Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with offset

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
snorifu
How do I cheat?
Reputation: 0

Joined: 17 Jul 2011
Posts: 9

PostPosted: Wed Aug 24, 2011 4:53 am    Post subject: Help with offset Reply with quote

Hello,
I've been using cheat engine now and I've completed the tutorial but I still have some trouble finding a pointer.
I'm trying to find the pointer on kula world a game I play on a ps1 emulator.
EAX=000A53C8
EBX=00000ABE
ECX=020557B8
EDX=069B0020
ESI=000A53C8
EDI=003C266E
EBP=02056408
ESP=0012FDE4
EIP=0041BB6E

Probable base pointer =069B0020

0041BB65 - and eax,[ecx+1C]
0041BB68 - mov edx,[ecx+30]
0041BB6B - mov [eax+edx],ebx
0041BB6E - jmp 0041B9A7
0041BB73 - mov ecx,[ecx+34]

I have the probable base pointer but I can't find the offset. When I use edx (069B0020) as offset I don't get the right pointer can someone help me with this?
Back to top
View user's profile Send private message
gaming04
Expert Cheater
Reputation: 0

Joined: 06 Dec 2010
Posts: 172

PostPosted: Wed Aug 24, 2011 12:46 pm    Post subject: Reply with quote

Emulators is an expertise of SwaggaJackin from this forum. Contact him for help because, even now, I still can't handle Dynamic Recompilation.
Back to top
View user's profile Send private message MSN Messenger
snorifu
How do I cheat?
Reputation: 0

Joined: 17 Jul 2011
Posts: 9

PostPosted: Thu Aug 25, 2011 4:24 am    Post subject: Reply with quote

Thanks for the reply but I couldn't find the member SwaggaJackin. Also I don't think this has a lot to do with emulators. It's about the offset edx the problem is that the registers are shown after execution
Back to top
View user's profile Send private message
SwaggaJackin'
Master Cheater
Reputation: 2

Joined: 06 Nov 2009
Posts: 304

PostPosted: Thu Aug 25, 2011 6:42 am    Post subject: Reply with quote

Even if you were to find that pointer, more than likely when that game is played again during another session it would change.

You didn't really give us enough information on which instruction is being executed, you just kinda wrote them all down and told us it was EDX's value.

Assuming it was this:
0041BB6B - mov [eax+edx],ebx

eax is the offset.

What PS1 emulator are you using? I suggest you use pSX 1.13 (http://psxemulator.gazaxian.com/). It's fast and even has its own debugger so you could make assembly hacks in native playstation code (MIPS)!

If you want to make cheats with cheat engine with it. Find the pointer that points to the base memory address inside pSX. Actually for 1.13, I have it:

psxfin.exe+171A5C

This points to the beginning of the pSX's memory. So whenever you search for a value, set the region to P->psxfin.exe+171A5C to +0x00200000 and you'll only be search the playstations memory and not the emulator code. This will always be static (for this version of pSX). So if you found something like a gold value. It would always remain the same (assuming it's not dynamic in the game). So you could just put P->psxfin.exe+171A5C+<offset to gold>
Back to top
View user's profile Send private message
snorifu
How do I cheat?
Reputation: 0

Joined: 17 Jul 2011
Posts: 9

PostPosted: Thu Aug 25, 2011 10:11 am    Post subject: Reply with quote

Hi,
Thanks for your reply.
Sorry for giving not enough information.
But your assumption was correct it was indeed that instruction.
I used the offset eax and it worked when I restarted the game it still had the right pointer:)
I now see why I should have used eax; edx was the adress found so the offset was eax because the instruction was eax+edx.

Im already using psx v1.13 but the debug function is a bit difficult to understand for me

When I filled this in:
start: 171A5C
stop: 00200000
I couldn't find the values I was looking for with this starting and stop value can you please explain how to search for playstation memory only?
Back to top
View user's profile Send private message
SwaggaJackin'
Master Cheater
Reputation: 2

Joined: 06 Nov 2009
Posts: 304

PostPosted: Thu Aug 25, 2011 11:06 am    Post subject: Reply with quote

You're doing it wrong.

