Immortals Fenyx Rising [Engine:AnvilNEXT]

[Daz]

The new Twitch Prime Stuff:

Code: Select all

000001D438EAB7F6 Phoenix: Frozen Phosphor
000001D73B99E944 Cosmetic: Cold Snap Armor
000001D73B99E932 Cosmetic: Cold Snap Helmet
000001D37DF761C2 Wings: Smooth Stream Wings
000001D73B99E956 Mount: Kenesis 

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Athoya]

Hello,
Anyone know how we can craft the Mythic and Midnight armor ?
I have all fragments but i don't know how use them...

[SunBeam]

^ Perhaps they're for the DLC?

[bonzay0]

More items:

Code: Select all

000001C0E9F7492D Sword: Departed Shade
000001C0E9F74596 Axe: Forbbiden Labrys
000001C9C1E30EAD Bow: Whirlwind
000001BB7320A0D0 Bow: Resistance
000001C53FC26DB2 Armor: Horns of  the Revels
000001C95B961975 Armor: Shroud of the Hunted Deer
000001C95B961A42 Armor: Brood of Typhon Helmet
000001C8742B663A Armor: Bristled Pelt
000001C53FC26E2A Armor: Love's Embrace
000001C8742B57F1 Armor: Stormy Breastplate of the Vulture
000001B8EDAF968E Quest Item: Bronze Pot
000001D2D4B040F2 Wings: Wings of Stars
000001CCC67A89FE Wings: Wings of the Hideous
000001CCC67A8A12 Wings: Wings of the Revels
000001CA94D01618 Mount: Anemone
000001BF87F05CC6 Mount: Gemini
000001B7E1DF82C6 Mount: Sepia
000001CE6BF3A93B Phosphor of Zeus's Lightning
000001CE6BF3A923 Phosphor of Passion
000001CE6BF3A917 Phosphor of Lovebird
000001C9C1E31CC8 Axe: Tempest
000001C9C1E2EF23 Sword: Cyclone
000001C53FC26D59 Armor: Shade of Tartaros Helm
000001C53FC26EDA Armor: Shade of Tartaros Plate
000001C8742B20E2 Armor: Hide of the Hunted Deer
000001CE6BF3A927 Phosphor the Stonegazer
000001D10B517467 Sword: Challenger Sword
000001B7E1DC7A1C Sword: Fabled Victor's Sword

EDIT: Added more items

[CJBok]

Hi Sunbeam,

Many thanks for all your efforts and dedication! I made a couple of adjustments to your script to make it a bit more dummy proof.

• Hide address and type column when using compact mode
• Removed input box for Give Item, replaced by memrec dropdownlist for hash and memrec for quantity
• Default Item Hash Ambrosia and Quantity 1
• Compatibility for Standard and Plus editions (making process variable as a symbol)

[boyyoyo]

000001CA94D01620 Mount: Tyrian

[TemptingIcarus]

Picked up the game yesterday, having a blast. Fought my first Legendary and got my ass wooped, came back a few hours later and won.

[SunBeam]

...

Hi there.

From Cheat Engine 7.1 onwards there's a variable called $process for the AA/ASM part. Not sure if you need to use it as is, without extras, but do try: mov eax,[$process+56DFB30].

If the game updates, though, it's possible the offset may change. So I'd suggest finding all the references to $process+56DFB30, where it's used, and devise an AOB for the piece in the function where it's used. Then use Lua to scan for that AOB and extract the address from there. Then register a symbol for it like you did.

See page 3:

