Re: Warhammer 40,000: Chaos Gate - Daemonhunters
Posted: Sun May 08, 2022 2:46 pm
hi how does the upgrade project days works? can't seem to get it to work
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Set it to 1 and the project should finish the next dayReaper1222 wrote: ↑Sun May 08, 2022 2:46 pmhi how does the upgrade project days works? can't seem to get it to work
hi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?The Mogician wrote: ↑Sun May 08, 2022 4:53 pmSet it to 1 and the project should finish the next dayReaper1222 wrote: ↑Sun May 08, 2022 2:46 pmhi how does the upgrade project days works? can't seem to get it to work
Hmm, it should normally populate after you activate an upgrade. I'll check on it later.Reaper1222 wrote: ↑Sun May 08, 2022 6:07 pmhi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?The Mogician wrote: ↑Sun May 08, 2022 4:53 pmSet it to 1 and the project should finish the next dayReaper1222 wrote: ↑Sun May 08, 2022 2:46 pmhi how does the upgrade project days works? can't seem to get it to work
I would appreciate it if you can check this. I am in the same boat. I just have "?????" in the address, so it is impossible for me to click the checkbox and set the "Value" from "??" to "1."The Mogician wrote: ↑Mon May 09, 2022 2:35 amHmm, it should normally populate after you activate an upgrade. I'll check on it later.Reaper1222 wrote: ↑Sun May 08, 2022 6:07 pmhi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?The Mogician wrote: ↑Sun May 08, 2022 4:53 pm
Set it to 1 and the project should finish the next day
Code: Select all
{ Game : ChaosGate.exe
Version:
Date : 2022-05-09
Author : rhark
Advance time by 1 Day to instantly complete a repair or construction/upgrade job.
}
[ENABLE]
aobscanmodule(repairTime_AOB,GameAssembly.dll,29??89????488B??????4883????5FC3E8) // should be unique
alloc(newmem,$1000,repairTime_AOB)
label(code_repair)
registersymbol(code_repair)
label(return)
newmem:
mov eax,63
code_repair:
readmem(repairTime_AOB,5)
{
sub ebx,eax
mov [rdi+28],ebx
}
jmp return
repairTime_AOB:
jmp newmem
return:
registersymbol(repairTime_AOB)
[DISABLE]
repairTime_AOB:
readmem(code_repair,5) //db 29 C3 89 5F 28
unregistersymbol(repairTime_AOB)
unregistersymbol(code_repair)
dealloc(newmem)
Code: Select all
{ Game : ChaosGate.exe
Version: 1.0
Date : 2022-05-09
Author : Granon
This script is intended to change the "Days Left" to 0 for construction
projects.
}
[ENABLE]
// AOB from the JNE with the static addresses wild-carded. Hopefully endures game updates.
// Overwrites the SUB, MOV
aobscanmodule(CONSTRUCTION_DECREMENT,GameAssembly.dll,75 05 E8 ?? ?? ?? ?? 31 C9 E8 ?? ?? ?? ?? 31 D2 E8 ?? ?? ?? ?? 29 C3 89 5F 28) // should be unique
alloc(CONSTRUCTION_INJECTION,$1000,CONSTRUCTION_DECREMENT)
label(skip)
label(code)
label(return)
CONSTRUCTION_INJECTION:
readmem(CONSTRUCTION_DECREMENT+15, 5)
code:
sub ebx, eax
cmp ebx, 0
jnge skip
mov ebx, 0
skip:
mov [rdi+28], ebx
mov rbx,[rsp+30]
jmp return
CONSTRUCTION_DECREMENT+15:
jmp code
return:
registersymbol(CONSTRUCTION_DECREMENT)
registersymbol(CONSTRUCTION_INJECTION)
[DISABLE]
CONSTRUCTION_DECREMENT+15:
readmem(CONSTRUCTION_INJECTION, 5)
