code:
  mov [rbp+00000084],#99
  cmp [rbp+00000084],r13d
  jmp return

health:
  jmp newmem
  nop 2
return:
registersymbol(health)

[DISABLE]

health:
  db 44 39 AD 84 00 00 00

unregistersymbol(health)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+1D727F

"GameAssembly.dll"+1D7253: 48 8B 88 B8 00 00 00  -  mov rcx,[rax+000000B8]
"GameAssembly.dll"+1D725A: 48 8B 09              -  mov rcx,[rcx]
"GameAssembly.dll"+1D725D: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+1D7260: 0F 84 7F 0C 00 00     -  je GameAssembly.dll+1D7EE5
"GameAssembly.dll"+1D7266: 41 8B 96 B0 00 00 00  -  mov edx,[r14+000000B0]
"GameAssembly.dll"+1D726D: 45 8D 45 0C           -  lea r8d,[r13+0C]
"GameAssembly.dll"+1D7271: 45 33 C9              -  xor r9d,r9d
"GameAssembly.dll"+1D7274: E8 67 D7 02 00        -  call GameAssembly.dll+2049E0
"GameAssembly.dll"+1D7279: 85 C0                 -  test eax,eax
"GameAssembly.dll"+1D727B: 41 0F 9F C4           -  setg r12l
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+1D727F: 44 39 AD 84 00 00 00  -  cmp [rbp+00000084],r13d
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+1D7286: 0F 84 37 0C 00 00     -  je GameAssembly.dll+1D7EC3
"GameAssembly.dll"+1D728C: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+1D728E: 48 8B CD              -  mov rcx,rbp
"GameAssembly.dll"+1D7291: E8 8A A1 01 00        -  call GameAssembly.dll+1F1420
"GameAssembly.dll"+1D7296: 84 C0                 -  test al,al
"GameAssembly.dll"+1D7298: 0F 85 25 0C 00 00     -  jne GameAssembly.dll+1D7EC3
"GameAssembly.dll"+1D729E: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+1D72A0: 48 8B CD              -  mov rcx,rbp
"GameAssembly.dll"+1D72A3: E8 58 A1 01 00        -  call GameAssembly.dll+1F1400
"GameAssembly.dll"+1D72A8: 84 C0                 -  test al,al
}
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      10
      <Description>"Add Magic"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Magic,GameAssembly.dll,00 8B BB 8C 00 00 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+201B02)

label(code)
label(return)

newmem:

code:
  mov [rbx+0000008C],#99
  mov edi,[rbx+0000008C]
  jmp return

Magic+01:
  jmp newmem
  nop
return:
registersymbol(Magic)

[DISABLE]

Magic+01:
  db 8B BB 8C 00 00 00

unregistersymbol(Magic)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+201B02

"GameAssembly.dll"+201ADE: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201AE0: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201AE3: E8 C8 F8 FE FF        -  call GameAssembly.dll+1F13B0
"GameAssembly.dll"+201AE8: 84 C0                 -  test al,al
"GameAssembly.dll"+201AEA: 0F 85 AD 00 00 00     -  jne GameAssembly.dll+201B9D
"GameAssembly.dll"+201AF0: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201AF2: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201AF5: E8 B6 F9 FE FF        -  call GameAssembly.dll+1F14B0
"GameAssembly.dll"+201AFA: 84 C0                 -  test al,al
"GameAssembly.dll"+201AFC: 0F 85 9B 00 00 00     -  jne GameAssembly.dll+201B9D
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+201B02: 8B BB 8C 00 00 00     -  mov edi,[rbx+0000008C]
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+201B08: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201B0A: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201B0D: E8 EE 25 FF FF        -  call GameAssembly.dll+1F4100
"GameAssembly.dll"+201B12: 3B F8                 -  cmp edi,eax
"GameAssembly.dll"+201B14: 0F 8D 83 00 00 00     -  jnl GameAssembly.dll+201B9D
"GameAssembly.dll"+201B1A: 48 8B 8B E0 00 00 00  -  mov rcx,[rbx+000000E0]
"GameAssembly.dll"+201B21: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+201B24: 0F 84 A3 00 00 00     -  je GameAssembly.dll+201BCD
"GameAssembly.dll"+201B2A: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201B2C: E8 DF EA 03 00        -  call GameAssembly.dll+240610
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
 
Marc

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
211
Hi all,

bought the trilogy today on steam (v4.29) and here's my attempt on this thing.

Features:
  • automatic filling of hitpoints and mana to their current maximum (roundabout 50 times per second)
  • feature to gain 10.000 gold after every won fight instead of the normal amount of gold
  • Editor for character stats (Level, XP, Hitpoints, Mana, Strength, Intelligence, Dexterity, Constitution and Luck) of the currently selected character.

tested only in Bards Tale Part 1 :ph34r:

have fun,
Marc
 

Attachments

DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
The first two worked a treat, thank you! Couldn't get the editor working, but that's probably because I wasn't holding my lips right.

Worse comes to worst and they don't work on Destiny Knight and Thief of Fate, I can always import the BT1 characters. The fun part is, they *should* work, as it's all one big happy engine, with bits and pieces of it interchangeable between games, including character mechanics.
 
Marc

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
211
Hm, strange. Just checked it, both scripts work on all 3 parts.
Changed the Pointer-Path of the character editor to a better one.
 

Attachments

DixieFlatline

DixieFlatline

Novice Cheater
Joined
Nov 9, 2018
Messages
15
Thanks. Will give it a look-see in a bit.

EDIT: That did it. everything working as intended, at least for BT1
 
joeyamine

joeyamine

Noobzor
Joined
Mar 16, 2018
Messages
9
I can't get the character editor to work. Have a character's subscreen pulled up with stats on display. Xs won't click in CE menu. All the pointers turn on just fine.
 
Marc

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
211
Strange, works fine here. Just re-installed the game.

Take a look at the three Backup Pointers in the table and check if they are pointing to another address.
If so, try moving the character editor values to one of the three backup-Pathes / changing the path of the character editor to one of the other three.
 
joeyamine

joeyamine

Noobzor
Joined
Mar 16, 2018
Messages
9
I'm not quite sure how to do that. Pointer 3 should have the same hex address as the editor line?
I'm in BT2, btw.
 
Marc

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
211
Easiest way is to select the first sub-entry (first character stat), shift-click the last item and keep the mouse button pressed. then drag&drop the whole block down to one of the alternative pathes.
 
Top