Warhammer 40,000: Chaos Gate - Daemonhunters

[Reaper1222]

hi how does the upgrade project days works? can't seem to get it to work

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[The Mogician]

hi how does the upgrade project days works? can't seem to get it to work

Set it to 1 and the project should finish the next day

[Reaper1222]

hi how does the upgrade project days works? can't seem to get it to work

Set it to 1 and the project should finish the next day

hi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?

[The Mogician]

hi how does the upgrade project days works? can't seem to get it to work

Set it to 1 and the project should finish the next day

hi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?

Hmm, it should normally populate after you activate an upgrade. I'll check on it later.

[newvelaric]

Set it to 1 and the project should finish the next day

hi thx but the problem is the option doesn't activate for me, it remains ???. and another question it works for the ship upgrades or just research? which section of the ship i have to be for me to activate it?

Hmm, it should normally populate after you activate an upgrade. I'll check on it later.

I would appreciate it if you can check this. I am in the same boat. I just have "?????" in the address, so it is impossible for me to click the checkbox and set the "Value" from "??" to "1."

I have tried Cheat Engine 7.3 and 7.4, it is the same problem.

Thank you!

[Rhark]

Fast Repair and Construction

Code: Select all

{ Game   : ChaosGate.exe
  Version: 
  Date   : 2022-05-09
  Author : rhark

  Advance time by 1 Day to instantly complete a repair or construction/upgrade job.
}

[ENABLE]

aobscanmodule(repairTime_AOB,GameAssembly.dll,29??89????488B??????4883????5FC3E8) // should be unique
alloc(newmem,$1000,repairTime_AOB)

label(code_repair)
registersymbol(code_repair)
label(return)

newmem:
  mov eax,63
code_repair:
  readmem(repairTime_AOB,5)
{
  sub ebx,eax
  mov [rdi+28],ebx
}
  jmp return

repairTime_AOB:
  jmp newmem
return:
registersymbol(repairTime_AOB)

[DISABLE]

repairTime_AOB:
  readmem(code_repair,5) //db 29 C3 89 5F 28

unregistersymbol(repairTime_AOB)
unregistersymbol(code_repair)
dealloc(newmem)

[Granon]

Hah, Rhark.. I just signed up to post the same thing, slightly differently.

Code: Select all

{ Game   : ChaosGate.exe
  Version: 1.0
  Date   : 2022-05-09
  Author : Granon

  This script is intended to change the "Days Left" to 0 for construction
  projects.
}

[ENABLE]

// AOB from the JNE with the static addresses wild-carded. Hopefully endures game updates.
// Overwrites the SUB, MOV
aobscanmodule(CONSTRUCTION_DECREMENT,GameAssembly.dll,75 05 E8 ?? ?? ?? ?? 31 C9 E8 ?? ?? ?? ?? 31 D2 E8 ?? ?? ?? ?? 29 C3 89 5F 28) // should be unique
alloc(CONSTRUCTION_INJECTION,$1000,CONSTRUCTION_DECREMENT)
label(skip)
label(code)
label(return)

CONSTRUCTION_INJECTION:
readmem(CONSTRUCTION_DECREMENT+15, 5)
code:
  sub ebx, eax
  cmp ebx, 0
  jnge skip
  mov ebx, 0
skip:
  mov [rdi+28], ebx
  mov rbx,[rsp+30]
  jmp return

CONSTRUCTION_DECREMENT+15:
  jmp code
return:

registersymbol(CONSTRUCTION_DECREMENT)
registersymbol(CONSTRUCTION_INJECTION)

[DISABLE]

CONSTRUCTION_DECREMENT+15:
  readmem(CONSTRUCTION_INJECTION, 5)

unregistersymbol(CONSTRUCTION_DECREMENT)
unregistersymbol(CONSTRUCTION_INJECTION)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+86B40DC

GameAssembly.dll+86B40B9: 74 0E                 - je GameAssembly.dll+86B40C9
GameAssembly.dll+86B40BB: 83 B9 E0 00 00 00 00  - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+86B40C2: 75 05                 - jne GameAssembly.dll+86B40C9
GameAssembly.dll+86B40C4: E8 A7 F2 A1 F7        - call GameAssembly.dll+D3370
GameAssembly.dll+86B40C9: 31 C9                 - xor ecx,ecx
GameAssembly.dll+86B40CB: E8 50 B2 7F F8        - call GameAssembly.dll+EAF320
GameAssembly.dll+86B40D0: 31 D2                 - xor edx,edx
GameAssembly.dll+86B40D2: E8 69 19 4E F9        - call GameAssembly.dll+1B95A40
// ---------- INJECTING HERE ----------
GameAssembly.dll+86B40D7: 29 C3                 - sub ebx,eax
GameAssembly.dll+86B40D9: 89 5F 28              - mov [rdi+28],ebx
// ---------- DONE INJECTING  ----------
GameAssembly.dll+86B40DC: 48 8B 5C 24 30        - mov rbx,[rsp+30]
GameAssembly.dll+86B40E1: 48 83 C4 20           - add rsp,20
GameAssembly.dll+86B40E5: 5F                    - pop rdi
GameAssembly.dll+86B40E6: C3                    - ret 
GameAssembly.dll+86B40E7: E8 A4 CB A9 F7        - call GameAssembly.dll+150C90
GameAssembly.dll+86B40EC: CC                    - int 3 
GameAssembly.dll+86B40ED: CC                    - int 3 
GameAssembly.dll+86B40EE: AD                    - lodsd 
GameAssembly.dll+86B40EF: 25 8D D1 FB 2D        - and eax,2DFBD18D
GameAssembly.dll+86B40F4: BE 92 FF 7F 00        - mov esi,007FFF92
GameAssembly.dll+86B40F9: 00 D8                 - add al,bl
}

