Search site: 

| Home | PC Cheat Codes | Game Patch Updates | PC Game Trainers | PC Game Tools | Game Patch Fixes | Articles | Discussion Forums | Contact |

Trainer Tutorials

Latest Forum Discussions:

This section of the site is dedicated to Trainer Tutorials to help everyone get a better understanding of how Game Trainers are made and how they function.

Resolving Dynamic Memories at Runtime Tutorial

You can view this tutorial in its original format here
Resolving Dynamic Memories at Runtime
Revision 1 May 12, 2003
by Tsongkie 

I. Introduction

In this guide, I would try and explain to you a certain advance technique in game training that is lacking in most game trainers. I will not provide a source code for every coder has his own way of developing his trainer, so if you are looking for that, dont waste your time reading this tutorial. I will explain in pseudocode and theory on how it is done. 

May I remind you that this is only a way, not THE WAY. There are certain other techniques useful which provides different routines but produces the same result. I would suggest further reading to [sheep]'s tutorial on Advance Game Training...


II. Lets Get Our Hands Dirty

In a certain game, I found the following addies, although the values are dynamically allocated by runtime to different addies.

00465580 --> Gold
00465588 --> Silver
00465590 --> Bronze

Notice that they are separated by 8 bytes. I restarted the game, found 3 different addies but also are separated by 8 bytes.

Also, when I scroll up and look at the bytes before our addies, i found a 909090EB08909090 exactly 16 bytes before the first addie (Gold). I then restarted the game and find the same bytes over and over again at exactly 16 bytes before our addies.

It has been put into my attention that some games do not have these kind of pointers. In fact they do, you must only look deeper into the code...


III. Our Problem

We want to write a trainer that resolves these addies at runtime. So how do we do that? Lets see what we know....

1. Our addies, wherever they may be located are always 8 bytes apart.
2. At exactly 16 bytes before our addies we could find the hex bytes 909090EB08909090


IV. Our Solution

Since we already know the facts, we can use it in our trainer to resolve the game addies at runtime. What we need to do is search for the "signature bytes" and when we find it at 16bytes to that address, read a dword (gold), add 8 bytes to that addie, read a dword(silver), add another 8 bytes to that addie and read the final dword (bronze).

Here's what i have done with my code:

* I filled the Structure IMAGE_DOS_HEADER by using ReadProcessMemory at 00400000h
* I then ReadProcessMemory the GameProcess at 00400000h + IMAGE_DOS_HEADER.e_lfanew in a IMAGE_NT_HEADERS structure
* I made a loop that allocates IMAGE_NT_HEADERS.FileHeader.NumberOfSections amount of IMAGE_SECTION_HEADER structure. I then read the sections of IMAGE_NT_HEADERS into my allocated buffer. Now, If the section is a data section:
* Search the GameProcess from the IMAGE_SECTION_HEADER.VirtualAddress for IMAGE_SECTION_HEADER.SizeOfRawData (This is our "signature bytes")
*When we find it add 16bytes to the pointer, read 8 bytes(dword for gold), add 8 bytes to the pointer read 8 bytes for the silver and increase the pointer by 8 bytes and read it for the bronze.


V. Final Words

Well, I hope you learned something from it. If there is something vague in the tutorial, pls contoct me via e-mail : root@tsongkie.com or go to World Of Gamehacking Site, www.gamehacking.com

Greetz goes to:

* Sheep * nh2 * Stonerifik * Ratattack * ddh * Micral * iCarus * Those in #gamehacking in EFnet * Team Extalia * CES * Evil Eye Software * SRN Software *


Tsongkie
http:/www.tsongkie.com
CES

Copyright (1998) 2004 - 2016 GamePatchPlanet.com. All Rights Reserved. Privacy Policy Disclaimer