[COMPLETED] Exiled Kingdoms

May 26, 2017
44
2
8
#21
The most I've been able to edit is gold value and experience. I have to make the changes quickly, though, because the addresses change every minute or so. I'd love to know how to properly use CE to hack this game...

Edit: Oh! And editing item quantities works well. The best way to find the appropriate value is to move a stack of items into an inventory slot, scan for X amount of items, move another stack of items into that slot of a different item, and scan for the new X value. Only need to do about 3-4 scans and you'll end up with 2 values. One is a displayed value, the other one is the actual value. If you change both directly to, say 999, it'll be a permanent change.
 
May 26, 2017
44
2
8
#22
sprygary post_id=34304 time=1519633690 user_id=13385 said:
Helpfully all the stats are together when you do a memory region scan, so once you've found one the others are all next to each other.
Takagi post_id=34354 time=1519648365 user_id=3669 said:
Whoa, sprygary! Thanks a million! It did work! Got all stats at 10 in a minute :)

Edit: another nice idea: hack your EXP and quickly level up to like level 10, or 11 to easily hack your stats. Hack your stats AND hack your EXP again to level down a bit. To like level 3-5. You'll get one hit kills on most of the enemies. Note that some quest require a certain character level, but you can always hack your EXP again for quick level up / level down. Just change the number of EXP you have. It'll also help when you'll get a second character in your party. With you on level 3 and your supporter on much higher level it'll be very easy to progress in game.

Now all I hope to hack one day is reputation. Some quests here may be a real pain in the butt...
Could either one of you two please explain how to find all the stats in the same "region," please? I'm not completely sure what is meant by doing a "memory region scan." Does that mean dissect the data/structure in some way? Do you mean just browse to that memory region and then change all the codes from x to x+y to 10s?
 
May 26, 2017
44
2
8
#23
Ok, I figured out to just find the code for strength, and then add it to my list. Then I just copy it and paste the next code with an offset of 4, repeat 5 more times or whatever, and I get all 6 values for my traits. I changed them all to 210 (The equivalent of 20 points worth) and it capped out at 12 for everything... Oh well :)

Now I'm trying to figure out how to find attack speed on a specific item, and change it.
 
May 26, 2017
44
2
8
#25
I need to figure out how to move this mathmatical stuff into a variable that I can look at later in the table.

Either way, I think I've found a good injection point here for finding a base for the player, but I'm not sure. I still have to do more looking around.

Incidentally, can someone explain how the math works when it's done inside these brackets? Does it follow the standard mathematical priorities (Exponents/Squares,Multiply/Divide,Add/Subtract)?
Code:
code:
  mov [_PlayerBase1],edx //(Ideally, this is to find the address at edx+ebx*4+0C)
  mov [edx+ebx*4+0C],eax
  movzx ebx,byte ptr [esi+01]
  jmp return
I can't do the math after the comma and outside of the brackets, so how do I do the math and then turn that into an address?

I've also figured out that all inventory slots are offset from the first one by 4 incrementally. If you find the top left inventory slot, you can find the rest of them. Change the values in these locations, and you can give yourself any item in the game. I'm trying to create an AOB injection that will locate the code for me, and that's what the code above is part of, but I haven't been able to complete that goal.

If you want to find the location for the any inventory slot, the value of a lesser healing potion is 5000, and a lesser shielding potion is 5002. Hack money in the beginning of the game and buy those potions from the alchemist in Lannegar. Move them around and search for the change.

Once you've found the code, change the value to 721 for the Jester's Bow. There are a lot of different items, but certain values will crash the game.

Below is a list of item numbers that I've found (No intention to fully complete it). If you want 12 black shards, set the value to 2601 and lock it. Then move 12 of them into your vault.

