Death Stranding | Cheat Engine Table v1.0

[blazeddd]

Does anyone know how to properly modify number of likes? Got way too much from building roads and cheat engine won't allow the likes to actually stay down, goes right back up to current likes after trying to edit lower.

I got that in my upcoming table Each building has an ID, which is used when you click "Claim Materials" in the building's menu. Capital Knot City has id 0x66, for example. I'll explain more when I post my table.

Nice job! Have you already posted earlier versions of your table or by upcoming do you mean unreleased?

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[SunBeam]

I've not yet posted anything. Unreleased.

[aligator1442]

Does anyone know how to properly modify number of likes? Got way too much from building roads and cheat engine won't allow the likes to actually stay down, goes right back up to current likes after trying to edit lower.

I would like that too. It's possible?

[sage3k]

Death Stranding | Cheat Engine Table v1.0, [2020-07-15] | May work on other versions.



Since no one has posted yet, i thought i'd share my table first. Not many cheats but they're enough for me playing the game.

Cheats

• Unlimited Health
• Unlimited Stamina
• Unlimited Max Stamina
• Health/Max Health Editor

NOTES:

Someone else might want to add more stuff to this.

Thank you!

[SunBeam]

For whoever's interested, the Mission Timer (for the Urgent ones) is stored on Double. Just search for "Value Between" (what you see on screen in seconds - 2) and (what you see on screen in seconds + 2) to make sure you don't miss out on the address.

What I mean by "in seconds".

Say timer says "04:09:xx" when you are about to complete the Urgent mission and you're at the Terminal (that's the counter is shown on-screen):



Then you do this: 4 minutes = 4 * 60 = 240 seconds; plus the seconds -> 240 + 9 = 249. So in CE search for a Double value between 247 and 251. Then let the timer count some more and repeat the logic. You will find your value

If you can't be arsed with it, here's the spot for the Time Elapsed value:

Code: Select all

ds.exe+2FA526E - C5FB1076 38           - vmovsd xmm6,[rsi+38] // RSI is the Timer pointer
ds.exe+2FA5273 - C5CB5AC6              - vcvtsd2ss xmm0,xmm6,xmm6
ds.exe+2FA5277 - C5F82F46 30           - vcomiss xmm0,xmm0,[rsi+30]

With the information above, now that we have a Timer pointer, we can do these:

Code: Select all

00000001420BD738 lea r8,qword ptr ds:[1438E0E38] "CountdownTimer_ExportedSetBlinkStartTime"
00000001420BD765 lea r8,qword ptr ds:[1438E0E00] "CountdownTimer_ExportedResetTimer"
00000001420BD792 lea r8,qword ptr ds:[1438E0D50] "CountdownTimer_ExportedSetVisible"
00000001420BD7BF lea r8,qword ptr ds:[1438E0CE0] "CountdownTimer_ExportedIsTimerRunning"
00000001420BD7EC lea r8,qword ptr ds:[1438E0C60] "CountdownTimer_ExportedGetTimeRemaining"
00000001420BD819 lea r8,qword ptr ds:[1438E0BA0] "CountdownTimer_ExportedGetTimeElapsed"
00000001420BD846 lea r8,qword ptr ds:[1438E0B58] "CountdownTimer_ExportedAdjustTimeElapsed"
00000001420BD873 lea r8,qword ptr ds:[1438E0AC0] "CountdownTimer_ExportedAdjustTimeRemaining"
00000001420BD8A0 lea r8,qword ptr ds:[1438E0A28] "CountdownTimer_ExportedPauseTimer"
00000001420BD8CD lea r8,qword ptr ds:[1438E09F0] "CountdownTimer_ExportedStartTimer"
..
000000014304A568 lea r8,qword ptr ds:[143A893A0] "DSCountTimerBase_ExportedGetHashCode"
000000014304A595 lea r8,qword ptr ds:[143A89248] "DSCountTimerBase_ExportedGetCurrentTimeSecondsF"
000000014304A5C2 lea r8,qword ptr ds:[143A89068] "DSCountTimerBase_ExportedSetCurrentTimeSecondsF"
000000014304A5EF lea r8,qword ptr ds:[143A88FD8] "DSCountTimerBase_ExportedPause"
000000014304A61C lea r8,qword ptr ds:[143A88F90] "DSCountTimerBase_ExportedReset"
000000014304A649 lea r8,qword ptr ds:[143A88EA8] "DSCountTimerBase_ExportedStart"
..
000000014304A676 lea r8,qword ptr ds:[143A88D90] "DSCountTimerBase_sExportedFindInstanceFromHashCode"

