Author Topic: Trouble creating a trainer for a game my friends play...  (Read 2555 times)

0 Members and 1 Guest are viewing this topic.

Mojoguy01

  • Intentional Cheater
  • **
  • Posts: 26
    • View Profile
Trouble creating a trainer for a game my friends play...
« on: February 18, 2010, 06:53:10 am »
Currently, I found the pointers to the values I want to freeze. However, each time I try to create a Poke value (in Trainer Maker Kit) to either directly NOP the values, or create a Code Cave to NOP them, it freezes the game and crashes.

I know it's the correct pointers for them as well, as the addresses that are using them I can easily freeze in MHS and I get the wanted affects (btw, how come MHS can freeze something, essentially NOPing it, but not crashing the game?).

Can someone point this novice hacker in a good direction for figuring out a way to stop said values from decreasing (it's essentially stats/money I'm messing with). 


Oh, and yes this is a single player game with COOP :) (I can freeze the values using MHS, after searching for all the values for 30minutes, and it works in our COOP on LAN).

Thanks!

ps: the primary pointer I'm having trouble with looks like this "0053E1E2   D919   FSTP    DWORD PTR [ECX]". I tried "Poke 0053E1E2   90 90" but that only crashes the game when I activate the hack.

Coronel_Niel

  • Insane Joker
  • ****
  • Posts: 846
  • Why can't I pick my own profile picture...
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #1 on: February 18, 2010, 03:19:03 pm »
So, whats the game first? that helps.
"Now we are going to watch my boys do it" - Joopig

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Trouble creating a trainer for a game my friends play...
« Reply #2 on: February 18, 2010, 03:32:12 pm »
It could be that the thing you are noping is used in some other context. Try to breakpoint that location and see if it gets stuck there when doing something else. If so you might have to look for other pointer locations or make a code cave that compares registers or some other value to make sure it only nops what you want, and executes code as usual in the other cases.

When you freeze a value using such a tool you don't nop it, the program inserts the wanted value automatically at the temporary address if the value has changed.
Heckling is an art, and game hacking a science.

Coronel_Niel

  • Insane Joker
  • ****
  • Posts: 846
  • Why can't I pick my own profile picture...
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #3 on: February 18, 2010, 03:43:46 pm »
Well I've seen plenty of games with anti-memory changing features, which don't stop determind C++ coders but it can stop your odd coder who tries to have ago at the game. YES This is SP as well.
« Last Edit: February 18, 2010, 05:21:13 pm by Coronel_Niel »
"Now we are going to watch my boys do it" - Joopig

Jurugi

  • Online Villain
  • ***
  • Posts: 190
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #4 on: February 18, 2010, 10:04:19 pm »
To stop them from decreasing there's plenty of things you can do. but of course there's many options that you can or can't do depending on the situation. One thing (my favorite) is to find where the value is decreased and make a JMP over it, another is simply to NOP the decrementing line, another is to assemble it so that the decrement says -0 instead of something like -1. I never learned how to make those 'poke' scripts before, as I kind of skipped straight past that part and tried to learn raw disassembly/coding first. I don't know how to make a poke script for you but any of these should work.

Mojoguy01

  • Intentional Cheater
  • **
  • Posts: 26
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #5 on: February 19, 2010, 07:52:41 am »
Anyone know an advanced tutorial I could follow to try and RE what I need? All the tutorials I've found are either EXTREMELY basic (already stuff I know, like code caving and basic noping/TMK use), or is vague and doesn't explain everything properly and only other coders would understand it...but not help them since they already know :/!

[TKC]Symantic

  • The Indifferent Character
  • The Central Committee
  • Heckler
  • *
  • Posts: 1647
  • I can has personal text?
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #6 on: February 19, 2010, 12:11:21 pm »
Anyone know an advanced tutorial I could follow to try and RE what I need? All the tutorials I've found are either EXTREMELY basic (already stuff I know, like code caving and basic noping/TMK use), or is vague and doesn't explain everything properly and only other coders would understand it...but not help them since they already know :/!
right m8, well its 11:25 and i got class in the morn so this is all you get for now.

as jurugi was saying there are many ways to "freeze" your value, and the game probably crashes because you nop'd (non-operation) of a line entirely so the game might have "gotten lost" as in it didn't know how to get to step C because you took step B out when you left from A (if that makes sense).

did you attempt to make a code cave? what work do you have on that? you have it in tmk poke codes? asm? what? would be nice to look at your code cave in asm as its been many days since ive played around with tmk.

if you can change the value in your memory editor but it crashes when you place it in your trainer then you have a problem with either TMK or your code i would imagine, so post up what you got for now and it will get checked out.

-Sym



Enjoy your creative game-play, whatever that may include.

Coronel_Niel

  • Insane Joker
  • ****
  • Posts: 846
  • Why can't I pick my own profile picture...
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #7 on: February 19, 2010, 02:28:10 pm »
Anyone know an advanced tutorial I could follow to try and RE what I need? All the tutorials I've found are either EXTREMELY basic (already stuff I know, like code caving and basic noping/TMK use), or is vague and doesn't explain everything properly and only other coders would understand it...but not help them since they already know :/!

If you only know basic stuff, I would go for the cheat engine tutorial. The forums help and that tells you how to do most the things in Jurugi's post.

After that you can stick to cheat engine or, if you wish to, continue with TMK. But the tutorial helps and most programs are the same, so it shouldn't be too hard to work out how to do things in TMK.

