Any more methods to find timers?
Posted: Mon Apr 24, 2023 2:35 pm
Are there more methods to find timers besides searching and filtering unknown values and Ultimap?
FearLess Cheat Engine
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Any more methods to find timers?
Page 1 of 1
Re: Any more methods to find timers?
Posted: Tue Apr 25, 2023 9:28 am
To find or to stop without finding.
Re: Any more methods to find timers?
Posted: Thu May 04, 2023 2:38 pm
Maybe they use system time functions?
Re: Any more methods to find timers?
Posted: Fri May 05, 2023 6:21 pm
If you can stop/start the timer at will then you can search its countdown value.
Re: Any more methods to find timers?
Posted: Fri May 05, 2023 11:28 pm
The value isn't displayed, just visual effects. To start/stop - only with the game menu (the entire game stops).
Re: Any more methods to find timers?
Posted: Sat May 06, 2023 9:38 am
^ I wouldn't know how to use Ultimap in that regard?! a short explanation on how to do thàt will be appreciated...
That said: many games tend to use their own routines/approaches for that. And even within the same game, they can use different routines altogether... Some examples:
> AC titles use a 30000 divider to get them milliseconds (I assume here that they use the game's "clock"-timer based on a 30 FPS). Fyi: a lot of work to find the right opcode here... !
> Watch Dogs: they use - if i recall well - 4/5/... different routines: in some cases, the best approach seemed to be to follow the 4-bytes (in secs) timer_value to research/find the actual float_value eventually
> Some games use double_values as well (can't recall in which game that was; but it is pretty rare in my encounters)
> Another approach: game initiates 2 values with timer_value difference; then one value in/decrements towards the other value (~ end_time)
Overall:
> timer is a float_value; and can either increment/decrement internally (while showing a GUI_value that might - or not - do the same in/decrement). Iow internally incrementing, while showing a decrementing value onscreen... (and vice versa)
> timer is a 4_byte value, usually in (milli)seconds. Or: it uses the system_time (~ Unix Epoch) as basis.
> major challenge: timer can be found "easily", but is managed via the stack... and its stack_address changes constantly (with each "tick")... Good luck with that one
tip: do mention the game you're tackling; some might be "familiar" with it...
That said: many games tend to use their own routines/approaches for that. And even within the same game, they can use different routines altogether... Some examples:
> AC titles use a 30000 divider to get them milliseconds (I assume here that they use the game's "clock"-timer based on a 30 FPS). Fyi: a lot of work to find the right opcode here... !
> Watch Dogs: they use - if i recall well - 4/5/... different routines: in some cases, the best approach seemed to be to follow the 4-bytes (in secs) timer_value to research/find the actual float_value eventually
> Some games use double_values as well (can't recall in which game that was; but it is pretty rare in my encounters)
> Another approach: game initiates 2 values with timer_value difference; then one value in/decrements towards the other value (~ end_time)
Overall:
> timer is a float_value; and can either increment/decrement internally (while showing a GUI_value that might - or not - do the same in/decrement). Iow internally incrementing, while showing a decrementing value onscreen... (and vice versa)
> timer is a 4_byte value, usually in (milli)seconds. Or: it uses the system_time (~ Unix Epoch) as basis.
> major challenge: timer can be found "easily", but is managed via the stack... and its stack_address changes constantly (with each "tick")... Good luck with that one
tip: do mention the game you're tackling; some might be "familiar" with it...
Re: Any more methods to find timers?
Posted: Mon May 15, 2023 8:39 pm
The stack address can be pulled from register, mov'd to say r10, and then loaded into a global symbol and then used as a dynamic address. So as long as you read the assembly and see which register is loading your address you want (And assuming a bunch of addresses aren't being stuffed through there) then your fine also you can then make a conditional script in LUA to only apply the global symbol IF your value at that addreess == 8 for example
So a dynamic address that updates every (x)ms and that can have conditions based on the value populated too.
So a dynamic address that updates every (x)ms and that can have conditions based on the value populated too.