Cheat Engine

[deama1234]

So, there's this RPG that has a skill that gives me a 5% discount on items I buy from any vendor; this increases by 5% everytime I upgrade it. Problem is, I can't seem to find that discount value in memory! I tried a bunch of searches, increased, decreased, unchanged, but in the end it just comes up with 0 results. I even tried just "changed" but that still comes up with 0 results.

So, any of you more experienced members have any ideas? Cause I'm lost...

[Zanzer]

Have you tried searching strictly by the level of the skill?
Some games calculate those values on the fly.

Also, did you try both float and double using your other methods?

[deama1234]

[Zanzer]

Is there a reason you just don't hack player gold?

edit:
Are you able to level the discount while a vendor window is open?
Do the gold values decrease as you level it?
If so, find those gold values and look through the code that accesses them.
Several lines above may be the discount variable.

[deama1234]

[Zanzer]

So you haven't been able to find the player's gold value at all?

Have you found an item's durability?

Hopefully the game's structure has other related variables in the same location.

See if you can just browse close by and find the item's value property.

You can then right-click that and Find out what accesses this address.

Then go up and open the trade window. Some code should get the base value, then multiply/divide it by your discount.

[deama1234]

[Zanzer]

No, I meant to browse the memory region (bottom half of the memory viewer) around the durability value.

Try a display type to 4-byte and float. Look around the general area for a number matching the weapon's value.

Once you find that, you can find the code that accesses that value.

[deama1234]

[Zanzer]

Chances are the game does not update the value in memory. The value is calculated on the fly.
So when you go to the vender, it loads the full value, then applies all the math you mentioned before displaying the number.

It is also likely that the value is assigned to a general item type, and not your specific item.
In this case, there is likely a pointer around those values you found which takes you to a new structure containing the item's value.

By the way, I grabbed the game just so I could give you a hand. I'll post something shortly

edit:

Well this is a pain in the butt...

Gold counts as a normal inventory item with a stack size (obviously).
Maximum gold stack size is 50,000 by the way.
Quantities are stored as 2-bytes, except the bytes are reversed.
So a decimal 20 (0x0014) should be stored as bytes 14 00.
However, the game reverses those to 00 14, so the value is decimal 5120 (0x1400).
What's worse is the address is not aligned to a 2-byte memory address, so you'll need to turn off Fast Scan.

Trying to make a script to help you find the value.

[deama1234]

[Zanzer]

Just checking, did you find what you needed?

Here's my table with the various pointers and hacks I've played around with.

It allows you to set the vendor's purchase and sale multipliers.

They default at 10x purchase price and 1/4 sale price. I believe you wanted the opposite, but you can see how it's done.

You can go to the vendor's base address and see various other 4-byte and float values which may have significance to things.

Play around and see what all you can break.

[deama1234]

[Zanzer]

I am using GOG version 1.0062A. Some scene release.
Are you using the original release? Is the process still "div.exe"?

The values were rather easy to find once I found something relating to the vendor.

I used the relationship value, Neutral (0), to find the vendor. Started search at 0.
Stole something in front of him to reduce it, searched -30.
Stole again, etc. Of course, they become aggressive quite fast.

Found out what instructions accessed this address and found the base pointer.
base+1C4 == Relationship (4 byte)
base+208 == Sell Price Multiplier (float)
base+20C == Buy Price Multiplier (float)

Now you can't simply set those values because they are calculated through some other values. Probably by other values in the same memory region. But instead of trying to figure that out, I simply found out what instructions accessed the multipliers. I hacked the calculation so that it simply puts the final float value I want into the address.

[deama1234]