LOGIN  .  SIGNUP   .  SUPPORT 
HOME / MESSAGE BOARDS / GENERAL DISCUSSIONS

General Discussions

Signup   Message Boards Home   Newest Posts   My Favorite Boards   My Threads
Page 1 of 1
Signup or Login to Post
Trainer Making Help
 
T1maniac  posted on Apr 28, 2010 4:21:00 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to T1maniac
ELITE
Hi there. I read the tutorial Training - Obscure v1.1 by DABhand. It was educational. In the tutorial his ammo address looks like this (004ee369 - 89 85 54 01 00 00 - mov [ebp+00000154],eax). Were in my game it looks like this (005628a3 - sub[eax],ecx). Is there a way to inject code into this address like in the tutorial or do I have to attack it another way. I tried it like the tutorial with changing the mov to sub, but my game crashes. Please help. I'm new to trainer making.
 
DABhand  posted on Apr 28, 2010 7:24:58 PM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to DABhand
AUTHOR
Did you read my ASM tutorial to understand opcodes?

Just dont dive straight in without some basic knowledge. Also my example with Obscure was to show ways you could manipulate the code so you could think on how to do it also to other games.

Sub [eax],ecx - can be worked many ways.

If your using a code cave to inject your code.. You have to find area's first that you can write code to, CheatEngine can do this with its handy code cave finder (via the debugger window), when searching untick the read only box and change the size of cave to 200 bytes. Gives enough room for your own code.

So writing into your code cave first, you could have either..


mov ecx,64
mov [eax],ecx
jmp backtogameaddress << obviously the next available address you used a JMP to get here from the main game code.

Or to take the cheap way out, you could actually NOP the sub [eax],ecx instruction so it doesnt execute. But sometimes this is not always the best way, as that instruction could affect other things.


Anyways, you did not say what game you are trying to do, and very limited information given to me. So hopefully I answered your question... And read my Basic ASM tutorials!

 
T1maniac  posted on Apr 28, 2010 8:16:50 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to T1maniac
ELITE
Thanks for getting back to me so fast. The game is The Scourge Project - Episode 1 and 2. All I want is to make a trainer with ammo and health for the team players. They just can't seem to stay alive. All my attemps ended up giving enemies and players unlimited health and ammo. I can just freeze the ammo address in Cheat Engine and that works but it isn't very professional. So this is my delema. Can you help me.


P.S. I did read your tutorial but I understand them alot easyer when I do the practical.

[Edited by T1maniac, 4/28/2010 8:19:56 PM]

 
DABhand  posted on Apr 28, 2010 9:31:27 PM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to DABhand
AUTHOR
What your trying to do is a bit more advanced than normal.

Its good that you found the opcode responsible for health for everyone, what you have to do now is find out how you can check on how to single out the player/team.

You can set a breakpoint on the opcode that deals with health and/or ammo. Play the game, if health get shot, keep an eye on the registers and take note of them. Then "Step In" (IIRC its F9 by default) this will allow the game to continue again without being paused by the debugger, shoot a bad guy if you can, again take note of the registers.

Its usually EAX being the main one you use to distinguish between the player and NPC's. Now with both sets, get shot again, and check if any of the registers matches the first time and which register changes between Player and NPC.

Say for example, EAX is always showing 0043ABBF when you get shot, and the NPC's are something else.

You could do a code cave that would check this. (I am making up the Opcodes here it will be different in the game, just doing this as an example.)


CMP EAX, 0043ABBF - Compare EAX register with 0043ABBF
JE PLAYEROPS - If equal then jump to player opcodes
MOV [EAX+10BD],ECX - if not move normal health amount into pointer address
JMP BACKTOGAME - then jump back to game
MOV [EAX+10BD],64 - (Jumped here from JE PLAYEROPS - force decimal value of 100 into pointer)
JMP BACKTOGAME - then jump back to game

Its just an example of how it works, some games require more thought and opcodes to get the same result. But it should give an idea.

EDIT: Forgot to say PLAYEROPS and BACKTOGAME will be actually addresses not these words :P

[Edited by DABhand, 4/28/2010 9:32:17 PM]

 
T1maniac  posted on Apr 28, 2010 10:21:08 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to T1maniac
ELITE
Thanks for the info. But when I toggle breakpoints in the debuger thier are no registers in red on the right side to view. Am I doing something wrong or not looking in the right place.
 
DABhand  posted on Apr 29, 2010 10:10:51 AM - Report post

Current rank: 3.5 Stars. Next Rank at 8000 Posts.
Send a message to DABhand
AUTHOR
Make sure the breakpointed opcode is highlighted to check the registers to the right.
Page 1 of 1
  Post Reply
 
All times are (GMT -06:00) Central Time (US & Canada). Current time is 9:21:17 AM