[REQ] Shantae and the Seven Sirens (Steam)

[nowork]

Spoiler

Hello,

I've added only these, for GOG v.774057:

Float/Fly
Gems
Hearts

That with float/fly, inside where's "(float)5" make it slower by decreasing the value or faster by increasing (it can also lift enemies was fun, i must say, use after you'll finish the game), it has also a hotkey for activating/deactivating, that is "up arrow".Only these added, didn't played much,..perhaps somebody else could help with more, or wait for more 2-3 more cheats, in a couple of days, but it will take a while, i have a lot to do!

Best wishes!

I can confirm that this table also works for the latest steam version ( Build ID 7446520). Well, at least Fly/Float and Hearts works. But gems anyway are an easy 4 byte search. So thank you for that. Are you planning to add more options like 100% monster card drop and infinite mana?

[cfemen]

This was a great table with the perfect number of options. Would you please update your table for the latest steam patch? Build ID is 7446520. Thank you!

Hi,

well I just had 2 bigger projects/tables that I made ( Developer Cheats Unlock for This War of Mine and Children of Morta )
so currently not in the mood to update the complete table, but I guess you are mainly interested in the "100% drop chance" cheat?

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>211</ID>
      <Description>"100% Card Drop"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(aobDropMonsterCard,ShantaeSiren.exe,0F 82 ** ** ** ** 48 8B 1D ) // should be unique
alloc(origDropJump,6)
registersymbol(origDropJump)

origDropJump:
readmem(aobDropMonsterCard,6)

aobDropMonsterCard:
  db 90 90 90 90 90 90

registersymbol(aobDropMonsterCard)

[DISABLE]

aobDropMonsterCard:
  readmem(origDropJump,6)

unregistersymbol(aobDropMonsterCard)

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

add this script manuelly to a empty table, or to the table from VampTY

how to add:
-copy all the code
-just press ctrl+v into cheat engine(the section on the bottom where the scripts are) this will generate a script record
-save the table

and in case the game updates again, here a little instruction how to find it:



what you see here is the "LootTable::DropMonsterCard" method.
ShantaeSiren.exe+2BCC10 is the function that generates Random Numbers, then some math to convert it into a float and then compare it :
comiss xmm1,xmm2

on ShantaeSiren.exe+15F67E you can see the "JB" that means Jump Below, everytime it jumps then there is no card drop, my script does kill that jump = always drop

so but the interesting part is after the Jump Below check:

Code: Select all

lea rcx,[ShantaeSiren.exe+5793F8] { ("MonsterCard") } 

why its interesting:
that string ( "MonsterCard" ) is used for ShantaeSiren.exe+28D430 if the RNG allows a card drop.
ShantaeSiren.exe+28D430 = a hash function
to be more precise : the used hash method seems to be the hashlittle method, coz I found "hashlittle" references.
the hash function needs 2 arguments to generate a hash:
first : the string
second : string length

so anyone who wants to update can use that string to do a string search in cheat engine to find this spot again, just look for the "Jump Below" above the reference string, and then kill the jump ( or make sure that the xmm1 float is equal/greater than xmm2 )

[nowork]

Spoiler

This was a great table with the perfect number of options. Would you please update your table for the latest steam patch? Build ID is 7446520. Thank you!

Spoiler

Hi,

well I just had 2 bigger projects/tables that I made ( Developer Cheats Unlock for This War of Mine and Children of Morta )
so currently not in the mood to update the complete table, but I guess you are mainly interested in the "100% drop chance" cheat?

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>211</ID>
      <Description>"100% Card Drop"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(aobDropMonsterCard,ShantaeSiren.exe,0F 82 ** ** ** ** 48 8B 1D ) // should be unique
alloc(origDropJump,6)
registersymbol(origDropJump)

origDropJump:
readmem(aobDropMonsterCard,6)

aobDropMonsterCard:
  db 90 90 90 90 90 90

registersymbol(aobDropMonsterCard)

[DISABLE]

aobDropMonsterCard:
  readmem(origDropJump,6)

unregistersymbol(aobDropMonsterCard)

</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

add this script manuelly to a empty table, or to the table from VampTY

how to add:
-copy all the code
-just press ctrl+v into cheat engine(the section on the bottom where the scripts are) this will generate a script record
-save the table

and in case the game updates again, here a little instruction how to find it:



what you see here is the "LootTable::DropMonsterCard" method.
ShantaeSiren.exe+2BCC10 is the function that generates Random Numbers, then some math to convert it into a float and then compare it :
comiss xmm1,xmm2

on ShantaeSiren.exe+15F67E you can see the "JB" that means Jump Below, everytime it jumps then there is no card drop, my script does kill that jump = always drop

so but the interesting part is after the Jump Below check:

Code: Select all

lea rcx,[ShantaeSiren.exe+5793F8] { ("MonsterCard") } 

why its interesting:
that string ( "MonsterCard" ) is used for ShantaeSiren.exe+28D430 if the RNG allows a card drop.
ShantaeSiren.exe+28D430 = a hash function
to be more precise : the used hash method seems to be the hashlittle method, coz I found "hashlittle" references.
the hash function needs 2 arguments to generate a hash:
first : the string
second : string length

so you can use that string to do a string search in cheat engine to find this spot again, just look for the "Jump Below" above the reference string.