**Important**
Once you've found the code, don't close and open your inventory before you go to edit the values, and don't keep any values locked before you close your inventory - or even for very long at all. It can crash...
Code:
---- Equipment ----
100 - Leather Cuirass
101 - Leather Leggings
102 - Leather Bracers
103 - Leather Boots
104 - Leather Cap
107 - Hardened Leather Gauntlets
120 - Buckler
177 - Leggings of the Shadow
196 - Shield of the Dragon Hunter
197 - Wisdom of the Seas
201 - Goblin Flesh-Cutter
212 - Heroic Helm
213 - Lionskin Leggings
214 - Boots of Balance
215 - Ironfoot Boots
216 - Sharkskin Boots
217 - Ruined Dragoon Boots
218 - Undermother's Hide
219 - Anointed Cuirass
220 - Jungle Boots
221 - Holy Helm
222 - *Crash*
250 - Ashen Chestplate
251 - Ashen Gauntlets
252 - Ashen Leggings
253 - Ashen Boots
254 - Ashen Helm
255 - Laminated Vest
256 - Kevlar Vest
257 - Conductive Vest
258 - Goggled Helmet
259 - Strange Hood
260 - Plexifiber Robes
339 - Hood of the Hermit

---- Weapons ----
364 - Staff of the Traveller
394 - First Winter
398 - Tesla Emitter
399 - Tesla Rod
402 - Lightning Dirk
403 - Hatchet
404 - Toecutter
405 - Flaming Hatchet
406 - Bluesteel Dirk
407 - Flaming Dirk
408 - Cursed Fang
409 - Main Gauche of the Shadows
410 - Dirk of the Gambler
411 - Dirk of Betrayal
501 - Iron Dagger
502 - Iron Shortsword
503 - Iron Longsword
552 - Adamantine Shortsword
553 - Adamantine Longsword
554 - Adamantine Greatsword
601 - Short Bow
610 - Primal Icicle
616 - Bone Maul
617 - Bone Mace
619 - Lightning Falchion of Defense
721 - Jester's Bow
726 - Soul Drinker
729 - Composite Bow
732 - Mist Hunter's Bow
738 - *Crash*
741 - Axe of the Minotaur Kings
750 - Nanocarbon Sword
751 - Pneumatic Mallet
752 - Nanocarbon Scalpel
753 - Ion Recurve
754 - Wyrmslayer
757 - Queen's Heart
800 - *Crash*

---- Items ----
1003 - Perfect Wolf Pelt
1019 - Giant Mamba Fang
1020 - Coral Snake Fang
1021 - A Gold Ingot
1022 - Small Ancient Battery
1023 - Large Battery
2004 - Small Diamond
2100 - Blue Orchid
2601 - Black Shard
2520 - Dartos' Ring of Isolation
2521 - Embalming Codex
2522 - Signed Petition
2523 - Small Brass Key
2524 - Troll Doll
2525 - Key 6
2526 - Ancient Steel Key
2527 - Key 2
2528 - Key 3
2529 - Sir Morfados' Remains
2530 - Zuz'sare's Charm
2531 - My Little Vorator
2532 - Magical Sapphire
2533 - Key 1
2534 - Key 4
2535 - Key 5
2536 - Magical Ruby
2537 - *Crash*
2618 - Broken Crown of Tol
2619 - Red Card
2620 - Blue Card
2621 - Green Card
2622 - Control Module
2623 - First Orb of Galade
2624 - Second Orb of Galade
2626 - The Mathrisian Codex
2627 - Ancient Smithy Hammer
2628 - Orange Card
2631 - Pointy Tool

---- Rings ----
3025 - Ring of Unlife
3026 - Ring of Vitality
3027 - Ring of Mentalism
3028 - The Abbot's Ring
3029 - Ivory Ring
3030 - Bishop's Ring
3031 - Ring of Holiness
3032 - Ring of the Bull
3033 - Ring of the Star Traveller
3039 - *Crash*

---- More Equipment ----
3204 - Essense Gloves
3205 - Gloves of the Explorer
3206 - Gauntlets of Might
3207 - Automated Gloves
3504 - Spectral Cloak
3505 - Iron Will Mantle
3506 - Primeval Mantle
3507 - Vorator Hide Mantle
3508 - Cloak of Might
4008 - Bloodied Scarf
4013 - Flame Pendant
4015 - Charm of the Great Seer
4020 - Amulet of Dark Whispers
4501 - Crown of Galade

