Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Can CE Find ASM in Dolphin?
Goto page Previous  1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Sun Apr 20, 2014 10:59 am    Post subject: Reply with quote

mgr.inz.Player wrote:
mgr.inz.Player wrote:
6) if it main window caption change to "debugging", you got right instruction.


Errare humanum est.


Should be:
6) if "memory viewer" window caption change to "debugging", you got right instruction.


Not sure I understand that first part. About the LOTR, yeah I got the right address, the game is programmed to deduct points after you back out of the stat screen, also they used a pointer for each type of stat points. If you ever get this game and tried you'd see what what I mean. It's the same on the PS2 version as it is the GC when it comes to stats.

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Apr 20, 2014 1:07 pm    Post subject: Reply with quote

Quote:
Not sure I understand that first part

which part?


"Memory Viewer" window, has normally this caption:

If we used "break on access/write" breakpoints, and got "Dolphin GC - PC register" (at this stage, it's not accurate). Then after removing all breakpoints and resuming game thread, caption will be:
"Memory Viewer - Running"



So, while clicking "step" button (tutorial part II, step 5), if that window changes caption to this one

Then, you have found the exact instruction. In dolphin, that instruction will be highlighted. And in CE, "Dolphin GC - PC register" also will be 100% correct.

_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Sun Apr 20, 2014 2:45 pm    Post subject: Reply with quote

Errare humanum est.

That part I don't understand.

Also if you don't mind I'd like to post this at the Dolphin forums.

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Apr 20, 2014 5:20 pm    Post subject: Reply with quote

"Errare humanum est". Just use google Very Happy


"Also if you don't mind I'd like to post this at the Dolphin forums."
no problem

_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Sun Apr 20, 2014 5:54 pm    Post subject: Reply with quote

This address here on SA2B 800637EC that you posted, I got the same one with only putting a write BP on the rings address. From my experience write BP's work better than read in most cases.

This game and SADX are different in how they handle rings, picking up a ring and losing them gives their own address each. Do you think it mught be possible to make a code on SA2B where you can pick up rings but not lose them when you get hit? I've barely any experience with PPC so maybe you could give me some advice if you don't mind. Very Happy

So, this is the meaning eh?

to err is human; to persist is of the Devil

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Apr 21, 2014 5:41 am    Post subject: Reply with quote

To summarize tutorial (both parts):

- launch Dolphin in debug mode

- we have to look for PC register. PC register works the same as EIP/RIP register for PC. It is "instruction pointer register".

- to find it, just do:
a) Dolphin - Pause game, check PC register (registers tab), copy value kept in that register
b) CE - do new scan for that value (4-byte, exact, hex)
c) Dolphin - unpause the game, and pause it again, copy PC register value
d) CE - do next scan.
e) repeat c and d until you find correct address (which keeps value from PC register). The first "green address" would be the correct one. Add that address to table, name it "Dolphin GC - PC register".

- with CE, find rings address and add it to table. Set breakpoint: "break on access" (or "break on write")
- how to set breakpoint? Highlight "rings", press CTRL+B, MemoryView window will show up. In HexView part (bottom part of MemoryView window) right click the first byte and choose: "Data Breakpoint -> Break on ..."

- Dolphin - do something in game. It should freeze

- in CE - this "Dolphin GC - PC register" points to code block where our instruction is (instruction that reads or writes rings value). Accuracy depends on chosen "Dual Core", "CPU emulator engine", and probably other settings, maybe even other things such as PC configuration. It can point one instruction before or 5 to 50 instructions before the instruction we are looking.

- CE - remove breakpoint




To get exact "Dolphin GC - PC register" value while rings is accessed (read or write), and that means instruction we are looking for:

- Dolphin - add breakpoint (click +BP button), and paste "Dolphin GC - PC register" value you got earlier. Do something in game, it should freeze.

- CE - set "break on ....." breakpoint.

- be sure to have both windows visible: Dolphin window (where "STEP" button is) and CE "Memory Viewer" window.

- "Memory Viewer" window caption should be: "Memory Viewer" or "Memory Viewer - Running"

- now, click "STEP" button, look at "Memory Viewer" window caption.

- if it changes to "Memory Viewer - Currently debugging thread ....", look at "Dolphin GC - PC register", it exactly points to instruction we are looking for. Alternatively, just look at highlighted instruction in Dolphin ("Code" tab)

- if not, click step button again, and again, and again, ....



Quote:
Do you think it mught be possible to make a code on SA2B where you can pick up rings but not lose them when you get hit?

As AR hack? It is possible. But for that we need "code cave". A free memory block we can use. Basically the same way I made rom hack for "Blaster Master".

Probably there are other methods like:
- nopping caller. Or patching some codes before the "caller"
- changing "conditional jump" into "unconditional jump"
- etc







PS: why you didn't update second post in "How to make ASM codes for Wii ....". Step 6 is misleading. Change it to:
Code:
6) if "memory viewer" window caption change to "debugging", you got right instruction.

