Call of Duty: Modern Warfare 2 Message Board  STATUS: ACTIVE - Trainers are still being considered and updated for this title as patches are released. There is no guarantee that a trainer can be made or updated but it will be reviewed by our staff.

Our Call of Duty: Modern Warfare 2 Trainer is now available and supports RETAIL. Our Call of Duty: Modern Warfare 2 message board is available to provide feedback on our trainers or cheats.
Call of Duty: Modern Warfare 2 Trainer
REQUEST MORE OPTIONS
0 option(s) for voting
FILE UPDATE REQUEST
0 report(s) filed
BOOST UPDATE PRIORITY
Boost currently not available
Message Board for PC version
Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
[Help]My 1st Trainer:Body Count-Endless
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to coder47
    ELITE
    coder47 posted on Dec 10, 2009 6:32:19 AM - Report post
     
    [12.14.2009 Updated]
    Yeeep, I have to say I coun't calculate or find [esi+04]'s address, but I evaded that with my little trick. You can have a try.

    Download link:
    rapidshare.com/files/320228603/MW2BC.zip
    www.filefactory.com/file/a10140d/n/MW2BC.zip
    netload.in/dateiD8AUwgiehq/MW2BC.zip.htm
    ---------------------------------------------------------------
    Hi, I am doing my 1st trainer on MW2. I want to force the score 30000 in Body Count so that we can have infinite enemies to have fun.

    I found the game memory { 0042b48b - mov [esi+04],eax }
    and esi+04 is the address of score 30000.

    I tried to use VB6 to compile my trainer and everytime I start it, MW2 crashes, if there is any tip from u it would be very much appreciated.

    here is game memory region:
    0042B430 - 8b 44 24 04 - mov eax,[esp+04]
    0042B434 - 8b 4c 24 08 - mov ecx,[esp+08]
    0042B438 - 56 - push esi
    0042B439 - 8d 34 08 - lea esi,[eax+ecx]
    0042B43C - c1 e6 04 - shl esi,04
    0042B43F - 81 c6 80 74 6c 01 - add esi,016c7480
    0042B445 - 8b 46 08 - mov eax,[esi+08]
    0042B448 - 8b 4e 04 - mov ecx,[esi+04]
    0042B44B - 83 e0 1f - and eax,1f
    0042B44E - 83 e8 01 - sub eax,01
    0042B451 - 83 f8 04 - cmp eax,04
    0042B454 - 73 20 - jae 0042b476
    0042B456 - 85 c0 - test eax,eax
    0042B458 - 51 - push ecx
    0042B459 - 75 07 - jne 0042b462
    0042B45B - e8 60 7b 06 00 - call 00492fc0
    0042B460 - eb 11 - jmp 0042b473
    0042B462 - 83 f8 02 - cmp eax,02
    0042B465 - 77 07 - ja 0042b46e
    0042B467 - e8 74 e4 03 00 - call 004698e0
    0042B46C - eb 05 - jmp 0042b473
    0042B46E - e8 9d 51 01 00 - call 00440610
    0042B473 - 83 c4 04 - add esp,04
    0042B476 - 83 66 08 e0 - and dword ptr [esi+08],e0
    0042B47A - 8b 46 08 - mov eax,[esi+08]
    0042B47D - 8b 4c 24 10 - mov ecx,[esp+10]
    0042B481 - 8b 51 04 - mov edx,[ecx+04]
    0042B484 - 0b d0 - or edx,eax
    0042B486 - 89 56 08 - mov [esi+08],edx
    0042B489 - 8b 01 - mov eax,[ecx]
    0042B48B - 89 46 04 - mov [esi+04],eax

    [Edited by coder47, 12/13/2009 3:40:07 AM]
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to coder47
    ELITE
    coder47 posted on Dec 11, 2009 2:57:58 AM - Report post
     
    ok, after a day, I found that every time you quit and restart MW2 the score address{esi+04} is 017ACD24,esi is 017ACD20 and I tried to figure out how to find out esi's address, but no luck. Because if you paly the game again, esi's address will be changed,and then esi+04 will be no more 017ACD24, I hope some of you can give me a tip

    [Edited by coder47, 12/13/2009 3:37:51 AM]
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to HonestGamer
    AUTHOR
    HonestGamer posted on Dec 11, 2009 3:04:52 AM - Report post
     
    baaah....I am not so good at VB.

    As far as I can suggest, I would use CoSMOS if I were to make my FIRST trainer.

    Important stuff such as replacing the extra bytes of the main code with nops is what CoSMOS does auto.

    Where here, you are doing it manually.

    I don't know that you know VB or have just used a template downloaded from the net.

    And in addition, the game has shared routines with many other functions IMO...So that might add to the game crashes.
    Life is best for those who enjoy it, difficult for those who analyze it and worst for those who criticize it.
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to coder47
    ELITE
    coder47 posted on Dec 11, 2009 4:35:10 AM - Report post
     
    yes, CE is a good tool and it has done lots of help. When NOP is filled in MW2 with CE, it also make MW2 crash.
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to Squito
    ELITE
    Squito posted on Dec 11, 2009 11:12:54 AM - Report post
     
    I'm not really good at VB, but as much as I can see you used a fixed memory address to modify, right?
    "(Laugh) I never met my brother, until the day he killed me. (Sigh) We are a... complicated family. Wouldn't you agree?" - Paxton Fettel
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to coder47
    ELITE
    coder47 posted on Dec 11, 2009 7:52:55 PM - Report post
     
    right, that is the problem, and I need find out the address of esi+04 so that the trainer can work, but every time when you start game , esi+04 address is changed, how to find it?
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to HonestGamer
    AUTHOR
    HonestGamer posted on Dec 11, 2009 9:05:47 PM - Report post
     
    quote:
    originally posted by coder47

    right, that is the problem, and I need find out the address of esi+04 so that the trainer can work, but every time when you start game , esi+04 address is changed, how to find it?

    That is code shifting.

    I have made a tutorial on tackling such an allocation for CheatHappens.

    Here: Link

    Life is best for those who enjoy it, difficult for those who analyze it and worst for those who criticize it.
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to coder47
    ELITE
    coder47 posted on Dec 11, 2009 10:09:18 PM - Report post
     
    hi, thanks, I have read that, for me it is something different the oppcode with the corresponding code area:
    0042B48B - 89 46 04 - mov [esi+04],eax
    and 0042B48B never changes, but when NOP or mov [esi+04],FFFF is injected, the game crashes.

    Auto assemble code:
    [code]
    newmem: //this is allocated memory, you have read,write,execute access
    mov [esi+04],0000FFFF <-- I added this line

    originalcode:
    mov [esi+04],eax <-- I deleted this line
    pop esi <--Remained
    ret <--Remained

    exit:
    [/code]

    [Edited by coder47, 12/11/2009 10:52:14 PM]
Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
All times are (GMT -06:00) Central Time (US & Canada). Current time is 1:25:19 PM