Unicorn Overlord (Ryujinx Switch Emulator)

[rxhunter]

Release note

v15
Recoding All function AOB
Test on Ryujinx 1.1.1242 pass

All function are working properly.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[rxhunter]

I'm sorry :<
Maybe it has something to do with low level BIOS settings or maybe some CE settings?

I dunno about this stuff but I don't have pause while on, although I don't think its affect AOB. Otherwise your setting is pretty much the same as mine.

[Verun]

Ye, I also disabled that meanwhile. Ah well, who knows what causes it ¯\_(ツ)_/¯
Still thankful for the table, as the rest works

[Axeen]

I'm sorry :<
Maybe it has something to do with low level BIOS settings or maybe some CE settings?

Can you help me to testing?
1. Enter the battle
2. Open CE and start scanning (2byte) scan Brave value
3. Repeatedly change the Brave value until there are less than 50 targets. The fewer targets, the better. The ideal state is three targets left.
4. Start modifying according to the goal and confirm it is effective
5. Click on one of the targets (Find out what accesses this address)
6. Return to the game to change Brave value and check tracking window got some tracking code.
7. If there is no tracking code, please return to step 5 and change next target until tracking content appears.
8. Take the results of Tracking (capture the image first), then click 'Show diassembler' button, capture the dissembler content.
9. Post the captured pictures on the board for me
10. I will compare the differences based on the content.

[Verun]

Ok I will try.
Not sure which entry to select for "Show disassembler". Selected the (upper) highlighted one:




Since I'm apparently too dumb to understand assembler stuff, I also post a screen of the memory region of the address (adress highlighted in red):

[Axeen]

Ok I will try.
Not sure which entry to select for "Show disassembler". Selected the (upper) highlighted one:

Great, you're almost at the finish line, just need to take one more.

[Verun]

Oki! I'll try first thing tomorrow when I get up

[Alfon]

I got that aob error too sometime with hInstance+08000000, the ryujinx memory is changing like example hInstance+08000000 is to short ,so I increase that to hInstance+20000000000,I know it might take a while to scan compare to hInstance+08000000 but it work on my pc with hInstance+20000000000,but if that is stil not working might need more in your pc

[Axeen]

I got that aob error too sometime with hInstance+08000000, the ryujinx memory is changing like example hInstance+08000000 is to short ,so I increase that to hInstance+20000000000,I know it might take a while to scan compare to hInstance+08000000 but it work on my pc with hInstance+20000000000,but if that is stil not working might need more in your pc

Your problem is same 'Vein'.
maybe the dynamic compilation of emulator. you check my post before, and post to me data.

I don't know the details. In theory, the code compiled by the program will be same. The difference is only memory pointer address. However, from the data provided by 'Vein', it is already different with me.

[Verun]

The Emu instance for the test was:


The disassembler code:









Edit1:
I wasn't happy with the above found results, so I looked some more.
Found another address in the same session that only changed when the Valor (Brave) value was subtracted:



The code of that looks far more similar to the one in your script. I learned some disassembler doing this, thanks ^.^

Edit2:
What could change the code that is run though?
Maybe game difficulty setting? What diff did you play on when you made the table?
My setting was "Story" (the easiest)

[Axeen]

The code of that looks far more similar to the one in your script. I learned some disassembler doing this, thanks ^.^

Edit2:
What could change the code that is run though?
Maybe game difficulty setting? What diff did you play on when you made the table?
My setting was "Story" (the easiest)

This information is enough to analyze the differences your device and mine.
I will write a script based on your data and upload it when completed. You can try again.

can you copy the disassembler code and save to text file to me?
because, i must watch the picture and hard code to text too slow

[Verun]

I'll try. Gimme some time pls : o

Found the one that is in your script!

