Question about the "Training_Guide" [Archive]

View Full Version : Question about the "Training_Guide"

Xer

12-21-2003, 06:28 AM

I try to write my first trainer under the direction of "Training_Guide".
I get the correct address"00396BBC" and set the breakpoint by type "bpmb 0 00396bbc w".when it reached the breakpoint,game is frozen,but nothing showed in telnet window like:

BP 0 @ 0002a261
EAX : 00b72424
EBX : 00000000
ECX : 00000001
EDX : 00000006
ESI : 013bcd24
EDI : d0044df0
EBP : d0044d4c

So my question is:how to get those infomation?

dootdoo

12-21-2003, 06:53 AM

I assume you are refering to my training guide. I will go back thru step by step and verify that it works as I wrote it, TMNT has a nasty habit of hanging when you hit a break point, but thats usually AFTER you get the information..

If you could in the mean time, try the same concepts on another game and see if that hangs for you..

Xer

12-21-2003, 07:20 AM

Yes,I'm dealing with the game "Fatal Frame" under your concepts in your Training_Guide.

When breakpoint is reached,the game is just frozen---if I type "uf",it continues normally without any info.

dootdoo

12-21-2003, 07:31 AM

that is very strange.. But you do get text when you do value searches.. What you can try is to set a breakpoint, and trigger it yourself.

bpmb 0 00396bbc w
poke 00396bbc 00

and see if you get the breakpoint stuff, it should be a very high address that causes the break..

Xer

12-21-2003, 07:47 AM

Yes,I tried...

RemoteX Debugger V1.1
.db 00396bbc 10
00396bbc : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
.bpmb 0 00396bbc w
.poke 00396bbc 00 //Before load stage
.uf
.uf //Load stage
.db 00396bbc 10
00396bbc : f3 25 11 05 01 01 00 00 00 00 00 00 00 00 00 00 | s%..............
.poke 00396bbc 00 //After load stage
.

dootdoo

12-21-2003, 08:08 AM

I tried it out and I got:
I searched, found the same value as you.
(I poked 53 to make sure I got the value right)
set the bpmb, then took a picture

.poke 00396bb9 53
.bpmb 0 00396bb9 w
.Break
BP 0 @ 0002f393
EAX : 00000001
EBX : 00397320
ECX : 00000001
EDX : 00000000
ESI : 00000000
EDI : d0050dec
EBP : d0050dcc

Maybe there are some settings in your telnet program that make it so you can't see the output? what telnet application are you using? and what terminal emulation do you have it set to?

Xer

12-21-2003, 08:21 AM

Yeah,I get it.

I used PBL+TATX_Debug_VGA bios,I got nothing.Now I use the modchip's bios,I get the info

RemoteX Debugger V1.1
.db 396bbc 10
00396bbc : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
.bpmb 0 00396bbc w
.Break
BP 0 @ 0002f393
EAX : 00000004
EBX : 00397320
ECX : 00000004
EDX : 00000006
ESI : 00000000
EDI : d0067dec
EBP : d0067dcc
.

PBL do not support the TSR feature!

Thank you dootdoo~~~

dootdoo

12-21-2003, 08:24 AM

:) Glad you got it worked out. If you have any more questions feel free to ask :)