Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[C#]Making a Game Trainer

Go down

[C#]Making a Game Trainer

Post by Dami on Fri Oct 30, 2009 3:57 am

By gamesguru

Have you ever used Cheat Engine to hack a game or someone else's trainer and wanted to make your own? Well although C# may not be your best choice, it is a possible one and I am going to prove that to you.

Index:

Step 1-Detecting if a process is active.

Step 2-Reading non-dynamic address values.

Step 3-Writing to non-dynamic address values.

Step 4-Reading/Writing to and from pointers.

Step 5-Editing opcodes.

Using TMH-Very useful, saves time and just makes things easy, read it.

Extra-All files.

You should have a fair amount of experience with C# before you start this
guide, but if you want to start as a beginner...you can try! It's not
too hard...and also YOU MUST have experience with cheat engine.


Step 1

OK, so let's get started!

Finding a process name and detecting if it is present.

This step is not 100% necessary, but you can add nice labels and what-not that tells people if the process is present or not.

This
code will detect if notepad is running if it is then a messagebox is
shown telling you that one is present, if notepad's not present, a
messagebox is shown telling you that one is not present. Bottomline,
you have to remember this (highlighted part is vital!):


Code:
            System.Diagnostics.Process[] myprocesses = System.Diagnostics.Process.GetProcessesByName("notepad");

         

            if (myprocesses.Length != 0)

                {

                MessageBox.Show("Notepad instance found!", "Instance found!", MessageBoxButtons.OK, MessageBoxIcon.Information);

                }

            else

                {

                MessageBox.Show("No notepad instance found!", "No instance found!", MessageBoxButtons.OK, MessageBoxIcon.Warning);

                }

That's it, the first step, detection of a selected process, 'myprocesses' will be used later on too, so you need to know this.

Demo Project notepadlocater.zip

Step 2

 This step may be considered useless to many people but I will go over it anyways. Basically, it allows you to read an address's value. So let's say that in your game, every map has a different value for one address. You could use the case statement to convert it to string and then have a label displaying this: You are on the map: Dungeon level 2. It may seem useless, but it's not. You could also use it for directly transferring values between two addresses! Something not possible in ASM...enjoy!


OK! So, you remember Step 1? Well you're going to need to!

Now let me explain the next step. Download this. (And you will find the demo project at the bottom, not needed but you can see full source that way).


Any time you make a trainer, you'll need to add that as an existing item (Project add existing item, then browse to the file you just downloaded). After adding it to your project, make a timer, outside all methods.

Should look SOMETHING like this:

Code:
namespace WindowsApplication1
    {
    public partial class Form1 : Form
        {
        public Form1()
            {
            InitializeComponent();
            }
        Timer timer1 = new Timer();
        private void Form1_Load(object sender, EventArgs e)
            {
            timer1.Enabled = true;
            timer1.Interval = 100;
            timer1.Tick+=new EventHandler(timer1_Tick1);
            }


OK, then make a void, doesn't have to be public (or private), with the name timer1_Tick1. Example:

Code:

        void timer1_Tick1(object o1, EventArgs e)
            {
            //stuff
            }
Ok, now for the proccessmemoryreader function.

Add this line, outside all methods:

ProcessMemoryReaderLib.ProcessMemoryReader preader=new ProcessMemoryReaderLib.ProcessMemoryReader();

THAT IS VERY IMPORTANT REMEMBER IT!

This is just a shortcut to the ProcessMemoryReaderLib class, and you have to do it anyways.

This is something you will also have to memorize!!!

----------------------------------------------

Now, for the actual reading!

You'll need to open the process in read mode so, another memorizing thing, add these lines:

Code:
            preader.ReadProcess = myprocess[0];

            preader.OpenProcess();


Do not forget this, or when you try to read/write...nothing will happen.

Note: If you want to attach to the second instance make it myprocess[1] and then you must change the first part (myprocess != 0) to greater than or equal to. Ignore this if you don't know what I'm talking about. 

Now for the reading template!

