# Intro
This game is popular enough and has a POWERFUL CONSOLE not to require any cheat tables or trainers. I am aware there's going to be a ton of them, as well as mods. It seems the main reason why the console is not used and the main concern a player has is "oh noez, achievements are not awarded". This topic will address some of these aspects. What it will NOT address: cheat tables, trainers or requests. So, really, please don't spam for the things you want, if you don't plan on reading. Visit other topics in the Tables -or- Trainers sections.
# Bypassing Achievements Disabling (Steam, not using any other mods)
The developers added a simple 1-byte check based on which it "achievements get disabled". Notice the "": they don't actually disable them; the BOOL being set to true/1 will cause a simple skip of the piece of code that grants them. The developers thought "the player is gonna transition anyway, plus there's an auto-save system that kicks in every X minutes, so it's enough" -- you got that right: this check happens when a load screen OR auto/manual save occurs. It doesn't happen in any other moment in time during your session.
For instance, it happens on any load screen when this function is being executed:
Code: Select all
public: bool __cdecl TESDataHandler::CheckModsLoaded(bool)
The BOOL is set to 0x1 every time you run specific commands. While initially I thought there's just 2 of them (misled by the "" string reference), know that this happens in 200+ places
Since this is x64 and not x86, there's no simple way to just scan for every reference of the pointer/address (where it's used) and patch all 200+ spots to a "mov [],0". An idea was to spawn a thread that would constantly write that 0 value, but why not make use of the game's loops/threads?
So I picked a spot I know runs constantly: checking on game window - GetActiveWindow, peeking on messages - PeekMessage, TranslateMessage, getting the foreground window and cursor clipping.. Basically a game loop that runs constantly -> public: void __cdecl Main::Run_WindowsMessageLoop(void). The perfect spot to hook and insert our forced 0 write 
Analysis put to practice, enter the proxy DLL below which will do 3 things:
- block achievement disabler BOOL from being set to 0x1
- restore save-game status to not modded (you need to perform a save yourself to trigger the physical save game's update! yes, this also means that you can "convert" already modded/flagged save games to clean ones this way)
- disable the pop-up you see for the first time when opening the console with Tilde (~`) key
UPDATED: No more pop-ups when you hit Tilde (~`) key for the first time.
Download the archive, extract the DLL to your game folder (e.g.: G:\SteamLibrary\steamapps\common\Starfield), (close game if it's running) and re-open the game. You can now use any console command you want and get Steam achievements whenever they occur! As a bonus, wait for an auto-save or perform a manual save yourself and your (MOD)ed save-game will become un-modded
How do you know the DLL works: when you press Tilde (~`) key for the first time, you won't see the notification that some commands might disable achievements
# Bypassing Achievements Disabling (Steam, wanting to use mods that are named dxgi.dll)
First-up, the DLL above can be renamed to multiple other names, but be aware that not all of them are loaded/used by Starfield:
- X3DAudio1_7.dll
- XInput9_1_0.dll
- xinput1_3.dll
- dinput8.dll
- dxgi.dll
Code: Select all
dxgi.dll
dinput8.dll
# Bypassing Achievements Disabling (Steam, INJECTOR version)
If you don't want to deal with any of the stuff above, then extract the archive below to a folder on your disk, run the game (Steam) and execute IGCSInjector.exe. It is self-implied that you should not be using the proxy dll version, as it will conflict -- requisites will not be found and you'll see an error. You should use either the proxy -OR- the injector. Not both!
Credits to Otis_Inf for granting permission to bundle his injector.
# Bypassing Achievements Disabling (for UWP/GamePass/Windows Store, INJECTOR version)
The same DLL as above, but with a different injector. To bundle this, I've asked permission from the original author (Wunkolo) to modify the source-code available at [Link] and distribute the binary along with my proxy DLL.
If you play the game on GamePass/Windows Store, then the proxy DLL won't work to be placed in the game folder, as this folder is secured via UWP (located in WindowsApps, with special privileges). Sure, you can dump the game if you want and re-register it to the Microsoft Framework, but I digress. In any case, you can read more on the UWP topic in the github page above or here (replace fearlessrevolution.com in the link with unknowncheats[dot]me).
Long story short: extract the archive to a folder on your disk, open the game, run UWPInjector.exe and this is what you should see:
# Disabling Background Freeze
Whenever you alt-tab, be it full screen or playing in windowed mode, the game's VM (that's what it is) freezes. The game is paused and the TAB menu is automatically displayed (as if you pressed the TAB key yourself). Well.. I wanted to kill that and let the game run in the background. So I started by looking for common Windows APIs that would lead me to that check: GetForegroundWindow (or any window-related). One thing led to the other and found the spot here:
Simply setting the BOOL to 1 would let the game run in the background.
I then investigated that pointer, just to see wtf it's all about. And saw this:
Inspecting the "aBalwaysctiveG" label showed this:
The string is "bAlwaysActive:General". Meaning "General" section, "bAlwaysActive" setting.
Then if you take a look at the picture above this one, you see "INISettingCollection". Aha! In main game folder there's .ini files. More precisely Starfield.ini (I play the English version, so you may want to tweak the right one for you).
This is called class SettingT<class INISettingCollection> bAlwaysActive.
So:
Look mom, no patching!
# IDA FakePDB + x64dbg DB with labels and comments
Attaching here my fake .pdb, containing all RTTI vftable references, as well as my x64dbg database with some labels/comments, so you can use it with the backed-up exe/pdb pair.
Example:
Download » [Link]
ZIP Password: sunbeam
Once the game updates, I won't be posting updated files. Makes no sense to me. To be used only for reverse engineering purposes or by people who actually have a good understanding of debugging/assembly.
# Console Commands
I found this article the MOST COMPREHENSIVE, so you should go for it: [Link]. It has all the commands you'll ever need (even if it's for Fallout 4, they work on Starfield).
Happy gaming,
Sun
