I made a cheat table for v1.0.7 where you can get all items from the beginning by purchasing only one item in the first shop you encounter,
this can be modified to be called from hijacking a thread and looping through all items and calling the adding item function but if you don't want to do that you can just use this.
It can be also updated for v1.0.8 but since I don't have that version I can't do it.
You also need to use MancombSeepgood's cheat table to make this work. (because it depends on GEngine symbol)
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>89891</ID>
<Description>"ItemList"</Description>
<LastState Value="14266748" RealAddress="7FB89FA2B6E0"/>
<ShowAsSigned>0</ShowAsSigned>
<VariableType>8 Bytes</VariableType>
<Address>GEngine</Address>
<Offsets>
<Offset>0</Offset>
<Offset>938</Offset>
<Offset>820</Offset>
<Offset>50</Offset>
<Offset>3D8</Offset>
<Offset>80</Offset>
<Offset>7A8</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>88852</ID>
<Description>"All items after purchase"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{ Game : ScarletNexus-Win64-Shipping.exe
Version:
Date : 2023-09-20
Author : kamay
This script does blah blah blah
}
define(address,"ScarletNexus-Win64-Shipping.exe"+1137B3D)
define(bytes,E8 7E 9E E7 FF)
{$lua}
local addressList = getAddressList()
local itemList = addressList.getMemoryRecordByDescription('ItemList')
local strDefine = "define(item_list_start, " .. ("%08X"):format(tostring(itemList.getCurrentAddress())) .. ")"
return strDefine
{$asm}
define(item_list_end,item_list_start+22E0)
[ENABLE]
registersymbol(item_list_start)
registersymbol(item_list_end)
assert(address,bytes)
alloc(newmem,$1000,"ScarletNexus-Win64-Shipping.exe"+1137B3D)
label(code)
label(return)
newmem:
code:
mov rdx,item_list_start
loop:
push r8
push r9
push rdx
push rcx
sub rsp,100
mov byte ptr[rsp+28],0
mov byte ptr[rsp+20],0
call ScarletNexus-Win64-Shipping.exe+FB19C0
add rsp,100
pop rcx
pop rdx
pop r9
pop r8
add rdx,8
push rax
mov rax,item_list_end
cmp rdx,rax
pop rax
je return
jmp loop
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// call ScarletNexus-Win64-Shipping.exe+FB19C0
dealloc(newmem)
unregistersymbol(item_list_start)
unregistersymbol(item_list_end)
{
// ORIGINAL CODE - INJECTION POINT: ScarletNexus-Win64-Shipping.exe+1137B3D
ScarletNexus-Win64-Shipping.exe+1137B0A: 0F 8E CE 01 00 00 - jng ScarletNexus-Win64-Shipping.exe+1137CDE
ScarletNexus-Win64-Shipping.exe+1137B10: 49 63 06 - movsxd rax,dword ptr [r14]
ScarletNexus-Win64-Shipping.exe+1137B13: 41 B1 01 - mov r9b,01
ScarletNexus-Win64-Shipping.exe+1137B16: 48 8B 97 38 09 00 00 - mov rdx,[rdi+00000938]
ScarletNexus-Win64-Shipping.exe+1137B1D: C6 44 24 28 00 - mov byte ptr [rsp+28],00
ScarletNexus-Win64-Shipping.exe+1137B22: C6 44 24 20 00 - mov byte ptr [rsp+20],00
ScarletNexus-Win64-Shipping.exe+1137B27: 48 8D 0C C5 00 00 00 00 - lea rcx,[rax*8+00000000]
ScarletNexus-Win64-Shipping.exe+1137B2F: 48 89 4D 77 - mov [rbp+77],rcx
ScarletNexus-Win64-Shipping.exe+1137B33: 48 03 D1 - add rdx,rcx
ScarletNexus-Win64-Shipping.exe+1137B36: 48 8B 8F A8 03 00 00 - mov rcx,[rdi+000003A8]
// ---------- INJECTING HERE ----------
ScarletNexus-Win64-Shipping.exe+1137B3D: E8 7E 9E E7 FF - call ScarletNexus-Win64-Shipping.exe+FB19C0
// ---------- DONE INJECTING ----------
ScarletNexus-Win64-Shipping.exe+1137B42: 48 8D 05 EF 1D 8F 02 - lea rax,[ScarletNexus-Win64-Shipping.exe+3A29938]
ScarletNexus-Win64-Shipping.exe+1137B49: C7 45 C3 63 00 00 00 - mov [rbp-3D],00000063
ScarletNexus-Win64-Shipping.exe+1137B50: 48 89 45 A7 - mov [rbp-59],rax
ScarletNexus-Win64-Shipping.exe+1137B54: 48 8D 15 7D 34 81 02 - lea rdx,[ScarletNexus-Win64-Shipping.exe+394AFD8]
ScarletNexus-Win64-Shipping.exe+1137B5B: 33 C0 - xor eax,eax
ScarletNexus-Win64-Shipping.exe+1137B5D: C7 45 C7 E8 03 00 00 - mov [rbp-39],000003E8
ScarletNexus-Win64-Shipping.exe+1137B64: 0F 57 C0 - xorps xmm0,xmm0
ScarletNexus-Win64-Shipping.exe+1137B67: 48 89 45 AF - mov [rbp-51],rax
ScarletNexus-Win64-Shipping.exe+1137B6B: 48 8D 4D 1F - lea rcx,[rbp+1F]
ScarletNexus-Win64-Shipping.exe+1137B6F: 48 89 45 B7 - mov [rbp-49],rax
}
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable>