View previous topic :: View next topic |
Author |
Message |
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Fri Jan 14, 2022 7:14 pm Post subject: Final Fantasy IV Pixel Remaster EXP |
|
|
So I'm typically able to find values I'm looking for without a lot of trouble. But for some reason the EXP address in this game seems to be pretty much impossible to locate. I've tried searching as all values, i've tried searching with unknown value and doing increase, and unchanged. I've tried doing changed and unchanged values. I've tried doing a value increased by after every fight. But I'm at a loss. I can find pretty much any other value in the game except for those related to experience. Does anyone have any other ideas on this short of decompiling the game?
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Fri Jan 14, 2022 7:31 pm Post subject: |
|
|
There's a trainer posted here and it has an XP multiplier, it might be that stuff increases XP and doesn't tell you every time it happens which is throwing off your search.
_________________
|
|
Back to top |
|
|
Jordancyre Newbie cheater Reputation: 0
Joined: 30 May 2017 Posts: 11
|
Posted: Thu Feb 24, 2022 1:40 pm Post subject: |
|
|
I've been struggling with this too. Apparently, many values are handled by Mono Instances which I have zero to no experience with. I'm not even sure that saying "Mono Instances" is the correct verbiage. After digging into it a bit, it would seem that the EXP memory location moves around / is destroyed / is created as needed.
It's incredibly frustrating to hack when it should be just a simple value store. I've tried looking at a few mono tutorials on YT but the game just doesn't make things easy.
Another option that I'm curious about is loading up a trainer and scanning the memory to see what instructions the trainer changes after you activate the cheat. I tried this too, but CE didn't return any changes. This could be because I might not be looking in the right place or CE doesn't scan the region that the Instruction changes happen. Another possibility is instead of instruction / opcode changes happening, the trainer is using lua scripting to do things (Which ultimately would affect the instruction assembly too though right?)
Anyway, I hope this comes to something because these games in particular are a pain to hack. I'd love to see a tutorial on how someone nailed down the locations of different values.
Please Keep me updated in your endeavors for this![/u]
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Tue Mar 01, 2022 8:34 pm Post subject: |
|
|
This one was pretty simple.
Open FF VI, activate mono features.
Dissect Mono (All relevant functions are within Assembly-CSharp.dll)
search for get_AdditionalExp
right click, select JIT
Create an AA and add any value you want to the respective memory address contained therein.
Enable the AA script
Next battle you get that exp and level up. Depending on the value you edit you can set the base exp or the incremental exp. I chose to set the base exp. 15 million is cap.
How I found it without knowing that get_AdditionalExp existed is another story
I first found a single item.
Made 99 of it to confirm it worked.
Then found what wrote to it
Finished a battle and grabbed the instruction that wrote to it when battle finished
Break and trace that instruction on the single item's address
Finish another battle where item drops
Review the trace log
Jumped up one function call (click the instruction after the ret)
scrolled through the code and observed the mono identified function codes until I found interesting ones.
You can usually view the structure without knowing anything and intuitively grasp the important structures for use based off their names. FF VI is rather large but with enough time you would get there.
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Thu Mar 03, 2022 5:31 pm Post subject: |
|
|
When you say create an AA and add any value you want to the respective memory address, how do i know which one? I don't see anything obvious to change in that function. I've written plenty of basic scripts to jmp over stuff or compare values and do something based on another value, but this one I just don't get.
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Fri Mar 04, 2022 1:36 am Post subject: |
|
|
There are only two MOVs of significance in the 7 lines of that function call. Break and trace it, make the trace 7 lines long (or fewer if you break and trace further into the 7 lines), read the two values and you will see which one is for EXP. That is the one you want to edit in your script.
Incase you get stuck, for me it is [rax+28]. You have to edit it before it rewrites itself though.
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Fri Mar 04, 2022 9:52 pm Post subject: |
|
|
cooleko wrote: | Incase you get stuck, for me it is [rax+28]. You have to edit it before it rewrites itself though. |
Yea that was the part that was messing me up, i did break and trace and found another function call for set_AdditionalExp and that's where i hit money finally. I'm thinking the set_AdditionalExp function actually sets the amount for the total and get might just be getting the amount for each character but i have no idea. Either way I got it working, thanks!