---- Usable Items ----
5000 - Potion of Light Healing
5002 - Potion of Lesser Shielding
5013 - Ancient Tolassian Tome
5016 - Potion of Greater Healing
5022 - Golden Apple
5023 - Potion of Rejuv
5035 - Tome of Lost Wisdom
5036 - Elixer of Galade
5070 - Medipack
6009 - Scroll of Restoration
6011 - Scroll of Teleport

---- More Equipment ----
7007 - Girdle of the Rogue
7008 - Belt of Might
7009 - Blessed Belt of Agility
7010 - Belt of Force
 
May 26, 2017
44
2
8
#26
... And that's as updated as I'm going to bother to make that list of items. Feel free to add to it but, based on those items and the ability to scan for them within the inventory, and change the number and have it give you the item, the game and most quests should be very easy to complete.

Well, with that and everything else added in this thread.

I can't make a table, but I can have everything I'd ever need to enjoy the game from day 1.
 
May 26, 2017
44
2
8
#28
I couldn't agree more. If someone would point me into the direction of a tutorial of some sort on how to hack a java game, I might be able to figure it out eventually...
 
Mar 13, 2018
34
19
8
#29
Weapon List
https://docs.google.com/spreadsheets/d/1YcdTG8d-BtjblyLNGPyATqQS6o5ISguSYitky5Ri4-k/edit
Item List
https://docs.google.com/spreadsheets/d/1N3dSjCMMolSzlBnY8CuLHFzPXDG4vvXquXTSBjrZu2o/edit

Ripped from the game's source directly. I do java and assembly programming but I've never gotten around to learn the Java plugin for CE
Sigan post_id=38267 time=1521438350 user_id=6119 said:
Incidentally, can someone explain how the math works when it's done inside these brackets? Does it follow the standard mathematical priorities (Exponents/Squares,Multiply/Divide,Add/Subtract)?
Code:
code:
  mov [_PlayerBase1],edx //(Ideally, this is to find the address at edx+ebx*4+0C)
  mov [edx+ebx*4+0C],eax
  movzx ebx,byte ptr [esi+01]
  jmp return
You're free to message me privately if you need clarification or further help.
So I'm guessing you are new to assembly and how memory is read and written. (In 32x) EAX throught EDI are general purpose registers that store data in the processor. They are either set to an address or set to a value.
The brackets represent value of an address.
So "mov [eax], ebx" means write ebx to the address eax (Write to EAX)
And "mov eax, [ebx] means read the value of ebx to eax (Read EBX)

It's not really doing general math inside brackets, it will only accept addition and multiplication (Multiply first then add). It's important to know every address is 4 wide.
mov [edx+ebx*4+OC],eax let's assume this is probably an array/collection of some sort
EDX would be the base address where the collection is, 0C would be where the entries start and EBX would be the index
For Example: If EDX is 0x00C30000, and the array represents {1,4,2,5,6,2,5} then in memory it would be
Code:
MEMORY:
0x00C30000 Base
0x00C30004 ??
0x00C30008 ??
0x00C3000C 1
0x00C30010 4
0x00C30014 2
0x00C30018 5
0x00C3001C 6
0x00C30020 2
0x00C30024 5
If I wanted to read the 4th value of the array (which is 5) I would have EBX equal 3 (in assembly arrays start at 0)
in mov eax,[edx+ebx*4+0C], [0xC30000 + 3*4 + 0C], [C30000+C+C],[C30018] and value at 0xC30018 is indeed 5.

