Cheating

A quick and simple guide to cheating in RPGMaker Games without having to do the math yourself. Especially since sometimes the math just flat out doesn't work, as there have been games where (value*2)+1 didn't find what I needed.

Using Cheat Engine
There's actually an easy way to use Cheat Engine with RPG maker games... a script you use to make it search correctly for those games alone so you don't have to use binary and get millions of hits.

Games with RPG VX ACE or normal VX People often tell you to search for (value*2)+1. So if you're looking for 123 gold that you want to change, search for 247. But if you wish to use this custom type (so you don't have to do that *2 stuff) then do the following:

1. Start Cheat Engine 2. Open any process 3. Right-click the "value type" dropdown menu box 4. Click "define new custom type (Auto Assembler)" 5. Delete and replace the existing script with the script posted here 6. Click OK 7. You can now search for the values as they appear! No need to double and add one or anything like that.

Note: I save this as RPG VX type, and it will open with Cheat Engine forever after as another type option. Easy-peasy. Have fun cheating RPGMaker games everyone!

Note2: For some reason I can't seem to get the formatting on this wiki to leave my formatting alone and make this code view properly. So I'll be adding an image that shows where the line breaks should be so that they can be entered manually. The good thing is that it only needs to be done once!

The Script:
alloc(TypeName,256) alloc(ByteSize,4) alloc(PreferedAlignment, 4) alloc(ConvertRoutine,1024) alloc(ConvertBackRoutine,1024)

TypeName: db 'RPG VX type',0

ByteSize: dd 4

PreferedAlignment: dd 1

//The convert routine should hold a routine that converts the data to an nteger (in eax) //function declared as: stdcall int ConvertRoutine(unsigned char *input);

//Note: Keep in mind that this routine can be called by multiple threads at the same time.

ConvertRoutine: [32-bit] push ebp mov ebp,esp push ecx mov ecx,[ebp+8] [/32-bit]

//at this point ecx contains the address where the bytes are stored

//put the bytes into the eax register mov eax,[ecx] //second fun fact, addressing with 32-bit registers doesn't work in 64-bit, it becomes a 64-bit automatically (most of the time) shr eax,1 //shift right by 1 bit (divide by 2)

//and now exit the routine [64-bit] ret [/64-bit] [32-bit] pop ecx pop ebp ret 4 [/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value) //function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output); ConvertBackRoutine: [32-bit] push ebp mov ebp,esp push edx //save the registers push ecx mov edx,[ebp+0c] mov ecx,[ebp+08] [/32-bit]

//at this point edx contains the address to write the value to //and ecx contains the value

push eax push edx

mov edx,[edx] //edx now contains the original value and edx,1 //only save the first bit

mov eax,ecx //eax gets the user input value shl eax,1 //shift left by 1 bit (multiply by 2) or eax,edx //add the bits of the original value

pop edx mov [edx],eax //write the new value into the old value pop eax

[64-bit] //everything is back to what it was, so exit ret [/64-bit]

[32-bit] //cleanup first pop ecx pop edx pop ebp ret 8 [/32-bit]