Wow, this is amazing! Thank you so much for the update and also taking the time to explain all of this. So now not only do I get to play, but in the process I get to learn too! So win-win.

[VampTY]

Hello,

Small update, i've added MAGIC and removed the initial table, check back where i've posted!
Also, big to cfemen for helping, i know you're busy, all the best baby!


Best wishes!

PS: i'll rep u later CFE, not allowed now!


-------------

I need to add also this, that script of mine for float/fly was made for "Shantae: Half-Genie Hero Ultimate Edition" for Steam edition, still works as it is, also works for this game as well, i just changed the name only, meaning from "ShantaeHero64.exe" inside the script into "ShantaeSiren.exe", and changed it from "1" to "5" because i know what they did there, anyway the one i'm saying is for -> viewtopic.php?t=8828

[nowork]

Spoiler

Hello,

Small update, i've added MAGIC and removed the initial table, check back where i've posted!
Also, big to cfemen for helping, i know you're busy, all the best baby!


Best wishes!

PS: i'll rep u later CFE, not allowed now!


-------------

I need to add also this, that script of mine for float/fly was made for "Shantae: Half-Genie Hero Ultimate Edition" for Steam edition, still works as it is, also works for this game as well, i just changed the name only, meaning from "ShantaeHero64.exe" inside the script into "ShantaeSiren.exe", and changed it from "1" to "5" because i know what they did there, anyway the one i'm saying is for -> viewtopic.php?t=8828

Thank you! Magic works for steam as well.

[VampTY]

It's cool it works also for mana or magic as i've named it . nowork!

...

cfemen, Think you can find some spare time and find the address for TIMER recording (to modify however you want ), the entire played time per new game or loaded game?Meaning the final time at the end, even if you''ll finish the game or not at 100%, just the final time!?

example that one in red [05:51], it can be for any saved game

Image!

Take care!

[cfemen]

cfemen, Think you can find some spare time and find the address for TIMER recording (to modify however you want ), the entire played time per new game or loaded game?Meaning the final time at the end, even if you''ll finish the game or not at 100%, just the final time!?

well, quick script:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>27346</ID>
      <Description>"Get Savegame Time "</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : ShantaeSiren.exe
  Version: 
  Date   : 2021-12-10
  Author : cfe

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(aobGetTimeBeforeSprintf,ShantaeSiren.exe,F3 0F 10 41 14 33) // should be unique
alloc(newmem,$1000,aobGetTimeBeforeSprintf)

label(code)
label(return)
label(pSlots)
registersymbol(pSlots)
label(JAgain)
label(JOut)

newmem:

code:
  movss xmm0,[rcx+14]
  push rax
  push rbx
  xor rbx,rbx
  mov rax,pSlots
JAgain:
  cmp qword ptr[rax+rbx*8],0
  jne short @f
   mov [rax+rbx*8],rcx
   jmp JOut
  @@:
  cmp qword ptr[rax+rbx*8],rcx
  je JOut
  inc rbx
  jmp JAgain
JOut:
  pop rbx
  pop rax
  jmp return
pSlots:
dq 0
dq 0
dq 0
aobGetTimeBeforeSprintf:
  jmp newmem
return:
registersymbol(aobGetTimeBeforeSprintf)

[DISABLE]

aobGetTimeBeforeSprintf:
  db F3 0F 10 41 14

unregistersymbol(aobGetTimeBeforeSprintf)
dealloc(newmem)

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>27347</ID>
          <Description>"Slot1 ( Seconds ) -&gt;"</Description>
          <LastState Value="2966.639404" RealAddress="2A460A321FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27348</ID>
          <Description>"Slot2 ( Seconds ) -&gt;"</Description>
          <LastState Value="363.9006653" RealAddress="2A460A763FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+8</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27349</ID>
          <Description>"Slot3 ( Seconds ) -&gt;"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+10</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

how it works:

activate script before you press Start
scripts has 3 pointer to get the time ( in seconds as float) for each save slot



e.g this is saveslot 2 and the value is (float)360 = 6 minutes
I've changed it to 999999999
then loaded the slot, saved the game and the altered time is saved in the savegame forever.

after game restart:


if you want to update it look for stuff like this:

Code: Select all

lea rdx,[ShantaeSiren.exe+589F70] { ("%02u : %02u") }

this is a format string that gets loaded before ShantaeSiren.exe+BAF0 is called.

