ROM Hack NTR 3.0 Plugin/Cheat Creation

[EllioneDHunter]

For the life of me, I can't seem to understand how to create a cheat.plg to use on my games. I know that I should be able to convert code from ARCode but there's no easy way to do it. I'm not a coder but I can read lines enough to follow a tut but there's not really one out there. I have Python installed, 9.5 emuN+NTR 3.0, and programmer's notepad and I don't know how I would sort the codes and compile it into a cheat.plg.
Here are the codes, I just don't know how it should be positioned in programmer's notepad.

Spoiler

Version 1.1 Special Edition

Max Money
B3FDA230 00000000
00000038 000F423F
D2000000 00000000

Get Exp 100
03E2DEDC E3A01064

Mastering weapon
B3FD9F28 00000000
C0000000 000000FA
000000E8 FFFFFFFF
000000EC FFFFFFFF
60000014 00000000
B0000014 00000000
D2000000 00000000

Member's skill flag
B3FD9F28 00000000
C0000000 000000FA
2000003F 000000FF
00000040 FFFFFFFF
00000044 FFFFFFFF
00000048 FFFFFFFF
0000004C FFFFFFFF
10000050 0000FFFF
20000052 000000FF
60000014 00000000
B0000014 00000000
D2000000 00000000

Able to control enemy
03C53138 E1500000

Infinite Movement
03C53148 EA00016C

Able to item trade with the enemy
03E288BC E1500000

Able to use convoy anyone
03C7B978 E1A00000

Able to attack an ally
03C4CB44 E3A00000
03CA297C E3A00000

Ryumyaku99
B3FD1998 00000000
B0000008 00000000
B0000000 00000000
100000D0 000026AC
D3000000 00000000

Can receive route purchase bonus again and again
03D8DD1C E3A00003
03D8DD20 E12FFF1E

Distance that can move +100
B3FD9F28 00000000
C0000000 000000FA
2000012C 00000064
60000014 00000000
B0000014 00000000
D2000000 00000000

Stock in a store x99
E3F10FE8 00000018
02002DE9 6310A0E3
0210C0E5 0100A0E1
0200BDE8 1EFF2FE1
03E28FFC 1A039FF9
Please check "Invert E-code bytes"
"Invert E-code bytes"

Ore and Foodstuff x99
B3FD1998 00000000
B0000008 00000000
B0000000 00000000
000000DC 03FF0FFF
B00000D4 00000000
00000000 63636363
00000004 63636363
00000008 63636363
00000018 63636363
0000001C 63636363
10000020 00006363
D3000000 00000000

Next lottery without waiting
E3CC84E8 00000010
0140A0E3 3440C0E5
0100A0E3 0000A0E1
Please check "Invert E-code bytes"
"Invert E-code bytes

Lilith can eat again without waiting
03B1D9F4 E3A00000

When you defeat an enemy, Able to obtain all the items which enemy had
03C5DA8C E1D220B0
03C5DA90 E1A00000
03C5DA94 E3520000

Can battle again without waiting in Drill ground
03CBB750 E3A01001

Increase the difficulty
03D610B8 E3840000
03D611AC E3840000
03D611B0 EA000000

All buildings
B3FD1998 00000000
B0000008 00000000
B0000000 00000000
10000046 00002492
E0000048 00000028
49922449 92244992
24499224 49922449
92244992 24499224
49922449 92244992
24499224 49922449
00000070 92492492
10000084 00007FE0
D3000000 00000000
It becomes level1 when removed and rebuilt, But can Level up again.

Anywhere starting position in preparations (including enemy)
03C531D0 E1A00000
03C531E4 E3A00001
03C5FD0C E3100B02
03C5FD7C E3100B02
※Enemy's danger area view button is change from A to Y

Can receive all items in route purchase bonus
03D64074 00000594
B3FD1998 00000000
B0000008 00000000
B0000000 00000000
B00004C8 00000000
00000004 00781B30
D3000000 00000000
B3FD3664 00000000
00000000 00781000
00000004 00000162
D3000000 00000000
D5000000 00000001
C0000000 00000162
0397F000 00000001
D6000000 0397F004
D4000000 00000001
DC000000 00000004
D2000000 00000000
03D8DD1C E3A00003
03D8DD20 E12FFF1E

All class selectable in Parallel Seal (or Dread Scroll)
03B1C884 EA000043
03B1C9A0 E1A00004
03B1C9C4 E3540082
03B1CA58 EA000004
03B1CAAC E1A00000
※Male and female are treated as a different thing in same class

Route purchase bonus item receive x99 in a mass
03D8DC5C E3A01063

More than 1% of growth rates don't fail to stat increases
03CD95F0 E3A00000

Convoy's item x99
B3FD95D0 00000000
C0000000 000001F3
60000004 00000000
20000004 00000063
D0000000 00000000
DC000000 00000008
D2000000 00000000

 

[DarkFlare69]

A good tutorial is somewhere in my liked posts... long lost.

 

[dfsa3fdvc1]

A good tutorial is somewhere in my liked posts... long lost.