I didn't say to add 0x0020000 inside the debugger, use it in cheat engine. If you don't know MIPS ASM don't bother with the debugger, I only mentioned it in the slight chance that you would.

If you want to search only the PSX ram in cheat engine, add the pointer:
Code:
psxfin.exe+171A5C


Now assume this address points to 0x006D0020. This is the starting memory address of the PSX's ram.

PSX only has 2MB of ram but only 1MB of usable memory (the other 1MB is used for sound and frame buffer, CD-ROM etc...).

I always use 2MB simply because the search won't take longer anyways and I feel better knowing I'm searching all 2MB.

Anyways:
Code:

2MB = 2048KB
2048KB = 2097152 Bytes
33554432 Bytes in hexadecimal is = 0x200000


So now we have our ending address.

So we know psxfin.exe+171A5C points to 0x006D0020, we add +0x200000 and we get our end address. So set the search range to (in this example):

Code:

Start:  0x006D0020
End:  0x008D0020
Back to top
View user's profile Send private message
snorifu
How do I cheat?
Reputation: 0

Joined: 17 Jul 2011
Posts: 9

PostPosted: Thu Aug 25, 2011 1:42 pm    Post subject: Reply with quote

I'm getting the no readable memory found error?
First I added the pointer psxfin.exe with offset 171A5C.
The offset brings me to 00A774A9. So I filled in
Code:
start:00A774A9
stop:00C774A9

what am I doing wrong?
Back to top
View user's profile Send private message
SwaggaJackin'
Master Cheater
Reputation: 2

Joined: 06 Nov 2009
Posts: 304

PostPosted: Thu Aug 25, 2011 1:46 pm    Post subject: Reply with quote

You don't add a pointer of psxfin.exe with offset 171A5C...

You add a pointer of psxfin.exe+171A5C with no offset....v_v

Put psxfin.exe+171A5C as the address, that isn't an offset.
Back to top
View user's profile Send private message
snorifu
How do I cheat?
Reputation: 0

Joined: 17 Jul 2011
Posts: 9

PostPosted: Fri Aug 26, 2011 4:20 am    Post subject: Reply with quote

Thanks works perfectly!
Back to top
View user's profile Send private message
noabody
How do I cheat?
Reputation: 0

Joined: 15 Sep 2011
Posts: 5

PostPosted: Thu Oct 26, 2017 6:58 pm    Post subject: Reply with quote

I know op hates reply to dead threads but this was the right question and I found it going on six years later.

Using CEP by DrHell, with an edit to APPLIST.TXT for some more modern emu, "Select Application" on the "Process" tab by .EXE and a "Base Address Search" of "Playstation"

Code:
no$psx                                  | NO$PSX.EXE   | Use Base Address Search | $00200000
PcSXR PGXP                              |PCSXR-PGXP.EXE| Use Base Address Search | $00200000
pSX                                     | PSXFIN.EXE   | Use Base Address Search | $00200000
retroarch                               | RETROARCH.EXE| Use Base Address Search | $00200000


It finds an address which matches psxfin.exe+171A5C, viewed as hex. I get the same thing in Cheat Engine if I copy the 16 bytes, found at that start address, and do an "Array of byte" scan.

This is the value:
Code:
03 00 00 00 80 0C 5A 27 08 00 40 03 00 00 00 00


I'm guessing that CEP has that plugged in for it's own internal AOB scan engine because its result, and that of CE AOB, corroborate one another consistently for many different PSX emus. With CE setting "CopyOnWrite" selected (and MEM_MAPPED), that pattern can also be found in Retroarch, Mednafen, and ePSXe.

Emu has to be running for scan to work. Load to BIOS (without native cheat engine enabled) would be the the safest default. Here is a cheat code that can help identify the correct location in memory. It simply writes the words NOWBEGIN to memory offset 00000010 (next line after initial AOB). You can also do a "String" scan for it as opposed to the AOB.

PCSXR
Code:
[*CE NOWBEGIN +10]
80000010 4F4E
80000012 4257
80000014 4745
80000016 4E49


Mednafen
Code:
R A 8 L 0 00000010 4e49474542574f4e NOWBEGIN
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites