Horizon Zero Dawn [Engine:Decima]

[iLeonidze]

There's a Test Area to the southwest of the map, complete with a campfire(images courtesy of NamoDev over at modding Discord):

Thank you for the info. A test area with control buttons is located by coordinates
-2522
-2220
222

It is not clear how to interact with them, they do not have "Use" button. There are also a couple of interesting test objects nearby. What are these empty boxes doing? How do I press buttons? In addition, the camp after its activation did not appear on the game map for some reason.











How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[Exeter]

New patch came out again today (1.02).



Was greeted with this fun message by the table when I didn't know the game updated LOL.

[SunBeam]

^ Hence why it's there. Mostly for me to know the game updated (silently; fark Steam!). Just get the string in the table match the displayed one, then it should work

[Exeter]

Yeah I didn't even know it updated until I tried to open the table rofl. Nice one ninja steam.

Table works again now after changing that.

[Arhelay]

One handsome gentleman posted it into Modding discord server. Maybe you can make sense of it and add it to table =)
This is supposed to fix speedhack

Code: Select all

*(float *)(*(uintptr_t *)(HZD.exe + 0x712A2E0) + 0x190) = 1.0f;

gGameModule pointer at HZD.exe+0x712A2E0 -> float at gGameModule+0x190 controls the game time scale

the instruction/byte at HZD.exe+0x11769D0 has to be changed to RET (0xC3) to prevent it from being reset every frame

[SunBeam]

Would help if you posted the modding Discord's address. Hate it when people talk generically about a supposedly modding server as if it was THE one server.

[axellslade]

[Link]

There you go.

[zangan]

hello,i'm a beginner using cheat engine so, basically i only use the script part on this CE table. is there a way i can override machines from distance ? or any easier way to override multiple machines in general? i just want to have fun watching machines fighting each other frequently in new game+

[axellslade]

hello,i'm a beginner using cheat engine so, basically i only use the script part on this CE table. is there a way i can override machines from distance ? or any easier way to override multiple machines in general? i just want to have fun watching machines fighting each other frequently in new game+

Use corruption arrows from the war bow, that's exactly what they do.

[Deathwing Zero]

I updated Hylian Z's Concentration script to game version 1.0.1 and 1.0.2. It could probably be made better by not tying it to a specific address and using more AOB bytes but it's not my code so I don't want to change it.

Version 1.0.1

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="31">
  <CheatEntries>
    <CheatEntry>
      <ID>26509</ID>
      <Description>"Concentrate!"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version:
  Date   : 2020-08-07
  Author : Hylian

  Inf Concentration
}

define(address,"HorizonZeroDawn.exe"+14945BA)
define(bytes,C5 FA 11 43 5C)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"HorizonZeroDawn.exe"+1494584)

label(code)
label(return)

newmem:

code:
  nop
  nop
  nop
  nop
  nop
  jmp return

address:
  jmp newmem
return:

[DISABLE]

address:
  db bytes
  // vmovss [rbx+5C],xmm0

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+14922BA

"HorizonZeroDawn.exe"+1492284: C5 FA 10 45 24           -  vmovss xmm0,[rbp+24]
"HorizonZeroDawn.exe"+1492289: 48 8B 05 10 4F C9 05     -  mov rax,[HorizonZeroDawn.exe+71271A0]
"HorizonZeroDawn.exe"+1492290: 48 8B 4B 30              -  mov rcx,[rbx+30]
"HorizonZeroDawn.exe"+1492294: C5 FA 5E 90 8C 01 00 00  -  vdivss xmm2,xmm0,[rax+0000018C]
"HorizonZeroDawn.exe"+149229C: C5 FA 10 05 9C B6 5F 00  -  vmovss xmm0,[HorizonZeroDawn.exe+1A8D940]
"HorizonZeroDawn.exe"+14922A4: C5 FA 5E 49 2C           -  vdivss xmm1,xmm0,[rcx+2C]
"HorizonZeroDawn.exe"+14922A9: C5 EA 59 D9              -  vmulss xmm3,xmm2,xmm1
"HorizonZeroDawn.exe"+14922AD: C5 FA 10 53 5C           -  vmovss xmm2,[rbx+5C]
"HorizonZeroDawn.exe"+14922B2: C5 EA 5C C3              -  vsubss xmm0,xmm2,xmm3
"HorizonZeroDawn.exe"+14922B6: C5 F8 2F F0              -  vcomiss xmm6,xmm0,xmm0
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+14922BA: C5 FA 11 43 5C           -  vmovss [rbx+5C],xmm0
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+14922BF: 0F 82 99 00 00 00        -  jb HorizonZeroDawn.exe+149235E
"HorizonZeroDawn.exe"+14922C5: 48 8B 41 38              -  mov rax,[rcx+38]
"HorizonZeroDawn.exe"+14922C9: C5 FA 10 50 34           -  vmovss xmm2,[rax+34]
"HorizonZeroDawn.exe"+14922CE: EB 0D                    -  jmp HorizonZeroDawn.exe+14922DD
"HorizonZeroDawn.exe"+14922D0: 48 8B 43 30              -  mov rax,[rbx+30]
"HorizonZeroDawn.exe"+14922D4: 48 8B 48 38              -  mov rcx,[rax+38]
"HorizonZeroDawn.exe"+14922D8: C5 FA 10 51 34           -  vmovss xmm2,[rcx+34]
"HorizonZeroDawn.exe"+14922DD: 48 8B 0D BC 4E C9 05     -  mov rcx,[HorizonZeroDawn.exe+71271A0]
"HorizonZeroDawn.exe"+14922E4: 48 8D 53 64              -  lea rdx,[rbx+64]
"HorizonZeroDawn.exe"+14922E8: 48 8B 89 88 09 00 00     -  mov rcx,[rcx+00000988]
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>

