Memory Hacking Software

[esco]

I'm using the EPSXE emulator wiwht it's pec-chu cheat device, and memhack to hack Castlevania SOTN, and for a while now I've been using 2 areas filled with enemy data that is NEVER used in game as an area for the tags I use in scripts I write (I'm using codebreaker type codes: 300, 800, c20, etc.) but since I seem to be getting low on space, I just wanted to know how I could use memhack to find an empty area of memory used in this game and put the tags there instead.

Since I know spiro said that he is almost done with the scripting function of memhack, I plan on trying to eliminate the PEC-CHU cheat device completely and use his outstanding program instead. So I'm just anticipating the need for more permanent "tags" in the game. Can someone please give me some advice on finding a blank error of memory to do this in? I'd really appreciate the help.

[L. Spiro]

The Hex Editor will allow you to find this type of data.

Unused areas are often after all the code in the .text section and usually will also be in the other sections in the executable.
This works well as it is static.



You also have the option of creating free areas with the script.
Use VirtualAllocEx() the same as you would in the Win32 API.

My help file does not, unfortunately, explain all the details because it is meant for people who already know how to use it.
But you can find the details in the MSDN library or see examples by searching Google for “VirtualAllocEx C++”.


This will allow you to make any size of free area and at any address you desire.

I assume this will be sufficient?


L. Spiro

[esco]

The Hex Editor will allow you to find this type of data.

Unused areas are often after all the code in the .text section and usually will also be in the other sections in the executable.
This works well as it is static.

My next question here would be how do I determine where the .TEXT section is? There are several areas that have text in them, do you mean that each and every one of them should do fine?

You also have the option of creating free areas with the script.
Use VirtualAllocEx() the same as you would in the Win32 API.

My help file does not, unfortunately, explain all the details because it is meant for people who already know how to use it.
But you can find the details in the MSDN library or see examples by searching Google for “VirtualAllocEx C++”.


This will allow you to make any size of free area and at any address you desire.

I assume this will be sufficient?

Ummm, not really... since I have NO IDEA how to use it. I even searched around like you recommended and checked the MSDN site.. and I felt really lost after I did. I would have no clue how to use the info that I found. Luckily for me 95% of the stuff I'm doing can be done with simple if/then else and while do statements. Otherwise I'd be in a world of shit.

So what I did was I whipped out tsongie's code cave tool and used it to find some blank memory areas for me. I honestly don't need a TON of them. Basically what i needed the space for is a place to store some 1's and 0's.

Here's what I mostly use them for... let's say I want to lock a room so you can't get out till you kill all the monsters in it. This is easy enough to do if I want to do it EVERY time you walk in the room. But for most of them I only want the room to lock once in the game, and once you beat the enemies in the room I never want it to locck again. So I do somethin like this:


.checks horiz and vert pos on map (room #)
d00730b0 0015
d00730b4 0017
..if room counter <>16256 (indicates all enemies in room are dead)
d1097429 3f80
.and tag <>1
d10a96f0 0001
.changes vert pos on map, so that if you try to exit the room the destination is null, and thus you cannot go anywhere
800730b4 03db
.if horiz and pos on map = these numbers (will only equal this when room is "locked")
d00730b0 0015
d00730b4 03db
.and all enemies in room are dead
d0097429 3f80
.change my "tag" to 1
800a96f0 0001
.if room locked and counter=16256, unlocks room
d00730b0 0015
d00730b4 03db
d0097429 3f80
800730b4 0017

Now since my tag is set at 1, the room will NEVER lock again when the player walks in. If I didn't use a tag, it would make it lock each and every time the player walks in until all the monsters were killed. This is basically all I need them for.[/img]

[L. Spiro]

My next question here would be how do I determine where the .TEXT section is?

File/Process Information.

Code: Select all

Ummm, not really... since I have NO IDEA how to use it

Code: Select all

void On_HK_0() {
   LPVOID lpvAddress = VirtualAllocEx( GetCurProcessHandle(),
      (LPVOID)0x000000000 /* Address */,
      0x1000 /* Size */,
      MEM_COMMIT, PAGE_EXECUTE_READWRITE );
   PrintF( "Allocated address %.8X.", lpvAddress );
}

If you specify 0 as the address (0x00000000) then it will find an address for you and return it in lpvAddress.
You can specify an address also, but this rarely works because you need to know what is free and how large free areas are.
And by “free” in this case I mean unallocated.

This demo function is for hotkeys as you can see (note that you can call hotkey functions from the script also) and you will need to set it up like any other hotkey (Tools/Options->Hotkeys, see the help file).


