Re: Immortals Fenyx Rising [Engine:AnvilNEXT]
Posted: Tue Dec 22, 2020 4:22 am
Meanwhile, I've managed to finish everything Nice game.
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
I did the same as you told me, but I couldn't find the hash code of the new skin.NumberXer0 wrote: ↑Mon Dec 21, 2020 12:47 amI can't test, as I've put a literal 10 minutes into this game. (No time, yay) But I did pop open the script. If I understand what he meant, just go to the "Read Filtered Hash On Inventory Open" script under Debug. Search for the line "ReadQuantity = gameModule + 0x1F33BB0" and replace it with "ReadQuantity = gameModule + 0x1F40C20".
Give that a shot and see if you can find the hashes now.
yes. I know that.
Code: Select all
ImmortalsFenyxRising.exe+294647C - 48 8B 8F D0020000 - mov rcx,[rdi+000002D0]
ImmortalsFenyxRising.exe+2946483 - 48 85 C9 - test rcx,rcx
Code: Select all
000001B7E1DF984E Plate of Stars
000001B7E1DFB026 Crown of Stars
000001D2D4B040F2 Wings of Stars
000001BF87F05CC6 Gemini
000001D438EAA6A7 Phosphor of Starry Skies
Based on the method above, here they are:
Code: Select all
000001D7E8BFEB86 Armor of Finneos
000001D7E8BFEB98 Helm of Finneos
000001D7E8BFFB89 Time of Adventure Wings
000001D7E8BFEBAA Lady
000001D7E8BFFB9B Phosphor the Companion
Code: Select all
000001B7E1DF9845 Armor of the Corruptor
000001B7E1DF98BA Helm of the Corruptor
000001D31CC32224 Wings of the Corruptor
000001BF87F05CE6 Mania
000001D31CCED7EC Phosphor the Marauder of Typhon
Code: Select all
000001B7E1DFB01D Garb of the Underworld
000001B7E1DF98C3 Helm of the Underworld
000001D168F47F2E Wings of the Underworld
000001BF87F05CCE Abyss
000001D2574EC022 Phosphor the Messenger of Grief
Code: Select all
000001B7E1DF9857 Armor of the Waves
000001B7E1DF98CC Helm of the Waves
000001D37DF1C22B Wings of the Waves
000001BF87F05CD6 Skyphios
000001D438E746A3 Phosphor of Atlantis
Code: Select all
000001B7E1DF9860 Radiant Vestments
000001B7E1DF98D5 Radiant Helm
000001D31CC1C360 Radiant Wings
000001BF87F05CDE Prophecy
000001D3D7D08670 The Archer's Bird
Code: Select all
000001B7E1DF984E Plate of Stars
000001B7E1DFB026 Crown of Stars
000001D2D4B040F2 Wings of Stars
000001BF87F05CC6 Gemini
000001D438EAA6A7 Phosphor of Starry Skies
Code: Select all
000001CD7AA88E52 Garb of the Alchemist
000001CD7AA88E3F Shroud of the Alchemist
000001D31CC38D11 Wings of the Alchemist
000001D1E63F0AD0 Hex
000001D3D7D6A0AA Phoshpor the Potion Master's Assitant
Code: Select all
{$lua}
if syntaxcheck then return end
function stopExec( s )
error( print( string.format( "\r\n>> %s <<", s ) ) )
end
function aobScanEx( aob )
-- thanks panraven for this function!
-- https://forum.cheatengine.org/viewtopic.php?t=577536
-- simplified for my needs
local p, a, n, s, e = nil or '*X*W', nil or fsmNotAligned, nil or '0', getAddress( process ) or 0x0, ( getAddress( process ) + getModuleSize( process ) ) or 0xffffffffffffffff
local ms = pb and createMemScan( pb ) or createMemScan()
local fl = createFoundList( ms )
ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
ms.waitTillDone()
fl.initialize()
local result = nil
if fl ~= nil and fl.getCount() > 0 then
result = createStringlist()
for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
end
fl.destroy()
ms.destroy()
return result
end
function debugger_onBreakpoint()
local Hash = RCX
print( string.format( "%016X", Hash ) )
debug_continueFromBreakpoint( co_run )
return 1
end
[ENABLE]
debugProcess()
local sym_HashOnPreview = getAddressSafe( "HashOnPreview" )
if sym_HashOnPreview == nil then
local aob_HashOnPreview = "488B8F????????4885C974??E8????????488B4C24??4885C9"
sl = aobScanEx( aob_HashOnPreview )
if not sl or sl.Count < 1 then stopExec( "'aob_HashOnPreview' not found." ) end
t = tonumber( sl[0], 16 ) + 0x7
unregisterSymbol( "HashOnPreview" )
registerSymbol( "HashOnPreview", t, true )
end
HashOnPreview = getAddressSafe( "HashOnPreview" )
if HashOnPreview ~= nil then
debug_setBreakpoint( HashOnPreview )
end
[DISABLE]
debugger_onBreakpoint = nil
if HashOnPreview ~= nil then
debug_removeBreakpoint( HashOnPreview )
end
--[[
ImmortalsFenyxRising.exe+294647C - 48 8B 8F D0020000 - mov rcx,[rdi+000002D0]
ImmortalsFenyxRising.exe+2946483 - 48 85 C9 - test rcx,rcx
ImmortalsFenyxRising.exe+2946486 - 74 5C - je ImmortalsFenyxRising.exe+29464E4
ImmortalsFenyxRising.exe+2946488 - E8 3372DAFD - call ImmortalsFenyxRising.exe+6ED6C0
ImmortalsFenyxRising.exe+294648D - 48 8B 4C 24 70 - mov rcx,[rsp+70]
ImmortalsFenyxRising.exe+2946492 - 48 85 C9 - test rcx,rcx
ImmortalsFenyxRising.exe+2946495 - 74 14 - je ImmortalsFenyxRising.exe+29464AB
ImmortalsFenyxRising.exe+2946497 - 48 8B D3 - mov rdx,rbx
ImmortalsFenyxRising.exe+294649A - 66 0F1F 44 00 00 - nop word ptr [rax+rax+00]
ImmortalsFenyxRising.exe+29464A0 - 48 FF C2 - inc rdx
ImmortalsFenyxRising.exe+29464A3 - 80 3C 11 00 - cmp byte ptr [rcx+rdx],00 { 0 }
ImmortalsFenyxRising.exe+29464A7 - 75 F7 - jne ImmortalsFenyxRising.exe+29464A0
ImmortalsFenyxRising.exe+29464A9 - EB 02 - jmp ImmortalsFenyxRising.exe+29464AD
ImmortalsFenyxRising.exe+29464AB - 33 D2 - xor edx,edx
ImmortalsFenyxRising.exe+29464AD - 44 8B CA - mov r9d,edx
ImmortalsFenyxRising.exe+29464B0 - 48 85 C0 - test rax,rax
ImmortalsFenyxRising.exe+29464B3 - 74 1B - je ImmortalsFenyxRising.exe+29464D0
ImmortalsFenyxRising.exe+29464B5 - 48 FF C3 - inc rbx
ImmortalsFenyxRising.exe+29464B8 - 80 3C 18 00 - cmp byte ptr [rax+rbx],00 { 0 }
]]
Code: Select all
000001BB7320A10C Spite's Hunger
000001BB7320A074 Malice's Strength
000001BB7320A0E4 Cruelty's Reach
Code: Select all
000001BB7320A120 The Rainbow's Edge
000001BB7320A088 The Rainbow's Arc
000001BB7320A0F8 The Rainbow's Curve
Code: Select all
000001D4241AA612 Antithesis of Panacea
000001D4241AA5FE Circe's Wrath
000001D4241AA608 Protector of the Herbalist
Code: Select all
000001C4FC36A584 Starlight
000001C4FC36A3CA Falling Star
000001C4FC36A3E1 Horizon
Code: Select all
000001BB7320A116 Dawn's Edge
000001BB7320A07E Dawn's Wings
