creating trainers and software enhancers
Blitz3D Forums/Blitz3D Beginners Area/creating trainers and software enhancers
| ||
| this topic may have been covered before but i did a few seaches and came up with nothing. basically i would like to be able to make "trainers" or "game enhancers" for my favorite games. stuff like adding lives and tweaking weapons, changing items, etc. this usually can be done by peeks and pokes into the game's .exe. the problem is this: when i run a blitz program, how to i "grab" the memory addresses of the game program (let's call it game.exe) while it is running? i don't want to edit it as a file on the harddrive, but edit it while it is a program that is running (a separate process running). not sure how to do this- anyways, it will be impossible to do peeks and pokes to any addresses of the running program (process) game.exe without knowing where it is stored in the computer's ram while it is running. i need to be able to "open" the game.exe process from within my blitz program to get to it's addresses. blitz would be an easy tool to make this kind of program since the programming language of it would be very easy. i have had blitz for over a year but haven't tried anything like this. the coding would be simple, the thing i don't know how to do is "grabbing" the process of another program (i.e. the game.exe process) and getting the address of where it is running in ram. thanks for your help in advance- best, mike |
| ||
| Sounds like you'll need Win32 API calls to me... you would need the dll that allows this. |
| ||
| that's what i thought. any other ideas, though? or, if it turns out that win32 api calls are necessary, where do i start. did blitz3d updates make this available internally or do i have to get 3rd party software to allow the win32 api calls? also (!!) if 3rd party software is necessary, which is best and where can i get it? i realize there are a handful of dll's (like kernal and user and etc.) did someone already make these dll declarations? where can i get them? I wish that there was a simple command in blitz to just access that area of ram holding the .exe, but i guess this is not possible. thanks! |
| ||
| I doubt you can do what you're after - I think the memory space of individual programs is implemented by hardware in modern processors and you would have to do something really tricksy to get around it. Try a websearch for 'booting in unprotected mode' |
| ||
| falken, i think you don't understand. there are already trainers made for nearly every game out there. some are made with a program called tmk which is a basic trainer maker. it's very possible to get access to another program's addresses and change them to other things. for instance a pac man game, when you die there is an address keeping the lives and that address is controlled and tied up by the pac man game. the trainer would peek into the pac man game and modify the address and give you more lives or freeze it at a certain number, etc. the problem is that when you start a program, the addresses in physical memory (the ram chip itself) where the game is stored is different each time so you can't just peek and poke into anywhere, you have to begin with knowing the address that the game program starts in. i don't know how to do this in blitz. there is no need to go into protected or unprotected mode or anything. i am sure there is a winapi call that will give you the pointer to a program's starting address in physical memory. thanks for the reply, tho, i sincerely appreciate any help here. mike |
| ||
| couldn't you use a tool which finds the address of values(can't remember the names of any, sorry) so you could use those values in blitz, irc they give the right place in memory etc. ps the programs find modified values ie you put in the lives you've got, then when you lose a life, add in the new value, it will search the exe to see which have changed, then repeat the process until it finds the right value, can work on anything and almost everything can be hacked if you know what your looking for. |
| ||
| sinu i use those tools right now to find the addresses. the trick is making the trainer which would be a self contained program that does all of that work for you. of course i have to hack those addresses myself using other software, but once i know the addresses then i can make a trainer that does that for me. a trainer would be a small, self contained program that does the code modification or addresses changing of the game program. i can make trainers already using tsearch and trainermakerkit programs. however the trainer maker programs are limited in what you can do with them (they are cookie cutter type progs which only allow certain functions). using blitz i could make the trainer do whatever i wanted, even have my own graphics or whatever. you could make an inventory changing program or something that actually loads the graphics from the game and select a different item with the trainer (i.e. bigger sword or better shield, whatever). at any rate, i know how to hack progs and etc., i just want to be able to use blitz (since i already own it and know how to use it's functions) to do it, but it looks like it requires 3rd party libs and knowledge of win32 api which i have very little of. anyone else? best, mike |
| ||
| bump for more ideas or responses |
| ||
| in that case it seems that you will need another language or 3rd party libraries. I thought you could have, for a specific game used the first app to get the address for lives etc, then used the results in blitz but you want to do an app that does it all, which does seem a better idea. |
| ||
| Well if you've seen it done I stand corrected - I guess 'protected mode' only protects the operating system? I would be really interested if you find a way to do it in Blitz. |
| ||
| just to update, anyone who wants to know this kind of thing, look in the blitz3d forum and there is a discussion going on there about this. best, mike |
   |