yes, you're right... w32dasm is very easy to find...Originally posted by dootdoo
w32dasm (very easy to find online since a lot of shareware crackers like it) should work just as well in most cases.
but what do i click on the w32dsm that match the one in your tutorial with the IDA pro ? ("now in IDA pro, click the VIEW-ASM tab, then go to the jump menu, select jump address and type in 0002a261.") ?
the main window in w32dasm is what you need to look at, and it too also has a go to address feature in the menus
after 5+ hours surfing the net, i finally found a copy of IDA PRO
And after 15minutes following your tutorial, i've managed to create a simple trainer for TMNT
i can't wait to start hacking some of my games... and also borrowed some games from my friends too... he has more then 90 games in his game library
now... if only i can get my hands on a 120gb HDD
oh yeah, by the way... the step-by-step procedure for other games is the same for your TMNT tutorial right ??
The step by step for quite a few games is identical to my tutorial, if I get some more feedback as to what people need more help on, or want to learn, then I can write some more advanced guides (some games are trickier then others, true crimes streets of la for example). But I need feedback, and most likely questions about certain games, or how to hunt down things so I know there is an interest, a lot of people grabbed the first tutorial, but I don't know if it made sense, or if they were confused, or if it was below their level..
Maybe I'll write one up on how I did otogi 2 when I wasn't able to use the 'value' command (it hangs it even if you 'fr' first)
Yeah, a nice indepth would be good...
Simple things like number finds are easy for 99% of people but others will get stuck by life bars etc where there's no real clue of a value to search for.
On the C64 etc I'd just count the life losses bit by bit but when you have a large bar its not so easy etc. Also explanations of why some values are not so easy to find ie they may be represented by their screen value ie on C64 & Atari 2 would be 32 which made it harder to find or the programmer might use a diff number and then subtract a value off it then display it etc...
You might want to do a little expo of how you used IDA Pro in a bit more detail as some could find things like that very complex...Just a thought here and there...
Noted and appreciated
I was stumped by blood wake because I wasn't paying attention to the behavior of the weapons, and just to the counts on screen =) So I'll be sure to include something like that too.. also ran into that with true crimes, they display a value on screen for if you are a good or bad cop, which is determined by taking goodcop pts - badcop pts.. I only stumbled upon the values when I was going thru the stats pages (by accident)
I'm having the same problem. How do you use db to get the proper timestamp? The one I get from cxbx doesn't seem to work (trainers dont work but pokes via telnet work fine)
Any susgestions will be greatly appreciated
do "db 010114 1" and reverse the first 4 bytes to get the proper timestamp
ok.. so if db 010114 1 will dump the needed stamp info, what memory location holds the title id?
Thanks for the response! It's appreciated..
Think I have more fun trying to cheat then actually playing the games ;P
look at the 4 bytes after the time stamp, put those in the proper human friendly order, it should be something like 10178 or 10184 (it is different game to game), add 8 to the value, and those four bytes, once reversed are what you are looking for..
Code:.db 10114 10 00010114 : 97 b7 9b 3c 78 01 01 00 0e 00 00 00 48 03 01 00 | .7.<x.......H... 97 b7 9b 3c Time Stamp 78 01 01 00 Cert Offset so the time stamp would be 3C9BB797h and the cert offset would be 010178 then do a db 10178 10 00010178 : d0 01 00 00 f9 b3 9f 3c 0e 00 57 4d 47 00 61 00 | P...y3.<..WMG.a. d0 01 00 00 Cert Size f9 b3 9f 3c Some other time stamp (don't use) 0e 00 57 4d (Title ID) So your title id would be 4D57000Eh
Last edited by dootdoo; 12-26-2003 at 05:06 AM.
Dootdoo,
Really appreciate you helping all us newbs out
Thanks for your support. We all can contribute trainers now
Do you have susgestions for finding things like life meters with out a known (on the screen) value? Too bad remotex debugger 1.1 didnt have memory snapshots so you could do a </>/= last mem snap to track down tricky values
Thanks again.
I've only done a couple 'bar' style value hunt downs, which I find by a) finding a routine that is called before or after it is modified, then I try to isolate where the meter is being changed at (most meters aren't decimal values, so just loo for a bunch of floating point ops). Or on something like otogi, almost all of the values about the character were in one spot, so I did something like db <lowest value> 100 and was looking at the values, I saw that one of them seemed to match up with how many balls of energy total I had (1-6) so I poked it and loaded a level, and my health meter was 'bigger' (had 7 balls) so I break point (mb) the read of that value when I Started a level, saw that the game took # balls * 1000 -> location (in the area I was looking) then elsewhere took that value (balls * 1000), converted to a float and shoved it in a memory location a ways away. so I watched those as I fought, and noticed they only went down when I got hit, so they must be my health..
I'm working on Time Splitters 2 US. So far I have the noreload and inf timed mines patches working great... The health is difficult because of the unknown value. I've tried looking +/- 200 of my offset so far for health values (freeze/dump get shot /freeze/dump type of search) but I've been unable to find it yet... Trying bpx on subs that look interesting in IDA at the moment but I'm still in learning mode so its painfull ;P
Thanks again for helping us newbs out (and your tnmt source for us to copy)
Cheers!
what I do is find the normal values, subtract a bit, lets say the normal values were at 00aabbcc
so I'd do: db aabb00 100
then I'd start the game, let it keep on going, and keep hitting up and enter, watching those values, waiting for something to change, then I'd set bpmb's on those offsets to see if they change when I'm being shot etc..
Posting Permissions
Reply With Quote