Reply to thread

Quick search:

[SPOILER="Number Search"] [0001] - how to dump game

[0002] - opening dump in Ida

[0003] - updating addresses

[0004] - downloads [/SPOILER]


Wiki: Ring of Elysium - Wikipedia


First, let's get our tools together, not going to go over doing anything in c++ or c# (will go over this on a another topic) yet, Just how to dump, and find  test address, and getting started finding things, testing as well.


I want to go head and say this for any game developers reading this, I only intended an educational learning use.


Tools:

[SPOILER="Needed"]


Ida pro hex ray x86,

Undetected version of cheat engine or a different memory viewer, I suggest using  memory viewer or another tool,

Last update dump bottom of page,

Current update dump bottom of page,

Previous update dump bottom of page,

Last update addresses collection bottom of page,

Current update addresses collection bottom of page


Cheat engine doesn't seem to be detected so you could use it, you could also use a plugin for cheat engine

idk never got banned using cheat engine no idea why so I mean....


Scylla for dumping the memory

[/SPOILER]


[SPOILER="Registers x86"]

When I want to know everything about a register or operation in x86 I use

[URL unfurl="true"]https://www.felixcloutier.com/x86[/URL]


I usually nop it or change it to a different register, or operation depending on what I'm changing


A common one for roe is movss:

[URL unfurl="true"]https://www.felixcloutier.com/x86/movss[/URL]


Another common one is divss:

[URL unfurl="true"]https://www.felixcloutier.com/x86/divss[/URL]


I usually find more addresses when I mess with scalar single precision floating point values "operation + ss"

You can find a lot of stuff before and after the seh macros in the game


here is a link to seh macros:

[URL unfurl="true"]http://www.rohitab.com/structured-exception-handling-in-assembly-language#SEH_Macros[/URL]

Not sure if that will help but it does issue the problem at hand.

[/SPOILER]


How to dump the game [0001]


[SPOILER="Steps"]

Step 1:

Opening the x86 version of  Scylla and running as admin.

[URL unfurl="true"]https://gyazo.com/1b75e206db4a8cbab015bf3af456c1ad[/URL]


Step 2:

Attaching to the process of the game.

[URL unfurl="true"]https://gyazo.com/ee2c8982a5d04c5209351dc001b64035[/URL]


Step 3:

Pressing this button and choosing where to dump it

[URL unfurl="true"]https://gyazo.com/66e88bf7d563a52f05560b64ab6a1389[/URL]

Then waiting for this message

[URL unfurl="true"]https://gyazo.com/5da4fe08af0c51379cedec39c11bcadd[/URL][/SPOILER]


Opening  in  ida pro [0002]


[SPOILER="Steps"]

Step 1:

You need to open the dump file in x86  ida hex ray edition

< file , location>

[URL unfurl="true"]https://gyazo.com/6244eba27e5151b2f044ac74bd164ae4[/URL]

Just click ok

[URL unfurl="true"]https://gyazo.com/6ec9cbf2fbf0297557cc64afcf47809a[/URL]

Click cancel


Step 2 once open:

If loading has finished, you can see it in bottom left corner of application : number value stops changing, to au: idle

Click x on  structures

Click x on enumeration types

Click x on imports

Click x on exports

Click Shift+f12 for string view will take a min or 2

When everything is ready it should look like this

[URL unfurl="true"]https://gyazo.com/1a36dc7bf73367b1f16fdb87937d24f6[/URL][/SPOILER]


Addresses [0003]


[SPOILER="addresses and text to search"]

Remove trees search this as text with all occurrences

[CODE]divss   xmm0, dword ptr [ebp+0B94h][/CODE]

Going down its the 2nd movss

Should look like this:

[URL unfurl="true"]https://gyazo.com/f79da458e4c88074b5e6310f5ba8b135[/URL]

We want to nop this address

[URL unfurl="true"]https://gyazo.com/59fde742766d74c1fabea55f3655319d[/URL]

If you highlight  you should see if  look in the hex view:

[URL unfurl="true"]https://gyazo.com/6640e69f3bc9e49b28fabbc8da0907ea[/URL]

We want to change the bytes from that to these bytes

[CODE] 90 90 90 90 90 90 90 90 [/CODE]


Remove water search this as text with all occurrences:

[CODE]movss   xmm0, dword ptr [ebp+1C9Ch][/CODE]

Going up would be first movss

Should look like this:

[URL unfurl="true"]https://gyazo.com/0b678b9f2b4f288dc5d79888f914f52a[/URL]

We want to nop this address

[URL unfurl="true"]https://gyazo.com/0b678b9f2b4f288dc5d79888f914f52a[/URL]

If you highlight  you should see if  look in the hex view:

[URL unfurl="true"]https://gyazo.com/6640e69f3bc9e49b28fabbc8da0907ea[/URL]

We want to change the bytes from that to these bytes

[CODE] 90 90 90 90 90 90 90 90 [/CODE]


Remove grass search this as text with all occurrences:

[CODE]mov     esi, [ebp-0A8h] [/CODE]

Going up would be first movss

Should look like this:

[URL unfurl="true"]https://gyazo.com/e74617e176ea05acfb4797c812592ae6[/URL]

We want to nop this address

[URL unfurl="true"]https://gyazo.com/e74617e176ea05acfb4797c812592ae6[/URL]

If you highlight  you should see if  look in the hex view:

[URL unfurl="true"]https://gyazo.com/6640e69f3bc9e49b28fabbc8da0907ea[/URL]

We want to change the bytes from that to these bytes

[CODE] 90 90 90 90 90 90 90 90 [/CODE]



I usually use a version of cheat engine to test addresses.


Using this method, it takes like 2 or 3 mins to update addresses if that

I tested the old addresses myself and the new ones myself

If anything isn't working comment below


[/SPOILER]


Here are videos of some of the addresses:

[MEDIA=youtube]T6vUIupyB5k:178[/MEDIA]


Downloads [0005]

Old update dump don't remember: Old-Update

Old update addresses don't remember: old-update-addresses


dump release date 2.23.2019:  02-23-2019

addresses release date 2.23.2019:  02-23-2019-addresses


addresses 2.28.2019 ( current update ) : 03-28-2019-addresses

roe dump 2.28.2019 ( current update ) :  03-01-2019


i write it out like this

Address | Description | some instruction to find address


Scylla: Scylla v0.9.7c


Cheat engine: Cheat Engine


Will update soon, fix errors and grabbing more addresses and new ones


Top