Re: Tales of Vesperia Definitive Edition (Steam)
Posted: Mon Jan 21, 2019 12:50 pm
thanks
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Exeter wrote: ↑Mon Jan 21, 2019 9:06 amWow very nice. Can I ask how you managed to get infinite Holy Bottle effect to work? When I tried it last time I ended up doing it via using a Holy Bottle, and scanning for changed values until only 1 or 2 were left every time a Holy Bottle was in effect and when it went away again.. but when I tried to change one of the addresses to '1' (after it turned to 0 from the Holy Bottle wearing off), it always crashed the game. Curious on how you managed to get that to work.zachillios wrote: ↑Mon Jan 21, 2019 6:06 amSo thanks to Ciphray for providing the holy bottle address, I think I've got a working infinite holy bottle script going. Let me know if it works.
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>4818</ID> <Description>"Infinite Holy Bottle Duration"</Description> <LastState Activated="1"/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>{ Game : TOV_DE.exe Version: Date : 2019-01-21 Author : Zach This script does blah blah blah } define(address,"TOV_DE.exe"+6B3C70) define(bytes,80 3D 65 EB 46 01 00) [ENABLE] assert(address,bytes) alloc(newmem,$1000,"TOV_DE.exe"+6B3C70) label(code) label(return) newmem: code: cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],#1 jmp return address: jmp newmem nop nop return: [DISABLE] address: db bytes // cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],00 dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "TOV_DE.exe"+6B3C70 "TOV_DE.exe"+6B3C39: 72 0B - jb TOV_DE.exe+6B3C46 "TOV_DE.exe"+6B3C3B: F3 0F 11 35 9D EB 46 01 - movss [TOV_DE.exe+1B227E0],xmm6 "TOV_DE.exe"+6B3C43: 0F 28 CE - movaps xmm1,xmm6 "TOV_DE.exe"+6B3C46: F3 0F 10 05 86 EB 46 01 - movss xmm0,[TOV_DE.exe+1B227D4] "TOV_DE.exe"+6B3C4E: F3 0F 58 05 02 0D 31 00 - addss xmm0,[TOV_DE.exe+9C4958] "TOV_DE.exe"+6B3C56: 0F 2F 05 7B EB 46 01 - comiss xmm0,[TOV_DE.exe+1B227D8] "TOV_DE.exe"+6B3C5D: F3 0F 11 05 6F EB 46 01 - movss [TOV_DE.exe+1B227D4],xmm0 "TOV_DE.exe"+6B3C65: 72 09 - jb TOV_DE.exe+6B3C70 "TOV_DE.exe"+6B3C67: C6 05 6E EB 46 01 00 - mov byte ptr [TOV_DE.exe+1B227DC],00 "TOV_DE.exe"+6B3C6E: EB 09 - jmp TOV_DE.exe+6B3C79 // ---------- INJECTING HERE ---------- "TOV_DE.exe"+6B3C70: 80 3D 65 EB 46 01 00 - cmp byte ptr [TOV_DE.exe+1B227DC],00 // ---------- DONE INJECTING ---------- "TOV_DE.exe"+6B3C77: 75 40 - jne TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C79: 0F 2F CE - comiss xmm1,xmm6 "TOV_DE.exe"+6B3C7C: 77 3B - ja TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C7E: 33 D2 - xor edx,edx "TOV_DE.exe"+6B3C80: 48 8D 0D 69 EB 46 01 - lea rcx,[TOV_DE.exe+1B227F0] "TOV_DE.exe"+6B3C87: E8 74 80 F4 FF - call TOV_DE.exe+5FBD00 "TOV_DE.exe"+6B3C8C: 48 8D 8C 24 50 01 00 00 - lea rcx,[rsp+00000150] "TOV_DE.exe"+6B3C94: E8 F7 CA F3 FF - call TOV_DE.exe+5F0790 "TOV_DE.exe"+6B3C99: 0F 28 B4 24 30 01 00 00 - movaps xmm6,[rsp+00000130] "TOV_DE.exe"+6B3CA1: 48 8B 8C 24 20 01 00 00 - mov rcx,[rsp+00000120] } </AssemblerScript> </CheatEntry> </CheatEntries> </CheatTable>
I did a "find out what accesses this address" and found that there was an instruction constantly checking the address on the world map, and it was writing 1 every time a bottle effect was active. So essentially it would write 1 (meaning yes) to the address Ciphray provided so long as the effective was active, and then would write a 0 (no) to it once the bottle was done. The script essentially forces the game to always confirm a bottle is active.Exeter wrote: ↑Mon Jan 21, 2019 9:06 amWow very nice. Can I ask how you managed to get infinite Holy Bottle effect to work? When I tried it last time I ended up doing it via using a Holy Bottle, and scanning for changed values until only 1 or 2 were left every time a Holy Bottle was in effect and when it went away again.. but when I tried to change one of the addresses to '1' (after it turned to 0 from the Holy Bottle wearing off), it always crashed the game. Curious on how you managed to get that to work.zachillios wrote: ↑Mon Jan 21, 2019 6:06 amSo thanks to Ciphray for providing the holy bottle address, I think I've got a working infinite holy bottle script going. Let me know if it works.
