[REQUEST] Monster Hunter Stories 2: Wings of Ruin

[baitsanity]

Game Name: Monster Hunter Stories 2: Wings of Ruin

Link:

The game is extremely new so maybe just start off with health and kinship gauge, then later maybe only super rare eggs or something idk. Any ideas would be good

[Lukacross]

I saw that DrummerIX owns the game so they will probably make a table for it eventually, i personally love their RPG tables so im hyped lol

[caliber1942]

Couple things about this game.

1) made by the CAPCOM folks, who also did Monster Hunter World, which had anticheats/scanners, etc. that would crash or otherwise bork the game if it detected changes to the game code.

2) game doesn't appear to have a driver/kernel mode anticheat, at least not that I found. Process Hacker doesn't flag or alert that a driver is being run

3) game does allow you to attach Cheatengine to it without closing or otherwise any changes.

4) if you ATTACH DEBUGGER to process, or otherwise make ANY breakpoint (including VEH) then the game detects it and will continue to run, but normal game flow is disrupted so the game appears "stuck"

5) I was able to use Page Exceptions and then exception breakpoints on BYTES to gather some code, but it only takes a few game cycles before the detection kicks in and then your game is STUCK.

One such code area is this:

READ CURRENT HEALTH IN BATTLE:
==============================

game.exe+B5B688 - 0FB7 41 18 - movzx eax,word ptr [rcx+18]

RCX+18 is HEALTH integer WORD

game.exe+B5B670 - 83 FA 04 - cmp edx,04 { 4 }
game.exe+B5B673 - 77 13 - ja game.exe+B5B688
game.exe+B5B675 - 48 63 C2 - movsxd rax,edx
game.exe+B5B678 - 48 69 D0 A4000000 - imul rdx,rax,000000A4 { 164 }
game.exe+B5B67F - 0FB7 84 0A AC000000 - movzx eax,word ptr [rdx+rcx+000000AC]
game.exe+B5B687 - C3 - ret
game.exe+B5B688 - 0FB7 41 18 - movzx eax,word ptr [rcx+18]
game.exe+B5B68C - C3 - ret

That function is CLEARLY shared, not sure if it's shared with enemies as of yet.

6) However, the SECOND problem kicks in that eventually there is a SCAN of the game executable for changes to the .exe module, and you get the same "STUCK", outcome. You can test this by simply changing a byte somewhere then LOAD a SAVE and it will be stuck on the LOAD egg.

7) Likely there is a function called from the breakpoint detection and/or the SCAN detection and/or whatever else that sets a variable to 'STUCK', or does some 'thing' or a series of 'things' to bork the game flow.

So the challenge now is to find out how the game is detecting the breakpoints/debugger and defeat it. Once that is done, the second task is to defeat the scanner.. OR maybe it's as simple as cancelling out the function that ultimately borks the game.

If there is a MAIN LOOP, likely somewhere in there is the place to see what is being done or changed. Sadly, it may also be in part of a loop of run functions:

i.e.

call qword ptr [rax+000004F0]

Where hundreds of functions are called in the same loop, and the one that is doing the checks or fires off the code that borks the game might be in there.

A code area you can easily breakpoint repeatedly is:

game.exe+E90416 - E8 25020000 - call game.exe+E90640

as is:

game.exe+81BC80 - 48 89 5C 24 18 - mov [rsp+18],rbx

If this might help tracing back, possibly. I've been looking at this about 2.5 hours and it's 3am and I have a lot of other work, so I will have to table this for now and simply get back to it when there is more progress posted by others who are contributing or I have more time to trace this myself.

IsDebuggerPresent bypass does nothing to help.

I do not have INTEL CPU, so trying the kernel mode debugging in CheatEngine is not an option for me, at least not with my main computer (will have to try notebook later). Maybe that isn't detected and some things can be traced more easily.

I've not done any scans for TEXT in the game that might give clues to what functions are doing.

At any rate, likely going to be a pause for trainers and tables on this while people work on these initial issues. The game supposedly has online features, multiplayer components, and PvP maybe. This company literally told us to take down our Monster Hunter World trainer until they removed Denuvo and then they seemed to not care after that.

Happy reversing. Now for a few game updates and then some much needed sleep.

best,
Cal

[KilluaZoldyck]

I personally would love some multipliers. EXP/gold etc

[sleepykitty]

Bottle Caps appears to have a randomized address every time you open the menu in that store.

[evie112]

I want cheat for bottle caps, EXP, monsties genes always full slots, also move speed cheat would be nice

[sleepykitty]

I want cheat for bottle caps, EXP, monsties genes always full slots, also move speed cheat would be nice

Just attach cheat engine and go to the store page for bottle caps and buy low cost items, should only take 1-3 attempts at most to grab the current address and edit.

[Lukacross]

I want cheat for bottle caps, EXP, monsties genes always full slots, also move speed cheat would be nice

Just attach cheat engine and go to the store page for bottle caps and buy low cost items, should only take 1-3 attempts at most to grab the current address and edit.

do a search for the current bottle cap value, then change the search settings to "decreased value by" and whatever you bought is what you change the value to. so if you bought something for 4 caps, you'd type 4 in the search bar. it should give you 2 results at most. just change both to 999 and boom

[evie112]

do a search for the current bottle cap value, then change the search settings to "decreased value by" and whatever you bought is what you change the value to. so if you bought something for 4 caps, you'd type 4 in the search bar. it should give you 2 results at most. just change both to 999 and boom

Wow, it works.
Do you know how to cheat EXP also?
Edit : oh i made it to lvl 99

[Phosphophylite]

Anyway to change a monster ID ? Change a monster into another ?

[evie112]

Umm, i cant cheat EXP for my monsties, is there anyway?

[jasonthe13]

does anything break...if editing the values? just like zeny and bottlecaps? like corrupting saves?

[rudm09]

Just letting know that i would also like a table for this game so if someone is already making one i thank you!

[chaosblade02]

How does the anti-cheat work? Will I brick my save if I modify any values?

An important part of this game involves expedition tickets for coop later on, and none of the trainers/tables I could find will modify the quantity on expedition tickets. There must be a reason for this, like it being a flag for some kinda save rip, etc. Found a free trainer that is good for everything else, but I'm worried about bricking my save if I manually edit this value with CE, so can anyone comment on whether doing this will corrupt my save or not?

There's Normal, Rare, and Ultra rare tickets, there's like 4 nests in each expedition, and rare and ultra rare raise the odds of getting those eggs considerably, so having a way to dup ultra rare tickets would be highly desirable.

[KS212]

fearlessrevolution trainer maker has a trainer out on his site. Looks like the anticheat isn't really a big deal at least for them.