How to search zero value

[Eiffel2018]

We often need to find some values that start from zero,
For example the change is 0 -> 14 -> 27 or 0 -> 1 -> 0 -> 0 -> 1
However, many CheatVMs will crash the system when doing the above actions, which I guess is due to the memory of too many addresses for 0 and 1.

To cope with the above problems, I can only avoid using 0 or 1 to search (at least in the 1st or 2nd step of the search process, do not use 0 or 1 to search)

But in some cases, especially in the initial stage of the game, resources are often lacking. It is necessary to search with 0 or 1. In this regard, I can only use JNOEXES to search on the PC side. Or use the power of the emulator and CheatEngine to search Solved. This process is very slow and long.

So I hope EdizonSE or Breeze can improve and overcome this situation

 

[Eiffel2018]

Moreover, is it possible to list out the memory sections and let us to select the range for searching in Breeze / EdizonSE

 

[TomSwitch]

We often need to find some values that start from zero,
For example the change is 0 -> 14 -> 27 or 0 -> 1 -> 0 -> 0 -> 1
However, many CheatVMs will crash the system when doing the above actions, which I guess is due to the memory of too many addresses for 0 and 1.

To cope with the above problems, I can only avoid using 0 or 1 to search (at least in the 1st or 2nd step of the search process, do not use 0 or 1 to search)

But in some cases, especially in the initial stage of the game, resources are often lacking. It is necessary to search with 0 or 1. In this regard, I can only use JNOEXES to search on the PC side. Or use the power of the emulator and CheatEngine to search Solved. This process is very slow and long.

So I hope EdizonSE or Breeze can improve and overcome this situation

If you must start at 0 then do a dump instead, it will capture the zeros and is going to be a lot better than doing a search of 0. The reason is a search save the address and data which is 128 bit in size for each 0. Assuming the data type is 32bit then that is 4x the size and there is probably more zero than anything else.

Doing 1 is generally OK.

Have you try Breeze? Other than dump which is for some reason slower than edizon se (I didn't investigate why) the other kind of search is very much faster.

Until USB is working I suspect noexs is going to be slower than even searching for 0 as a first search (if there is enough storage it may be even OK, I didn't test but in theory there is just a lot of them and nothing else is special).

 

[TomSwitch]

Moreover, is it possible to list out the memory sections and let us to select the range for searching in Breeze / EdizonSE
View attachment 314260

For EdiZon SE you can choose to just search near some address. For Breeze I have not add this option, you can't even choose which region, it is not hard to do though, at the moment Breeze just search RAM.
In option enable targeted scan, use Dpad right and left to adjust how many MB you want around the target

Put cursor on a bookmark and press Lstick

 

[Eiffel2018]

If you must start at 0 then do a dump instead, it will capture the zeros and is going to be a lot better than doing a search of 0. The reason is a search save the address and data which is 128 bit in size for each 0. Assuming the data type is 32bit then that is 4x the size and there is probably more zero than anything else.

Doing 1 is generally OK.

Have you try Breeze? Other than dump which is for some reason slower than edizon se (I didn't investigate why) the other kind of search is very much faster.

Until USB is working I suspect noexs is going to be slower than even searching for 0 as a first search (if there is enough storage it may be even OK, I didn't test but in theory there is just a lot of them and nothing else is special).

I do have difficulty with searching for 0 first or 1 first, no matter EdizonSE or Breeze, they always occur problems when too many target addresses have to compare.
EdizonSE is more serious, I have tried repeatedly, and there is always a problem in the second search. After waiting for 24 hours, there is still no response. Finally, I can only press the POWER button for 20 seconds to restart the machine.
I also tried Breeze about six or seven times, with DUMP or without DUMP, and always exited with an error in the third or fourth search. I don’t know how to report the problem, I will continue to try it, and look forward to the software Mature. Anyway, thank you very much for your efforts to provide us such great software.
The NOEXES method is really slow, the fastest WIFI transmission speed is 20MB/s, and the average is only 10MB/s; I use it because of its strong stability. When encountering problems with EDIZONSE and BREEZE search, I have to use NOEXES. In addition, using NOEXES can also browse the real-time changes of a certain section of memory. (It is more useful than GDB. With GDB, you need to stop the game to view the memory, and rely on the memory of the human brain to determine whether the memory has changed)

 

[TomSwitch]

I do have difficulty with searching for 0 first or 1 first, no matter EdizonSE or Breeze, they always occur problems when too many target addresses have to compare.
EdizonSE is more serious, I have tried repeatedly, and there is always a problem in the second search. After waiting for 24 hours, there is still no response. Finally, I can only press the POWER button for 20 seconds to restart the machine.
I also tried Breeze about six or seven times, with DUMP or without DUMP, and always exited with an error in the third or fourth search. I don’t know how to report the problem, I will continue to try it, and look forward to the software Mature. Anyway, thank you very much for your efforts to provide us such great software.
The NOEXES method is really slow, the fastest WIFI transmission speed is 20MB/s, and the average is only 10MB/s; I use it because of its strong stability. When encountering problems with EDIZONSE and BREEZE search, I have to use NOEXES. In addition, using NOEXES can also browse the real-time changes of a certain section of memory. (It is more useful than GDB. With GDB, you need to stop the game to view the memory, and rely on the memory of the human brain to determine whether the memory has changed)