ShantaeSiren.exe+BAF0 = [Link]

sprintf is used to write integers or other variable-types into a buffer to create a string.

the game is using sprintf to create the text for the UI that contains the time for each savegame,thats how I found the time without any memory scanning ( did a breakpoint on the 0xC3 return on sprintf while pressing start )

Edit:
some more infos:

the struct that is containing the time is called "GameplayState"
some of the stuff I figured out about the GameplayState:

• +0x14 = playtime in seconds
  +0x8 = a vector3 with the saved player position
  +0x24 and +0x28 is worldMapPos X/Y
  
  +0x18 = PlayerType
  +0x1C = Chapter
  +0x20 = GameState ? (not sure about that)
  
  +0x32 is "hasPlayed?" flag
  +0x33 is "isPart1Complete?" flag
  +0x34 is "hasCompletedPart1Ever?" flag
  +0x35 to 0x4E = more flags, didn't check them
  
  +0x18c = gemMachinesActivatedAmount
  +0x190 = totalAchievementAmount

there is more but didn't check all of it, but I guess you can control/alter lots of stuff over that flags
the default "PlayerType" is zero, I changed it to 1 and now my player looks like this lul:


some more infos:

your "heart" injection point:
RAX = PlayerManager->PlayerEntity->DefenseComponent
+0x368 = float current health
+0x364 = float max health

but more interesting is the PlayerEntity:

PlayerEntity + 0x1748 = developer damage multiplier
PlayerEntity + 0xAB7 = developer fly cheat but toggle it does nothing, also calling it with a instance of the entity does nothing
PlayerEntity + 0x9B4 = Visibility
PlayerEntity + 0x9B0 = Gravity
PlayerEntity + 0x9B8 = Invincible Timer
PlayerEntity + 0xA70 = developer god/Invincible flag
PlayerEntity + 0x8E4 = Move Speed
PlayerEntity + 0x1818 = Jump Count

and in the PlayerManager:

PlayerManager + 0x1F2 = developer inf. magic flag

well, im out ( btw Im still using the version 7446520 and the current version seems to be 774057 )

//

Last Edit:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>27393</ID>
      <Description>"Freeze Time"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[ENABLE]

aobscanmodule(aobWriteTime,ShantaeSiren.exe, F3 0F 58 C6 F3 0F 11 05  ** ** ** ** ) // should be unique

aobWriteTime:
  db 90 90 90 90

registersymbol(aobWriteTime)

[DISABLE]

aobWriteTime:
  db F3 0F 58 C6

unregistersymbol(aobWriteTime)
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

(copy all code and press ctrl+v into cheat engine bottom section to create a script record)

this script is preventing the game from increasing the playtime while ingame.

Code: Select all

F3 0F10 05 D919A700   - movss xmm0,[ShantaeSiren.exe+BABFC4]
F3 0F58 C6            - addss xmm0,xmm6
F3 0F11 05 CD19A700   - movss [ShantaeSiren.exe+BABFC4],xmm0

thats the spot, my script is NOPing the "addss" so nothing is added to the time.
this static address is used while saving the game to write the added time to the GameplayState.

//

note : Im not interested in playing the game, it was just fun for me to dissect the engine so that I can find everything without using memory-scans.
The first table was just a small contribution with options that will 100% work.

e.g One Hit Kill / Damage Multiplier would require test it on all enemies and bosses to make sure it works and does not bug the game ( especially on bosses if they have multiple states )

also the time snippets, I didn't test them if they work to complete the game in under "xx:xx" time, just posting these snippets here as example how to find the time and how its calculated.

[VampTY]

...

Hey,

Thank you for this fast reply!

I was asking because i was asked through pm by someone to find it, me, being a lazy ass you know but you're way smarter than me, know that!
Since i've understood all you've said, things went through lightspeed now, find it fast and decided also to make a script only for all three slots instead of having pointers (i hate pointers ).It is set to 10 mins (float(600)) for all, you can activate it whenever, just need to play a bit or save or both!



PS: that with "the default "PlayerType" is zero, I changed it to 1 and now my player looks like this lul" is her skins i guess, i never played this game, i'm using somebody else's saved game by the way!

Thank you, thank you so much for helping us, you know, if i'd had just a little, like 1% from your knowledge, that would be awesome! Thank you for your shared knowledge and time and loving support for community!

