VampTY wrote: ↑Fri Dec 10, 2021 5:08 pm
cfemen, Think you can find some spare time and find the address for TIMER recording (to modify however you want
), the entire played time per new game or loaded game?Meaning the final time at the end, even if you''ll finish the game or not at 100%, just the final time!?
well, quick script:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>27346</ID>
<Description>"Get Savegame Time "</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : ShantaeSiren.exe
Version:
Date : 2021-12-10
Author : cfe
This script does blah blah blah
}
[ENABLE]
aobscanmodule(aobGetTimeBeforeSprintf,ShantaeSiren.exe,F3 0F 10 41 14 33) // should be unique
alloc(newmem,$1000,aobGetTimeBeforeSprintf)
label(code)
label(return)
label(pSlots)
registersymbol(pSlots)
label(JAgain)
label(JOut)
newmem:
code:
movss xmm0,[rcx+14]
push rax
push rbx
xor rbx,rbx
mov rax,pSlots
JAgain:
cmp qword ptr[rax+rbx*8],0
jne short @f
mov [rax+rbx*8],rcx
jmp JOut
@@:
cmp qword ptr[rax+rbx*8],rcx
je JOut
inc rbx
jmp JAgain
JOut:
pop rbx
pop rax
jmp return
pSlots:
dq 0
dq 0
dq 0
aobGetTimeBeforeSprintf:
jmp newmem
return:
registersymbol(aobGetTimeBeforeSprintf)
[DISABLE]
aobGetTimeBeforeSprintf:
db F3 0F 10 41 14
unregistersymbol(aobGetTimeBeforeSprintf)
dealloc(newmem)
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>27347</ID>
<Description>"Slot1 ( Seconds ) ->"</Description>
<LastState Value="2966.639404" RealAddress="2A460A321FC"/>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>Float</VariableType>
<Address>pSlots</Address>
<Offsets>
<Offset>14</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>27348</ID>
<Description>"Slot2 ( Seconds ) ->"</Description>
<LastState Value="363.9006653" RealAddress="2A460A763FC"/>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>Float</VariableType>
<Address>pSlots+8</Address>
<Offsets>
<Offset>14</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>27349</ID>
<Description>"Slot3 ( Seconds ) ->"</Description>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>Float</VariableType>
<Address>pSlots+10</Address>
<Offsets>
<Offset>14</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
how it works:
activate script before you press
Start
scripts has 3 pointer to get the time ( in seconds as float) for each save slot
e.g this is saveslot 2 and the value is (float)360 = 6 minutes
I've changed it to 999999999
then loaded the slot, saved the game and the altered time is saved in the savegame forever.
after game restart:
if you want to update it look for stuff like this:
Code: Select all
lea rdx,[ShantaeSiren.exe+589F70] { ("%02u : %02u") }
this is a format string that gets loaded before
ShantaeSiren.exe+BAF0 is called.
ShantaeSiren.exe+BAF0 =
[Link]
sprintf is used to write integers or other variable-types into a buffer to create a string.
the game is using sprintf to create the text for the UI that contains the time for each savegame,thats how I found the time without any memory scanning ( did a breakpoint on the 0xC3 return on sprintf while pressing
start )
Edit:
some more infos:
the struct that is containing the time is called "GameplayState"
some of the stuff I figured out about the GameplayState:
- +0x14 = playtime in seconds
+0x8 = a vector3 with the saved player position
+0x24 and +0x28 is worldMapPos X/Y
+0x18 = PlayerType
+0x1C = Chapter
+0x20 = GameState ? (not sure about that)
+0x32 is "hasPlayed?" flag
+0x33 is "isPart1Complete?" flag
+0x34 is "hasCompletedPart1Ever?" flag
+0x35 to 0x4E = more flags, didn't check them
+0x18c = gemMachinesActivatedAmount
+0x190 = totalAchievementAmount
there is more but didn't check all of it, but I guess you can control/alter lots of stuff over that flags
the default "PlayerType" is zero, I changed it to 1 and now my player looks like this lul:
some more infos:
your "heart" injection point:
RAX = PlayerManager->PlayerEntity->DefenseComponent
+0x368 = float current health
+0x364 = float max health
but more interesting is the PlayerEntity:
PlayerEntity + 0x1748 = developer damage multiplier
PlayerEntity + 0xAB7 = developer fly cheat but toggle it does nothing, also calling it with a instance of the entity does nothing
PlayerEntity + 0x9B4 = Visibility
PlayerEntity + 0x9B0 = Gravity
PlayerEntity + 0x9B8 = Invincible Timer
PlayerEntity + 0xA70 = developer god/Invincible flag
PlayerEntity + 0x8E4 = Move Speed
PlayerEntity + 0x1818 = Jump Count
and in the PlayerManager:
PlayerManager + 0x1F2 = developer inf. magic flag
well, im out ( btw Im still using the version 7446520 and the current version seems to be 774057 )
//
Last Edit:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>27393</ID>
<Description>"Freeze Time"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscanmodule(aobWriteTime,ShantaeSiren.exe, F3 0F 58 C6 F3 0F 11 05 ** ** ** ** ) // should be unique
aobWriteTime:
db 90 90 90 90
registersymbol(aobWriteTime)
[DISABLE]
aobWriteTime:
db F3 0F 58 C6
unregistersymbol(aobWriteTime)
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>
(copy all code and press ctrl+v into cheat engine bottom section to create a script record)
this script is preventing the game from increasing the playtime while ingame.
Code: Select all
F3 0F10 05 D919A700 - movss xmm0,[ShantaeSiren.exe+BABFC4]
F3 0F58 C6 - addss xmm0,xmm6
F3 0F11 05 CD19A700 - movss [ShantaeSiren.exe+BABFC4],xmm0
thats the spot, my script is NOPing the "addss" so nothing is added to the time.
this static address is used while saving the game to write the added time to the GameplayState.
//
note : Im not interested in playing the game, it was just fun for me to dissect the engine so that I can find everything without using memory-scans.
The first table was just a small contribution with options that will 100% work.
e.g One Hit Kill / Damage Multiplier would require test it on all enemies and bosses to make sure it works and does not bug the game ( especially on bosses if they have multiple states )
also the time snippets, I didn't test them if they work to complete the game in under "xx:xx" time, just posting these snippets here as example how to find the time and how its calculated.