If you want to quickly get the address of [edx+ebx*4+0C] you can use
Code:
lea eax, [edx+ebx*4+0C]
mov [_PlayerBase], eax
lea stands for load effective address

If you actually want to do math in assembly then you have to use opcodes between the registers, now there are hundreds of opcodes but the most basic math functions would be: inc (increment) dec (decrement) add (Addition) sub (Subtraction) mul (Unsigned multiply)
if I wanted to add pHealth and pMana and store it at pValue for some reason I could do
Code:
push eax
push ebx
mov eax,[pHealth] // Read value at pHealth to eax
mov ebx,[pMana]   // Read value at pMana to ebx
add eax,ebx       // Add eax and ebx, the result is placed in eax
mov [pValue], eax // Write value of eax at pValue
pop ebx
pop eax

mov eax,[pHealth]
add eax,[pMana]

works too
As for cheating this particular game in a script. I can tell you that there is only one Lnet/fdgames/GameEntities/Final/Player; object loaded into the game at the start. It's superclass Lnet/fdgames/GameEntities/Character; contains a field of GameEntities/CharacterSheet which has the fields CharacterStats, CharacterInventory, SkillSet, CharacterTraits. Each of those should have everything you really need to control your character\
The Script
Code:
javaInjectAgent()
PlayerClass = java_findClass("Lnet/fdgames/GameEntities/Final/Player;")
PlayerObjects = java_findAllObjectsFromClass(PlayerClass)
Player = PlayerObjects[1]
Should give you the only reference to Player
 
May 26, 2017
44
2
8
#30
BringChaos post_id=38657 time=1521647254 user_id=14031 said:
Dude wrote a lot of things... Scroll up.
You're fantastic.

First, thank you for finding where those two lists were stored. Second, I'm glad my being new to all of this is obvious because I don't want to put on any kind of misrepresentation here.

I find Cheat Engine and game hacking fascinating. In some games - like Subnautica, for instance - I'm able to look at other people's codes that they've written, or look at a cheat table for a game built on a similar engine, and kind of mirror what I see. I've done some slight research and, although I haven't finished reading what you've wrote yet, I'm noticing that you're regurgitating a lot of what has already been said here on the forums in some posts around here. That's a good thing, because it shows me that, although you've only posted on this forum twice, you probably know what the hell you're talking about, as do the other people that have mentioned similar things.

To engage with what you've said, I'm going to have to do so in pieces. First, thank you for opening up the line of communication privately.

Okay, here goes...

I am new to assembly. I'm also a novice at java, I knew HTML enough to build my own website when I was in high school but I'm kinda rusty now. XML looks the same to me, so I go off that language. I was taught Basic at one point in my life as well, for fun, but I haven't used that in a long time. I used to like to write macros of my own for my Ultima Online character. I used a program called EasyUO and wrote the script myself completely. It made my character go fishing in random spots based on a runebook in his inventory, cut fish up in fishsteaks when he got overweight, cook the fishsteaks when he reached a certain threshold, sell the fishsteaks to the butcher NPC, put the gold in the bank, and return to fishing. It was pages long and, if I still had it, I'd love to show it off. It was so much fun to make, and it was awesome and it made me rich in the game! Lolz... I digress...

My point is, I'm fascinated by coding but I'm very limited in my understanding of it. I appreciate you taking the time to tell me how the brackets in the language affects it. One thing I didn't understand is what it means when you say, "mov eax, [ebx] means read the value of ebx to eax". I thought a mov command was moving a value into an address - which I see that it is when the brackets are on the left register - but I don't understand what it means to "read the value" to an address. Does the cpu have to show that address the pictures too? :)

You said that the address that I found of [edx+ebx*4+0C] is not doing general math. Doing multiplication and addition is general math so... I'm not sure I understand this yet.

At the end there, it seems you've found everything I was looking for, but now I have to figure out how to write it into Cheat Engine to get it to work in the way I'd like it to. For instance, normally what I like to do is find a base address that everything else can be mathematically processed from, then write them all as separate codes in the table. So, the first script would find whatever that address is while the process is running for the base character, and then I'd have things underneath.

X Find Player
- Infinite Health Script
- Current Health Value Pointer
- Infinite Mana Script
- Current Mana Pointer
X Find Base Inventory
- Inventory Slot 1 Item
- Stack Amount
- Inventory Slot 2 Item
- Stack Amount
....

