LOGIN  .  SIGNUP   .  SUPPORT 
HOME / MESSAGE BOARDS / GENERAL DISCUSSIONS

General Discussions

Signup   Message Boards Home   Newest Posts   My Favorite Boards   My Threads
Page 1 of 4   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
In Need Of Some Decent Tuts
 
Sil3nt_Pr0digy  posted on Apr 28, 2010 3:14:00 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to Sil3nt_Pr0digy
ELITE
Well I've made quite a few trainers as of late, and although I can make them, I want to be able to refine my skills and be able to make them faster.

The thing that is taking me the longest is Infinite Life hacks. I was told by a few people that there are quicker ways to do it, so I am wondering if anyone here knows the quickest way to locate the proper Infinite Health location.

Example:
movss [edi+10],xmm0 <<< Example Health Code

But is used for both enemies, cars, player, etc. Now, One could use conditional jumps if there is a difference in the first few bits, such as Enemies using 00 and player using 01, but this is not always the case. And coding a long series of conditional jumps when an easier way is available seems like a waste of resources to me.

Now most of the time you can find another location, such as this:

Example:
fld dword ptr [eax+00000366] <<< Example of Proper Health Code


Now this is a loading instruction for floating point values, if you inject a value into this location, such as this (inside a jump or call of course):

mov [eax+00000366],43ab8000
fld dword ptr [eax+00000366]


doing this injects a value of 43ab8000h or 343f (remember it is a float instruction) into the location which is getting ready to be loaded, causing a proper infinite health hack (the most proper imo).

Now I normally find this by shuffling through thousands of lines of code, and pointers, and I was wondering if there was a quicker way to locate a proper infinite health code.

As always, help would be much appreciated.

 
RageaholicRick  posted on Apr 28, 2010 4:07:18 PM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to RageaholicRick
ELITE
All of this sounds like mumbo jumbo to me. I might start getting into trainer making and if I find an easier way I will tell you.
 
Sil3nt_Pr0digy  posted on Apr 28, 2010 4:59:56 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to Sil3nt_Pr0digy
ELITE
quote:
originally posted by Cr4zyMonk3yz

All of this sounds like mumbo jumbo to me. I might start getting into trainer making and if I find an easier way I will tell you.

Well if you are wanting to start, take a look at the tuts in the tuts and guides section. DABHand has a really good tut on there. The only problem is that they only teach you so much. I plan on writing a guide myself to ASM and SSE instructions. But the main problem people have is the infinite life problem. If I can find a comprehensive way to find a proper infinite life hack, then I can teach others how to do it too.

 
DABhand  posted on Apr 28, 2010 7:18:01 PM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to DABhand
AUTHOR
All games work differently, its not the same method for everyone of them.

But a good start is to find the players' base structure address, and from there you could easily find the opcodes responsible for changing values within the structure.

From this not only can you do life, money, xp, etc whatever the game has, but its a good place to be able manipulate co-ordinates and speed of the player.

 
Sil3nt_Pr0digy  posted on Apr 28, 2010 8:24:21 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to Sil3nt_Pr0digy
ELITE
quote:
originally posted by DABhand

All games work differently, its not the same method for everyone of them.

But a good start is to find the players' base structure address, and from there you could easily find the opcodes responsible for changing values within the structure.

From this not only can you do life, money, xp, etc whatever the game has, but its a good place to be able manipulate co-ordinates and speed of the player.

ah, so that is how they do the teleport and other things? Nice, is there any particular method to hunting down the base struct for the player?

 
DABhand  posted on Apr 28, 2010 9:37:35 PM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to DABhand
AUTHOR
Look up tuts on pointer scanning. Eventually you will find the pointer that points to your player structure.

Sometimes it usually in the same location, or same offset from the program's base address.

GAME.EXE+0001FF42

As an example of course.

If you can find that out, then you can start manipulating away, and also find out what offsets from the base of the player structure does what.. like co-ordinates (always usually float values) and speed of movement (more easier to find when weight in a game affects your speed, like Fallout 3 etc).

 
Sil3nt_Pr0digy  posted on Apr 28, 2010 10:38:58 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to Sil3nt_Pr0digy
ELITE
quote:
originally posted by DABhand

Look up tuts on pointer scanning. Eventually you will find the pointer that points to your player structure.

Sometimes it usually in the same location, or same offset from the program's base address.

GAME.EXE+0001FF42

As an example of course.

If you can find that out, then you can start manipulating away, and also find out what offsets from the base of the player structure does what.. like co-ordinates (always usually float values) and speed of movement (more easier to find when weight in a game affects your speed, like Fallout 3 etc).

I know what you mean, the general format for common code-shifting. I'll see if I can find some good pointer scanning tips for locating player structures, or just general tips for pointer scanning.

The only problem is that most of the things I find when I google "pointer scanning" comes up with higher language problems, such as C#, Java, LUA, etc. I can't seem to find a whole lot on ASM.

If you know any good ones dabs as always I'd appreciate it.

BTW, if you wouldn't mind, after I've found out a proper way to do it, I would be delighted to make a trainer for a game that you have, so you may test it. All of my trainers have only been used by me (unless some people have used my DS trainer I released a little while back).

 
Sil3nt_Pr0digy  posted on Apr 29, 2010 9:49:27 AM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to Sil3nt_Pr0digy
ELITE
Ok, So I've read a few tuts on pointer scanning. The thing is, do I have to use a static pointer? Because I don't think very many games use static pointers anymore... I could be wrong, but I think that almost every pointer I have seen is DMA.


Ok. Example. Current Game is FC2. Link I already have the location of the health code saved, so I pull it up in the disassembler, and found out what address it accesses, I injure myself, so my health variable shows up. I add it to the list, right click and click on "find out what writes..." and see the health script pop up. Double click on it, and it pulls up the extra info, telling me that at that point, EDI was 199C1300. So I scan for 199C1300 using hex, and scanning all memory. Only 2 address show up, neither is static, both are dynamic.

I haven't found any tuts that use pointer scanning and involves DMA, they kind of talk about it, but the mainly focus on static pointers. And in this case I do not have any static pointers.

[Edited by Sil3nt_Pr0digy, 4/29/2010 10:02:51 AM]

Page 1 of 4   •  First Page  •  Previous Page  •   Next Page  •   Last Page
  Post Reply
Go to page: 1  2  3  4 
All times are (GMT -06:00) Central Time (US & Canada). Current time is 6:43:34 AM