Is it even possible for another user to see all of your likes? Looking at your profile I se

• Find all content by DarkFlare69
• Find all threads by DarkFlare69
• Find all questions by DarkFlare69
• Find all reviews by DarkFlare69

The only likes I see are in "Recent Activity" but that only goes back so far.

 

[dsrules]

those are fcram address not virtual memory address, which ntr uses
any code address above 03xxxxxx won't work on ntr
you will need a fcram dump and a 00100000 memory region dump from ntr if you want to convert them to work on ntr

here's FEA source code from thinhvnn, it's already using virtual memory address
http://gbatemp.net/threads/ntr-cfw-3-0.393710/page-17#post-5598164

 

[samiam144]

And here's another one from the same guy: https://gbatemp.net/threads/ntr-cfw-3-0.393710/page-11#post-5592793

On a side note, I really want to know how to display the button combinations for each cheat. I can't understand the translation on speedfly.cn

 

[dsrules]

On a side note, I really want to know how to display the button combinations for each cheat. I can't understand the translation on speedfly.cn

it needs a separate .plg for displaying text in ntr menu, znote or something, for game notes, guides, etc..

 

[gamesquest1]

tbh i just searched ram dumps with cheat engine and made my own codes with beyond the labyrinth, can take a few tries finding which memory region contains what it is your looking for, but once you find it most of the other stuff you would want to mod will be stored nearby

 

[dfsa3fdvc1]

tbh i just searched ram dumps with cheat engine and made my own codes with beyond the labyrinth, can take a few tries finding which memory region contains what it is your looking for, but once you find it most of the other stuff you would want to mod will be stored nearby

How do you use Cheat Engine with the Ram Dumps? I get that you'd use the NTR Debugger to create a RAM dump when a value changes to narrow down results but how do you use Cheat Engine's features with these dumps? The only way I've ever used CE before is hooking into a process.

Oh, and what part of memory on the 3DS do you dump? What addresses are game data? I know the NTR debugger has kernel access and can be dangerous. (I guess this wouldn't be an issue with just reading but just to be safe)

Thanks.

 

[gamesquest1]

How do you use Cheat Engine with the Ram Dumps? I get that you'd use the NTR Debugger to create a RAM dump when a value changes to narrow down results but how do you use Cheat Engine's features with these dumps? The only way I've ever used CE before is hooking into a process.

Oh, and what part of memory on the 3DS do you dump? What addresses are game data? I know the NTR debugger has kernel access and can be dangerous. (I guess this wouldn't be an issue with just reading but just to be safe)

Thanks.

Here is the list of steps for example to see the memory content of player pocket in the animal crossing new leaf game:

Spoiler

1. Play 3ds with NTR CFW for the game ACNL (with wireless switch on)
2. Check the IP address of the 3ds (e.g. 192.168.1.10)
3. Run ntrclient application on Windows PC
4. Execute the following command:

connect('192.168.1.10', 8000)

5. After the connection is establish, you could see the list of process by using command:

listprocess()

6. One of them is the ACNL game of interest (in this case the process name is GARDEN, and has pid # 0x25)
7. Then you could check the memory layout, for example:

> memlayout(0x25)
null
valid memregions:
00100000 - 00b6efff , size: 00a6f000
08000000 - 08073fff , size: 00074000
0ffc0000 - 10000fff , size: 00041000
10002000 - 10002fff , size: 00001000
14000000 - 174dcfff , size: 034dd000
1f000000 - 1f5fffff , size: 00600000
1ff50000 - 1ff57fff , size: 00008000
1ff70000 - 1ff77fff , size: 00008000
1ff80000 - 1ff81fff , size: 00002000
1ffad000 - 1ffaefff , size: 00002000
end of memlayout.

8. I could dump the biggest one and see whether the savegame file is in that part (i.e. finding
garden.dat file (extracted by using savefiler 3ds application) content inside this memory data
dump file, data.bin):

> data(0x14000000, 0x34DD000, filename='data.bin', pid=0x25)

9. garden.dat actually starts at offset 0x01FB7E80 in that data.bin file, so now we could try finding
the location of the pocket slots of the first player by changing the content in the first slot of the
pocket multiple times and dump those data.bin for each change. In this case, I could see the offset
is 0x1FBEAD0 (or 0x15FBEAD0 after taking into consideration that data.bin starts at 0x14000000 in
the memory of pid 0x25).

10. Now, we could use command to put a bag of 99,000 bells in that first slot of pocket:

write(0x15FBEAD0, (0x12, 0x21, 0x00, 0x00), pid=0x25)

11. Profit

Hope this clarifies.

