This is where execution will eventually jump to in order to skip the actual health value set. For the Code01 section, it's a godmode cheat.
HOW TO CREATE YOUR OWN GAME TRAINER CODE
(The xor key changes with every game update, which is why the trainer has to grab it.)Īfter that, it allocates 2 sections in memory, makes it executable, and writes code to it to handle the enabled/disabled/toggled state of the cheats. It then reads the value from the game process' memory and stores it. This is what the variables in the game are xor'd by. If you take a look at the previous screenshot, you will see this will put eax on the address of the xor value directly. It takes the first pointer it found in the game (013B4694) and adds 4 to it. Let's take a look what the code does after finding both pointers: The importance of this will be made clear soon.Īfter the trainer has found this code in the game, it will also find another pattern for a much bigger codeblock, which I won't be going into in this blogpost, but it does about the same as described below. The pattern that is being matched are the lines selected. Let's switch x32dbg over to the actual game binary, and see what this pattern is matching:Īh, this happens to be one of our protected variable functions. This looks straight forward enough – it's doing a pattern search with the pattern defined on the stack, where 0x3F (the ascii character ‘?') is a wildcard character. So, let's take a look at the pattern searching code: The message "Could not find code" suggests that it's doing pattern searching for some code, and therefore probably some kind of code patching/hooking.This trainer is not in any way protected against debugging, this makes our life a lot easier.Right off the bat we notice a few things I started by analyzing the entire application so it will find and label all functions, followed by doing a quick search for string references. So, let's start with our trusty 圆4dbg and open up the trainer. There was one trainer in particular (that just happened to be freely available for download) that I decided to look at. People will always find ways around your protections as long as the code in question is running on someone else's machine.īut, just for shits and giggles, I decided to take a look at how some of these trainers work and how they're bypassing our protections. This made me think – is there anything we can do to stop griefing? Of course, if you've even slightly been in the loop in terms of security, you already know the answer to that is a definitive NO. Since cheating in Heroes of Hammerwatch is not as straight forward as typing "god 1" in the console, slowly but surely trainers started to pop up.Įventually, people started griefing public lobbies with cheated characters using these trainers, making several players unhappy. If you've never heard the term "trainer" before, a game trainer is an external application that allows you to cheat in a game using automated memory editing, often using shortcuts on the keyboard. Naturally, this brings attention of the game to game trainer developers. Further, to avoid people using basic Cheat Engine skills, we've made a few precautions to make it a bit harder to scan and change variables with programs like Cheat Engine. So, to avoid cheat abuse, there are no official cheats in the game. There's a few reasons for that, but the main reason is that the player's stats are persistent players can bring their own character into multiplayer sessions. You would expect in any other single player game there would be one or two cheats available that players can use, but in Heroes of Hammerwatch we've decided to keep the cheats locked up only for developers. In the weeks after Heroes of Hammerwatch came out, people kept asking for cheats for the game.