Normally the way I figure all that out is by using an AOB injection on a base address. Then, I write in my variable of something like [_PLayerBase], and have that register write its value to the variable. In the Cheat Table, I write my addresses like this, based on what I find within my Cheat Engine searches:
Player Health: [_PlayerBase] + 4
Player Mana: [_PlayerBase] + 8
Player Inventory Slot 1 (Just so happens to be, sometimes, in some games, based off of that _PlayerBase address): [_PlayerBase] + 60
...

The way I figure this stuff out, typically, is a hard way I'm sure. I scan for player health, find my base address that always works to inject within, and search for other addresses. I manually look for patterns ("Wow, mana is always stored 8 bytes away from Health...), and work with them. If I notice that strength and intelligence are separated by only 4 bytes, I'm liable to plug in the next few addresses that are 4 bytes away, plug in some numbers, and see if the game crashes or I achieve my hopes.

I'd like to understand both Java, and Cheat Engine better. It's fun to me. I think with help like this, from people like you, I can accomplish such a goal. Thank you.

P.S. If you could show me how you ripped all that information into such a clean, neat document on google, I'd appreciate knowing that little trick too... ;)
To top all of this off, if you showed me how you accessed the game files in that way, I could write mods that would negate the need to cheat. I mod some of my games as well, if that's the path of less resistance to achieving my goals.
 
Mar 13, 2018
34
19
8
#31
Sigan post_id=38750 time=1521691604 user_id=6119 said:
P.S. If you could show me how you ripped all that information into such a clean, neat document on google, I'd appreciate knowing that little trick too... ;)
To top all of this off, if you showed me how you accessed the game files in that way, I could write mods that would negate the need to cheat. I mod some of my games as well, if that's the path of less resistance to achieving my goals.
The game is using a wrapper around a jar to make it look like a normal program ("exiledkingdoms.exe") but like a jar you can open the executable with WinRAR and browse its contents (Don't steal assets okay guys? :'( ). I found the items in data/rules/items.txt. You can easily mod the game through assets but through code would be harder as the source is obfuscated, though you can edit java methods directly from CE while its running but that requires java bytecode knowledge.

I actually first looked for XP of the character to start off with. I found it pretty easy. I used java_getObjectHandleToAddress(address), java_getObjectClass(jObject), java_getClassSignature(jClass) and ended up with the class Lnet/fdgames/GameEntities/CharacterSheet/CharacterStats;
Then I used the Java->Dissect Classes and found it in the list to see what else that Class held.

Honestly I haven't played the game for longer than killing 3 goblins dudes over and over again. So I don't know how the game functions. I can tell you that it goes STR,END,AGI,INT,AWA,PER in the code itself.

If you are willing to learn from others code. You can try this table out, all it does it print the characters XP to the output. I left some functions commented out that will be useful.
 

Attachments

May 26, 2017
44
2
8
#33
Alright, so I'm completely lost in how your code works. It clearly does work, but I don't think I understand Java enough to look at that code and tell what's going on. I think if I had a better understanding of java basics, I could just read it like a book, but this is well out of my depth right now.

I'm not sure how you created a script that, when activated, makes another script.

You're clearly a valuable asset to these forums, though. You should be posting more often. LoLz

As well, I've found all the files you mentioned within the exe using WinRar. Thanks for that. I'd like to edit some values in one of the text files, but when I go to update the archive, it tells me the archive is corrupt and I can't do it. How do I do this correctly?

I'm also trying to edit them in Notepad ++, but it looks like they're meant to be viewed and edited in a spreadsheet software. Does any of this stuff have an effect on the file and how it's handled?
 
