I'm trying to work with DooM 3, to make a trainer.

When I get a breakpoint for what's affecting the ammo, and nop it, it's not the same address the next time I start the game.

Why is it doing this, and how can I compensate for it.

Pattern Scanning by replicating the functions called.

Pattern Scanning by replicating the functions called.

if you understand that then ok... :rolleyes:

but other wise look up dma and how to find a pointer. what you want is the pointer address and then change it from there.
________
Mazda laputa picture (http://www.ford-wiki.com/wiki/Mazda_Laputa)

Yeah, that's what Kalvin said.

He said to find the root replicator in Olly. But Olly can't hook D3 for some reason.

Pattern Scanning by replicating the functions called.

Find out what module the address is in then do Address - Module Base to get the relative offset then Module Base + relative offset to get the new address every time. This is the way to get the address dynamically each time since it's not static. If you can reverse and find out the return of the function in-use, you can simply just set a pointer to the return of the function and then use pointer notation to get the new address.

In C , the syntax is the following.

&var_name_of_pointer_assigned.

How do I find the address of the breakpointed address? It doesn't have a real value.

How do I find the address of the breakpointed address? It doesn't have a real value.

Attach with Olly and get the address or set a pointer at the breakpointed address then print the address of the pointer.

Use a hexed version of Olly there are a ton of them available to bypass the D3 debugger checks.

L.Spiro also released an interactive memory tool, so that might be easier for you to use. I can't remember the name of the top of my head, but a quick google search should yield the results needed.

Edit - Here is the Link http://www.memoryhacking.com/

Using TSearch and ArtMoney Pro, I found the pointer to the line.

So far, It's pointed me to the right address 3 times.

Now how do I use that in my trainer?

Pointer address:
04EE6498 Pointer +224498 Integer 4 Bytes
04EE6558 Pointer +224498 Integer 4 Bytes

I'm looking for the value of 347161737. (That's what the value of the ammo deceasing line is, I guess.)

The trainer is being coded in ASM. I don't know C/C++.

Using TSearch and ArtMoney Pro, I found the pointer to the line.

So far, It's pointed me to the right address 3 times.

Now how do I use that in my trainer?

Pointer address:
04EE6498 Pointer +224498 Integer 4 Bytes
04EE6558 Pointer +224498 Integer 4 Bytes

I'm looking for the value of 347161737. (That's what the value of the ammo deceasing line is, I guess.)

I'm not sure what you're trying to do exactly but your relative offset is 224498 subtract that from the module base and you have your address which you can utilize in your trainer.

OK, but which module do I find in Olly? There's like 6 of them.

The module that contains the needed address. I'm fairly confident D3 isn't statically linked so it wouldn't be in the game executable.