Originally posted by The Engie:

If it's actually PROPERLY stored with each flag only taking up 1 bit why isn't it just 256 1s?

Originally posted by 🔰SkacikPL🗾:

Originally posted by The Engie:

If it's actually PROPERLY stored with each flag only taking up 1 bit why isn't it just 256 1s?

Exactly, logic would imply that it'd be simplest solution and text output of the debug menu would also imply that it is the case as the text states
DBG:0x00 for first flag and 0xff for last flag so it's a single byte per flag and it literally gives you a position of each within the table.

Although unless i'm a tard, they must be either obfuscated or stored in memory in another way.

Originally posted by The Engie:

Originally posted by 🔰SkacikPL🗾:

Exactly, logic would imply that it'd be simplest solution and text output of the debug menu would also imply that it is the case as the text states
DBG:0x00 for first flag and 0xff for last flag so it's a single byte per flag and it literally gives you a position of each within the table.

Although unless i'm a tard, they must be either obfuscated or stored in memory in another way.

In that case, I'm fairly certain your search is just plain off since you have those long strings of all bits on, bools can only be a 1 or 0, a true flag won't have a value of 256.

Originally posted by The Engie:

Another possibility is that they realized people would be doing this and just ripped out the functionality at compilation.

Those are my theories for now.

Originally posted by Wunk:

Originally posted by The Engie:

Another possibility is that they realized people would be doing this and just ripped out the functionality at compilation.

Those are my theories for now.

This is true. There are a lot of debug-printing and debug logging functions that have been nulled out for the release build though some of the strings are still floating around.
They are just waiting to be hooked since it looks like a regular old printf-style variable arguments.

I did find the debug camera though.
Write 0x80000000 to 0x1413FC410.
Currently only works with a controller but you can fly the camera anywhere and press "X" to teleport the player to the camera.
Left Thumbstick - Swivel
Right Thumbstick - Orbit
X - Teleport Player to Camera
Right Trigger/Bumper - Fast Camera Speed
Left Trigger/Bumper - Slow Camera Speed
Left Thumbstick(click) - Set Orbit(Right Thumbstick) to Zoom
Right Thumbstick(click) - Set Swivel(Left Thumbstick) to Elevation

Originally posted by Wunk:

I have a large array of debug offsets in my notes but with the coming dlc(which will probably be paired with a patch) now's not the time to get too comfy with any run-time offsets but mapping out static structures helps.

Nier uses a string-id system that basically takes a crc32 checksum of a string's script-name (the mackerel being "fish_16" for instance) and uses this crc32 to do a binary search onto a large string table at run-time(which implies that the string-table is a sorted list of crc32-identified strings).

All the debug strings are taken out but their hashes and script-names are still floating around but its almost impossible to identifiy where they were intended to be use.

THe mruby VM bindings dont have any of the debug functions binded in but the debug flags are all still there and being checked.
Theres flags for enabling and disabling the "Enlighten" GI rendering and flags that let you play as the hacker-pawn in the over-world ( https://twitter.com/Wunkolo/status/843390442993475584 ) and freeze time ( https://twitter.com/Wunkolo/status/843949161024172032 ).

Originally posted by Iz:

Originally posted by Wunk:

I have a large array of debug offsets in my notes but with the coming dlc(which will probably be paired with a patch) now's not the time to get too comfy with any run-time offsets but mapping out static structures helps.

Nier uses a string-id system that basically takes a crc32 checksum of a string's script-name (the mackerel being "fish_16" for instance) and uses this crc32 to do a binary search onto a large string table at run-time(which implies that the string-table is a sorted list of crc32-identified strings).

All the debug strings are taken out but their hashes and script-names are still floating around but its almost impossible to identifiy where they were intended to be use.

THe mruby VM bindings dont have any of the debug functions binded in but the debug flags are all still there and being checked.
Theres flags for enabling and disabling the "Enlighten" GI rendering and flags that let you play as the hacker-pawn in the over-world ( https://twitter.com/Wunkolo/status/843390442993475584 ) and freeze time ( https://twitter.com/Wunkolo/status/843949161024172032 ).

What is the "Enlighten" GI flag? And that freeze time thing looks great for taking screenshots :)

Originally posted by Wunk:

Many of these offsets are going to be useless in about a week, so here's an excerpt from my notes on some of the debug flags.

1413FC3A0 Time/Input Flags 0x800 | Forced 2B to look straight ahead(disable look-at) 0x20000 | Disable Camera Movement 0x00200000 | Disable Character Movement 0x10000000 | Time Freeze (Still lets the player move) 0x20000000 | Same as above but unable to interact with enemies 0x40000000 | Freezes JUST the player 1413FC410 Camera Flags 0x80000000 | DEBUG CAMERA 1413FC414 Game modifier flags 0x400 | Constantly hurt the player (death zone?) 0x00002000 | Slow Motion Enable 1413FC3C7 0xF | Restart game to menu 1413FC3C8 Render state flags 0x800000 | Seems to disable Global illumination 0x80000000 | Seems to totally disable rendering anything but the sky 1413FC430 Render State Flags 0x8000000 | Disable Alpha Transparent Models? 1413FC3B0 Render state flags?(Default:10400400) 0x10000 | Screen blacken 0x400000 | Always gets set 0x10000000 | Shadows? 0x40000000 | Sets everything to motion blur insanely? 1413FC3B4 Another render state flag(Default: 04980000) 0x10000 | 1413FC390 Another GameFlag seems related to the render state 0x8 | Stop Time 0x10 | Stop Time 0x80 | Hide minimap background 0x800 | Hacking mode white quad? Mutes "overworld" sound 0x1000 | Puts 9S into a flight suit? 0x8000 | Play as Hacker Pawn 0x100000 | Cutscene mode, no hud 0x20000000 | Cutscene mode, no hud 0x40000000 | Cutscene mode, no hud 1413FC3C0 Game Flags (Ohh this is a good one) Bit Mask | Description 0x1 | Unknown 0x4 | Friendly Fire disabled 0x8 | Unknown 0x20 | Makes weapons glow white? 0x80 | Unknown, Unsets itself 0x200 | Unknown 0x400 | Wounded Mode 0x2000 | Unknown 0x4000 | Hacker Mode 0x100000 | Unknown(disables left+right click attacks) 0x400000 | Disables heavy attacks? 0x2000000 | Unknown

