Farcry2 Trainer Crackme

[DragonHunt]

Ok people so I've been creating a trainer for Farcry2 and I'm going to ask you just a little favor

Can you get the source code from it, Addresses, Handy Source Code

If you can crack it so getting some addresses, source code out of it just post it and I know enough
If you can't crack it because it's protected just say it

It will say an error because it needs my injection .dll file but the main source code is in the file at the attachment so... get the address,source code :D

	Trainer A trainer is a program written to intercept and alter the memory addresses of a game. Trainers usually have to be running in memory the entire time the game is loaded. Since trainers address specific memory locations, they usually only support a specific version of a game. This file is not supported in multiplayer or online games.

[DABhand]

Bear in mind even if you protect the trainer from anti-debugging etc, you can still watch the game in a debugger for changes.

	Trainer A trainer is a program written to intercept and alter the memory addresses of a game. Trainers usually have to be running in memory the entire time the game is loaded. Since trainers address specific memory locations, they usually only support a specific version of a game. This file is not supported in multiplayer or online games.

[bofoverflo]

Basic info from Reshacker was:

Code:

VALUE "CompanyName", "Toymaker Team"
		VALUE "FileDescription", "Fable_Trainer"
		VALUE "FileVersion", "1.0.0.0"
		VALUE "InternalName", "Farcry2 Trainer.exe"
		VALUE "LegalCopyright", "Copyright © Toymaker Team 2009"
		VALUE "OriginalFilename", "Farcry2 Trainer.exe"
		VALUE "ProductName", "Fable_Trainer"
		VALUE "ProductVersion", "1.0.0.0"
		VALUE "Assembly Version", "1.0.0.0"

Seems kind of weird, two different games are listed you might want to fix it.
A quick look through IDA showed that you used DotfuscatorAttribute to crypt it.
What I got from it from not decrypting it was the class that held the cheats (If I am wrong tell me, I have little experience with VB) and the calls to them, I doubt anybody would want to spend much time sifting through it to find a few addresses.

[mdk]

Trainer crashes in WinXP 64 before startup and is not recognized as a valid Win32 executable in Windows 7. Both operating system have .Net-Framework 2.0, 3.0 and 3.5 installed.

	Trainer A trainer is a program written to intercept and alter the memory addresses of a game. Trainers usually have to be running in memory the entire time the game is loaded. Since trainers address specific memory locations, they usually only support a specific version of a game. This file is not supported in multiplayer or online games.

[DragonHunt]

Quote Originally Posted by mdk

Trainer crashes in WinXP 64 before startup and is not recognized as a valid Win32 executable in Windows 7. Both operating system have .Net-Framework 2.0, 3.0 and 3.5 installed.

Sure it does not work... Read man READ lol

The goal is to get some source code from the program or atleast try to get the source code and some addresses

[mdk]

Quote Originally Posted by DragonHunt

Sure it does not work... Read man READ lol

The goal is to get some source code from the program or atleast try to get the source code and some addresses

Ok, understood.

Values are:

Code:

Infinity Ammo
Address: 0x1012E4C5  
Bytes patched: 90 90 90 (3xNOP)
Bytes original: 89 4A 20 (MOV DWORD PTR DS:[EDX+20],ECX)

Code:

Infinity Health Injections
Address: 0x1014453A 
Bytes patched: 90 90 90 (3xNOP)
Bytes original: 89 71 14 (MOV DWORD PTR DS:[ECX+14],ESI)

Code:

Infinity Grenades / Molotov cocktails 
Address: 0x10148B2B 
Bytes patched: 90 90 90 (3xNOP)
Bytes original: 89 4A 7C (MOV DWORD PTR DS:[EDX+7C],ECX)

Code:

Everything for free
Address: 0x10655CB1 
Bytes patched: 90 90 90 (3xNOP)
Bytes original: 89 43 10 (MOV DWORD PTR DS:[EBX+10],EAX)

Because i don't have a copy of FarCry2 i wrote a little app with the name FarCry2.exe to have something for the trainer as a target. Then I wrote an assembly named MultiHax.dll with following source:

Code:

public class l
{
  public l()
  {
    MessageBox.Show("ctor");
  }

  public void a(string a, int b, byte[] c)
  {
    string s;

    s = a;

    s += Environment.NewLine + b.ToString("X") + Environment.NewLine;

    foreach (Byte byt in c)
    {
      s += byt.ToString("X2") + " ";
    }

    MessageBox.Show(s);
  }
}

Now the addresses were displayed with the corresponding bytes to write. At least I think this is the purpose. Now the trainer "works"

The MultiHax.dll exposes a class named "l" as seen here (Reflected source of Trainer):

Code:

.field private class [MultiHax]l m

Now the only other method I found that is called is:

Code:

L_00ee: callvirt instance void [MultiHax]l::a(string, int32, uint8[])

Source code is not really readable because of obfuscation. But a short description: The trainer checks with a timer if it finds the process "FarCry2". If it does the options will be unlocked. Now whenever you check/uncheck the options the method "a" in the class "l" of the assembly "MultiHax" is called with "FarCry2", <Address to write to> and the <Bytes to write>.

If you want to have a fully working trainer just write the real code needed for writing into the memory of the FarCry2-process into the "a"-method.

The trainer now also runs in WinXP 64 and Windows 7.

	Trainer A trainer is a program written to intercept and alter the memory addresses of a game. Trainers usually have to be running in memory the entire time the game is loaded. Since trainers address specific memory locations, they usually only support a specific version of a game. This file is not supported in multiplayer or online games.