Mar 13, 2018
34
19
8
#34
Sigan post_id=38828 time=1521732037 user_id=6119 said:
Alright, so I'm completely lost in how your code works. It clearly does work, but I don't think I understand Java enough to look at that code and tell what's going on. I think if I had a better understanding of java basics, I could just read it like a book, but this is well out of my depth right now.
The script is in lua. See "Cheat Engine 6.7/celua.txt" and "Cheat Engine 6.7/autorun/java.lua" for general lua functions and specific ones for java programs.
Code:
function java_getCapabilities()
function java_StartListeneningForEvents()
function java_getLoadedClasses()
function java_pushLocalFrame(count)
function java_popLocalFrame(result) --result can be nil
function java_dereferenceLocalObject(object)
function java_cleanClasslist(classlist)
function java_getClassMethods(class)
function java_getClassFields(class)
function java_getAllClassFields(class)
function java_getImplementedInterfaces(class)
function java_findReferencesToObject(jObject)
function java_redefineClassWithCustomData(class, memory)
function java_redefineClassWithCustomClassFile(class, filename)
function java_getClassData(class)
function java_writeClassToDisk(class, filename)
function java_getMethodName(methodid)
function java_parseSignature_type(sig, i)
function java_parseSignature_method(sig, i, result)
function java_parseSignature(sig)
function java_invokeMethod_sendParameter(typeid, a, skiptypeid)
function java_invokeMethod(object, methodid, ...)
function java_findMethod(class, name, sig)
function java_findClass(signature)
function java_findAllObjectsFromClass(jClass)
function java_addToBootstrapClassLoaderPath(segment)
function java_addToSystemClassLoaderPath()
function java_getFieldDeclaringClass(klass, fieldid)
function java_getFieldSignature(klass, fieldid)
function java_getField(jObject, fieldid, signature)
function java_setField(jObject, fieldid, signature, value)
function java_search_start(value, boolean)
function java_search_refine(scantype, scanvalue)
function java_search_getResults(maxresults)
function java_search_finish()
function java_foundCodeDialogClose(sender)
function java_MoreInfoDblClick(sender)
function java_foundCodeDialog_MoreInfo_OnDestroy(sender)
function java_createEntryListView(owner)
function java_foundCodeDialogLVDblClick(sender)
function java_findWhatWrites(object, fieldid)
function java_stopFindWhatWrites(id)
function java_getMethodDeclaringClass(methodid)
function java_getObjectHandleToAddress(address)
function java_getObjectClass(jObject)
function java_getClassSignature(jClass)
function java_getSuperClass(jClass)
function java_OpenProcessAfterwards()
function java_OpenProcess(processid)
function java_settingsClose(sender)
function java_settingsShow(sender)
function java_initialize()

In the lua integration there are the object types: address ("0x00000000"), jObject, jClass, field, method (these four exist as they do in Java), and then signature follows the package you see at the top java classes when programming in java.

Right click "Enable Java Agent" and check the bottom-most setting "Group config". It isn't making a script, its hiding its children when deactivated.

I was active on the original Cheat Engine forums. I never moved over to FRF, I just had my friend CompactDisc post anything I did for me.

I've never updated a jar before myself but https://docs.oracle.com/javase/tutorial/deployment/jar/update.html ("java jar" in commandline) should be how you do it.

No clue what software they used to edit their files. The format is each entry is separated by a tab. In notepad++ you can use View -> Show Symbol -> Show All Character to help you understand.
 
May 26, 2017
44
2
8
#35
I see... without what software they used to edit their files, it's impossible to modify it accurately? Would that be a correct assumption?

And, I appreciate the effort you're putting in to help me understand, but at this point I have to say I'm a bit lost in it all. In the beginning, we were talking about the ABC's, and then you decided to regale me in the finer, poetic version of the English language. I was hanging in there when I said, "I think that's a B, and that one's a C. Why is K before L?"

LoLz... I think I need more of the basics of understanding code in a more general sense, I guess, to fully understand what I'm looking at.

For instance, when it says "function java_parseSignature_method(sig, i, result)" I have no context for anything about what that means. I can read all those words, and I know what a signature is in a general sense, but I'm not sure how to even call on that function correctly, let alone what it would do for me. It might as well be written in German. And... that's just one of those phrases that I don't have enough context to understand.

Not that any of this is your fault. Like I said, I appreciate you making such an obvious effort and, for the benefit of the community, I'd love to keep you talking about this because, although I don't comprehend everything you're painstakingly writing, it might be good for the community to see an open dialogue about how to hack a java game. Especially considering one comment was that you can't make a table for a java game, because they're too difficult.

