Dominions 4 Allow Negative Design Points

Upload your cheat tables here (No requests)
Post Reply
Mezides
What is cheating?
What is cheating?
Posts: 1
Joined: Mon Mar 20, 2017 6:47 pm
Reputation: 1

Dominions 4 Allow Negative Design Points

Post by Mezides » Mon Mar 20, 2017 7:14 pm

Hello little table for Dominions 4 :Throne of Ascencion wich allow to play a god with negative design point.

This was updated to V4.30 by me thanks to this post:
Posted by sanitykey at 2014-09-14 09:14:36
I've updated and tested it so it should work at least until the game is updated again.

The way I did it was as follows:

1) Find the 4 byte value for the number of design points, add it to the code list and, show it as signed.

2) Make your design points negative.

3) Right-click on the design points variable -> Find out what accesses this address.

4) Click "Ok" in game and it should say "You cannot have a negative amount of points left".

5) Right-click on the address that accessed the variable -> Show this address in the disassembler.

6) Notice how just below the line it takes you to there is

Dominions4. exe+135BED:
jns Dominions4. exe+135E5A

This is code we want to change in the script, it only jumps if you have positive (not signed) design points, so we will change that to

Dominions4. exe+135BED:
js Dominions4. exe+135E5A

But that isn't all. . .

7) Right click on the line with jns and "Break and trace instructions" and press "Ok" (default values are fine).

8) Go back to the game, this time give yourself a positive amount of design points and, press "Ok" again.

Now the trace should have a list of instructions that allow you to start the game. The idea is to make sure that these instructions are followed, even if you have a negative amount of design points. I went through the trace instructions sequentially and found that the second call, which only does 3 instructions (cmp, je, ret) has to be forced. If within this call, the je fails then the game won't start. So the easiest thing to try was to replace all instructions after the je (but before the return) with nop. And it turned out that this worked.

9) Within the trace instructions, find the second call, double-click on the second je instruction within the call and, it should take you to that line in the debugger.

10) We want to replace all lines after that je instruction (but before the return) with nop.

Ok so now we know the lines we want in our script. When enabled we want to replace

jns Dominions4. exe+135E5A

mov eax,[esp+08] (4 bytes)
push eax (1 byte)
call Dominions4. exe+C1D50 (5 bytes)
pop ecx (1 byte)

With

js Dominions4. exe+135E5A

nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop

(4 + 1 + 5 + 1 = 11) nop

And when disabled we want to restore the original code. I hope this helps explain what I did.

Tips to cheat in game :

- Don't forget to deactivate cheat protection at the start of the game or you won't be able to change value
- Treasury is in 4 bytes
- Gems are in Binary

Have fun !
Current Version:
Dominion 4 Version 4.31 (19/06/2017)
Dominions 4 Allow Negative Design PointsV431.ct
(10.86 KiB) Downloaded 98 times
Legacy Version:
Dominion 4 Version 4.30 (05/04/2017)
Dominions 4 Allow Negative Design PointsV430.ct
(10.86 KiB) Downloaded 151 times
Dominion 4 Version 4.29 (20/03/2017)
Dominions 4 Allow Negative Design PointsV429.ct
(10.85 KiB) Downloaded 121 times

Post Reply

Who is online

Users browsing this forum: cloud97, Elterin, Google [Bot], Lubu