Horizon Zero Dawn [Engine:Decima]

[sebastianyyz]

Thank you so much for the update SunBeam

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[beguiler]

Here is infinite concentrate script from HylianZ rewritten to use aobscanmodule so that it will (hopefully) survive future updates. Just select all code and paste it back to a cheat table.

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>26534</ID>
      <Description>"Concentrate (aobscan version)"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{ Game   : HorizonZeroDawn.exe
  Version: 
  Date   : 2020-09-07

  Inf Concentrate. Hylian's code rewritten to use AOBScanModule for future updates.
}

[ENABLE]

aobscanmodule(Concentrate,HorizonZeroDawn.exe,C5 EA 5C C3 C5 F8 2F F0 C5 FA 11 43 5C) // should be unique
alloc(newmem,$100,"HorizonZeroDawn.exe")

label(code)
label(return)

newmem:

code:
  nop
  nop
  nop
  nop
  nop
  jmp return

Concentrate+8:
  jmp newmem
return:
registersymbol(Concentrate)

[DISABLE]

Concentrate+8:
  db C5 FA 11 43 5C

unregistersymbol(Concentrate)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+1488ABA

"HorizonZeroDawn.exe"+1488A84: C5 FA 10 45 24           -  vmovss xmm0,[rbp+24]
"HorizonZeroDawn.exe"+1488A89: 48 8B 05 E8 6D C9 05     -  mov rax,[HorizonZeroDawn.exe+711F878]
"HorizonZeroDawn.exe"+1488A90: 48 8B 4B 30              -  mov rcx,[rbx+30]
"HorizonZeroDawn.exe"+1488A94: C5 FA 5E 90 8C 01 00 00  -  vdivss xmm2,xmm0,[rax+0000018C]
"HorizonZeroDawn.exe"+1488A9C: C5 FA 10 05 9C CE 5F 00  -  vmovss xmm0,[HorizonZeroDawn.exe+1A85940]
"HorizonZeroDawn.exe"+1488AA4: C5 FA 5E 49 2C           -  vdivss xmm1,xmm0,[rcx+2C]
"HorizonZeroDawn.exe"+1488AA9: C5 EA 59 D9              -  vmulss xmm3,xmm2,xmm1
"HorizonZeroDawn.exe"+1488AAD: C5 FA 10 53 5C           -  vmovss xmm2,[rbx+5C]
"HorizonZeroDawn.exe"+1488AB2: C5 EA 5C C3              -  vsubss xmm0,xmm2,xmm3
"HorizonZeroDawn.exe"+1488AB6: C5 F8 2F F0              -  vcomiss xmm6,xmm0,xmm0
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+1488ABA: C5 FA 11 43 5C           -  vmovss [rbx+5C],xmm0
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+1488ABF: 0F 82 99 00 00 00        -  jb HorizonZeroDawn.exe+1488B5E
"HorizonZeroDawn.exe"+1488AC5: 48 8B 41 38              -  mov rax,[rcx+38]
"HorizonZeroDawn.exe"+1488AC9: C5 FA 10 50 34           -  vmovss xmm2,[rax+34]
"HorizonZeroDawn.exe"+1488ACE: EB 0D                    -  jmp HorizonZeroDawn.exe+1488ADD
"HorizonZeroDawn.exe"+1488AD0: 48 8B 43 30              -  mov rax,[rbx+30]
"HorizonZeroDawn.exe"+1488AD4: 48 8B 48 38              -  mov rcx,[rax+38]
"HorizonZeroDawn.exe"+1488AD8: C5 FA 10 51 34           -  vmovss xmm2,[rcx+34]
"HorizonZeroDawn.exe"+1488ADD: 48 8B 0D 94 6D C9 05     -  mov rcx,[HorizonZeroDawn.exe+711F878]
"HorizonZeroDawn.exe"+1488AE4: 48 8D 53 64              -  lea rdx,[rbx+64]
"HorizonZeroDawn.exe"+1488AE8: 48 8B 89 88 09 00 00     -  mov rcx,[rcx+00000988]
}
</AssemblerScript>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

[foxhoundDutch]

hello, can someone add inventory/backpack limit changeble so i can carry more resource items and other stuff ..
if its already in the table i can't find it please help

Greets

[HylianZ]

hello, can someone add inventory/backpack limit changeble so i can carry more resource items and other stuff ..
if its already in the table i can't find it please help

Greets

Page 2...

You guys don't even bother looking past the first post, do ya?

[foxhoundDutch]

i just browse the list of options and try to find it sorry

Greatly apreciated! thnx thnx

[SunBeam]

so i can carry more resource items and other stuff ..

Please read everything before you state "the expanded size doesn't stick". The moment you restart the game, Decima will reload the default templates, default stack sizes. Unless you know how to unpack the data files, alter settings and repack the files, there is no other way (sure there is, but I won't waste time determining where Decima loads those settings and patch stuff on the fly). Just so you know.

[loyloy]

Thank you to SunBeam and all coders that work on this to give us a good cheating/modding experience.