Code: Select all

ImmortalsFenyxRising_plus.exe+5CE20 - 48 89 5C 24 08        - mov [rsp+08],rbx
ImmortalsFenyxRising_plus.exe+5CE25 - 57                    - push rdi
ImmortalsFenyxRising_plus.exe+5CE26 - 48 83 EC 20           - sub rsp,20
ImmortalsFenyxRising_plus.exe+5CE2A - 8B 0D 002D6805        - mov ecx,[ImmortalsFenyxRising_plus.exe+56DFB30] << here
ImmortalsFenyxRising_plus.exe+5CE30 - 41 B8 C0010000        - mov r8d,000001C0
ImmortalsFenyxRising_plus.exe+5CE36 - 65 48 8B 04 25 58000000  - mov rax,gs:[00000058]
ImmortalsFenyxRising_plus.exe+5CE3F - BA 20000000           - mov edx,00000020
ImmortalsFenyxRising_plus.exe+5CE44 - 48 8B 1C C8           - mov rbx,[rax+rcx*8]
ImmortalsFenyxRising_plus.exe+5CE48 - 48 03 DA              - add rbx,rdx
ImmortalsFenyxRising_plus.exe+5CE4B - 33 D2                 - xor edx,edx
ImmortalsFenyxRising_plus.exe+5CE4D - 48 8B CB              - mov rcx,rbx
ImmortalsFenyxRising_plus.exe+5CE50 - E8 1B9B6003           - call ImmortalsFenyxRising_plus.exe+3666970

Code: Select all

ImmortalsFenyxRising_plus.exe+6A4130 - 48 89 5C 24 10        - mov [rsp+10],rbx
ImmortalsFenyxRising_plus.exe+6A4135 - 48 89 74 24 18        - mov [rsp+18],rsi
ImmortalsFenyxRising_plus.exe+6A413A - 57                    - push rdi
ImmortalsFenyxRising_plus.exe+6A413B - 48 83 EC 20           - sub rsp,20
ImmortalsFenyxRising_plus.exe+6A413F - 44 8B 05 EAB90305     - mov r8d,[ImmortalsFenyxRising_plus.exe+56DFB30] << here
ImmortalsFenyxRising_plus.exe+6A4146 - 0FB6 F1               - movzx esi,cl
ImmortalsFenyxRising_plus.exe+6A4149 - 65 48 8B 04 25 58000000  - mov rax,gs:[00000058]
ImmortalsFenyxRising_plus.exe+6A4152 - 0FB6 FA               - movzx edi,dl
ImmortalsFenyxRising_plus.exe+6A4155 - B9 48030000           - mov ecx,00000348 << here
ImmortalsFenyxRising_plus.exe+6A415A - 4A 8B 04 C0           - mov rax,[rax+r8*8]
ImmortalsFenyxRising_plus.exe+6A415E - 4C 8B 04 01           - mov r8,[rcx+rax]
ImmortalsFenyxRising_plus.exe+6A4162 - 41 FF 80 400B0000     - inc [r8+00000B40]
ImmortalsFenyxRising_plus.exe+6A4169 - 41 8B 80 400B0000     - mov eax,[r8+00000B40] << here
ImmortalsFenyxRising_plus.exe+6A4170 - 48 69 D8 68010000     - imul rbx,rax,00000168
ImmortalsFenyxRising_plus.exe+6A4177 - 49 03 D8              - add rbx,r8
ImmortalsFenyxRising_plus.exe+6A417A - 48 8B CB              - mov rcx,rbx

Using the 2nd snippet:

Code: Select all

ImmortalsFenyxRising_plus.exe+6A413F - 44 8B 05 EAB90305     - mov r8d,[ImmortalsFenyxRising_plus.exe+56DFB30] << here
ImmortalsFenyxRising_plus.exe+6A4146 - 0FB6 F1               - movzx esi,cl
ImmortalsFenyxRising_plus.exe+6A4149 - 65 48 8B 04 25 58000000  - mov rax,gs:[00000058]

--> 448B05????????0FB6F165488B0425

So.. using the aobScanEx function in my script (it's in the [ Initialize ] script and registered to be used globally):

Code: Select all

local aob_tlsBase = "448B05????????0FB6F165488B0425"
sl = aobScanEx( aob_tlsBase )
if not sl or sl.Count < 1 then stopExec( "'aob_tlsBase' not found." ) end
t = tonumber( sl[0], 16 )
t = t + readInteger( t + 0x3, true ) + 0x7
unregisterSymbol( "tlsBase" )
registerSymbol( "tlsBase", t, true )

You will see that if you scan for that array in both Standard and Plus processes, you will find 1 result in each. So now you have tlsBase symbol to use directly in the Give Item script like this:

mov rax,tlsBase
mov eax,[rax]

The reason I wrote it like this is the code the script runs is part of an allocation. This allocation can be close to the process, in which case "mov eax,[tlsBase]" would get compiled. However, if the allocation is in high memory (distance between process and allocated memory > 2GB), then "mov eax,[tlsBase]" will fail to compile. As such, the trick/twist here is to split the one instruction in two: do "mov rax,tlsBase" first, then read into eax the content of rax -> "mov eax,[rax]"

So there you have it.