Code:
                    int bytesread;
                    int memoryaddress = 0x1009624;
                    int memoryaddressvalue;
                    byte[] memory;


                    memory= preader.ReadProcessMemory((IntPtr)memoryaddress,1,out bytesread);
                    memoryaddressvalue = memoryvalue[0];
                    label1.Text = memoryaddressvalue.ToString();


Reading values, other than byte. e.g: double, 4 byte:

This is VERY simple! I use 4 byte for an example, and my variable is called 'valueconvert', but you may use other...just make a varible as an int (or double if you want double, float if you want float, ect!) and do not assign it a value...after assigning a byte array's (byte[]) value to memory, ( the line is: memory=preader.readprocessmemory...ect)...put this:


Code:
                valueconvert = BitConverter.ToInt32(memory, 0);
or for double:
Code:

                valueconvert = BitConverter.ToDouble(memory,0);

FOR THIS TO WORK THE LINE:

Code:
            memory =
preader.ReadProcessMemory((IntPtr)0x1009624,
8, out bytesread);

MUST HAVE AN EQUAL TO OR LARGER uintsToRead (in this case it's Cool value than the size of the object you are converting it to.

Byte-1&

Short-2

int-4

Long-8

Float,Decimal,Double-8

Ect..you can find them all out pretty easily, the only reason to make it precise is to save memory...but you shouldn't have to worry about that with such small trainers.


Very simple! But it can get confusing...

Demo project notepadreader.zip.

Step 3

This step focuses on writing to an address's value, using several notations (double, float, byte, 2 byte, and 4 byte)...this may not interest you because you wish to directly edit the opcodes, but to many...this step is very important!


You'll need 'ProcessMemoryReaderLib.cs' from step 2 so download it and add it to your project. For this step I will be using notepad, again. You will not be able to notice the difference without attaching cheat engine and directly reading its value...but it will be changing. And in this step, I've added pictures.

OK, let's get started...declare myprocesses (step 1) and preader (step 2).

Declare the following variables, in your checkbox or button click:

Code:
                int byteswritten;
                int value;
                //double value;
                //float value;
                //byte value;
                //short value;
                //long value;
                string strvalue;
                byte[] memory;


I commented out the ones that I'm not going to use, but you may use any that you want. Now here's the template:

Code:
            preader.ReadProcess = myprocess[0];
            preader.OpenProcess();

            int byteswritten; //don't worry about this
            int value; // value to be written to address's memory
            //double value;
            //float value;
            //byte value;
            //short value;
            //long value;
            byte[] valuebyte; //value, will be converted to byte array

            value = 4800;//just an example, could be anything
            valuebyte = BitConverter.GetBytes(value);                             
           

        //here the int value (4800), gets converted into byte array

            preader.WriteProcessMemory((IntPtr)0x1009624, valuebyte, out byteswritten);

Here the byte array value (4800), gets written to the address 0x1009624's value.



That's it! Simple, just like I told you! Demo Project NotepadMemoryWriter.zip

Step 4

First, if you have found the address by searching but every time you restart the game, the address changes. You need a pointer! Here is a good guide to finding them, if you have questions about it...ask me. 

OK, so exactly how to pointers work? The pointer base never changes, that is a 4 byte value. This value is going to be the start of the pointer. The offset adds to it and points to the exact address.

So in order to read pointers in C#, you must find the value of the pointer's base (it will always change, every time you restart the program), then add the offset to it.

I've made a simple demonstration:

Code:
int byteswritten;
int bytesread;
int value;
int pointerbase;
byte[] memory;

memory=preader.ReadProcessMemory((IntPtr)0x1009624, 4, out bytesread); //read the base 1009624, this is fake in notepad, just a demonstration!
pointerbase=BitConverter.ToInt32(memory, 0); //make an int with the value of the address read
pointerbase += 0xb14; //add the offset
memory=preader.ReadProcessMemory((IntPtr)pointerbase, 4, out bytesread); //read the pointer!
value=BitConverter.ToInt32(memory, 0); //convert the pointer's value back to int

You read the value from 1009624 offset:b14 and its value has been assigned to the int 'value'!


That's for reading, this if for writing:

Enabled (you write a new value to the pointer, in this case 2000):

Code:
int byteswritten;
int bytesread;
int value;
int pointerbase;
byte[] memory;

memory=preader.ReadProcessMemory((IntPtr)0x1009624, 4, out bytesread);
pointerbase=BitConverter.ToInt32(memory, 0);
pointerbase += 0xb14;
value=2000;
memory=BitConverter.GetBytes(value);
preader.WriteProcessMemory((IntPtr)pointerbase,memory,out byteswritten);
//now you are writing the value:2000 to:1009624 offset:b14


Disable (you write the original value to the pointer,in this case 4000):

Code:
int byteswritten;
int bytesread;
int value;
int pointerbase;
byte[] memory;


memory=preader.ReadProcessMemory((IntPtr)0x1009624, 4, out bytesread);
pointerbase=BitConverter.ToInt32(memory, 0);
pointerbase += 0xb14;
value=4000;
memory=BitConverter.GetBytes(value);
preader.WriteProcessMemory((IntPtr)pointerbase,memory,out byteswritten);
//you wrote the value:4000 to:1009624 offset:b14


Yes, it's that simple and I know it can be hard to type that all out, so I've made a program that makes it VERY easy!

