NieR Replicant ver.1.22474487139 (Steam)

[malightydog]

Is there any way to figure out the location of Kaine's Sword in my save? I got Ending E and realized that it doesn't make the sword available to all saves, just the one that I've beaten everything on. I want to be able to use the sword as kid Nier. The all weapons thing is obviously very iffy on different people's saves, so is it easier to target one weapon? I'll help any way I can!

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[zachillios]

Is there any way to figure out the location of Kaine's Sword in my save? I got Ending E and realized that it doesn't make the sword available to all saves, just the one that I've beaten everything on. I want to be able to use the sword as kid Nier. The all weapons thing is obviously very iffy on different people's saves, so is it easier to target one weapon? I'll help any way I can!

Two things: to answer your question, no its not easier. Secondly, Kaine's sword doesn't work on kid nier from what I remember.

[dickbutt3000]

Word "Solzarken" which gives MP Recovery +30% is missing in receive all words, leaves it at 99%.

I'm having a similar issue, seem to have all the words except for about half of the "sol" tree. Sol up to solesra is there, but solkarr, solzarr, and solzarken are missing, and I'm only at 97% for words. If anyone has a fix or knows a way to get them, please let me know, since they're the important mana regen ones.

[BANSHE3]

A character model swap would be great, it is possible with a cheat table or only a mod can do this?

[YukariArimura]

Thanks for the great cheat.
If an item has an upper limit of 1, why not make the number of possessions also 1?

[h0b0onsn0w]

I can't make work Have all weapons one. I'm in the second half of the game (just beginning) and weapons appear an dissapear, even the cheat makes appear Kainé and Emil at my side when it's impossible in this moment of the plot.

Some ideas?

I don't actually turn on the have all weap cheat but i do use it to find the weapon pointer location. once you activate weapon finder cheat right click on the address that pops up and browse this memory region. You'll see a bunch of FF. each FF is a weap status, FF being not unlocked. Change it to 00 to unlock or 03 to unlock it and at lv4 upgraded. This way you can just unlock specific weap instead of all of them.

[WhateverReally]

Alright so thanks to h0b0onsn0w post above me with "FF"s I decided to try and experiment a bit with the "All words" access cheat. Found out that by erasing the value from "Have all" and leaving only lots of "FF"s I added one more "FF" at the end of it to see what will it do and voila, Solzarken has been found and I have my 100% words achieved.

Thank you kindly for this cheat, it helped me greatly, but might fix this for future users though~

[KS212]

Thanks to the above also, it also works for the missing weapon.

Also, I worked out what's causing the game to bug out sometimes if you use the weapon/word unlock cheat. Make sure you have the NAMELESS BLADE equipped before using the cheat. The 'weapon finder' basically finds the start of the weapon and word memory 'block' based upon the weapon you have equipped.

The Nameless Blade is always #1 in the inventory no matter what so it represents the true beginning of the memory block... if you have any other weapon equipped, the weapon finder will jump to whatever weapon you have equipped as the 'beginning' which is going to cause it to overflow into other game memory, thus causing the entire game to screw up.

So, yeah... Still, always have a backup of your save in another slot. The best place to use the weapon/word unlocker is in your village as a kid as you have easy access to the Library nearby as a room transition/forced load. Load your game, swing your weapon once to populate the weapon finder... make sure you have the Nameless Blade equipped and set the options, then BEFORE YOU SAVE, RUN INTO THE LIBRARY!! If the NPC's on the ground floor of the library (old man and 2 kids on the right) load, then you've done it right and should leave the Library and go save your game. If the NPC's do not load, you've fucked up, DO NOT SAVE, just reload your game and try again as you probably messed up somewhere.

Thanks to zachillos again for making the cheat

[Lulu]

Can someone show me how to use Item Finder to find specific items and change their quantities please ? I got to the "View this memory region" part but idk what to do next.

