ATTN ALL USERS: Cheat Happens will be offline for 3 hours beginning on Feb 6 at 2AM CST   [ CLOSE ]
LOGIN  .  SIGNUP   .  REWARDS   .  PRIZE WHEEL   .  RC STORE   .  SUPPORT 
HOME / MESSAGE BOARDS / COSMOS GAMEHACKING TOOL

CoSMOS Gamehacking Tool

Signup   Message Boards Home   Newest Posts   My Favorite Boards   My Threads
Page 1 of 1
Signup or Login to Post
[REQ] The Occupation
 
dipth  posted on Mar 05, 2019 3:10:06 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to dipth
ELITE
It would be nice with a script to freeze time and maybe set the time to a specific value.

I've tried myself but I can't seem to make it work.

This is so far as I've gotten, but activating the script crashes the game:

[ENABLE]
aobscanmodule(aobSeconds,VCRUNTIME140.dll,8B 0A 89 08 C3) //unique
registersymbol(aobSeconds)
label(aobSecondsRestore)
registersymbol(aobSecondsRestore)
alloc(codecave,2048,VCRUNTIME140.dll)
label(code)
label(return)

codecave:
mov [rdx],(int)0


code:
mov ecx,[rdx]
mov [rax],ecx
ret

jmp return

aobSecondsRestore:
readmem(aobSeconds,5)


aobSeconds:
jmp codecave

return:

[DISABLE]
aobSeconds:
readmem(aobSecondsRestore,5)

unregistersymbol(aobSeconds)
unregistersymbol(aobSecondsRestore)
dealloc(codecave)

{
INJECTION POINT: VCRUNTIME140.memcpy+12B / 7FF873DECAFB

7FF873DECABB: 48 89 08 - mov [rax],rcx
7FF873DECABE: C3 - ret
7FF873DECABF: 0F B7 0A - movzx ecx,word ptr [rdx]
7FF873DECAC2: 44 0F B6 42 02 - movzx r8d,byte ptr [rdx+2]
7FF873DECAC7: 66 89 08 - mov [rax],cx
7FF873DECACA: 44 88 40 02 - mov [rax+2],r8b
7FF873DECACE: C3 - ret
7FF873DECACF: 0F B6 0A - movzx ecx,byte ptr [rdx]
7FF873DECAD2: 88 08 - mov [rax],cl
7FF873DECAD4: C3 - ret
7FF873DECAD5: F3 0F 6F 02 - movdqu xmm0,[rdx]
7FF873DECAD9: F3 0F 7F 00 - movdqu [rax],xmm0
7FF873DECADD: C3 - ret
7FF873DECADE: 66 90 - xchg ax,ax
7FF873DECAE0: 4C 8B 02 - mov r8,[rdx]
7FF873DECAE3: 0F B7 4A 08 - movzx ecx,word ptr [rdx+8]
7FF873DECAE7: 44 0F B6 4A 0A - movzx r9d,byte ptr [rdx+A]
7FF873DECAEC: 4C 89 00 - mov [rax],r8
7FF873DECAEF: 66 89 48 08 - mov [rax+8],cx
7FF873DECAF3: 44 88 48 0A - mov [rax+A],r9b
7FF873DECAF7: 49 8B CB - mov rcx,r11
7FF873DECAFA: C3 - ret
---------- INJECTING HERE ----------
7FF873DECAFB: 8B 0A - mov ecx,[rdx]
7FF873DECAFD: 89 08 - mov [rax],ecx
7FF873DECAFF: C3 - ret
---------- DONE INJECTING ----------
7FF873DECB00: 8B 0A - mov ecx,[rdx]
7FF873DECB02: 44 0F B6 42 04 - movzx r8d,byte ptr [rdx+4]
7FF873DECB07: 89 08 - mov [rax],ecx
7FF873DECB09: 44 88 40 04 - mov [rax+4],r8b
7FF873DECB0D: C3 - ret
7FF873DECB0E: 66 90 - xchg ax,ax
7FF873DECB10: 8B 0A - mov ecx,[rdx]
7FF873DECB12: 44 0F B7 42 04 - movzx r8d,word ptr [rdx+4]
7FF873DECB17: 89 08 - mov [rax],ecx
7FF873DECB19: 66 44 89 40 04 - mov [rax+4],r8w
7FF873DECB1E: C3 - ret
7FF873DECB1F: 90 - nop
7FF873DECB20: 8B 0A - mov ecx,[rdx]
7FF873DECB22: 44 0F B7 42 04 - movzx r8d,word ptr [rdx+4]
7FF873DECB27: 44 0F B6 4A 06 - movzx r9d,byte ptr [rdx+6]
7FF873DECB2C: 89 08 - mov [rax],ecx
7FF873DECB2E: 66 44 89 40 04 - mov [rax+4],r8w
7FF873DECB33: 44 88 48 06 - mov [rax+6],r9b
7FF873DECB37: C3 - ret
7FF873DECB38: 4C 8B 02 - mov r8,[rdx]

}

 
dipth  posted on Mar 05, 2019 3:14:19 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to dipth
ELITE
FYI: If anybody else want to give it a try, the game seems to store time as three separate int16 values for seconds, minutes and hours, where seconds is a number from 0-59, minutes is a number from 0-59 and hours is a number from 0-23.
When seconds is 59 and the timer ticks, it rolls over to 0 and minutes is incremented etc.

Getting the memory addresses for the three values is easy in the tutorial mission, as that one has an in-game clock with a second-hand, making it trivial to search for the exact value, but the later missions only shows hours and minutes, making it harder to find the memory address for the seconds.

 
wajrak  posted on Mar 13, 2019 10:49:14 AM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to wajrak
ELITE
Hi man,

What I did, I looked for minutes value with cheat engine, found it like you said very easily. I was unable to freeze it so I poked around and found what was writing to that value and replaced it with code that does nothing... It honestly took few minutes to do so.

But to be honest I am more interested in triggering permanent stealth mode, there always seems to be enough time anyway.

[Edited by wajrak, 3/13/2019 10:50:14 AM]

Page 1 of 1
  Post Reply
 
All times are (GMT -06:00) Central Time (US & Canada). Current time is 3:48:32 PM
Cheat Happens Premium
 
* Access PC trainers and exclusive content
* Updated game trainers and cheats daily
* Get notified when new cheats are added
* Request which games get new trainers
* Priority support with any problem
Message Board Moderators
DragonStryderDragonStr..
Neo7
Neo7
KingEliKingEli
CyPHeR369CyPHeR369
ServiusTheBearServiusThe...
Important Board Topics
Trending Topics