I've explained in my article here how to use the above to get to the actual functions

I'll pick one: "00000001420BD765 lea r8,qword ptr ds:[1438E0E00] "CountdownTimer_ExportedResetTimer".



Now head to "00000001420CC930" in CE:

Code: Select all

ds.exe+20CC930 - 48 85 C9              - test rcx,rcx
ds.exe+20CC933 - 74 17                 - je ds.exe+20CC94C
ds.exe+20CC935 - 48 83 79 40 00        - cmp qword ptr [rcx+40],00 { 0 }
ds.exe+20CC93A - 74 10                 - je ds.exe+20CC94C
ds.exe+20CC93C - 48 8B 41 20           - mov rax,[rcx+20]
ds.exe+20CC940 - 48 85 C0              - test rax,rax
ds.exe+20CC943 - 74 07                 - je ds.exe+20CC94C
ds.exe+20CC945 - C7 40 1C 00000000     - mov [rax+1C],00000000 { 0 }
ds.exe+20CC94C - C3                    - ret 

We know from earlier what our Timer pointer is; it's stored in RSI at the location I provided. Set a break there and "collect" it:



In my case RSI is 0x00000423C471E2E0. So.. this becomes our RCX for the function above, "CountdownTimer_ResetTimer" (at ds.exe+20CC930).

The first ASM line says "test rcx,rcx" followed by a JE. This checks if our pointer address is NULL. If 0, then the JE is taken to the RET instruction at ds.exe+20CC94C. Else, the rest of the code executes.

Now.. I went back and checked my RSI's memory space just to try and understand what the code in ResetTimer does. This is how the memory space looks like:



I've highlighted the Double value so you see where it is, at offset 0x38 in RSI. I'll now revert to "8 Byte hex" display so I can explain the rest:



Analyzing the function's code raised some concerns. While "test rcx,rcx + je" made sense, the next part didn't. I looked at "cmp qword ptr [rcx+40],00". This is usually an ASM instruction that checks if a POINTER is NULL. Looking at the pic above, you can see that 0x40 is not a pointer. It contains this value: 0000000100000006.

Then I fed RSI pointer to the GetName function I posted in my article and got this:



Nada. So, at this point you'd be saying to yourself "hmm, I don't think I can use this pointer with the ResetTimer function". Well.. wrong I thought the same myself till I looked at the next lines of ASM:

Code: Select all

ds.exe+20CC93C - 48 8B 41 20           - mov rax,[rcx+20]
ds.exe+20CC940 - 48 85 C0              - test rax,rax
ds.exe+20CC943 - 74 07                 - je ds.exe+20CC94C
ds.exe+20CC945 - C7 40 1C 00000000     - mov [rax+1C],00000000 { 0 }

Considering my timer value is at offset 0x38 and the code above expects to find a pointer at 0x20 from the start of the structure.. then something didn't fit. Also.. you see how the end of the code does "mov [rax+1C],00000000", which means it will 0 out the Timer value. Back to the logic.. a pointer is read here "mov rax,[rcx+20]". So I looked a bit down from the starting point of my structure, namely 0x10 and saw this:



I fed that to GetName and got this:



Then I also noticed an interesting FLOAT value down the line:



Converting that to Float display shows this:



If you divide 2700 (seconds) to 60 (seconds) you get..



45 minutes And what was the Target Time in my first screenshot? That's right: 45:00:00.

