Devil May Cry 5 (Steam) - Cheat Table

[OleMagne]

@OleMagne: This is so freakin' weird, man. I know I posted something about helping find Vergil, about how Nero is id 0x0 and so on.. but can't find the post. So, Vergil is 0x3 after all

EDIT: Ah, it was on Discord! Phew, I thought I lost my mind..



Just read your breakthrough, LOL Would've saved me some debug checking what you did in there, haha.

Yeah took me all of 10 minutes to boot the game and run with what your reply included. Worst part is the address is trivial to find... I only did it because two others, I won't name names, posted videos online but decided not to share... I know he's broken, but come on. This also allows people to play as others. 5 minutes of cool playtime as Vergil? Fuck yeah.

I despise it when people tease for an ego boost.

I ALWAYS include some brown-nosing in my posts whenever I post something relevant to your work. Even my first post in this thread, detailing vergil being playable, has some. You're too smort.

I think the best we could do is give him a HUD and make him vulnerable. If you're able to find button inputs and verify the functions for movement across Vergil and another character you might be able to figure out more. It seems like he's missing the transitions for turning around when he's at full sprint. DT doesn't refill, and just -- he just seems incomplete and it would probably be best to just leave it until Bloody Palace comes out. This could take a while unless you're SunBeam.

EDIT: Also, [rdi+000000A0] is static in the legit version, but needs a pointer in the DRM-free version.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[SunBeam]

We shall see; I got a list of locations where the id is checked-for. There are spots where there's a definite check for 0x3 So bypassing those on load might return proper controller. Seen this in other UE4 games, where your controller needs to push input on 2 UnitAxis (function is called 'FMatrix::GetUnitAxis'). So.. as long as Vergil has both movement axis enabled (that's what I think the 0x3 check is for), he should work normally. Again.. we'll see

EDIT: "rdi" is "app.GameManager"; it is pointered in both versions. I updated the fearlessrevolution trainer to work with the leaked .exe as well and aside from compiler optimizations breaking the search arrays, I couldn't find any differences.

[OleMagne]

We shall see; I got a list of locations where the id is checked-for. There are spots where there's a definite check for 0x3 So bypassing those on load might return proper controller. Seen this in other UE4 games, where your controller needs to push input on 2 UnitAxis (function is called 'FMatrix::GetUnitAxis'). So.. as long as Vergil has both movement axis enabled (that's what I think the 0x3 check is for), he should work normally. Again.. we'll see

Dammit. I didn't want to mention that as there are too many bugs for me to bother with. There's a reason I included a warning of not requesting me to fix stuff. I bet you $5 if you fix the movement you'll get requests for the rest of it.

Besides movement there's the soft lock on the L2/LT move (guessing it's a block or parry?), weird move on R2/RT, random T-poses when knocked down, "trick up" not working as intended (at all // infinite trick ups), DT not refilling ever, etc etc.

EDIT: I do wonder if there's a flag for being friend/foe. Like a group setting.

[SunBeam]

It is in the controller; that's how I tell them apart in that mission. And has become the basis for my main hook:

Code: Select all

[ENABLE]

aobscanmodule( GetPlayer, DevilMayCry5.exe, 83B8????????0148897424??0F94D00F297424??84C00F )
registersymbol( GetPlayer )
label( GetPlayer_o )
registersymbol( GetPlayer_o )

alloc( Hook, 0x1000, DevilMayCry5.exe )

label( g_Player )
registersymbol( g_Player )
label( g_PlayerLookAtController )
registersymbol( g_PlayerLookAtController )

Hook:
cmp byte ptr [rdx+60],1
jne short @f
  mov [g_PlayerLookAtController],rdx
  mov [g_Player],rax
GetPlayer_o:
readmem( GetPlayer, 7 )
jmp GetPlayer+7

align 10 CC

g_PlayerLookAtController:
dq 0
g_Player:
dq 0

GetPlayer:
jmp Hook
db 90 90

[DISABLE]

GetPlayer:
readmem( GetPlayer_o, 7 )

unregistersymbol( g_PlayerLookAtController )
unregistersymbol( g_Player )
dealloc( Hook )
unregistersymbol( GetPlayer_o )
unregistersymbol( GetPlayer )

Run that, regardless of your .exe

Oh, and there's also this; not sure if entirely for V.. but the below leads to the Servants and perhaps a way to determine if enemy or player:

