Spelunky v1.1 Trainer Tutorial Using Game Trainer Studio (GTS) 2.0

This tutorial will show how to make a trainer for Spelunky v1.1 using the cheats from the Spelunky v1.1 Game Cheating Tutorial. The trainer will be created using the Game Trainer Studio (GTS) version 2.0.

The trainer uses the cheats as buttons - when clicked it will change the item value to 99 and freeze the value, if clicked again it will unfreeze the value.

The finished trainer is only 6 KB in size, and VirusScan.Jotti.org reports 0 false-positives for a virus (from 20 virus scanners). So no problems with users getting a false-positive virus warning.

Spelunky Tutorial - Part 2 of 5
  1. Game Cheating Tutorial
  2. GTS Trainer Tutorial
  3. Cheat Engine Trainer Tutorial
  4. AutoIt Trainer Tutorial
  5. FreeBASIC Trainer Tutorial

Programs Needed
To do this tutorial you will need --

Getting Started
** For anyone that gets stuck in this tutorial I have zipped the finished GTS Spelunky project. Simply download the Spelunky project and extract/unzip inside the GTS Projects folder. For example the project is extracted to C:\GTS\Projects\Spelunky Then to use my project simply load the project in GTS.

Extract the Game Trainer Studio (GTS) v2.0 zip file to any folder on your PC. Then start Game Trainer Studio.exe

Create a new project by clicking the icon or using the menu. Type a project name, ensure the Project Type is set as Trainer Maker, and click Create New Project.

First thing is to set-up the trainer settings. Right-click in the blank trainer window (the grey area with all the dots) and select Trainer Settings.




Trainer Settings
In the new window click the button List All Windows, then click the combo box and select the game Spelunky (game must be running to be in the list). You could also simply type the game window caption (text) in the combo instead, just make sure it is correctly typed as Spelunky

Above the Game Window input, you can change your trainer text, replace the text New Trainer with anything you want. For example Spelunky +3 Trainer


Click the Size tab and adjust the size of the trainer, Width size is 132 and Height size is 202.

Click the Messages tab and uncheck the box Enable Quit Message - unless you want it to ask you each time if you are sure you want to close the trainer.

Then click the Apply button to save the changes, and it is time to add the cheats.

First Cheat
We will make the cheats as buttons - when clicked it will change the item value to 99 and freeze the value, if clicked again it will unfreeze the value.

Add a button to your trainer, click the button image (dark rectangle) on the far left, and click in the trainer window. It will add a tiny button, right-click the new button and select properties.

In the button properties the first thing to change is the button name. As the first button is for the Bomb cheat enter Bomb Max (Off)

The Position+Size tab we need to change all the data. For the Position enter 16 for the top and left both. The Size is 92 for the Width, and 44 Height.



Time to add the cheat itself, click the Function tab. You will need to check the Poke function (on the right). Next click the Code Generator, to help add the cheat code.








As we learned from the game cheating tutorial for Spelunky the cheats use a two level pointer. Here are the pointer details for the cheats -
Bombs
"Spelunky.exe"+0018F124 Offset 4 Offset 23D8

Health
"Spelunky.exe"+0018F124 Offset 4 Offset 23B0

Rope
"Spelunky.exe"+0018F124 Offset 4 Offset 2400

In the Code Generator window select the function Pointer.

The Static Pointer is the address from Cheat Engine we got "Spelunky.exe"+0018F124  As GTS does not find the base address for us ("Spelunky.exe") we will use the default which is 400000

So use a calculator in HEX mode and add 400000 + 18F124 and you will get 58F124 As the address needs to be in the dword or 4 byte format (8 characters) simply put two zeros in front of the answer. Enter 0058F124 into the Static Pointer in GTS.

The next input of Offsets simply enter our two offsets with a plus/add sign in front of each of them - as the first offset is a bit (1 character) add a zero in front to make it a byte.  So enter +04+23D8

For the Value Size keep it as a dword.

The last value to enter, OP Codes (HEX) is the value we want placed into the address. The Spelunky game screen has just enough room to display two digits for the rope, so we want 99 ropes.

You will need to turn the decimal value of 99 into a double value (as Spelunky uses double values). There are a few programs to aid in this process. You can use the online IEEE-754 Analysis tool or download the freeware/open source IEEE calculator. I included instructions for both below.

* There are other alternatives to get the double value, here is a quick list. Use the Cheat Engine table for Spelunky, enter 99 for the Bomb cheat in CE, right-click the address and select Browse this memory region (write down the 8 bytes shown). Other programs include Hexit Calculator (Data Type menu, Real Types, double), and the Base Converter program (bconv32.exe or BConv64.exe) included in the Hex Workshop installed program folder.

IEEE-754 Analysis Tool
To use the online IEEE-754 Analysis tool first load the site. In the input format click decimal. Enter Value of 99, and press enter.

Copy the numbers for Binary64 (inside the blue box) and you will have 4058C00000000000




IEEE Calculator
Install the program IEEE calculator, then start the calculator. In the number type 99 and click the Show button.

Copy the numbers shown in the Double Value, which is 4058C00000000000




The double value you got now needs to be byte reversed.

Take two characters from the left of the last byte and move them to the far right, repeat for all remaining characters. Example the numbers 58C0 becomes C058 - another is 4058C0 starts as 4058 C0 then 40 C058 and finished is C05840 - yet another is 4058C000 becomes 4058C0 00 then 4058 00C0 then 40 00C058 and finally 00C05840

So work your way from far right to the left, typing the answer into the GTS OP Codes (HEX) input. You should have the answer 0000000000C05840

Check everything in your GTS window looks like the image (to the left), and then click the button Add Poke Code. As we have added the code, click the Close Window, to close the Code Generator.

The last part of this cheat is to click the Freeze tab. Check the option Enable Freeze. Then for the Freeze Caption enter Bomb Max (On) - This cheat button is finished so click the Apply button.

Other Cheats
The other two cheats can be added even faster, as you have the double value and know how to add a button. The next cheat to make is the Health cheat.

Click the Button image in GTS and click in your trainer window to add the button. Right-click the button and select properties. Change the Button Name to Health Max (Off) change the Position Top to 64, Position Left to 16, Size Width to 92, Size Height to 44.

Add the poke for the Health cheat. As only the last offset is different from the Bomb cheat, you can copy the poke code from the Bomb button and paste it into the Health button - and change the last offset to the correct one. The finished Health poke code is
Pointer 0058F124+04+23B0 DWORD 0000000000C05840

Then check the Enable Freeze option, change the Freeze Caption to Health Max (On) and click Apply. See adding that cheat was easier.

The last cheat, the Rope cheat, is done the same as above. Add a new button and make the changes in the button Properties. The differences are the Button Name is Rope Max (Off) and change the Position Top to 112, Position Left to 16, Size Width to 92, Size Height to 44.

Change the previous poke code, last offset is the only difference, to the Rope cheat and you will get Pointer 0058F124+04+2400 DWORD 0000000000C05840

Check the Enable Freeze and change the Freeze caption to Rope Max (On) and click the Apply button.

Save your trainer project, using the save button or menu. Of course you should have been doing this all along.

Create the actual trainer by clicking the Compile menu, and Build Trainer Executable. Once it has finished click the Close button - or you can test it by clicking the Launch button.




Finished Trainer
The completed trainer is saved in the GTS folder (where you extracted it to) inside the folder Output.

If you want to know how to create this trainer using other programs, view the links in the Spelunky Tutorial section near the beginning of this page.

0 comments:

Post a Comment