DABhand
09-06-2005, 13:20
Always check here for better version to look at
http://www.vwaskar.pwp.blueyonder.co.uk/asm/gtasa.txt
Here we are :)
Training GTA: San Andreas
=========================
Tools Needed
1. San Andreas off course :P
2. Some sorta Memory Scanner, just use Cheat Engine it works fine
3. Time and Brains
Ok Lets get started
First of all im using the Hoodlum No-DVD it works fine for me, some others had probs
I dunno why, but I got an original /me shrugs
So start up GTA:SA and play a bit, lets do money first tis an easy one since you can buy
things easily to lower your amount.
Ok first off ALT+TAB out the game (best if you press ESC to pause first), then use CE
to scan for that first value (hint: money is a dword), then back to game and buy
something food or clothing, go back and next search for the new value, you should have
3 values, its the first address being shown.
Ok heres a short explanation on the debugger, you can do a search what writes and what
reads from this address.
1. What writes, this is common for when you either buy something, take a hit, time,
etc. I.e. Use this for searching if you want to manipulate Op Codes that deal
with subtractions etc
2. What Reads, this is good if you get away with it (most games will crash if you try
since it has an anti-read protection running), this is handy if you want to
manipulate op codes that will give an effect there and then, instead of going through
buying or taking hits.
Ok since Hoodlum were nice to remove the Read checking, we can do that, so right click the
address after you have added it to the bottom list (double click from left list) and select
Find out what reads from this address.
Go back to the game, unpause, move around and get back out.
Your debugger will show a few entries, any I suppose is handy, but always look out for
float ops, you should see this in your list.
0055BD08 FILD DWORD PTR [eax+B7CE50]
This is the one :)
So click on that, and press show in debugger button to show the debugger screen. Remember
to take a note of the address and the opcode. Good. Also if the opcode is more than 6 bytes
long take a note of the next Address in the list which should be 0055BD0E. Write that down.
Now use Tsongkies Code Cave tool. (www.gamehacking.com and under misc tools)
Type in the Window name to find a place for our coding, (the window name is GTA: San Andreas)
Hopefully when you search it will say the address 00010ABF is recommended.
Ok now back to the debugger window and right click and goto address, and type 10ABF.
Here is where we type our code, now the info we know so far is the pointer [eax+B7CE50] holds
the money amount. So lets manipulate it by forcing an amount in.
So at 10ABF, double click its line and enter the following taking a new line for each...
mov [eax+B7CE50],05F5E0FF
fild dword ptr [eax+B7CE50]
jmp 55BD0E
Ok this is our code injection, what did we do, Ill explain...
mov [eax+B7CE50],05F5E0FF - Moves the value 99999999 into the pointer address (05f5e0ff
is 99999999 in hex - you can use calculator in windows in
advanced mode to type the decimal value then press hex)
fild dword ptr [eax+B7CE50] - if you read my previous tuts on opcodes, you will know this
means move the integer value at the pointer to the top of
the stack
jmp 55BD0E - Jump back to the next instruction in the game
Go back to 55BD08 address, and edit it and write
jmp 10ABF
So the game jumps to our own coding :)
Go back to the game, look at that money rise up to 99999999 :)
Ok whats next, perhaps Ammo? Sure why not.
Again get a gun, make a note of the ammo in the gun and search for it in CE (dword again)
go back to the game and fire once (easier if your in your house :P) and then go back and
search the next value etc.
You will find one. Now add to the list, and this time search for what writes to the address.
Fire the gun again, back and you will see this in the list.
007428B0 - mov [esi+08],eax
Look at it in the debugger, above you will see the opcode at 7428AF - DEC eax
Now some of you may think to just NOP this, but that doesnt work, cause there is a nasty
test eax,eax later on :P
So jot down from the DEC eax you should have this (remember we need 6 bytes for our own jump)
You should have
dec eax
mov [esi+08],eax
mov eax, [esi+0c]
There is a reason why im including the dec opcode. Which ill show why.
Anyway jot them down with the Address of dec eax (7428AF) and also the address after the opcodes
you wrote down which is 7428B6.