000001BB7320A0EE Dawn's Harp
Code: Select all
000001C69A02CF19 Thorn
000001C69A02CEED Tanglecleave
000001C69A02CF03 Breeze
Code: Select all
000001CD7AA88E52: Garb of the Alchemist
000001CD7AA88E3F: Shroud of the Alchemist
000001D31CC38D11: Wings of the Alchemist
000001D1E63F0AD0: Hex (Mount)
000001D3D7D6A0AA: Phosphor the Potion Master's Assistant
000001D4241AA612: Antithesis of Panacea (sword)
000001D4241AA5FE: Circe's Wrath (axe)
000001D4241AA608: Protector of the Herbalist (bow)
You can always do what I did in the beginning: search for a known hash, then debug all found addresses till you find one that pops instructions in the debug window. I wouldn't rely on the same spot used with the Store, as I doubt it's used with normal items. Especially since there's no Preview.Le_Vagabond wrote: ↑Wed Dec 23, 2020 9:36 amI'm gonna try to see if it applies to the ingame inventory too, that way we'd have a method to get hashes for items already obtained
Code: Select all
ImmortalsFenyxRising.exe+292C2E4 - 4C 8B 41 10 - mov r8,[rcx+10]
Code: Select all
ImmortalsFenyxRising.exe+292C2E4 - 4C 8B 41 10 - mov r8,[rcx+10]
Code: Select all
ImmortalsFenyxRising.exe+292C2E4 - 4C 8B 41 10 - mov r8,[rcx+10]
ImmortalsFenyxRising.exe+292C2E8 - 48 8B 4D B8 - mov rcx,[rbp-48]
ImmortalsFenyxRising.exe+292C2EC - 48 03 D1 - add rdx,rcx
ImmortalsFenyxRising.exe+292C2EF - 48 3B CA - cmp rcx,rdx
ImmortalsFenyxRising.exe+292C2F2 - 74 14 - je ImmortalsFenyxRising.exe+292C308
ImmortalsFenyxRising.exe+292C2F4 - 4C 39 01 - cmp [rcx],r8
ImmortalsFenyxRising.exe+292C2F7 - 0F84 2E010000 - je ImmortalsFenyxRising.exe+292C42B
ImmortalsFenyxRising.exe+292C2FD - 48 83 C1 08 - add rcx,08 { 8 }
ImmortalsFenyxRising.exe+292C301 - FF C0 - inc eax
ImmortalsFenyxRising.exe+292C303 - 48 3B CA - cmp rcx,rdx
ImmortalsFenyxRising.exe+292C306 - 75 EC - jne ImmortalsFenyxRising.exe+292C2F4
ImmortalsFenyxRising.exe+292C308 - 33 D2 - xor edx,edx
ImmortalsFenyxRising.exe+292C30A - 4C 89 74 24 28 - mov [rsp+28],r14
ImmortalsFenyxRising.exe+292C30F - 48 B8 98EBBFE8D7010000 - mov rax,000001D7E8BFEB98 { -390075496 }
ImmortalsFenyxRising.exe+292C319 - C7 45 88 00000B00 - mov [rbp-78],000B0000 { 720896 }
ImmortalsFenyxRising.exe+292C320 - 48 89 44 24 30 - mov [rsp+30],rax
ImmortalsFenyxRising.exe+292C325 - 48 8D 4D 80 - lea rcx,[rbp-80]
ImmortalsFenyxRising.exe+292C329 - 48 B8 AAEBBFE8D7010000 - mov rax,000001D7E8BFEBAA { -390075478 }
ImmortalsFenyxRising.exe+292C333 - C7 44 24 20 08000000 - mov [rsp+20],00000008 { 8 }
ImmortalsFenyxRising.exe+292C33B - 48 89 44 24 38 - mov [rsp+38],rax
ImmortalsFenyxRising.exe+292C340 - 44 8D 4A 08 - lea r9d,[rdx+08]
ImmortalsFenyxRising.exe+292C344 - 48 B8 9BFBBFE8D7010000 - mov rax,000001D7E8BFFB9B { -390071397 }
ImmortalsFenyxRising.exe+292C34E - 44 8D 42 05 - lea r8d,[rdx+05]
ImmortalsFenyxRising.exe+292C352 - 48 89 44 24 40 - mov [rsp+40],rax
ImmortalsFenyxRising.exe+292C357 - 48 B8 86EBBFE8D7010000 - mov rax,000001D7E8BFEB86 { -390075514 }
ImmortalsFenyxRising.exe+292C361 - 48 89 44 24 48 - mov [rsp+48],rax
ImmortalsFenyxRising.exe+292C366 - 48 B8 89FBBFE8D7010000 - mov rax,000001D7E8BFFB89 { -390071415 }
Code: Select all
{$lua}
if syntaxcheck then return end
function stopExec( s )
error( print( string.format( "\r\n>> %s <<", s ) ) )
end
function aobScanEx( aob )
-- thanks panraven for this function!
