Thread: how to make a trainer?
View Single Post
  #9  
Old 01-06-2005, 04:25
ArC ArC is offline
VIP
  
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
Quote:
Trainers can be very simple, something like a timer (SetTimer) that checks your hotkey keystate (GetAsyncKeyState), ...
Hm but this doesn't always work (e.g. Mafia: City of Lost Heaven: the input made is not detected by the trainer app).
In that case you can use DirectInput.
Another thing you should pay attention to is the problem of memory allocation. Mondern games are very complex so they use dynamically allocated memory (often called DMA - Dynamic Memory Allocation if i'm not mistaken) to store certain stuff. In that case it doesn't help to you look for a particular value in memory and to write to it directly. Instead you will have to use one of the following techniques:
  1. Code Injection: You look for some code that modifies or reads the value you have found in memory. Then you put a jmp to your own code there (which can be situated in a cave for example) which writes the memory address to some freespace within the exe. Then your trainer program can read out this address and use it.
    However this method has some disadvantages:
    • The access rights for the section with the freespace which you use to store the memory address need to be modified so that write access is permitted (can be done with PE Editors or with VirtualProtectEx which is probably better); otherwise the game will crash with an access violation.
    • It can be a lot of work to port such a cheat to newer versions. First of all you will have to find the code which reads/writes from/to the memory address you want to hack, again. Then you have to find a new cave to put your injected code in and in same cases you also have to change the injected code to make it compatible with the new version.
    • The cheat can only be used if the code you're patching (and as such your injected code) has been executed at least once. Sometimes it happens that this code is executed after specific events only.
  2. Find the base address: Certain values (health, money) are stored within structures or classes. Now it's possible to look for a "static" pointer which contains the base address to such a structure. Once you've found one you can read out that base address and "calculate" the address of the memory you want to modify.
    Anyways it can sometimes be difficult to find such a "static" pointer...
    But it's much easier to port those cheats to new versions as you only have to look for the address of the "static" pointer.
Reply With Quote