Originally posted by angelfly I know exactly what ETT is but here is what you said "1) It saids to telnet Xbox --> PC with ETT", the guide does not say that.And where it said "type: value 6" it should be easy to assume you type "value 6".As for the telnet client I use the normal telnet that ships with windows.I really don't know what you find so confusing about the direction "load it into IDA Pro" and "I will be showing how to do the Continue trainer for TMNT" means exactly what it says and that is he will be showing how to make a continue trainer for tmnt.
Well thnx for your guidance I finally understand some of the confusing points in the guide.
if you have any questions about any specific part I will be happy to try and help you understand it, I did not write the guide to be used with ett, I have no idea how ett works..
As for the value searching, I take a value that is on the screen, and then search for it, get that value to change in the game, then search for the new value.
This is done so that you can narrow down the location of the number of continues.
Ida pro is a piece of software used to disassemble things, it is listed as things you need in order to do the tutorial, you could use wdasm or something else if you are familiar with them, but I don't go into detail on how to use them.
I'll read through your tutorials again and learn from it but now I gotta fix my Telnet problem...It freezes on every game when I send the messge "value 6".
This XBOX trainer stuff is new to me,i have sucessfully done the value searches ,with your tutorial {thanks}. But as far as locking that value since i don't have IDA pro is where i'm having trouble at.
Any help would be appreciated.
Wanting to join your XBOX trainer team once i get this all figured out.
you can use any disassembler, I just perfer ida pro since thats what I'm used to. Its probably overkill in some situations, and it is a bit slow in loading since it does so many things..
The best alternative would be w32dasm (last I knew it was version 8.9 or something like that)
Thats probably a lot easier to find since its very popular with people that patch windows programs, and it ends up on web sites quite often.
Since there are so many disassemblers out there I didn't want to go thru all of them in the tutorials, but it should be pretty easy to figure out how to adapt the tutorial to use w32dasm's interface, since all we are really doing is finding out what is happening at that location, then changing it.
If anyone is/was curious on how to find the values for the TitleId and the TimeStamp the following code will do just that. If someone wants to write something like this in vb or vc++ or something I think it could be a helpful tool to points people to so they can check to see if the trainer they are trying to use is failing because of the title id, the timestamp, or because they misconfigured something.
#include <stdio.h>
main(int argc, char *argv[])
{
int offset;
int temp;
FILE *fp;
fseek(fp,0x0114, SEEK_SET); /* Go to the offset for TimeStamp */
fread(&temp,1,4,fp);
printf("Timestamp: %4.4X\n",temp);
fread(&offset,1,4,fp); /* Read start address of certificate */
offset-=0x10000; /* adjust address for flatfile */
offset+=8; /* add 8 to get to TitleId value */
fseek(fp,offset, SEEK_SET); /* Go to the offset for TitleId */
fread(&temp,1,4,fp);
printf("Title Id : %4.4X\n",temp);
exit(0);
}
Thanks for the great tutorial, dootdoo!
Following the tutorial, I could go all the way down to NOP
and succeeded in making the number stay as I want.
After that, I want to create ETM file, so I don't need to
connect telnet everytime I want to use trainer.
But I am lost. I tried EasyEvoxTrainerMaker, but no success.
How can I apply the 'poke' command to the utility?
Can someone guide me how to make ETM file?
Any help would be appreciated~
Reply With Quote
