View previous topic :: View next topic |
Author |
Message |
snorifu How do I cheat? Reputation: 0
Joined: 17 Jul 2011 Posts: 9
|
Posted: Wed Aug 24, 2011 4:53 am Post subject: Help with offset |
|
|
Hello,
I've been using cheat engine now and I've completed the tutorial but I still have some trouble finding a pointer.
I'm trying to find the pointer on kula world a game I play on a ps1 emulator.
EAX=000A53C8
EBX=00000ABE
ECX=020557B8
EDX=069B0020
ESI=000A53C8
EDI=003C266E
EBP=02056408
ESP=0012FDE4
EIP=0041BB6E
Probable base pointer =069B0020
0041BB65 - and eax,[ecx+1C]
0041BB68 - mov edx,[ecx+30]
0041BB6B - mov [eax+edx],ebx
0041BB6E - jmp 0041B9A7
0041BB73 - mov ecx,[ecx+34]
I have the probable base pointer but I can't find the offset. When I use edx (069B0020) as offset I don't get the right pointer can someone help me with this?
|
|
Back to top |
|
|
gaming04 Expert Cheater Reputation: 0
Joined: 06 Dec 2010 Posts: 186
|
Posted: Wed Aug 24, 2011 12:46 pm Post subject: |
|
|
Emulators is an expertise of SwaggaJackin from this forum. Contact him for help because, even now, I still can't handle Dynamic Recompilation.
|
|
Back to top |
|
|
snorifu How do I cheat? Reputation: 0
Joined: 17 Jul 2011 Posts: 9
|
Posted: Thu Aug 25, 2011 4:24 am Post subject: |
|
|
Thanks for the reply but I couldn't find the member SwaggaJackin. Also I don't think this has a lot to do with emulators. It's about the offset edx the problem is that the registers are shown after execution
|
|
Back to top |
|
|
SwaggaJackin' Master Cheater Reputation: 2
Joined: 06 Nov 2009 Posts: 304
|
Posted: Thu Aug 25, 2011 6:42 am Post subject: |
|
|
Even if you were to find that pointer, more than likely when that game is played again during another session it would change.
You didn't really give us enough information on which instruction is being executed, you just kinda wrote them all down and told us it was EDX's value.
Assuming it was this:
0041BB6B - mov [eax+edx],ebx
eax is the offset.
What PS1 emulator are you using? I suggest you use pSX 1.13 (http://psxemulator.gazaxian.com/). It's fast and even has its own debugger so you could make assembly hacks in native playstation code (MIPS)!
If you want to make cheats with cheat engine with it. Find the pointer that points to the base memory address inside pSX. Actually for 1.13, I have it:
psxfin.exe+171A5C
This points to the beginning of the pSX's memory. So whenever you search for a value, set the region to P->psxfin.exe+171A5C to +0x00200000 and you'll only be search the playstations memory and not the emulator code. This will always be static (for this version of pSX). So if you found something like a gold value. It would always remain the same (assuming it's not dynamic in the game). So you could just put P->psxfin.exe+171A5C+<offset to gold>
|
|
Back to top |
|
|
snorifu How do I cheat? Reputation: 0
Joined: 17 Jul 2011 Posts: 9
|
Posted: Thu Aug 25, 2011 10:11 am Post subject: |
|
|
Hi,
Thanks for your reply.
Sorry for giving not enough information.
But your assumption was correct it was indeed that instruction.
I used the offset eax and it worked when I restarted the game it still had the right pointer:)
I now see why I should have used eax; edx was the adress found so the offset was eax because the instruction was eax+edx.
Im already using psx v1.13 but the debug function is a bit difficult to understand for me
When I filled this in:
start: 171A5C
stop: 00200000
I couldn't find the values I was looking for with this starting and stop value can you please explain how to search for playstation memory only?
|
|
Back to top |
|
|
SwaggaJackin' Master Cheater Reputation: 2
Joined: 06 Nov 2009 Posts: 304
|
Posted: Thu Aug 25, 2011 11:06 am Post subject: |
|
|
You're doing it wrong.
I didn't say to add 0x0020000 inside the debugger, use it in cheat engine. If you don't know MIPS ASM don't bother with the debugger, I only mentioned it in the slight chance that you would.