Is it possible to update the stealth mode code in Page 2?
The mod editing still works fine, but it seems now i can't be invisible...

[SunBeam]

Is it possible to update the stealth mode code in Page 2?

Well.. it's either 1 or 2:

• people should post their tables in their own topics

• users asking for updates on crap that is NOT part of the topic author's table should state WHICH other table they are talking about

Pick one, please. Cuz I honestly don't know what you're talking about, as I have no stealth in MY table. It's even faster to PM the author than wait till, perhaps one day, they'll see.

[Karlos_007]

When I try the
Get Weapon Coil|Outfit Weave Stats
It enables fine but when I select the coil both CE and HZD freeze at 0% cpu usage
The build is HRZ-PCR 8/5921178 9:53 - Wed Sep 02 2020


Coil|Weave Dupe / Inventory Editor and other stuff works fine
Awesome table btw, i have no idea how it works, I just make aobscans lol.

[SunBeam]

When I try the
Get Weapon Coil|Outfit Weave Stats
It enables fine but when I select the coil both CE and HZD freeze at 0% cpu usage
The build is HRZ-PCR 8/5921178 9:53 - Wed Sep 02 2020


Coil|Weave Dupe / Inventory Editor and other stuff works fine
Awesome table btw, i have no idea how it works, I just make aobscans lol.

Crap. Make sure you enable VEH in CE's Settings:



Updated main post as well.

[Karlos_007]

When I try the
Get Weapon Coil|Outfit Weave Stats
It enables fine but when I select the coil both CE and HZD freeze at 0% cpu usage
The build is HRZ-PCR 8/5921178 9:53 - Wed Sep 02 2020


Coil|Weave Dupe / Inventory Editor and other stuff works fine
Awesome table btw, i have no idea how it works, I just make aobscans lol.

Crap. Make sure you enable VEH in CE's Settings. Forgot to mention that aspect. Will edit.

Using VEH debugger did the trick, thanks

[loyloy]

Is it possible to update the stealth mode code in Page 2?

Well.. it's either 1 or 2:

• people should post their tables in their own topics

• users asking for updates on crap that is NOT part of the topic author's table should state WHICH other table they are talking about

Pick one, please. Cuz I honestly don't know what you're talking about, as I have no stealth in MY table. It's even faster to PM the author than wait till, perhaps one day, they'll see.

Understood, I will be sure to not repeat this mistake. Thanks for the info!

[Fsxnerd]

Hey guys, Thank you all so much for your hard work. I'm still learning cheat engine and making trainers with C++ and Lua, but here is my contribution so far. Some of these things may already have been put in Sun's or other people's tables, but I hope not. If they are, feel free to let me know and I'll take them down.

Glide Hack - Jump off a high place and glide. I also have a fly hack if anyone would prefer that as well. With it, you don't lose height, but instead gain it when sitting still and maintain constant height when moving

Code: Select all

[ENABLE]

aobscanmodule(FlyHack,HorizonZeroDawn.exe,C5 FA 11 A3 40 01 00 00) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+1148DBB)

label(code)
label(return)

newmem:

code:
  mov [rbx+00000140],(float)0.0
  jmp return

FlyHack:
  jmp newmem
  nop 3
return:
registersymbol(FlyHack)

[DISABLE]

FlyHack:
  db C5 FA 11 A3 40 01 00 00

unregistersymbol(FlyHack)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+1148DBB

"HorizonZeroDawn.exe"+1148D87: C5 CA 5D E2                    -  vminss xmm4,xmm6,xmm2
"HorizonZeroDawn.exe"+1148D8B: C5 FA 10 45 6F                 -  vmovss xmm0,[rbp+6F]
"HorizonZeroDawn.exe"+1148D90: C5 FA 59 0D 98 4D 94 00        -  vmulss xmm1,xmm0,[HorizonZeroDawn.exe+1A8DB30]
"HorizonZeroDawn.exe"+1148D98: C5 F8 28 B4 24 B0 00 00 00     -  vmovaps xmm6,[rsp+000000B0]
"HorizonZeroDawn.exe"+1148DA1: C5 C2 59 D7                    -  vmulss xmm2,xmm7,xmm7
"HorizonZeroDawn.exe"+1148DA5: C5 EA 59 D9                    -  vmulss xmm3,xmm2,xmm1
"HorizonZeroDawn.exe"+1148DA9: C5 DA 59 D7                    -  vmulss xmm2,xmm4,xmm7
"HorizonZeroDawn.exe"+1148DAD: C5 E2 58 C2                    -  vaddss xmm0,xmm3,xmm2
"HorizonZeroDawn.exe"+1148DB1: C5 FA 58 4E 08                 -  vaddss xmm1,xmm0,[rsi+08]
"HorizonZeroDawn.exe"+1148DB6: C5 FA 11 4E 08                 -  vmovss [rsi+08],xmm1
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+1148DBB: C5 FA 11 A3 40 01 00 00        -  vmovss [rbx+00000140],xmm4
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+1148DC3: EB 47                          -  jmp HorizonZeroDawn.exe+1148E0C
"HorizonZeroDawn.exe"+1148DC5: 45 84 FF                       -  test r15l,r15l
"HorizonZeroDawn.exe"+1148DC8: 74 38                          -  je HorizonZeroDawn.exe+1148E02
"HorizonZeroDawn.exe"+1148DCA: 48 8D 8F 80 01 00 00           -  lea rcx,[rdi+00000180]
"HorizonZeroDawn.exe"+1148DD1: E8 1A C2 70 FF                 -  call HorizonZeroDawn.exe+854FF0
"HorizonZeroDawn.exe"+1148DD6: 80 B8 28 06 00 00 00           -  cmp byte ptr [rax+00000628],00
"HorizonZeroDawn.exe"+1148DDD: 74 23                          -  je HorizonZeroDawn.exe+1148E02
"HorizonZeroDawn.exe"+1148DDF: 48 8B 8F E8 06 00 00           -  mov rcx,[rdi+000006E8]
"HorizonZeroDawn.exe"+1148DE6: 48 8D 55 97                    -  lea rdx,[rbp-69]
"HorizonZeroDawn.exe"+1148DEA: C5 F8 28 D7                    -  vmovaps xmm2,xmm7
}