-- https://forum.cheatengine.org/viewtopic.php?t=577536
-- simplified for my needs
local p, a, n, s, e = nil or '*X*W', nil or fsmNotAligned, nil or '0', getAddress( process ) or 0x0, ( getAddress( process ) + getModuleSize( process ) ) or 0xffffffffffffffff
local ms = pb and createMemScan( pb ) or createMemScan()
local fl = createFoundList( ms )
ms.firstScan( soExactValue, vtByteArray, nil, aob, nil, s, e, p, a, n, true, false, false, false )
ms.waitTillDone()
fl.initialize()
local result = nil
if fl ~= nil and fl.getCount() > 0 then
result = createStringlist()
for i = 1, fl.getCount() do result.add( fl.getAddress( i - 1 ) ) end
end
fl.destroy()
ms.destroy()
return result
end
function debugger_onBreakpoint()
local Hash = R8
print( string.format( "%016X", Hash ) )
debug_continueFromBreakpoint( co_run )
return 1
end
[ENABLE]
debugProcess()
local sym_HashOnItemAccess = getAddressSafe( "HashOnItemAccess" )
if sym_HashOnItemAccess == nil then
local aob_HashOnItemAccess = "4C8B41??488B4D??4803D1483BCA74??4C39010F"
sl = aobScanEx( aob_HashOnItemAccess )
if not sl or sl.Count < 1 then stopExec( "'aob_HashOnItemAccess' not found." ) end
t = tonumber( sl[0], 16 ) + 0x4
unregisterSymbol( "HashOnItemAccess" )
registerSymbol( "HashOnItemAccess", t, true )
end
HashOnItemAccess = getAddressSafe( "HashOnItemAccess" )
if HashOnItemAccess ~= nil then
debug_setBreakpoint( HashOnItemAccess )
end
[DISABLE]
debugger_onBreakpoint = nil
if HashOnItemAccess ~= nil then
debug_removeBreakpoint( HashOnItemAccess )
end
--[[
ImmortalsFenyxRising.exe+292C2E4 - 4C 8B 41 10 - mov r8,[rcx+10]
ImmortalsFenyxRising.exe+292C2E8 - 48 8B 4D B8 - mov rcx,[rbp-48]
ImmortalsFenyxRising.exe+292C2EC - 48 03 D1 - add rdx,rcx
ImmortalsFenyxRising.exe+292C2EF - 48 3B CA - cmp rcx,rdx
ImmortalsFenyxRising.exe+292C2F2 - 74 14 - je ImmortalsFenyxRising.exe+292C308
ImmortalsFenyxRising.exe+292C2F4 - 4C 39 01 - cmp [rcx],r8
ImmortalsFenyxRising.exe+292C2F7 - 0F84 2E010000 - je ImmortalsFenyxRising.exe+292C42B
ImmortalsFenyxRising.exe+292C2FD - 48 83 C1 08 - add rcx,08 { 8 }
ImmortalsFenyxRising.exe+292C301 - FF C0 - inc eax
ImmortalsFenyxRising.exe+292C303 - 48 3B CA - cmp rcx,rdx
ImmortalsFenyxRising.exe+292C306 - 75 EC - jne ImmortalsFenyxRising.exe+292C2F4
ImmortalsFenyxRising.exe+292C308 - 33 D2 - xor edx,edx
ImmortalsFenyxRising.exe+292C30A - 4C 89 74 24 28 - mov [rsp+28],r14
ImmortalsFenyxRising.exe+292C30F - 48 B8 98EBBFE8D7010000 - mov rax,000001D7E8BFEB98 { -390075496 }
