Isolate Weapon Health (shared instruction) in Zelda: Breath of the Wild [CEMU - Wii-U Emulator]

[Postposterous]

[URL='https://i.imgur.com/a/mEcBm7C.png']Image[/URL]



The same opcode that controls weapon health is the same one that controls every other destroyable item in the game including enemy health. NOP'ing this instruction makes everything invincible. I'm attempting to isolate weapon health. I've watched/read numerous tutorials, but there seems to be something different in this case that I'm not understanding. Once I get to step 4 (see linked image), I'm met with tons of addresses. Many of which are constantly changing. This is where I get stuck.



I added several of the addresses to the "dissect data structures" tool and the only purple address I'm seeing is this one [URL='https://i.imgur.com/a/7wVEZ9d.jpg']here[/URL], but this doesn't seem correct.



Need some assistance. Creating unbreakable weapons would be a huge feature for this game, but I clearly don't know what I'm doing.



thanks in advance

[Bloodybone]

There are other ways of comparing things out. What I do first is looking at the register states of the adress and compare those against other adresses if you find differences between the adress your looking for and the adresses copy them to notepad restart the game or in your case even cemu and look at the adress register states you copied and compare those to the new ones if one or more of them are the same after an restart you can use them to compare them or you can do the same with the stack. If you don't undertsand what i meant here is an example:



Adress you want:

rax=1

rbx=2



Adress you don't want:

rax=3

rbx=4



In that case you could copy both values of the registers because there different restart the game and after the restart they maybe look like this:



Adress you want:

rax=1

rbx=9



Adress you don't want:

rax=3

rbx=7



As you can see rbx changed but rax didn't therefore you could use rax to compare.

[Postposterous]

[USER=7561]@Bloodybone[/USER]

[URL='https://i.imgur.com/a/xOWbv6o.jpg']This[/URL] is what I'm seeing in the registers, but I'm not clear how to know which register represents what? (enemy health, weapon health, tree health, etc.)

[Bloodybone]

[QUOTE="Drivium, post: 46289, member: 1978"][USER=7561]@Bloodybone[/USER]

[URL='https://i.imgur.com/a/xOWbv6o.jpg']This[/URL] is what I'm seeing in the registers, but I'm not clear how to know which register represents what? (enemy health, weapon health, tree health, etc.)[/QUOTE]

What i meant is if you have The Adress that you wan't you can press Find out what acesses/writes and then look at the register states copy them select another random adress do the same compare those two copy the diffrences in the registers and restart the game and see what changed and what didn't and those who didn't change you can use.

1526669096

I could also make a Video if you still don't understand what I mean. (If you want)

[Postposterous]

[QUOTE="Bloodybone, post: 46292, member: 7561"]I want! That would be a huge help. I'm a visual dude. :)

I could also make a Video if you still don't understand what I mean. (If you want)[/QUOTE]

[Bloodybone]

[URL='https://streamable.com/e6yhg']Here[/URL] is my Video its not that good and my english isn't the best so I'm sorry for that but I hope you understand what I mean... :)

[Postposterous]

[QUOTE="Bloodybone, post: 46308, member: 7561"][URL='https://streamable.com/e6yhg']Here[/URL] is my Video its not that good and my english isn't the best so I'm sorry for that but I hope you understand what I mean... :)[/QUOTE]



Thank you for the tutorial! I think I got it! Here is my working code:

[CODE]

[ENABLE]



aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$1000,2171BFF3)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)

[/CODE]



Another question - how could I invert that to give me a one hit kill for enemies?

[Bloodybone]

[USER=1978]@Drivium[/USER] First you should find the difference between the enemies health and other stuff as you did before. I would recommend registers between the values of the enemies are the same but for other stuff is different. For Example:

Enemy 1:

rax=1

rbx=3



Enemy 2:

rax=2

rbx=3



Other Value:

rax=6

rbx=4



In that example rbx is the same between both enemies and it is different between the other value but rax is different for every value but you don't wan't to compare every enemy out. If you've done that I can give you an example code that should onehitkill the enemies.

[Postposterous]

[QUOTE="Bloodybone, post: 46359, member: 7561"][USER=1978]@Drivium[/USER] First you should find the difference between the enemies health and other stuff as you did before. I would recommend registers between the values of the enemies are the same but for other stuff is different. For Example:

Enemy 1:

rax=1

rbx=3



Enemy 2:

rax=2

rbx=3



Other Value:

rax=6

rbx=4



In that example rbx is the same between both enemies and it is different between the other value but rax is different for every value but you don't wan't to compare every enemy out. If you've done that I can give you an example code that should onehitkill the enemies.[/QUOTE]



I'd be happy with every other item in the game being 1 hit destroy (enemies, trees, boxes). Yes, if you have some example code, that'd be perfect.

[Bloodybone]

[QUOTE="Drivium, post: 46379, member: 1978"]I'd be happy with every other item in the game being 1 hit destroy (enemies, trees, boxes). Yes, if you have some example code, that'd be perfect.[/QUOTE]

Ok I if that is what you wan't this should work:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov r14d,0

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]



If the above doesn't work this maybe could:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

bswap r14d

mov r14d,0

bswap r14d

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]

[Postposterous]

[QUOTE="Bloodybone, post: 46381, member: 7561"]Ok I if that is what you wan't this should work:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

mov r14d,0

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE]



If the above doesn't work this maybe could:



[CODE=cea][ENABLE]

aobscan(INJECT,45 89 74 15 00 89 EB) // should be unique

alloc(newmem,$100,INJECT)



label(code)

label(return)



newmem:

cmp r10,80001

jne code

jmp return



code:

bswap r14d

mov r14d,0

bswap r14d

mov [r13+rdx+00],r14d

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]

//code from here till the end of the code will be used to disable the cheat

INJECT:

db 45 89 74 15 00



unregistersymbol(INJECT)

dealloc(newmem)[/CODE][/QUOTE]





Both of these examples make enemies die as soon you enable it. Is there a way to make it so you have to strike them before they die? Maybe a way to subtract the full value of their current health after being hit? r10 for weapons = 80001 and all others seem to be 0, if that helps.

[Bloodybone]

[QUOTE="Drivium, post: 46384, member: 1978"]Both of these examples make enemies die as soon you enable it. Is there a way to make it so you have to strike them before they die? Maybe a way to subtract the full value of their current health after being hit? r10 for weapons = 80001 and all others seem to be 0, if that helps.[/QUOTE]

I guess the opcode is accesing the adress maybe find what writes to the adress so like what writes to enemy health then hit one and tell me what you find.

[SunBeam]

Here come the requests :) Check the epic thread of this topic, you'll make sense fast. Stop at "I don't know what I'm doing" first :)