[topia]

Can someone show me how to use Item Finder to find specific items and change their quantities please ? I got to the "View this memory region" part but idk what to do next.

This is another Item FInder, editing specific item quantities. WARNING: not limit max quantity.
usage: replace "Item FInder" with below entries, check "Item Finder" and "Populate Item Name".

edit: fixed bug of original code (should not use RAX to compute ItemBase, and allocate 8 bytes to ItemBase due to 64-bit), and temporarily drop HaveAll code because I can't check valid offset for now

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Item Finder"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : NieR Replicant ver.1.22474487139.exe
  Version: 
  Date   : 2021-04-23
  Author : Zach

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Item_Base,NieR Replicant ver.1.22474487139.exe,0F B6 84 08 C0 00 00 00 C3 32) // should be unique
alloc(newmem,$1000,"NieR Replicant ver.1.22474487139.exe"+3BB671)
globalalloc(ItemBase,8)
label(code)
label(return)
label(item_idx)

newmem:
push rax
lea rax,[rcx+000000C0]
mov [ItemBase],rax
pop rax
code:
  movzx eax,byte ptr [rax+rcx+000000C0]
  jmp return

item_idx:
  dw 0 // some mem for save item index

Item_Base:
  jmp newmem
  nop 3
return:
registersymbol(Item_Base)
registersymbol(item_idx)

[DISABLE]

Item_Base:
  db 0F B6 84 08 C0 00 00 00

unregistersymbol(item_idx)
unregistersymbol(Item_Base)
dealloc(newmem)
dealloc(ItemBase)
{
// ORIGINAL CODE - INJECTION POINT: "NieR Replicant ver.1.22474487139.exe"+3BB671

"NieR Replicant ver.1.22474487139.exe"+3BB649: 80 3D 60 D6 F9 03 00        -  cmp byte ptr ["NieR Replicant ver.1.22474487139.exe"+4358CB0],00
"NieR Replicant ver.1.22474487139.exe"+3BB650: 75 14                       -  jne "NieR Replicant ver.1.22474487139.exe"+3BB666
"NieR Replicant ver.1.22474487139.exe"+3BB652: 81 FA FF 02 00 00           -  cmp edx,000002FF
"NieR Replicant ver.1.22474487139.exe"+3BB658: 77 20                       -  ja "NieR Replicant ver.1.22474487139.exe"+3BB67A
"NieR Replicant ver.1.22474487139.exe"+3BB65A: 48 63 C2                    -  movsxd  rax,edx
"NieR Replicant ver.1.22474487139.exe"+3BB65D: 0F B6 84 08 44 0E 00 00     -  movzx eax,byte ptr [rax+rcx+00000E44]
"NieR Replicant ver.1.22474487139.exe"+3BB665: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB666: 81 FA FF 02 00 00           -  cmp edx,000002FF
"NieR Replicant ver.1.22474487139.exe"+3BB66C: 77 0C                       -  ja "NieR Replicant ver.1.22474487139.exe"+3BB67A
"NieR Replicant ver.1.22474487139.exe"+3BB66E: 48 63 C2                    -  movsxd  rax,edx
// ---------- INJECTING HERE ----------
"NieR Replicant ver.1.22474487139.exe"+3BB671: 0F B6 84 08 C0 00 00 00     -  movzx eax,byte ptr [rax+rcx+000000C0]
// ---------- DONE INJECTING  ----------
"NieR Replicant ver.1.22474487139.exe"+3BB679: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB67A: 32 C0                       -  xor al,al
"NieR Replicant ver.1.22474487139.exe"+3BB67C: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB67D: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB67E: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB67F: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB680: E9 4B 1B 94 05              -  jmp "NieR Replicant ver.1.22474487139.exe"+5CFD1D0
"NieR Replicant ver.1.22474487139.exe"+3BB685: 31 BF 82 E9 18 D1           -  xor [rdi-2EE7167E],edi
"NieR Replicant ver.1.22474487139.exe"+3BB68B: FF                          -  db -01
"NieR Replicant ver.1.22474487139.exe"+3BB68C: FF AE E0 C6 B7 F2           -  jmp far [rsi-0D483920]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>77</ID>
          <Description>"Populate Item Name"</Description>
          <LastState/>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{$lua}
[ENABLE]
if syntaxcheck then return end

local localized_text_ptrs = {}

local text_ptr = getAddress("1427de300")
local count = readInteger(text_ptr + 0xf070, true)
for i=0,count-1,1 do
    local pos = text_ptr + i * 0x10
    localized_text_ptrs[readInteger(pos, true)] = readPointer(pos+0x8)
end
local count = readInteger(text_ptr + 0xf478, true)
for i=0,count-1,1 do
    local pos = text_ptr + i * 0x10 + 0xf078
    localized_text_ptrs[readInteger(pos, true)] = readPointer(pos+0x8)
end

local dropdown = createStringList()
local item_defs_ptr = getAddress("[1443592c8]")
local count = readInteger(item_defs_ptr + 0x10, true)
local items_ptr = readPointer(item_defs_ptr + 0x18)
for i=0,count-1,1 do
    local pos = items_ptr + i * 0x40
    local item_id = readInteger(pos, true)
    if item_id &lt; 0x300 then
        local item_name_id = readInteger(pos+0xc, true)
        local item_description_id = readInteger(pos+0x10, true)
        local item_name_ptr = localized_text_ptrs[item_name_id]
        if item_name_ptr ~= nil then
            local item_name = readString(item_name_ptr)
            local item_description = readString(localized_text_ptrs[item_description_id], 0x100)
            dropdown.add(item_id .. ":" .. item_name .. " : " .. string.gsub(item_description, "\n", " "))
        end
    end
end


local itemID = getAddressList().getMemoryRecordByDescription("item index")
itemID.DropDownList.setText(dropdown.getText())
itemID.DisplayAsDropDownListItem = true

[DISABLE]
local itemID = getAddressList().getMemoryRecordByDescription("item index")
itemID.DropDownList.clear()
itemID.DisplayAsDropDownListItem = false

</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>75</ID>
          <Description>"item index"</Description>
          <LastState Value="0" RealAddress="13A4C0020"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>4 Bytes</VariableType>
          <Address>item_idx</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>76</ID>
          <Description>"Item Quantity"</Description>
          <LastState Value="10" RealAddress="144372850"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Byte</VariableType>
          <Address>ItemBase</Address>
          <Offsets>
            <Offset>[item_idx]</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[oblivion363]

Can someone show me how to use Item Finder to find specific items and change their quantities please ? I got to the "View this memory region" part but idk what to do next.

Second this. I'm just trying to give myself enough eagle eggs so I don't have to farm this same spot for like four hours

[MadCabbit]

I don't know about replacing the section in the original, but this works just fine saved to its own .CT file for manipulating the number of items in the inventory, thanks! Added as a file attachment to this post. Credits to topia for coming up with this, my own personal searching for item numbers came up empty. I've only used this to edit items I already have to add to them, since farming a lot of these items is tedious, but I'd rather have gathered some in the very least, so I haven't used it for anything I don't already have. Given the max quantity comment, I'd avoid going over the item limits.

Can someone show me how to use Item Finder to find specific items and change their quantities please ? I got to the "View this memory region" part but idk what to do next.

