| View previous topic :: View next topic |
| Author |
Message |
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
 Posted: Thu Jun 23, 2016 4:13 am Post subject: Any Way to break stat cap? |
 |
|
Hello there currently I'm playing Radiata Stories on pcsx2 v1.4
I managed to find the address for STR, which is capped at 999
the adresses however are 2byte and 4 byte, and no matter how high I set them to, the ingame stat stays at 999.
Is there any possible way to break the cap? For this game, or for any game at all?
Thanks!
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Thu Jun 23, 2016 8:42 am Post subject: |
|
|
Find out what accesses the value.
Increase the number.
Identify the code that checks if it is over 999.
Set the cap there to whatever.
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Fri Jun 24, 2016 10:41 am Post subject: |
|
|
| Could you please elaborate? I'm really noob with CE. thanks
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Tue Jul 12, 2016 1:05 pm Post subject: |
|
|
| anyone?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Jul 12, 2016 2:02 pm Post subject: |
|
|
| Complete the CE tutorial.
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Tue Jul 12, 2016 3:47 pm Post subject: |
|
|
| ++METHOS wrote: | | Complete the CE tutorial. |
I did and I got stuck at 'Identify the code that checks if it is over 999. '
I got 2 opcodes that both lead to the same hex value, what to do next? it isn't actually mentioned in the tutorials or I'm just unable to connect them together.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Jul 12, 2016 4:00 pm Post subject: |
|
|
| Right-click on the STR value and check to see what is accessing it. The debugger window will pop up and should populate with some results. Let it run for a second, then change the STR to something that exceeds 999. Watch the debugger window to see if any new instructions populate the list when you do this.
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Tue Jul 12, 2016 4:12 pm Post subject: |
|
|
| ++METHOS wrote: | | Right-click on the STR value and check to see what is accessing it. The debugger window will pop up and should populate with some results. Let it run for a second, then change the STR to something that exceeds 999. Watch the debugger window to see if any new instructions populate the list when you do this. |
I'm currently cheating ROTK 13, but did exactly the same in principle (except the cap is 100). before the value was changed, 2 opcodes appear with fast increasing counts. if I change the value via cheatengine to something that exceeds 100, no new codes appear.
so I tried to change the value to 99 and manually increase it to 100 in-game, which resulted to 4 new codes with constant count,
in total there are 6 opcodes now and they all have the same address for 'the value of the pointer needed to find this address is probably'
edit: the address for the stat is in byte
edit 2: I open the second opcodes in the disassembler and found something that says 'compare two operands' and 'move if greater' and 'move if below or equal'
so I change them with code that does nothing.
they come not once but many times, I changed maybe 4 of them, and tried to change the stat value to 255.
now I have 127 as my stat. I don't know what im doing.
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Tue Jul 12, 2016 5:28 pm Post subject: |
|
|
| That is because the normal process of writing the value already does a value check, There will be something that compares and jumps based on a value, break and trace the entire function (before your write, this means break and trace from the write, find the ret, double click the line below the first "ret" In memory viewer, go one instruction up (this is the function that called it) break and trace again, now scroll through the code until you see a compare against 100 (64 hex), change the 100 to 999, force it to always take the jump, or w/e you feel like, there are 100s of ways to get your results.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Jul 12, 2016 5:30 pm Post subject: |
|
|
You're just going to have to look at the code around the instructions to see where the compare is being performed.
Since you don't know what is actually being compared, you'll have to keep that in mind. For example, 100 may or may not be what is compared against (it could be 101, which is 65 in hex).
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Tue Jul 12, 2016 5:57 pm Post subject: |
|
|
good observation, it could be
> 99, set to 100
> 100, set to 100
>= 101, set to 100
It could also be something else too, depending on their creativity.
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Tue Jul 12, 2016 6:02 pm Post subject: |
|
|
so for 1 stat (Leadership), I figured out I have to change 2 instances of comparison.
cmp eax,64
mov ecx, 00000064 ---> I changed it to 000000FF
cmovg eax,ecx
|
|
| } some other codes
|
|
cmp ecx,64
mov eax,00000064 ---> I changed it to 000000FF
cmovg ecx,eax
and then I set the value of the stat to 255, and it shows as 255 in-game
BUT only in the info page (that means the actual stat stays 100 and doesn't do shit)
if I go down after that, I will find the exact or similar rows of codes, for the other (next) stat, which is WAR (There are LEADERSHIP, WAR, INT, and GOVERNANCE)
any idea why the actual stat doesn't change?
edit: image attached
| Description: |
|
| Filesize: |
455.8 KB |
| Viewed: |
13302 Time(s) |
|
Last edited by dovahkun on Tue Jul 12, 2016 6:10 pm; edited 1 time in total |
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Tue Jul 12, 2016 6:06 pm Post subject: |
|
|
Many,
There is a check when the stat is applied;
There is a formula for stat effects, this formula is maxed out when a stat is 100;
The Stat page is only a display page, so you found how to edit the display of the values but not the values themselves (where ever they may be)
|
|
| Back to top |
|
|
dovahkun
Cheater
![]() Reputation: 0
Joined: 26 Oct 2015
Posts: 49
|
| Posted: Tue Jul 12, 2016 6:12 pm Post subject: |
|
|
| cooleko wrote: | Many,
There is a check when the stat is applied;
There is a formula for stat effects, this formula is maxed out when a stat is 100;
The Stat page is only a display page, so you found how to edit the display of the values but not the values themselves (where ever they may be) |
the address for the value works okay for 1-100, so I guess the problem lies in that formula you mentioned.
feelsbadman
edit: more info, maybe someone can detect where the problem is :
| Description: |
|
| Filesize: |
653.59 KB |
| Viewed: |
13283 Time(s) |
|
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Tue Jul 12, 2016 6:51 pm Post subject: |
|
|
just keep looking, you will find it, it cant be hidden, your image you added shows that you changed the visible value of the page, not the stats, find the stats compare
Why dont you do a replace all for the whole game:
Replace: 0F 4C CA 83 F9 64 7F 0F
With: 0F 4C CA 83 F9 FF 7F 0F
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
