JMC17
11-12-2013, 02:13
I haven't worked on trainers for awhile and I have a really bad memory.
The problem is, usually the memory dump addresses keeps changing which is why (from what I know)
most people make trainers by poking addresses in the ASM code and changing the flow of the code
(jumping into a code cave and back when done) because those usually doesn't move..
But what do you do when even this keeps changing :
(First run)
CPU Disasm
Address Hex dump Command Comments
058FB59E 8B40 3C MOV EAX,DWORD PTR DS:[EAX+3C]
(Exit and start game.exe)
(Second run)
CPU Disasm
Address Hex dump Command Comments
058FB5E6 8B40 3C MOV EAX,DWORD PTR DS:[EAX+3C]
For proper context, I'm using OllyDbg2/CE and this trainer is for Anna's extended edition from Steam.
The value i'm modifying is the "panic bar" which goes from 0(gameover) to 100(fullbar) in decimal.
The question in short, what am I doing wrong?
Okay so I finally finished the trainer, I'll upload the source code and link it once I actually release it.
I have no idea why the memory is shifting but doing a pattern scan solves the problem.
Basically you read a large portion of the process memory and compare it with the opcodes of the commands you're looking for. When found, you then know exactly where to inject the code.
This is where I learned about it (http://www.unknowncheats.me/forum/c/79384-c-pattern-scan.html)
And here's the trainer's source code (http://www.clubdragon.org/safehouse/Public/AnnasTrainerSource.zip)
The problem is, usually the memory dump addresses keeps changing which is why (from what I know)
most people make trainers by poking addresses in the ASM code and changing the flow of the code
(jumping into a code cave and back when done) because those usually doesn't move..
But what do you do when even this keeps changing :
(First run)
CPU Disasm
Address Hex dump Command Comments
058FB59E 8B40 3C MOV EAX,DWORD PTR DS:[EAX+3C]
(Exit and start game.exe)
(Second run)
CPU Disasm
Address Hex dump Command Comments
058FB5E6 8B40 3C MOV EAX,DWORD PTR DS:[EAX+3C]
For proper context, I'm using OllyDbg2/CE and this trainer is for Anna's extended edition from Steam.
The value i'm modifying is the "panic bar" which goes from 0(gameover) to 100(fullbar) in decimal.
The question in short, what am I doing wrong?
Okay so I finally finished the trainer, I'll upload the source code and link it once I actually release it.
I have no idea why the memory is shifting but doing a pattern scan solves the problem.
Basically you read a large portion of the process memory and compare it with the opcodes of the commands you're looking for. When found, you then know exactly where to inject the code.
This is where I learned about it (http://www.unknowncheats.me/forum/c/79384-c-pattern-scan.html)
And here's the trainer's source code (http://www.clubdragon.org/safehouse/Public/AnnasTrainerSource.zip)