ImmortalsFenyxRising.exe+292C319 - C7 45 88 00000B00 - mov [rbp-78],000B0000 { 720896 }
ImmortalsFenyxRising.exe+292C320 - 48 89 44 24 30 - mov [rsp+30],rax
ImmortalsFenyxRising.exe+292C325 - 48 8D 4D 80 - lea rcx,[rbp-80]
ImmortalsFenyxRising.exe+292C329 - 48 B8 AAEBBFE8D7010000 - mov rax,000001D7E8BFEBAA { -390075478 }
ImmortalsFenyxRising.exe+292C333 - C7 44 24 20 08000000 - mov [rsp+20],00000008 { 8 }
ImmortalsFenyxRising.exe+292C33B - 48 89 44 24 38 - mov [rsp+38],rax
ImmortalsFenyxRising.exe+292C340 - 44 8D 4A 08 - lea r9d,[rdx+08]
ImmortalsFenyxRising.exe+292C344 - 48 B8 9BFBBFE8D7010000 - mov rax,000001D7E8BFFB9B { -390071397 }
ImmortalsFenyxRising.exe+292C34E - 44 8D 42 05 - lea r8d,[rdx+05]
ImmortalsFenyxRising.exe+292C352 - 48 89 44 24 40 - mov [rsp+40],rax
ImmortalsFenyxRising.exe+292C357 - 48 B8 86EBBFE8D7010000 - mov rax,000001D7E8BFEB86 { -390075514 }
ImmortalsFenyxRising.exe+292C361 - 48 89 44 24 48 - mov [rsp+48],rax
ImmortalsFenyxRising.exe+292C366 - 48 B8 89FBBFE8D7010000 - mov rax,000001D7E8BFFB89 { -390071415 }
ImmortalsFenyxRising.exe+292C370 - 48 89 44 24 50 - mov [rsp+50],rax
ImmortalsFenyxRising.exe+292C375 - 48 8D 45 90 - lea rax,[rbp-70]
ImmortalsFenyxRising.exe+292C379 - 48 89 45 80 - mov [rbp-80],rax
]]
Code: Select all
000001C8742B577A: Chimera armor set 2 - Snake's Sting Breastplate
000001C53FC26E4A: Ares armor set 2 - Hide of War
000001C95B95FC06: Ares armor set 3 - Ruthless Hide of War
000001BB732F69DF: Ares armor set 4 - Broken Battle Armor
Code: Select all
000001C4FC36A584 Starlight
Code: Select all
000001BB7320A0D1 Crystal Shadow
Code: Select all
000001D10B517467 Challenger Sword
000001D10B51747D Piecemaker Sword
000001D10B517485 Focuser Sword
Code: Select all
000001C0E9F608A1 Gleam of Helios
000001C9C1E2ED7F Envy
000001C0E9F74916 Premonition
Code: Select all
000001C0E9F6BBD1 Triumph
000001C0E9F7492D Departed Shade
000001C0E9F74944 Inferno
Code: Select all
000001B7E1D9137E Sword of Achiles
000001B7E1DC7A1A Reforged Sword of Achilles
000001B7E1DC7A1B Tempered Sword of Achilles
Code: Select all
000001C9C1E2EF23 Cyclone
000001C9C1E2EF2C Kindle
000001C9C1E2EF35 Downpour
Code: Select all
000001D10B51748D Sprintrunner Sword
000001D10B517495 Stringplayer Sword
000001D10B51749D Master of Myth Sword
Code: Select all
000001C9C1E2EF3E Heartbreaker
000001C9C1E2EF47 Instinct
000001C9C1E2EFD9 Vigor
Code: Select all
000001B7E1DC7A1C Fabled Victor's Sword
000001B7E1DF12EB Legendary Victor's Sword
000001C0E9F2E552 Mythic Victor's Sword