unregistersymbol(CONSTRUCTION_DECREMENT)
unregistersymbol(CONSTRUCTION_INJECTION)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+86B40DC
GameAssembly.dll+86B40B9: 74 0E - je GameAssembly.dll+86B40C9
GameAssembly.dll+86B40BB: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+86B40C2: 75 05 - jne GameAssembly.dll+86B40C9
GameAssembly.dll+86B40C4: E8 A7 F2 A1 F7 - call GameAssembly.dll+D3370
GameAssembly.dll+86B40C9: 31 C9 - xor ecx,ecx
GameAssembly.dll+86B40CB: E8 50 B2 7F F8 - call GameAssembly.dll+EAF320
GameAssembly.dll+86B40D0: 31 D2 - xor edx,edx
GameAssembly.dll+86B40D2: E8 69 19 4E F9 - call GameAssembly.dll+1B95A40
// ---------- INJECTING HERE ----------
GameAssembly.dll+86B40D7: 29 C3 - sub ebx,eax
GameAssembly.dll+86B40D9: 89 5F 28 - mov [rdi+28],ebx
// ---------- DONE INJECTING ----------
GameAssembly.dll+86B40DC: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+86B40E1: 48 83 C4 20 - add rsp,20
GameAssembly.dll+86B40E5: 5F - pop rdi
GameAssembly.dll+86B40E6: C3 - ret
GameAssembly.dll+86B40E7: E8 A4 CB A9 F7 - call GameAssembly.dll+150C90
GameAssembly.dll+86B40EC: CC - int 3
GameAssembly.dll+86B40ED: CC - int 3
GameAssembly.dll+86B40EE: AD - lodsd
GameAssembly.dll+86B40EF: 25 8D D1 FB 2D - and eax,2DFBD18D
GameAssembly.dll+86B40F4: BE 92 FF 7F 00 - mov esi,007FFF92
GameAssembly.dll+86B40F9: 00 D8 - add al,bl
}
Brief instructions would be:
Memory View
Tools
menu, pick Auto assemble
Auto assemble
window. Don't click Execute
File
menu select Assign to current ... table
Change Script
in the right-click menuCode: Select all
{ Game : ChaosGate.exe
Version: 1.0
Date : 2022-05-10
Author : Granon
There's function that applies a range constraint of ECX.
It checks that EDX < ECX < R8.
Returns EAX. For Bloom Rising calcs: EDX == 0 and R8 == 0x64
This script switches the followup from this to save the lower bound (EDX)
to the Bloom variable instead of the output from the function (EAX)
The function is used for other range contraints (e.g. health) so can't make
a simple alteration there.
}
[ENABLE]
aobscanmodule(WARP01,GameAssembly.dll,E8 ?? ?? ?? ?? 3B C3 89 47 10 48 8B 5C 24 30)
aobscanmodule(WARP02,GameAssembly.dll,E8 ?? ?? ?? ?? 89 47 10 3B C3 74 13 48 8B 8F ?? ?? ?? ?? 48 85 C9 74 07 33 D2 E8 ?? ?? ?? ?? 48 89 77 60 48 8B 5C 24 30 48 8B 6C 24 38)
aobscanmodule(WARP03,GameAssembly.dll,E8 ?? ?? ?? ?? 89 47 10 3B C3 74 13 48 8B 8F ?? ?? ?? ?? 48 85 C9 74 07 33 D2 E8 9C 4E 59 FF 4C 8B 7C 24 50 40 84 ED 48 8B 6C 24 48)
WARP01+7:
mov [rdi+10], edx
WARP02+5:
mov [rdi+10], edx
WARP03+5:
mov [rdi+10], edx
registersymbol(WARP01)
registersymbol(WARP02)
registersymbol(WARP03)
[DISABLE]
WARP01+7:
mov [rdi+10], eax
WARP02+5:
mov [rdi+10], eax
WARP03+5:
mov [rdi+10], eax
unregistersymbol(WARP01)
unregistersymbol(WARP02)
unregistersymbol(WARP03)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+E582FD
GameAssembly.dll+E582DE: 75 37 - jne GameAssembly.dll+E58317
GameAssembly.dll+E582E0: 48 89 5C 24 30 - mov [rsp+30],rbx
GameAssembly.dll+E582E5: 8B 5F 10 - mov ebx,[rdi+10]
GameAssembly.dll+E582E8: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+E582EB: 33 D2 - xor edx,edx
GameAssembly.dll+E582ED: 8B CE - mov ecx,esi
GameAssembly.dll+E582EF: 45 8D 41 64 - lea r8d,[r9+64]
