[REQ]Bard's Tale Trilogy(2018) (Steam)

[DixieFlatline]

Game Name: Bard's Tale Trilogy
Game Engine: Unity
Game Version: 2.0x
Options Requested:
Inf HP
Inf SP
Character Editor
Gold
Garth's sells everything
Unlimited Charges (Magic Items)
Inf Ammo
Add XP

Game/Steam Website: [Link]
Other Info: Honestly, the Character Editor is really on the "Would Be Nice" side. Version 2.0x includes Tales of the Unknown and The Destiny Knight. Might require separate things, but may not, as Krome has been trying to streamline as much as possible. Thanks.

[DixieFlatline]

I know I said that a Character Editor would be nice.

The things I really want are the things that would cut the grind down -Infinite HP, Infinite SP, and (maybe) Gold.If we change the HP/SP value and freeze it, that'd be be the "Could Use" list.

The rest is considered "Would be Nice." I've been thinking about it, and thought the list might be a tad overmuch, especially when I'm not in a position to cough up for it.

[Clasmir]

It is very easy to find the raw numbers but I have not had success finding an AOB that will stick. Using the "find who writes to this address" gets me only so far. Trying to backtrack assuming it is a multi-level pointer doesn't seem to help either. There is a fundamental piece I'm missing.

I'm still learning and I wonder if reverse engineering someone else's AOB would help me figure out how they arrived there.

[DixieFlatline]

Is there maybe a scripting tutorial, then?

If push comes to shove, I can make a (probably very poor) attempt.

[DixieFlatline]

Does anyone still remember this set of games? Like Clasmir above, I can find the raw numbers easily enough, but I can't get anything to stay put for longer than a millisecond and a half.

[fearless123456]

Scripts for v.4.28 - Gold, Health and Mana
Gold - buy stuff twice to update
Health and Mana - updates after your turn

Spoiler

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>5</ID>
      <Description>"Get some gold"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Money1,GameAssembly.dll,48 89 47 68 48 8B 0D 2C 84 C3 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+207F01)

label(code)
label(return)

newmem:

code:
  mov [rdi+68],#999999
  mov rcx,[GameAssembly.dll+E40338]
  jmp return

Money1:
  jmp newmem
  nop 6
return:
registersymbol(Money1)

[DISABLE]

Money1:
  db 48 89 47 68 48 8B 0D 2C 84 C3 00

unregistersymbol(Money1)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+207F01

"GameAssembly.dll"+207EDA: F6 81 27 01 00 00 02  -  test byte ptr [rcx+00000127],02
"GameAssembly.dll"+207EE1: 74 0E                 -  je GameAssembly.dll+207EF1
"GameAssembly.dll"+207EE3: 83 B9 D8 00 00 00 00  -  cmp dword ptr [rcx+000000D8],00
"GameAssembly.dll"+207EEA: 75 05                 -  jne GameAssembly.dll+207EF1
"GameAssembly.dll"+207EEC: E8 DF 87 E5 FF        -  call GameAssembly.dll+606D0
"GameAssembly.dll"+207EF1: 48 2B DE              -  sub rbx,rsi
"GameAssembly.dll"+207EF4: 45 33 C0              -  xor r8d,r8d
"GameAssembly.dll"+207EF7: 48 8B D3              -  mov rdx,rbx
"GameAssembly.dll"+207EFA: 33 C9                 -  xor ecx,ecx
"GameAssembly.dll"+207EFC: E8 2F 95 13 00        -  call GameAssembly.dll+341430
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+207F01: 48 89 47 68           -  mov [rdi+68],rax
"GameAssembly.dll"+207F05: 48 8B 0D 2C 84 C3 00  -  mov rcx,[GameAssembly.dll+E40338]
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+207F0C: 48 8B 91 B8 00 00 00  -  mov rdx,[rcx+000000B8]
"GameAssembly.dll"+207F13: 48 8B 0A              -  mov rcx,[rdx]
"GameAssembly.dll"+207F16: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+207F19: 0F 84 A0 00 00 00     -  je GameAssembly.dll+207FBF
"GameAssembly.dll"+207F1F: 45 33 C0              -  xor r8d,r8d
"GameAssembly.dll"+207F22: 48 8B D0              -  mov rdx,rax
"GameAssembly.dll"+207F25: E8 A6 6A FA FF        -  call GameAssembly.dll+1AE9D0
"GameAssembly.dll"+207F2A: 48 8B 5C 24 30        -  mov rbx,[rsp+30]
"GameAssembly.dll"+207F2F: 48 8B 74 24 38        -  mov rsi,[rsp+38]
"GameAssembly.dll"+207F34: 48 83 C4 20           -  add rsp,20
}
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>8</ID>
      <Description>"Add health"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(health,GameAssembly.dll,44 39 AD 84 00 00 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+1D727F)

