[Tutorials] Written by me

[Dancsi26]

Great tutorial hackerkts :D. I really learned something with this. Keep them coming. Any chances of putting a small tutorial about the offset between two different codes from the same game but from different region. (i.e infinite health code for GTA VCS Usa and Eu). I have some codes for GTA VCS Usa version only and I have the Eur version of the game, so I want to convert thoses codes for Eu. I know, that in order to do that, I have to take 2 codes that are in both games (i.e infinite ammo, health or money) and substract 1 adress from the other so I get the offset (like a difference). Then, I use that offset and either I add to/substract from the code in order to get
the "equivalent" for the other version of the game (usa or eur), right?. But that doesn't worked, it had no effect in the game. I also realised that the offset is different from 1 code to another (i.e it can be 300F4 for the health code but 2A6BD4C for the infinite ammo code). How do i know wich is the right one? Or again, I should enable the usa code for the eur version, then while the game is loaded, I play with the adress on the fly to find the right one? (try and error) (wich could take some time) :D

Dany26

[hackerkts]

Tutorial: Hacking fixed value DMA games
Tool(s) used: [Only registered and activated users can see links. ], [Only registered and activated users can see links. ]

DMA stands for dynamic memory allocation, if a game is DMA, the address will change. "When will the address change?" It can be on when you go to different map, reload the game, load/save the game, bought someone in-game ects. DMA games are really a pain in the donkey if you don't know how to hack it, once you know how to find pointer and offset you can kick DMA games' donkey ;D

"What's pointer and offset?" Well, you only need to know pointer and offset will point to the right address, maybe a story will helps you understand more about it. As the story goes...

You had a crush with a girl(I will name her Grace) in your class, she sit on the front row first seat. The seat is the address. You don't dare to approach her and ask for her name and number, you only know where she seat.

One day, she was transferred to another class which you don't know which. What you're going to do to locate her? First you will need to know her name, you went to ask your teacher the girl name, so now you have her name, Grace. The name is actually the pointer, now you know her name, and her precious class (her precious class is just some bits of information, which is the offset). now with her name and some bits of information, you're able to find her even if next time she transfered to another location.

Let's get started, I will use a easy dma game to hack
Objective: Find the pointer and offset for instant win
Game used: DownStream Panic [US] (ULUS-10322)
Requirement(s): Make sure your memory stick has some space, at least 100mb. Change the time of the menu pop out to 0 second (instant), you can do that at "Setting", "Controller check delay".

I assume at this step you already know how to hack a non-dma games(if you haven't read my previous tutorials, please do so before you continue), so let's get started. Starts the game, search the address for the amount of fishes you saved.

Ok, I have found the address, jot down the address!
Level 1 - 0x00D88D88 (first address)

Now you'll need to make a dump, go to the cheat menu, "Enable dump function", go back to the game and press Square button. The game will pause and wrote "Dumping", once it's done the game will start again. Now your have your first dump.

Now you will need to make the address change, for this game each level has different address so let's proceed to level 2. Search for the address for the number of fishes you saved.

I've found it, jot down the address!
Level 2 - 0x00E88E68(second address)

Make a dump again, now you have your second dump.

Optional(but it's recommend to follow):
Make the address change again by going to next level, search and jot down your third address, make your third dump.

Let's check what you have in your hand now, you can find your dumps at your memory stick root,

Code:

first address - 0x00D88D88
second address - 0x00E88E68
third address - 0x00E802A8
dump 1 - MEMDUMP0.dmp
dump 2 - MEMDUMP1.dmp
dump 3 - MEMDUMP2.dmp

Extract nitePR_revK_STABLE.zip to a folder, I will name it "nitePR revK", run DMAhunter.exe

Press enter and select dump 1 and dump 2, now enter your first address, followed by your second address.

Wow, it found so many pointers, don't worry. That's why I asked you to make 3 dumps. Now save all the informations down. Right click on it, "Select All" and right click again. Now it's save to your clipboard, open up a notepad and paste everything in.

Remove,

SANiK's DMA code hunter

Please get ready to select the two dumps
(Press enter to start)

Please enter the address of the cheat in RamDump #1
Please enter hex only (0xEF123... etc.): 0x00D88D88

Please enter the address of the cheat in RamDump #2
Please enter hex only (0xEF123... etc.): 0x00E88E68

Searching...

and also,

Press any key to continue . . .

Save it as 1&2.txtdon't ask me why, just do it okay? You will know later.

