**********************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
An Enormous Tut on mASM: PART 2... A Trainer Engine
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**********************************************************
Needed files : Download Here
(http://www.xcheater.com/tutorials/files/tsongkie_files.zip)
WHAT NOW?
---------
Ok... we're here to develop a trainer engine in MASM. If you haven't
read part 1 of this tutorial, READ IT FIRST G0D|)AM!T. But if you think
you can survive w/o it, then go on...
WHAT YA NEED
------------
1. All that is stated in part 1 PLUS
2. A game (I used prog test in MTC for testing purposes)
3. Basic ASM programming knowledge
3. A HELLUVA BRAIN
API's TO USE
------------
I won't go and explain each API. It takes space. Look them up in
your WINAPI REFERENCE. Here they aa you see it in the source.
1. GetModuleHandle
2. DialogBoxParam
3. SetTimer
4. LoadIcon
5. SendMessage
6. ExitProcess
7. MessageBox
8. GetAsyncKeyState
9. FindWindow
10. GetWindowThreadProcessId
11. OpenProcess
12. ReadProcessMemory
13. WriteProcessMemory
14. CloseHandle
TRAINER ROUTINE
---------------
1. Show the DialogBox
2. Check for Button Press Events
2.1 If clicked show command
3. Check for timer messages
3.1 If pressed call our trainer engine
4. exit
OUR TRAINER ENGINE
------------------
If you have seen the source you will see the TrainerEngine Procedure. I have made
this procedure to make programming easier. It takes care of editing game values.
Very Useful if you have *MANY HOTKEYS*.
TrainerEngine PROC lpWindCap:DWORD, lpAdress:DWORD, lpNewValue:DWORD, nAdd:DWORD, lpBuffer:DWORD
If you want to change the value:
;call engine, window name, game adress, the bytes to write, NOT USED, NOT USED
Invoke TrainerEngine, offset WindCap, addie1, offset bytes2write, NULL, NULL
If you want to add a value:
;call engine, window name, game adress, NOT USED, the data to add, buffer for ReadProcessMemory
Invoke TrainerEngine, offset WindCap, addie2, NULL, 5, offset buffer1
The SourceCode
--------------
.386 ;Dont Worry about this a bit
.model flat, stdcall ;
option casemap:none ;used so that windows.inc will function correctly
include /masm32/include/windows.inc ;Include all this libraries
include /masm32/include/user32.inc ; works just like header files
include /masm32/include/kernel32.inc
includelib /masm32/lib/kernel32.lib
includelib /masm32/lib/user32.lib
DlgProc PROTO :DWORD, :DWORD, :DWORD, :DWORD ;Declare Procedures
TrainerEngine PROTO :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
.data
ErrorCaption db 'ERROR', 0 ;CHANGE!!! the error caption (always teminated by 0)
ErrorMessage db ' Game is not Running',0ah ;CHANGE!!! the message if game is not running
db ' You need to run the game',0ah
db 'So You can Use the trainer',0
AboutCaption db 'About',0 ;CHANGE!!! about caption
AboutMessage db ' Tsongkies Trainer Tut',0ah ;CHANGE!!! about message
db ' Modify Source Anyway You want',0ah
db ' hope this helps you',0
HelpCaption db 'Help',0 ;CHANGE!!! help caption
HelpMessage db 'Press F12 while in game or', 0ah ;CHANGE!!! help message
db 'Press F11 while in game',0
WindCap db 'prog test',0 ;CHANGE!!! the window name of game
bytes2write db 090h ;CHANGE!!! bytes to be written
db 090h
;the variables
buffer1 dd ? ; buffer to place read data
hInstance dd ? ; handle of our program
_hanicon dd ? ; handle of icon
windhand dd ? ; window handle
phandle dd ? ; process handle of game
pid dd ? ; process id of game
.const
DIALOG105 equ 105 ;
ICON106 equ 107 ;look at the resource file
ABOUTBUT equ 101 ;for these constants
HELPBUT equ 102 ;
addie1 equ 401384h ;CHANGE!!! your address to edit
addie2 equ 41D090h ;CHANGE!!! your address to edit (h means hexadecimal)
.code
c_mahal: ; doesn't matter what name you use this for
invoke GetModuleHandle, NULL ;Get the handle of our program
mov hInstance, eax ;move our handle to hInstance
; Call DialogBoxParam, handle of our prog, our dialog for trainer.res, NULL, adress of DialogProcedure, NULL
Invoke DialogBoxParam, hInstance, DIALOG105 , NULL, offset DlgProc, NULL
DlgProc PROC hwndDlg:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM ;Our Dialog Box Procedure
.if uMsg == WM_INITDIALOG ;When our program is executed
pushad ;Saving registry is needed... the program will crash if you omit this
Invoke SetTimer,hwndDlg,0,90, 0 ; Set The Timer
Invoke LoadIcon, hInstance, ICON106 ; Load the Icon
mov _hanicon, eax ; save the handle of icon to eax
push eax ; Push eax
Invoke SendMessage, hwndDlg, WM_SETICON, FALSE, eax ; Set the small Icon
pop eax ; pop eax
ret ; return and start again
.elseif uMsg == WM_CLOSE ;Did the user close the Dialog Box?