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Sat Mar 05, 2022 11:35 pm Post subject: |
|
|
Yes, that is the one I set to 15,000,000 to set everyone to max. Glad you got it working!
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Sun Mar 06, 2022 3:18 pm Post subject: |
|
|
cooleko wrote: | Yes, that is the one I set to 15,000,000 to set everyone to max. Glad you got it working! |
Have you been able to find anything similar for AP? I've found a few functions that sounds like they could be it but no luck so far.
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Sun Mar 06, 2022 9:05 pm Post subject: |
|
|
I didn't actually play the game, had a copy and installed it specifically to answer the question. If you want me to look it up, let me know, otherwise I expect it to be super simple to find under one of the last.battle (guesstimating name) functions. Mono games are super easy because they spell everything out for you so this is the perfect opportunity to learn in easy mode!
Even without mono, I expect that if you used speedhack to slow the game down to .1 (10% speed) and did a search for 2 byte values you would find AP pretty easily during battle. Disassemble the instruction that sets it, see what values it affects. Then look at the structure to discern between characters and enemies. I'd then set it to edit at about 50% so it isn't instantly full but much faster.
I'd also strongly suspect that the value that sets it isn't the value that performs the updating so you would have to backtrace it just a little to where it is calculated and update the code right before it executes there.
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Sun Mar 06, 2022 11:51 pm Post subject: |
|
|
I found a few that were like set_magicpoints or set_ap and thought it would be one of those but neither seems to be what I'm looking for. AP is similar to EXP though, it's not like it's being updated frequently, it's only done one time at the end of the battle and it's generally 1 or 2 so that isn't something I can really narrow down. For MP and HP those are simple, it's these values that change one time at the end of a battle that I have trouble with.
It's kind of weird when I jit the set_AP one it actually goes to a spot in memory that isn't the same label as the mono behavior title. I tried manually browsing or searching through the memory to find it and had no luck there. With the set_MagicPoints function it went to the right spot in the browser and i found some opcodes that do update 4 values, the same as the number of characters, but they always have a value of 128 so i'm not sure what that would really be.
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Mon Mar 07, 2022 12:21 am Post subject: |
|
|
I only played a few minutes into the game, can you send me your save file to when AP is unlocked?
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Mon Mar 07, 2022 12:40 am Post subject: |
|
|
Have been trying to post a link to them in google drive but bb won't let me post a link i'll see if i can PM to you.
Which I can't because I haven't posted on the forum enough yet? If you PM first I can PM you back I guess.
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Wed Mar 09, 2022 4:40 am Post subject: |
|
|
It's actually the very next function call after get and set EXP. It is called get and set MagicLearningValue.
You can set the gain in between the two function calls at [rsi+20]. I set it to 999 and it showed 999 in the post battle window. I don't actually know what it does or where to see it in the menu, but I expect it worked.
I bet you can do the same for EXP, instead of setting the max where I did before, merely setting the value between the get and set functions.
|
|
Back to top |
|
|
_TheDavil Newbie cheater Reputation: 0
Joined: 14 Jan 2022 Posts: 11
|
Posted: Wed Mar 09, 2022 11:00 am Post subject: |
|
|
I must be doing something wrong then. I had found the magiclearningvalues and tried messing with them before but i'm not having any success.
I picked out the get_magiclearningvalue method and hit jit. Then I did break and trace on it in the memory browser right before the battle ends cause it seems to get called during some abilities also. I went to that spot with rsi+20 and saw the 2 calls but the only thing in between them is xor edx,edx and mov rcx,rbx. When I tried setting rbx to 15 it just crashes the game. There are really i think like 3 calls to get and set the value and i've tried about all of them. Maybe I'm writing the script wrong? like if I think the value it's using is rbx,rcx then I just do mov rbx,10.
|
|
Back to top |
|
|
|