[Help]Addresses

[Jianwei]

Hi, how do i find the address to get what i wanted?

Quote in PointerSearcher.pdf

If for example the money is at adress 0x00100000 in the first dump and it's at 0x00120000 in the second dump you have two good dumps to search for pointers, if the position is the same they are pratically useless (or the game doesn't even have dinamically allocated memory).

As you can see the red circle,

I mean how do i know the 0x00D88D88 is the address i wanted ? and how do i know the 0x00CEA438 is the 2nd address i wanted?

I don't get it how they find those address

[4m8IoN]

You start the Game and create a normal cheat first. Or you find a value that can easily be identified.
(While doing this for the Tag Force Games I used the Player Name)
Either Way you'll end up with an Adress (let's call it 0x0XXXXXXX).
Now make a Memdump!

Next you exit the game to XMB and then start it again and check if the Value is still at that Adress.
(Check twice like Santa to make sure it wasn't a fluke)
If it is a DMA Game the value will be at a differnt spot (let's call that one 0x0YYYYYYY).
Activate USB and rename the first Memdump to make sure it won't be overwritten.
It's time for the second memdump.

Now feed the app with both memdumps and then enter the two adresses
in the field thats next to the memdump the adress was from.
Here we would use 0x0XXXXXXX with the first memdump
and 0x0YYYYYYY with the second dump.

As a result you will get a list of adresses that contain pointers that
changed their target in the same range your found adresses differ.

The "Make Cheat Button" will now create you a cheat to the value stored at those adresses.

It might be enough for simple cheats but if you want to get things done faster
you should learn how those cheats work and create them with other Methods.
(I used OOCalc to generate them for me in case of Tag Force)

Hope that helps

[Jianwei]

I understand

Next you exit the game to XMB and then start it again and check if the Value is still at that Adress.
(Check twice like Santa to make sure it wasn't a fluke)
If it is a DMA Game the value will be at a differnt spot (let's call that one 0x0YYYYYYY).
Activate USB and rename the first Memdump to make sure it won't be overwritten.
It's time for the second memdump.

Now feed the app with both memdumps and then enter the two adresses
in the field thats next to the memdump the adress was from.
Here we would use 0x0XXXXXXX with the first memdump
and 0x0YYYYYYY with the second dump.

As a result you will get a list of adresses that contain pointers that
changed their target in the same range your found adresses differ.

The "Make Cheat Button" will now create you a cheat to the value stored at those adresses.

It might be enough for simple cheats but if you want to get things done faster
you should learn how those cheats work and create them with other Methods.
(I used OOCalc to generate them for me in case of Tag Force)

But i don't understand is

You start the Game and create a normal cheat first. Or you find a value that can easily be identified.
(While doing this for the Tag Force Games I used the Player Name)
Either Way you'll end up with an Adress (let's call it 0x0XXXXXXX).
Now make a Memdump!

What you mean by create a normal cheat? you meant by, starting with the value i wanna cheat?

but what if the address i found was the same position? means it's a non DMA game? and i cannot make cheats with it?

[4m8IoN]

Step 1:
Find a Adress/Cheat that does what you want. Save the Cheat!
Create the first Memdump.

Step 2:
Quit the Game! Use Home Button or switch off the PSP!

Step 3:
Find the same Adress/Cheat again. Save the Cheat!
Create the second Memdump.

Step 4:
Start Pointersearcher and select the two Memdumps.
Use the Adress from the first cheat you created for Memdump 1
Use the Adress from the second cheat you created for Membump 2


If the Adress of the Cheat stays the same after restarts its not affected by DMA.
Use a normal Code in that case because there is no need for PointerCodes

And if you don't know how to create Cheats in general use this link:[Only registered and activated users can see links. ]

[Jianwei]

thanks 4m8IoN , i understand better!

and sorry another question

What you mean by " Use a Normal Code " ?

let say i found a code with 0x00123456 , and the second time i found again the same 0x00123456

means it's not affected by DMA, so i just use 0x00123456 0x000000XX as for my result ?

I.E.

_S ULUS-00000
_G TheJianweiGame
_C0 Infinite Gold
_L 0x00123456 0x000000XX

that's my final results right?

[4m8IoN]

Yes, if you only want to change 1 Byte (8bit)
If the Value is 16 or 32bit you need to use a different code

0x00012345 0x000000aa (1 Byte [8bit]) will write aa
0x10012345 0x0000bbaa (2 Bytes [16bit]) will write aabb
0x20012345 0xddccbbaa (4 Bytes [32bit]) will write aabbccdd

All Code Types are descibed in Detail at the Link I gave you earlier!

(and with "Normal Code" I meant a 'Static Code' that points exactly at the spot you want to change.
Unlike a 'Dynamic Code' which uses a Pointer and a difference to calculate the adress it's changing)

[Jianwei]

thanks ! rep+ for you

i now understand more then before :D