Step 5

OK if you're not a fan of assembly...TOO BAD YOU HAVE TO LEARN THIS!.


As
you know, OpCodes are the heart of disassembled 32-bit programs. And if
you can edit these...you are set! In fact, if you can edit these, you
don't really need debug registers, because with those...you are limited
to four, but you never run out of opcodes to changes...so let's get
started.

OK, we know that editing opcodes is our goal, but how do
we do that? The answer is Hex Dumps, (or in cheat engine array of bytes), it's very easy too!

Now for writing 4 byte values...you had to convert back and forth...this was not easy! This is much more straight forward, so let's start!

Add an address as Array of Byte in Cheat Engine record its value (hexadecimal) and then change its opcode. Note that the AOB changes! Now, all you have to do is change the AOB of an address to change its opcode, but how to do this? Simple...watch!

Suppose an address's AOB is 00 (add [eax],al), but you want to change the opcode to jmp 0, this is very easy to find...change the opcode to jmp 0 and look at the new AOB it happens to be E9 D7 69 FF FE 90 and then 0's forever. These 0's can be ignored. So here's how i would do this:

Code:
int byteswritten;

byte[] memory={0xe9, 0xd7, 0xff, 0xfe, 0x90};

preader.WriteProcessMemory((IntPtr)0x1001d07,memory,out byteswritten);

Remember that when you do this, you only have to change UP to where the bytes changed...for instance if I change the opcode and only the second byte changes I could do this:

original: af 8f 8a 0a 4f

after opcode change: af 3f 8a 0a 4f

I could change the above highlighted text to:

0xaf, 0x3f

I know that this too can be complicated and hard to write out so I've written a program to do most of the thinking for you!

And you can read the TMH help,this program generates all of the code that you should need to make a trainer.

Using TMH(Trainer Maker Helper)


OK, so I've made this great program and you want to know how to use it, right? Well it's pretty straight forward, but if you don't understand it...READ ON!

Download it here:

CSharpTMH.zip

After downloading, you see that it's a single .exe file and has several tabs. Go ahead and click the generate button on the first page. You'll see that the Code: textbox is no longer blank and the code is as follows:

Code:
string sProcessname=;
System.Diagnostics.Process[] myprocess=System.Diagnostics.Process.GetProcessesByName(+ sProcessname +);

Recognize it? Yep it's the code for finding if a process is active! But now input a process name into the processname textbox (no .exe after it), and press generate again. Now it regenerates the code and this time the varible sProcessName has a value, and if you were to add this to your program, it would work, just like Step 1.

That may not be nesissary but I've added it anyways...now for the useful stuff!

Go to the next tab, you'll notice the name "Normal Read", what does this mean? It's Step 2, reading a process's memory! I've made it quicker...input the address and press generate...copy the code paste it into a button click method or some other method...simple right?

Normal Write is Step 3...self explanatory from here on out right?

Except for AOB writer it is...here's how you use AOB writer.

Find the AOB and address that you want to write then:

enter the address (hex) into the address (hex) textbox

enter both AOB's in this format:

38 d8 fa 9d

NOT:

38d8fa9d!

They must be spaced out every two characters.

Extra Files

All files and their descriptions:


ProcessMemoryReader.cs-Needed for making any trainer

VeryComplicatedTrainer.zip-A sample trainer that is complicated

notepadlocater.zip-First trainer, just sees if a notepad instance is open

notepadreader.zip -Reads the length of the text in notepad (byte)

C# Trainer Maker Helper.zip-A VERY useful program and how to use.

VicualCSharp2005ExpressEditionStarte.rar-Good C# starting book.

Cheat Engine-Very useful tool that you will need to know how to use...
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Re: [C#]Making a Game Trainer

Post by wafflemaster on Tue Nov 03, 2009 4:07 pm

You should add this at the end: http://forum.cheatengine.org/viewtopic.php?t=175943

it's very useful.

wafflemaster
V.I.P
V.I.P

Posts : 123
Join date : 2009-10-27

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum