Memory Hacking Software

[trialusert]

Hello. I'm trying to find a timer address. The timer runs down from 30 (seconds) to 1, and then back to 30 (and so on)...
In order to find that address, I tried a float search, a double search and a 4 bytes search. None worked.
These are the stepts I followed:
1. First search- "unknown value".
2. All other searches- (every few seconds) "changed value".
At last, I remained with about 100 addresses that I didn't manage to eliminate. I tried to freeze those addresses, but it didn't affect the timer that kept running.
The reason I searched for "changed value" and not for "decreased value" is because I know that the real timer address could somehow have a different value than what it seems to have.

What am I doing wrong? How come the address won't show on the list?

[minorutono]

Hello. I'm trying to find a timer address. The timer runs down from 30 (seconds) to 1, and then back to 30 (and so on)...
In order to find that address, I tried a float search, a double search and a 4 bytes search. None worked.
These are the stepts I followed:
1. First search- "unknown value".
2. All other searches- (every few seconds) "changed value".
At last, I remained with about 100 addresses that I didn't manage to eliminate. I tried to freeze those addresses, but it didn't affect the timer that kept running.
The reason I searched for "changed value" and not for "decreased value" is because I know that the real timer address could somehow have a different value than what it seems to have.

What am I doing wrong? How come the address won't show on the list?

Does the 30 second timer count down slowly (i.e. 1 second per count)?
And do you know what value the timer should be (i.e. is there a on-screen counter you can reference?)

Correct me if I'm incorrect, but timers seem to appear as "Long" values to me. (4 Byte).

[WhiteHat]

If the game is ‘pause-able’, try to pause it and Sub-Search for “Same as
Before” values. It often helps reducing great amount of found addresses...

Anyway, if searching process getting more difficult, it is common for me to
change the data-type to 1 byte.

[minorutono]

1-byte, says Whitehat.
I stand corrected.


What game is this, anyways?

Also.. You could MHS Speed Hack the game to slow/speed the timer.. That could help depending on how fast/slow the timer is currently.

More info, please ^ ^.. Then we can make informed interjections accordingly.

[L. Spiro]

The timer could also be stored in microseconds, in which case they would use __int64 to store it.

Some timers are stored as the difference between the start and end.
So, for example, if the current time is 28 (in your example), you would search for 2. In other words, they display 30 - TimerValue.

When I implement timers in my games, I use derived timers.
That means I store the start time of the timer and the length of the timer period. Each frame, if CurTime >= StartTime+TotalTime, the timer has expired and something should happen. To display the elapsed time, CurTime - StartTime is enough.
This form of timer is exceptionally hard to find because its values do not change while it is active.
It is also more accurate than Windows® timers, which can wait a few milliseconds before triggering if the CPU load is high.


L. Spiro

[trialusert]

If the game is ‘pause-able’, try to pause it and Sub-Search for “Same as
Before” values. It often helps reducing great amount of found addresses...

Anyway, if searching process getting more difficult, it is common for me to
change the data-type to 1 byte.

1-byte, says Whitehat.
I stand corrected.


What game is this, anyways?

Also.. You could MHS Speed Hack the game to slow/speed the timer.. That could help depending on how fast/slow the timer is currently.

More info, please ^ ^.. Then we can make informed interjections accordingly.

Thanks. I tried all types of searches possible, but still no results. I also tried to pause the game and search for a "same as before" value, again with no success in the end. Game is "Enemy Territory" by Activision.

The timer could also be stored in microseconds, in which case they would use __int64 to store it.

Some timers are stored as the difference between the start and end.
So, for example, if the current time is 28 (in your example), you would search for 2. In other words, they display 30 - TimerValue.

When I implement timers in my games, I use derived timers.
That means I store the start time of the timer and the length of the timer period. Each frame, if CurTime >= StartTime+TotalTime, the timer has expired and something should happen. To display the elapsed time, CurTime - StartTime is enough.
This form of timer is exceptionally hard to find because its values do not change while it is active.
It is also more accurate than Windows® timers, which can wait a few milliseconds before triggering if the CPU load is high.


L. Spiro

Thank you. I tend to believe it's the same method used in my case... If so, what are the steps I should follow in order to find all necessary addresses that are used to create the timer?

[minorutono]

I've DL'd the file.

Now what is the 30-count timer for ?

[L. Spiro]

If the timer is derived, and it resets each time it reaches 1, you can use Increased Sub Searches after it resets. Since you have to wait 30 seconds it will take a long time.

And it may not work. If the timer is reallocated each time it will not work.
If it does not use this method it will not work.

Your last option is to start getting clever with the debugger. Code Filter may be of use.


L. Spiro