Horizon Zero Dawn [Engine:Decima]

[misishi]

Hi guys, Any way to change a specific item quantity? I need to change the Power Cell quantity back to 2, I wound up with 99 of them after activating some script from here and that 99 quantity fucks up the quest.

I managed to screw up my metal flowers like this and i can't collect more now
Does anyone know the to address for them?

Hello, my metal flowers are screwed too, can you help me if you find a way to fix them? Thanks in advance

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[enpoping]

LOL, did he really just reporting admin.

[enpoping]

Have you a mod for Blue Gem Ice?

did it yourself, scan the number of your bluegleam at 4 bytes, try to pick up 1 or few then scan next number then change the number you want.

[axellslade]

Hi guys, Any way to change a specific item quantity? I need to change the Power Cell quantity back to 2, I wound up with 99 of them after activating some script from here and that 99 quantity fucks up the quest.

I managed to screw up my metal flowers like this and i can't collect more now
Does anyone know the to address for them?

There's three different sets of metal flowers, which one was it?

[misishi]

Hi guys, Any way to change a specific item quantity? I need to change the Power Cell quantity back to 2, I wound up with 99 of them after activating some script from here and that 99 quantity fucks up the quest.

I managed to screw up my metal flowers like this and i can't collect more now
Does anyone know the to address for them?

There's three different sets of metal flowers, which one was it?

Mine is Mark I and Mark III

[mldt-f1]

Game version: CDX day1
Table Version: 20200809_v0.7

.:|FEATURES|:.

• Ammo (activate only 1)
  • Unlimited Ammo
  • Unlimited Ammo + Rapid fire + Multishot
• Unlimited Skillpoints (spend some to update)
• Pointers
  • playerHP(freeze value, if pointer doesn't work try another from screenshot)
    alternate player HP pointers

    
  • max hp(temporary)
  • bow slow time
  • fire arrows (optional, can use Unlimited Ammo instead)
  • normal arrows (optional, can use Unlimited Ammo instead)
  • electro arrows (optional, can use Unlimited Ammo instead)
    alternate arrow pointers

    
• Inventory Limits (temporary)
• Freecraft/freebuy (adds spent materials back) (DEACTIVATE WHEN DONE BUYING/CRAFTING)

.:|NOTES|:.

• "Unlimited Ammo" - side effect= gives you one extra scrap per trade
• "Unlimited Ammo + Rapid fire + Multishot" - IS VERY CHEATY, USE ONLY IF YOU WANT TO NUKE ROBOTS
• "Inventory Limits" - resets on game reload
• "Freecraft/freebuy" - conflicts with ammo usage, deactivate when done using for upgrade/buy

.:|CHANGELOG|:.
v0.2: fixed unlimited health
v0.3: just realized you can upgrade quiver, so now setting 99 arrows with "Unlimited Ammo" script to prevent waste
v0.4: removed AOB to find hp, that location was shared with enemies and not safe to freeze (hp bar glitch). Use pointer to freeze player hp, if it doesn't work try another [if you prefered old way which let you easily detect enemies its under DO NOT TOUCH]
v0.5: added pointers for arrows, bow slow time, temporary max hp, temporary inventory limits
v0.6: updated pointers for arrows[changed after capacity upgrades] (see image for alternates if they don't work)
v0.7: changed logic of Unlimited Ammo, (side effect now is you get one extra scrap per trade)

I'm probably done with table for a while, need to play the game a bit

Inventory limits when you load the game again you lost the itens you have acquired after use more than the limit

[Pixzl]

Has a quest skipper/completer been considered? I only ask since I appear to have bugged my game. Used the float mod to land myself in a couldron area I hadn't unlocked yet and it triggered a side quest. Didn't think any of it until I got to that point in game and now I'm unable to progress. The quest won't update. I'm still able to play the mission with no direction, cutscenes even play to. But I can't complete it. Real bummer

[Renagede77]

Is there a way to enable/unlock New Game+ with this?
That way we don't have to beat it on a regular playthrough first.

[RedKaezar]

[ 10 Aug 20 - Hit #3 ]

Added Infinite Clip / Fast Fire script. And other stuff in Pointers/Structures.

-snip-

Is the Fast Fire similar to Drazerak's Instant Charge function?

[SunBeam]

Is the Fast Fire similar to Drazerak's Instant Charge function?

Try it. I swear I don't get you people. It takes less time for you to try it than open your browser, find this topic, write shit and reply. Seriously now.

Is there a way to enable/unlock New Game+ with this?
That way we don't have to beat it on a regular playthrough first.

Sure:

Code: Select all

HorizonZeroDawn.exe+115A951 - 48 8D 05 C8340200     - lea rax,[HorizonZeroDawn.exe+117DE20] { (2030406472) }
HorizonZeroDawn.exe+115A958 - C7 44 24 28 03000000  - mov [rsp+28],00000003 { 3 }
HorizonZeroDawn.exe+115A960 - 4C 8B CB              - mov r9,rbx
HorizonZeroDawn.exe+115A963 - 48 89 44 24 20        - mov [rsp+20],rax
HorizonZeroDawn.exe+115A968 - 4C 8D 05 C913C900     - lea r8,[HorizonZeroDawn.exe+1DEBD38] { ("GameModule_sExportedIsNewGamePlus") }
HorizonZeroDawn.exe+115A96F - 48 8B CE              - mov rcx,rsi
HorizonZeroDawn.exe+115A972 - 48 8D 15 E713C900     - lea rdx,[HorizonZeroDawn.exe+1DEBD60] { ("IsNewGamePlus") }

Then:

Code: Select all

HorizonZeroDawn.exe+117DE20 - 48 8B 05 7993FA05     - mov rax,[HorizonZeroDawn.exe+71271A0] { (0) }
HorizonZeroDawn.exe+117DE27 - 0FB6 80 780A0000      - movzx eax,byte ptr [rax+00000A78]
HorizonZeroDawn.exe+117DE2E - C3                    - ret 

Now.. "HorizonZeroDawn.exe+71271A0" will be NULL till you go into game world from main menu (click CONTINUE). Once in, you will see that now "HorizonZeroDawn.exe+71271A0" contains a valid pointer. The GameModule one. Exit to main menu. You will see 0 is written to "HorizonZeroDawn.exe+71271A0". So let's set a breakpoint on write at "HorizonZeroDawn.exe+71271A0".

The idea is to find out where the game initializes the GameModule and where it checks if the new IsNewGamePlus or not

So the GameModule pointer is written to "HorizonZeroDawn.exe+71271A0" here:

Code: Select all

HorizonZeroDawn.exe+116DBFB - B9 38000000           - mov ecx,00000038 { 56 }
HorizonZeroDawn.exe+116DC00 - 4C 89 A4 24 F8000000  - mov [rsp+000000F8],r12
HorizonZeroDawn.exe+116DC08 - 4C 89 35 9195FB05     - mov [HorizonZeroDawn.exe+71271A0],r14 { (16B8879B780) }

What we need to do next is set a breakpoint at the prologue of the function "HorizonZeroDawn.exe+116DC08" is a part of and see how the game initializes the GameModule pointer and WHERE it checks if it's a NG+ or not.

Before I went on with that, I just wanted to see if 0xA78 offset is checked while game loads. And it does:

Code: Select all

HorizonZeroDawn.exe+11EC040 - 48 89 5C 24 08        - mov [rsp+08],rbx
HorizonZeroDawn.exe+11EC045 - 57                    - push rdi
HorizonZeroDawn.exe+11EC046 - 48 83 EC 20           - sub rsp,20 { 32 }
HorizonZeroDawn.exe+11EC04A - 0FB6 D9               - movzx ebx,cl
HorizonZeroDawn.exe+11EC04D - 40 32 FF              - xor dil,dil
HorizonZeroDawn.exe+11EC050 - E8 ABFA5BFF           - call HorizonZeroDawn.exe+7ABB00
HorizonZeroDawn.exe+11EC055 - 84 C0                 - test al,al
HorizonZeroDawn.exe+11EC057 - 40 0FB6 FF            - movzx edi,dil
HorizonZeroDawn.exe+11EC05B - B9 80000000           - mov ecx,00000080 { 128 }
HorizonZeroDawn.exe+11EC060 - 0F45 F9               - cmovne edi,ecx
HorizonZeroDawn.exe+11EC063 - 84 DB                 - test bl,bl
HorizonZeroDawn.exe+11EC065 - 74 54                 - je HorizonZeroDawn.exe+11EC0BB
HorizonZeroDawn.exe+11EC067 - 48 8B 0D 32B1F305     - mov rcx,[HorizonZeroDawn.exe+71271A0] { (16B8879B780) }
HorizonZeroDawn.exe+11EC06E - 48 85 C9              - test rcx,rcx
HorizonZeroDawn.exe+11EC071 - 74 48                 - je HorizonZeroDawn.exe+11EC0BB
HorizonZeroDawn.exe+11EC073 - E8 A82BF8FF           - call HorizonZeroDawn.exe+116EC20 <--
..
HorizonZeroDawn.exe+116EC20 - 0FB6 81 780A0000      - movzx eax,byte ptr [rcx+00000A78] <--
HorizonZeroDawn.exe+116EC27 - C3                    - ret 

Changing the byte to 1 as the game loads, this happens:



Hope you see in top-right the "New Game+" string So there's no need to set a breakpoint at the prologue of the function "HorizonZeroDawn.exe+116DC08" is a part of, because this works already.

