Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Research Turns Auto-Reset [Total War: Warhammer 2]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
audiopathik
How do I cheat?
Reputation: 0

Joined: 06 Oct 2017
Posts: 4

PostPosted: Fri Oct 06, 2017 8:25 pm    Post subject: Research Turns Auto-Reset [Total War: Warhammer 2] Reply with quote

Hello!

So, I am trying to assemble a cheat table that contains the option to lock the Turn Timer for the current Technology Research at 0 for Total War: Warhammer 2.

By starting a Research and scanning for the value in CE 6.7 each time it decreases I can eventually find an address that always stores the amount of turns the current research takes to complete.
Even when the current research is completed and I start researching another this address stores the correct amount of turns.

But when I try to change the value it immediatly changes back to what it was, locking it to the value of desire with the checkbox to the left does not prevent that.

Looking for what accesses this address reveals the following lines of ASM:

Code:
Warhammer2.show_objective+396B45 - 3B 47 60              - cmp eax,[rdi+60]
Warhammer2.show_objective+396B48 - 0F84 84010000         - je Warhammer2.show_objective+396CD2
Warhammer2.show_objective+396B4E - 48 8D 15 9F786700     - lea rdx,[Warhammer2.update_ui+2E26C4] { [00640025] }
Warhammer2.show_objective+396B55 - 48 8D 4D 27           - lea rcx,[rbp+27]
Warhammer2.show_objective+396B59 - 48 89 9C 24 A8000000  - mov [rsp+000000A8],rbx
Warhammer2.show_objective+396B61 - 89 47 60              - mov [rdi+60],eax
Warhammer2.show_objective+396B64 - E8 D7BB07FE           - call Warhammer2.exe+18DE90
Warhammer2.show_objective+396B69 - 48 8D 4D 17           - lea rcx,[rbp+17]
Warhammer2.show_objective+396B6D - BA 40000000           - mov edx,00000040 { 64 }
Warhammer2.show_objective+396B72 - E8 69BB07FE           - call Warhammer2.exe+18DE30


I attached an image with the lines of code on it to the thread.

Does anybody have some clues or hints on how to deal with this so I can lock the Research Timer at 0 or better how to generally deal with such issues when you find a valid address with the correct value in it, but it will immediatly be changed back to what it was when you edit it?



CE-TWW2-01.PNG
 Description:
 Filesize:  222.66 KB
 Viewed:  14269 Time(s)

CE-TWW2-01.PNG


Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Oct 07, 2017 4:43 am    Post subject: Reply with quote

mov [rdi+60],eax
assuming eax is writing to your address, and you want the timer to be '0' then just move '0' into eax.

how?

- mov eax,00
- mov eax,#0
- mov eax,(int)0
- xor eax,eax

just pick one!

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
audiopathik
How do I cheat?
Reputation: 0

Joined: 06 Oct 2017
Posts: 4

PostPosted: Sat Oct 07, 2017 11:37 am    Post subject: Reply with quote

Okay, so I created an Auto Assemble Script targetting the line

Code:
Warhammer2.show_objective+396B61 - 89 47 60              - mov [rdi+60],eax


filling it with the Cheat table framework template and the AOB Injection Template and replacing that line with

Code:
 mov eax,00


so the complete script looks like this:

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(RESEARCHTIMER,Warhammer2.exe,89 47 60 E8 D7 BB 07 FE) // should be unique
alloc(newmem,$1000,"Warhammer2.exe"+21122B1)

label(code)
label(return)

newmem:
  mov eax,00
  call Warhammer2.exe+18DE90
  jmp return

code:
  mov [rdi+60],eax
  call Warhammer2.exe+18DE90
  jmp return

RESEARCHTIMER:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(RESEARCHTIMER)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
RESEARCHTIMER:
  db 89 47 60 E8 D7 BB 07 FE

unregistersymbol(RESEARCHTIMER)
dealloc(newmem)


You can see this in the screenshot below.

Unfortunately activating the script does not have any noticable effect ingame, but while this script is active I can lock the address at any desired value.

Replacing the same line with

Code:
mov eax,00000000
nop
nop
nop


in Memory Viewer

crashes the game at the start of the next turn (when the Research Turn Timer should decrease by 1) completely. (See the screenshot below)

Browsing this memory region does also reveal it is the HUD, since there are STRINGs and resource .PNGs including the "END TURN" button and tooltips containing STRINGs like "You do not have any technology research active".

Also analyzing what accesses this address does not reveal any offsets pointing to memory addresses containing a value.

Thus, this value is just the number that is displayed on the HUD, but not the value that is used for the calculations internally.

How do I trace that value back to where it is used for the internal calculations (any address that does actually affect the amount of turns left for finishing the technology research ingame)?



2017-10-07 (5).png
 Description:
Replacing the original code in Memory Viewer
 Filesize:  83.76 KB
 Viewed:  14206 Time(s)

2017-10-07 (5).png



CE-TWW2-02.PNG
 Description:
Replacing the original code using AOB Injection Script
 Filesize:  142.36 KB
 Viewed:  14212 Time(s)

CE-TWW2-02.PNG




Last edited by audiopathik on Sat Oct 07, 2017 12:00 pm; edited 2 times in total
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Oct 07, 2017 11:57 am    Post subject: Reply with quote

remove the lines that i commented on, plus make sure eax is writing to ur address just see what writes to ur address and if its the same instruction you hooked then you are good to go.
audiopathik wrote:
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(RESEARCHTIMER,Warhammer2.exe,89 47 60 E8 D7 BB 07 FE) // should be unique
alloc(newmem,$1000,"Warhammer2.exe"+21122B1)

label(code)
label(return)

newmem:
  mov eax,00
  //call Warhammer2.exe+18DE90 // why did you placed a call here?
  //jmp return // why did you jumped to original game function?

code:
  mov [rdi+60],eax
  call Warhammer2.exe+18DE90
  jmp return

RESEARCHTIMER:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(RESEARCHTIMER)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
RESEARCHTIMER:
  db 89 47 60 E8 D7 BB 07 FE

unregistersymbol(RESEARCHTIMER)
dealloc(newmem)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
audiopathik
How do I cheat?
Reputation: 0

Joined: 06 Oct 2017
Posts: 4

PostPosted: Sat Oct 07, 2017 12:29 pm    Post subject: Reply with quote

I removed the lines you commented out and the value stored in the address is actually changed to 0 and also locked at that value, but it does not have any effect in game, the research does still take as long as before.


Since 3 lines before the code

Code:
mov [rdi+60],eax


the functions "Warhammer2.update_ui" and "Warhammer2.show_objectives" are called I guess this value is what is displayed on HUD, not the value that is used for the internal calculations.

What would I do to trace the value back to where it is used for the internal calculations?



CE-TWW2-03.png
 Description:
left: AOB Injection Script enabled: Remaining turn for completion of current technology locked at 0 (but no effect ingame)
right: AOB Injection Script disabled: Value immediatly flips back to the correct amount of turns left for the current technology re
 Filesize:  18.28 KB
 Viewed:  14198 Time(s)

CE-TWW2-03.png


Back to top
View user's profile Send private message
audiopathik
How do I cheat?
Reputation: 0

Joined: 06 Oct 2017
Posts: 4

PostPosted: Sun Oct 08, 2017 8:27 am    Post subject: Reply with quote

I have made a short screen capture of what I have done so it is clear what I am trying to achieve.

youtube . com/ watch?v=aodqYiEhH68

As you can see in the video I select a technology to research in TW:W2 and scan for it using CE6.7, change the technology I'm researching so the turn timer for the current research changes to a different value and then do the next scan, rinse and repeat until there is only 1 address left.


When I change the value the address stores to something else, it immediatly flips back to what it was even though it is locked in CE6.7

Then I use CE to find out what accesses this address and find 2 instructions doing so.

I create a Auto Assemble Script, fill it with the Cheat Table framework code and the AOB Injection Template and inject "mov eax,00" as a replacement for the original code
Code:
mov [rdi+60],eax
call Warhammer2.exe+18DE90


which is supposed to change the turns the current research takes to 0 (completed next turn)

Activating the generated script does eventually change the value stored in the address found, but does not have any effect in game.


Maybe one of the bright heads in this forum can explain what I need to do to find an address that actually changes the amount of turns it takes for a research to complete ingame!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites