General Discussions

So I've been building this nice little trainer for the latest version of Spore, with all patches and the Expansions; And I've run into a snag with a few of my data discoveries. I've been trying to patch the Spaceship Health in the Space Stage, the problem is that when I am patching this section, specifically BFC17E, function: adc [esi+0x38], eax. I've located this part of the memory from using multiple programs to isolate floats in the memory buffer, them flagging those locations to find the function to be executed so that I may patch out certain methods. The problem is when this area is patched, either DEP activates or the game just crashes; rendering the hack incomplete and flawed, because as soon as you get damaged, it runs the method to update your health, or you damage another ship, it crashes, which is essentially pointless considering the hack. I have also tried isolating the variable for the cool downs, as to reset them preemptively, with the desired effect of enabling rapid firing. Sadly, I cannot seem to find the location of the variables, i have considered that either it uses a timer which is set to a specific time period, and then is decreased by timeDelta, or if it is set to zero and is increased by timeDelta until it reaches the cool down time. Now the first of the two is more common, but I have seen the second used in certain games and programs. Perhaps I am missing something? Any help would be much appreciated. - Sil3nt Pr0digy

Any assistance from other trainer makers or cheat happens authors would be very helpful. If my trainer is ever published, I will be sure to credit those that have assisted me in my pursuit of refining my skills.

After trying to hack the Energy bar, I received the same result as the health bar. I verify that it is in fact the correct location; because when i freeze it the bar does not move, and my energy does not go down; the same as the health bar; but as soon as I patch that code; it no longer works and simply results in a game crash.

So I found that my problem is because both values use adc (add with carry)... and i don't know what to properly do to both avoid a crash, and to properly nop the correct function. If anyone knows of a tutorial that will properly show me what to do with adc functions or has an explanation of what to do, it would be much appreciated.

Next time edit your first post instead of making a new one every few minutes.
Also use paragraphs, it makes it easier to read.

Dont NOP the ADC opcode.

First you will have to find a code cave where you can write your amended code FIRST, then make a JMP to that code, obviously JMP'ing back to the game code (after you first JMP).

What where you trying to change the ADC to? If a NOP that wont work, as that OPcode probably works out other things at the same time.

Spore is not the easiest of games to train, you will have to find out what the stacks hold, what values and addresses the registers contain, to find out if you can single out your own ship/creature.

I assume that the code that I was trying to NOP was not only the OPcode for my health, but other thing's health as well. I was trying to change the code from it's original value to a nop, so that the player's health would no be affected by damage. Do you have any tuts that show more in depth of what to do? most tuts that I have seen are very basic ones, I have seen a few one code caves, but they seem slightly difficult to understand.

I've taken a look at a few of your tuts DABhand, I understand the majority of the tut... In particular I am speaking of the Basic Assembly Tutorial. I'm trying my hardest to understand it, because as a programmer I am always wanting to expand my knowledge of coding, and creating a trainer is always something that interested me. I have seen many people rip off other people's code (such as h4x0r), and I disagree with his methods, I want to find the values on my own. And probably create ****ty trainers to start out, and slowing increase the quality of my trainer.

I already have my trainer giving infinite items by NOPing the line that changes the value when using the item, so that you can have "infinite", when in reality it just simply is not decreasing the value. It works fine, and I have tested it on several different things. It does not work on items in your cargo, but rather items that are not in your cargo. Those items can be used as many times as you wish.

It doesn't have a fancy GUI, but then again I am simply using TMK to create the GUI.

[Edited by Sil3nt_Pr0digy, 3/17/2010 11:10:15 AM]

As I understand it, adc [esi+0x38], eax, means add esi(source) and 0x38 together, and then carry that value to eax. What I am trying to do is simply make it so that the value for eax is simply unmodified for the player. I understand that I should probably have started with an easier game, or read more tuts, but I have read a bunch of tuts. And what I have seen with easier games is they simply tend to use the same type of OPcode for most values, so me simply making it so that my "Unlimited Items" works would be the same as creating a trainer for most simpler games. I understand a bit of asm, and I am trying to figure out what to do with different pieces of OPcode, so that no matter what OPcode is thrown at me when I am making a trainer, that I can handle it. And adc seems to be my downfall. I understand what it does, I think at least. And I want to know how to properly patch the code to do what I want.

[Edited by Sil3nt_Pr0digy, 3/17/2010 11:29:23 AM]

My trainer currently has 2 buttons, An Unlimited Items On, and Off. The code I am using for this is the following:

ON: Poke 1050B97 90 90 90
OFF: Poke 1050B97 29 46 7C

This works fine.

[Edited by Sil3nt_Pr0digy, 3/17/2010 11:32:11 AM]

No you have it wrong.

Its the contents of EAX that goes to the pointer [ESI+38] (A pointer is an address which is contained at another specific address, in this case for example say ESI contained the value 08000000, then you would add 38 to get 08000038 and at that address it contains a 4 byte value which is another address say 04002DD1)

The ADC instruction is a pain, it will add both operands together. So the result will be another pointer on top of the original pointer. And then also activate the CF flag and its contents are added.

Its a hard one to explain easily, much easier to understand if you have a good basic knowledge of Assembly and how it works. And by the way you had the source and destination the wrong way around, you are not there yet. Keep reading.