Code: Select all

3D76C161242 - 48 8B B3 A8000000     - mov rsi,[rbx+000000A8]
3D76C161249 - 48 8B BB F8000000     - mov rdi,[rbx+000000F8]
3D76C161250 - 8B 83 10040000        - mov eax,[rbx+00000410]
3D76C161256 - 85 C0                 - test eax,eax
3D76C161258 - 0F84 9A030000         - je 3D76C1615F8
3D76C16125E - 83 E8 01              - sub eax,01 { 1 }
3D76C161261 - 89 83 10040000        - mov [rbx+00000410],eax
3D76C161267 - 48 B8 0000ED67D7020000 - mov rax,000002D767ED0000 { 1743585280 }
3D76C161271 - 0FB6 84 30 C0050000   - movzx eax,byte ptr [rax+rsi+000005C0]
3D76C161279 - 89 C1                 - mov ecx,eax
3D76C16127B - 85 C9                 - test ecx,ecx
3D76C16127D - 0F85 44020000         - jne 3D76C1614C7
3D76C161283 - 48 B8 0000ED67D7020000 - mov rax,000002D767ED0000 { 1743585280 }
3D76C16128D - 8B 8C 30 A8050000     - mov ecx,[rax+rsi+000005A8]
3D76C161294 - 48 BA 90126B73D7020000 - mov rdx,000002D7736B1290 { (-1889405152) }
3D76C16129E - 48 8B 12              - mov rdx,[rdx]
3D76C1612A1 - 8B 84 10 E8090000     - mov eax,[rax+rdx+000009E8]
3D76C1612A8 - 41 89 C8              - mov r8d,ecx
3D76C1612AB - 41 89 C1              - mov r9d,eax
3D76C1612AE - 45 89 C2              - mov r10d,r8d
3D76C1612B1 - 45 29 CA              - sub r10d,r9d
3D76C1612B4 - 45 85 D2              - test r10d,r10d
3D76C1612B7 - 41 0F9C C3            - setl r11b
3D76C1612BB - 45 0FB6 DB            - movzx r11d,r11b
3D76C1612BF - 45 85 D2              - test r10d,r10d
3D76C1612C2 - 41 0F94 C4            - sete r12b
3D76C1612C6 - 45 0FB6 E4            - movzx r12d,r12b
3D76C1612CA - 45 39 C8              - cmp r8d,r9d
3D76C1612CD - 41 0F93 C5            - setae r13b
3D76C1612D1 - 45 0FB6 ED            - movzx r13d,r13b
3D76C1612D5 - 45 31 C2              - xor r10d,r8d
3D76C1612D8 - 45 89 C6              - mov r14d,r8d
3D76C1612DB - 45 31 CE              - xor r14d,r9d
3D76C1612DE - 45 21 F2              - and r10d,r14d
3D76C1612E1 - 41 0F9C C2            - setl r10b
3D76C1612E5 - 45 0FB6 D2            - movzx r10d,r10b
3D76C1612E9 - 49 89 C6              - mov r14,rax
3D76C1612EC - 49 89 D7              - mov r15,rdx
3D76C1612EF - 45 39 C8              - cmp r8d,r9d
3D76C1612F2 - 0F85 00020000         - jne 3D76C1614F8
3D76C1612F8 - 48 B9 0000ED67D7020000 - mov rcx,000002D767ED0000 { 1743585280 }
3D76C161302 - 8B 94 11 E4090000     - mov edx,[rcx+rdx+000009E4]
3D76C161309 - 89 D2                 - mov edx,edx
3D76C16130B - 89 C0                 - mov eax,eax
3D76C16130D - 6B C0 64              - imul eax,eax,64
3D76C161310 - 8D 04 02              - lea eax,[rdx+rax]
3D76C161313 - 8B 8C 31 AC050000     - mov ecx,[rcx+rsi+000005AC]
3D76C16131A - 89 CA                 - mov edx,ecx
3D76C16131C - 89 D6                 - mov esi,edx
3D76C16131E - 41 89 C0              - mov r8d,eax
3D76C161321 - 89 F1                 - mov ecx,esi
3D76C161323 - 44 29 C1              - sub ecx,r8d

Looks like I got a redundant code line "mov rdx, [rdx]" before the injection line? o_O

AOB scan

Code: Select all

aobscanregion(FuncBattleInject,hInstance,hInstance+08000000,48 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? 48 ?? ?? ?? ?? ?? ?? ?? ?? ?? 48 ?? ?? 8B ?? ?? ?? ?? ?? ?? 41 ?? ?? 41 ?? ?? 45 ?? ?? 45 ?? ?? 45 ?? ?? 41 ?? ?? ?? 45 ?? ?? ?? 45 ?? ?? 41 ?? ?? ?? 45 ?? ?? ?? 45 ?? ?? 41 ?? ?? ?? 45 ?? ?? ?? 45 ?? ?? 45 ?? ?? 45 ?? ?? 45 ?? ?? 41) // should be unique

finds the section. But I'm too much a noob to adjust the rest of the script to change the right stuff ^^

Edit: Well I can't figure it out alone. Can't wait for your changed/added script to see how it's properly done. I will learn so much from that

[Postnord]

Having further problems when changing units into other classes.

Tried changing witch into dark marquess (49 in the list, caster version)
Tried changing soldier into dark marquess (48 in the list, spear version)
As soon as these characters attack using AP, the game will crash - I can't figure out why and figure this is the best place to ask.
It seems so weird since there's no problem using PP abilities.

I'm guessing it could have to do with the ID, but changing them into the proper unlockable units just crashes the game right away.

[kkamack]

Thanks for the cheat.

(Please understand in advance. This comment was written using Google Translator. You may not understand the meaning of this sentence.)

I don't know if it's possible with Cheat Engine, but I'd like to know if this cheat for Unicorn Overlord is possible.

What I want is to turn off the display of results in advance before battle in the game. (Like the first part of the tutorial)

In the English version, it's called "Damage Predictions." Can I arbitrarily turn this off using Cheat Engine?

Since this is a feature that is not provided in the game itself, I hope it is possible with Cheat Engine...

[Axeen]

Thanks for the cheat.

(Please understand in advance. This comment was written using Google Translator. You may not understand the meaning of this sentence.)

I don't know if it's possible with Cheat Engine, but I'd like to know if this cheat for Unicorn Overlord is possible.

What I want is to turn off the display of results in advance before battle in the game. (Like the first part of the tutorial)

In the English version, it's called "Damage Predictions." Can I arbitrarily turn this off using Cheat Engine?

Since this is a feature that is not provided in the game itself, I hope it is possible with Cheat Engine...

Hiding this feature need step tracking. I can try it, if I can do, I’ll let you know.