View previous topic :: View next topic |
Author |
Message |
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Wed May 17, 2017 9:24 am Post subject: CEMU and Zelda: Breath of the wild health values |
|
|
I've run into an issue that I can't seem to get past. I'm making hacks for Zelda: Breath of the Wild for the CEMU emulator. I've posted the CT here: fearlessrevolution. c o m/viewtopic.php?f=4&t=2335
I'm currently trying to understand how health values in this game work. Everything has a health value - Link, weapons, enemies, trees! I cannot figure out how to isolate one from another. When I search for the health of my weapon, find what writes to it, NOP it, my weapons are indestructible...and so is everything else. Useless. I've also tried, find what accesses this, which gives me another list. I can clearly see the address that appears when my weapon takes damage, but NOP'ing it instantly destroys the weapon. What info do I need to provide to help you help me?!
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Wed May 17, 2017 10:58 am Post subject: |
|
|
Quote: | When I search for the health of my weapon, find what writes to it, NOP it, my weapons are indestructible |
It is emulator. The game it runs, Legend of Zelda BotW, is not a native windows application. Emulator is native windows application.
Other games like Prey, Doom, Witcher3, TombRaider, all of them are native windows applications.
Making cheats for games running on modern console emulators is more problematic than you think.
You can not use pointerscanner, most of youtube tutorials are useless. Why? Because you are hacking two things at the same time: an emulator and the game running inside an emulator.
It is much easier when an emulator has it's own debugger, see Dolphin emulator.
_________________
|
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Wed May 17, 2017 3:25 pm Post subject: |
|
|
This doesn't seem like a dilemma that's isolated to just emulation (see here: cheatengine.o r g/forum/viewtopic.php?p=5331555&sid=f74da32a61ee42f94d43bcf283e092d1
So, without getting hung up on the fact that this is an emulated game, are there any tutorials you could point me to on how to approach this? I didn't follow the technique in the thread above and am not even sure if it would apply here.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed May 17, 2017 4:56 pm Post subject: |
|
|
Use structure dissect on the stack to figure out a way to distinguish what you need. (lock and dissect)
e.g: the stack may hold a pointerpath to the currently executing instruction inside the emulated system
or the value is within a special range, etc...
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Wed May 17, 2017 5:12 pm Post subject: |
|
|
Dark Byte wrote: | Use structure dissect on the stack to figure out a way to distinguish what you need. (lock and dissect)
e.g: the stack may hold a pointerpath to the currently executing instruction inside the emulated system
or the value is within a special range, etc... |
Thank you. So far, I've become awesome at NOP'ing to achieve what I need. I have a feeling a simple NOP won't do the trick in this case... lol I'll research lock and dissect. I am seeing "ptr" near the address it found, but not totally sure what that may mean or what to do with it... More research.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed May 17, 2017 5:24 pm Post subject: |
|
|
step 9 of the tuturial, and instead of a simple register value to a specific memory block, look into the RSP at that specific time .
which is why you need to lock the memory (locking just makes a copy of stack somewhere and makes the locked column read it as if it came from the original address)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Thu May 18, 2017 8:45 am Post subject: |
|
|
Dark Byte wrote: | step 9 of the tuturial, and instead of a simple register value to a specific memory block, look into the RSP at that specific time .
which is why you need to lock the memory (locking just makes a copy of stack somewhere and makes the locked column read it as if it came from the original address) |
Thank you. Do you happen to know if CEMU's 2 or 4 byte big endian (currently using 2 byte BE to search for values) will have any impact on how I approach this?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Thu May 18, 2017 9:28 am Post subject: |
|
|
Wii's native byte order is Big Endian. This is why you see many "bswap" instructions when looking at CEMU code.
And that means:
- SmallInt (16bit) has Big Endian order
- Integer (32bit) has Big Endian order
- single-precision floating-point has Big Endian order
- double-precision floating-point has Big Endian order
PS: check your PM box.
_________________
Last edited by mgr.inz.Player on Thu May 18, 2017 9:33 am; edited 1 time in total |
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Thu May 18, 2017 9:32 am Post subject: |
|
|
mgr.inz.Player wrote: | Wii's native byte order is Big Endian. This is why you see many "bswap" instructions when looking at CEMU code.
And that means:
- SmallInt (16bit) has Big Endian order
- Integer (32bit) has Big Endian order
- single-precision floating-point has Big Endian order
- double-precision floating-point has Big Endian order |
This helps. Thank you.
mgr.inz.Player wrote: | PS: check your PM box. |
Responded
|
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Fri May 19, 2017 11:42 am Post subject: |
|
|
Dark Byte wrote: | step 9 of the tuturial, and instead of a simple register value to a specific memory block, look into the RSP at that specific time .
which is why you need to lock the memory (locking just makes a copy of stack somewhere and makes the locked column read it as if it came from the original address) |
Trying step 9 of the tutorial... Maybe I'm missing something, but this doesn't explain how to do it. It just says, "your task is to..." and "when you've found out how to distinguish between yourself and the computer..."
*edit: For the love of God. I'm losing my mind over this thing. I cannot figure this one out (Zelda). Been at it for about 2 weeks, but just don't have the skill required...
Also, pointer scanning always return 0 results. Not sure what that's attributed to...
|
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Tue May 22, 2018 10:22 am Post subject: |
|
|
I've solved this issue FINALLY. Unbreakable Weapons is now a thing!
|
|
Back to top |
|
|
Banjo Patterson Cheater Reputation: 1
Joined: 15 May 2018 Posts: 36
|
Posted: Wed May 23, 2018 5:02 pm Post subject: |
|
|
What did you do to get it working Drivium?
|
|
Back to top |
|
|
|