Zelda: Breath of the Wild (CEMU)

Upload your cheat tables here (No requests)
User avatar
QuarryTen
Fearless Donors
Fearless Donors
Posts: 27
Joined: Wed Sep 25, 2019 1:21 am
Reputation: 13

Re: Zelda: Breath of the Wild (CEMU)

Post by QuarryTen »

Not all of the cheats work, only some from the alt and the universal section of the table are working for me (CEMU 1.15.10) and I'm super appreciative for the effort, guys. But what really concerns me is that the max items and max arrows cheats use 100% of my CPU when I tick these cheats. Why is that and are there any alternatives to getting max items without the fear of blowing my CPU up?

How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1

Anno444
What is cheating?
What is cheating?
Posts: 3
Joined: Sun Sep 16, 2018 7:38 am
Reputation: 1

Re: Zelda: Breath of the Wild (CEMU)

Post by Anno444 »

My modified table for Cemu 1.17.1. Some of the stuff was moved under 'BaseMemory'.

Requires 'Float Big Endian' custom type:

Code: Select all

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(UsesFloat,1)


TypeName:
db 'Float Big Endian',0

ByteSize:
dd 4

UsesFloat:
db 1


ConvertRoutine:
[64-bit]
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]


ConvertBackRoutine:
[64-bit]
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
And 4 Byte Big Endian:

Code: Select all

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]
Some of these codes require specific action in game first. Like, to be able to activate 'Horse Infinite Whips', you need to speed up your horse once.
Cemu.7z
Password: 12345
(26.96 KiB) Downloaded 230 times

User avatar
vosszaa
Fearless Donors
Fearless Donors
Posts: 369
Joined: Sat Jun 17, 2017 1:46 pm
Reputation: 262

Re: Zelda: Breath of the Wild (CEMU)

Post by vosszaa »

Could anyone update the table for CEMU 1.17.3 please =3

User avatar
jelly time
Noobzor
Noobzor
Posts: 14
Joined: Wed Nov 29, 2017 11:08 pm
Reputation: 0

Re: Zelda: Breath of the Wild (CEMU)

Post by jelly time »

any plans to update for newer cemu versions?

User avatar
SunBeam
Administration
Administration
Posts: 3265
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 2474

Re: Zelda: Breath of the Wild (CEMU)

Post by SunBeam »

Anno444 wrote:
Tue Feb 18, 2020 4:04 pm
Some of these codes require specific action in game first.
The reason this is required is the same one as to why, in Unity Engine, you can't find a certain aob you'd scan for unless you'd perform some action. And that is because both Unity and CEMU compile code when it is needed (the "just-in time" - JIT - logic).

In other lines, I've managed to get the game running in a pack with CEMU 1.17.3, managed to find - based on my old notes - CEMU RVA Base, Code Base and the global pointer used to calculate leap distances towards structure layouts. I've updated the AOBs to support multiple CEMU versions, hoping they're stable and work across several updates (at least). Now.. from here to actually inlining my findings with the current scripts in Drivium's table.. it will take a bit of running around. But eventually you will get a stable means to pin-point addresses without hooks and make use of pointers for easy filtering. Just keep in mind the CEMU code and game code are separate. The only issue is what I said above, finding some means to force JIT-ing of what the scripts tamper :) So you wouldn't need to do something "at least once" (saw the video).

Metalred3
What is cheating?
What is cheating?
Posts: 4
Joined: Fri Apr 10, 2020 8:56 pm
Reputation: 0

Re: Zelda: Breath of the Wild (CEMU)

Post by Metalred3 »

Any updated table available?

peterlaurence
Noobzor
Noobzor
Posts: 14
Joined: Sat Sep 05, 2020 5:34 pm
Reputation: 2

Re: Zelda: Breath of the Wild (CEMU)

Post by peterlaurence »

How do you guys find values like for example weapon durability with newest Cemu version 1.21.1b? Non of the tables here works, except the infinite stamina.

peterlaurence
Noobzor
Noobzor
Posts: 14
Joined: Sat Sep 05, 2020 5:34 pm
Reputation: 2

Re: Zelda: Breath of the Wild (CEMU)

Post by peterlaurence »

Metalred3 wrote:
Mon Sep 21, 2020 10:33 pm
Any updated table available?
I see... Can you share your working scripts with the latest version of cemu?

sal1000
What is cheating?
What is cheating?
Posts: 1
Joined: Mon Nov 09, 2020 4:23 pm
Reputation: 0

Re: Zelda: Breath of the Wild (CEMU)

Post by sal1000 »

Is there gonna be an update for latest version of cemu?

XeroZen
Cheater
Cheater
Posts: 27
Joined: Fri Mar 27, 2020 8:28 am
Reputation: 0

Re: Zelda: Breath of the Wild (CEMU)

Post by XeroZen »

Anno444 wrote:
Tue Feb 18, 2020 4:04 pm
My modified table for Cemu 1.17.1. Some of the stuff was moved under 'BaseMemory'.

Requires 'Float Big Endian' custom type:

Code: Select all

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(UsesFloat,1)


TypeName:
db 'Float Big Endian',0

ByteSize:
dd 4

UsesFloat:
db 1


ConvertRoutine:
[64-bit]
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]


ConvertBackRoutine:
[64-bit]
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
And 4 Byte Big Endian:

Code: Select all

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]
Some of these codes require specific action in game first. Like, to be able to activate 'Horse Infinite Whips', you need to speed up your horse once.
Cemu.7z
Can you please update it for the latest version of cemu, or if there is any other way hope you can share it with us. Thanks a lot for ur effort.

Post Reply

Who is online

Users browsing this forum: Baidu [Spider], elcx, Google Adsense [Bot], sausje, teaysek11