Trainer Spy Programs - TSpy 2008 & TSpy XP

Trainer spy programs are a love-hate relationship, or simply hate, for many game hackers. If you do not know what a trainer spy does, it tells you where a trainer writes data to a game (with other information).

That information is useful as you know what process a trainer writes to (many games have several processes), the address it writes to, the size of written data in bytes, and what is written.

The intended purpose of what to do with that information varies by users, stealing trainer details to make their "own" trainer, learning purposes, or by the trainer author to verify their trainer works correctly.

*Updated 01/11/2012

I have tried many different programs, and versions, of trainer spy programs that I could find online. I have found two that work with Windows 64-bit SP 1 Home Premium - and those programs are Trainer Spy 2008 and Trainer Spy XP (TrainerSpy XP + NT / 2000 / XP + Coded By BofeN).

Trainer Spy 2008
Trainer Spy 2008 (TSpy 2008) is created by Kryptech and is only found on the Delta Hackers forum. Kryptech has a forum thread for the program there as well.

In the screenshot (top of this page) are the results of my trainer I created for the Spelunky tutorial series. The trainer spy works with no problems with the trainers created with Game Trainer Studio (GTS) v2.0 - without or without protection enabled, Cheat Engine v6.1, and AutoIt v3.3.8.0.

As seen in the screenshot the current address of the cheats are shown, and not the 2 level pointer that is used to find the current cheat address.

For people looking to steal the addresses of the Spelunky trainer, it won't help; however, it will shove them in the right direction with the current addresses and the type of byte to use 8 bytes (double).

Surprisingly the GTS created trainer does not detect Trainer Spy 2008. The GTS trainer has all the Assembly coding tricks for a anti-trainer spy and anti-debugger program. The trainer source can be viewed using the GTS menu option Build, and Build Trainer Executable (Leave source code in MASM folder).

The anti-ts and anti-debugger tricks is quite extensive for GTS, and has all the typical code and tricks one can find online (and several I haven't seen). It makes me wonder if the anti-ts code is actually used in GTS v2.0, as some of the protection options in GTS are disabled. *The anti-ts code in GTS is however used and does not work on the trainer spy.

For trainer makers there are ways to stop this trainer spy as well - the easiest is to search for the Trainer Spy 2008 window caption and if found exit the trainer. Of course that anti-ts trick is also easily beaten.

Other possible ways to defeat Trainer Spy 2008 is given at the Delta Hackers TSpy 2008 forum thread. As usual it is a race between trainer spy programs and anti-trainer spy code as to who has the upper hand.

So if you are looking for a great trainer spy for Windows 7 (or older) try Trainer Spy 2008, TSpy 2008, by Kryptech.

Or if you are trying to protect your game trainers there is another trainer spy program to test on your anti-ts code.

TrainerSpy XP
Another great spy program, if it works with the trainer you want. It is called TrainerSpy XP + NT / 2000 / XP + Coded By BofeN, and it can be downloaded from MEGAUPLOAD, MediaFire, and

Testing the Trainerspy XP program on Windows 64-bit SP 1 Home Premium, it failed to load/work on several of my example trainers I did for the Spelunky tutorial series. I know those trainers have no anti-ts programming, so I am unsure of the problem.

It did however work with my new example trainer I created in the FreeBASIC programming language. I will be adding a new tutorial for creating trainers with FreeBASIC soon, including my 100% rewritten memory functions for trainers (based from the NomadMemory library) for FreeBASIC.

As you can see in the TrainerSpy XP screenshot it has the typical data, but a major plus is that it gives the actual byte data written (which is decimal 99 in double format).

Of course it does not show the 2 level static address pointer either, but what program can anyway? It also does not show the byte size in a column - but that is easily figured by reading the actual bytes written (which is 8).

When I want to test my trainers in a spy program this is the first program I try.

Other Methods
Besides using trainer spy programs to find out what a trainer is doing there are other ways to do it.

Disassembler/debugger programs such as the freeware OllyDbg (notably v1.10) has several plug-ins to aid in game cheats, and countless other program related tasks - and of course IDA.

Here is a tutorial of how to do it, Learn from Trainers WITHOUT Trainer Spy by Orr.


Post a Comment