Goto 10abf, the next free area to write new code is 10AD5 (the 90 - Nop leave there)
ok at 10AD5 type the following
mov [esi+08],64
mov [esi+0c],64
mov eax, 64
dec eax
mov [esi+08],eax
mov eax,[esi+0c]
jmp 7428B6
Basically your moving the value of 100 into the two pointers used for ammo values in the game,
then moving 100 into the eax register. Which then goes onto the game code and decreases eax by
1, i.e 99 then moves it into the first pointer, then the 2nd pointer moves back into eax.
So when you jump back to the game code, it uses the nasty test eax,eax and the game says hey tis
cool my man!
Before we go back to the game, goto 7428AF and put in the jmp to our own coding.
jmp 10ad5
Ok go back to game and fire any gun :P Hey 99 ammo all the time wheeeeee
So hopefully from my last tut you know what to write down on a piece of paper dont ya :)
you should have the following
Money
=====
00010ABF
C7 80 50 CE B7 00 FF E0 F5 05 - MOV [EAX+B7CE50],05F5E0FF
D8 80 50 CE B7 00 - FILD DWORD PTR [EAX+B7CE50]
E9 3A B2 54 00 - JMP 55BD0E
90 - NOP
0055BD08
E9 B2 4D AB FF - JMP 10ABF
90 - NOP
Ammo
====
00010AD5
C7 46 08 64 00 00 00 - MOV [ESI+08],64
C7 46 0C 64 00 00 00 - MOV [ESI+0C],64
B8 64 00 00 00 - MOV EAX,64
48 - DEC EAX
89 46 08 - MOV [ESI+8],EAX
8B 46 0C - MOV EAX,[ESI+0C]
E9 C2 1D 73 00 - JMP 7428B6
90 - NOP
007428AF
E9 21 E2 8C FF - JMP 10AD5
90 - NOP
90 - NOP
You can then use TMK if you want to add these to your own trainer :)
Other easy things you can do on your own...
1. Police Wanted stars, see if you can find it to always stay 0 stars :P
2. Health, ahh health is always handy (this one will take a wee bit of thought)
3. Vehicle health (easy to find in drive by's since it shows a bar ;) )
What im not showing you it all??? Ahhh whats the point in tutorials if you dont do
some of the work yourself, you wouldnt be doing your own work but mine. You have to
learn somehow :P
DABhand
http://www.vwaskar.pwp.blueyonder.co.uk/asm/gtasa.txt
Here we are :)
Training GTA: San Andreas
=========================
Tools Needed
1. San Andreas off course :P
2. Some sorta Memory Scanner, just use Cheat Engine it works fine
3. Time and Brains
Ok Lets get started
First of all im using the Hoodlum No-DVD it works fine for me, some others had probs
I dunno why, but I got an original /me shrugs
So start up GTA:SA and play a bit, lets do money first tis an easy one since you can buy
things easily to lower your amount.
Ok first off ALT+TAB out the game (best if you press ESC to pause first), then use CE
to scan for that first value (hint: money is a dword), then back to game and buy
something food or clothing, go back and next search for the new value, you should have
3 values, its the first address being shown.
Ok heres a short explanation on the debugger, you can do a search what writes and what
reads from this address.
1. What writes, this is common for when you either buy something, take a hit, time,
etc. I.e. Use this for searching if you want to manipulate Op Codes that deal
with subtractions etc
2. What Reads, this is good if you get away with it (most games will crash if you try
since it has an anti-read protection running), this is handy if you want to
manipulate op codes that will give an effect there and then, instead of going through
buying or taking hits.
Ok since Hoodlum were nice to remove the Read checking, we can do that, so right click the
address after you have added it to the bottom list (double click from left list) and select
Find out what reads from this address.
Go back to the game, unpause, move around and get back out.
Your debugger will show a few entries, any I suppose is handy, but always look out for
float ops, you should see this in your list.
0055BD08 FILD DWORD PTR [eax+B7CE50]
This is the one :)
So click on that, and press show in debugger button to show the debugger screen. Remember
to take a note of the address and the opcode. Good. Also if the opcode is more than 6 bytes
long take a note of the next Address in the list which should be 0055BD0E. Write that down.
Now use Tsongkies Code Cave tool. (www.gamehacking.com and under misc tools)
Type in the Window name to find a place for our coding, (the window name is GTA: San Andreas)
Hopefully when you search it will say the address 00010ABF is recommended.
