Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help me in hacking Final Fantasy X HP
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 1:53 am    Post subject: Help me in hacking Final Fantasy X HP Reply with quote

I've been messing around with ps1 and ps2 games..
Most of the ps1 game is easy and less using the pointer and so on.

Lately i have become addict with final fantasy and decide to messing with them using cheat engine. Then i reach ffx (International) and i found out that i have fail to hack this game, not even a single important aspect EXCEPT gil.

What i want to hack now is the character's (Tidus) HP. It seems that every address in every battle seems to be different. NOT WHEN I RESTART THE GAME..

Below is the address that i got when i LOAD THE GAME AND STEP INTO THE BATTLE. I'm telling you this because everytime i load my saved game, the address for all character's HP is the same.

I have done all the tutorial from youtube or other website that includes multilevel pointers,how to defeat DMA, codeshifting, find out what write and access to the address, dissamble memory (complicated) and using code injection with auto assemble.

None of the above is working. Of course it is because my lack of knowledge and understanding...LOL

If you can, just give me the step on how to search the TRUE VALUE for tidus HP and i will do the rest. I just need to find the concept and formula.

I don't need to display anything about the pointer because i think this game need is special. If you know what i mean.

Ask me if i'm not display more detail and forgive my bad english..

The End



FFX.png
 Description:
This is what i got and it have 4 address:-
1st and 2nd row is unchangeable.
3rd row is temporary changeable(only this battle)
4th row is unknown.
Thus, only 3rd row address that can be change into whatever value. Then 1st and 2nd row address will foll
 Filesize:  762.55 KB
 Viewed:  8602 Time(s)

FFX.png



_________________
Why is it harder for me to understand something.
Stress~~~~


Last edited by Virussick on Thu Aug 30, 2012 2:06 am; edited 2 times in total
Back to top
View user's profile Send private message Yahoo Messenger
jakel007
Cheater
Reputation: 0

Joined: 28 Jul 2012
Posts: 28

PostPosted: Thu Aug 30, 2012 1:58 am    Post subject: Reply with quote

Have you tried pointer scanning for 3rd address? Don't know if it will work on emulator though.
Back to top
View user's profile Send private message
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 2:04 am    Post subject: Reply with quote

Yes. The 3rd row is where i focus more compare to other address.
Still cannot find the result, and after using pointer and found about mov [ecx],edx and the value is 20fa14c0. How can i forget this number? Because i have been doing the same thing over and over again. Then i have search the address using HEX and 4 bytes, but still no results.

I'm such a failure. Crying or Very sad

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
jakel007
Cheater
Reputation: 0

Joined: 28 Jul 2012
Posts: 28

PostPosted: Thu Aug 30, 2012 2:07 am    Post subject: Reply with quote

Are you sure you tried this : youtube(dot)com / watch?v=8CJdV1Vfvv0&feature=plcp
Back to top
View user's profile Send private message
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 2:09 am    Post subject: Reply with quote

Oh and about the pointer scanning i have doing exactly like anyone did.
Pointer Scanning and then save, then restart, then open the file and rescan.

I got 4 address from 7 address. I have tried them all, freeze and whatever..
Then when i step into another battle, even the pointer is confused. Laughing

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
jakel007
Cheater
Reputation: 0

Joined: 28 Jul 2012
Posts: 28

PostPosted: Thu Aug 30, 2012 2:12 am    Post subject: Reply with quote

Maybe that's because of the emulator, maybe try another emu?



Wasn't hacking emulator, so I don't know how to do it, but I've got one idea. You can try also, if there is that option, to install FMCB or just launch .elf files, so you could use codebreaker .elf and hack the game with it.
Back to top
View user's profile Send private message
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 2:22 am    Post subject: Reply with quote

Jakel007>>>I have. The differences that i found from pcsx2 0.9.7 with the one that i use now pcsx2 0.9.9 is the address. How should i say this. Simple way to explain is, the address that i got from pcsx2 0.9.9 can be used for making patch on itself (pnach file). I guess i'm wrong. Either emulator or this game that make troublesome.
_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
Dark Byte
Site Admin
Reputation: 241

Joined: 09 May 2003
Posts: 16352
Location: The netherlands

PostPosted: Thu Aug 30, 2012 2:48 am    Post subject: Reply with quote

I played this game on pcsx2 as well and know what you mean.
This game makes use of memory allocations between battles

I managed to find a health"pointer" in this game, but it's not easy (to understand)


First you need to find the start address of the game's memory. (I suggest using the memory region list and look where the region your health is in starts, most likely a mem_mapped region as well)

Then find your health in a battle.
take that address and decrease it with the base address of the game's memory (thatvalue)
Now do a "between value" scan for thatvalue-4096 and thatvalue

Open a second scantab (or second ce) and find the health in a new battle
Find the difference between the base address and your health (thatvalue2)
Go back to the first scantab (or first ce) and do a "increased value by" or a "decreased value by" for the difference of thatvalue and thatvalue2

With luck only one is left, if more, repeat, or try them both later

Now you have the pointer to your health
But to use it as a ce pointer you have to do one more thing, find the pointer to the base address of the game.
Restart the game a few times, and look for an address that holds the base address. With luck it's a static address (it was for me)

Now you can use a lua script, or an injected assembler script, to calculate the address
If the base address is the same each time, you can also do a pointer notation, with the base address+offset as base, and as offset the baseaddress of the game game+offset to health

e.g, if base address = 20000000
pointer is at offset 3000
and health is at 88 after the location the pointer points to
then this is how you'd set it up int the pointer window:
Code:

20000088
20003000 

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.


Last edited by Dark Byte on Thu Aug 30, 2012 3:16 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 3:15 am    Post subject: Reply with quote

DarkByte>>>Master, you are right. It is hard to understand and complicated..Correct me if i'm wrong. From what you tell me, i was doing it wrong from the beginning right? Instead of searching like usual, i need to watch over the region code because every region have different code such as HP,MP and so on.

Am i correct?

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
Dark Byte
Site Admin
Reputation: 241

Joined: 09 May 2003
Posts: 16352
Location: The netherlands

PostPosted: Thu Aug 30, 2012 4:00 am    Post subject: Reply with quote

No, just scan as you always do

Emulators tend to allocate a block of contiguous memory where the memory of the emulated system will reside.
The first byte of that memory block is address 00000000 for the game
Second byte 00000001 etc...
So if the emulated system stores address 50000 at a memory location, the actual address would be the base+50000

You don't need to watch region codes, but it can help. You can see regions in memoryview->view->memory regions

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 4:34 am    Post subject: Reply with quote

It's my first time knowing about this. I guess i have to work har though.
Darkbyte, do you have any tutorial for problem like this or anyone?
There is something that i don't understand. You said that :-

"So if the emulated system stores address 50000 at a memory location, the actual address would be the base+50000"

I was wondering, using the example of 50000, where to find it or how to find this memory from emulator?

I've already enable mem_mapped like you suggest before. Then you want me to scan like i always do. Then i also get this 4 address. Still the same stubborn address. Then what?

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
Dark Byte
Site Admin
Reputation: 241

Joined: 09 May 2003
Posts: 16352
Location: The netherlands

PostPosted: Thu Aug 30, 2012 6:04 am    Post subject: Reply with quote

You need to understand pointers (specifically, the algorithm the pointerscanner uses)
Then adjust what you know about that to take care of a different base address. (addresses pointers point to need to be offset by the real address of address 0 )

Anyhow, are you using the 32-bit or 64-bit ce version.
I guess I can write a plugin that helps with emulators (so memory addresses shown in ce are equal to the internal emu)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 7:03 am    Post subject: Reply with quote

DarkByte>>>I'm using 32 ce version master.
Yes, please do so.
I'm desperate to know more about hacking this troublesome game.
I can use codebreaker instead, but i would like to use the cheat that even myself understand.

I don't know if you can do this for me, but would you give me step by step how you found the real address? Just give me point by point about what to do next. Just for Tidus HP. It will be appreciate.

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
Dark Byte
Site Admin
Reputation: 241

Joined: 09 May 2003
Posts: 16352
Location: The netherlands

PostPosted: Thu Aug 30, 2012 8:22 am    Post subject: Reply with quote

First let's try it without a special plugin.

Just downloaded this game and pcsx2 so I'll try to reproduce what I did

First I managed to get through to the playable part (really hard due to crashes)

Now, in a battle find tidus's health using block and potions (you will find multiple, it's the one that changes instantly when you change it)
Write down the address (address1)

Now do a 4 byte unknown initial value scan
Open a second scantab, or ce
Go into another battle and find health again (address2)
Now in the first tab do a increased value by, or decreased value by the difference of the two health addresses
I found 4 addresses

One of them , 20646360 has a address very close to tidus's health (minus the 20000000 part)
When out of battle, that address is 0

From here on, I will assume that this emulator always loads the memory at 20000000 based on your examples as well

so let's investigate the value of that pointer
when tidus health is at 210BCB2C the address I found (20646360) contains as value 010BC8B0

So, tidus' health is located 27c after that pointer

because the pointer has as value 10bc8b0 instead of 210bc8b0, we need to add 20000000 to the offset to it as well, so the final offset is 2000027c

So, the final pointer is:
[20646360]+2000027c

copy pasteable into ce:
Code:

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>19</ID>
      <Description>"No description"</Description>
      <Color>80000008</Color>
      <VariableType>4 Bytes</VariableType>
      <Address>20646360</Address>
      <Offsets>
        <Offset>2000027C</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Virussick
Cheater
Reputation: 0

Joined: 30 Aug 2012
Posts: 33

PostPosted: Thu Aug 30, 2012 8:30 am    Post subject: Reply with quote

Thanks DarkByte.

This is what i need.

You are the coding & cheating master. I need to revise your coding and i will reply back to this forum in the couple of days.

I need to understand very clearly how it works. Thanks

I will surely give you good news later.

Wish me luck

_________________
Why is it harder for me to understand something.
Stress~~~~
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum



Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)