Shantae: Risky's Revenge Directors Cut +2
Posted: Thu Jun 01, 2017 9:03 pm
made a table for Shantae - Risky's Revenge Directors Cut per a 40 yrs old friend's request, for this game is apparently one of his favorite when it's out on DS...
///
Scripts:
Undead
- HP still drops but won't be killed.
One Hit Kill
- kill enemies with one hit.
- didn't, and wouldn't, test on boss.
Inf. MP
- MP still drops but you can always cast spells.
///
Pointers:
HP, MP, Gem, and Magic Jam
- Gem and Magic Jam need Custom Type for proper display and edit. check the end of the post for the custom type (Auto Assembler).
- if you wish, you can use Binary with length 10 as data type for Gem, and Binary with length 5 for Magic Jam.
Heart Holder
- in binary; if you have 1, it shows 1, if you have 2, it shows 11, if you have 3, it shows 111, but changing it seems have no effect at all.
- as I've just examined how the game reads the byte, if we are to examined how the game writes the byte when you get a new Heart Holder too, we may have a better picture. but I'm out...
///
Notes:
- game exe version says 1.0.1.5
- scripts made with AOB scans, should work on your game.
- hot-keys are set:
F12 - Enable
F11 - Undead, Inf. MP
F10 - One Hit Kill
Shift F10 - disable One Hit Kill
- 2 of the pointers need custom type for proper display and edit:
///===================================================================///
- for the Gem's custom type, use the aa script below to create a new custom type (Auto Assembler)
Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
TypeName:
db 'Gem (ShantaeRR)',0
ByteSize:
dd 2
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
movzx eax,word ptr [eax] //place the bytes into eax so it's handled as a normal 4 byte value
and ax,3ff
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
push esi
movzx esi,ax
movzx eax,word ptr [ebx]
xor ax,si
and ax,3ff
xor [ebx],ax
pop esi
//mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
///===================================================================///
- for the Magic Jam's custom type, use the aa script below to create a new custom type (Auto Assembler)
Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
TypeName:
db 'Jam (ShantaeRR)',0
ByteSize:
dd 1
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
movzx eax,byte ptr [eax] //place the bytes into eax so it's handled as a normal 4 byte value
and al,1f
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
push ecx
movzx ecx,al
movzx eax,byte ptr [ebx]
xor al,cl
and al,1f
xor [ebx],al
pop ecx
//mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
Made by Cielos
///
Scripts:
Undead
- HP still drops but won't be killed.
One Hit Kill
- kill enemies with one hit.
- didn't, and wouldn't, test on boss.
Inf. MP
- MP still drops but you can always cast spells.
///
Pointers:
HP, MP, Gem, and Magic Jam
- Gem and Magic Jam need Custom Type for proper display and edit. check the end of the post for the custom type (Auto Assembler).
- if you wish, you can use Binary with length 10 as data type for Gem, and Binary with length 5 for Magic Jam.
Heart Holder
- in binary; if you have 1, it shows 1, if you have 2, it shows 11, if you have 3, it shows 111, but changing it seems have no effect at all.
- as I've just examined how the game reads the byte, if we are to examined how the game writes the byte when you get a new Heart Holder too, we may have a better picture. but I'm out...
///
Notes:
- game exe version says 1.0.1.5
- scripts made with AOB scans, should work on your game.
- hot-keys are set:
F12 - Enable
F11 - Undead, Inf. MP
F10 - One Hit Kill
Shift F10 - disable One Hit Kill
- 2 of the pointers need custom type for proper display and edit:
///===================================================================///
- for the Gem's custom type, use the aa script below to create a new custom type (Auto Assembler)
Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
TypeName:
db 'Gem (ShantaeRR)',0
ByteSize:
dd 2
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
movzx eax,word ptr [eax] //place the bytes into eax so it's handled as a normal 4 byte value
and ax,3ff
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
push esi
movzx esi,ax
movzx eax,word ptr [ebx]
xor ax,si
and ax,3ff
xor [ebx],ax
pop esi
//mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
///===================================================================///
- for the Magic Jam's custom type, use the aa script below to create a new custom type (Auto Assembler)
Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
TypeName:
db 'Jam (ShantaeRR)',0
ByteSize:
dd 1
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
movzx eax,byte ptr [eax] //place the bytes into eax so it's handled as a normal 4 byte value
and al,1f
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
push ecx
movzx ecx,al
movzx eax,byte ptr [ebx]
xor al,cl
and al,1f
xor [ebx],al
pop ecx
//mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
Made by Cielos