Empires of the Undergrowth?

[Formous]

So this is a new game out on Early Access I had been following for a while. I have been having some trouble working with cheat engine to modify the food values. Using 4 byte, I am able to narrow to one value for food, and can mod it, but the effects don't seem to show up ingame outside the food count indicator up in the corner. I have also tried float values, but I can't seem to narrow it down. Anyone got a idea on how to modify available food and fix it?

[narcolepticnerd]

Well This is what I did I created and allocated a base address for the ant with a script and found the offset for the others so my script auto updates but I have not found the actual food yet.

+414 is the food display
+418 is the food max
+428 is the worker ants
+42c is the max worker ants

+444 is the royal jelly
+440 is the territory

max ants +450

these ones are worthless
soldier ants +438
max soldier ants +43c

this is my script

Code: Select all

{ Game   : EotU-Win64-Shipping.exe
  Version: 
  Date   : 2017-12-05
  Author : Forrest

  find the ant base
}

[ENABLE]

aobscanmodule(findantbase,EotU-Win64-Shipping.exe,3B B0 40 04 00 00) // should be unique
alloc(newmem,$1000,"EotU-Win64-Shipping.exe"+1F8C8E)

label(code)
label(return)
globalalloc(theantbase,8)

newmem:

code:
  mov [theantbase],rax
  cmp esi,[rax+00000440]
  jmp return

findantbase:
  jmp newmem
  nop
return:
registersymbol(findantbase)

[DISABLE]

findantbase:
  db 3B B0 40 04 00 00

unregistersymbol(findantbase)
dealloc(newmem)
dealloc(theantbase)

then I add every offset like this as individual addresses [theantbase]+offset

so for royal jelly

i would add an address as a pointer use theantbase as the first address then add offset 444 and it will show your current royal jelly now update it.



so for

[narcolepticnerd]

I think food is a double, I found it once and did a wrong injection game crashed but I remember it showed :s on the address part.

[narcolepticnerd]

I think you have to scan a range of values to get the food, I have noticed that the actual food value takes 2 seconds to update to the display value. and confirmed it shows :s next to it in the address.

[jungletek]

:s isn't a double, it's a single (A.K.A. 'float'/single-precision floating-point).

Bone up on your understanding of data types, guys, or you're gonna have a bad time

[narcolepticnerd]

Appreciate the feedback, but I am just typing in what I am finding, I am well aware of assembly and different data types. The food shows up as a :d and a :8 and a :4 and even a :s on the addresses, thats double, 8 bytes 4 bytes, and a singular float. I get down to the most 261 results and every time the food changes all 261 of those results change with it. I guess its good because I start from 3 billion with unknown value. I will update this post if I can find the food.

[jungletek]

Freeze some of those 261 results and see if the value you want freezes too, if so, you know the address is in the group that you froze. Reduce the group size and freeze half of what was left, and check to see if your value is affected. Rinse, repeat until you find the proper address(es).

Like a binary search/tree, yeah?

[narcolepticnerd]

I have done that and the display freezes but the food runs out, I am thinking that the real food is delayed so its not the same value as the display value Another game that uses this method is huniepop, the bar the value is not the same so searching for a range between 2 values and putting game on slowmo is only way to recover the actual value.

[jungletek]

Could be, or the value could be encoded in some way. Have you tried unknown value search and then changed/not changed, etc.?

[Schnitzelmaker]

Food is based of the value on the food tile, so it is required to change it there.
The value shown is only the sum of all food on tiles.

An example for unlimited food is: (Note that the food value will increase when building more food tiles)

Code: Select all

[ENABLE]

aobscanmodule(Food,EotU-Win64-Shipping.exe,45 03 88 78 03 00 00) // should be unique
alloc(newmem,$1000,"EotU-Win64-Shipping.exe"+20160E)

label(code)
label(return)

newmem:
  cmp [r8+00000378], #20
  ja code
  mov [r8+00000378], #20

code:
  add r9d,[r8+00000378]

  jmp return

Food:
  jmp newmem
  nop
  nop
return:
registersymbol(Food)

[DISABLE]

Food:
  db 45 03 88 78 03 00 00

unregistersymbol(Food)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "EotU-Win64-Shipping.exe"+20160E

"EotU-Win64-Shipping.exe"+2015E2: 33 C0                    -  xor eax,eax
"EotU-Win64-Shipping.exe"+2015E4: 48 63 CE                 -  movsxd  rcx,esi
"EotU-Win64-Shipping.exe"+2015E7: 85 F6                    -  test esi,esi
"EotU-Win64-Shipping.exe"+2015E9: 7E 44                    -  jle EotU-Win64-Shipping.exe+20162F
"EotU-Win64-Shipping.exe"+2015EB: 44 8B 8B 14 04 00 00     -  mov r9d,[rbx+00000414]
"EotU-Win64-Shipping.exe"+2015F2: 44 8B 93 18 04 00 00     -  mov r10d,[rbx+00000418]
"EotU-Win64-Shipping.exe"+2015F9: 0F 1F 80 00 00 00 00     -  nop [rax+00000000]
"EotU-Win64-Shipping.exe"+201600: 48 8B 14 C7              -  mov rdx,[rdi+rax*8]
"EotU-Win64-Shipping.exe"+201604: 48 FF C0                 -  inc rax
"EotU-Win64-Shipping.exe"+201607: 4C 8B 82 38 04 00 00     -  mov r8,[rdx+00000438]
// ---------- INJECTING HERE ----------
"EotU-Win64-Shipping.exe"+20160E: 45 03 88 78 03 00 00     -  add r9d,[r8+00000378]
// ---------- DONE INJECTING  ----------
"EotU-Win64-Shipping.exe"+201615: 44 89 8B 14 04 00 00     -  mov [rbx+00000414],r9d
"EotU-Win64-Shipping.exe"+20161C: 45 03 90 7C 03 00 00     -  add r10d,[r8+0000037C]
"EotU-Win64-Shipping.exe"+201623: 44 89 93 18 04 00 00     -  mov [rbx+00000418],r10d
"EotU-Win64-Shipping.exe"+20162A: 48 3B C1                 -  cmp rax,rcx
"EotU-Win64-Shipping.exe"+20162D: 7C D1                    -  jl EotU-Win64-Shipping.exe+201600
"EotU-Win64-Shipping.exe"+20162F: 48 85 FF                 -  test rdi,rdi
"EotU-Win64-Shipping.exe"+201632: 74 08                    -  je EotU-Win64-Shipping.exe+20163C
"EotU-Win64-Shipping.exe"+201634: 48 8B CF                 -  mov rcx,rdi
"EotU-Win64-Shipping.exe"+201637: E8 F4 F6 09 00           -  call EotU-Win64-Shipping.exe+2A0D30
"EotU-Win64-Shipping.exe"+20163C: 48 FF C5                 -  inc rbp
}

