[Help]About "binding of isaac: repentance" cheats in this game

[IkariShinji]

I've recently been trying to use Cheat Engine to modify the binding of isaac:repentance game, but I'm running into two issues that annoy me a lot.
1. I found the CT Table written by other people through Google, I can understand the content of the script, but I don't know how the injection point of this script is found?

Code: Select all

{ Game   : isaac-ng.exe
  Version:
  Date   : 2021-04-12
  Author : Akira Fudo
}

[ENABLE]

aobscanmodule(RandomItemSpawn,isaac-ng.exe,8B 40 44 C1 E8 0D 24) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(randomItem)

newmem:

code:
  push rcx
  mov rcx,[randomItem]
  mov [eax+44],rcx
  mov eax,[eax+44]
  shr eax,0D
  pop rcx
  jmp return

randomItem:
  dq (int)2

RandomItemSpawn:
  jmp newmem
  nop
return:
registersymbol(RandomItemSpawn)
registersymbol(randomItem)

[DISABLE]

RandomItemSpawn:
  db 8B 40 44 C1 E8 0D

unregistersymbol(RandomItemSpawn)
unregistersymbol(randomItem)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: isaac-ng.exe+315C7A

isaac-ng.exe+315C51: 8B 87 60 01 00 00  - mov eax,[edi+00000160]
isaac-ng.exe+315C57: 25 00 40 00 00     - and eax,00004000
isaac-ng.exe+315C5C: 83 C8 00           - or eax,00
isaac-ng.exe+315C5F: 75 41              - jne isaac-ng.exe+315CA2
isaac-ng.exe+315C61: 39 86 70 B4 01 00  - cmp [esi+0001B470],eax
isaac-ng.exe+315C67: 75 39              - jne isaac-ng.exe+315CA2
isaac-ng.exe+315C69: 39 86 A8 B6 01 00  - cmp [esi+0001B6A8],eax
isaac-ng.exe+315C6F: 75 31              - jne isaac-ng.exe+315CA2
isaac-ng.exe+315C71: 8B 86 90 81 01 00  - mov eax,[esi+00018190]
isaac-ng.exe+315C77: 8B 40 04           - mov eax,[eax+04]
// ---------- INJECTING HERE ----------
isaac-ng.exe+315C7A: 8B 40 44           - mov eax,[eax+44]
// ---------- DONE INJECTING  ----------
isaac-ng.exe+315C7D: C1 E8 0D           - shr eax,0D
isaac-ng.exe+315C80: 24 01              - and al,01
isaac-ng.exe+315C82: 3A 87 F8 1E 00 00  - cmp al,[edi+00001EF8]
isaac-ng.exe+315C88: 74 18              - je isaac-ng.exe+315CA2
isaac-ng.exe+315C8A: 8B CF              - mov ecx,edi
isaac-ng.exe+315C8C: 84 C0              - test al,al
isaac-ng.exe+315C8E: 74 07              - je isaac-ng.exe+315C97
isaac-ng.exe+315C90: E8 3B 72 04 00     - call isaac-ng.exe+35CED0
isaac-ng.exe+315C95: EB 05              - jmp isaac-ng.exe+315C9C
isaac-ng.exe+315C97: E8 C4 73 04 00     - call isaac-ng.exe+35D060
}

2. I tried to modify Isaac's properties, but it didn't work.
[Link]
I've changed this value, but when I go back to the game, it's back to how it was.
[Link]
I've tried many ways but it still doesn't work, can anyone tell me what's going on? I really appreciate your answer.

[IkariShinji]

The first script is about automatically generating random items, I don't know how to find this function without stealing someone else's script.

[Akira]

Author : Akira Fudo

That's my script

I had found a class which holds a lot of useful values and tested what each value does and when I found the value which triggers the items to spawn I simply found out what accessed it and made a script with one of the addresses which accessed it.

[IkariShinji]

Author : Akira Fudo

That's my script

I had found a class which holds a lot of useful values and tested what each value does and when I found the value which triggers the items to spawn I simply found out what accessed it and made a script with one of the addresses which accessed it.

extremely grateful 。But where is this value found? I'm curious how this idea was discovered.

[Akira]

extremely grateful 。But where is this value found? I'm curious how this idea was discovered.

Lets take a look at this (from a completely different game):

Code: Select all

Class /Script/LF.LFCharacterStatusComponent
[      B8] FloatProperty /Script/LF.LFCharacterStatusComponent:DefaultMaxHealth
[      BC] FloatProperty /Script/LF.LFCharacterStatusComponent:DefaultDamage
[      C0] ArrayProperty /Script/LF.LFCharacterStatusComponent:EquipmentStatus
[      D0] ArrayProperty /Script/LF.LFCharacterStatusComponent:CharacterStatus
[      E0] FloatProperty /Script/LF.LFCharacterStatusComponent:CharacterHealth
[      E4] FloatProperty /Script/LF.LFCharacterStatusComponent:CharacterStamina
[      E8] ArrayProperty /Script/LF.LFCharacterStatusComponent:ExtraStatuses 
[      F8] MapProperty /Script/LF.LFCharacterStatusComponent:MaxStatusMap
[       0] EnumProperty /Script/LF.LFCharacterStatusComponent:MaxStatusMap.MaxStatusMap_Key
[       1] EnumProperty /Script/LF.LFCharacterStatusComponent:MaxStatusMap.MaxStatusMap

Here we have the LFCharacterStatusComponent class which has few useful values.
On the left side you see the offsets, for example offset E0 is the CharacterHealth and E4 is the CharacterStamina, as you can see they are just 4 Bytes away from each other.
So I scan for example for the CharacterHealth and when I got it I can also get the other values.
I can just take the value address of CharacterHealth and increase it by 4 Bytes to get the CharacterStamina.

Now in the binding of isaac we do not have a offset dump, so we don't know the function names and also not their offsets.
So we just scan for the health (hearts) value for example and when we have it we can take a look at the values which are next to it (best to use the structure dissect for a better overview), ofc we gotte change these values and/or find out what accesses 'em to find out if they are useful in anyway.
That's pretty much all I did, well ofc I made some scripts for the stuff after I had found it.