Re: Horizon Zero Dawn [Engine:Decima]
Posted: Wed Dec 01, 2021 1:47 pm
Oh nice I can start NG+ at level 10 or so, then set skill points to zero! THen I can take my time exploring, crafting and gainign skills!! YAY!!!
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Thank you for your hard work!
don't know if you'll answer but is there an updated version on pateron?
I used string references which pointed to exported Engine functions:tonka4ok wrote: ↑Sat Jan 01, 2022 8:53 pm1. How did you initially figure out the localPlayer address? (This drove me crazy)
I managed to track mine down from health and multiple pointerscans but now looking at your table - it seems I am at the wrong address even though the health values are real? You seem to be starting one level up and your "Destructibility" pointer is actually the "localPlayer"' that I was using, I guess I was in the wrong this whole time?
I usually find a structure of reference, then I browse the memory address in Hex Dump (Memory View > bottom part), select a big range of data with my mouse and activate an exception breakpoint for that page. Then do stuff in game, while lagging, like shooting, getting hit, etc. And a lot of crap shows up in the debug window. Then I test whatever I consider interesting (like BOOLs -- mov byte ptr [], cmp byte ptr []) and based on the effect, name them. Without debug symbols or the source code you won't know who they are and at what offsets in which structures. So this is just me analyzing effects.
By RTTI name. See [ Debug ] > Get Name script. Give it structure address, get name. Also, there are a lot of string references pointing to game functions:
By checking around the health and ammo processing. Whenever I see "cmp byte ptr []" I have to test what happens when that byte is 0 or 1 Then you go back to the base address in that cmp and try other offsets. With exception breakpoints, like I said earlier. No, no IDA used in the process. I mainly used x64dbg.tonka4ok wrote: ↑Sat Jan 01, 2022 8:53 pm4. How did you find the debug functionality? That is really really cool as well, really impressive, I've been fiddling around trying to find what you did, no luck, not even close.
5. Did you need to use IDA in any part of your reversing? Did CE do the trick for you?
Wow!
They pause program execution at chosen instruction, letting you see the stack and register valuestonka4ok wrote: ↑Sun Jan 02, 2022 11:52 pmThank you very much for all the heads up and the interesting approaches that you just introduced to me!
I really didn't expect such a detailed response, you are a lifesaver!
I am going to try x64dbg right away, haven't used it!
Just wondering one thing, you mentioned exception breakpoints, how are they actually useful in the current scenario? Aren't they triggered upon an exception occurrence? Or am I wrong?
Don't the hardware/software breakpoints do the same?rambo99jose wrote: ↑Mon Jan 03, 2022 12:24 amThey pause program execution at chosen instruction, letting you see the stack and register valuestonka4ok wrote: ↑Sun Jan 02, 2022 11:52 pmThank you very much for all the heads up and the interesting approaches that you just introduced to me!
I really didn't expect such a detailed response, you are a lifesaver!
I am going to try x64dbg right away, haven't used it!
Just wondering one thing, you mentioned exception breakpoints, how are they actually useful in the current scenario? Aren't they triggered upon an exception occurrence? Or am I wrong?
When you debug some on-screen value (read/write, hardware or software breakpoint -- most people use VEH) you usually end-up with a series of instructions accessing (reading/writing from/to) your address. Then you see something like this: "cmp byte ptr [rcx+750],1". Instantly you will say "well, rcx is base, so let me see what's there". In modern games, this is a structure that has a certain layout.
Thank you, now I understand what you mean.