[Rawhide]

I have noticed that you can find and edit the amount of food in a corpse with a 4byte search.

[narcolepticnerd]

Food is based of the value on the food tile, so it is required to change it there.
The value shown is only the sum of all food on tiles.

An example for unlimited food is: (Note that the food value will increase when building more food tiles)

Code: Select all

[ENABLE]

aobscanmodule(Food,EotU-Win64-Shipping.exe,45 03 88 78 03 00 00) // should be unique
alloc(newmem,$1000,"EotU-Win64-Shipping.exe"+20160E)

label(code)
label(return)

newmem:
  cmp [r8+00000378], #20
  ja code
  mov [r8+00000378], #20

code:
  add r9d,[r8+00000378]

  jmp return

Food:
  jmp newmem
  nop
  nop
return:
registersymbol(Food)

[DISABLE]

Food:
  db 45 03 88 78 03 00 00

unregistersymbol(Food)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "EotU-Win64-Shipping.exe"+20160E

"EotU-Win64-Shipping.exe"+2015E2: 33 C0                    -  xor eax,eax
"EotU-Win64-Shipping.exe"+2015E4: 48 63 CE                 -  movsxd  rcx,esi
"EotU-Win64-Shipping.exe"+2015E7: 85 F6                    -  test esi,esi
"EotU-Win64-Shipping.exe"+2015E9: 7E 44                    -  jle EotU-Win64-Shipping.exe+20162F
"EotU-Win64-Shipping.exe"+2015EB: 44 8B 8B 14 04 00 00     -  mov r9d,[rbx+00000414]
"EotU-Win64-Shipping.exe"+2015F2: 44 8B 93 18 04 00 00     -  mov r10d,[rbx+00000418]
"EotU-Win64-Shipping.exe"+2015F9: 0F 1F 80 00 00 00 00     -  nop [rax+00000000]
"EotU-Win64-Shipping.exe"+201600: 48 8B 14 C7              -  mov rdx,[rdi+rax*8]
"EotU-Win64-Shipping.exe"+201604: 48 FF C0                 -  inc rax
"EotU-Win64-Shipping.exe"+201607: 4C 8B 82 38 04 00 00     -  mov r8,[rdx+00000438]
// ---------- INJECTING HERE ----------
"EotU-Win64-Shipping.exe"+20160E: 45 03 88 78 03 00 00     -  add r9d,[r8+00000378]
// ---------- DONE INJECTING  ----------
"EotU-Win64-Shipping.exe"+201615: 44 89 8B 14 04 00 00     -  mov [rbx+00000414],r9d
"EotU-Win64-Shipping.exe"+20161C: 45 03 90 7C 03 00 00     -  add r10d,[r8+0000037C]
"EotU-Win64-Shipping.exe"+201623: 44 89 93 18 04 00 00     -  mov [rbx+00000418],r10d
"EotU-Win64-Shipping.exe"+20162A: 48 3B C1                 -  cmp rax,rcx
"EotU-Win64-Shipping.exe"+20162D: 7C D1                    -  jl EotU-Win64-Shipping.exe+201600
"EotU-Win64-Shipping.exe"+20162F: 48 85 FF                 -  test rdi,rdi
"EotU-Win64-Shipping.exe"+201632: 74 08                    -  je EotU-Win64-Shipping.exe+20163C
"EotU-Win64-Shipping.exe"+201634: 48 8B CF                 -  mov rcx,rdi
"EotU-Win64-Shipping.exe"+201637: E8 F4 F6 09 00           -  call EotU-Win64-Shipping.exe+2A0D30
"EotU-Win64-Shipping.exe"+20163C: 48 FF C5                 -  inc rbp
}

very nice Schnitzelmaker

[narcolepticnerd]

unfortunately you are not correct, there is a way to manipulate food to be unlimited completely, fearlessrevolution trainer does this same as there is a way to manipulate and make food storage infinite.

[narcolepticnerd]

I have to say I like your method tho

[narcolepticnerd]

so here is the easiest way to build your ant army, after you place ant tiles and the ant has hatched use the option to remove the tile and then place a new ant tile, it will allow you to hatch ants faster this way, otherwise they place another egg that never hatches basically means you can use a 10 tile area and hatch an army of 400 ants in under 10 minutes.

update: nevermind unless your max ant is way over when you remove a tile it decreased the max ant allowed and the max soldier or worker ant. So disregard what I said. unless you have the hack for max ants allowed enabled.