Invoke ExitProcess, NULL ; Exit our Process
.elseif uMsg == WM_COMMAND ; Did the user press a button
mov eax, wParam ; mov wParam to eax
.if ax == ABOUTBUT ; check for the about button... was it clicked
shr eax,16
.if ax == BN_CLICKED ; if yes
Invoke MessageBox, hwndDlg, offset AboutMessage, offset AboutCaption, MB_OK
.endif
.elseif ax == HELPBUT ; was the helpbutton clicked?
shr eax, 16
.if ax == BN_CLICKED ; if yes
Invoke MessageBox, hwndDlg, offset HelpMessage, offset HelpCaption, MB_OK
.endif
.endif
.elseif uMsg == WM_TIMER
Invoke GetAsyncKeyState, VK_F12 ;was F12 pressed?
.if eax != 0 ;if yes
Invoke TrainerEngine, offset WindCap, addie1, offset bytes2write, NULL, NULL ;call our engine with the NOP instruction
.endif
Invoke GetAsyncKeyState, VK_F11 ;was F11 pressed?
.if eax != 0
Invoke TrainerEngine, offset WindCap, addie2, NULL, 5, offset buffer1 ;call our trainer engine with add instruction
.endif
.endif
ret ;return and start again
popad ;restore the registers
DlgProc ENDP
TrainerEngine PROC lpWindCap:DWORD, lpAdress:DWORD, lpNewValue:DWORD, nAdd:DWORD, lpBuffer:DWORD
Invoke FindWindow, NULL, lpWindCap ;Find the game window
.if eax == 0 ; If game is not running
Invoke MessageBox, hInstance, offset ErrorMessage, offset ErrorCaption, MB_OK ; Show the error message
.else ;the game is running
mov windhand, eax ;move the handle to windhand
.endif
Invoke GetWindowThreadProcessId, windhand, offset pid ;Get the process ID and save it to pid
Invoke OpenProcess, PROCESS_ALL_ACCESS,NULL, pid ;Open the process
mov phandle, eax ;move our process handle to phandle
.if nAdd == 5 ;Was the instruction to add?
Invoke ReadProcessMemory, phandle, lpAdress, lpBuffer, 2, NULL ;read the addie
mov ecx, nAdd ;move the value to add to ecx
mov ebx, dword ptr [lpBuffer] ;move the current value to ebx
add dword ptr[ebx], ecx ;add value of ecx to ebx
Invoke WriteProcessMemory, phandle, lpAdress, offset buffer1, 2, NULL ;write the new value
.else ;Instruction is to NOP
Invoke WriteProcessMemory,phandle, lpAdress, lpNewValue, 2, NULL ;Write 9090 the adress
.endif
Invoke CloseHandle, phandle ;Close handle
ret ;return
TrainerEngine ENDP
end c_mahal
ASSEMBLING
----------
1. Put trainer.asm and trainer.res into c:masm32�in {default masm directory}
2. Open notepad and copy this:
@echo off
ml /c /coff /Cp trainer.asm
link /subsystem:windows /LIBPATH:c:masm32lib trainer.obj trainer.res
pause>nul
3. Save it as make.bat
4. Run make.bat
FINAL WORDS
-----------
You can modify the source in any way you want. If you have any questions
and shit... don't hesitate, e-mail me This email address is being protected from spambots. You need JavaScript enabled to view it.
