Ah. I see what you mean. For Ys VIII it's actually easier to do a compression code. The game only has 8 or so characters (I can't remember) and they're all mapped out in RAM very clearly and consistently. A compression code can edit all 8 characters without accidentally giving the enemies infinite HP as well, which is a very common issue with assembly based codes.In games there is a program processing self-side and enemy-side's HP. So if it worked, we would only need a few lines adding onto the command it will work for all characters.
What?@Yohoki ,sorry for O.T:do you who are an expert know how to patch a PS Vita game?
@Yohoki ,when install a game from PKGj certain also have the patch to be installed together with the game.Ah. I see what you mean. For Ys VIII it's actually easier to do a compression code. The game only has 8 or so characters (I can't remember) and they're all mapped out in RAM very clearly and consistently. A compression code can edit all 8 characters without accidentally giving the enemies infinite HP as well, which is a very common issue with assembly based codes.
What?
You Said
"example, it seg0 is at location 8100000 and your code is at 81001000, just do quick math: 81001000-8100000=00001000
likewise, if seg0 is shifted to 81230000 and code is now at 81231000, same math: 81231000-8123000=00001000"
I have tried this way many times and it worked but the code became unstable after a restart. This method seems to me to be too simple to be true.
I can not go into detail at the moment. Here open more questions than answers I have to go through the whole thing.
Now I also have the question why should I do a B200 when pointer codes also work, there can only be one reason to convert a pointer code to B200 and that is to eliminate XYZ patterns. B200 would not change anything else to the pointers codes (Steam Dig 2), that's just my thought at the moment.
I'll look at the whole thing of course after 1 a week we will certainly have a different point of view.
What would interest me even more is how you made the HP code for Ys8 (B200+) I think this way is the best. I have spent days but have not had success.
thanks! you are great.# Title: The Amazing Spider-Man
# ID: PCSE00333
# Region: US
# Version: 1.00
# Type: NoNpDrm
# Code Author: tomberyx
# PCSE00333
_V0 inf.HP
$B200 00000001 00000000
$0200 002A476C 00020000
_V0 inf.all Upgrade-Points
$B200 00000001 00000000
$0100 0028FD10 00000309
$0200 0028FD0C 0000E420
_V0 [Zero] Upgrade-Points [Note 1]
$B200 00000001 00000000
$0200 0028FD0C 00000000
_V0 -------------------
$0000 00000000 00000000
_V0 [Note 1] Turn-On to deactivate Upgrade-Hint.
$0000 00000000 00000000
_V0 -------------------
$0000 00000000 00000000
I'm not sure what the question is...@Yohoki ,when install a game from PKGj certain also have the patch to be installed together with the game.
This is why I am not active here anymore.....# Title: SteamWorld Dig 2
# ID: PCSB01114
I had my doubts when converting pointer codes to B200.
The first time converted it with seg 0 it worked but after a long test i got a crash but pointer codes worked perfect..
_V0 Hold X to Fly [Pointer Code]
$C201 00000001 00004000
$3201 8163F9B4 00000020
$0000 00000000 C4000000
_V0 Hold X to Fly [Seg 0 Code]
$B200 00000000 00000000
$C201 00000001 00004000
$3201 0063F9B4 00000020
$0000 00000000 C4000000
Now I've used Seg 1 and there is no crash and XYZ must no longer exist because Seg 1 doesn't need the value 811.
Things are getting clearer and clearer.
_V0 Hold X to Fly [Seg 1 Code]
$B200 00000001 00000000
$C201 00000001 00004000
$3201 000579B4 00000020
$0000 00000000 C4000000
Also, I found out that this plugin breaks some pointer codes in games that I put in the database. That can probably mean that the pointers weren't rubbish either...
Yes, you need to find a pointer inside seg 1, or 0, to jump outside. You need a reference to the right area.Thanks for the information.
B200 rootet pointers are the best that's for sure unfortunately I haven't made much progress yet.
About pointer codes, if I did everything right then none are in seg1 all outside, that's not good news for me right now.
I am currently trying to find a pointer in Seg1 to jump to an address outside of Seg1.