label(code)
label(return)

newmem:

code:
  mov [rbp+00000084],#99
  cmp [rbp+00000084],r13d
  jmp return

health:
  jmp newmem
  nop 2
return:
registersymbol(health)

[DISABLE]

health:
  db 44 39 AD 84 00 00 00

unregistersymbol(health)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+1D727F

"GameAssembly.dll"+1D7253: 48 8B 88 B8 00 00 00  -  mov rcx,[rax+000000B8]
"GameAssembly.dll"+1D725A: 48 8B 09              -  mov rcx,[rcx]
"GameAssembly.dll"+1D725D: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+1D7260: 0F 84 7F 0C 00 00     -  je GameAssembly.dll+1D7EE5
"GameAssembly.dll"+1D7266: 41 8B 96 B0 00 00 00  -  mov edx,[r14+000000B0]
"GameAssembly.dll"+1D726D: 45 8D 45 0C           -  lea r8d,[r13+0C]
"GameAssembly.dll"+1D7271: 45 33 C9              -  xor r9d,r9d
"GameAssembly.dll"+1D7274: E8 67 D7 02 00        -  call GameAssembly.dll+2049E0
"GameAssembly.dll"+1D7279: 85 C0                 -  test eax,eax
"GameAssembly.dll"+1D727B: 41 0F 9F C4           -  setg r12l
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+1D727F: 44 39 AD 84 00 00 00  -  cmp [rbp+00000084],r13d
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+1D7286: 0F 84 37 0C 00 00     -  je GameAssembly.dll+1D7EC3
"GameAssembly.dll"+1D728C: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+1D728E: 48 8B CD              -  mov rcx,rbp
"GameAssembly.dll"+1D7291: E8 8A A1 01 00        -  call GameAssembly.dll+1F1420
"GameAssembly.dll"+1D7296: 84 C0                 -  test al,al
"GameAssembly.dll"+1D7298: 0F 85 25 0C 00 00     -  jne GameAssembly.dll+1D7EC3
"GameAssembly.dll"+1D729E: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+1D72A0: 48 8B CD              -  mov rcx,rbp
"GameAssembly.dll"+1D72A3: E8 58 A1 01 00        -  call GameAssembly.dll+1F1400
"GameAssembly.dll"+1D72A8: 84 C0                 -  test al,al
}
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>10</ID>
      <Description>"Add Magic"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : TheBardsTaleTrilogy.exe
  Version: 
  Date   : 2019-08-30
  Author : 0

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Magic,GameAssembly.dll,00 8B BB 8C 00 00 00) // should be unique
alloc(newmem,$1000,"GameAssembly.dll"+201B02)

label(code)
label(return)

newmem:

code:
  mov [rbx+0000008C],#99
  mov edi,[rbx+0000008C]
  jmp return

Magic+01:
  jmp newmem
  nop
return:
registersymbol(Magic)

[DISABLE]

Magic+01:
  db 8B BB 8C 00 00 00

unregistersymbol(Magic)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "GameAssembly.dll"+201B02

