The trainer uses the cheats as buttons - when clicked it will change the item value to 99 and freeze the value, if clicked again it will unfreeze the value.
The finished trainer is only 6 KB in size, and VirusScan.Jotti.org reports 0 false-positives for a virus (from 20 virus scanners). So no problems with users getting a false-positive virus warning.
Spelunky Tutorial - Part 2 of 5
- Game Cheating Tutorial
- GTS Trainer Tutorial
- Cheat Engine Trainer Tutorial
- AutoIt Trainer Tutorial
- FreeBASIC Trainer Tutorial
To do this tutorial you will need --
- Game Trainer Studio (GTS) version 2.0 -- Download Link 1, Link 2
- Windows default calculator (or any Hex calculator)
- PC game Spelunky version 1.1 by Derek Yu. Also available at FilePlanet.com and Games.On.Net
Getting Started** For anyone that gets stuck in this tutorial I have zipped the finished GTS Spelunky project. Simply download the Spelunky project and extract/unzip inside the GTS Projects folder. For example the project is extracted to C:\GTS\Projects\Spelunky Then to use my project simply load the project in GTS.
Extract the Game Trainer Studio (GTS) v2.0 zip file to any folder on your PC. Then start Game Trainer Studio.exe
First thing is to set-up the trainer settings. Right-click in the blank trainer window (the grey area with all the dots) and select Trainer Settings.
Above the Game Window input, you can change your trainer text, replace the text New Trainer with anything you want. For example Spelunky +3 Trainer
Click the Size tab and adjust the size of the trainer, Width size is 132 and Height size is 202.
Click the Messages tab and uncheck the box Enable Quit Message - unless you want it to ask you each time if you are sure you want to close the trainer.
Then click the Apply button to save the changes, and it is time to add the cheats.
We will make the cheats as buttons - when clicked it will change the item value to 99 and freeze the value, if clicked again it will unfreeze the value.
Add a button to your trainer, click the button image (dark rectangle) on the far left, and click in the trainer window. It will add a tiny button, right-click the new button and select properties.
The Position+Size tab we need to change all the data. For the Position enter 16 for the top and left both. The Size is 92 for the Width, and 44 Height.
As we learned from the game cheating tutorial for Spelunky the cheats use a two level pointer. Here are the pointer details for the cheats -
Bombs "Spelunky.exe"+0018F124 Offset 4 Offset 23D8 Health "Spelunky.exe"+0018F124 Offset 4 Offset 23B0 Rope "Spelunky.exe"+0018F124 Offset 4 Offset 2400
The Static Pointer is the address from Cheat Engine we got "Spelunky.exe"+0018F124 As GTS does not find the base address for us ("Spelunky.exe") we will use the default which is 400000
So use a calculator in HEX mode and add 400000 + 18F124 and you will get 58F124 As the address needs to be in the dword or 4 byte format (8 characters) simply put two zeros in front of the answer. Enter 0058F124 into the Static Pointer in GTS.
The next input of Offsets simply enter our two offsets with a plus/add sign in front of each of them - as the first offset is a bit (1 character) add a zero in front to make it a byte. So enter +04+23D8
For the Value Size keep it as a dword.
The last value to enter, OP Codes (HEX) is the value we want placed into the address. The Spelunky game screen has just enough room to display two digits for the rope, so we want 99 ropes.
You will need to turn the decimal value of 99 into a double value (as Spelunky uses double values). There are a few programs to aid in this process. You can use the online IEEE-754 Analysis tool or download the freeware/open source IEEE calculator. I included instructions for both below.
* There are other alternatives to get the double value, here is a quick list. Use the Cheat Engine table for Spelunky, enter 99 for the Bomb cheat in CE, right-click the address and select Browse this memory region (write down the 8 bytes shown). Other programs include Hexit Calculator (Data Type menu, Real Types, double), and the Base Converter program (bconv32.exe or BConv64.exe) included in the Hex Workshop installed program folder.
IEEE-754 Analysis Tool
To use the online IEEE-754 Analysis tool first load the site. In the input format click decimal. Enter Value of 99, and press enter.
Copy the numbers for Binary64 (inside the blue box) and you will have 4058C00000000000
Install the program IEEE calculator, then start the calculator. In the number type 99 and click the Show button.
Copy the numbers shown in the Double Value, which is 4058C00000000000
The double value you got now needs to be byte reversed.
Take two characters from the left of the last byte and move them to the far right, repeat for all remaining characters. Example the numbers 58C0 becomes C058 - another is 4058C0 starts as 4058 C0 then 40 C058 and finished is C05840 - yet another is 4058C000 becomes 4058C0 00 then 4058 00C0 then 40 00C058 and finally 00C05840
So work your way from far right to the left, typing the answer into the GTS OP Codes (HEX) input. You should have the answer 0000000000C05840
Check everything in your GTS window looks like the image (to the left), and then click the button Add Poke Code. As we have added the code, click the Close Window, to close the Code Generator.
The last part of this cheat is to click the Freeze tab. Check the option Enable Freeze. Then for the Freeze Caption enter Bomb Max (On) - This cheat button is finished so click the Apply button.
The other two cheats can be added even faster, as you have the double value and know how to add a button. The next cheat to make is the Health cheat.
Click the Button image in GTS and click in your trainer window to add the button. Right-click the button and select properties. Change the Button Name to Health Max (Off) change the Position Top to 64, Position Left to 16, Size Width to 92, Size Height to 44.
Add the poke for the Health cheat. As only the last offset is different from the Bomb cheat, you can copy the poke code from the Bomb button and paste it into the Health button - and change the last offset to the correct one. The finished Health poke code is
Pointer 0058F124+04+23B0 DWORD 0000000000C05840
Then check the Enable Freeze option, change the Freeze Caption to Health Max (On) and click Apply. See adding that cheat was easier.
The last cheat, the Rope cheat, is done the same as above. Add a new button and make the changes in the button Properties. The differences are the Button Name is Rope Max (Off) and change the Position Top to 112, Position Left to 16, Size Width to 92, Size Height to 44.
Change the previous poke code, last offset is the only difference, to the Rope cheat and you will get Pointer 0058F124+04+2400 DWORD 0000000000C05840
Check the Enable Freeze and change the Freeze caption to Rope Max (On) and click the Apply button.
Create the actual trainer by clicking the Compile menu, and Build Trainer Executable. Once it has finished click the Close button - or you can test it by clicking the Launch button.
If you want to know how to create this trainer using other programs, view the links in the Spelunky Tutorial section near the beginning of this page.