Then I started poking at that 0x1C offset I saw in the function: "mov [rax+1C],00000000". Which is this value:



I set a breakpoint on it on access and found this code to access it:

Code: Select all

ds.exe+2FA54A3 - 0FB6 4A 18            - movzx ecx,byte ptr [rdx+18]

Fun fact is this piece of ASM is part of a function that's executing another function which adds Time Elapsed. So I thought "lemme make it 0". Nothing happened. Hmm.. "let me make it 2". And that, folks, paused the timer:



There you have it, quick tutorial on how to tackle Timers. You basically can finish an Urgent Mission like this:



BR,
Sun

[NotMySammich]

Does anyone know how to properly modify number of likes? Got way too much from building roads and cheat engine won't allow the likes to actually stay down, goes right back up to current likes after trying to edit lower.

I would like that too. It's possible?

To piggyback on this, I'd like to see a way to increase the level requirements for stat upgrades (cargo condition, bridge link, delivery time etc.) or a way to just disable the upgrades entirely.

[Master_Builder]

I tried stopping the timer like that; setting the 1 to a 2.
It worked visually, timer stopped at 2 minutes. When I turned in the delivery later, it said 13~ minutes passed and I only got a B rating.
Just FYI.

[Master_Builder]

Been working on this table for personal use. I didn't do durability since fearlessrevolution has that covered.
(Flings table, as of 2020-07-20, has road durability covered by "Max Building Durability".)

• Infinite Ammo
  Gives you infinite grenades, ammo (still need to reload), anchors, ladder, PCC, etc. Practically the same as Flings, but without fucking with the item quantity.
  Apparently affects AI as well. Use SunBeam's table when he posts it for a version that only affects the player.
• No Blood Pack Drain on Fire or Heal
  Prevents the blood pack from draining when you fire hematic rounds, hematic grenades, or even transfusion/healing.
  Also has a pointer to the value of the blood in the pack, fire hematic rounds from handgun/rifle or something to find the value.
• No Fatigue
  As max stamina decreases, it eventually reaches a point where you get this locked off part of the bar (Fatigue), where you have to rest to restore that. This stops that so drinking from the flask will always completely restore current max stamina back to 1000.
  This has no effect on bonus stamina and doesn't change how that behaves in any way.
• No Chiralium Cost When Shooting
  A late game gun can shoot chiralium instead of hematic rounds. This stops the chiralium from being consumed on firing then.
• No Material Loss on Claim
  Claim as much as you want from a location, the stored amount won't decrease. (Works for fabrication too.)
• Add Max Materials When Committing Any Amount
  When you add something to upgrade a structure and 'confirm' the added materials, this 'adds' 15000 of each material, effectively causing the upgrade to start instantly.
  Given the building now has all the materials it needs, it also upgrades directly to lvl3, even from lvl1.
  e.g. Place watchtower, add 1 chiralium, confirm, now it starts upgrading to lvl3.
• Quick Build (Build/Upgrade in Ns)
  By default reduces the upgrade/build time to 0 making it practically instant. (It still has to take time for some of the animations.)
  Also has a pointer to the current time remaining, and 'Max Build Time'. The remaining time will be reduced to max build time if higher.
• No Default Customization on Upgrade
  This eliminates a personal annoyance. When you upgrade a building to lvl2 (or higher), they show some hologram or play music by default.
  The player can remove this customization, or change it. For the former, it just sets a flag to not use the default customization value set.
  This sets that flag on upgrade acting as if the player has already unset the default customization option.
  (There's hidden children for building base address, the flag byte, & chiral added to the building if anyone is interested.)
  (Warning: I don't know how to handle actual flags in assembly to set only the desired bit, so this just overrides the whole byte. Seemed ok in my testing though.)
• No Visible Damage on Backpack
  The backpack visually degrades over time, faster when exposed to greater timefall, or you trip and fall in the mud, etc. The backpack is normally restored, 'cleaned', on rest. This just keeps it pretty all the time.
• Infinite Backpack Cover Durability
  Keeps the backpack cover from getting damaged.

