Shantae and the Pirate's Curse

[STN]

Game : Shantae and the Pirate's Curse
Version : 1.03 (Steam 01-22-2017)
Date : 01-22-2017
Author : JizzaBeez

Cheats:
* Invincible
* Unlimited Health
* Unlimited Items
* Money Pickup x10
* No Shop Cost
* Edit inventory items, etc...

How to use the table:
1) Run the game 'ShantaeCurse.exe'.
2) Open Cheat Engine 6.6+ (below not tested).
3) Select the process 'ShantaeCurse.exe'.
4) Open the table 'ShantaeCurse.ct'.
5) Click '>>> ACTIVATE <<<' to enable the table.
6) Enable/Disable the cheats you want...
7) Edit structure record values...
8) Play the game and win!!!1!!1!1 ...
9) Click '>>> DEACTIVATE <<<' before closing.

Table info:
* 'Unlimited Health' and 'Invincibility' do not protect against some spikes, falling, or getting crushed.
* 'Unlimited Items' does not work with Flares or when giving items...
* The structure pointers will load when the code is accessed. Take damage for pHealth, collect money for pInventory.
* Most items can be edited into the inventory, but some have bools/counts that need to be in place for the game to recognize it.

Credit to @Cake-san for finding the invulnerable code. I updated the 'player check' so it will work all the time now.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[shiningriver]

For some reason, the table only toggles activate and deactivate. The options do not show up.

[VampTY]

Check the one made by me for PLAZA latest version, look on MY TABLES.. perhaps i'll buy the full version on STEAM as well!

[Scarpetti]

Hello,
I think I've figured out why the table isn't working.

Spoiler

[ENABLE]
// AOB SCANS
aobscanmodule(AOB_Health,ShantaeCurse.exe,66 89 41 54 8B 49 70)
aobscanmodule(AOB_Money,ShantaeCurse.exe,01 81 8C 11 00 00)
aobscanmodule(AOB_UseItem,ShantaeCurse.exe,FE 8C 30 14 11 00 00 5E 5B)
aobscanmodule(AOB_ShopCostCheck,ShantaeCurse.exe,3B 84 8B 98 11 00 00)
aobscanmodule(AOB_ShopCost,ShantaeCurse.exe,8B 81 8C 11 00 00 8B 55 08)
aobscanmodule(AOB_Invincible,ShantaeCurse.exe,66 83 BE 64 09 00 00 00)


// ALLOC MEMORY
alloc(newmem,$1000)
globalalloc(pHealth,8)
globalalloc(pInventory,8)
globalalloc(pInvincible,8)
globalalloc(pHealthCheat,4)
globalalloc(pUseItemCheat,4)
globalalloc(pMoneyCheat,4)
globalalloc(pShopCostCheat,4)
globalalloc(pInvincibleCheat,4)


// LABELS
label(newHealth)
label(codeHealth)
label(returnHealth)

label(newMoney)
label(codeMoney)
label(returnMoney)

label(newUseItem)
label(codeUseItem)
label(returnUseItem)

label(newShopCostCheck)
label(codeShopCostCheck)
label(returnShopCostCheck)
label(newShopCost)
label(codeShopCost)
label(returnShopCost)

label(newInvincible)
label(codeInvincible)
label(returnInvincible)


// REGISTER SYMBOLS
registersymbol(AOB_Health)
registersymbol(AOB_Money)
registersymbol(AOB_UseItem)
registersymbol(AOB_ShopCostCheck)
registersymbol(AOB_ShopCost)
registersymbol(AOB_Invincible)


// MEMORY START
newmem:


// HEALTH
newHealth:
mov [pHealth],ecx // read here
cmp dword ptr [pHealthCheat],1 // cheat check
jne codeHealth
cmp word ptr [ecx+54],ax // compare health with new value
jl codeHealth // new was more, jump to original code
mov ax,word ptr [ecx+54] // get health
mov edx,eax // move health to new value
mov [ebp+08],edx // move health to new value
jmp codeHealth // continue code
codeHealth:
mov [ecx+54],ax
mov ecx,[ecx+70]
jmp returnHealth


// MONEY
newMoney:
mov [pInventory],ecx // read here
cmp dword ptr [pMoneyCheat],1 // cheat check
jne codeMoney
imul eax,#10 // money cheat
jmp codeMoney
codeMoney:
add [ecx+0000118C],eax
jmp returnMoney


