Some people believe that creating a trainer is extremely difficult and requires all kinds of programming knowledge and skills. Not true. Some very friendly tools have been created to allow anyone to make their very own trainers for their favorite games. In these tutorials, we'll teach you the basics of how to get started and give you step by step instructions on creating trainers that you can follow along with on your own.

Training - Obscure v1.1 by DABhand

Tools needed

1. Obscure Patched to 1.1 (English version - no-cd being used)
2. Trainer Maker Kit (TMK can be found anywhere on the net)
3. Cheat Engine 4.4 (Again anywhere on the net)
4. Sheeps Array of Sunshine (http://www.vwaskar.pwp.blueyonder.co.uk/asm4FF/sas13.rar)
5. Paper and a Pen/Pencil.

Ok here we go!

First of all if your new to the game you will obviously start from the beginning obviously people who are not new to the game will find this more easier since they
will have most things at hand to search for.

But the first one to search for is the easiest and thats ammo, you will find a gun early on in the game.

So what to do now?

Well as soon as you have the gun ready, aim it and note the amount of bullets in the gun.

Now ALT+TAB out the game to Cheat Engine (make sure its running before the game for easier use). On cheat engine you will see a little PC icon on the top left it should
be flashing telling you that you havent selected a process yet (a process is a program resident in the memory)

Select Obscure from the list, now goto new search and place whatever amount of ammo (left side) you have and hit NEW SCAN, it will probably say 2800+ found, not to worry go back to the game (ALT+TAB) and then fire a shot, go back to cheat engine and place that new value into cheat engine and hit NEXT SCAN. Hopefully you should be to a few values, one address will stand out as it doesnt belong to the rest, if you want fire one more shot to clarify again (always the best).

In this instance I had an address of 051B0384 yours will be different as this game uses DMA (Dynamic Memory Addressing which means each time you play the game the value will never be in the same address). Ok now we have our address lets test by double clicking the address on the left so it appears in the bottom section of Cheat Engine.

From here double click the value option in the bottom and change its value, check back into game see if any changes were made. It did? Nice :)

Here comes the technical part, get your paper ready and pen and now right click on the address on the bottom part of Cheat Engine, and select "Find out what writes to this
address", say yes to attach the debugger. Normally "what reads" would be better but there is anti-debugging process running in the game and the game will crash, so stick
to write for this game.

Now a new blank window popped up, now go back to the game, and fire another shot, go back to Cheat Engine, you should see this in the list as a new entry.

004ee369 - 89 85 54 01 00 00 - mov [ebp+00000154],eax

This address SHOULD be the same, what it says is this -

At address 004ee369 an opcode MOV is moving a value contained in EAX to be moved to the location (remember the [] I talked about?) contained in EBP adding on the value of 154 hex.

In laymens terms, at this address, the amount of ammo left (EAX) is moved into memory location ( [EBP+00000154] ) where the old value was and stores it. Later on the game will use this memory location (This is a DMA address) to show your ammo amount on screen.

Fun part here lets look at the code, click on the 004ee369 entry in the window then click "Show Disassembler", dont be frightened at the code, just maximize it and look
above the code.

Right above at address 004ee368 you should see

004ee368 - 48 - dec eax

Before it stores the value it decreases the old ammo value by 1, i.e you fired a shot.

Ok we have two choices, we can remove the DEC op and replace with NOP - remember NOP does nothing whatsoever and is used to fill in code.

OR!

We can find a nice place of free space to make our own code and force a nice value into the ammo memory location.

Either way is fine, but most trainer makers dont like NOP'ing out dec's as they see it as an easy way out.

Ok lets start on "Code Injection" the fun stuff, ok we know our address which writes the ammo value, at 4ee369. What I want you to do, and this is Important is to write down the

1. Address
2. Hex Numbers (in this case - 89 85 54 01 00 00)
3. The opcode (in this case - mov [ebp+00000154],eax)

Now you may think why not take out that opcode, why? Well if you do no amount will be sent to memory location and it could crash the game.

How about changing the opcode to MOV our own value in, we cant also, if we tried that it would occupy another 4 bytes of space, and would destroy the next code, which would again crash the game.

BUT!!!!

We can "inject" a smaller opcode that takes less space, aha! This is what is called CODE INJECTION. But to do this we need to find that lovely free space to write our
own code :)

While on the desktop load up Sheep's Array of Sunshine, now look down the process list and find Obscure (one not if you have a folder called obscure open close it or you will see double :P)

Ok found Obscure in the list, now press "find code cave", now in this window look at the code cave results, you will see odd things like .sforce (I wonder what that is lol)
and .brick

What we are really looking for is a Code Cave which allows both Read/Write and enough space to write our code.

