| Home | PC Cheat Codes | Game Patch Updates | PC Game Trainers | PC Game Tools | Game Patch Fixes | Articles | Discussion Forums | Contact |

Trainer Tutorials
Latest Forum Discussions:

This section of the site is dedicated to Trainer Tutorials to help everyone get a better understanding of how Game Trainers are made and how they function.

TSearch DMA, BreakPoints & BPX

You can view this tutorial in its original format here
T-Search DMA, BreakPoints & BPX
In this tutorial, we are going to hack a vital code for Grand Theft Auto: Vice City. This code is Infinite Health.

Start a new game and make sure that your health is at 100%. Next use T-Search to search for a known value of 17096. Go back into the game and lose a bit of health. Alt+Tab the game and do a search for "Value Has Decreased". Repeat this a few times until you come up with an address that works. NOTE: Your address will not be the same as mine because of DMA.

My address is A02DDE6. This is a DMA address and is not static. We need to set a breakpoint for read/write on this address to see what is reading and writing to this address. In T-Search go to the menu "AutoHack" and choose "Enable Debugger". Next go to menu "AutoHack" and choose "AutoHack Window" to show the AutoHack window. Next go to menu "Edit" and choose "Set BreakPoint". A new screen will come up asking your for the address to set the breakpoint on, how many bytes, and the type of breakpoint. Enter your address that you found above, leave the byte settings like they are, and then choose "Read/Write" from the breakpoint list. Click "Set" to set the breakpoint for read/write on your address. Return to the game and run around for a second or so, then Alt+Tab and check the AutoHack window. Notice all the offset addresses from your DMA address.

For Vice City, the decreaser address affects everyone in the game, and not just you. Meaning that if you lock it then everyone in the game becomes immortal when you do. If you would have just set a write breakpoint you would have gotten just the pointer address that decreases everyones health, which is useless to us.

These are the offsets that you should see in the AutoHack window:

501973: fld dword ptr [ecx+0x354]
505CEA: fld dword ptr [ebx+0x354]
50A66B: fld dword ptr [ebx+0x354]
509FBB: fld dword ptr [ebx+0x354]
50F3A6: fld dword ptr [eax+0x354]
558A9D: fld dword ptr [eax+0x354]
558B41: fld dword ptr [eax+0x354]
5D30BC: fld dword ptr [ebp+0x354]
5267C0: fld dword ptr [ebx+0x354]
5267DE: fld dword ptr [ebx+0x354]
5267E8: fstp dword ptr [ebx+0x354]
5D3ABF: fld dword ptr [ebp+0x354]

Next we must set a BPX, or Break On Execution, on each of these addresses so that that we can see if they return a value. To do this, we take each address (example 501973) and go to menu "Edit" in the AutoHack window and choose "Disassemble", and enter your address. Choose the Disassembler tab from the bottom and you will see your address listed at the top. Right click your address from the list and choose "Register". Go to the register tab and you will see your address has been set for a Break On Execute. Next, look at the register that goes along with the address ([ecx+0x354] EAX in 501973's case), and choose it from the register list. Next click the box to the left of your address to enable the break and return to the game. Run around for a second or so and Alt+Tab the game. If your address returns any value other than 0 and doesn't fluctuate in value then write the address down in notepad. Continue through all the values above until you have a list of working addresses.

My addresses are:

501973 fld dword ptr [ecx+0x354]
505CEA fld dword ptr [ebx+0x354]
50A66B fld dword ptr [ebx+0x354]
509FBB fld dword ptr [ebx+0x354]
558A9D fld dword ptr [eax+0x354]
558B41 fld dword ptr [eax+0x354]

All of the addresses above should have returned the same value. That value that they returned is an address in itself (remember, these are pointers to an address that holds a value of your life).

Now, gain some life to get your health back to 100%. Then take the value/address returned by the pointers above.

Take the value of one of the pointers listed above and replace the original address you hacked (DMA address) with the value + 354h (example A01F331h + 354h = A01F685h). The reason we added 354h is because the pointer told us to add 354h to the register value. The value of that address that you just inserted will automatically change to a your health value. Your address should return 1120403456 which is full health. Notice that in this game it is different from its counterpart value 17096 (DMA Address, Value).

Copyright © (1998) 2004 - 2016 GamePatchPlanet.com. All Rights Reserved. Privacy Policy Disclaimer