[Reaper1222]

hi thx all, now all we need is an infinite poxus seed option (or free research) and if it's possible infinite prognosticar attunment.

[Tulling]

Weird but I can't seem to paste neither of your codes into cheat engine, it does not even show it self.

Did I do it wrong?

[Granon]

Weird but I can't seem to paste neither of your codes into cheat engine, it does not even show it self.

Did I do it wrong?

Brief instructions would be:

• Start and attach CE as usual
• Open Memory View
• Under the Tools menu, pick Auto assemble
• Paste one of our codes into the Auto assemble window. Don't click Execute
• From the File menu select Assign to current ... table
• In your table, you should have a new entry, give it an appropriate name, and if you need to update it later there's Change Script in the right-click menu

[Granon]

Here's an AOB script for no bloom rising. The Morgician, don't know if you have the time / inclination, but I'm entirely happy for you to include any of my AOB scripts into your published table in this thread.

I'm rusty on my auto-assembly, is there a convenient way to iterate over multiple aobscanmodule results?

Code: Select all

{ Game   : ChaosGate.exe
  Version: 1.0
  Date   : 2022-05-10
  Author : Granon

  There's function that applies a range constraint of ECX.
  It checks that EDX < ECX < R8.
  Returns EAX. For Bloom Rising calcs: EDX == 0 and R8 == 0x64
  This script switches the followup from this to save the lower bound (EDX)
  to the Bloom variable instead of the output from the function (EAX)

  The function is used for other range contraints (e.g. health) so can't make
  a simple alteration there.
}

[ENABLE]
aobscanmodule(WARP01,GameAssembly.dll,E8 ?? ?? ?? ?? 3B C3 89 47 10 48 8B 5C 24 30)
aobscanmodule(WARP02,GameAssembly.dll,E8 ?? ?? ?? ?? 89 47 10 3B C3 74 13 48 8B 8F ?? ?? ?? ?? 48 85 C9 74 07 33 D2 E8 ?? ?? ?? ?? 48 89 77 60 48 8B 5C 24 30 48 8B 6C 24 38)
aobscanmodule(WARP03,GameAssembly.dll,E8 ?? ?? ?? ?? 89 47 10 3B C3 74 13 48 8B 8F ?? ?? ?? ?? 48 85 C9 74 07 33 D2 E8 9C 4E 59 FF 4C 8B 7C 24 50 40 84 ED 48 8B 6C 24 48)

WARP01+7:
  mov [rdi+10], edx
WARP02+5:
  mov [rdi+10], edx
WARP03+5:
  mov [rdi+10], edx

registersymbol(WARP01)
registersymbol(WARP02)
registersymbol(WARP03)

[DISABLE]

WARP01+7:
  mov [rdi+10], eax
WARP02+5:
  mov [rdi+10], eax
WARP03+5:
  mov [rdi+10], eax

unregistersymbol(WARP01)
unregistersymbol(WARP02)
unregistersymbol(WARP03)

{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+E582FD

GameAssembly.dll+E582DE: 75 37                 - jne GameAssembly.dll+E58317
GameAssembly.dll+E582E0: 48 89 5C 24 30        - mov [rsp+30],rbx
GameAssembly.dll+E582E5: 8B 5F 10              - mov ebx,[rdi+10]
GameAssembly.dll+E582E8: 45 33 C9              - xor r9d,r9d
GameAssembly.dll+E582EB: 33 D2                 - xor edx,edx
GameAssembly.dll+E582ED: 8B CE                 - mov ecx,esi
GameAssembly.dll+E582EF: 45 8D 41 64           - lea r8d,[r9+64]
GameAssembly.dll+E582F3: E8 48 D8 D3 00        - call GameAssembly.dll+1B95B40
GameAssembly.dll+E582F8: 3B C3                 - cmp eax,ebx
GameAssembly.dll+E582FA: 89 47 10              - mov [rdi+10],eax <====
GameAssembly.dll+E582FD: 48 8B 5C 24 30        - mov rbx,[rsp+30]
GameAssembly.dll+E58302: 74 13                 - je GameAssembly.dll+E58317
GameAssembly.dll+E58304: 48 8B 8F B8 00 00 00  - mov rcx,[rdi+000000B8]
GameAssembly.dll+E5830B: 48 85 C9              - test rcx,rcx
GameAssembly.dll+E5830E: 74 07                 - je GameAssembly.dll+E58317
GameAssembly.dll+E58310: 33 D2                 - xor edx,edx
GameAssembly.dll+E58312: E8 D9 17 59 FF        - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E58317: 48 8B 74 24 38        - mov rsi,[rsp+38]
GameAssembly.dll+E5831C: 48 83 C4 20           - add rsp,20
GameAssembly.dll+E58320: 5F                    - pop rdi
GameAssembly.dll+E58321: C3                    - ret

Also:
GameAssembly.dll+E54C2C - 45 33 C9              - xor r9d,r9d
GameAssembly.dll+E54C2F - 33 D2                 - xor edx,edx
GameAssembly.dll+E54C31 - 45 8D 41 64           - lea r8d,[r9+64]
GameAssembly.dll+E54C35 - E8 060FD400           - call GameAssembly.dll+1B95B40
GameAssembly.dll+E54C3A - 89 47 10              - mov [rdi+10],eax <===
GameAssembly.dll+E54C3D - 3B C3                 - cmp eax,ebx
GameAssembly.dll+E54C3F - 74 13                 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C41 - 48 8B 8F B8000000     - mov rcx,[rdi+000000B8]
GameAssembly.dll+E54C48 - 48 85 C9              - test rcx,rcx
GameAssembly.dll+E54C4B - 74 07                 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C4D - 33 D2                 - xor edx,edx
GameAssembly.dll+E54C4F - E8 9C4E59FF           - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E585AA - 48 89 77 60           - mov [rdi+60],rsi
GameAssembly.dll+E585AE - 48 8B 5C 24 30        - mov rbx,[rsp+30]
GameAssembly.dll+E585B3 - 48 8B 6C 24 38        - mov rbp,[rsp+38]

Also:
GameAssembly.dll+E54C35 - E8 060FD400           - call GameAssembly.dll+1B95B40
GameAssembly.dll+E54C3A - 89 47 10              - mov [rdi+10],eax
GameAssembly.dll+E54C3D - 3B C3                 - cmp eax,ebx
GameAssembly.dll+E54C3F - 74 13                 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C41 - 48 8B 8F B8000000     - mov rcx,[rdi+000000B8]
GameAssembly.dll+E54C48 - 48 85 C9              - test rcx,rcx
GameAssembly.dll+E54C4B - 74 07                 - je GameAssembly.dll+E54C54
GameAssembly.dll+E54C4D - 33 D2                 - xor edx,edx
GameAssembly.dll+E54C4F - E8 9C4E59FF           - call GameAssembly.dll+3E9AF0
GameAssembly.dll+E54C54 - 4C 8B 7C 24 50        - mov r15,[rsp+50]
GameAssembly.dll+E54C59 - 40 84 ED              - test bpl,bpl
GameAssembly.dll+E54C5C - 48 8B 6C 24 48        - mov rbp,[rsp+48]
}

[Tulling]

Granon, I'm sorry to ask but do you think it is possible for you to cheat/increase the prognosticars?

And thank you for your instructions!

[BakerBase]

Is it possible to find the pointers for the reward requisition levels? The ones that you can only upgrade every 60 days.

[The Mogician]

Is it possible to find the pointers for the reward requisition levels? The ones that you can only upgrade every 60 days.

So for those. They don't change while you are selecting rewards. For example, during the grand master report, say you start with 8, you select 3 rewards and the screen tells you you have 2 remaining, the value remains 8 until you hit confirm. After you hit confirm, it will change to the previously indicated level.

[Corruptsmurf]

Is it possible to find the pointers for the reward requisition levels? The ones that you can only upgrade every 60 days.

So for those. They don't change while you are selecting rewards. For example, during the grand master report, say you start with 8, you select 3 rewards and the screen tells you you have 2 remaining, the value remains 8 until you hit confirm. After you hit confirm, it will change to the previously indicated level.

I think this person is asking if you can edit the actual reward Tier levels, not the amount of requisition.
So, after the Grandmaster's Report, you are presented with the 5 categories (Knights, Melee Weapons, Ranged Weapons, Armor, Equipment), and you can spend 2 requisition to upgrade each category, up to tier five.
I think BakerBase was asking if you could edit that "reward Tier" value directly, so you can get Tier 5 rewards without waiting or having to spend requisition.
Does that make sense?