Infinite skill points (Using addition method)

Code: Select all

[ENABLE]

aobscanmodule(infskills,HorizonZeroDawn.exe,41 29 45 68 48 8B D7) // should be unique
alloc(newmem,$1000,"HorizonZeroDawn.exe"+141C18C)

label(code)
label(return)

newmem:

code:
  add [r13+68],eax
  mov rdx,rdi
  jmp return

infskills:
  jmp newmem
  nop 2
return:
registersymbol(infskills)

[DISABLE]

infskills:
  db 41 29 45 68 48 8B D7

unregistersymbol(infskills)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "HorizonZeroDawn.exe"+141C18C

"HorizonZeroDawn.exe"+141C168: 48 8B CB                 -  mov rcx,rbx
"HorizonZeroDawn.exe"+141C16B: 0F B6 F0                 -  movzx esi,al
"HorizonZeroDawn.exe"+141C16E: FF 15 DC 47 62 00        -  call qword ptr [HorizonZeroDawn.exe+1A40950]
"HorizonZeroDawn.exe"+141C174: 40 84 F6                 -  test sil,sil
"HorizonZeroDawn.exe"+141C177: 74 42                    -  je HorizonZeroDawn.exe+141C1BB
"HorizonZeroDawn.exe"+141C179: 49 83 C6 08              -  add r14,08
"HorizonZeroDawn.exe"+141C17D: 4D 3B F4                 -  cmp r14,r12
"HorizonZeroDawn.exe"+141C180: 0F 85 6A FF FF FF        -  jne HorizonZeroDawn.exe+141C0F0
"HorizonZeroDawn.exe"+141C186: 8B 47 30                 -  mov eax,[rdi+30]
"HorizonZeroDawn.exe"+141C189: 45 33 C0                 -  xor r8d,r8d
// ---------- INJECTING HERE ----------
"HorizonZeroDawn.exe"+141C18C: 41 29 45 68              -  sub [r13+68],eax
"HorizonZeroDawn.exe"+141C190: 48 8B D7                 -  mov rdx,rdi
// ---------- DONE INJECTING  ----------
"HorizonZeroDawn.exe"+141C193: 49 8B CD                 -  mov rcx,r13
"HorizonZeroDawn.exe"+141C196: E8 B5 86 FF FF           -  call HorizonZeroDawn.exe+1414850
"HorizonZeroDawn.exe"+141C19B: 48 8B CF                 -  mov rcx,rdi
"HorizonZeroDawn.exe"+141C19E: B3 01                    -  mov bl,01
"HorizonZeroDawn.exe"+141C1A0: E8 CB 21 ED FE           -  call HorizonZeroDawn.exe+2EE370
"HorizonZeroDawn.exe"+141C1A5: 4C 8B 64 24 50           -  mov r12,[rsp+50]
"HorizonZeroDawn.exe"+141C1AA: 0F B6 C3                 -  movzx eax,bl
"HorizonZeroDawn.exe"+141C1AD: E9 D9 FE FF FF           -  jmp HorizonZeroDawn.exe+141C08B
"HorizonZeroDawn.exe"+141C1B2: 48 8B CB                 -  mov rcx,rbx
"HorizonZeroDawn.exe"+141C1B5: FF 15 95 47 62 00        -  call qword ptr [HorizonZeroDawn.exe+1A40950]
}

Anyone is free to use this and modify for bigger and better things! Once again, you guys are all great and I appreciate your hard work!

[tiaoalvino]

I have registered to the forum only to thank Sunbeam for this awesome work! Congratulations, man! And thank you very much for your hard work.

[TemptingIcarus]

Just want to say thank you again to SB. He's super helpful and is very deep on CE knowledge. I'll probably poke you on Discord if I need anything, but there's enough information to keep my questions in check, unless I royally screw something up.