This is probably game dependent. Which game is giving problem? The other thing is sysmodule. Edizon SE has problem with tesla loaded, I didn't test Breeze with tesla much so I don't know if Breeze has less problem. MHR consistently crash when tesla is present together with EdiZon SE.

 

[Eiffel2018]

The game I tested before is 01006E6017792000,
did not enable tesla. (only 054e4f4558454000 was used)

Thanks, tomswitch

 

[TomSwitch]

EdizonSE is more serious, I have tried repeatedly, and there is always a problem in the second search. After waiting for 24 hours,

I don't expect any search to take more than a few minutes. I don't have a lot of experience with starting with zero, some games can work some I don't have the patient to try.

 

[TomSwitch]

I just tried the new MHR demo. Seem to be OK with this game.
Will try 01006E6017792000 later.

 

[Eiffel2018]

View attachment 314621View attachment 314622
View attachment 314623
I just tried the new MHR demo. Seem to be OK with this game.
Will try 01006E6017792000 later.

The error always occur after continue search 2 or 3 more times. (in Breeze)
I capture it for you later.

 

[Eiffel2018]

Step 1. Memory Dump


Step 2. Gain EXP in game, then "Continue Search" with u16 ++


Step 3. Gain EXP again, then "Continue Search" again with u16 ++ too.



it process, for about 3X%,


must have an error occur



Folder 010000000000D is empty, and no 0100000000100D there

 

[Eiffel2018]

The content of X0 is strange

 

[TomSwitch]

Did you ran out of storage space? 000D is dmnt and 100D is homebrew menu. I will try what you did.

 

[Eiffel2018]

My micro-SD is 1TB in size and FAT32 formatted.


The sd-card should have free space
Does system memory matter?
Does FAT32's 4GB limit matter?

 

[HalfScoper]

Apparently you aren't the only one with that problem: https://gbatemp.net/threads/ppsp-fails-to-launch-game-2168-0002-0x4a8.604663/post-9749702

Generally speaking as tomvita said, the title ID points to a relation to sysplugins in your contents folder so something there is causing problems.

 

[Eiffel2018]

Apparently you aren't the only one with that problem: https://gbatemp.net/threads/ppsp-fails-to-launch-game-2168-0002-0x4a8.604663/post-9749702

Generally speaking as tomvita said, the title ID points to a relation to sysplugins in your contents folder so something there is causing problems.

no more sysmodules enabled in my system except FTPD and NOEXES service

000000000100D is hbloader, that loads Breeze.nro at that time.
you may check that in my crash log

 

[TomSwitch]

My micro-SD is 1TB in size and FAT32 formatted.

View attachment 314679
The sd-card should have free space
Does system memory matter?
Does FAT32's 4GB limit matter?

You have a very good point my second scan which was for 0 is very close to 4294967296 so I suppose if there were just a few more zeros in ram maybe boom! Without accounting for header 4294967296/16 = 268435456. So when that many results were found then I suppose it will reach the limit.

 

[TomSwitch]

This is the second search. Comes dangerously close to the 4G limit. Searching for u16 in unknown has potential to bust this limit but in my case as well as the screen you shown above it didn't. u16 means each memory address requires 128/16 = 8 times or in another word roughly 1/8 of the memory can be potential targets.

The third search crash my Switch as well. There may be some bug in Breeze code that cause this. Once the file is in the address+data format the progressive search should reduce in size and therefore not bust the 4G limit.

 

[TomSwitch]

I was wrong about coming close to the limited in the second search. It had exceeded the limit. The reason it appears to have not is because I was using u32 to count the size in the progress screen. After I change it to u64 this is what I get.



The size recorded in the file is correct. If you look at your screen shot you can see your second search exceeded the 4G limit.

I suppose the file system error was ignored by my code so the actual file is far smaller than what it is suppose to be and when the 4G limit is reach in the file read Breeze crash.

I can fixed the code to not crash but the search you want to perform is at the moment beyond what Breeze can do until I implement a split file system to go beyond 4G.

PS: I did a search for exp and I found it but unfortunately I crash it before I capture it. I do it by doing a range search of [100..10000] and I use u32. I narrow down to about 23 address and I managed to level up the character by hacking the value from level 6 to level 12 by hacking value to 10K.

 

[TomSwitch]

Next release will show a notification and inform user not to use the result for subsequent search (using it will still crash).