Memory Hacking Software

[Torero]

I am at a complete loss

Also, I have no idea how to read the hex editor for the minesweeper example


can i get some hints?

[Torero]

So I know there are 4 pairs of spinners and I can add or subtract the total number there are on the field.

How do I proceed?

[L. Spiro]

The helicopters are moving.
You should know how to find them in RAM.
Search for Unknown floats, let the helicopters move down, search for decreased.

So I know there are 4 pairs of spinners and I can add or subtract the total number there are on the field.

Then search for the number on the field, increase the total, search for changed by 1, etc.


L. Spiro

[Torero]

if i use multiple criterias to define the search then, i ll have to test out all possible combinations, for instances, it may be increasing for going up and decreasing for going down, etc,

and I have to guess how far away the other data are from the addresses i find, right?

In the minesweeper example you were able to tell what everything meant from the hex editor, how do I read it?

It all appeared to be a bunch of hex numbers to me, how can I learn to interpret it ?

[Torero]

I tried to read the help file and this is what I think:


each unit and buildings in the game are groups of values, say, a rifleman would have his hp, ammo, recharge time, position, action being performed, and other things, once I am able to tell what is in a group and in what sequence, I can write codes to identify other groups of the same nature and then from there can control the game


figure out how to read the data from where, and then i can bot the game !


Know one rifleman to know 100 riflemen - is this right ?

[Torero]

what I don't understand is how to identify what kind of seach I need and what to put in -

it all comes down to knowing how to interpret the returned results i think, which is how to read hex.

right?

[L. Spiro]

Reading hexadecimal is one of the most important aspects of hacking.
Read the help file section Introduction to Number Systems.



You know what type of data is used because of how the data is used.
Values from 0 to 255 that never have decimal places will be found using byte searches (even though they are usually stored as integers/longs).
Values from 0 to 65,535 are unsigned shorts, etc.
Values that require more precision are stored in float or double format.
But double is never used because it takes twice as much space as floats. Old Flash games use doubles. Recent Flash games (8 and higher) use fixed-point decimals, a feature that can be emulated with long searches or Script Searches.
I might add direct fixed-point searches if they ever actually become popular, which they might for hacking GameBoy Advance and Nintendo DS emulated games.


L. Spiro

[Torero]

What other acpects should I start to look at?

[L. Spiro]

Everything in the help file.


L. Spiro

[esco]

Hey bro, I actually have a question for you too...

What I've been doing is messing around as usual with changing stuff in Castlevania: SOTN (US VERSION) in the epsxe emulator. For the most part once I find a memory address, and change a value it's all good. But I have encountered a VERY weird scenario.

I found one value that when I change it.... nothing will occur (it's a value for the color of a character called richter's whip weapon). BUT, if I load ANY save state with the value frozen, or restart epsxe, then it WILL change the color.

Also let's say for example that I start epsxe or load a save state, then swing the whip... then CHANGE the color value... nothing happens until like I said I either a)restart epsxe or b)load any save state.

HOWEVER, if I change the value BEFORE I swing the whip even once after loading a save state or starting epsxe... THEN swing the whip... the color DOES indeed change!

Do you have any idea why this would operate like this? It's got me completely stumped! Also how do I found out what range in memory a program uses (ex. 5b6e40-7b6e3f)?

[L. Spiro]

Because when you swing the whip, the color palette is copied to another location from the source.
That means you will only see the changes if you modify the source before the copy is made (before the whip is swung).

Also how do I found out what range in memory a program uses (ex. 5b6e40-7b6e3f)?

If you are talking about allocated memory, there is no way to tell.
If you are talking about static memory, it is the memory starting at the base of the module until moduleBase+moduleSize.


L. Spiro

[esco]

Because when you swing the whip, the color palette is copied to another location from the source.
That means you will only see the changes if you modify the source before the copy is made (before the whip is swung).

PFFFFFFFFFFFFFFFT, I might be pretty green at all this bro... but I'm not THAT green, LOL! :P

The entry in question IS the one it's copied from... that's what makes it so weird. The actual whip has 16 sets of addresses associated with it (188 entries per set) when it's swung, which return to 0 of course once it's off screen.

............ now do you understand why I don't get this? It shouldn't just happen when I load a save state or the emulator. The problem with this is I'm trying to set it up so that the user hits a button on the controller to switch between whips. And depending which whip the user picks it flashes a different color when swung.

However, of course with this problem that means every time the user switches whips, they have to save the state and load it to see the color change. This if course won't work. So I'm trying to find a way around it.

If you are talking about allocated memory, there is no way to tell.
If you are talking about static memory, it is the memory starting at the base of the module until moduleBase+moduleSize.


L. Spiro

That's what I meant, the static memory addresses range. The ones I use in my scripts that are ALWAYS the same. How do I look using your program to see what range these memories take up? Because I have no clue what you mean by "it is the memory starting at the base of the module until moduleBase+moduleSize."

I'm pretty sure they start from 400000 but I'm not sure where it ends. I just want to find out the range for the addresses that affect the gameplay itself, NOT the emulator!

[esco]

Hmmmm another odd find related to the issue I posted above. If I pause the game, the color still won't change. But if I hit select to bring up the map, it suddenly changes the color. Odd.

[L. Spiro]

I really doubt you are truly locking the copy destination rather than the source, since the data is most likely copied from the source to video RAM, which you can’t access.
There are multiple destinations where the copy could be made based upon the emulator settings, though there is no guarantee you would be able to change the correct one.

I didn’t doubt that you were locking the source, since your description indicates what would happen if you locked the source, then a copy of that was made and the copy used afterwards, thereby causing no changes when remodifying the source again.

You need to be locking the copy destination, which you will be able to do only if you are lucky.
It is quite possible that the data is copied to video RAM and you can not modify there at all.

I'm pretty sure they start from 400000 but I'm not sure where it ends. I just want to find out the range for the addresses that affect the gameplay itself, NOT the emulator!

In the case of an emulator it is the location where the ROM is stored and the size of the ROM.


L. Spiro

[esco]

Now this is getting REALLY weird.... I was at home, and I changed several values that corresponded to the #'s for the colors the whip changes to... and it allowed me to COMPLETELY change it's colors. The only factor was that I had to hit select for ALL of the color changes to take effect... or only some of the colors changed.

But when I got here to work and tried this, it would not work. Only certain colors changed (the same ones that would change even WITHOUT hitting select to bring up the map). The ones that I had to hit select to get the change to take effect would NOT change unless I loaded a save state, and changed the values BEFORE I swung the whip again.

I even tried closing and reopening the emulator several times at home to make sure it wasn't a fluke, or that the addresses just don't change every time.... they hold the same values and have the same effect over and over again. Loading different save states starting new games, etc. none of it changes the addresses of the values. It works at home... but here at work it won't. Any idea why this could be? I am using demo 20 on both computers. And they both have win xp.