Changelog:

• v1
  Initial Release.
• v2
  Renamed "No Locked Stamina Gain" to "No Fatigue".
  Added "No Visible Damage on Backpack".
  Added "Infinite Backpack Cover Durability".

Made & Tested on v1.01 on Steam.

[shoni89]

Could anyone manage to add a toggle to use photomode anywhere, during cutscenes too? Apparently some guy on Twitter did it with a photomode hack but he won't share it. Would make for good screenshots with more freedom. Hell, I would even pay for such a feature via mods.

[eyelsi]

Seeing how STN creates a lot of tables, I don't think it'll be out of line to request a pointer for resources when you enter a building.

I got that in my upcoming table Each building has an ID, which is used when you click "Claim Materials" in the building's menu. Capital Knot City has id 0x66, for example. I'll explain more when I post my table.

thanks SunBeam for attempting a table and the recently posted one as well.

I was wondering, its kind of annoying me, having the highway with reducing durability overtime.
although its over 90 hours until I have to rebuild the highway again, it still is annoying if that happens.

could the durability be changed by any means?

[Master_Builder]

I was wondering, its kind of annoying me, having the highway with reducing durability overtime.
although its over 90 hours until I have to rebuild the highway again, it still is annoying if that happens.

could the durability be changed by any means?

fearlessrevolution's trainer has a "Max Building Durability" option. In the latest one, this includes roads now too.

[SunBeam]

I tried stopping the timer like that; setting the 1 to a 2.
It worked visually, timer stopped at 2 minutes. When I turned in the delivery later, it said 13~ minutes passed and I only got a B rating.
Just FYI.

If you trap the timer when a timed mission starts, it will work. You already had the timer started and counting, thus the Tab copy was running. There's 2 timers: one for display and one for the stats. It's 1 actually, but split in two and kept in sync. I didn't bother with this going forward, as I already have the means to quickly end a mission (Reverse Trike with unlimited alls, so it's fast) and I certainly don't care about the grade I get at the end. Getting only S-es matters till you get a Terminal to 5 stars. Then it's redundant. And yes, don't care about the total rank value you end-up with, so let's not get again into that discussion.

Here's my proper Infinite Ammo, ditching anything that's not PLAYER related (AI doesn't benefit from it):

Code: Select all

{ Game   : ds.exe
  Version: 
  Date   : 2020-07-21
  Author : SunBeam

  This script does blah blah blah
}

define(address,"ds.exe"+265B03C)
define(bytes,8B B3 1C 04 00 00)

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
assert(address,bytes)
alloc(newmem,$1000,"ds.exe"+265B03C)

label(code)
label(return)

newmem:

code:
  push rax
  mov rax,[DSPlayerEntity]
  cmp rdi,[rax+44E8]
  pop rax
  jne short @f
    jmp ds.exe+265B1BD
  @@:
  mov esi,[rbx+0000041C]
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
address:
  db bytes
  // mov esi,[rbx+0000041C]