You probably won’t need a static address since you can use the function return to determine where the area was allocated.


L. Spiro

[esco]

My next question here would be how do I determine where the .TEXT section is?

File/Process Information.

Code: Select all

Ummm, not really... since I have NO IDEA how to use it

Code: Select all

void On_HK_0() {
   LPVOID lpvAddress = VirtualAllocEx( GetCurProcessHandle(),
      (LPVOID)0x000000000 /* Address */,
      0x1000 /* Size */,
      MEM_COMMIT, PAGE_EXECUTE_READWRITE );
   PrintF( "Allocated address %.8X.", lpvAddress );
}

If you specify 0 as the address (0x00000000) then it will find an address for you and return it in lpvAddress.
You can specify an address also, but this rarely works because you need to know what is free and how large free areas are.
And by “free” in this case I mean unallocated.

This demo function is for hotkeys as you can see (note that you can call hotkey functions from the script also) and you will need to set it up like any other hotkey (Tools/Options->Hotkeys, see the help file).


You probably won’t need a static address since you can use the function return to determine where the area was allocated.


L. Spiro

WOW... well thanks for actually taking the time to even write the code out for me... I didn't expect that.... on the real. Well I read thru the help files a bit (there sure is a LOT of info there.... niiiiiice work).

And if I understand it correctly first I paste the code into the scripts screen, save it then add it in and hit f5 to compile it (I do this but I see nothing happening when I hit compile).

Then I go into the hotkeys menu add a new one in, set it to the 0 and ctrl key and then set the parameters as:

script function

0X0 (same as your code)

0x1

0x2

(it says to set the last 2 to any # so I just used 1 and 2).

I also uncheck poll method.

After doing this in the top box it says: 0 key+control key: script function(0x0, 0x1, 0x2). As far as I know I'm following the help file perfectly. But then when I exit and hit control 0... nothing happens. So Ummmm... what am I missing here? I have the emulator running as normal but nothing happens.

I reviewed several of the help files for about 2 hours but I just couldn't figure out what I'm missing... it's probably somethin VERY basic, but since I'm new to this program I can't seem to figure it out. And I figure that i should do it now, because that way later when I can actually do if then else statements with variables I'll already have figured out how to do it.

P.S. Any word on when the next release with the features you were telling me about will be out? I know you said a week or two before.

[L. Spiro]

You probably did not add it to the script to be compiled.

Open the file and hit Ctrl-D.
It will appear in the list in the dockable window.
Then compile again.


If the compilation is successful, you will see nothing.
If the compilation errors, it will print the error.

In the future, if the compilation is successful, it will show in the status bar (when I add one).


L. Spiro

[esco]

You probably did not add it to the script to be compiled.

Open the file and hit Ctrl-D.
It will appear in the list in the dockable window.
Then compile again.


If the compilation is successful, you will see nothing.
If the compilation errors, it will print the error.

In the future, if the compilation is successful, it will show in the status bar (when I add one).


L. Spiro

I did that already. On the right hand sight under the scripts menu I can see the script there. It doesn't do anything though when I hit control+0... no pop up box or anything. I even took the exact code you gave me and just cut and pasted it in. Did I need to use any other code with it to get it working?

EDIT: Nevermind... man I am really fukking stupid... the info shows under the scripts screen DUH! It allocated a bunch of memory for me. I'll mess with this a bit for now. Thanks bro, can't wait till the next release.

P.S. Shouldn't the memory part of the code have 8 zero's not 9?

[L. Spiro]

P.S. Shouldn't the memory part of the code have 8 zero's not 9?

It doesn’t matter.
Up to 16 zeros.
I only had 9 because I had several other numbers there before and modified it many times.

0x0 == 0x0000000000000000.

P.S. Any word on when the next release with the features you were telling me about will be out?

I had to be delayed by 2 days from sickness.
It will be soon.


L. Spiro

[esco]

It doesn’t matter.
Up to 16 zeros.
I only had 9 because I had several other numbers there before and modified it many times.

0x0 == 0x0000000000000000.

Hmmm... I really never knew that.

I had to be delayed by 2 days from sickness.
It will be soon.


L. Spiro

Coo. Yeah I know how that goes.... when I get sick as far as I'm concerned the fukkin world stops dawg. Glad your feelin better. I thought maybe all those good lookin girls you posted pics of might have been pre-occupying you.

Anyways In the meantime I'll just keep working on things like I have, I was just asking because once your release comes out I'm gonna have to convert and redo a lot of stuff, and I've been changing things in a way that will make it easier for me, cuz it's gonna be a LOT of work to do. But it WILL DEFINATELY be worth it.