Now repeat the step, but this time we choose dump 2 and 3. And put in second and third address. It found one pointer, that's great! Save it as 2&3.txt

Repeat it again, now use dump 1 and 3, first and third address, save it as 1&3.txt

Remember to remove those words I said, now proceed to [Only registered and activated users can see links. ] paste in all the informations in 1&2.txt, 2&3.txt and 1&3.txt and click "Submit"

Take note: that link will be there until 1st of June 2008 when my domain expired, [Only registered and activated users can see links. ] will be hosting those scripts .

You should saw this

Found 1 same pointers in all 3 dumps:
0XDE040

That script will helps you determine which pointer shown on all 3 dumps, now it's easy. We one pointer, so let's try to use it.

Go back to any text file you made just now, copy the information down.

Found, address 0XDE040, value changed from 0X9688E50 to 0X9680290

0XDE040 is the pointer
0X9688E50 is value 1
0X9680290 is value 2

Let's get to the calculation part

Method 1:

Step 1: Convert value 1 into cheat format, minus 0x08800000 from value 1
0X9688E50 - 0x08800000 = 0x00E88E50

Step 2: Calculate the offset, minus the address 1 with the result you found on Step 1(minus from bigger value to a smaller value).
0x00E88E68 - 0x00E88E50 = 18

Method 2:

Step 1 : Convert value 2 into cheat format, minus 0x08800000 from value 2.
0X9680290 - 0x08800000 = 0x00E80290

Step 2: Calculate the offset, minus the address 2 with the result you found on Step 1(minus from bigger value to a smaller value).
0x00E802A8 - 0x00E80290 = 18

That's it, you found the pointer (0XDE040) and calculated out the offset (18).

Actually I had make a script to calculate them out at [Only registered and activated users can see links. ]

Now you can kick dma-games' donkey! ;D

[rex922]

hacking is pretty easy but for those who cant get the right bit value here is a rough guide

8bit=Usually For Life ,Mana,Stats,Ammo In magazine
16bit=Some times for money life mana stats and for total ammo on hand
32bit=usually for money

Edit: note it may not follow this
its just a rough guide

Hope hacker does not mind me posting its for the good of the brand new hackers

@hacker how come ur first adress Level 1 - 0x00DEA368 (first address)

becomes
first address - 0x00D88D88

and i dont get how to enter values in dmahunter it always gives me an error is it 0X01234567 or 001234567 or 01234567(shortcut) or 098765432(fullvalue)

[hackerkts]

Yeah, I don't mind you posting it here. Anything that benefit others should post it up(:
Oh well, about the first address. That was a typo, because during that time I wrote this tutorial it's 3am plus and I had redo the dumps for a few times(because I accidentally clear away my dumps file).

What you enter is just the first and the second address, when it asked for the first address you just put in (in my case I put 0x00D88D88), and when it asked for the second address you just put in (in my case I put 0x00E88E68).

[rex922]

hacker maybe weltall can host your scripts
edit: scripts are dead

[weltall]

yeah it's fine for me if he wants these tutorials may be added also to the wiki

[hackerkts]

If you wanna put those tutorials up in wiki it's fine for me, but maybe you should edit them a little lol. Oh sorry, OHG already host it. 2 site hosting the same script wouldn't be nice, anyway. If you want to have any script on your site, I could help to write it out. ;D

[hackerkts]

Yeah dude u just copied it from OHG.

Are you referring to me? If that so, point to me which part is copied from OHG.

Sorry for the double post but...

What exactly does it mean to have this...

0x40CA9050 0x000C0018
0x3B9AC9FF 0x00000000

Oh wait, is that a repeater?

According to the [Only registered and activated users can see links. ]:

Code:

32-bit Multi-Address Write/Value increase

0x4aaaaaaa 0xxxxxyyyy
0xdddddddd 0xIIIIIIII

Starting with the address specified by aaaaaaa, this code will write to xxxx addresses.
The next address is determined by incrementing the current address by (yyyy * 4).
The value specified by dddddddd is written to each calculated address.
If IIIIIIII is different from zero the value defined by dddddddd is increased of IIIIIIII at every new adress being patched.
This code is also known as “Patch Code”

Hi hackerkts, i got a question...

i got the pointer searcher thing , but how do i know / find the adress i wanted it to be ?

like example i want to know / find the adress of GOLD , how am i be able to find that address?

You use the cheat searcher in cwcheat to find the addresses that you tell the pointer searcher to watch and backtrace.

If you're worrying about pointers before you're familiar with basic cheat searching, then I suggest you read one of the tutorials that introduces you to mem-hacking and basic cheat searching techniques.

Walk before you run

[gentleL]

the script are down what can i do ?


can somebody translate these tutorials to german

[weltall]

you can use the new pointer searcher which does these things automatically