Ok now back to the debugger window and right click and goto address, and type 10ABF.
Here is where we type our code, now the info we know so far is the pointer [eax+B7CE50] holds
the money amount. So lets manipulate it by forcing an amount in.
So at 10ABF, double click its line and enter the following taking a new line for each...
mov [eax+B7CE50],05F5E0FF
fild dword ptr [eax+B7CE50]
jmp 55BD0E
Ok this is our code injection, what did we do, Ill explain...
mov [eax+B7CE50],05F5E0FF - Moves the value 99999999 into the pointer address (05f5e0ff
is 99999999 in hex - you can use calculator in windows in
advanced mode to type the decimal value then press hex)
fild dword ptr [eax+B7CE50] - if you read my previous tuts on opcodes, you will know this
means move the integer value at the pointer to the top of
the stack
jmp 55BD0E - Jump back to the next instruction in the game
Go back to 55BD08 address, and edit it and write
jmp 10ABF
So the game jumps to our own coding :)
Go back to the game, look at that money rise up to 99999999 :)
Ok whats next, perhaps Ammo? Sure why not.
Again get a gun, make a note of the ammo in the gun and search for it in CE (dword again)
go back to the game and fire once (easier if your in your house :P) and then go back and
search the next value etc.
You will find one. Now add to the list, and this time search for what writes to the address.
Fire the gun again, back and you will see this in the list.
007428B0 - mov [esi+08],eax
Look at it in the debugger, above you will see the opcode at 7428AF - DEC eax
Now some of you may think to just NOP this, but that doesnt work, cause there is a nasty
test eax,eax later on :P
So jot down from the DEC eax you should have this (remember we need 6 bytes for our own jump)
You should have
dec eax
mov [esi+08],eax
mov eax, [esi+0c]
There is a reason why im including the dec opcode. Which ill show why.
Anyway jot them down with the Address of dec eax (7428AF) and also the address after the opcodes
you wrote down which is 7428B6.
Goto 10abf, the next free area to write new code is 10AD5 (the 90 - Nop leave there)
ok at 10AD5 type the following
mov [esi+08],64
mov [esi+0c],64
mov eax, 64
dec eax
mov [esi+08],eax
mov eax,[esi+0c]
jmp 7428B6
Basically your moving the value of 100 into the two pointers used for ammo values in the game,
then moving 100 into the eax register. Which then goes onto the game code and decreases eax by
1, i.e 99 then moves it into the first pointer, then the 2nd pointer moves back into eax.
So when you jump back to the game code, it uses the nasty test eax,eax and the game says hey tis
cool my man!
Before we go back to the game, goto 7428AF and put in the jmp to our own coding.
jmp 10ad5
Ok go back to game and fire any gun :P Hey 99 ammo all the time wheeeeee
So hopefully from my last tut you know what to write down on a piece of paper dont ya :)
you should have the following
Money
=====
00010ABF
C7 80 50 CE B7 00 FF E0 F5 05 - MOV [EAX+B7CE50],05F5E0FF
D8 80 50 CE B7 00 - FILD DWORD PTR [EAX+B7CE50]
E9 3A B2 54 00 - JMP 55BD0E
90 - NOP
0055BD08
E9 B2 4D AB FF - JMP 10ABF
90 - NOP
Ammo
====
00010AD5
C7 46 08 64 00 00 00 - MOV [ESI+08],64
C7 46 0C 64 00 00 00 - MOV [ESI+0C],64
B8 64 00 00 00 - MOV EAX,64
48 - DEC EAX
89 46 08 - MOV [ESI+8],EAX
8B 46 0C - MOV EAX,[ESI+0C]
E9 C2 1D 73 00 - JMP 7428B6
90 - NOP
007428AF
E9 21 E2 8C FF - JMP 10AD5
90 - NOP
90 - NOP
You can then use TMK if you want to add these to your own trainer :)
Other easy things you can do on your own...
1. Police Wanted stars, see if you can find it to always stay 0 stars :P
2. Health, ahh health is always handy (this one will take a wee bit of thought)
3. Vehicle health (easy to find in drive by's since it shows a bar ;) )
What im not showing you it all??? Ahhh whats the point in tutorials if you dont do
some of the work yourself, you wouldnt be doing your own work but mine. You have to
learn somehow :P
DABhand