Another PS: the updated table is back where i've added the initial one!

[maskedman]

Thanks yo cfemen here is the code to freeze the timer

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>27346</ID>
      <Description>"Get Savegame Time "</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : ShantaeSiren.exe
  Version: 
  Date   : 2021-12-10
  Author : cfe

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(aobGetTimeBeforeSprintf,ShantaeSiren.exe,F3 0F 10 41 14 33) // should be unique
alloc(newmem,$1000,aobGetTimeBeforeSprintf)

label(code)
label(return)
label(pSlots)
registersymbol(pSlots)
label(JAgain)
label(JOut)

newmem:

code:
  movss xmm0,[rcx+14]
  push rax
  push rbx
  xor rbx,rbx
  mov rax,pSlots
JAgain:
  cmp qword ptr[rax+rbx*8],0
  jne short @f
   mov [rax+rbx*8],rcx
   jmp JOut
  @@:
  cmp qword ptr[rax+rbx*8],rcx
  je JOut
  inc rbx
  jmp JAgain
JOut:
  pop rbx
  pop rax
  jmp return
pSlots:
dq 0
dq 0
dq 0
aobGetTimeBeforeSprintf:
  jmp newmem
return:
registersymbol(aobGetTimeBeforeSprintf)

[DISABLE]

aobGetTimeBeforeSprintf:
  db F3 0F 10 41 14

unregistersymbol(aobGetTimeBeforeSprintf)
dealloc(newmem)

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>27347</ID>
          <Description>"Slot1 ( Seconds ) -&gt;"</Description>
          <LastState Value="2966.639404" RealAddress="2A460A321FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27348</ID>
          <Description>"Slot2 ( Seconds ) -&gt;"</Description>
          <LastState Value="363.9006653" RealAddress="2A460A763FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+8</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27349</ID>
          <Description>"Slot3 ( Seconds ) -&gt;"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+10</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[SpeezRunnaZ]

Thanks yo cfemen here is the code to freeze the timer

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>27346</ID>
      <Description>"Get Savegame Time "</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : ShantaeSiren.exe
  Version: 
  Date   : 2021-12-10
  Author : cfe

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(aobGetTimeBeforeSprintf,ShantaeSiren.exe,F3 0F 10 41 14 33) // should be unique
alloc(newmem,$1000,aobGetTimeBeforeSprintf)

label(code)
label(return)
label(pSlots)
registersymbol(pSlots)
label(JAgain)
label(JOut)

newmem:

code:
  movss xmm0,[rcx+14]
  push rax
  push rbx
  xor rbx,rbx
  mov rax,pSlots
JAgain:
  cmp qword ptr[rax+rbx*8],0
  jne short @f
   mov [rax+rbx*8],rcx
   jmp JOut
  @@:
  cmp qword ptr[rax+rbx*8],rcx
  je JOut
  inc rbx
  jmp JAgain
JOut:
  pop rbx
  pop rax
  jmp return
pSlots:
dq 0
dq 0
dq 0
aobGetTimeBeforeSprintf:
  jmp newmem
return:
registersymbol(aobGetTimeBeforeSprintf)

[DISABLE]

aobGetTimeBeforeSprintf:
  db F3 0F 10 41 14

unregistersymbol(aobGetTimeBeforeSprintf)
dealloc(newmem)

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>27347</ID>
          <Description>"Slot1 ( Seconds ) -&gt;"</Description>
          <LastState Value="2966.639404" RealAddress="2A460A321FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27348</ID>
          <Description>"Slot2 ( Seconds ) -&gt;"</Description>
          <LastState Value="363.9006653" RealAddress="2A460A763FC"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+8</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>27349</ID>
          <Description>"Slot3 ( Seconds ) -&gt;"</Description>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Float</VariableType>
          <Address>pSlots+10</Address>
          <Offsets>
            <Offset>14</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Hello. how can this code be used to finish the game under 3 hours? could someone possibly explain this to me? thanks in advance! Is it possible? Sorry very New to this

EDIT: Figured it out! yes yes it does work! change the time to something under3 hours and then use the time freeze script PROFIT!

[DrunkDemon]

well, there are already some tables:



so just here a small contribution with some new options:



God

-no damage or damage effects



Fly Mode

-while script is activ you can fly with noclip (arrow keys)



100% Card Drop

-as title says - every enemy will drop 100% a card



Jump Multiplier x?

-default x? = 1.3

-you can set any value you want to increase the jump



[Pointer] Gems

-gets the static address of the gems, should work regardless of game updates



//



thats it, there are already enough tables for the other things.

note : you can combine the tables if you copy my ENABLE into other tables.

It doesn't work