Such a statement may have some kinds of truth to it, but figuring out the best way to modify a game like this together, and documenting the reasons, could be helpful.

Anyway, let me see... I have an example of a table that I made here. Let me upload it so you can see what my basic understanding of how to inject a code is, and that should give you an idea of how little I'm ready for up front. Haha...

You'll notice in both of these cheat tables (for different, outdated versions of Subnautica), that some of the codes on the table aren't mine. I have no idea how they work, I just knew they did. On 59783, everything under the "Activate Cheat Table" code is someone else's, from either this forum or the old one. Vehicle Health Base Script and down is my codes that I searched for and found good injection points for, and made pointers for. On the older table, 49182, everything under the title, "Open," was written by someone else. Everything from, "Infinite Oxygen," and down is my coding. Notice I put all the scripts together in a section, and grouped all the pointers those scripts created in their own, collapsible section. That's how I prefer to organize things. I like the scripts that prevent losing health, but I'd also like to see the pointer and the exact value of my health at times, and I prepare for that.

Anyway, the strategy involved for creating the pointers and the scripts is all based off Stephen Chapman's stuff on YouTube. If you watch his videos, you'll see the exact same pattern he taught being applied to all of my codes.

This is the pattern I'd like to set up for any kinds of cheats I'd be able to write. What do you think?
 

Attachments

sprygary

What is cheating?
Feb 26, 2018
3
0
1
#36
Sigan post_id=38258 time=1521431760 user_id=6119 said:
Ok, I figured out to just find the code for strength, and then add it to my list. Then I just copy it and paste the next code with an offset of 4, repeat 5 more times or whatever, and I get all 6 values for my traits. I changed them all to 210 (The equivalent of 20 points worth) and it capped out at 12 for everything... Oh well :)

Now I'm trying to figure out how to find attack speed on a specific item, and change it.
It's quicker if you just right click the address and "Browse this Memory Region". It's all in hex but a right click and Display Type will display it however you like.
 
Mar 13, 2018
34
19
8
#37
Sigan post_id=39014 time=1521837387 user_id=6119 said:
Just putting this table out there. I tried to make small debug scripts to reverse engineer the java and then put a large pointer chain as a table.
To use starts the game, load into a save, attach to process, click "Enable Java Agent", run around in game as it can take awhile, then it should eventually load the symbol list and allow the pointers to work.







For an example of how to use the debug scripts:
Let's say I wanted to dissect what CharacterStats


Here its base address is 0x0C1D6658, I can plug it into "Address to Object" then run the script


If it prints out a non-zero number then I know it worked, next I run the scripts "Object info" and "Class info"


If you expand CharacterStats on the table you can see that all the fields printed out have been placed in its table.
5 66 XP I means 5th field, 66 offset, "XP" signature, "I" type (Integer)
To find the pointer offset I divide 66 by 4, then convert to hexadecimal (66/4 = 16 -> 0x10)

Hard to think right now, so feel free to ask any questions. I might make a video later to make the whole thing from scratch.
 

Attachments

May 26, 2017
44
2
8
#38
Two things:

1. Excellent job, I'm sure the video is necessary for everyone to benefit from. As well, you've given the people what they've asked for. I haven't tested it yet but, if it doesn't work, you're waaay further toward a functional copy of a table for this game than anyone else took the time to do. You have my respect. As well, your last thing that you did worked as you advertised, so I'm ready to believe that this works without bothering testing it.

2. I'm still confused because, although you seem to be speaking the correct language, and with basic concepts presented, I don't have time to get into the game right now, so I can't test it out and see your words in practice at the moment.

I look forward to testing this out and seeing where this conversation goes. Thank you.


sprygary - I'm sure that's a better way. I didn't know how to do that. Pictures might help, but again, with some time to tinker around I can probably figure out what you're words are telling me to do. Thank you for your insight. :)
 
Top Bottom