Cheers.

so thats a rough guide, but for example when i was making the beyond the lab codes i was doing it more like
data(0x08000000, 0x00522000, filename='p1-500hp-p2-600hp-p3-700hp.bin', pid=0x29)
loose hp
data(0x08000000, 0x00522000, filename='p1-400hp-p2-500hp-p3-600hp.bin', pid=0x29)
loose more hp
data(0x08000000, 0x00522000, filename='p1-300hp-p2-400hp-p3-500hp.bin', pid=0x29)

from there i can use the open file function on cheat engine to do searches like the good old action replays and search for more than one offset with each dump, so first i find P1's HP, then P2's, then player 3's etc etc

PS once you have the offset, say for example P1 HP is 0x921a4 in cheat engine you add this to the base offset of your dump so the final offset would be 0x80921a4, from there you can test it out before adding it to your plugin by using the write command eg

write(0x80921a4, (0x0F, 0x27), pid=0x29)

 

[dfsa3fdvc1]

Awesome man. If possible could you attach your Beyond the Labyrinth plugin in a reply? I started playing that as well. The combat is pretty tedious though but I'm for some reason still interested in it.

I suppose I could make the cheat myself thanks your fantastic post but no reason to re-invent the wheel, lol.

 

[gamesquest1]

Awesome man. If possible could you attach your Beyond the Labyrinth plugin in a reply? I started playing that as well. The combat is pretty tedious though but I'm for some reason still interested in it.

I suppose I could make the cheat myself thanks your fantastic post but no reason to re-invent the wheel, lol.

heres the link
https://gbatemp.net/threads/transla...ond-the-labyrinth.379598/page-11#post-5602953

 

[dfsa3fdvc1]

heres the link

Awesome man. I'm gonna have to add a Wait Time resetter. I used 4 max charge attacks in a row setting my wait time to 99 for all characters. I had to no joke wait 4 minutes till I could attack again.
Even with cheats this game is tedious as hell.

 

[MichiS97]

Just because it's kinda on topic, could somebody please explain how to deal with dynamic addresses?

 

[PandaMayFire]

Well I was interested in creating some of these, but now I see this is beyond me. I don't have enough experience for this kind of stuff

 

[metallichatte]

hello,

someone have a cheat plugin for monster hunter 4 (eur ),please ?

i try by myself but no result ( big noob ! )

or if someone have a good tutorial with step by step for create a cheat plugin

 

[MichiS97]

Well I was interested in creating some of these, but now I see this is beyond me. I don't have enough experience for this kind of stuff

Well just play around a little bit, you'll get the hang of it, I promise

 

[NicEXE]

Basically you need to do a ram dump (or several to get greater understanding of where your value is stored) with NTR, you need to find the offset you want to modify and you are doing it using this syntax:
<offset> <value>
each should be 16 bytes (prepend with 0s if necessary)

 

[MichiS97]

Basically you need to do a ram dump (or several to get greater understanding of where your value is stored) with NTR, you need to find the offset you want to modify and you are doing it using this syntax:
<offset> <value>
each should be 16 bytes (prepend with 0s if necessary)

You will always need several RAM dumps, only one won't give you an exact result and you'd need to try hundreds of different addresses if you're not unlucky.

What you said about the 16 bytes thing is wrong, what you mean is 16 bits = 2 bytes and that is also not quite the case. When you're using the NTR debugger alone to modify your RAM aka write data to the RAM you need to write at least 2 bytes. Say if you'd want to write the value 0x02 to the address 0x00001234, you have to write a value to 0x000001233 or 0x00001235 as well since you need at least two bytes. Now, simply taking the value 0x00 for the second byte is a bad idea since this could overwrite crucial data for the game with a wrong value and therefore potentially mess up your save file. What you should do is read what value is stored at the address before or after the address you want to write to. Let's say you want to write to the address 0x00001234 again. Read the value at address 0x00001233 by using the command "data(0x00001233, 0x1, pid=0x??). The first number in the parentheses is the address you want to read, the second is the length, you only want to read this one value so it's 0x1 (the 0x is needed to show that the value is in hexadecimal, you have to put it there), the pid is something you have to find out yourself with the command "processlist()". Now you have the value of the address 0x00001233, let's say it's 0x5 for our example, and obviously you know which value you want to write to 0x00001234, let's say it's 0x63 or 99 in decimal for our example. To put that into the RAM of the 3DS you need to use the command "write(0x00001233, (0x5, 0x63), pid=0x??). This command will write the correct value to 0x00001233 which should be the same as it was anyway and it will write your desired value 0x63 to your desired offset 0x00001234.

Now how would you add this to your cheat plugin?
In the function responsible for the cheats you'd just have to add "WRITEU8(0x00001234, 0x63);" and that would be it. The WRITEU8 function writes 8 bits (= 1 byte) to the address specified by the first entry in the parentheses. The value you want to write is specified by the second argument in the parentheses, here it's 0x63. You can also right the value in decimal so the command would look like this: WRITEU8(0x00001234, 99);

If you'd like a more detailed explanation on how to write cheat plugins and how to find offsets with NTR Debugger I'd be glad to help you

 

[metallichatte]

editing a cheat.plg is possible ? (example:for replace an arcode inside a japan cheat.plg for an usa or european converted arcode)

 

[MichiS97]

editing a cheat.plg is possible ? (example:for replace an arcode inside a japan cheat.plg for an usa or european converted arcode)

No, sadly this is not possible. You'd need to have the source code of the plugin you want to edit to do that. However, there is a source code for the cheat plugin for A Link Between Worlds out there. It would be very easy to put the codes you want in there.