_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Mon Apr 21, 2014 10:55 am    Post subject: Reply with quote

Step 6 fixed
_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Apr 21, 2014 10:59 am    Post subject: Reply with quote

Lets analyze whole thing again
Code which updates our rings value:
80063814: lha r29, 0x0068 (r31) -- load rings (from memory pointed by R31+0x68) into R29
80063818: add r0, r29, r4 -- sum R29 and R4, store result in R0. R4 can have positive and negative values
8006381c: sth r0, 0x0068 (r31) -- move value from R0 into memory pointed by R31+0x68

As you see, R4 is our modificator. If look up, there is no R4 register being used.
So, it must be function argument. If we look at "callstack", there are two different callers.

When we do "break on write":
- 8123e490 when collecting one ring
- 8123e884 when we loose all rings

Lets go there, and look for R4 register. Fortunatly for us, it is close to caller.


When gaining one ring:
Code:
8123e488: mr   r3, r29
8123e48c: li   r4, 1
8123e490: bl   ->0x800637EC    <---- this is a caller


When loosing one ring:
Code:
8123e87c: neg   r4, r3
8123e880: mr   r3, r29
8123e884: bl   ->0x800637EC    <---- this is a caller


li r4, 1 - load intermediate value into R4 register, in this example value is 1
neg r4, r3 - if you look above (you can breakpoint there with Dolphin), if R3 is 15, R4 will be -15



Solution is simple:
So, we have to patch this instruction at address: 8123e87c

"li r4, 1" - instruction bytecode is "38800001"
"neg r4, r3" - instruction bytecode is "7c8300d0"

lets change "neg r4, r3" into "li r4, 0" (yes, zero). And that means - overwrite value at address 8123e87c with value 38800000

AR code will be (0123e87c + 04000000(write 32bit) = 0523e87c):

$DoNotLooseRings
0523e87c 38800000


Voila


PS: during first boss fight, there is another caller:
Code:

8122ff78 neg   r4, r3
8122ff7c mr   r3, r29
8122ff80 bl   ->0x800637EC


And that means we have to add this one: 0522ff78 38800000

Cheat code will be
Code:
$DoNotLooseRings
0523e87c 38800000
0522ff78 38800000





Probably you have to find all other
Code:
...
neg   r4, r3
...
bl   ->0x800637EC
things.



 

_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Mon Apr 21, 2014 11:30 am    Post subject: Reply with quote

Thanks for taking the time to help me with all this.


I have gotten this: 04063828 2C00FFFF

The first ring you pick up gives you 999 and when you get hit by an enemy you still have 999. It also works for the last Boss Fight.

I also seen that one on the boss fight, I was wondering if I had to add 05 to the start of codes that start 81. Thanks for confirming that.

There is also another which removes your rings when you go to another level This code fixes that:

Keep Rings Between Levels
04064330 60000000

By the way 0523e87c 38800000 isn't working, maybe it's Dolphin? Or maybe I have to keep looking.

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Mon Apr 21, 2014 12:38 pm    Post subject: Reply with quote

47iscool wrote:
By the way 0523e87c 38800000 isn't working, maybe it's Dolphin? Or maybe I have to keep looking.


0523e87c 38800000 - works for me (the very first level)
0522ff78 38800000 - this one when fighting first boss

As I said earlier, there can be more callers which pass R4 register, set to currentRingsQuantity*(-1), as argument to function at address 800637EC

_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Mon Apr 21, 2014 7:42 pm    Post subject: Reply with quote

The PC register method works on more than just Dolphin. This method also works with Gens Kmod.

I'm betting it would work with PJ64 too, gonna try it next.

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Wed Apr 23, 2014 4:18 pm    Post subject: Reply with quote

I'm glad to help.
_________________
Back to top
View user's profile Send private message MSN Messenger
47iscool
Cheater
Reputation: 0

Joined: 15 Apr 2014
Posts: 34

PostPosted: Thu Apr 24, 2014 2:48 pm    Post subject: Reply with quote

mgr.inz.Player wrote:
I'm glad to help.


Well thanks.

Also just found out the Kmod version isn't needed. Regular Gens version works just as well, just have to look at the 68000 debug registers. Kmod also lags every now and then because it has some Genecyst features incorporated into it.

_________________
My codes:

bit.ly/1bQNawz
Back to top
View user's profile Send private message
rijji76
How do I cheat?
Reputation: 0

Joined: 17 Jul 2013
Posts: 3

PostPosted: Sat Jul 19, 2014 5:08 am    Post subject: Reply with quote

I have a problem
Cheat engine does give me the instruction who is writing to a specific memory in dolphin, but it's not freezing the dolphin process(dolphin emu continues running)
What could be the problem?

Game in question is Biohazard 2
let's say i have 22 bullets, i fire one bullet cheat engine gives me the instruction who decreased the ammo value(in the breakpoint window), but dolphin process still running
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sat Jul 19, 2014 6:11 am    Post subject: Reply with quote

rijji76 wrote:
cheat engine gives me the instruction who decreased the ammo value

My suggestion: do CE basic tutorials, do some cheats for normal single player games (not based on Lua, Java, Flash, XNA, .NET, Mono). Try older games, almost all games before 2004 are easy to "hack".

Click "Search" link at the top of this page. Then search for: Dolphin
Read few topics.

Type in this word: emulator.
Read few topics.


Then, you can try to make cheats for games in Dolphin, Project64, etc.




"find out what ..." do not freeze process. Only "break on write" or "break on access"

_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 3 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites