So there are two parts to skill hacking, one could be easily fixed, the other maybe not so much.
First thing just like the old days modifying the cast time with 3,2,0.
Second is removing cooldown.
Cast time can be modified by editing the .dat file for the specific skill you want to modify.
Cooldown is done with packets. Packet ID - 05150011
However, we will do both of these with some simple cheat engine scripts.
this packet only requires a word value to be sent that specifies the skill that needs to be cooled down.
Skill Cooldown:
Code:
{ Game : dekaron.exe
Version:
Date : 2019-12-02
Author : nvadr
This script does blah blah blah
}
define(trigger,00451D01)
define(triggerbytes,83 7F 3C 00 0F 85 1A FE FF FF)
[ENABLE]
assert(trigger,triggerbytes)
alloc(trigcode,$1000)
label(trigret)
label(trigorig)
alloc(packet,$1000)
label(cooldownreset)
trigcode:
cmp ebx,BB
je cooldownreset
cmp ebx,BD
je cooldownreset
cmp ebx,30//6E
jb trigorig
cmp ebx,39
jg trigorig
cooldownreset:
push eax
push ecx
mov eax,[skillid2]
mov ecx,10
mul cx
inc eax
MOV WORD PTR DS:[packet+6],14
MOV DWORD PTR DS:[packet+C],05150011
mov word ptr [packet+10],ax//2DD1//0261--sinan//0294--wingo
mov word ptr [packet+12],1000
mov ecx,[016338B4] // <--Need to be updated
PUSH packet
call 004E4430 // <--Need to be updated
pop ecx
pop eax
trigorig:
cmp dword ptr [edi+3C],00
jne 00451B25
jmp trigret
trigger:
jmp trigcode
nop
nop
nop
nop
nop
trigret:
[DISABLE]
trigger:
db triggerbytes
dealloc(packet)
dealloc(trigcode)
{
// ORIGINAL CODE - INJECTION POINT: 004D7FD9
"dekaron.exe"+D7FCC: CC - int 3
"dekaron.exe"+D7FCD: CC - int 3
"dekaron.exe"+D7FCE: CC - int 3
"dekaron.exe"+D7FCF: CC - int 3
"dekaron.exe"+D7FD0: 55 - push ebp
"dekaron.exe"+D7FD1: 8B EC - mov ebp,esp
"dekaron.exe"+D7FD3: 56 - push esi
"dekaron.exe"+D7FD4: 8B 31 - mov esi,[ecx]
"dekaron.exe"+D7FD6: 8B CE - mov ecx,esi
"dekaron.exe"+D7FD8: 57 - push edi
// ---------- INJECTING HERE ----------
"dekaron.exe"+D7FD9: 8B 7D 0C - mov edi,[ebp+0C]
"dekaron.exe"+D7FDC: 8B 46 04 - mov eax,[esi+04]
// ---------- DONE INJECTING ----------
"dekaron.exe"+D7FDF: 80 78 0D 00 - cmp byte ptr [eax+0D],00
"dekaron.exe"+D7FE3: 75 16 - jne dekaron.exe+D7FFB
"dekaron.exe"+D7FE5: 8B 17 - mov edx,[edi]
"dekaron.exe"+D7FE7: 39 50 10 - cmp [eax+10],edx
"dekaron.exe"+D7FEA: 73 05 - jae dekaron.exe+D7FF1
"dekaron.exe"+D7FEC: 8B 40 08 - mov eax,[eax+08]
"dekaron.exe"+D7FEF: EB 04 - jmp dekaron.exe+D7FF5
"dekaron.exe"+D7FF1: 8B C8 - mov ecx,eax
"dekaron.exe"+D7FF3: 8B 00 - mov eax,[eax]
"dekaron.exe"+D7FF5: 80 78 0D 00 - cmp byte ptr [eax+0D],00
}
Skill Cast Time:
Code:
{ Game : dekaron.exe
Version:
Date : 2020-01-12
Author : nvadr
This script does blah blah blah
}
define(address,00593BB6)
define(bytes,8B 40 06 66 0F 6E C0)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
label(casttime)
label(skillid2)
registersymbol(skillid2)
newmem:
push eax
movzx eax, word ptr [esi+10]
mov [skillid2],eax
pop eax
jmp casttime
skillid2:
db 00 00 00 00
db 00 00 00 00
casttime:
pop eax
push ebx
lea ebx,[eax+06]
mov [ebx],3
mov [skillid2+4],ebx
pop ebx
jmp code
code:
mov eax,[eax+06]
movd xmm0,eax
jmp return
address:
jmp newmem
nop
nop
return:
[DISABLE]
address:
db bytes
// mov eax,[eax+06]
// movd xmm0,eax
dealloc(newmem)
unregistersymbol(skillid2)
{
// ORIGINAL CODE - INJECTION POINT: 00580226
"dekaron.exe"+18020A: 8B 52 2C - mov edx,[edx+2C]
"dekaron.exe"+18020D: FF D2 - call edx
"dekaron.exe"+18020F: 84 C0 - test al,al
"dekaron.exe"+180211: 75 07 - jne dekaron.exe+18021A
"dekaron.exe"+180213: B8 E8 03 00 00 - mov eax,000003E8
"dekaron.exe"+180218: EB 0F - jmp dekaron.exe+180229
"dekaron.exe"+18021A: 8B 0D A8 BB 5F 01 - mov ecx,[dekaron.exe+11FBBA8]
"dekaron.exe"+180220: 56 - push esi
"dekaron.exe"+180221: 8B 01 - mov eax,[ecx]
"dekaron.exe"+180223: FF 50 30 - call dword ptr [eax+30]
// ---------- INJECTING HERE ----------
"dekaron.exe"+180226: 8B 40 06 - mov eax,[eax+06]
"dekaron.exe"+180229: 66 0F 6E C0 - movd xmm0,eax
// ---------- DONE INJECTING ----------
"dekaron.exe"+18022D: F3 0F E6 C0 - cvtdq2pd xmm0,xmm0,xmm0
"dekaron.exe"+180231: C1 E8 1F - shr eax,1F
"dekaron.exe"+180234: F2 0F 58 04 C5 50 6F 2C 01 - addsd xmm0,[eax*8+dekaron.exe+EC6F50]
"dekaron.exe"+18023D: 66 0F 5A C0 - cvtpd2ps xmm0,xmm0
"dekaron.exe"+180241: F3 0F 59 44 24 0C - mulss xmm0,[esp+0C]
"dekaron.exe"+180247: E8 54 08 A8 00 - call dekaron.exe+C00AA0
"dekaron.exe"+18024C: 03 C7 - add eax,edi
"dekaron.exe"+18024E: 5F - pop edi
"dekaron.exe"+18024F: 5E - pop esi
"dekaron.exe"+180250: C2 04 00 - ret 0004
}
Skill Cast Time (whitelist):
Code:
{ Game : dekaron.exe
Version:
Date : 2020-01-12
Author : nvadr
This script does blah blah blah
}
define(address,00593BB6)
define(bytes,8B 40 06 66 0F 6E C0)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
label(casttime)
label(skillid2)
registersymbol(skillid2)
newmem:
push eax
movzx eax, word ptr [esi+10]
mov [skillid2],eax
cmp ax,02EB //terrible rain
je casttime
cmp ax,02DF //hellburst
je casttime
cmp ax,02E5 //skin of realm
je casttime
cmp ax,05f6 //skin of realm
je casttime
pop eax
jmp code //casttime
skillid2:
db 00 00 00 00
db 00 00 00 00
casttime:
pop eax
push ebx
lea ebx,[eax+06]
mov [ebx],3
mov [skillid2+4],ebx
pop ebx
jmp code
code:
mov eax,[eax+06]
movd xmm0,eax
jmp return
address:
jmp newmem
nop
nop
return:
[DISABLE]
address:
db bytes
// mov eax,[eax+06]
// movd xmm0,eax
dealloc(newmem)
unregistersymbol(skillid2)
{
// ORIGINAL CODE - INJECTION POINT: 00580226
"dekaron.exe"+18020A: 8B 52 2C - mov edx,[edx+2C]
"dekaron.exe"+18020D: FF D2 - call edx
"dekaron.exe"+18020F: 84 C0 - test al,al
"dekaron.exe"+180211: 75 07 - jne dekaron.exe+18021A
"dekaron.exe"+180213: B8 E8 03 00 00 - mov eax,000003E8
"dekaron.exe"+180218: EB 0F - jmp dekaron.exe+180229
"dekaron.exe"+18021A: 8B 0D A8 BB 5F 01 - mov ecx,[dekaron.exe+11FBBA8]
"dekaron.exe"+180220: 56 - push esi
"dekaron.exe"+180221: 8B 01 - mov eax,[ecx]
"dekaron.exe"+180223: FF 50 30 - call dword ptr [eax+30]
// ---------- INJECTING HERE ----------
"dekaron.exe"+180226: 8B 40 06 - mov eax,[eax+06]
"dekaron.exe"+180229: 66 0F 6E C0 - movd xmm0,eax
// ---------- DONE INJECTING ----------
"dekaron.exe"+18022D: F3 0F E6 C0 - cvtdq2pd xmm0,xmm0,xmm0
"dekaron.exe"+180231: C1 E8 1F - shr eax,1F
"dekaron.exe"+180234: F2 0F 58 04 C5 50 6F 2C 01 - addsd xmm0,[eax*8+dekaron.exe+EC6F50]
"dekaron.exe"+18023D: 66 0F 5A C0 - cvtpd2ps xmm0,xmm0
"dekaron.exe"+180241: F3 0F 59 44 24 0C - mulss xmm0,[esp+0C]
"dekaron.exe"+180247: E8 54 08 A8 00 - call dekaron.exe+C00AA0
"dekaron.exe"+18024C: 03 C7 - add eax,edi
"dekaron.exe"+18024E: 5F - pop edi
"dekaron.exe"+18024F: 5E - pop esi
"dekaron.exe"+180250: C2 04 00 - ret 0004
}
Be aware that the code here is pretty sloppy, so it may not be super perfect, but it works none the less. Also you should note that not all skills will be able to be skillhacked, since some skills will do no damage when the cast time is modified. Test it out on your own to find which ones work and which ones don't.
Cast Time script will attempt to remove the cast time for every skill. Cast Time (whitelist) will only attempt to remove cast time of the skills listed in the script, and you can add the ones you want.
Cooldown will trigger anytime you press any number key ( 0 to 9 and - and = buttons), you can modify this if you want to be just one number or a different button all together.
USE:
You must enable Cast Time script before enabling the Cooldown script.
Activate scripts, spam the skill you want.
You shouldn't use multiple skills, just spam one.
If you have any issues just post them here. Script probably needs to be updated. Due to the nature of this script, don't expect to much support on this script.
PS. this script can help you update auto loot scripts as well, since they both rely on packets.