This is another Item FInder, editing specific item quantities. WARNING: not limit max quantity.
usage: replace "Item FInder" with below entries, check "Item Finder" and "Populate Item Name".

edit: fixed bug of original code (should not use RAX to compute ItemBase, and allocate 8 bytes to ItemBase due to 64-bit), and temporarily drop HaveAll code because I can't check valid offset for now

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>4</ID>
      <Description>"Item Finder"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : NieR Replicant ver.1.22474487139.exe
  Version: 
  Date   : 2021-04-23
  Author : Zach

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Item_Base,NieR Replicant ver.1.22474487139.exe,0F B6 84 08 C0 00 00 00 C3 32) // should be unique
alloc(newmem,$1000,"NieR Replicant ver.1.22474487139.exe"+3BB671)
globalalloc(ItemBase,8)
label(code)
label(return)
label(item_idx)

newmem:
push rax
lea rax,[rcx+000000C0]
mov [ItemBase],rax
pop rax
code:
  movzx eax,byte ptr [rax+rcx+000000C0]
  jmp return

item_idx:
  dw 0 // some mem for save item index

Item_Base:
  jmp newmem
  nop 3
return:
registersymbol(Item_Base)
registersymbol(item_idx)

[DISABLE]

Item_Base:
  db 0F B6 84 08 C0 00 00 00

unregistersymbol(item_idx)
unregistersymbol(Item_Base)
dealloc(newmem)
dealloc(ItemBase)
{
// ORIGINAL CODE - INJECTION POINT: "NieR Replicant ver.1.22474487139.exe"+3BB671

"NieR Replicant ver.1.22474487139.exe"+3BB649: 80 3D 60 D6 F9 03 00        -  cmp byte ptr ["NieR Replicant ver.1.22474487139.exe"+4358CB0],00
"NieR Replicant ver.1.22474487139.exe"+3BB650: 75 14                       -  jne "NieR Replicant ver.1.22474487139.exe"+3BB666
"NieR Replicant ver.1.22474487139.exe"+3BB652: 81 FA FF 02 00 00           -  cmp edx,000002FF
"NieR Replicant ver.1.22474487139.exe"+3BB658: 77 20                       -  ja "NieR Replicant ver.1.22474487139.exe"+3BB67A
"NieR Replicant ver.1.22474487139.exe"+3BB65A: 48 63 C2                    -  movsxd  rax,edx
"NieR Replicant ver.1.22474487139.exe"+3BB65D: 0F B6 84 08 44 0E 00 00     -  movzx eax,byte ptr [rax+rcx+00000E44]
"NieR Replicant ver.1.22474487139.exe"+3BB665: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB666: 81 FA FF 02 00 00           -  cmp edx,000002FF
"NieR Replicant ver.1.22474487139.exe"+3BB66C: 77 0C                       -  ja "NieR Replicant ver.1.22474487139.exe"+3BB67A
"NieR Replicant ver.1.22474487139.exe"+3BB66E: 48 63 C2                    -  movsxd  rax,edx
// ---------- INJECTING HERE ----------
"NieR Replicant ver.1.22474487139.exe"+3BB671: 0F B6 84 08 C0 00 00 00     -  movzx eax,byte ptr [rax+rcx+000000C0]
// ---------- DONE INJECTING  ----------
"NieR Replicant ver.1.22474487139.exe"+3BB679: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB67A: 32 C0                       -  xor al,al
"NieR Replicant ver.1.22474487139.exe"+3BB67C: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB67D: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB67E: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB67F: CC                          -  int 3 
"NieR Replicant ver.1.22474487139.exe"+3BB680: E9 4B 1B 94 05              -  jmp "NieR Replicant ver.1.22474487139.exe"+5CFD1D0
"NieR Replicant ver.1.22474487139.exe"+3BB685: 31 BF 82 E9 18 D1           -  xor [rdi-2EE7167E],edi
"NieR Replicant ver.1.22474487139.exe"+3BB68B: FF                          -  db -01
"NieR Replicant ver.1.22474487139.exe"+3BB68C: FF AE E0 C6 B7 F2           -  jmp far [rsi-0D483920]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>77</ID>
          <Description>"Populate Item Name"</Description>
          <LastState/>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>{$lua}
[ENABLE]
if syntaxcheck then return end