"GameAssembly.dll"+201ADE: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201AE0: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201AE3: E8 C8 F8 FE FF        -  call GameAssembly.dll+1F13B0
"GameAssembly.dll"+201AE8: 84 C0                 -  test al,al
"GameAssembly.dll"+201AEA: 0F 85 AD 00 00 00     -  jne GameAssembly.dll+201B9D
"GameAssembly.dll"+201AF0: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201AF2: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201AF5: E8 B6 F9 FE FF        -  call GameAssembly.dll+1F14B0
"GameAssembly.dll"+201AFA: 84 C0                 -  test al,al
"GameAssembly.dll"+201AFC: 0F 85 9B 00 00 00     -  jne GameAssembly.dll+201B9D
// ---------- INJECTING HERE ----------
"GameAssembly.dll"+201B02: 8B BB 8C 00 00 00     -  mov edi,[rbx+0000008C]
// ---------- DONE INJECTING  ----------
"GameAssembly.dll"+201B08: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201B0A: 48 8B CB              -  mov rcx,rbx
"GameAssembly.dll"+201B0D: E8 EE 25 FF FF        -  call GameAssembly.dll+1F4100
"GameAssembly.dll"+201B12: 3B F8                 -  cmp edi,eax
"GameAssembly.dll"+201B14: 0F 8D 83 00 00 00     -  jnl GameAssembly.dll+201B9D
"GameAssembly.dll"+201B1A: 48 8B 8B E0 00 00 00  -  mov rcx,[rbx+000000E0]
"GameAssembly.dll"+201B21: 48 85 C9              -  test rcx,rcx
"GameAssembly.dll"+201B24: 0F 84 A3 00 00 00     -  je GameAssembly.dll+201BCD
"GameAssembly.dll"+201B2A: 33 D2                 -  xor edx,edx
"GameAssembly.dll"+201B2C: E8 DF EA 03 00        -  call GameAssembly.dll+240610
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[Marc]

Hi all,

bought the trilogy today on steam (v4.29) and here's my attempt on this thing.

Features:

• automatic filling of hitpoints and mana to their current maximum (roundabout 50 times per second)
• feature to gain 10.000 gold after every won fight instead of the normal amount of gold
• Editor for character stats (Level, XP, Hitpoints, Mana, Strength, Intelligence, Dexterity, Constitution and Luck) of the currently selected character.

Edit: see newer post below.

have fun,
Marc

[DixieFlatline]

The first two worked a treat, thank you! Couldn't get the editor working, but that's probably because I wasn't holding my lips right.

Worse comes to worst and they don't work on Destiny Knight and Thief of Fate, I can always import the BT1 characters. The fun part is, they *should* work, as it's all one big happy engine, with bits and pieces of it interchangeable between games, including character mechanics.

[Marc]

Hm, strange. Just checked it, both scripts work on all 3 parts.
Changed the Pointer-Path of the character editor to a better one.

[DixieFlatline]

Thanks. Will give it a look-see in a bit.

EDIT: That did it. everything working as intended, at least for BT1

[joeyamine]

I can't get the character editor to work. Have a character's subscreen pulled up with stats on display. Xs won't click in CE menu. All the pointers turn on just fine.

[Marc]

Strange, works fine here. Just re-installed the game.

Take a look at the three Backup Pointers in the table and check if they are pointing to another address.
If so, try moving the character editor values to one of the three backup-Pathes / changing the path of the character editor to one of the other three.

[joeyamine]

I'm not quite sure how to do that. Pointer 3 should have the same hex address as the editor line?
I'm in BT2, btw.

[Marc]

Easiest way is to select the first sub-entry (first character stat), shift-click the last item and keep the mouse button pressed. then drag&drop the whole block down to one of the alternative pathes.

[joeyamine]

So I tried the drag and drop. Seems to have the same effect dragging items around whether I press the shift key or not.
Anyway, didn't work. Dragged the 'experience' bar down under Pointer 1 so it's indented under pointer 1. No change.
I'm obviously doing something wrong, but I'm not sure what.