View previous topic :: View next topic |
Author |
Message |
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 1:53 am Post subject: Help me in hacking Final Fantasy X HP |
|
|
I've been messing around with ps1 and ps2 games..
Most of the ps1 game is easy and less using the pointer and so on.
Lately i have become addict with final fantasy and decide to messing with them using cheat engine. Then i reach ffx (International) and i found out that i have fail to hack this game, not even a single important aspect EXCEPT gil.
What i want to hack now is the character's (Tidus) HP. It seems that every address in every battle seems to be different. NOT WHEN I RESTART THE GAME..
Below is the address that i got when i LOAD THE GAME AND STEP INTO THE BATTLE. I'm telling you this because everytime i load my saved game, the address for all character's HP is the same.
I have done all the tutorial from youtube or other website that includes multilevel pointers,how to defeat DMA, codeshifting, find out what write and access to the address, dissamble memory (complicated) and using code injection with auto assemble.
None of the above is working. Of course it is because my lack of knowledge and understanding...LOL
If you can, just give me the step on how to search the TRUE VALUE for tidus HP and i will do the rest. I just need to find the concept and formula.
I don't need to display anything about the pointer because i think this game need is special. If you know what i mean.
Ask me if i'm not display more detail and forgive my bad english..
The End
Description: |
This is what i got and it have 4 address:-
1st and 2nd row is unchangeable.
3rd row is temporary changeable(only this battle)
4th row is unknown.
Thus, only 3rd row address that can be change into whatever value. Then 1st and 2nd row address will foll |
|
Filesize: |
762.55 KB |
Viewed: |
31089 Time(s) |
|
_________________
Why is it harder for me to understand something.
Stress~~~~
Last edited by Virussick on Thu Aug 30, 2012 2:06 am; edited 2 times in total |
|
Back to top |
|
|
jakel007 Cheater Reputation: 0
Joined: 28 Jul 2012 Posts: 29
|
Posted: Thu Aug 30, 2012 1:58 am Post subject: |
|
|
Have you tried pointer scanning for 3rd address? Don't know if it will work on emulator though.
|
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
|
Back to top |
|
|
jakel007 Cheater Reputation: 0
Joined: 28 Jul 2012 Posts: 29
|
Posted: Thu Aug 30, 2012 2:07 am Post subject: |
|
|
Are you sure you tried this : youtube(dot)com / watch?v=8CJdV1Vfvv0&feature=plcp
|
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
|
Back to top |
|
|
jakel007 Cheater Reputation: 0
Joined: 28 Jul 2012 Posts: 29
|
Posted: Thu Aug 30, 2012 2:12 am Post subject: |
|
|
Maybe that's because of the emulator, maybe try another emu?
Wasn't hacking emulator, so I don't know how to do it, but I've got one idea. You can try also, if there is that option, to install FMCB or just launch .elf files, so you could use codebreaker .elf and hack the game with it.
|
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 2:22 am Post subject: |
|
|
Jakel007>>>I have. The differences that i found from pcsx2 0.9.7 with the one that i use now pcsx2 0.9.9 is the address. How should i say this. Simple way to explain is, the address that i got from pcsx2 0.9.9 can be used for making patch on itself (pnach file). I guess i'm wrong. Either emulator or this game that make troublesome.
_________________
Why is it harder for me to understand something.
Stress~~~~ |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 30, 2012 2:48 am Post subject: |
|
|
I played this game on pcsx2 as well and know what you mean.
This game makes use of memory allocations between battles
I managed to find a health"pointer" in this game, but it's not easy (to understand)
First you need to find the start address of the game's memory. (I suggest using the memory region list and look where the region your health is in starts, most likely a mem_mapped region as well)
Then find your health in a battle.
take that address and decrease it with the base address of the game's memory (thatvalue)
Now do a "between value" scan for thatvalue-4096 and thatvalue
Open a second scantab (or second ce) and find the health in a new battle
Find the difference between the base address and your health (thatvalue2)
Go back to the first scantab (or first ce) and do a "increased value by" or a "decreased value by" for the difference of thatvalue and thatvalue2
With luck only one is left, if more, repeat, or try them both later
Now you have the pointer to your health
But to use it as a ce pointer you have to do one more thing, find the pointer to the base address of the game.