GameAssembly.dll+E582F3: E8 48 D8 D3 00 - call GameAssembly.dll+1B95B40
GameAssembly.dll+E582F8: 3B C3 - cmp eax,ebx
GameAssembly.dll+E582FA: 89 47 10 - mov [rdi+10],eax <====
GameAssembly.dll+E582FD: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+E58302: 74 13 - je GameAssembly.dll+E58317
GameAssembly.dll+E58304: 48 8B 8F B8 00 00 00 - mov rcx,[rdi+000000B8]
GameAssembly.dll+E5830B: 48 85 C9 - test rcx,rcx
GameAssembly.dll+E5830E: 74 07 - je GameAssembly.dll+E58317
GameAssembly.dll+E58310: 33 D2 - xor edx,edx
GameAssembly.dll+E58312: E8 D9 17 59 FF - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E58317: 48 8B 74 24 38 - mov rsi,[rsp+38]
GameAssembly.dll+E5831C: 48 83 C4 20 - add rsp,20
GameAssembly.dll+E58320: 5F - pop rdi
GameAssembly.dll+E58321: C3 - ret
Also:
GameAssembly.dll+E54C2C - 45 33 C9 - xor r9d,r9d
GameAssembly.dll+E54C2F - 33 D2 - xor edx,edx
GameAssembly.dll+E54C31 - 45 8D 41 64 - lea r8d,[r9+64]
GameAssembly.dll+E54C35 - E8 060FD400 - call GameAssembly.dll+1B95B40
GameAssembly.dll+E54C3A - 89 47 10 - mov [rdi+10],eax <===
GameAssembly.dll+E54C3D - 3B C3 - cmp eax,ebx
GameAssembly.dll+E54C3F - 74 13 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C41 - 48 8B 8F B8000000 - mov rcx,[rdi+000000B8]
GameAssembly.dll+E54C48 - 48 85 C9 - test rcx,rcx
GameAssembly.dll+E54C4B - 74 07 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C4D - 33 D2 - xor edx,edx
GameAssembly.dll+E54C4F - E8 9C4E59FF - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E585AA - 48 89 77 60 - mov [rdi+60],rsi
GameAssembly.dll+E585AE - 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+E585B3 - 48 8B 6C 24 38 - mov rbp,[rsp+38]
Also:
GameAssembly.dll+E54C35 - E8 060FD400 - call GameAssembly.dll+1B95B40
GameAssembly.dll+E54C3A - 89 47 10 - mov [rdi+10],eax
GameAssembly.dll+E54C3D - 3B C3 - cmp eax,ebx
GameAssembly.dll+E54C3F - 74 13 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C41 - 48 8B 8F B8000000 - mov rcx,[rdi+000000B8]
GameAssembly.dll+E54C48 - 48 85 C9 - test rcx,rcx
GameAssembly.dll+E54C4B - 74 07 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C4D - 33 D2 - xor edx,edx
GameAssembly.dll+E54C4F - E8 9C4E59FF - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E54C54 - 4C 8B 7C 24 50 - mov r15,[rsp+50]
GameAssembly.dll+E54C59 - 40 84 ED - test bpl,bpl
GameAssembly.dll+E54C5C - 48 8B 6C 24 48 - mov rbp,[rsp+48]
}
So for those. They don't change while you are selecting rewards. For example, during the grand master report, say you start with 8, you select 3 rewards and the screen tells you you have 2 remaining, the value remains 8 until you hit confirm. After you hit confirm, it will change to the previously indicated level.
I think this person is asking if you can edit the actual reward Tier levels, not the amount of requisition.The Mogician wrote: ↑Thu May 12, 2022 4:21 pmSo for those. They don't change while you are selecting rewards. For example, during the grand master report, say you start with 8, you select 3 rewards and the screen tells you you have 2 remaining, the value remains 8 until you hit confirm. After you hit confirm, it will change to the previously indicated level.