Go Back

Defense Grid: The Awakening Part #3

Now that we have identified the two functions which lookup the pointer to the credits spent value, there are actually two options we could go for to create a trainer. I'm going for the easiest solution which is to copy the two function's into a C# program. The other option would be to inject code into the Defense Grid: The Awakening process and execute the two functions inside the game.

There are reasons why you'd want to inject code into the game to execute the function. For example, if you are trying to write a bot (automated game play) for a game, you might want to execute certain functions within the game. For example "MoveForward" function, or "Pickup Item" function, or "Cast Spell" function, etc.

However since we only want to lookup a pointer and the functions are relatively easy to duplicate, I've chosen to do that instead of inject code. I have also chosen for C# as my programming language mostly because I love writing programs in it :)

I've written a class for C# which uses Win32 functions like ReadProcessMemory and WriteProcessMemory to allow for the trainer to update the game's memory. Its included in the trainer zip file (it includes the source).

The conversion of the functions is rather straight forward, I have created two functions, one called GetBasePointer which is a conversion of sub_47E1B0 and one called GetValuePointer which is a conversion of sub_47E6E0.

Here's the code for GetBasePointer:
private int GetBasePointer()
{
    int type = _memory.ReadInteger(_memory.ReadInteger(0xB458C4) + 212);
    int basePointer = _memory.ReadInteger(_memory.ReadInteger(0xB458E8) + 44 + 4);

    int result = _memory.ReadInteger(basePointer + 4);
    int pointer = _memory.ReadInteger(result + 4);

    while (_memory.ReadByte(pointer + 29) == 0)
    {
        if (_memory.ReadInteger(pointer + 12) >= type)
        {
            result = pointer;
            pointer = _memory.ReadInteger(pointer);
        }
        else
            pointer = _memory.ReadInteger(pointer + 8);
    }

    if (result == _memory.ReadInteger(basePointer + 4) || type < _memory.ReadInteger(result + 12))
        result = _memory.ReadInteger(basePointer + 4);

    return result;
}

And here's GetValuePointer:
private int GetValuePointer(int type)
{
    int basePointer = GetBasePointer() + 16;

    int result = _memory.ReadInteger(basePointer + 4);
    int pointer = _memory.ReadInteger(result + 4);

    while (_memory.ReadByte(pointer + 21) == 0)
    {
        if (_memory.ReadInteger(pointer + 12) >= type)
        {
            result = pointer;
            pointer = _memory.ReadInteger(pointer);
        }
        else
            pointer = _memory.ReadInteger(pointer + 8);
    }

    if (result == _memory.ReadInteger(basePointer + 4) || type < _memory.ReadInteger(result + 12))
        result = _memory.ReadInteger(basePointer + 4);

    return result;
}

Note that I have removed several checks which the game has, so in theory this could return incorrect values.

Once you put everything together, you can get a trainer which will allow you to change the values within the game. I've created a +1 trainer with source included, which you can download here. Please note that .NET 3.5 SP1 is required for this trainer and the game has to be started before running this trainer (it might also need administrator privileges).

Posted by: Da_Teach on Sunday, January 3, 2010  •  C# Trainer Defense Grid

  • Facebook
  • Twitter
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Add diigo bookmark
Post a comment!
  1. Formatting options