@Version: 1.0
@Process Name: Dungeons.exe
22298: UE4
22298 Version: 4.xx
@Brief:
Hello there cool cats and kittens, DDS here with a small contribution for this cooI community. I was working on this game for MegaDev a few days back and since some of the trainers out there have an option for skills cooldown ( the health potion for example ), I decided to give it a try. After trying all my methods on how to find timers on games, one of them came through. Since I hate to find timers on games and believe me, I know how frustrating can be when you can't find em. I decided to share this in case someone was looking for such timers without any luck. Without further ado, let's dive in.
The Method:
To find these timers, one has to think like a game developer first instead of a game hacker. The game calculates these timers based on the game time that has passed since a level was first started. So, scanning for the timer when we press on the health potion icon and then doing a decreased or increased scan until the skill gets re-enabled again will only find garbage values. To find the ( health potion timer ) in this case, we have to keep scanning for increased values even after the skill has been re-enabled because we are not really looking for such timer, because the is none, aren't you paying attention ? lol jk, We are looking for the GameTime elapsed since the level was first stated.
Before we start scanning the memory of this game like a BOSS, let's write some pseudo code to help us visualize the value that we are looking for.
Code: Select all
GameTime += DeltaTime;
if( bSkillHpPotionEnabled )
{
SkillHpCooldownTime = GameTime + SkillHpCooldownDuration;
}
Now that we have an image of what we are looking for, Let's fire up CE 7.1 and attach to Dungeons.exe, since I have the xbox game pass version this is the one that I am going to be using, but don't worry, this method will work for all the versions out there.
As always, if you don't know the value type, always use 4 bytes as value type if you are doing an unknown scan. We are not going to set it to 4 bytes this time because I already know the value type and if you been doing this for a while, you should already know that these values are usually of type float.
So let's do an unknown scan with a float value type.
[Link]
Now go ahead and activate the health potion skill.
[Link]
As you can see, the cooldown display value is decreasing making you think that there is a value somewhere that gets decreased, but this is not the case for this game. Other games use this method.
Now start doing increased scans until you manage to bring down the found addresses in the address list treeview to a reasonable number. You should start seeing values in the ranges of 10.0f - 1000.0f. Now activate the skill again and start freezing the addresses until you find one that stops the cooldown indicator in the health potion skill icon.
In my case the value is located at address 1595B44A588h. Now let's check what access this address to see if we can figure out how the game is calculating the timer.
As you can see the value is being read in a lot of places. Now lets activate the skill again while checking what is reading our fGameTime address.
Now we only get places where the address is only being read once or twice. After a bit of digging I found a functions that looks similar to our pseudo code that we created earlier.
Now, let's backtrace the code a bit to see if we can find some sort of compare. And indeed, as soon as we step out of the call, we see a couple of them.
Three of them actually
. Now, before we go ahead and start checking what are the values being moved into the xmm registers lets play with the conditional jumps first. Lets start at the top;
After changing this conditional jump to je I found out that this is not a compare to set or calculate the skills cooldown timer. is a flag to enable disable the cooldown timers for all the skills in the game
. You can stop here and create a script to skip this code section, E.G a short jump from VA Dungeons.exe + 8DD9CB to Dungeons.exe + 8DDA03 or you can keep digging to find the spot where the fSkillHpCooldownTime value gets calculated and set it to a small value of 0.01 or 0. Let's set a BP at VA Dungeons.exe + 8DD9CB and let's activate our hp potions skill gain, now let's start stepping the code checking whats being moved into the xmm registers. Stepping over the call at VA Dungeons.exe + 8DD9ED to see the return value in the xmm0 register, this tells us that this could be our fSkillHpCooldownDuration value, since this is just a copy of our value being returned by this function, let's overwrite it with zero to see if something happens. Create a AA script at VA Dungeons.exe + 8DD9F2. To overwrite a xmm register with zero we can use the instruction xorps like in the AA script below.
Activate the scrip and you should see the magic happen the next time that you use any skill. You can dig even dipper to see where the value in the register xmm0 is being set by stepping into the call at VA Dungeons.exe + 8DD9ED. I am going to let you guys take it from here, I hope this was helpful for somebody out there
. If you guys find a better spot in code code please let me know in the comments down below. Also, the CT file is attached to this post.That's it from me for right now. You guys have a nice weekend and happy GameHacking.
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1