The beginning bits will be easy but don't be fooled, it gets a lot harder at the end.
"Now we are going to watch my boys do it" - Joopig

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Trouble creating a trainer for a game my friends play...
« Reply #8 on: February 19, 2010, 03:38:54 pm »
There might be a tutorial about this in the game hacking archive in downloads. I think it's the one hit kill tutorial: The same area of code is used both for the player and the ai, so the ai also get the same powers.

The line you are nopping (if it's the correct one) is probably used in some context other than the ammo as well.
Heckling is an art, and game hacking a science.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #9 on: February 19, 2010, 05:30:10 pm »
what you all seem to be missing is ..'he found the pointers' ... and pointers change


mojo try this

step 1 ( read where the pointer is pointing )
ie : DWORD i_am_the_pointer = * ( DWORD * ) *( DWORD * ) ( d_i_am_the_pointers_static_adress )

or use readprocessmemory if your outside

step 2 change the adress that the pointer is pointing to

DO NOT however change the pointer's static location it's self , that will only make it crash .

i released a very simple trainer source code around here somewhere just to show how simple they are , i suggest you look for it.

let me know how you get on with this. good luck :)
« Last Edit: February 19, 2010, 05:38:39 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mojoguy01

  • Intentional Cheater
  • **
  • Posts: 26
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #10 on: February 20, 2010, 08:00:58 pm »
I realized, after reading half the thread, that I was giving my monitor googly eyes  :icon_o_o. So, I'll be going to checkout the GHA that you pointed me towards, read & go through everything before replying here again :D!

Right now, my problem is that I have the primary address in my dissassembler for the stat I'm trying to NOP/Change. However, I'm apparently not skilled enough to even know where to begin to move along said address and find what's decrementing it etc (or to find other addresses).

Brb  :icon_magician

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Trouble creating a trainer for a game my friends play...
« Reply #11 on: February 20, 2010, 09:57:29 pm »
As medic pointed out you are nopping the wrong thing. If you want to avoid making a trainer in c++ or similar you need to find the operation that changes the value and nop it.

If you can't find it:
You didn't give much code but the fstp will pop a number from a stack and put it at ecx. I don't know what kind of value that is but you could try make a code cave
fstp [static1]
fld [static2]
fstp [ecx]
Heckling is an art, and game hacking a science.

Mojoguy01

  • Intentional Cheater
  • **
  • Posts: 26
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #12 on: February 20, 2010, 10:04:48 pm »
As medic pointed out you are nopping the wrong thing. If you want to avoid making a trainer in c++ or similar you need to find the operation that changes the value and nop it.

If you can't find it:
You didn't give much code but the fstp will pop a number from a stack and put it at ecx. I don't know what kind of value that is but you could try make a code cave
fstp [static1]
fld [static2]
fstp [ecx]

See, this is exactly why i believe i need to go learn more, because I don't know what you just said in terms of code caving fstp, fld, fstp....i know WHAT code caving is and HOW to do it. However, you are manipulating code in a way I don't know about :(,and I badly want to learn :)!

Mojoguy01

  • Intentional Cheater
  • **
  • Posts: 26
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #13 on: February 20, 2010, 10:28:24 pm »
I'm confused by the "reading pointers" tutorial in the GHA.

The guide says:
Quote
Getting started:

1. Open up Tsearch and the GTM, pause the GTM and find the address for money

2. In Tsearch hit Autohack>enable debugger, Go into the GTM and unpause it until the money
changes, then go back into Tsearch, and hit Autohack>Autohack Window.

3. In the Autohack Window it should have popped at 4011DB: sub [esi+0x4],eax, what this means
is subtract the value of eax, from the area of memory 4 bytes away from the pointer. All we need
to know here is that the current address is +0x4 bytes from the pointer.

4. Open up your hexadecimal calculator and put in your current address(in hex), then subtract 4
from it(also in hex).

5. Convert the result of the previous step to decimal format and search for it in Tsearch. If
done correctly you should have the address 403138.

6. Hit the restart button so the location of the address of money changes, you should notice the
value of 403138 changes.

7. Read the value of 403138, convert the value to hexadecimal, then add 4 to it, this will give
you the new location of money. This will work even if you restart the program.

8. Make a function in your trainer to read address 403138 and add 4 to it, then write to that
offset.


What exactly is it talking about when it says to convert the subtracted hex to decimal and then "search" for it? Am I searching for that decimal value in memory, and if so how when I never see ACTUAL values attached. Or, am I simply searching for a 4byte value...and then seeing what writes/accesses that address in memory?

Thanks yet again :)!

[update]: Ok so, I'm looking at the address I was linked to for HP (the same one that, when NOP'ed, freezes the game). It doesn't have a +0x4 or anything, only a ECX. I'm going to take a wild guess and say the MOV above it is the address I'm looking for to step FROM this current address? Or, should I add 0x4 to my current address to see whom, if any, is writing to my current address that I have right now?



 :icon_magician
« Last Edit: February 20, 2010, 11:22:48 pm by Mojoguy01 »

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Trouble creating a trainer for a game my friends play...
« Reply #14 on: February 21, 2010, 02:41:05 am »
what game is it ?

also have you checked for anything compareing those adresses ? it could be some kind of built in anti cheat.
« Last Edit: February 21, 2010, 02:50:03 am by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157