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>4818</ID> <Description>"Infinite Holy Bottle Duration"</Description> <LastState Activated="1"/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>{ Game : TOV_DE.exe Version: Date : 2019-01-21 Author : Zach This script does blah blah blah } define(address,"TOV_DE.exe"+6B3C70) define(bytes,80 3D 65 EB 46 01 00) [ENABLE] assert(address,bytes) alloc(newmem,$1000,"TOV_DE.exe"+6B3C70) label(code) label(return) newmem: code: cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],#1 jmp return address: jmp newmem nop nop return: [DISABLE] address: db bytes // cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],00 dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "TOV_DE.exe"+6B3C70 "TOV_DE.exe"+6B3C39: 72 0B - jb TOV_DE.exe+6B3C46 "TOV_DE.exe"+6B3C3B: F3 0F 11 35 9D EB 46 01 - movss [TOV_DE.exe+1B227E0],xmm6 "TOV_DE.exe"+6B3C43: 0F 28 CE - movaps xmm1,xmm6 "TOV_DE.exe"+6B3C46: F3 0F 10 05 86 EB 46 01 - movss xmm0,[TOV_DE.exe+1B227D4] "TOV_DE.exe"+6B3C4E: F3 0F 58 05 02 0D 31 00 - addss xmm0,[TOV_DE.exe+9C4958] "TOV_DE.exe"+6B3C56: 0F 2F 05 7B EB 46 01 - comiss xmm0,[TOV_DE.exe+1B227D8] "TOV_DE.exe"+6B3C5D: F3 0F 11 05 6F EB 46 01 - movss [TOV_DE.exe+1B227D4],xmm0 "TOV_DE.exe"+6B3C65: 72 09 - jb TOV_DE.exe+6B3C70 "TOV_DE.exe"+6B3C67: C6 05 6E EB 46 01 00 - mov byte ptr [TOV_DE.exe+1B227DC],00 "TOV_DE.exe"+6B3C6E: EB 09 - jmp TOV_DE.exe+6B3C79 // ---------- INJECTING HERE ---------- "TOV_DE.exe"+6B3C70: 80 3D 65 EB 46 01 00 - cmp byte ptr [TOV_DE.exe+1B227DC],00 // ---------- DONE INJECTING ---------- "TOV_DE.exe"+6B3C77: 75 40 - jne TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C79: 0F 2F CE - comiss xmm1,xmm6 "TOV_DE.exe"+6B3C7C: 77 3B - ja TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C7E: 33 D2 - xor edx,edx "TOV_DE.exe"+6B3C80: 48 8D 0D 69 EB 46 01 - lea rcx,[TOV_DE.exe+1B227F0] "TOV_DE.exe"+6B3C87: E8 74 80 F4 FF - call TOV_DE.exe+5FBD00 "TOV_DE.exe"+6B3C8C: 48 8D 8C 24 50 01 00 00 - lea rcx,[rsp+00000150] "TOV_DE.exe"+6B3C94: E8 F7 CA F3 FF - call TOV_DE.exe+5F0790 "TOV_DE.exe"+6B3C99: 0F 28 B4 24 30 01 00 00 - movaps xmm6,[rsp+00000130] "TOV_DE.exe"+6B3CA1: 48 8B 8C 24 20 01 00 00 - mov rcx,[rsp+00000120] } </AssemblerScript> </CheatEntry> </CheatEntries> </CheatTable>
Thank you, really. Makes replaying the game so much less painful.ciphray wrote: ↑Mon Jan 21, 2019 2:13 pmExeter wrote: ↑Mon Jan 21, 2019 9:06 amWow very nice. Can I ask how you managed to get infinite Holy Bottle effect to work? When I tried it last time I ended up doing it via using a Holy Bottle, and scanning for changed values until only 1 or 2 were left every time a Holy Bottle was in effect and when it went away again.. but when I tried to change one of the addresses to '1' (after it turned to 0 from the Holy Bottle wearing off), it always crashed the game. Curious on how you managed to get that to work.zachillios wrote: ↑Mon Jan 21, 2019 6:06 amSo thanks to Ciphray for providing the holy bottle address, I think I've got a working infinite holy bottle script going. Let me know if it works.
