I think I found another way of stopping the cooldowns for summoning mounts and bodyguards without editing the global timer (Which regenerates captain health and so on), but I haven't really tested it very far, plus it uses a filter based off a set of bytes that I've no idea if they're written the same way on other people's games. Someone else might be able to do this more justice though, so thought I'd share what I got.
Essentially what I found out is the game writes two different sets of timers whenever you summon, one that is UI specific and one that this function calls. For the UI, it writes the time you summoned and in the next 4 bytes, the amount of time that must pass for the cooldown (30000 I believe without any % cooldown items). This one on the other hand just stores the exact time when the cooldown ends, though changing that address directly or freezing it doesn't really do anything from what I've seen, so I just made it that when it accesses that time, it instead just sets the registry that holds that cooldown end time with the value of 1.
Code: Select all
[ENABLE]
aobscanmodule(CLDMNT,ShadowOfWar.exe,8B 41 10 3B D0) // should be unique
alloc(newmem,$1000,"ShadowOfWar.exe"+253B8A)
label(code)
label(return)
label(changecode)
label(rest)
newmem:
code:
mov eax,[rcx+10]
push rdx
cmp [rcx+18],0
je rest
mov edx,[rcx+18]
cmp [edx+4],3D151A30
je changecode
cmp [edx+4],693BBD34
je changecode
jmp rest
changecode:
mov eax,1
rest:
pop rdx
cmp edx,eax
jmp return
CLDMNT:
jmp newmem
return:
registersymbol(CLDMNT)
[DISABLE]
CLDMNT:
db 8B 41 10 3B D0
unregistersymbol(CLDMNT)
dealloc(newmem)
Otherwise, I updated Army of One's original script for it, though again I have no idea if this will work on everyone's game since it doesn't really look for an AOB signature:
Code: Select all
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"ShadowOfWar.exe"+1828251)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov edx,r8d
mov [rcx+18],edx
mov eax,r8d
exit:
jmp returnhere
"ShadowOfWar.exe"+1828251:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"ShadowOfWar.exe"+1828251:
mov edx,[rcx+18]
mov eax,r8d
//Alt: db 8B 51 18 41 8B C0
Hopefully someone finds use of this.