Code: Select all

DevilMayCry5.exe+134C2220 - 48 89 5C 24 08        - mov [rsp+08],rbx
DevilMayCry5.exe+134C2225 - 57                    - push rdi
DevilMayCry5.exe+134C2226 - 48 83 EC 20           - sub rsp,20 { 32 }
DevilMayCry5.exe+134C222A - 48 8B 41 50           - mov rax,[rcx+50]
DevilMayCry5.exe+134C222E - 48 89 D7              - mov rdi,rdx
DevilMayCry5.exe+134C2231 - 48 89 CB              - mov rbx,rcx
DevilMayCry5.exe+134C2234 - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
DevilMayCry5.exe+134C2239 - 75 3C                 - jne DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C223B - 48 8B 92 60180000     - mov rdx,[rdx+00001860]             // rdx == app.PlayerV; [rdx+1860] == app.enemy.em5802.Em5802
DevilMayCry5.exe+134C2242 - 45 31 C0              - xor r8d,r8d
DevilMayCry5.exe+134C2245 - E8 06DF5DEE           - call DevilMayCry5.exe+1AA0150
DevilMayCry5.exe+134C224A - 0FB6 C8               - movzx ecx,al
DevilMayCry5.exe+134C224D - 48 8B 43 50           - mov rax,[rbx+50]
DevilMayCry5.exe+134C2251 - 48 83 78 18 00        - cmp qword ptr [rax+18],00 { 0 }
DevilMayCry5.exe+134C2256 - 75 1F                 - jne DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C2258 - 85 C9                 - test ecx,ecx
DevilMayCry5.exe+134C225A - 74 1B                 - je DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C225C - 48 8B 87 60180000     - mov rax,[rdi+00001860]             // app.enemy.em5802.Em5802
DevilMayCry5.exe+134C2263 - 48 85 C0              - test rax,rax
DevilMayCry5.exe+134C2266 - 75 1C                 - jne DevilMayCry5.exe+134C2284
DevilMayCry5.exe+134C2268 - 45 31 C0              - xor r8d,r8d
DevilMayCry5.exe+134C226B - 48 89 D9              - mov rcx,rbx
DevilMayCry5.exe+134C226E - 41 8D 50 38           - lea edx,[r8+38]
DevilMayCry5.exe+134C2272 - E8 D9B2F1EE           - call DevilMayCry5.exe+23DD550
DevilMayCry5.exe+134C2277 - 30 C0                 - xor al,al
DevilMayCry5.exe+134C2279 - 48 8B 5C 24 30        - mov rbx,[rsp+30]
DevilMayCry5.exe+134C227E - 48 83 C4 20           - add rsp,20 { 32 }
DevilMayCry5.exe+134C2282 - 5F                    - pop rdi
DevilMayCry5.exe+134C2283 - C3                    - ret 
DevilMayCry5.exe+134C2284 - 48 8B 80 200B0000     - mov rax,[rax+00000B20]             // app.Em5802ServantController
DevilMayCry5.exe+134C228B - 48 85 C0              - test rax,rax
DevilMayCry5.exe+134C228E - 74 D8                 - je DevilMayCry5.exe+134C2268
DevilMayCry5.exe+134C2290 - 83 78 64 01           - cmp dword ptr [rax+64],01 { 1 }    // this?
DevilMayCry5.exe+134C2294 - 48 8B 5C 24 30        - mov rbx,[rsp+30]
DevilMayCry5.exe+134C2299 - 0F94 D0               - sete al
DevilMayCry5.exe+134C229C - 48 83 C4 20           - add rsp,20 { 32 }
DevilMayCry5.exe+134C22A0 - 5F                    - pop rdi
DevilMayCry5.exe+134C22A1 - C3                    - ret 

But mainly, head to Jessie's hook and check rdx and rsi, if I recall; those are the HitControllers for the entities doing and receiving the damage. Offset 0xA0 in the controllers leads to the Player. You can then compare human Player vs. enemy Player structures and find a bool or something that'd tell you what you're looking for.

[OleMagne]

SunBeam makes me want to poke around more. Goddammit...

Anyways, added DRM-less (could probably make just the one script version-agnostic by replacing the first two bytes with ?? ?? - too lazy to test).
Also added SunBeam as an option.

viewtopic.php?p=81992#p81992

[Maribo281]

seems if you spam infinite jump to fast, it will cause a hard crash.

[Tetsuo9999]

Okay I just find people not releasing stuff but teasing videos to be dumb and a way to showboat.

Screenshot (endgame spoilers - do not read past this point. do not pass go. do not collect $200): [Link]
For those who does not know Cheat Engine here's a pic on how to activate: [Link]

Here's a character selector. Play as Nero, Dante, V, or Vergil in whatever mission you want. Vergil IS BUGGY AF. You may also crash if you meet other characters in their supposed missions (untested outside of Vergil - he definitely crashes if ANY type of Vergil is in the mission or not - Urizen or himself).

CAVEATS:
"Continue Game" will load the previous character no matter what.
Continuing to the next mission after finishing a mission will load the correct character. You must go back to the main menu and mission select to load the character again.

Vergil stuff:
Does not work in the Void
He can only turn around if you slow down and wiggle your stick to get it working. Otherwise he moves forwards.
Limited Devil Trigger. Use the table in the first post for infinite devil trigger.
L2 or Left Trigger will soft lock him in place, needing a retry of the mission.
Getting hit can randomly, but very rarely, put him in a T-pose.
Animations for getting the nidhogg things breaks the game.



Do not request any fixes for him. Seriously. Don't bug me. Pay me a few thousand bucks and I might.

If JessieKazama could add a link to this post in the OP so it's not buried, that'd be swell.

