I currently us game trainer studio to make my hacks ...but it uses WindCap to poke the addresses ...I want it to poke a Filename.... How can I implement this in the example code below??


; ################################################## #######################

.386
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive

include trainer.inc ; local includes for this file



; ################################################## #######################

.data



; ### Constants Below

; ### Constants Above

; ### Bytes Below



Button00000 db 090h
db 090h
db 090h
db 090h
db 090h
db 090h
; ### Bytes Above

; ### Button Messages Below



; ### Button Messages Above

WindCap db 'Half-Life 2 DM',0
szDisplayName db 'Trainer',0
.code

start:
invoke GetModuleHandle, NULL
mov hInstance, eax

invoke GetCommandLine
mov CommandLine, eax

invoke WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
invoke ExitProcess,eax

; ################################################## #######################

WinMain proc hInst :DWORD,
hPrevInst :DWORD,
CmdLine :DWORD,
CmdShow :DWORD

;====================
; Put LOCALs on stack
;====================

LOCAL wc :WNDCLASSEX
LOCAL msg :MSG
LOCAL Wwd :DWORD
LOCAL Wht :DWORD
LOCAL Wtx :DWORD
LOCAL Wty :DWORD

;================================================= =
; Fill WNDCLASSEX structure with required variables
;================================================= =

invoke LoadIcon,hInst,500 ; icon ID
mov hIcon, eax

szText szClassName,"Trainer_Class"

mov wc.cbSize, sizeof WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW \
or CS_BYTEALIGNWINDOW
mov wc.lpfnWndProc, offset WndProc
mov wc.cbClsExtra, NULL
mov wc.cbWndExtra, NULL
m2m wc.hInstance, hInst
mov wc.hbrBackground, COLOR_BTNFACE+1
mov wc.lpszMenuName, NULL
mov wc.lpszClassName, offset szClassName
m2m wc.hIcon, hIcon
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor, eax
m2m wc.hIconSm, hIcon

invoke RegisterClassEx, ADDR wc

;================================
; Centre window at following size
;================================

mov Wwd, 160 ; Dialog Width
mov Wht, 76 ; Dialog Height

invoke GetSystemMetrics,SM_CXSCREEN
invoke TopXY,Wwd,eax
mov Wtx, eax

invoke GetSystemMetrics,SM_CYSCREEN
invoke TopXY,Wht,eax
mov Wty, eax

invoke CreateWindowEx,WS_EX_LEFT,
ADDR szClassName,
ADDR szDisplayName,
WS_MINIMIZEBOX or WS_OVERLAPPED or WS_SYSMENU,
Wtx,Wty,Wwd,Wht,
NULL,NULL,
hInst,NULL
mov hWnd,eax

invoke ShowWindow,hWnd,SW_SHOWNORMAL
invoke UpdateWindow,hWnd

;===================================
; Loop until PostQuitMessage is sent
;===================================

StartLoop:
invoke GetMessage,ADDR msg,NULL,0,0
cmp eax, 0
je ExitLoop
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
jmp StartLoop
ExitLoop:

return msg.wParam

WinMain endp

; ################################################## #######################

WndProc proc hWin :DWORD,
uMsg :DWORD,
wParam :DWORD,
lParam :DWORD

LOCAL var :DWORD
LOCAL caW :DWORD
LOCAL caH :DWORD
LOCAL color :DWORD
LOCAL hDC :DWORD
LOCAL Rct :RECT
LOCAL Ps :PAINTSTRUCT
LOCAL buffer1[128]:BYTE
LOCAL buffer2[128]:BYTE
LOCAL lfnt :LOGFONT
LOCAL psd :PAGESETUPDLG
LOCAL pd :PRINTDLG

.if uMsg == WM_COMMAND
MOV EAX, wParam
.if wParam == 499

.elseif wParam == 500

ButtonJump_Jump500:
Invoke TrainerEngine, NULL, Offset WindCap, 024000300h, Offset Button00000, 6


.endif
.elseif uMsg == WM_CREATE


Invoke Protection
MOV HotKeyMiniToggle, TRUE
szText font1,'MS Sans Serif'
invoke CreateFont,8,5,0,0,500,0,0,0, \
DEFAULT_CHARSET,0,0,0,\
DEFAULT_PITCH,ADDR font1
mov hFont, eax

