View previous topic :: View next topic |
Author |
Message |
Turtle Advanced Cheater Reputation: 7
Joined: 25 Jul 2004 Posts: 85
|
Posted: Tue Apr 02, 2013 8:45 pm Post subject: |
|
|
The CE addresses and the Dolphin addresses may not be the same.
You first have to use the built in search in the dolphin cheat manager, searching as hex. Then look up that address in the dolphin mem view.
Start by searching for slot quantity, in hex.
Tools>Cheats Manager>Cheat Search
Data Type: 8-bit
Search type: Equal
After narrowing it down this will give you an address for slot quant, write it down in notepad, then look it up in the dolphin mem viewer.
The address is not likely to change, even after restarting, it doesn't for me anyway.
You now are in the structure for that Character, and the other values will be nearby.
|
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Wed Apr 03, 2013 3:57 pm Post subject: |
|
|
i have to ty you guys, im now starting to understand all of the bits and pieces you were trying to tell us.
I got it bruh. We have to thank dark and the user Gniarf on this.
check it out.
I was looking for value 99 (max counter value) adressed at:
066c8128 (adress1) i did a reload and found it again
06858128 (new1) did a reload and found it again
0A848128 (new2) enough for now
@adress 1 i clicked on memory view > view - memory region
i was lokking for the clossest to 066c8128.
I had 6690000 (memory region) and the next was 69E0000, this last one was over the inicial adress1. So i picked the 6690000 BASE ADRESS
BASE ADRESS 6690000
Adress1 - BASE ADRESS = 38128
066c8128 - 6690000 = 38128
Now here we go
Reload game and look for the value you want again=(new1)
(new1)=06858128
(new1) - (base adress offset we got)= (06858128) - (38128) = 6820000
Memory view > tools - pointer scan > adress=6820000
Look for 6820000 when he finds a couple of them double click on 1 of them.(doesnt matter wich one) you will now have a P>6820000(adress) on you CE list
click on it and add 1 more offset offset 38128
and there you have it! reload game and script and the pointer will still point to the new adress you want! "Locked" lol has nothing to do with locking this was what dark was trying to explain
Ty you all rep up, and hope you get it as well bruh!
|
|
Back to top |
|
|
crimsonedge5 Cheater Reputation: 0
Joined: 07 Oct 2012 Posts: 31
|
Posted: Wed Apr 03, 2013 11:03 pm Post subject: |
|
|
[quote="Turtle"]The CE addresses and the Dolphin addresses may not be the same.
You first have to use the built in search in the dolphin cheat manager, searching as hex. Then look up that address in the dolphin mem view.
Start by searching for slot quantity, in hex.
Tools>Cheats Manager>Cheat Search
Data Type: 8-bit
Search type: Equal
After narrowing it down this will give you an address for slot quant, write it down in notepad, then look it up in the dolphin mem viewer.
The address is not likely to change, even after restarting, it doesn't for me anyway.
You now are in the structure for that Character, and the other values will be nearby.[/quote]
Ok, I tried searching for slot quantity exactly how you said. I isolated a value searching for "26". In the cheats manager, it reads exactly as this:
0x008926D0 0x1a 26/26
So I go into Dolphin mem viewer (debug mode) and search for 008926D0, and I get this for the value: 1AA04C69. I'm totally confused here. And don't know what to do with this information?
**Edit it appears 008926D0 is the value for slot quantity modifier on slot 1 for Micaiah, it lets me set the quantity to lets say 99 without crashing but if I set it to 27900000 or 27100000 to make it blessed, the game crashes. There has to be another value for blessed that works without crashing. I tried swapping a blessed item in that slot, and searched for a quantity greater than 1, and it said quantity for blessed was 126? I changed the value to 0000007E or 126 in hex, then swapped an item in and it didn't make it blessed.
The good news is I can just use the normal Dolphin cheat search to find stuff and turn them into AR codes.
I'm sorry but using CE to do this is just way too complicated.
|
|
Back to top |
|
|
Turtle Advanced Cheater Reputation: 7
Joined: 25 Jul 2004 Posts: 85
|
Posted: Thu Apr 04, 2013 2:09 am Post subject: |
|
|
If you want to enter the blessed value do it in the mem view, not AR code.
Here's another tip
Micaiah slot 1 quant for you is: 008926D0
Gecko address is: 04886E4C
http://geckocodes.org/?c=RFEE01
So subtracting yours from the gecko gives you: -3FF477C
You can now use this as an offset for the other Micaiah gecko codes
Gecko
Micaiah has SS Light [ShadowX39]
04886F74 0000014B
You
008927F8 0000014B
But you may still need to enter it manually in mem view, but once you save state it will stay as SS anyway.
|
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Thu Apr 04, 2013 10:43 am Post subject: |
|
|
man you should check out the MAME emulatordebuggr!! i mean, looking for value 99 i got like 150 adresses and than since the thing doesnt have a next search option i had to load another 300 adress list for value 98 and compare them each one in notepad!
CE is a blessing!
and it seems like we are all saying the same thing
we have a base adress we use as a general pointer, and we add the correct offset pointing to the value we want....
you always use a 0660000 base + offset that points to the value. Doesnt seem to matter if dolphin debugger points to an adress and CE to another, they are all doing the same thing.
|
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Wed Apr 10, 2013 10:12 pm Post subject: |
|
|
Dark Byte wrote: |
Pointers are also tricky as pointer values are relative to the emulated memory base address (e.g pcsx always has as base 200000000, but i guess dolphin isn't that nice)
That means that offsets need to be increased with this base to finally get to the real address (or hoop rpm/wpm and adjust all offsets. But you still need to find the base) |
my pointers seem to work for me, but when sent to another pc it wont point to the real adress. I was wondering if this is why.
I now have the ability to pointer scan but the result list on another computer on first scan olso return nil
i have a
""ggpofba.exe"+005AABC4" 24, 20, 14 = 9220000
and i just add offsets for adresses i want.health is:
offset 38128
""ggpofba.exe"+005AABC4" 24, 20, 14 + 38128 = 9258128
this will always change but works on my pc...
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 460
Joined: 09 May 2003 Posts: 25345 Location: The netherlands
|
Posted: Thu Apr 11, 2013 2:46 am Post subject: |
|
|
That you found pointers like that is just coincidence that some random values combined together are valid
The only valid pointer is the one to the base address of the emulated memory
Pointers inside the game store their addresses relative to the address they point to and the base. So a value of 00401000 and a base of 20000000 would make it point to 200401000 while a normal pointer would just have made it point to 00401000
Thats why i said that all offsets need to be increased with the base address
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Thu Apr 11, 2013 9:44 am Post subject: |
|
|
Dark Byte wrote: |
Thats why i said that all offsets need to be increased with the base address |
i dont understand what this means :/ i need to add the base adress offset to the pointer ?
Quote: | That you found pointers like that is just coincidence that some random values combined together are valid
The only valid pointer is the one to the base address of the emulated memory
|
isnt 8C753E4= 147280868= "ggpofba.exe" my base adress of the emulated memory?
i used to have:
ggpoba.exe+12ed97 88 14 01 MOV(ECX +EAX), DL = ggpofb 2
ggpofba 2 = 400000
gpofb - gpofba 2 = 147280868 - 400000 = 88753E4
so is the real pointer somethinlike
400000+88753E4 + 38128 points to health ?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 460
Joined: 09 May 2003 Posts: 25345 Location: The netherlands
|
Posted: Thu Apr 11, 2013 10:29 am Post subject: |
|
|
when the game allocates memory it saves that address in memory
that address is relative to the base of the emulated memory (not emulator memory)
With the pointer you found here http://forum.cheatengine.org/viewtopic.php?p=5466878#5466878 you find the base address
but subsequent offsets will not work as the addresses stored in memory are relative to that base address.
lets say it allocates memory for the player at address 500000, and thus writes the value 500000 to a known location, like 2000
Now, if the base address of the emulated memory is at 6690000 then the player data is stored at 6690000+500000=6B90000
and the value 500000 is stored at 6B92000
now if you use that pointer you found with offset 20000 you will get to 6B92000 which is good, but the value 500000 isn't correct. You will need to give it an offset of 6690000 to get to 6b90000 (+whatever offset health is stored)
As you see, that offset will change each time. So you need to use lua, to automatically update that.
----
In short, never use the pointerscanner on emulators.
It's not a big problem though, as you will usually have no need to use multilevel pointers inside games running in a emulator as they tend to be quite simple.
The one pointer to get the base address and then the one offset to get to the correct address is all you need
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Thu Apr 11, 2013 11:48 am Post subject: |
|
|
m.
Seeif i get this straight.
