MegaDev
 Wednesday, 23. May 2012 16:52 : 150 User online Select Interface Language:: English Deutsch  
Main Menu
MegaDev
MD-Games expand-menu
...
MD-Trainers expand-menu
...
MD-Tools expand-menu
...
CCJ39 expand-menu
...
World-of-Civ expand-menu
...
Community
Internal
Support MegaDev
Welcome, Guest. Please login or register.


 Login with username, password and session length
 
Show the english part of the board | Show the german part of the board
Home Help Search
Pages: [1]   Go Down
« previous next »
Print
Author Topic: Memory editing - > trainer creation  (Read 11626 times)
0 Members and 1 Guest are viewing this topic.
drats666
Newbie
*
Offline Offline

Gender: Male
Posts: 13


View Profile
« on: 14. October 2011, 15:17:44 »
could someone answer a question for me about memory editing? I tried several times to make a trainer for varies games but i never have any luck. the reason why is the dynamic memory location where each time you run the game the values are stored in different addresses. I can find the current address using cheat engine easily, but it gets rather tiring having to refind the addresses everytime i run the game >.<. anyways, my question is this.

Using cheat engine (currently using 6.1), once i find the address/s that have the values i want to control, how do i turn them into offsets that trainers use? I read several tutorials on this but none ever seem to work, even followed a few videos and photo guides but still never seem to be able to figure out how to get offsets from the .exe starting memory location like Testprocess.exe +0x0094c380. any help would be much appreciated.
Logged
CCJ39
Megadev - godhead
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 4512



View Profile WWW
« Reply #1 on: 16. October 2011, 17:17:50 »
most common are 3 basic types you can use... but as first you should try the cheat engine tutorial (included in install-path)

1st: make a write-debug for e.g. your ammo, then change the value and replace the founded address with code that do nothing (nope) => this way you and probably all oppenents get unlimited money, but in this case it doesn't matter it's very easy to do... the replaced address is always located same in exe or dll where it is stored

2nd: make an access-debug and write a code injection, thats easy too, if you know what you do ^^ ... you also need some assembler-knowledge for it

3rd: you can also try a pointer-scan for the address... if you're able to find a static pointer, you don't need to search the value every time, but it's not working in every case... however the included tutorial in cheatengine is very good to understand this
Logged
CCJ39 (Admin ~ MegaDev, MegaTrainer XL, MegaTrainer eXperience)
drats666
Newbie
*
Offline Offline

Gender: Male
Posts: 13


View Profile
« Reply #2 on: 16. October 2011, 17:22:27 »
i was using the cheat engine to make a trainer, but running the debug makes the game crash >.< and seems any trainer i actually make with cheat engine, doesn't load >.< it opens in memory but nothing ever comes up >.<. been using cheat engine to edit shogun 2, money, general skill points etc.

as for the ce tutorial, it crashes on me when i execute my code then hit  the hit button >.<
« Last Edit: 16. October 2011, 18:16:39 by drats666 » Logged
CCJ39
Megadev - godhead
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 4512



View Profile WWW
« Reply #3 on: 16. October 2011, 18:59:34 »
if the game crashes when you try to debug, the game probably have a debugger-protection... if the tutorial or game crashes, when you activate your code, you've done something wrong Zwinkernd ... you can post your tutorial code here, then we can check for an error
Logged
CCJ39 (Admin ~ MegaDev, MegaTrainer XL, MegaTrainer eXperience)
drats666
Newbie
*
Offline Offline

Gender: Male
Posts: 13


View Profile
« Reply #4 on: 17. October 2011, 03:19:24 »
actually found one mistake, i was trying to write an address to a pointer, instead of having it write the normal value + my addition to the address it was pointing to >.< like this
Code:
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B5A9) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
ADD [00000748],3

originalcode:
dec [rbx+00000748]

exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B5A9:
jmp newmem
nop
returnhere:

fixed it by doing this instead
Code:
alloc(newmem,2048,"Tutorial-x86_64.exe"+2B5A9) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
ADD [rbx+00000748],3

originalcode:
dec [rbx+00000748]

exit:
jmp returnhere

"Tutorial-x86_64.exe"+2B5A9:
jmp newmem
nop
returnhere:
sometime tells me i should stop trying to learn things at like 3-7 in the morning >.<

Finally got past step 8, >.< i was searching in a loop, and would search for what access the pointers instead of what accessed the address i found. waited till i found a green base address then i manually added my point with all the offsets i found. this ended with the originally found address. i changed pointer and set to 5000, appearently i done it right since i could hit next so i beat the tutorial. >.< and now i think i know how to make my cheat engine work right. but one question,
Do the location of the base addresses(green) change each time you open it? if not, then i could just create a pointer trail following down to a green address and simply apply my value to the pointer trail.  i think >.<
« Last Edit: 17. October 2011, 22:47:16 by drats666 » Logged
drats666
Newbie
*
Offline Offline

Gender: Male
Posts: 13


View Profile
« Reply #5 on: 21. October 2011, 16:03:06 »
hmm still running into a problem. i follow pointers to a green address but then it seems the value changes and so does the pointer >.< though i may have messed something up because i see some things i dont recognize, example i'm not sure what
movss is, example
Code:
00818e00 - movss [eax],xmm0
then again also not sure what xmm0 is.

is movss just a more complex version of mov?
the above code says the value of the pointer needed to find this address is probably 1342843c however doing a hex search for that address i get
Code:
Scan error:thread 0:1342843c is not a valid value
Logged
CCJ39
Megadev - godhead
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 4512



View Profile WWW
« Reply #6 on: 21. October 2011, 17:43:44 »
why you don't try to use the included pointerscanner of CE? it makes things much easier/faster Zwinkernd
Logged
CCJ39 (Admin ~ MegaDev, MegaTrainer XL, MegaTrainer eXperience)
drats666
Newbie
*
Offline Offline

Gender: Male
Posts: 13


View Profile
« Reply #7 on: 21. October 2011, 17:46:22 »
because the point scanner comes up with millions of results? and to really understand the program, you should know how to do things the original way lol. much like some carpenters still use old tools even though newer tools are much more effective. like using an old hand drill instead of a powered drill.
Logged
Pages: [1]   Go Up
Print
« previous next »
 
Jump to:  

Show the english part of the board || Show the german part of the board

Theme by MegaDev (CCJ39)

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Partnerpages

GermanGameHackingZone

Trainer-Paradies

BananenflankeFussball Manager Online

Fussball Manager 11 -- FM-Arena		SoccerLobbyFM-Arena.de - Fussball Manager

FM-Zocker.de | Your Source for Anstoss Files

MegaDev's Webseiten

www.megadev.info | www.megadev.de | www.mega-dev.com | www.mega-dev.de
www.md-trainers.info | www.md-trainers.de | www.md-trainers.com
www.mega-trainer.de | www.mega-trainer.com
www.md-tools.info | www.md-tools.de | www.md-tools.com
www.md-games.info | www.md-games.de | www.md-games.com
www.ccj39.de | www.ccj39.com
www.world-of-civ.de | www.world-of-civ.com

All logos and trademarks in this site are property of their respective owner.
For more Details, take a look in our Imprint

The comments are property of their posters,
all the rest © 2007 - 2012 by MegaDev


Page Generation in 0.1559 Seconds, with 52 Database-Queries