As you can see the .RSRC entry starts at 006ae3c8h and has a size of c38h (3128 bytes) and is both read/write. Excellent note this address :) We have found our Code cave to place our own code.

Now we can close SAS, and go back to the disassembler window of Cheat Engine.

Now in the top window right click among the code and say goto address, here place our code cave address which is 6ae3c8 (dont worry about the 00's or the h - remember h means hex address)

You should now see alot of 00's and ADD [eax],al's, this is normal this is free space :)

One IMPORTANT point to make, when making trainers and doing code injection, ALWAYS!!! start with your code before changing game code, if we dont the game will crash as it will see alot of 00's and lose its path in the original code. So ALWAYS do your own code first in your code cave when done then change the game code to look at your new code. Got it? GOOD

Ok what can we place here to make our ammo 99 all the time?

We know this

MOV [ebp+154],eax

Now if you remembered your DAY 1 lesson, you know you can move either registers or IMMEDIATE VALUES, so you can force a value into this address.

Ok the next step is simple, if we want 99 ammo we just move the 99 value into [ebp+154]. See not to hard, at this point its best to use Windows Calculator ill show
you why.

ASM will read values in Hex form, not Decimal, so 10 in hex is NOT 10 in decimal. Here is an example

Starting from the value 1 and ending with a value of 255

01,02,03,04,05,06,07,08,09,0A,0B,0C,0D,0E,0F,10....FA,FB,FC,FD,FE,FF

So you can see 10h is not 10 dec.

So use Windows Calculator in scientific mode, in decimal type 99 and then press the hex option, it will show 63. That is the value of 99 in hex - 63h

Now we know which value to move, we can finish our new line of code.

On cheat engine, double click on the 6ae3c8 line and manually type (with spaces) this

MOV [ebp+154],63

If it asks to fill up code with NOP's just say yes to get into a habit, as this is NECESSARY. Not placing unused space with a NOP it may corrupt later code.

Ok we should see this at 6ae3c8

6AE3C8 - C7 85 54 01 00 00 63 00 00 00 - mov [ebp+00000154],00000063

Now the next line manually type in the opcode RET, so you have this

6AE3D2 - C3 - ret
6AE3D3 - 90 - nop

Remember last tutorial on Call's and Returns. Good, so you know im gonna go call our code from the game! Notice the NOP also, this is important.

Ok lets go back to where the original code was, remember I asked you to write it down?

YOU DIDNT!! shame on you this IS NOT easy do follow the steps, to those who did good job!

Ok back to 4ee369 address to our original MOV code. What we will do here is change that code to our CALL to where our new code is, so the opcode is

CALL 6ae3c8

Place that on address 4ee369 where the game code is and change it with our own, also remember to say yes to nop's! We now should have this

Ok lets review our code

Remember to keep note of these ok! Especially the Addresses on the left and the hex numbers! ITS IMPORTANT FOR LATER! and also there is a good reason why you kept note of the old untouched opcode too!!!

Now go back to your game and fire your gun. W00T! 99 ammo all the time :)

Lets Recap on what is going on.

The game will reach 004ee369 expecting to move the decreased ammo value into the ammo address (which is DMA remember) but instead the game calls opcodes at the address 006ae3c8 which moves our own value into the same ammo address and returns back to the game code as if nothing ever happened ;)

Now lets try finding a new value to play with how about the CD amounts for saving your game! Yeah this should be easy :P

Ok close the debugger window of cheat engine and stop the "read from" window. And your back to your Cheat Engine main window.

Go back to the game and check out your number of CD's in your inventory.

You know what to do, search that value!! LOL ok just do as before, use one go back search the new value etc etc, till your left with one address :)

Hey what be going on tis like 3 address's!!!! I hear you say, well look at your ammo address on the bottom any near it? Try double clicking one near that and change its value did it work? No what about that one out of the way. Mine was 0194E5CC yours again will be different.

Try changing value on that one, did it work? W00t!

As before right click and "Find out what writes to this address" then go back to game and save the game again to use a CD.

TADA! it found an address your should be the same as mine.

0051D490 - FF 48 3C - dec [eax+3c]

Same as mine? Excellent. What this does is decreases the amount at the address contained in EAX plus 3c, EAX+3c makes your address you found. Remember to write this down ok!

What to do with it? Well its too short to make a JMP or CALL command, so we will do it the easy way NOP it out so it wont decrease your CD amount. No DEC command no decrease.

So click on line and show disassembler like before. Click on the address 51D490 and right click and say "replace code that does nothing", just say ok on the little popup.

So now you have

51D490 - 90 - nop
51D491 - 90 - nop
51D492 - 90 - nop

Write this down for your trainer offcourse. Go back to game and save, did you disc count drop? No? Excellent.

Wow youve done good, you have got 2 options so far for your trainer.