Version 1.0.2 (August 19, 2020)

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="31">
  <CheatEntries>
    <CheatEntry>
      <ID>26509</ID>
      <Description>"Concentrate!"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version:
  Date   : 2020-08-07
  Author : Hylian

  Inf Concentration
}

define(address,"HorizonZeroDawn.exe"+1494E9A)
define(bytes,C5 FA 11 43 5C)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"HorizonZeroDawn.exe"+1494E64)

label(code)
label(return)

newmem:

code:
  nop
  nop
  nop
  nop
  nop
  jmp return

address:
  jmp newmem
return:

[DISABLE]

address:
  db bytes
  // vmovss [rbx+5C],xmm0

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+14922BA

"HorizonZeroDawn.exe"+1492284: C5 FA 10 45 24           -  vmovss xmm0,[rbp+24]
"HorizonZeroDawn.exe"+1492289: 48 8B 05 10 4F C9 05     -  mov rax,[HorizonZeroDawn.exe+71271A0]
"HorizonZeroDawn.exe"+1492290: 48 8B 4B 30              -  mov rcx,[rbx+30]
"HorizonZeroDawn.exe"+1492294: C5 FA 5E 90 8C 01 00 00  -  vdivss xmm2,xmm0,[rax+0000018C]
"HorizonZeroDawn.exe"+149229C: C5 FA 10 05 9C B6 5F 00  -  vmovss xmm0,[HorizonZeroDawn.exe+1A8D940]
"HorizonZeroDawn.exe"+14922A4: C5 FA 5E 49 2C           -  vdivss xmm1,xmm0,[rcx+2C]
"HorizonZeroDawn.exe"+14922A9: C5 EA 59 D9              -  vmulss xmm3,xmm2,xmm1
"HorizonZeroDawn.exe"+14922AD: C5 FA 10 53 5C           -  vmovss xmm2,[rbx+5C]
"HorizonZeroDawn.exe"+14922B2: C5 EA 5C C3              -  vsubss xmm0,xmm2,xmm3
"HorizonZeroDawn.exe"+14922B6: C5 F8 2F F0              -  vcomiss xmm6,xmm0,xmm0
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+14922BA: C5 FA 11 43 5C           -  vmovss [rbx+5C],xmm0
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+14922BF: 0F 82 99 00 00 00        -  jb HorizonZeroDawn.exe+149235E
"HorizonZeroDawn.exe"+14922C5: 48 8B 41 38              -  mov rax,[rcx+38]
"HorizonZeroDawn.exe"+14922C9: C5 FA 10 50 34           -  vmovss xmm2,[rax+34]
"HorizonZeroDawn.exe"+14922CE: EB 0D                    -  jmp HorizonZeroDawn.exe+14922DD
"HorizonZeroDawn.exe"+14922D0: 48 8B 43 30              -  mov rax,[rbx+30]
"HorizonZeroDawn.exe"+14922D4: 48 8B 48 38              -  mov rcx,[rax+38]
"HorizonZeroDawn.exe"+14922D8: C5 FA 10 51 34           -  vmovss xmm2,[rcx+34]
"HorizonZeroDawn.exe"+14922DD: 48 8B 0D BC 4E C9 05     -  mov rcx,[HorizonZeroDawn.exe+71271A0]
"HorizonZeroDawn.exe"+14922E4: 48 8D 53 64              -  lea rdx,[rbx+64]
"HorizonZeroDawn.exe"+14922E8: 48 8B 89 88 09 00 00     -  mov rcx,[rcx+00000988]
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>

[zangan]

hello,i'm a beginner using cheat engine so, basically i only use the script part on this CE table. is there a way i can override machines from distance ? or any easier way to override multiple machines in general? i just want to have fun watching machines fighting each other frequently in new game+

Use corruption arrows from the war bow, that's exactly what they do.

if im not mistaken corruption arrow doesn't override monsters, and only make them fight each other for a short period of time.

[kpao_e]

[Link]

There you go.

First of all that's not how you link to a Discord server and second of all if you tried to link to the Nexus modding discord you literally linked to a limited access channel which you need special role for... GG

- HZD Modding Discord: [Link]
- type !nora in bot-commands channel to access modding channels

[axellslade]

First of all that's not how you link to a Discord server and second of all if you tried to link to the Nexus modding discord you literally linked to a limited access channel which you need special role for... GG

- HZD Modding Discord: [Link]
- type !nora in bot-commands channel to access modding channels

It has nothing to do with the Nexus whatsoever, but thanks for the proper link.

if im not mistaken corruption arrow doesn't override monsters, and only make them fight each other for a short period of time.

