DOOM Eternal [Engine:idTech 7]

[smashbro596]

You can put them in cfg file and execute them all with one exec command.
Until someone puts the AOB scan / patch in a proxy .dll like it was done with dinput8 for doom 2016 so that console block is removed earlier than it parses automatic configs or CLI params this is the only way.

Try using | between commands. Example: god|g_infiniteAmmo 1. Then paste that in the console and press Enter. See if it works. That's how it works in Unreal Engine 4.

god; g_infiniteAmmo 1
works fine

okay! i'll try that.
here goes! i'm gonna try my hand at ultra nightmare!

edit: yah this works wonderfully!

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[SunBeam]

god; g_infiniteAmmo 1
works fine

Cool. So the separator/splitter in idTech is ; Good to know

so many useful commands... is there any way we can, say put them in a batch file and call them all up?
gets tiring using the arrow keys to scroll through my history :p

You can put them in cfg file and execute them all with one exec command.
Until someone puts the AOB scan / patch in a proxy .dll like it was done with dinput8 for doom 2016 so that console block is removed earlier than it parses automatic configs or CLI params this is the only way.

do i put the commands in the same folder as the executable?

You would need to put them in DOOMEternalConfig.cfg (create a new file) in %UserProfile%\Saved Games\id Software\DOOMEternal\base folder.

[skacikpl]

god; g_infiniteAmmo 1
works fine

Cool. So the separator/splitter in idTech is ; Good to know

You can put them in cfg file and execute them all with one exec command.
Until someone puts the AOB scan / patch in a proxy .dll like it was done with dinput8 for doom 2016 so that console block is removed earlier than it parses automatic configs or CLI params this is the only way.

do i put the commands in the same folder as the executable?

You would need to put them in DOOMEternalConfig.cfg (create a new file) in %UserProfile%\Saved Games\id Software\DOOMEternal\base folder.

Actually AFAIK exec command reads from steamapps\common\DOOMEternal\base, so if you make myconfig.cfg and put your commands in it then do exec myconfig (or myconfig.cfg) in console it should execute all commands inside.

DOOMEternalConfig.cfg gets sanitized, and IIRC even if you have early removal of console block it still gets sanitized.

[SunBeam]

IIRC

You played Eternal before it was released or what? Otherwise, saying "IIRC" based on DOOM 2016 makes no sense. I tested last night the .cfg in 2016 and g_unlimitedAmmo 1 did work. The CVar gets reset on Engine initialization. Now I don't know if it works like that by default -OR- emoose's proxy .dll had a saying in it (patching restrictions). That still has to be tested.

[SamIam76]

therefore the fading out or burning of dead bodies uses one ore multiple individual timers/triggers.

Do you mean fading of bodies or body parts?
Because of the different commands.
If you mean bodies and for ai death never fade command it could be because by use of that command, some bodies still fade (the glory killed ones). While the others not (the normal killed ones).
Sorry if I misunderstood something, but wanted to tell that. Maybe it helps..

[skacikpl]

You played Eternal before it was released or what? Otherwise, saying "IIRC" based on DOOM 2016 makes no sense. I tested last night the .cfg in 2016 and g_unlimitedAmmo 1 did work. The CVar gets reset on Engine initialization. Now I don't know if it works like that by default -OR- emoose's proxy .dll had a saying in it (patching restrictions). That still has to be tested.

Then i might remember wrong and it only gets sanitized if console is restricted but i do know for a fact that this specific config does get sanitized.

EDIT:
Actually i might remember wrong yet again, the .local file might be the one getting sanitized.

[SunBeam]

the .local file might be the one getting sanitized.

That I can confirm myself I put some stuff in only to find it reset. Of course, you could make it read-only. Not sure if Engine re-creates it.

[nzr]

Anyone know how to change Slayer Ratings & Weapon Points? I used the all maxed out weapons cheat and now it both got set to negative points, thus making me unable to go into slayer gates

I was able to find it (one of values) with cheat engine, using scan values and change to zero. Gates opened after.

[_mcsnake_]

ai_ScriptCmd - Execute a script command.
ai_ScriptCmdEnt - Execute a script command.

Any idea how to use this commands ? And what exactly they do ?

[sawgunner13]

Looks like noClip crashes the game after the latest steam update.

[SunBeam]

Looks like noClip crashes the game after the latest steam update.

It's known.

Here's the run-down of what happens in DOOM 2016 when dinput8.dll (Legacy Mod) exists in the folder:

- original system32 dinput8.dll is loaded and via GetProcAddress the export DirectInput8Create is resolved
- the exported function runs apriori, before the game even gets to start, and sets up an IAT hook on QueryPerformanceCounter to allow Steam to unpack
- hook is hit and IAT restored, then 3 spots are hooked in the Engine: idCmdSystemLocal::AddCommand, idCVar::Init and the dynamic initializer for the "God" CVar (this hook is where the extra commands are registered)
- with the hooks set, game runs and hits those re-routed JMPs in such a way that each CVar or Command are made executable from start
- the DOOMConfig.cfg file is then loaded here:



- there's no restriction on loading up the file; however, the CVars have to be executable (which is what dinput8.dll already does) so they can be set/reset

The logic in the above screenshot happens in Eternal as well. Since the .cfg is loaded by the time you get to main menu, there's no way you'd be able to catch this in time. Supposedly I could rip the code that handles .cfg opening, loading and resetting of CVars (setting to your values), but am not sure at this point in time if I would properly rip sufficient. A thread would supposedly be run after (a script) that re-runs the .cfg reading

We'll see...