[ShadowKhan]

So this is a super weird question, but does the giveitem function SET the quantity to the number? I.e. hash|10 set the quantity of the item to 10, or does it ADD the number? Meaning, if I have 10 pomegranates and I use giveitem [pomegranate]|15, do I end up with 15 or 25?

I ask, bec I have 999 ambrosias and would like to set them to like 1, so I can collect more and not be quest blocked.

[SunBeam]

...

It adds. Try with negative numbers. Example: 00000000xxxxxxxx|-1.

Alternately, you can use the [ Debug ] > "Read Filtered Hash On Inventory Open" script, making sure the only hash you comment or remove in KnownHash array (open the script and edit it) is that of Pomegranates. Line 84, add a double dash at the start of the line:

--"000001C0E9F6CECC", -- Pomegranate.

Then enable the script, open Inventory with I. Go back to CE and disable the script. The Lua Engine console window should show only one block of data with 1 line showing Hash: 00000000xxxxxxxx and 1 line below it showing Address: address -> quantity. Copy that address and add it to your list (Add Address Manually), setting Type to 4 Bytes. Then double-click it to edit the amount to 0 or whatever.

Re-open the Inventory and check the now updated amount

[ShadowKhan]

Yep that worked for ambrosias, now for some reason it wasnt showing me the Zues's lightning address, thanks for your help though!

[SunBeam]

The list works as a filter. What's in the list is NOT shown when you open the Inventory. That's why, if you want something shown, you have to comment the line or lines with the respective hash(es). In your case, for Zeus' Lightning, that would be line 88 that needs -- at the start of it.

[ShadowKhan]

Lol, thank you! I had understood that as self-explanatory. I understood the list was a filter and that I needed to comment out the value I was after. I had commented out that line and tried to see the hash value and location. It failed. This happened both when I tried with the same one I used for ambrosia, where despite reloading the list it still showed the previous hash values, and when I tried to start a new cheatengine instance from fresh, and re-edit the list with only the lightning line copied out. It showed me some wonky hash value not related to anything with a quantity of 1. Oh well, it doesn't seem that lightning values are needed for any collection quests so its not urgent, but even so. Either way, thanks.

[drkim1089]

I bought all the DLCs. (with Fire weapon skin, Dragon phoenix)
I found the hash code of the DLC set.
However, I don't know how to find Skin's hash code. (sword, axe, bow, helmet, armor, phoenix)
Somebody help me.

1) DLC Wings
Wings of the wave 000001D37DF1C22B
Radiant wings 000001D31CC1C360
Wings of the corruptor 000001D31CC32224
Wings of stars 000001D2D4B040F2
Wings of the underworld 000001D168F47F2E

2) DLC Horse
Skyphios 000001BF87F05CD6
Prophecy 000001BF87F05CDE
Mania 000001BF87F05CE6
Gemini 000001BF87F05CC6
Abyss 000001BF87F05CCE

[Daz]

I bought all the DLCs. (with Fire weapon skin, Dragon phoenix)
I found the hash code of the DLC set.
However, I don't know how to find Skin's hash code. (sword, axe, bow, helmet, armor, phoenix)
Somebody help me.

I used the method from this post: viewtopic.php?f=4&t=14542&start=15. I would start a new game so that the save doesn't have those items, then if you have followed the instructions correctly and set the breakpoint right, go to the owned tab in-game and click on the skin, and it should break and show the hash in RCX.

The reason I say make a new game is because I assume you have already clicked on the skins in the owned tab, and I don't know if it will work if you have. Making a new game only affects autosaves, so make sure you do a manual save (and backup the entire save folder to be safe) before you start the new game.

Edit: I forgot to mention if you are using the plus version of the game, use "ImmortalsFenyxRising_plus.exe+263A760" as the breakpoint when following the instructions in the linked post. It probably goes without saying (like using CE 7.2, etc.) but I thought I should mention it just in case.