Now.. once you are in-game, press E at a bonfire and exit to main menu. Your game now will turn into an NG+. Click CONTINUE to load the game and you will see "New Game+" at top right when loading. All I did was to activate NG+ for your savegame. I won't respond to questions like "but are the features of NG+ really enabled?" - simply put, I don't know or care. What I can tell you is I can't change the Difficulty setting in Settings/General menu, which something they tell you at main menu:



As far as activating NEW GAME+ at main menu, I dunno. Could probably do it, but what's the point when you can turn your save-game into an NG+ anyway?..

1) Go to main menu.
2) Copy and paste this in your CE main window:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26504</ID>
      <Description>"Activate "New Game+" for current save-game"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version: 
  Date   : 2020-08-11
  Author : SunBeam

  Flips 0x1 byte in GameModule for IsNewGamePlus
}

define(address,"HorizonZeroDawn.exe"+116EC20)
define(bytes,0F B6 81 78 0A 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"HorizonZeroDawn.exe"+116EC20)

label(code)
label(return)

newmem:

code:
  mov byte ptr [rcx+00000A78],1 // flip it here
  movzx eax,byte ptr [rcx+00000A78]
  jmp return

address:
  jmp newmem
  nop 2
return:

[DISABLE]

address:
  db bytes
  // movzx eax,byte ptr [rcx+00000A78]

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+116EC20

"HorizonZeroDawn.exe"+116EC16: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC17: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC18: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC19: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1A: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1B: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1C: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1D: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1E: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC1F: CC                    -  int 3 
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+116EC20: 0F B6 81 78 0A 00 00  -  movzx eax,byte ptr [rcx+00000A78]
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+116EC27: C3                    -  ret 
"HorizonZeroDawn.exe"+116EC28: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC29: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2A: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2B: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2C: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2D: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2E: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC2F: CC                    -  int 3 
"HorizonZeroDawn.exe"+116EC30: 40 53                 -  push rbx
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

3) Activate script.
4) Click CONTINUE.
5) Quicksave at bonfire.
6) You can now disable script.
7) Go to main menu and click CONTINUE to see that flag got saved.
8) Done.



You can see 1st and 2nd quicksaves show NG+. 3rd one, which was my manual save last night, doesn't So it works.



Let me check with a Merchant:









vs.



So yeah, it's there. Seems to be working fine for me

Peace,
Sun

P.S.: Keep in mind to date NO trainer/table out there has this option. Now, I've been receiving some information as to some certain individual(s) bitching over the existing fearlessrevolution, CEV and WM trainers out there having copied CH shit. If you suddenly come up with a NG+ option in your trainers after reading this, don't be a cunt about it and credit where due [who:SunBeam;when:11-Aug-20 7:51 am]

[Skaard]

Hi guys, Any way to change a specific item quantity? I need to change the Power Cell quantity back to 2, I wound up with 99 of them after activating some script from here and that 99 quantity fucks up the quest.

I would really like to know as well, I have gone through the table and I could be missing something but there doesn't appear to be such a function. I am actually here because my power-cells glitched when I picked one up and now its gone and i never noticed so that save file is long gone. Came hoping this table might have the value location or a way to find it

[SunBeam]

^ I'm sorry. This goes to say don't trust those trainer makers you praise so much for their invaluable work. Sarcasm. Will see if I can create an Inventory Item Pointer hook, so you can manually edit your heart away.

[RedKaezar]

Try it. -snip-

I did. I didn't notice any difference.

Or rather, I didn't notice any difference on Drazerak's function (the charging reticle is gone, but the bow animation still plays, and tap fire still sends bows flying in a spread). Oh, and I was using HylianZ's infinite arrow code in tandem, so at least now I can turn that code off.

[Renagede77]

@SunBeam

I've got the script copy/pasted into Cheat Engine, but it won't activate for me.
When I right-click on it, it says:

<<Error in line 14 (assert("HorizonZeroDawn.exe"+116EC20,0F B6 81 78 0A 00 00)) :The bytes at "HorizonZeroDawn.exe"+116EC20 are not what was expected>>

Should I try to follow the steps you wrote out and attempt to figure it out myself or is there an easier fix you know of?
I'm playing on the Epic Store, but other tables and "other programs" don't seem to care what version it is.

[SunBeam]

...

If you got my table, after activating the [ Enable ] script, go into [ Pointers/Structures ] section, scroll to the bottom and do this:



Add the entry like I did. Go in-game (as in the game world, click CONTINUE or load latest save), then back to CE. Set it to 1. Quicksave at bonfire and go back to main menu. Then load the quicksave. Easy peasy.

Confirm it worked.