BR,
Sun

[Knightmare077]

This method used by Emoose may fix many executables
Looking forward to what you find out sun. I know once a injection file is made , the process of setting multiple cvars becomes easy.

[SunBeam]

This method used by Emoose may fix many executables
Looking forward to what you find out sun. I know once a injection file is made , the process of setting multiple cvars becomes easy.

Rather than bothering with coding a DLL I find the longer path a bit more interesting I've managed to map out the various functions in the DOOM 2016 .cfg file reading block + setting commands/CVars Soon you will be able to edit your .cfg, then activate a script in the table that re-loads the file, so it can execute stuff or reset CVars on the fly.



Just need now to extract the little bits of pieces of interest and compile a function with just that ASM

So far so good, I can load the file in memory and free it:

Code: Select all

[ENABLE]

alloc( LoadDOOMCfgThread, 0x1000, DOOMx64.exe )
registersymbol( LoadDOOMCfgThread )
CreateThread( LoadDOOMCfgThread )
label( LoadDOOMCfgThreadOff )
registersymbol( LoadDOOMCfgThreadOff )

label( LoadDOOMCfgThread_loop )

LoadDOOMCfgThread:
  sub rsp,28

LoadDOOMCfgThread_loop:
  mov rcx,A
  call Sleep
  cmp [LoadDOOMCfgThreadOff],1
  jne short @f

    add rsp,28
    mov [LoadDOOMCfgThreadOff],2
    ret

  @@:

  // VK_NUMPAD DEL
  mov rcx,6E
  call GetAsyncKeyState
  test ax,ax
  je short @f

    call short LoadDOOMCfg
    mov rcx,C8
    call Sleep

  @@:
  jmp LoadDOOMCfgThread_loop

align 10 CC

//*******************************
//*          Functions          *
//*******************************

LoadDOOMCfg:
//sub rsp,28
sub rsp,40
lea rbp,[rsp-58D8]
mov eax,59D8
sub rsp,rax
xor r15d,r15d
mov rcx,[DOOMx64.exe+3EB98A8]     // fileSystem
mov rax,[rcx]
mov [rsp+20],r15d
xor r9d,r9d
lea r8,[rbp-68]
lea rdx,[DOOMx64.exe+27187A8]     // "DOOMConfig.cfg"
call qword ptr [rax+C8]           // idFileSystemLocal::ReadFile
mov rdx,[rbp-68]
test rdx,rdx
je short @f
  mov rcx,[DOOMx64.exe+3EB98A8]   // fileSystem
  mov r8,[rcx]
  call qword ptr [r8+D0]          // idFileSystemLocal::FreeFile
@@:
add rsp,5A18
//add rsp,28
ret

align 10 CC

LoadDOOMCfgThreadOff:
dd 0

[DISABLE]

{$lua}

if( syntaxcheck == false ) then --actual execution
  local starttime = getTickCount()

if readInteger( "LoadDOOMCfgThreadOff" ) == 0 then --could be 2 already
  writeInteger( "LoadDOOMCfgThreadOff", 1 ) --tell the thread to kill itself
end

while( getTickCount() < starttime + 1000 ) and ( readInteger( "LoadDOOMCfgThreadOff" ) ~= 2 ) do --wait till it has finished
  sleep( 20 )
end

if( getTickCount() > starttime + 1000 ) then --could happen when the window is shown
  showMessage( 'Disabling the thread failed!' )
  error( 'Thread disabling failed!' )
end
  sleep( 1 )
end

{$asm}

unregistersymbol( LoadDOOMCfgThreadOff )
unregistersymbol( LoadDOOMCfgThread )
dealloc( LoadDOOMCfgThread )

Now to test a simplified file with just 1-2 CVars in it; the below should suffice:

Code: Select all

configVersion 7
//========================================
ai_death_FadeDelay 60000
g_infiniteAmmo 1

And patch in the rest of the code.

Once complete, this will be ported afterwards to Eternal.

BR,
Sun

[Knightmare077]

Sunbeam; you rock! you're a freaking console unlocking ninja I tell you
fingers crossed here all goes well and successful!

[SunBeam]

And success

If you have DOOM 2016 on Steam installed, head to %UserProfile%\Saved Games\id Software\DOOM\base. Once there, create an empty file called DOOMConfig.cfg (I think you can change the name of this file to whatever the fuck you want, considering DOOM needs the file name to load it ) and put this in:

Code: Select all

configVersion 7
//========================================
ai_death_FadeDelay 10000
g_infiniteAmmo 1

Save file, open game (make sure you have emoose's dinput8.dll in the game folder) and get to main menu. Open the console, type in g_infiniteAmmo [TAB] and you'll see its value is 1. Do the same with ai_death_FadeDelay [TAB] and you'll see its value is 10000.

Reopen your .cfg file in Notepad++ or whatever and now change ai_death_FadeDelay to 30000 and g_infiniteAmmo to 0. Save file.

Download the table below:

DOOMx64.CT

this is for DOOM 2016, not Eternal!

(8.39 KiB) Downloaded 140 times

Open CE, target DOOMx64.exe (sorry, I really can't be arsed to also do it for your Vulkan version), load the table and enable the "LoadDOOMCfg_Thread" script. Head back in-game and press Numpad Del one time. If all goes well and you don't crash.. in the console re-type g_infiniteAmmo [TAB] - value is now 0; ai_death_FadeDelay [TAB] - value is now 30000

So there you have it. You can now bulk set a shitload of commands/CVars with the run of a script.

Now to port it to Eternal. Will see if I really need to patch the exec flags like emoose does or the "Unrestrict Console Commands/CVars & Bind" is sufficient.

BR,
Sun