Invoke SetTimer, hWin, 1, 100, 0 ; HotKey Timer
Invoke SetTimer, hWin, 2, 300, 0 ; EditBox Timer 1
Invoke SetTimer, hWin, 3, 300, 0 ; EditBox Timer 2



szText bTxt1,"New Button"
invoke PushButton,ADDR bTxt1,hWin,21,9,110,20,500

.elseif uMsg == WM_TIMER
Invoke Protection
.If wParam == 1 ; ### Timer Below ###




.Endif ; ### Timer Above ###

.If wParam == 2 ; ### Timer Below ###

.Endif ; ### Timer Above ###

.If wParam == 3 ; ### Timer Below ###




.Endif ; ### Timer Above ###



.elseif uMsg == WM_PAINT
invoke BeginPaint,hWin,ADDR Ps
mov hDC, eax
invoke Paint_Proc,hWin,hDC
invoke EndPaint,hWin,ADDR Ps
return 0
.elseif uMsg == WM_DESTROY
invoke PostQuitMessage,NULL
return 0
.endif

invoke DefWindowProc,hWin,uMsg,wParam,lParam

ret

WndProc endp

; ################################################## ######################

TopXY proc wDim:DWORD, sDim:DWORD

shr sDim, 1 ; divide screen dimension by 2
shr wDim, 1 ; divide window dimension by 2
mov eax, wDim ; copy window dimension into eax
sub sDim, eax ; sub half win dimension from half screen dimension

return sDim

TopXY endp

; ################################################## #######################

Paint_Proc proc hWin:DWORD, hDC:DWORD

LOCAL btn_hi :DWORD
LOCAL btn_lo :DWORD
LOCAL Rct :RECT

invoke GetSysColor,COLOR_BTNHIGHLIGHT
mov btn_hi, eax

invoke GetSysColor,COLOR_BTNSHADOW
mov btn_lo, eax

return 0

Paint_Proc endp

; ################################################## ######################

end start


As you can see its finding "Half-Life 2 DM" window caption when I want "hl2.exe" Filename ...

Any ideas??

Regards sawky

There is a tut I did showing sheeps trainer skeleton.

It will show you how to load a specific file, and then obviously poke address/es

Yeah...I looked at that ..I thought that changing

WindCap db 'Half-Life 2 DM',0 to
FileName db 'hl2.exe',0

and changing

Invoke TrainerEngine, NULL, Offset WindCap, 024000300h, Offset Button00000, 6 to

Invoke TrainerEngine, NULL, Offset FileName, 024000300h, Offset Button00000, 6

would of done it ....but not to be!!lol

is there anyway for it to look for multiple windows then.....

as an example (I know this doesnt work)

WindCap db 'Half-Life 2 DM' or 'Counter-Strike Source',0

thanx

erm...

WindCap = Window Caption

the code OBVIOUSLY uses FindWindow to do its work, checking the window caption, changing this to a filename would be utterly pointless..

if you're coding a trainer, then gettheprocessid from the window (or when you launch it using createprocess), then work from that...

i get the feeling you don't really know what you're doing :)

I didnt just change the window caption to a file name .... I looked at the skeleton example which uses

FileName db 'game.exe',0

where as I use

WindCap db 'my game',0

and changed my code respectively but to no avail ....(as described above)

My WindCap trainers work fine..... I just wanted to change to 'FileName' ....

Not to worry If no-one knows how to do it....

Cheers sawky

you mean you want to display the filename in the trainer or something? cos im lost now...

By the looks of things he wants his trainer to find the Process name of a game.

But he cant change his WindCap for Filename as the rest of the coding doesnt work that way of course.

@sawky - you have to have similar as the skeleton to invoke loading the designated file and poking addresses. As said changing your WindCap for the Filename wont do anygood at all.

You will have to have this somewhere in your coding

invoke CreateProcess, ADDR FileName, NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,ADDR StartUpInfo,ADDR hProcess

(the \ just lets the compiler know to goto the next line to continue the sequence)


Also setting the following under your .data? section

StartUpInfo STARTUPINFO <>
hProcess dd ?

So when the game is loaded it sets the address of where the game has loaded into your memory etc properly. So you can later use WriteProcessMemory to write your data.

Like so

invoke WriteProcessMemory,hProcess,Address,addr bytestobewritten,numberofbytestowrite


Would be just as easy to use the skeleton and change what you wanted it is easy enough to follow and change accordingly :)

Hi,

When I run Cain, it shows "Cannot find WinCap driver ...". I reinstalled WinCap and Cain, but the same message poped up. Can you help me on that. It works fine before, until I installed Vista SP1, but it works find on my other notebook. Can you help me on that.

Thanks..

Then install WinPCap..

http://www.winpcap.org/install/default.htm

:/