// USE ITEM
newUseItem:
cmp dword ptr [pUseItemCheat],1 // cheat check
jne codeUseItem
jmp returnUseItem
codeUseItem:
dec [eax+esi+00001114]
jmp returnUseItem


// SHOP COST CHECK
newShopCostCheck:
cmp dword ptr [pShopCostCheat],1 // cheat check
jne codeShopCostCheck
cmp eax,eax
jmp returnShopCostCheck
codeShopCostCheck:
cmp eax,[ebx+ecx*4+00001198]
jmp returnShopCostCheck

// SHOP COST
newShopCost:
cmp dword ptr [pShopCostCheat],1 // cheat check
jne codeShopCost
pop ebp
ret 0004
jmp returnShopCost
codeShopCost:
mov eax,[ecx+0000118C]
jmp returnShopCost


// INVINCIBLE
newInvincible:
// compare entity name. [esi+04]: kEntityType_Player, etc.
cmp dword ptr [esi+00000010],79616C50 // "yalP"
jne codeInvincible
cmp dword ptr [pInvincibleCheat],1 // cheat check
jne codeInvincible
cmp word ptr [esi+00000964],FF
jmp returnInvincible
codeInvincible:
cmp word ptr [esi+00000964],00
jmp returnInvincible


// HEALTH INJECT
AOB_Health: // "ShantaeCurse.exe"+C38F:
jmp newHealth
nop
nop
returnHealth:


// MONEY INJECT
AOB_Money: // "ShantaeCurse.exe"+95DF6:
jmp newMoney
nop
returnMoney:


// USE ITEM INJECT
AOB_UseItem: // "ShantaeCurse.exe"+DD942:
jmp newUseItem
nop
nop
returnUseItem:


// SHOP COST CHECK INJECT
AOB_ShopCostCheck: // "ShantaeCurse.exe"+9E5C8:
jmp newShopCostCheck
nop
nop
returnShopCostCheck:

// SHOP COST INJECT
AOB_ShopCost: // "ShantaeCurse.exe"+9F6B3:
jmp newShopCost
nop
returnShopCost:


// INVINCIBLE INJECT
AOB_Invincible: // "ShantaeCurse.exe"+10F82B:
jmp newInvincible
nop
nop
nop
returnInvincible:


{$lua}
-- change record display
local al = getAddressList()
local mr = al.getMemoryRecordByID(0)
mr.Color = 0x0000FF -- red
mr.Description = ">>> DEACTIVATE <<<"
-- play sound
local ms = createMemoryStream()
ms.loadFromFile("C:\\Windows\\Media\\ir_begin.wav")
playSound(ms)
ms.destroy()
{$asm}


[DISABLE]
// HEALTH RESTORE
AOB_Health: // "ShantaeCurse.exe"+C38F:
db 66 89 41 54 8B 49 70


// MONEY RESTORE
AOB_Money: // "ShantaeCurse.exe"+95DF6:
db 01 81 8C 11 00 00


// USE ITEM RESTORE
AOB_UseItem: // "ShantaeCurse.exe"+DD942:
db FE 8C 30 14 11 00 00


// SHOP COST CHECK RESTORE
AOB_ShopCostCheck: // "ShantaeCurse.exe"+9E5C8:
db 3B 84 8B 98 11 00 00

// SHOP COST RESTORE
AOB_ShopCost: // "ShantaeCurse.exe"+9F6B3:
db 8B 81 8C 11 00 00


// INVINCIBLE RESTORE
AOB_Invincible: // "ShantaeCurse.exe"+10F82B:
db 66 83 BE 64 09 00 00 00


// UNREGISTER SYMBOLS
unregistersymbol(AOB_Health)
unregistersymbol(AOB_Money)
unregistersymbol(AOB_UseItem)
unregistersymbol(AOB_ShopCostCheck)
unregistersymbol(AOB_ShopCost)
unregistersymbol(AOB_Invincible)
unregistersymbol(pHealth)
unregistersymbol(pInventory)
unregistersymbol(pInvincible)
unregistersymbol(pHealthCheat)
unregistersymbol(pMoneyCheat)
unregistersymbol(pUseItemCheat)
unregistersymbol(pShopCostCheat)
unregistersymbol(pInvincibleCheat)


