Tutorial
|
INTRODUCTION: A trainer is a program written to intercept and alter the memory addresses of games that are running in the background. Usually trainers contain such features as GOD MODE, UNLIMITED LIVES and others that sometimes aren't pre-programmed into the game by its designers. Some people believe that creating a trainer
is extremely difficult and requires all kinds
of programming knowledge and skills. Not true.
Some very friendly tools have been created to
allow anyone to make their very own trainers for
their favorite games. In these tutorials, we'll
teach you the basics of how to get started and
give you step by step instructions on creating
trainers that you can follow along with on your
own. Tools Needed 1. San Andreas off course :P Ok Lets get started First of all im using the Hoodlum No-DVD it works fine for me, some others had probs I dunno why, but I got an original /me shrugs So start up GTA:SA and play a bit, lets do money first tis an easy one since you can buy things easily to lower your amount. Ok first off ALT+TAB out the game (best if you
press ESC to pause first), then use CE to scan
for that first value (hint: money is a dword),
then back to game and buy Ok heres a short explanation on the debugger, you can do a search what writes and what reads from this address. 1. What writes, this is common for when you either
buy something, take a hit, time, etc. I.e. Use
this for searching if you want to manipulate Op
Codes that deal 2. What Reads, this is good if you get away with
it (most games will crash if you try since it
has an anti-read protection running), this is
handy if you want to Ok since Hoodlum were nice to remove the Read checking, we can do that, so right click the address after you have added it to the bottom list (double click from left list) and select Find out what reads from this address. Go back to the game, unpause, move around and get back out. Your debugger will show a few entries, any I suppose is handy, but always look out for float ops, you should see this in your list. 0055BD08 FILD DWORD PTR [eax+B7CE50] This is the one :) So click on that, and press show in debugger button to show the debugger screen. Remember to take a note of the address and the opcode. Good. Also if the opcode is more than 6 bytes long take a note of the next Address in the list which should be 0055BD0E. Write that down. Now use Tsongkies Code Cave tool. (www.gamehacking.com and under misc tools) Type in the Window name to find a place for our coding, (the window name is GTA: San Andreas) Hopefully when you search it will say the address 00010ABF is recommended. Ok now back to the debugger window and right click and goto address, and type 10ABF. Here is where we type our code, now the info we know so far is the pointer [eax+B7CE50] holds the money amount. So lets manipulate it by forcing an amount in. So at 10ABF, double click its line and enter the following taking a new line for each... mov [eax+B7CE50],05F5E0FF Ok this is our code injection, what did we do, Ill explain... mov [eax+B7CE50],05F5E0FF - Moves the value 99999999 into the pointer address (05f5e0ff is 99999999 in hex - you can use calculator in windows in advanced mode to type the decimal value then press hex) fild dword ptr [eax+B7CE50] - if you read my previous tuts on opcodes, you will know this means move the integer value at the pointer to the top of the stack jmp 55BD0E - Jump back to the next instruction in the game Go back to 55BD08 address, and edit it and write jmp 10ABF So the game jumps to our own coding :) Go back to the game, look at that money rise up to 99999999 :) Ok whats next, perhaps Ammo? Sure why not. Again get a gun, make a note of the ammo in the gun and search for it in CE (dword again) go back to the game and fire once (easier if your in your house :P) and then go back and search the next value etc. You will find one. Now add to the list, and this time search for what writes to the address. Fire the gun again, back and you will see this in the list. 007428B0 - mov [esi+08],eax Look at it in the debugger, above you will see the opcode at 7428AF - DEC eax Now some of you may think to just NOP this, but that doesnt work, cause there is a nasty test eax,eax later on :P So jot down from the DEC eax you should have this (remember we need 6 bytes for our own jump) You should have dec eax There is a reason why im including the dec opcode. Which ill show why. Anyway jot them down with the Address of dec eax (7428AF) and also the address after the opcodes you wrote down which is 7428B6. Goto 10abf, the next free area to write new code is 10AD5 (the 90 - Nop leave there) ok at 10AD5 type the following mov [esi+08],64 Basically your moving the value of 100 into the two pointers used for ammo values in the game, then moving 100 into the eax register. Which then goes onto the game code and decreases eax by 1, i.e 99 then moves it into the first pointer, then the 2nd pointer moves back into eax. So when you jump back to the game code, it uses the nasty test eax,eax and the game says hey tis cool my man! Before we go back to the game, goto 7428AF and put in the jmp to our own coding. jmp 10ad5 Ok go back to game and fire any gun :P Hey 99 ammo all the time wheeeeee So hopefully from my last tut you know what to write down on a piece of paper dont ya :) you should have the following Money
Ammo
You can then use TMK if you want to add these to your own trainer :) Other easy things you can do on your own... 1. Police Wanted stars, see if you can find it
to always stay 0 stars :P What im not showing you it all??? Ahhh whats
the point in tutorials if you dont do some of
the work yourself, you wouldnt be doing your own
work but mine. You have to DABhand Contact: |