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "ds.exe"+265B03C

"ds.exe"+265B00B: 48 83 C3 70              -  add rbx,70
"ds.exe"+265B00F: 48 83 EE 01              -  sub rsi,01
"ds.exe"+265B013: 75 DE                    -  jne ds.exe+265AFF3
"ds.exe"+265B015: 80 A7 F1 4B 00 00 FD     -  and byte ptr [rdi+00004BF1],-03
"ds.exe"+265B01C: 4C 8D A7 40 01 00 00     -  lea r12,[rdi+00000140]
"ds.exe"+265B023: 45 38 74 24 D0           -  cmp [r12-30],r14l
"ds.exe"+265B028: 0F 84 8F 01 00 00        -  je ds.exe+265B1BD
"ds.exe"+265B02E: 49 8B 1C 24              -  mov rbx,[r12]
"ds.exe"+265B032: 44 38 73 12              -  cmp [rbx+12],r14l
"ds.exe"+265B036: 0F 84 81 01 00 00        -  je ds.exe+265B1BD
// ---------- INJECTING HERE ----------
"ds.exe"+265B03C: 8B B3 1C 04 00 00        -  mov esi,[rbx+0000041C]
// ---------- DONE INJECTING  ----------
"ds.exe"+265B042: 85 F6                    -  test esi,esi
"ds.exe"+265B044: 0F 84 73 01 00 00        -  je ds.exe+265B1BD
"ds.exe"+265B04A: 0F B6 93 B8 02 00 00     -  movzx edx,byte ptr [rbx+000002B8]
"ds.exe"+265B051: 48 8B CB                 -  mov rcx,rbx
"ds.exe"+265B054: E8 57 0A 04 00           -  call ds.exe+269BAB0
"ds.exe"+265B059: 44 38 B0 1C 01 00 00     -  cmp [rax+0000011C],r14l
"ds.exe"+265B060: 0F 85 57 01 00 00        -  jne ds.exe+265B1BD
"ds.exe"+265B066: 0F B6 8B B8 02 00 00     -  movzx ecx,byte ptr [rbx+000002B8]
"ds.exe"+265B06D: 48 C1 E1 06              -  shl rcx,06
"ds.exe"+265B071: 48 8B 44 19 28           -  mov rax,[rcx+rbx+28]
}

That bypasses everything, including the need to waste Blood Bags for Hematic Grenades. I've just landed in Central, played in West area till now, so no access to other weapons or ammo. The script will also bypass ruining the active item. As long as you have it equipped or on rack, it will get damaged to 99% but not get ruined Am not sure if it's actually a script feature or that's how it's intended. Uhm, and yes, you will need my table with the "DSPlayerEntity" hook; will post it once I add more.

As max stamina decreases, it eventually reaches a point where you get this locked off part of the bar, where you have to rest to restore that.

The game term for it is Fatigue.

Thanks for the table

BR,
Sun

[Master_Builder]

As max stamina decreases, it eventually reaches a point where you get this locked off part of the bar, where you have to rest to restore that.

The game term for it is Fatigue.

BR,
Sun

It's the simple things you forget sometimes. Thanks. Edited into the description.

As for the inf ammo, I don't really care about the AI in this case. They aren't really a challenge. Thanks for the script though.

Edit/PS: I also have a zip-line network covering the entire map so I have zero issues getting anywhere in the required amount of time.

[blazeddd]

Does anyone know how to properly modify number of likes? Got way too much from building roads and cheat engine won't allow the likes to actually stay down, goes right back up to current likes after trying to edit lower.

Been working on this table for personal use.

• Quick Build (Build/Upgrade in Ns)
  By default reduces the upgrade/build time to 0 making it practically instant. (It still has to take time for some of the animations.)
  Also has a pointer to the current time remaining, and 'Max Build Time', the remaining time will be reduced to this value if higher.

Nice! Just tried the new Quick Build and it works much better than Flings because it only gives you 1501 likes instead of 100,000+
Thank you so much for releasing this!

[SunBeam]

Gotta say I love it when trainer makers' habits get the better of them. I still fail to see the point in giving 999.999 crap to the player. But heh, marketing is nice for little kids and the trainer makers' e-rep...

Edit/PS: I also have a zip-line network covering the entire map so I have zero issues getting anywhere in the required amount of time.

I'll get there, just landed in Central Here's what I finalized so far:



To be posted sometime tonight. Will keep playing with it to see if there's any crashes.

BR,
Sun

EDIT: Forgot to add the Vehicle stats. Speaking of vehicle.. I left mine somewhere close to Central Knot City and went to clean up the BTs at the Incinerator. Then I got back to Port Knot by foot and thought when I move to Lake Knot my Trike will be moved as well. Guess not Do I need to bother going back for it and dropping it into the Garage to have it on Lake Knot? Do you even have the Trike available in Central Region? And one more thing: has it happened to you that your Trike lost all its Likes after a first repair in the Garage (store, retrieve)?