View Full Version : Memory editing
April 10th, 2007, 15:48
Well, I am a a fan of modifying game memory. NullDC already brings a debugger which is seriously VERY VERY helpful it allows checking out some assembler or even fixing of emulation bugs (see Sonic Shuffle).
However, the one time I needed to change assembler code I wasn't able to find that sequence in the nullDC memory using a memory editor.. the only way to modify that assembler code was to open the ISO file and modify the code using hex editing which took several minutes (you do not open and save 1 Gig of data all day).
So I would be absolutely interested on how nullDC represents the game memory in the system memory so that minor manipulations would be much easier.
Has anyone already found out how these kinda things work?
April 12th, 2007, 02:45
Using a memory cheater like ArtMoney should work :)
April 12th, 2007, 16:11
well, definitely they do work.. however, I am kinda interested in using them together with the nullDC debugger.
I'll show you what I mean with the example of Sonic Shuffle I worked out:
This is the debugger instruction which results in an infinite loop for Sonic Shuffle as well as its memory representation:
Now I would like to search for the memory area 8c029800:
this one contains visible the values: A00E9020 7E010009
now I found this memory using hexeditors in the ISO.. but look what Cheat Engine says for it:
the representation I selected was the regular x86 "backwards" representation (20 90 0E A0 for A00E9020).. and believe me I tried out very many (also: forward, word oriented (0E A0 20 90 = A00E 9020).. and yes I always searched for 8 byte blocks, searching for 4 byte blocks simply came up with too many result.. having a minor knowledge on how nullDC represents the DC memory in the system memory would allow assembler modifications of the games without.. in case of Shuffle overwriting the bra command with a nop fixes all emulation problems! And well, I hope this might be helpful for other ISOs too. At least the debugger of nullDC already comes in very handy (great work on that one).
July 1st, 2007, 16:55
I use TSearch. I have already hacked cheats for several games including
Jet Grind Radio: Super Jump, Inf Paint Cans, Inf Time
Sonic Adv. 2: In Rings, Invincible, Tails has Inf. Energy, Inf Time
Skies of Arcadia: Every thing imaginable - weapon-item-treasure slots, max stats. I even found the ascii address so I can change the different words in the game. Now, instead of Vyse the Legend it says Vyse the Pimp! haha
But I digress...
The only thing is, when I use TSearch I open the nulldc.exe process. I'm wondering.. as more versions of this emulator are released, will these same cheats be valid? I also noticed that some of the addresses jump around - the address for infinite spray cans on jet grind radio may not be the same address the next time the game is loaded. Anyone know why this might be? Plus - I don't really know how to use the debugger.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.