Overriding creatures is also time limited, unless you have that one skill which makes it permanent, if not mistaken.

[Gwetscher]

Just doing boring tutorial so not much to do right now. For now I got this

Got more stuff and fixed Health (fall damage)

Probably last update...

[#1]
- Infinite Health
- Damage Multiplier
- Infinite Ammo
- Infinite Oxygen
- Infinite Medicine
- Infinite Resources
- Infinite Concentration
- Instant Weapon Charge
- Infinite Carrying Capacity
[#2]
- No Trial Time Limit
- No Override Recharge
- No Trading Requirements
- No Crafting Requirements
[#3]
- Time of Day
- Stealth Mode
- Teleport Mode
[#4]
- Set Skill Points
- Set Experience Points

Notes & Credits:
- If you use Infinite Carrying Capacity you need to have this option active before you enter game world otherwise you lose items that exceed inventory limit.
- Credits for Time of Day to SunBeam, Credits for Stealth to jgoemat/cfemen

Is there a way to apply the Damage Multiplier without the Infinite Health switch? Unfortunately i couldn't figure it out myself. Or is that already integrated in SunBeams Table and i am to dumb to see it?

[cfemen]

One handsome gentleman posted it into Modding discord server. Maybe you can make sense of it and add it to table =)
This is supposed to fix speedhack

Code: Select all

*(float *)(*(uintptr_t *)(HZD.exe + 0x712A2E0) + 0x190) = 1.0f;

gGameModule pointer at HZD.exe+0x712A2E0 -> float at gGameModule+0x190 controls the game time scale

the instruction/byte at HZD.exe+0x11769D0 has to be changed to RET (0xC3) to prevent it from being reset every frame

well, actually its not "fixing" the speedhack.
its the float that controls the game speed.

the function that writes on the gGameModule+0x190 float also writes to:
gGameModule+0x80
gGameModule+0xC0
gGameModule+0x18C

here this script only effects the gamespeed float
(copy n paste directly into cheat engine, dont open the auto-assembler window)

activate script and you can control the gamespeed with the "New Speed" value.
you can also add custom hotkeys (right click -> Set Hotkeys )

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26686</ID>
      <Description>"Game Speed"</Description>
      <Options moHideChildren="1"/>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version: 
  Date   : 2020-08-20
  Author : cfe

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(aobWriteGameTime,HorizonZeroDawn.exe,C5 FA 11 99 90 01 00 00) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+11771B0)

label(code)
label(return)
label(fNewTime)
registersymbol(fNewTime)
newmem:

code:
  movss xmm3,[fNewTime]
  vmovss [rcx+00000190],xmm3
  jmp return
fNewTime:
dd (float)1.0

aobWriteGameTime:
  jmp newmem
  nop 3
return:
registersymbol(aobWriteGameTime)

[DISABLE]

aobWriteGameTime:
  db C5 FA 11 99 90 01 00 00

unregistersymbol(aobWriteGameTime)
dealloc(newmem)


</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>26687</ID>
          <Description>"New Speed"</Description>
          <VariableType>Float</VariableType>
          <Address>fNewTime</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

//

Edit:

Friend asked me for a pointer to the Player Shards:
(Activate Script and open Inventory)
Note : will only work for 1.02

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26716</ID>
      <Description>"Find Money"</Description>
      <Options moHideChildren="1"/>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version: 
  Date   : 2020-08-20
  Author : cfe

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(aobGetInvItems,HorizonZeroDawn.exe,00 00 00 4D 8B 37 49 8B CE 49 8B 06 FF 10) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+12DC7C6)

label(code)
label(return)
label(sScraps)
label(pScraps)
registersymbol(pScraps)

newmem:

code:
  mov rax,[r14]
  push rcx
  push rdx
  push rax
  sub rsp,28
  mov rcx,[r14+38]
  mov rdx,sScraps
  call strcmp
  test eax,eax
  jne short @f
  lea rcx,[r14+288]
  lea rdx,[HorizonZeroDawn.exe+27876B0]
  call HorizonZeroDawn.exe+B5DA80
  mov [pScraps],rax
  @@:
  add rsp,28
  pop rax
  pop rdx
  pop rcx
  call qword ptr [rax]
  jmp return
pScraps:
dq 0
sScraps:
db 4D 65 74 61 6C 5F 53 63 72 61 70 5F 00
aobGetInvItems+09:
  jmp newmem
return:
registersymbol(aobGetInvItems)

[DISABLE]
aobGetInvItems+09:
  db 49 8B 06 FF 10

unregistersymbol(aobGetInvItems)
dealloc(newmem)

</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>26720</ID>
          <Description>"Money"</Description>
          <LastState Value="994" RealAddress="28526DBB558"/>
          <VariableType>4 Bytes</VariableType>
          <Address>[pScraps]+58</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>