mcMike
13th November 2004, 16:36
Greetings,
Payback time again. You get something from others - you give something back.
I wrote few functions with VB to make writing caves much easier. You can now just bypass all the boring stuff and consentrate for hacking itself.
This is not a trainer template. It's just a few functions which make it possible to write code(cave) like this:
PokeCave(ReadCodeCave("MyCave"))
That's it. Nothing more needed.
The actual code is in settings.ini which is directly pasted from Olly without any formatting. Example:
[cave-MyCave]
ln01=008C2B20 A3 40382C02 MOV DWORD PTR DS:[22C4440],EAX ; copy EAX to static DMA
ln02=008C2B25 ^8B0D AC1E9700 MOV ECX,DWORD PTR DS:[971EAC] ; recreate line that we overwrote for jumpgate
ln03=008C2B2B E9 F6A2DEFF JMP BF1942.006ACE26 ; jump back to one line after from where we jumped here
Actually the code looks nicer in notepad since MPC reformats (removes extra spaces) it.
Just copy and paste lines directly from Olly.(paint lines -> Copy->clipboard) add lnxx in the front of everyline to identicate the linenumber.
Only address in first line is used. All the code is written quickly in a single block with WriteProcessMemory().
There needs to be atleast 2 spaces between address and bytecode AND between bytecode and disassembled code which bydefault are in place from Olly's copy and paste. Example:
008C2B20 <2 spaces > A3 40382C02 <2 spaces > MOV DWORD PTR DS:[22C3840],EAX
Included .bas -module and .ini-file for example. No project included so you need to do something yourself also.
EDIT: I forgot one of the most important things. If you use this method where all injected code is in external ini-file you build your trainer once and compile it. If you need to change to codecave-code, location, jumpgate, etc. anything in the injected code you just change them in ini-file - no need to recompile anything!
Example. PB scanrange widens. Locate the new jumpgate, change in the ini and your hack is up and running without anything else. You don't ectually even have to restart your hack.
That feature can also be used for debugging and testing quickly.
-mcMike
Payback time again. You get something from others - you give something back.
I wrote few functions with VB to make writing caves much easier. You can now just bypass all the boring stuff and consentrate for hacking itself.
This is not a trainer template. It's just a few functions which make it possible to write code(cave) like this:
PokeCave(ReadCodeCave("MyCave"))
That's it. Nothing more needed.
The actual code is in settings.ini which is directly pasted from Olly without any formatting. Example:
[cave-MyCave]
ln01=008C2B20 A3 40382C02 MOV DWORD PTR DS:[22C4440],EAX ; copy EAX to static DMA
ln02=008C2B25 ^8B0D AC1E9700 MOV ECX,DWORD PTR DS:[971EAC] ; recreate line that we overwrote for jumpgate
ln03=008C2B2B E9 F6A2DEFF JMP BF1942.006ACE26 ; jump back to one line after from where we jumped here
Actually the code looks nicer in notepad since MPC reformats (removes extra spaces) it.
Just copy and paste lines directly from Olly.(paint lines -> Copy->clipboard) add lnxx in the front of everyline to identicate the linenumber.
Only address in first line is used. All the code is written quickly in a single block with WriteProcessMemory().
There needs to be atleast 2 spaces between address and bytecode AND between bytecode and disassembled code which bydefault are in place from Olly's copy and paste. Example:
008C2B20 <2 spaces > A3 40382C02 <2 spaces > MOV DWORD PTR DS:[22C3840],EAX
Included .bas -module and .ini-file for example. No project included so you need to do something yourself also.
EDIT: I forgot one of the most important things. If you use this method where all injected code is in external ini-file you build your trainer once and compile it. If you need to change to codecave-code, location, jumpgate, etc. anything in the injected code you just change them in ini-file - no need to recompile anything!
Example. PB scanrange widens. Locate the new jumpgate, change in the ini and your hack is up and running without anything else. You don't ectually even have to restart your hack.
That feature can also be used for debugging and testing quickly.
-mcMike