Thread: how to make a trainer?
View Single Post
  #12  
Old 01-07-2005, 01:27
ArC ArC is offline
VIP
  
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
Quote:
Just a little correction about DMA.
DMA stands for Direct Memory Access, and is used when performing IO to a hard disk or a CD-ROM, for example. Without DMA, in PIO mode, the CPU is used a lot because it's reading the bytes from the IO ports of the device and writing them to the memory locations, or vice-versa. With DMA, or Ultra-DMA, data is read from the device and placed in memory directly (by the DMA controller), while the CPU is doing something else, or is idle.
DMA can also be used in a sound card for example. In that case, the sound card goes directly to memory to read the sound samples, the CPU doesn't have to be in the middle instead of doing something else.
Well yes this is the "real" DMA. But when you refer to DMA when speaking about trainers you don't mean that DMA but "Dynamic Memory Allocation".
Quote:
Also, regarding item 2, "base address", I'd say that probably it's likely that a single pointer won't suffice. Due to the chaining of objects created at runtime, you may have a static location which points to a structure that can be in different locations. That structure, in turn, will contain one pointer for another structrure, and so on, until another structure some levels deeper will contain the actual lives and energy counters.
Well of course nested classes/strucutures are possible. But anyways in the end you will always find one basepointer that you can use, no matter how complex this nesting is. Once you've read the address of the first nested structure you can read the address of the sub-structure, aso...
Quote:
That said, this 2nd approach will also hardly work on a newer version. Both the initial base address, and the structure's offsets may change between versions.
Well the address of the static pointer with the base address will certainly change in new versions unless the programmers only changed a few stuff. Anyways it's usually easier to find such a pointer in newer versions than to port the code injection.
However it should rarely happen that structure member offsets change. This can only happen if the programmers add members before the member you want to hack or if they modify the structure's member alignment.
And just to make it clear: With porting to newer versions I didn't mean to port cheats from 1.0 -> 2.0 (as this rarely works) or sth like this but from 1.0 -> 1.1.
Quote:
If you inject your own DLL into the executable, then you don't need to find 'free space' in the exe to put your code.
Well you still need to inject some code to load the dll and to get the function address'.
Quote:
I think making trainers in the old days (e.g. Amiga), was way more difficult than it is now. Today code is always loaded at the same address, and all code is usually present from the start.
In the days of Yore.. you had to patch track loaders because each level used different code or was loaded to a different address. And ofcourse you had no breakpoint on write access capability to find that all important SUB #1 instruction :-)
But then.. it made it more fun to do..
Hm don't know these times...
Reply With Quote