Any more methods to find timers?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
oleedd
Noobzor
Noobzor
Posts: 8
Joined: Wed Apr 12, 2023 10:02 pm
Reputation: 0

Any more methods to find timers?

Post by oleedd »

Are there more methods to find timers besides searching and filtering unknown values and Ultimap?

oleedd
Noobzor
Noobzor
Posts: 8
Joined: Wed Apr 12, 2023 10:02 pm
Reputation: 0

Re: Any more methods to find timers?

Post by oleedd »

To find or to stop without finding.

oleedd
Noobzor
Noobzor
Posts: 8
Joined: Wed Apr 12, 2023 10:02 pm
Reputation: 0

Re: Any more methods to find timers?

Post by oleedd »

Maybe they use system time functions?

User avatar
LeFiXER
LeFixer
LeFixer
Posts: 489
Joined: Wed Mar 24, 2021 9:35 am
Reputation: 251

Re: Any more methods to find timers?

Post by LeFiXER »

If you can stop/start the timer at will then you can search its countdown value.

oleedd
Noobzor
Noobzor
Posts: 8
Joined: Wed Apr 12, 2023 10:02 pm
Reputation: 0

Re: Any more methods to find timers?

Post by oleedd »

The value isn't displayed, just visual effects. To start/stop - only with the game menu (the entire game stops).

Paul44
RCE Fanatics
RCE Fanatics
Posts: 887
Joined: Thu Jul 27, 2017 9:02 am
Reputation: 566

Re: Any more methods to find timers?

Post by Paul44 »

^ I wouldn't know how to use Ultimap in that regard?! a short explanation on how to do thàt will be appreciated...

That said: many games tend to use their own routines/approaches for that. And even within the same game, they can use different routines altogether... Some examples:
> AC titles use a 30000 divider to get them milliseconds (I assume here that they use the game's "clock"-timer based on a 30 FPS). Fyi: a lot of work to find the right opcode here... !
> Watch Dogs: they use - if i recall well - 4/5/... different routines: in some cases, the best approach seemed to be to follow the 4-bytes (in secs) timer_value to research/find the actual float_value eventually
> Some games use double_values as well (can't recall in which game that was; but it is pretty rare in my encounters)
> Another approach: game initiates 2 values with timer_value difference; then one value in/decrements towards the other value (~ end_time)

Overall:
> timer is a float_value; and can either increment/decrement internally (while showing a GUI_value that might - or not - do the same in/decrement). Iow internally incrementing, while showing a decrementing value onscreen... (and vice versa)
> timer is a 4_byte value, usually in (milli)seconds. Or: it uses the system_time (~ Unix Epoch) as basis.

> major challenge: timer can be found "easily", but is managed via the stack... and its stack_address changes constantly (with each "tick")... Good luck with that one 8-)


tip: do mention the game you're tackling; some might be "familiar" with it...

samp
What is cheating?
What is cheating?
Posts: 1
Joined: Mon May 15, 2023 8:36 pm
Reputation: 0

Re: Any more methods to find timers?

Post by samp »

The stack address can be pulled from register, mov'd to say r10, and then loaded into a global symbol and then used as a dynamic address. So as long as you read the assembly and see which register is loading your address you want (And assuming a bunch of addresses aren't being stuffed through there) then your fine also you can then make a conditional script in LUA to only apply the global symbol IF your value at that addreess == 8 for example


So a dynamic address that updates every (x)ms and that can have conditions based on the value populated too.

Post Reply

Who is online

Users browsing this forum: No registered users