// DEALLOC MEMORY
dealloc(pHealth)
dealloc(pInventory)
dealloc(pInvincible)
dealloc(pHealthCheat)
dealloc(pMoneyCheat)
dealloc(pUseItemCheat)
dealloc(pShopCostCheat)
dealloc(pInvincibleCheat)
dealloc(newmem)


{$lua}
local al = getAddressList()
local mr = al.getMemoryRecordByID(0)
mr.Color = 0x008000 -- green
mr.Description = ">>> ACTIVATE <<<"
-- play sound
local ms = createMemoryStream()
ms.loadFromFile("C:\\Windows\\Media\\ir_end.wav")
playSound(ms)
ms.destroy()
{$asm}


{ AOB_Health
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+C38F
"ShantaeCurse.exe"+C37B: CC - int 3
"ShantaeCurse.exe"+C37C: CC - int 3
"ShantaeCurse.exe"+C37D: CC - int 3
"ShantaeCurse.exe"+C37E: CC - int 3
"ShantaeCurse.exe"+C37F: CC - int 3
"ShantaeCurse.exe"+C380: 55 - push ebp
"ShantaeCurse.exe"+C381: 8B EC - mov ebp,esp
"ShantaeCurse.exe"+C383: 8B 0D D0 26 6E 00 - mov ecx,[ShantaeCurse.exe+2F26D0]
"ShantaeCurse.exe"+C389: 8B 55 08 - mov edx,[ebp+08]
"ShantaeCurse.exe"+C38C: 0F B6 C2 - movzx eax,dl
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+C38F: 66 89 41 54 - mov [ecx+54],ax
"ShantaeCurse.exe"+C393: 8B 49 70 - mov ecx,[ecx+70]
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+C396: 85 C9 - test ecx,ecx
"ShantaeCurse.exe"+C398: 74 09 - je ShantaeCurse.exe+C3A3
"ShantaeCurse.exe"+C39A: FF 75 0C - push [ebp+0C]
"ShantaeCurse.exe"+C39D: 52 - push edx
"ShantaeCurse.exe"+C39E: E8 7D 33 0D 00 - call ShantaeCurse.exe+DF720
"ShantaeCurse.exe"+C3A3: 5D - pop ebp
"ShantaeCurse.exe"+C3A4: C3 - ret
"ShantaeCurse.exe"+C3A5: CC - int 3
"ShantaeCurse.exe"+C3A6: CC - int 3
"ShantaeCurse.exe"+C3A7: CC - int 3
}


{ AOB_Money
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+95DF6
"ShantaeCurse.exe"+95DE9: CC - int 3
"ShantaeCurse.exe"+95DEA: CC - int 3
"ShantaeCurse.exe"+95DEB: CC - int 3
"ShantaeCurse.exe"+95DEC: CC - int 3
"ShantaeCurse.exe"+95DED: CC - int 3
"ShantaeCurse.exe"+95DEE: CC - int 3
"ShantaeCurse.exe"+95DEF: CC - int 3
"ShantaeCurse.exe"+95DF0: 55 - push ebp
"ShantaeCurse.exe"+95DF1: 8B EC - mov ebp,esp
"ShantaeCurse.exe"+95DF3: 8B 45 08 - mov eax,[ebp+08]
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+95DF6: 01 81 8C 11 00 00 - add [ecx+0000118C],eax
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+95DFC: 81 B9 8C 11 00 00 E7 03 00 00 - cmp [ecx+0000118C],000003E7
"ShantaeCurse.exe"+95E06: 76 0A - jna ShantaeCurse.exe+95E12
"ShantaeCurse.exe"+95E08: C7 81 8C 11 00 00 E7 03 00 00 - mov [ecx+0000118C],000003E7
"ShantaeCurse.exe"+95E12: 5D - pop ebp
"ShantaeCurse.exe"+95E13: C2 04 00 - ret 0004
"ShantaeCurse.exe"+95E16: CC - int 3
"ShantaeCurse.exe"+95E17: CC - int 3
"ShantaeCurse.exe"+95E18: CC - int 3
"ShantaeCurse.exe"+95E19: CC - int 3
"ShantaeCurse.exe"+95E1A: CC - int 3
}