Restart the game a few times, and look for an address that holds the base address. With luck it's a static address (it was for me)
Now you can use a lua script, or an injected assembler script, to calculate the address
If the base address is the same each time, you can also do a pointer notation, with the base address+offset as base, and as offset the baseaddress of the game game+offset to health
e.g, if base address = 20000000
pointer is at offset 3000
and health is at 88 after the location the pointer points to
then this is how you'd set it up int the pointer window:
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Thu Aug 30, 2012 3:16 am; edited 1 time in total |
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 3:15 am Post subject: |
|
|
DarkByte>>>Master, you are right. It is hard to understand and complicated..Correct me if i'm wrong. From what you tell me, i was doing it wrong from the beginning right? Instead of searching like usual, i need to watch over the region code because every region have different code such as HP,MP and so on.
Am i correct?
_________________
Why is it harder for me to understand something.
Stress~~~~ |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 30, 2012 4:00 am Post subject: |
|
|
No, just scan as you always do
Emulators tend to allocate a block of contiguous memory where the memory of the emulated system will reside.
The first byte of that memory block is address 00000000 for the game
Second byte 00000001 etc...
So if the emulated system stores address 50000 at a memory location, the actual address would be the base+50000
You don't need to watch region codes, but it can help. You can see regions in memoryview->view->memory regions
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 4:34 am Post subject: |
|
|
It's my first time knowing about this. I guess i have to work har though.
Darkbyte, do you have any tutorial for problem like this or anyone?
There is something that i don't understand. You said that :-
"So if the emulated system stores address 50000 at a memory location, the actual address would be the base+50000"
I was wondering, using the example of 50000, where to find it or how to find this memory from emulator?
I've already enable mem_mapped like you suggest before. Then you want me to scan like i always do. Then i also get this 4 address. Still the same stubborn address. Then what?
_________________
Why is it harder for me to understand something.
Stress~~~~ |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 30, 2012 6:04 am Post subject: |
|
|
You need to understand pointers (specifically, the algorithm the pointerscanner uses)
Then adjust what you know about that to take care of a different base address. (addresses pointers point to need to be offset by the real address of address 0 )
Anyhow, are you using the 32-bit or 64-bit ce version.
I guess I can write a plugin that helps with emulators (so memory addresses shown in ce are equal to the internal emu)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 7:03 am Post subject: |
|
|
DarkByte>>>I'm using 32 ce version master.
Yes, please do so.
I'm desperate to know more about hacking this troublesome game.
I can use codebreaker instead, but i would like to use the cheat that even myself understand.
I don't know if you can do this for me, but would you give me step by step how you found the real address? Just give me point by point about what to do next. Just for Tidus HP. It will be appreciate.
_________________
Why is it harder for me to understand something.
Stress~~~~ |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 30, 2012 8:22 am Post subject: |
|
|
First let's try it without a special plugin.
Just downloaded this game and pcsx2 so I'll try to reproduce what I did
First I managed to get through to the playable part (really hard due to crashes)
Now, in a battle find tidus's health using block and potions (you will find multiple, it's the one that changes instantly when you change it)
Write down the address (address1)
Now do a 4 byte unknown initial value scan
Open a second scantab, or ce
Go into another battle and find health again (address2)
Now in the first tab do a increased value by, or decreased value by the difference of the two health addresses
I found 4 addresses
One of them , 20646360 has a address very close to tidus's health (minus the 20000000 part)
When out of battle, that address is 0
From here on, I will assume that this emulator always loads the memory at 20000000 based on your examples as well
so let's investigate the value of that pointer
when tidus health is at 210BCB2C the address I found (20646360) contains as value 010BC8B0
So, tidus' health is located 27c after that pointer
because the pointer has as value 10bc8b0 instead of 210bc8b0, we need to add 20000000 to the offset to it as well, so the final offset is 2000027c
So, the final pointer is:
[20646360]+2000027c
copy pasteable into ce:
Code: |
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>19</ID>
<Description>"No description"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>20646360</Address>
<Offsets>
<Offset>2000027C</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Virussick Cheater Reputation: 0
Joined: 30 Aug 2012 Posts: 33
|
Posted: Thu Aug 30, 2012 8:30 am Post subject: |
|
|
Thanks DarkByte.
This is what i need.
You are the coding & cheating master. I need to revise your coding and i will reply back to this forum in the couple of days.
I need to understand very clearly how it works. Thanks
I will surely give you good news later.
Wish me luck
_________________
Why is it harder for me to understand something.
Stress~~~~ |
|
Back to top |
|
|
|