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>4818</ID> <Description>"Infinite Holy Bottle Duration"</Description> <LastState Activated="1"/> <VariableType>Auto Assembler Script</VariableType> <AssemblerScript>{ Game : TOV_DE.exe Version: Date : 2019-01-21 Author : Zach This script does blah blah blah } define(address,"TOV_DE.exe"+6B3C70) define(bytes,80 3D 65 EB 46 01 00) [ENABLE] assert(address,bytes) alloc(newmem,$1000,"TOV_DE.exe"+6B3C70) label(code) label(return) newmem: code: cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],#1 jmp return address: jmp newmem nop nop return: [DISABLE] address: db bytes // cmp byte ptr [TOV_DE.AmdPowerXpressRequestHighPerformance+D03DA8],00 dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "TOV_DE.exe"+6B3C70 "TOV_DE.exe"+6B3C39: 72 0B - jb TOV_DE.exe+6B3C46 "TOV_DE.exe"+6B3C3B: F3 0F 11 35 9D EB 46 01 - movss [TOV_DE.exe+1B227E0],xmm6 "TOV_DE.exe"+6B3C43: 0F 28 CE - movaps xmm1,xmm6 "TOV_DE.exe"+6B3C46: F3 0F 10 05 86 EB 46 01 - movss xmm0,[TOV_DE.exe+1B227D4] "TOV_DE.exe"+6B3C4E: F3 0F 58 05 02 0D 31 00 - addss xmm0,[TOV_DE.exe+9C4958] "TOV_DE.exe"+6B3C56: 0F 2F 05 7B EB 46 01 - comiss xmm0,[TOV_DE.exe+1B227D8] "TOV_DE.exe"+6B3C5D: F3 0F 11 05 6F EB 46 01 - movss [TOV_DE.exe+1B227D4],xmm0 "TOV_DE.exe"+6B3C65: 72 09 - jb TOV_DE.exe+6B3C70 "TOV_DE.exe"+6B3C67: C6 05 6E EB 46 01 00 - mov byte ptr [TOV_DE.exe+1B227DC],00 "TOV_DE.exe"+6B3C6E: EB 09 - jmp TOV_DE.exe+6B3C79 // ---------- INJECTING HERE ---------- "TOV_DE.exe"+6B3C70: 80 3D 65 EB 46 01 00 - cmp byte ptr [TOV_DE.exe+1B227DC],00 // ---------- DONE INJECTING ---------- "TOV_DE.exe"+6B3C77: 75 40 - jne TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C79: 0F 2F CE - comiss xmm1,xmm6 "TOV_DE.exe"+6B3C7C: 77 3B - ja TOV_DE.exe+6B3CB9 "TOV_DE.exe"+6B3C7E: 33 D2 - xor edx,edx "TOV_DE.exe"+6B3C80: 48 8D 0D 69 EB 46 01 - lea rcx,[TOV_DE.exe+1B227F0] "TOV_DE.exe"+6B3C87: E8 74 80 F4 FF - call TOV_DE.exe+5FBD00 "TOV_DE.exe"+6B3C8C: 48 8D 8C 24 50 01 00 00 - lea rcx,[rsp+00000150] "TOV_DE.exe"+6B3C94: E8 F7 CA F3 FF - call TOV_DE.exe+5F0790 "TOV_DE.exe"+6B3C99: 0F 28 B4 24 30 01 00 00 - movaps xmm6,[rsp+00000130] "TOV_DE.exe"+6B3CA1: 48 8B 8C 24 20 01 00 00 - mov rcx,[rsp+00000120] } </AssemblerScript> </CheatEntry> </CheatEntries> </CheatTable>
That's basically the exact same way I used to find the address, just kept the search limited to a somewhat close area to where the cooking status was kept in memory, also it technically gets changed each time at the end of a fight even without a holy bottle, since the game gives you a temporary holy bottle effect at that point, I made sure to take that graphic effect into account as well while searching
Sure. The arte section of the Character Data, once completed, will allow you to unlock the ones you specifically want to access and I can split my "Access All Artes" script into separate scripts for the selection menu and another for using them freely in battle.
While fighting only with one man army I found some 4 byte variable near enemey current HP that changes according to the monster book's id. So I thought that was the encounter ID but now I can't reproduce it. Maybe it was a just a coincidence.