local localized_text_ptrs = {}

local text_ptr = getAddress("1427de300")
local count = readInteger(text_ptr + 0xf070, true)
for i=0,count-1,1 do
    local pos = text_ptr + i * 0x10
    localized_text_ptrs[readInteger(pos, true)] = readPointer(pos+0x8)
end
local count = readInteger(text_ptr + 0xf478, true)
for i=0,count-1,1 do
    local pos = text_ptr + i * 0x10 + 0xf078
    localized_text_ptrs[readInteger(pos, true)] = readPointer(pos+0x8)
end

local dropdown = createStringList()
local item_defs_ptr = getAddress("[1443592c8]")
local count = readInteger(item_defs_ptr + 0x10, true)
local items_ptr = readPointer(item_defs_ptr + 0x18)
for i=0,count-1,1 do
    local pos = items_ptr + i * 0x40
    local item_id = readInteger(pos, true)
    if item_id &lt; 0x300 then
        local item_name_id = readInteger(pos+0xc, true)
        local item_description_id = readInteger(pos+0x10, true)
        local item_name_ptr = localized_text_ptrs[item_name_id]
        if item_name_ptr ~= nil then
            local item_name = readString(item_name_ptr)
            local item_description = readString(localized_text_ptrs[item_description_id], 0x100)
            dropdown.add(item_id .. ":" .. item_name .. " : " .. string.gsub(item_description, "\n", " "))
        end
    end
end


local itemID = getAddressList().getMemoryRecordByDescription("item index")
itemID.DropDownList.setText(dropdown.getText())
itemID.DisplayAsDropDownListItem = true

[DISABLE]
local itemID = getAddressList().getMemoryRecordByDescription("item index")
itemID.DropDownList.clear()
itemID.DisplayAsDropDownListItem = false

</AssemblerScript>
        </CheatEntry>
        <CheatEntry>
          <ID>75</ID>
          <Description>"item index"</Description>
          <LastState Value="0" RealAddress="13A4C0020"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>4 Bytes</VariableType>
          <Address>item_idx</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>76</ID>
          <Description>"Item Quantity"</Description>
          <LastState Value="10" RealAddress="144372850"/>
          <ShowAsSigned>0</ShowAsSigned>
          <VariableType>Byte</VariableType>
          <Address>ItemBase</Address>
          <Offsets>
            <Offset>[item_idx]</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[aSwedishMagyar]

...

I would recommend you revise a few of your scripts as they are using the same symbol name for a bunch of them (INJECT). Means that if any of them are activated at the same time, only the last one will be registered. Then if you deactivate a different one, it will write the wrong bytes to that location and prevent any of the other scripts from disabling.

It's possible that could be the reason why others are experiencing issues.

[Lulu]

Wow! Thank you, topia and MadCabbit !
I tried those scripts to add some fishes and I was able to complete one of the fisherman quests.
It seems to be working perfectly.

[topia]

@zachillios I think you mistook to use RAX to compute base address for weapon pointer too. the below disassemble treats as return param2/*edx*/ <= 0x3f ? *(char *)(param1/*rcx*/ + 0x4ac + param2/*rax=edx*/) : -1;, so base address should be rcx + 0x4ac:

Code: Select all

"NieR Replicant ver.1.22474487139.exe"+3BB850: 83 FA 3F                    -  cmp edx,3F
"NieR Replicant ver.1.22474487139.exe"+3BB853: 77 0C                       -  ja "NieR Replicant ver.1.22474487139.exe"+3BB861
"NieR Replicant ver.1.22474487139.exe"+3BB855: 48 63 C2                    -  movsxd  rax,edx
// ---------- INJECTING HERE ----------
"NieR Replicant ver.1.22474487139.exe"+3BB858: 0F BE 84 08 AC 04 00 00     -  movsx eax,byte ptr [rax+rcx+000004AC]
// ---------- DONE INJECTING  ----------
"NieR Replicant ver.1.22474487139.exe"+3BB860: C3                          -  ret 
"NieR Replicant ver.1.22474487139.exe"+3BB861: B8 FF FF FF FF              -  mov eax,FFFFFFFF