EDIT: Not working with the DRM free version yet.
EDIT 2: Added SunBeam as playable character. Now supports DRM version

I tried this on Mission 4 (V's mandatory mission) and it's seemingly impossible to interact with the enemies. I assume that the bosses would be invincible too since the canned execution animation likely has to play out before the game will progress.

[OleMagne]

I tried this on Mission 4 (V's mandatory mission) and it's seemingly impossible to interact with the enemies. I assume that the bosses would be invincible too since the canned execution animation likely has to play out before the game will progress.

Please don't quote a big post without deleting its content first. It makes the whole page needlessly long.

This mission is the main reason I think there's a group setting somewhere. This and the fact that he's invincible to enemies. In this mission Vergil (and probably the others) just phases through the enemies.

[Megasder]

There is some way to revert the sin devil trigger manually (by pressing LB / L1 while you are transformed)?
by the description of "quadruple S" I thought that it do that , but it seems that isnt the case.

[KS212]

There is some way to revert the sin devil trigger manually (by pressing LB / L1 while you are transformed)?
by the description of "quadruple S" I thought that it do that , but it seems that isnt the case.

Do the 'finishing move' X+Y, or Square+Triangle. It will revert after he finishes killing everyone.

[Akuma]

We shall see; I got a list of locations where the id is checked-for. There are spots where there's a definite check for 0x3 So bypassing those on load might return proper controller. Seen this in other UE4 games, where your controller needs to push input on 2 UnitAxis (function is called 'FMatrix::GetUnitAxis'). So.. as long as Vergil has both movement axis enabled (that's what I think the 0x3 check is for), he should work normally. Again.. we'll see

EDIT: "rdi" is "app.GameManager"; it is pointered in both versions. I updated the fearlessrevolution trainer to work with the leaked .exe as well and aside from compiler optimizations breaking the search arrays, I couldn't find any differences.

Vergil loaded into game as player 0 in Nero levels. So If the character 3 check is restricting his gameplay its an easy fix and I will dig deeper. Even tho I think its just his "animation-data vs input" has been tied to "boss fight" restricting some input commands. I dont think Vergil has been gutted to play the way hes playing as thr are a good amount things still happening tht require perfect input. Im more then sure its his input that has been rearranged to make designing the final boss battles easier.

I have yet to look into animation data for him as some people need to sleep unlike "OleMagne" who just wants to talk about people not releasing thr findings. I didnt release Vergil because I wanted to give the youtuber "Nekorun" a chance to release first. Figuring it was his youtube video that held my hand to the simple concept of a forced load in. But TY for including me in your rants.

[SunBeam]

^ That last part is exactly my point regarding fearlessrevolution

[Akuma]

Preliminary finding's regarding Vergil restrictions as a playable character. He does have some sort of input restriction tied to him. Its likely from what i previously speculated about him being a boss charcter. I can force moves onto to him with injection. The spot is super bugged(not releaseing).

Things I have found is his swap weapon on LT is leading to a missing data. Also tht his sword spawn seems to be completely restricted even when its forced through code. So there is a possibility he isnt being loaded in game correctly I have a feeling SunBeam was correct in his thinking that his input is tied to different controllers. Eitherway Im not pursuing this road as he will likely be released in the next couple months.

[KS212]

His Yamato Combo B's quickdraw slash at the end is a literal one hit kill move on frigging anything... If not for the fact his movement doesn't work properly you could most likely clear the entire game with that one move

[JessieKazama]

Okay I just find people not releasing stuff but teasing videos to be dumb and a way to showboat.

Screenshot (endgame spoilers - do not read past this point. do not pass go. do not collect $200): [Link]
For those who does not know Cheat Engine here's a pic on how to activate: [Link]

Here's a character selector. Play as Nero, Dante, V, or Vergil in whatever mission you want. Vergil IS BUGGY AF. You may also crash if you meet other characters in their supposed missions (untested outside of Vergil - he definitely crashes if ANY type of Vergil is in the mission or not - Urizen or himself).

CAVEATS:
"Continue Game" will load the previous character no matter what.
Continuing to the next mission after finishing a mission will load the correct character. You must go back to the main menu and mission select to load the character again.
Grapple thingies can only be used by Nero.


Vergil stuff:
Does not work in the Void
He can only turn around if you slow down and wiggle your stick to get it working. Otherwise he moves forwards.
Limited Devil Trigger. Use the table in the first post for infinite devil trigger.
L2 or Left Trigger will soft lock him in place, needing a retry of the mission.
Getting hit can randomly, but very rarely, put him in a T-pose.
Animations for getting the nidhogg things breaks the game.
Cannot kill enemies at the start of Mission 4, V's introduction.



Do not request any fixes for him. Seriously. Don't bug me. Pay me a few thousand bucks and I might.

If JessieKazama could add a link to this post in the OP so it's not buried, that'd be swell.

EDIT: Not working with the DRM free version yet.
EDIT 2: Added SunBeam as playable character. Now supports DRM version

https://www.youtube.com/watch?v=upCXgBrKTjg

I added it to the main post, thankies~!