I have thought of it like this;
Seg 1 81200000- 81300000
Hp code 82300000
Step 1. 822 is in Seg1 I take this value as first pointer then I take the offset from 823-822 = 1
Oh I stop now the whole thing makes my brain broken.
Will do that Tomorrow im sleppy now.
b200 codes are not hard. It just needs a little math. You're aiming for a code inside the Seg0 section, once you find that, just take the seg0 out of it.
example, it seg0 is at location 8100000 and your code is at 81001000, just do quick math: 81001000-8100000=00001000
likewise, if seg0 is shifted to 81230000 and code is now at 81231000, same math: 81231000-8123000=00001000
Notice that the answer is now the same for both problems, even though the seg0 location has changed? That's the magic. noASLR will let you pointer search for those offsets, and the b200 code will let you use them. Thankfully, my tempAR code creator section has a b200 option available to make the math easy, since it IS math with hex numbers, not in decimal.
This is why I tried years ago to get people to use b200 codes, but everyone fought against it because it was a small amount of added work.
I've made some ARM codes for JPN ver. YsVIII. Later I may transfer it to EU ver.(after me having meal).Yes, starting Point is always on 8100000.
I have to do that again to find HP Ys8
I just dindt find out how to find 77D4
$B200 00000001 00000000
$3202 000077D4 00003870
$0000 00000000 00000F04
00. module name :ys8_release_true
path: ux0:/patch/PCSE01103/eboot.bin
vaddr: 0x8106a4f0
memsz: 0x338b30
vaddr: 0x813e0f80 8141CC10
813e0f80-20D00--813C0280
memsz: 0x3bc90
PO 826acf44
_V0 HP new
$0200 8CFBB654 3F8 1065353216
[0x8153E118] + 0xF04
[0x8153E144] + 0xF04
[0x8153F580] + 0xF04
[0x8153F58C] + 0xF04
[0x8153F5A8] + 0xF04
[0x8153F5CC] + 0xF04
the rest was possible for me.
Will try it by time, now time for a beer with chicks,i Promise no cheating...
I think the reason tempAR and other searchers couldn't find pointers inside the segments is because the segments themselves were moving. They would need to be static to work with pointer searchers.Yeah I'm remembering all of that now. Its just this newer stuff I didn't grasp yet. I could never get on board with B2 codes because I always had the misfortune of games never having their addresses inside either segment ranges.
From the sounds of everything, we still need to dig for pointers still, that's inside segment ranges for more accurate codes? That's the main reason I haven't been active as much. I really can't stomach pointer searching with TempAR because every game I touch seems like its always going to be a level 3 or higher pointer and I quickly loose interest.
@tomberyx did u figure out the speedtrap record for nfs mw 2012 pcse00089?
@Yohoki you seem proficient at this stuff, could you perhaps look into it? (Nfs mw 2012 pcse00089) Basically just want to modify the personal best on the recorded speedtraps.
It's proving to be quite the challenge. I've been testing for over 2 weeks and I'm going crazy.
Thanks all.
I'll look at this in a bit when I can sit at my pc.I'm fighting my way into unfamiliar territory. I'm looking for the value of Money HEX-2B67 DEC-11111
I don't find it somehow, a serach function would be good
edit. i found the Value but now what schould i do next??
im not sure how to do the first pointer the second pointer is D4740....{ Hope this is the only entry 11111]
# Title: SteamWorld Dig 2 (noaslr.skprx)
# ID: PCSB01114
# Region: EU
# Version: 1.01
vaddr: 0x81000000 - 815E35B7 seg0
memsz: 0x5e35b7
vaddr: 0x815e8000 - 815F3764 seg1
memsz: 0xb764
_V0 Money HEX-2B67 DEC-11111 <---Amount
$0200 8409BC6C 00002B67
------------------------------------------------------------------------------------
8156FF8C-84091799start (8156FF8C-815e8000 = -78074)
(8409BC6C-84091799 = A4D3)
second popinter ?? 815E35B7 + D4740 (11111)
78074
A4D3
D4740
[815E35B7 Starting List ]
$B200 00000001 00000000
$3202 00078074 0000A4D3
$0000 00000000 000D4740
$0000 00000000 00000001
not working!!!! , shit and hole....