Some of the "heaps" that the game allocates

struct HeapReference { HeapReference* Previous; void* HeapLocation HeapReference* Next; } Name|Offset|Size|Group -|-|-|- "GRAPHIC WORK" | 0x1418DC668 | 0x3200000 | 0x1418DC578 (System) "GLOBAL" | 0x1418DC698 | 0x5500000 | 0x1418DC578 (System) "SOUND" | 0x1418DC6F8 | 0x1700000 | 0x1418DC578 (System) "EFFECT_GLOBAL" | 0x1418DC728 | 0xC00000 | 0x1418DC578 (System) "UI" | 0x1418DC788 | 0xC00000 | 0x1418DC578 (System) "UIFont" | 0x1418DC7B8 | 0x100000 | 0x1418DC578 (System) "MODEL RESOURCE" | 0x1418DC7E8 | 0x200000 | 0x1418DC578 (System) "ONLINE" | 0x1418DC818 | 0x100000 | 0x1418DC578 (System) "GRAPHIC BUFFER" | 0x1418DC848 | 0xFF00000 | 0x1418DC5A8 (Buffer) "EFF+UI BUFFER" | 0x1418DC8A8 | 0x2980000 | 0x1418DC5A8 (Buffer) "GRAPHIC GPURW BUFFER" | 0x1418DC878 | 0xCD00000 | 0x1418DC5D8 (Unknown) "CORE FILE" | 0x1418DC8D8 | 0x6400000 | 0x1418DC608 (File) "PL FILE" | 0x1418DC908 | 0x3E40000 | 0x1418DC608 (File) "CELE FILE" | 0x1418DC938 | 0x40000 | 0x1418DC608 (File) "EM+BG FILE" | 0x1418DC968 | 0x4400000 | 0x1418DC608 (File) "RESIDENTS FILE" | 0x1418DCA28 | 0x1500000 | 0x1418DC608 (File) "HIGH MAP FILE" | 0x1418DC998 | 0x9A00000 | 0x1418DC608 (File) "LOW MAP FILE" | 0x1418DC9C8 | 0x2900000 | 0x1418DC608 (File) "MAP SHARE FILE" | 0x1418DC9F8 | 0x80000 | 0x1418DC608 (File) "UI FILE" | 0x1418DCA58 | 0x800000 | 0x1418DC608 (File) "UIFont FILE" | 0x1418DCA88 | 0x500000 | 0x1418DC608 (File) "UI MINIMAP FILE" | 0x1418DCAB8 | 0x40000 | 0x1418DC608 (File) "SHADER FILE" | 0x1418DCAE8 | 0x480000 | 0x1418DC608 (File) "EFF SHADER FILE" | 0x1418DCB18 | 0x400000 | 0x1418DC608 (File) "HACKING FILE" | 0x1418DCB48 | 0x800000 | 0x1418DC608 (File) "BOOK FILE" | 0x1418DCB78 | 0x180000 | 0x1418DC608 (File) "MOVIE FILE" | 0x1418DCBA8 | 0x3FC0000 | 0x1418DC608 (File) "GRAPHIC VRAM" | 0x1418DCBD8 | 0x20000 | 0x1418DC638 (Vram) "CORE VRAM" | 0x1418DCC08 | 0xA00000 | 0x1418DC638 (Vram) "PL VRAM" | 0x1418DCC38 | 0x7800000 | 0x1418DC638 (Vram) "CELE VRAM" | 0x1418DCC68 | 0x1600000 | 0x1418DC638 (Vram) "EM+BG VRAM" | 0x1418DCC98 | 0x37880000 | 0x1418DC638 (Vram) "RESIDENTS VRAM" | 0x1418DCD58 | 0x8800000 | 0x1418DC638 (Vram) "HIGH MAP VRAM" | 0x1418DCCC8 | 0x2BC00000 | 0x1418DC638 (Vram) "LOW MAP VRAM" | 0x1418DCCF8 | 0xC700000 | 0x1418DC638 (Vram) "MAP SHARE VRAM" | 0x1418DCD28 | 0xB900000 | 0x1418DC638 (Vram) "EFFECT VRAM" | 0x1418DCD88 | 0xB400000 | 0x1418DC638 (Vram) "UI VRAM" | 0x1418DCDB8 | 0x1800000 | 0x1418DC638 (Vram) "UIFont VRAM" | 0x1418DCDE8 | 0x12000000 | 0x1418DC638 (Vram) "UI MINIMAP VRAM" | 0x1418DCE18 | 0x380000 | 0x1418DC638 (Vram) "HACKING VRAM" | 0x1418DCE48 | 0x200000 | 0x1418DC638 (Vram) "BOOK VRAM" | 0x1418DCE78 | 0x3080000 | 0x1418DC638 (Vram) "MOVIE VRAM" | 0x1418DCEA8 | 0x1E00000 | 0x1418DC638 (Vram)