{ AOB_UseItem
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+DD942
"ShantaeCurse.exe"+DD919: 8B F9 - mov edi,ecx
"ShantaeCurse.exe"+DD91B: 0F B6 F3 - movzx esi,bl
"ShantaeCurse.exe"+DD91E: E8 8D 28 F3 FF - call ShantaeCurse.exe+101B0
"ShantaeCurse.exe"+DD923: 80 BC 30 08 11 00 00 00 - cmp byte ptr [eax+esi+00001108],00
"ShantaeCurse.exe"+DD92B: 74 2C - je ShantaeCurse.exe+DD959
"ShantaeCurse.exe"+DD92D: E8 7E 28 F3 FF - call ShantaeCurse.exe+101B0
"ShantaeCurse.exe"+DD932: 80 BC 30 14 11 00 00 01 - cmp byte ptr [eax+esi+00001114],01
"ShantaeCurse.exe"+DD93A: 76 13 - jna ShantaeCurse.exe+DD94F
"ShantaeCurse.exe"+DD93C: E8 6F 28 F3 FF - call ShantaeCurse.exe+101B0
"ShantaeCurse.exe"+DD941: 5F - pop edi
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+DD942: FE 8C 30 14 11 00 00 - dec [eax+esi+00001114]
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+DD949: 5E - pop esi
"ShantaeCurse.exe"+DD94A: 5B - pop ebx
"ShantaeCurse.exe"+DD94B: 5D - pop ebp
"ShantaeCurse.exe"+DD94C: C2 04 00 - ret 0004
"ShantaeCurse.exe"+DD94F: 6A 00 - push 00
"ShantaeCurse.exe"+DD951: 53 - push ebx
"ShantaeCurse.exe"+DD952: 8B CF - mov ecx,edi
"ShantaeCurse.exe"+DD954: E8 07 04 00 00 - call ShantaeCurse.exe+DDD60
"ShantaeCurse.exe"+DD959: 5F - pop edi
"ShantaeCurse.exe"+DD95A: 5E - pop esi
}


{ AOB_ShopCostCheck
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+9E5C8
"ShantaeCurse.exe"+9E591: 84 C0 - test al,al
"ShantaeCurse.exe"+9E593: 0F 84 BB 00 00 00 - je ShantaeCurse.exe+9E654
"ShantaeCurse.exe"+9E599: 80 BB 14 12 00 00 00 - cmp byte ptr [ebx+00001214],00
"ShantaeCurse.exe"+9E5A0: 0F 84 B7 00 00 00 - je ShantaeCurse.exe+9E65D
"ShantaeCurse.exe"+9E5A6: E8 05 1C F7 FF - call ShantaeCurse.exe+101B0
"ShantaeCurse.exe"+9E5AB: 8B 8B 10 12 00 00 - mov ecx,[ebx+00001210]
"ShantaeCurse.exe"+9E5B1: 83 EC 0C - sub esp,0C
"ShantaeCurse.exe"+9E5B4: 03 8B 0C 12 00 00 - add ecx,[ebx+0000120C]
"ShantaeCurse.exe"+9E5BA: 8B 80 8C 11 00 00 - mov eax,[eax+0000118C]
"ShantaeCurse.exe"+9E5C0: C7 44 24 08 00 00 80 BF - mov [esp+08],BF800000
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+9E5C8: 3B 84 8B 98 11 00 00 - cmp eax,[ebx+ecx*4+00001198]
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+9E5CF: 8D 45 F8 - lea eax,[ebp-08]
"ShantaeCurse.exe"+9E5D2: C7 44 24 04 00 00 00 00 - mov [esp+04],00000000
"ShantaeCurse.exe"+9E5DA: C7 04 24 00 00 80 3F - mov [esp],3F800000
"ShantaeCurse.exe"+9E5E1: 6A 01 - push 01
"ShantaeCurse.exe"+9E5E3: 6A 0F - push 0F
"ShantaeCurse.exe"+9E5E5: 72 53 - jb ShantaeCurse.exe+9E63A
"ShantaeCurse.exe"+9E5E7: 68 E4 8C 61 00 - push ShantaeCurse.exe+228CE4
"ShantaeCurse.exe"+9E5EC: 50 - push eax
"ShantaeCurse.exe"+9E5ED: E8 AE 76 0D 00 - call ShantaeCurse.exe+175CA0
"ShantaeCurse.exe"+9E5F2: 8B 83 10 12 00 00 - mov eax,[ebx+00001210]
}