------------------------------------------------------------------------------------
Last Work below
this Part ??? is not my business....im lost.
[8100000 Starting List ]
$B200 00000001 00000000
$3202 000????? 0014464C
$0000 00000000 00000000
$0000 00000000 00000001
---------------------------------------------------
Edit:
here are just the Money Location:
815E8000+1AAAB4 = 81792AB4
815E8000+16138c = 8174938C
815E8000+146C9c = 8172EC9C
815E8000+145FD8 = 8172DFD8
815E8000+144650 = 8172C650
815E8000+145314 = 8172D314
815E8000+145310+0 = 8409BC6C
815E8000+14464C+0 = 8409BC6C
View attachment 327883View attachment 327886View attachment 327889View attachment 327890
-
@tomberyx did u figure out the speedtrap record for nfs mw 2012 pcse00089?
@Yohoki you seem proficient at this stuff, could you perhaps look into it? (Nfs mw 2012 pcse00089) Basically just want to modify the personal best on the recorded speedtraps.
It's proving to be quite the challenge. I've been testing for over 2 weeks and I'm going crazy.
Thanks all.
He's wanting to cheat the leaderboard, is what it sounds like. The highscore list, basically. My answer is no. Times are not easy, nor are they interesting to hack. I do not have fun doing them and I do this as a hobby. So I won't help you with that. Look on YouTube for tutorials on how to find time based values in cheat engine. It's similar enough that you can translate it over to vitacheat.Take a pic from this Speedlist or trap i have to know what do you mean. i have to say its not a childs-Play to find this Value because its Static .
Now I've done it after over 7 hours of searching and experimenting .I'll look at this in a bit when I can sit at my pc.
Edit:
Actually.... There's a string above your location that you're trying to use.... That string is the same text from your psv file..... That's not your money, that's your psv file you're hacking. XD
This picture, you have here a bit of vitacheat's ram, not the game's portion of ram.View attachment 327931
He's wanting to cheat the leaderboard, is what it sounds like. The highscore list, basically. My answer is no. Times are not easy, nor are they interesting to hack. I do not have fun doing them and I do this as a hobby. So I won't help you with that. Look on YouTube for tutorials on how to find time based values in cheat engine. It's similar enough that you can translate it over to vitacheat.
# PCSE00460
# TITLE: Natural Doctrine
# REGION: US
_V0 Geoff Infinite HP
$8202 8105637C FFFD4C4B
$8200 00000000 FFFE5E28
$8800 00000000 00000000
$8602 8105637C FFFD4C4B
$8600 00000000 FFFE5E2C
$8900 00000000 00000000
_V0 Anka Infinite HP
$8202 8105637C FFFD4C4B
$8200 00000000 FFFB1AE8
$8800 00000000 00000000
$8602 8105637C FFFD4C4B
$8600 00000000 FFFB1AEC
$8900 00000000 00000000
_V0 Nebula Infinite HP
$8202 810422C8 FFF94A4C
$8200 00000000 FFF7FF88
$8800 00000000 00000000
$8602 810422C8 FFF94A4C
$8600 00000000 FFF7FF8C
$8900 00000000 00000000
_V0 Zekelinde Infinite HP
$8202 810422C8 FFF94A4C
$8200 00000000 FFF1CB38
$8800 00000000 00000000
$8602 810422C8 FFF94A4C
$8600 00000000 FFF1CB3C
$8900 00000000 00000000
_V0 Tatyana Infinite HP
$8202 810422C8 FFF94A4C
$8200 00000000 FFF4E1B8
$8800 00000000 00000000
$8602 810422C8 FFF94A4C
$8600 00000000 FFF4E1BC
$8900 00000000 00000000
I've never been able to get the universal pointer searcher to work. I don't know if there is some kind of settings I'm missing but whenever I tried to use it it immediately stops and says search is finish giving me 0 results.TempAR is still going to be a pain, because of opening multiple layers of codes. Use the "universal pointer searcher" by bullywiiplaza (I think) or cheat engine. I like cheat engine a lot more, but it's a bit more complicated working with only 1 dump at a time.