The p>just Base adress works
but p>base adress + offset to "health" doesnt !
so i need to run some kind of Lua code to fid the real offset ?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Thu Apr 11, 2013 12:25 pm Post subject: |
|
|
@iroku
I've got this:
07EE8128 - 1byte - match timer
07EE8470 - 2byte - Player1 HP Capacity
07EE8472 - 2byte - Player1 Current HP
07EE8870 - 2byte - Player2 HP Capacity
07EE8872 - 2byte - Player2 Current HP
Code: | ggpofba.exe+12ED70 - 81 E1 FFFFFF00 - and ecx,00FFFFFF
ggpofba.exe+12ED76 - 8B C1 - mov eax,ecx
ggpofba.exe+12ED78 - 56 - push esi
ggpofba.exe+12ED79 - 8B 35 4897B100 - mov esi,[ggpofba.exe+719748]
ggpofba.exe+12ED7F - C1 E8 0A - shr eax,0A
ggpofba.exe+12ED82 - 8B 84 86 00000100 - mov eax,[esi+eax*4+00010000]
ggpofba.exe+12ED89 - 83 F8 08 - cmp eax,08
ggpofba.exe+12ED8C - 72 0E - jb ggpofba.exe+12ED9C
ggpofba.exe+12ED8E - 83 F1 01 - xor ecx,01
ggpofba.exe+12ED91 - 81 E1 FF030000 - and ecx,000003FF
ggpofba.exe+12ED97 - 88 14 01 - mov [ecx+eax],dl <- access match timer address
ggpofba.exe+12ED9A - 5E - pop esi
ggpofba.exe+12ED9B - C3 - ret |
[[ggpofba.exe+719748]+1ff80]+108 -> match timer
[[ggpofba.exe+719748]+1ff84]+50 -> Player1 HP Capacity
[[ggpofba.exe+719748]+1ff84]+52 -> Player1 Current HP
[[ggpofba.exe+719748]+1ff88]+50 -> Player2 HP Capacity
[[ggpofba.exe+719748]+1ff88]+52 -> Player2 Current HP
Should be stable for particular "GGPO FBA" version.
"ggpofba.exe"+71AC00 -> string. This string keeps current rom name e.g. "Vampire Savior - the lord of vampire (970519 Euro)"
_________________
|
|
Back to top |
|
|
iroku Advanced Cheater Reputation: 0
Joined: 18 Oct 2012 Posts: 54
|
Posted: Fri Apr 12, 2013 2:07 pm Post subject: |
|
|
ok if:
mov [ecx+eax],dl is match life function
ecx = 50
eax = [esi+eax*4+00010000]
eax = ggpofba.exe+719748 + eax*4 + 10000
ggpofba.exe+719748 + eax*4 + 10000 + 50 = match life function
how do i get that eax*4 value ?? not using AA script since i know nothing about it.
edit: found it with break and trace instruction, only 3 nubers kept beeimg called.
3fe2, 3fe1, 3fc1
tried them 3, funny that one lead to p1 health , other to p2 health and the third i dont know whhat it does....
|
|
Back to top |
|
|
Gvaz Expert Cheater Reputation: 0
Joined: 16 Jul 2011 Posts: 126
|
Posted: Mon Jun 24, 2013 11:09 pm Post subject: |
|
|
How did you get the gold codes to work? I just got up to chapter 4 and I can't find shit for gold. I get the values I'm looking for at first, but changing them does nothing.
w/r/t Fire Emblem
|
|
Back to top |
|
|
jeff_7214 Advanced Cheater Reputation: 0
Joined: 24 Mar 2013 Posts: 51 Location: usa
|
Posted: Sun Jan 05, 2014 8:56 am Post subject: |
|
|
Reputation: 0 Approve
Joined: 16 Jul 2011
Posts: 49
PostPosted: Tue Jun 25, 2013 12:09 am Post subject: Reply with quote Report this post to moderator(s)
How did you get the gold codes to work? I just got up to chapter 4 and I can't find shit for gold. I get the values I'm looking for at first, but changing them does nothing.
it sounds like you are finding the display address you need to find the real address keep trying you will find it.
ok now first i want to say alot of you are talking as if you are talking to other pros you really need to try and tell what is needed more simple.
when you are trying to do pointers to help lock the addresses all you have to do is find any one of the addresses that you need example gold health manna ,ect once you find the first code that works right click and go to browse memory region (BMR i'll be calling it) and click view and click memory region look for the address that has your address example say your address is 05EE56E8 in the memory region for something like 05EC0000 05F50000 so the 05EC0000 is your base address cause it is under your address and does not go over.
once you have found your base address go back to BMR (if needed go back to your cheat engine and right click and find it that way again)
once in the BMR click tools then pointer scan then click pointer scan then scan for pointer and put in your base address that you found and click ok once done a page with a list of address /pointers will come up anyone of them will work to lock all your codes just double click one and it will be added to your CE.
once you have a pointer on your CE double click it under address and the top pointer (usely it's a 0) put in the hex that takes the base address to the code you want example our base address is 05EC0000 and our address for the cheat is 05EE56E8 so in the top pointer box we would put 256E8 name it and set your type of bytes and hit ok and there you go you just locked the address.
_________________
Anyone that needs a trainer / table for any ps1/ps2 emulators pm me with what game/system and what you would like. and i'll get right on it. |
|
Back to top |
|
|
|