Guess what! Im gonna leave you to it, lets see how many more options you can come up with?

Then tomorrow Ill show you in part 2 how to build your trainer :)

Good Hunting and Happy Coding :)

Part 2
=====

Ok so we have our options for our trainer, so how to make a trainer, a good place to start is using Trainer Maker Kit, which can be found on the web freely.

Remember I told ya to mark down your changes and addresses etc, well I hope you did because you will need them here. Especially the Hex values and the addresses.

Ok this is what has to be done.

1. Make sure the game is running and ALT+TAB out of the game to the desktop
2. Run TMK

Ok you have TMK running now, now what to do

Ok give the project a name and click on create.

Ok first off we have to tell the trainer which game its going to patch when its built you will see a Tab on the left middle window entitled "Build Settings" click here and
you will be presented with a few options, the top being the most important, called Process name, find the game running in the process list above and select it and make
sure it is moved into your Process name field. Done? Good

Now the field below entitled Exe name, is the name of the trainer your going to make and NOT the game itself. So type here c:\mytrain this will save your trainer to C:
and call itself mytrain.exe (you dont have to add the .exe at the end TMK will do it for you).

Ok lets get back to the Objects menu. Click this.

Ok we are back to the objects menu, and we have a very dull looking trainer so far. Nothing there. First right click on the dialog box shown on the right screen. And
goto properties, here you can change the title of the trainer and some other options.

Just change the Trainer title to "Obscure v1.1 +x Trainer" x is the number of options you have, bear in mind that all ammo options you have count as one and should be placed under the same option.

Lets add a Button, you can use the insert menu or the button icon on the top row, a button will be used to either...

1. Be pressed to start and option
2. Or have a shortcut key assigned to it so when you press the key in the game, it will do the same thing as pressing the button.

Ok we have a button, what you can do is move the button around to be placed where you like wherever is fine, its up to yourself.

Now right click the button, and goto properties and here you can change the button name say if ammo call it "Ammo" (without the "") or if health call "Health". Other Tabs on
this window will allow you to do certain other things.

Lets go through them.

1. FCT - this will be where you will tell TMK the function of the button, since its for changing game code, we will click on Poke (which it should be by default).

2. Ttip - This is for a mouse over event, when you move the mouse over the button you can display a small information window saying what it does, but it isnt really needed so leave blank.

3. Color - Obviously to change the colour of the button and the text inside it.

4. BMP - This is when you have picture buttons, one for normal, one for over the top (maybe a light added) and one for when clicked (for example a pressed in button).
We wont bother with this at this time. The more of this you add the more bytes the trainer will take up.

5. Key - An important one, here you can specify the hotkey for when you press the key in game, the trainer will know what to do. Just make sure you dont use a button that is
used in the game itself.

6. Misc - If you want to add a sound when a button is pressed so to let people know they have activated a cheat. Again not necessary and will take up more space.

Ok so the important ones is FCT, Color and Key for now. Set to what you want then close the window.

Now right click again on the button, and choose Write Memory Actions. This is where we will add our code for the game :)

Ok ill use my ammo information as shown in part 1.

When I load up the Write Memory Actions I have been presented by a white box in which I can type, and some other buttons, dont use wizzard its a pain in the backside for this.

Just to recap here is my code injection for the ammo from part 1.

In our little window we will do this

Type in this

POKE Address_used Hex_values

Note, that addresses must be in 8 bits, the addy in my example above is 6 bits, so add 00 at the start so 6AE3C8 becomes 006AE3C8.

Also uses CAPS LOCK its much easier ;)

In my case it will look like this

POKE 006AE3C8 C7 85 54 01 00 00 63 00 00 00 C3 90
POKE 004EE369 E8 5A 00 1C 00 90

If just used the first address noted, and just typed out each individual hex values, they will be placed in the correct place. As long as the address is correct!

You will know if you did it right, as Poke will be blue colored, address black, and each individual hex value is light blue.

Once done hit apply.

There you go one option done.

It is the same for each other button, just use a unique key for each button, and type in the correct addresses used and hex values.

When you have done all this, remember to SAVE the project, there is nothing worse than quiting TMK only to go back maybe because of a mistyped value to find its not there anymore.

So save after each button made to be sure ok.

Once saved, you can build your trainer, just goto build menu at the top and select Build Your Project, it will be saved to disc, so you can run it and test it.

It is best to test from a clean load of the game, so you can see the options at work if they are working or not. If the game crashes, you may have made a mistake somewhere, go back to check whats been done.

For further fun, you can add a picture to your trainer, change its icon etc.

Once you build your trainer, have a look at the options and have fun.

There ya go, well done your first trainer, which you can be proud of showing or showing off to your friends.

Contact:
http://www.cheathappens.com/show_user.asp?userID=157287