Not all of the cheats work, only some from the alt and the universal section of the table are working for me (CEMU 1.15.10) and I'm super appreciative for the effort, guys. But what really concerns me is that the max items and max arrows cheats use 100% of my CPU when I tick these cheats. Why is that and are there any alternatives to getting max items without the fear of blowing my CPU up?
How to use this cheat table?
Install Cheat Engine
Double-click the .CT file in order to open it.
Click the PC icon in Cheat Engine in order to select the game process.
Keep the list.
Activate the trainer options by checking boxes or setting values from 0 to 1
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(UsesFloat,1)
TypeName:
db 'Float Big Endian',0
ByteSize:
dd 4
UsesFloat:
db 1
ConvertRoutine:
[64-bit]
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]
[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
ConvertBackRoutine:
[64-bit]
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
bswap eax
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db '4 Byte Big Endian',0
ByteSize:
dd 4
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
//convert the value to big endian
bswap eax
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
Some of these codes require specific action in game first. Like, to be able to activate 'Horse Infinite Whips', you need to speed up your horse once.
Some of these codes require specific action in game first.
The reason this is required is the same one as to why, in Unity Engine, you can't find a certain aob you'd scan for unless you'd perform some action. And that is because both Unity and CEMU compile code when it is needed (the "just-in time" - JIT - logic).
In other lines, I've managed to get the game running in a pack with CEMU 1.17.3, managed to find - based on my old notes - CEMU RVA Base, Code Base and the global pointer used to calculate leap distances towards structure layouts. I've updated the AOBs to support multiple CEMU versions, hoping they're stable and work across several updates (at least). Now.. from here to actually inlining my findings with the current scripts in Drivium's table.. it will take a bit of running around. But eventually you will get a stable means to pin-point addresses without hooks and make use of pointers for easy filtering. Just keep in mind the CEMU code and game code are separate. The only issue is what I said above, finding some means to force JIT-ing of what the scripts tamper So you wouldn't need to do something "at least once" (saw the video).
How do you guys find values like for example weapon durability with newest Cemu version 1.21.1b? Non of the tables here works, except the infinite stamina.
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(UsesFloat,1)
TypeName:
db 'Float Big Endian',0
ByteSize:
dd 4
UsesFloat:
db 1
ConvertRoutine:
[64-bit]
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]
[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
ConvertBackRoutine:
[64-bit]
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
bswap eax
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db '4 Byte Big Endian',0
ByteSize:
dd 4
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
//convert the value to big endian
bswap eax
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
Some of these codes require specific action in game first. Like, to be able to activate 'Horse Infinite Whips', you need to speed up your horse once.
Cemu.7z
Can you please update it for the latest version of cemu, or if there is any other way hope you can share it with us. Thanks a lot for ur effort.
Can a similar Graphics Pack cheat file be made for infinite mid-air jump?
What I mean is in: \Cemu\cemu_1.22.4\cemu_1.22.4\graphicPacks\downloadedGraphicPacks\BreathOfTheWild\Cheats
Each Cheat has a folder, and an .asm file, the contents of the .asm file are like the Hearts code I posted above.
Can a folder and corresponding .asm file be made to have infinite mid-air jumps?
[Speed x4]
580F0000 02d1ea00
580F1000 00000198
580F1000 00002d18
780F0000 0000011c
640f0000 00000000 40800000 smd please, convert it to table or smth that will work with latest cemu) This codes works on my Switch SX OC. but not with cemu (