{ AOB_ShopCost
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+9F6B3
"ShantaeCurse.exe"+9F6A8: CC - int 3
"ShantaeCurse.exe"+9F6A9: CC - int 3
"ShantaeCurse.exe"+9F6AA: CC - int 3
"ShantaeCurse.exe"+9F6AB: CC - int 3
"ShantaeCurse.exe"+9F6AC: CC - int 3
"ShantaeCurse.exe"+9F6AD: CC - int 3
"ShantaeCurse.exe"+9F6AE: CC - int 3
"ShantaeCurse.exe"+9F6AF: CC - int 3
"ShantaeCurse.exe"+9F6B0: 55 - push ebp
"ShantaeCurse.exe"+9F6B1: 8B EC - mov ebp,esp
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+9F6B3: 8B 81 8C 11 00 00 - mov eax,[ecx+0000118C]
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+9F6B9: 8B 55 08 - mov edx,[ebp+08]
"ShantaeCurse.exe"+9F6BC: 3B D0 - cmp edx,eax
"ShantaeCurse.exe"+9F6BE: 77 08 - ja ShantaeCurse.exe+9F6C8
"ShantaeCurse.exe"+9F6C0: 2B C2 - sub eax,edx
"ShantaeCurse.exe"+9F6C2: 89 81 8C 11 00 00 - mov [ecx+0000118C],eax
"ShantaeCurse.exe"+9F6C8: 5D - pop ebp
"ShantaeCurse.exe"+9F6C9: C2 04 00 - ret 0004
"ShantaeCurse.exe"+9F6CC: CC - int 3
"ShantaeCurse.exe"+9F6CD: CC - int 3
"ShantaeCurse.exe"+9F6CE: CC - int 3
}


{ AOB_Invincible
// ORIGINAL CODE - INJECTION POINT: "ShantaeCurse.exe"+10F82B
"ShantaeCurse.exe"+10F814: 33 D2 - xor edx,edx
"ShantaeCurse.exe"+10F816: 8B C1 - mov eax,ecx
"ShantaeCurse.exe"+10F818: 3B 58 2C - cmp ebx,[eax+2C]
"ShantaeCurse.exe"+10F81B: 75 05 - jne ShantaeCurse.exe+10F822
"ShantaeCurse.exe"+10F81D: 83 38 00 - cmp dword ptr [eax],00
"ShantaeCurse.exe"+10F820: 7F 20 - jg ShantaeCurse.exe+10F842
"ShantaeCurse.exe"+10F822: 42 - inc edx
"ShantaeCurse.exe"+10F823: 83 C0 30 - add eax,30
"ShantaeCurse.exe"+10F826: 83 FA 10 - cmp edx,10
"ShantaeCurse.exe"+10F829: 72 ED - jb ShantaeCurse.exe+10F818
// ---------- INJECTING HERE ----------
"ShantaeCurse.exe"+10F82B: 66 83 BE 64 09 00 00 00 - cmp word ptr [esi+00000964],00
// ---------- DONE INJECTING ----------
"ShantaeCurse.exe"+10F833: 74 1A - je ShantaeCurse.exe+10F84F
"ShantaeCurse.exe"+10F835: 5E - pop esi
"ShantaeCurse.exe"+10F836: B8 02 00 00 00 - mov eax,00000002
"ShantaeCurse.exe"+10F83B: 5B - pop ebx
"ShantaeCurse.exe"+10F83C: 8B E5 - mov esp,ebp
"ShantaeCurse.exe"+10F83E: 5D - pop ebp
"ShantaeCurse.exe"+10F83F: C2 30 00 - ret 0030
"ShantaeCurse.exe"+10F842: 5E - pop esi
"ShantaeCurse.exe"+10F843: B8 03 00 00 00 - mov eax,00000003
"ShantaeCurse.exe"+10F848: 5B - pop ebx
}

The latter uses sound files that have been modified in the latest versions of Windows 10. These files have been renamed in the language in which Windows is installed.
For example in the French version, these files are named "ir_début" and "ir_fin".
Two solutions:
1. Edit the script to change the sounds used or delete them altogether.
2. Go to Windows/media and duplicate the corresponding sound files and rename the copies according to the names used in the script.