If you want to search only the PSX ram in cheat engine, add the pointer:
Now assume this address points to 0x006D0020. This is the starting memory address of the PSX's ram.
PSX only has 2MB of ram but only 1MB of usable memory (the other 1MB is used for sound and frame buffer, CD-ROM etc...).
I always use 2MB simply because the search won't take longer anyways and I feel better knowing I'm searching all 2MB.
Anyways:
Code: |
2MB = 2048KB
2048KB = 2097152 Bytes
33554432 Bytes in hexadecimal is = 0x200000
|
So now we have our ending address.
So we know psxfin.exe+171A5C points to 0x006D0020, we add +0x200000 and we get our end address. So set the search range to (in this example):
Code: |
Start: 0x006D0020
End: 0x008D0020
|
|
|
Back to top |
|
|
snorifu How do I cheat? Reputation: 0
Joined: 17 Jul 2011 Posts: 9
|
Posted: Thu Aug 25, 2011 1:42 pm Post subject: |
|
|
I'm getting the no readable memory found error?
First I added the pointer psxfin.exe with offset 171A5C.
The offset brings me to 00A774A9. So I filled in Code: | start:00A774A9
stop:00C774A9 |
what am I doing wrong?
|
|
Back to top |
|
|
SwaggaJackin' Master Cheater Reputation: 2
Joined: 06 Nov 2009 Posts: 304
|
Posted: Thu Aug 25, 2011 1:46 pm Post subject: |
|
|
You don't add a pointer of psxfin.exe with offset 171A5C...
You add a pointer of psxfin.exe+171A5C with no offset....v_v
Put psxfin.exe+171A5C as the address, that isn't an offset.
|
|
Back to top |
|
|
snorifu How do I cheat? Reputation: 0
Joined: 17 Jul 2011 Posts: 9
|
Posted: Fri Aug 26, 2011 4:20 am Post subject: |
|
|
Thanks works perfectly!
|
|
Back to top |
|
|
noabody How do I cheat? Reputation: 0
Joined: 15 Sep 2011 Posts: 5
|
Posted: Thu Oct 26, 2017 6:58 pm Post subject: |
|
|
I know op hates reply to dead threads but this was the right question and I found it going on six years later.
Using CEP by DrHell, with an edit to APPLIST.TXT for some more modern emu, "Select Application" on the "Process" tab by .EXE and a "Base Address Search" of "Playstation"
Code: | no$psx | NO$PSX.EXE | Use Base Address Search | $00200000
PcSXR PGXP |PCSXR-PGXP.EXE| Use Base Address Search | $00200000
pSX | PSXFIN.EXE | Use Base Address Search | $00200000
retroarch | RETROARCH.EXE| Use Base Address Search | $00200000 |
It finds an address which matches psxfin.exe+171A5C, viewed as hex. I get the same thing in Cheat Engine if I copy the 16 bytes, found at that start address, and do an "Array of byte" scan.
This is the value:
Code: | 03 00 00 00 80 0C 5A 27 08 00 40 03 00 00 00 00 |
I'm guessing that CEP has that plugged in for it's own internal AOB scan engine because its result, and that of CE AOB, corroborate one another consistently for many different PSX emus. With CE setting "CopyOnWrite" selected (and MEM_MAPPED), that pattern can also be found in Retroarch, Mednafen, and ePSXe.
Emu has to be running for scan to work. Load to BIOS (without native cheat engine enabled) would be the the safest default. Here is a cheat code that can help identify the correct location in memory. It simply writes the words NOWBEGIN to memory offset 00000010 (next line after initial AOB). You can also do a "String" scan for it as opposed to the AOB.
PCSXR
Code: | [*CE NOWBEGIN +10]
80000010 4F4E
80000012 4257
80000014 4745
80000016 4E49 |
Mednafen
Code: | R A 8 L 0 00000010 4e49474542574f4e NOWBEGIN |
|
|
Back to top |
|
|
junksandshit How do I cheat? Reputation: 0
Joined: 19 Jul 2021 Posts: 1
|
Posted: Mon Jul 19, 2021 10:17 am Post subject: |
|
|
Can anyone tell me how to find, or tell me address how to find ps1 2mb ram address in cheat engine using ePSXe 2.0.5 emulator.
|
|
Back to top |
|
|
|