Hacking Put Pointers Into Codes?

HackingNewbie · Feb 5, 2017

If I found a pointer, how would I put it into a cheat code? I couldn't find anything on it on the geckocodes.org codetype documentation, and I don't understand what's said on it anyway.
Any help would be appreciated!

sup3rgh0st · Feb 5, 2017

There's documentation here: http://geckocodes.org/index.php?arsenal=1 : that might help.

HackingNewbie · Feb 5, 2017

sup3rgh0st said:
There's documentation here: http://geckocodes.org/index.php?arsenal=1 : that might help.

I looked there, but I don't understand anything said on there.

--------------------- MERGED ---------------------------

I mean a pointer like this:
[12345678]+123
or something

sup3rgh0st · Feb 5, 2017

You could start by reverse engineering existing codes that are simple. 04345878 386003E7 for example gives you Infinite Coins in Super Mario Galaxy. If you look at the link I posted, codes that start with '04' performs a 32 bit write. So you can see that "386003E7" (a big number) is being written into ba+345878, which is most likely where coins are stored. Try experimenting and seeing where it gets you!

HackingNewbie · Feb 5, 2017

sup3rgh0st said:
You could start by reverse engineering existing codes that are simple. 04345878 386003E7 for example gives you Infinite Coins in Super Mario Galaxy. If you look at the link I posted, codes that start with '04' performs a 32 bit write. So you can see that "386003E7" (a big number) is being written into ba+345878, which is most likely where coins are stored. Try experimenting and seeing where it gets you!

But I still don't know how to put a pointer like [12345678]+1234 into a code

sup3rgh0st · Feb 5, 2017

What's the address/pointer you found?

HackingNewbie · Feb 5, 2017

sup3rgh0st said:
What's the address you found?

I didn't find anything, just wanted an example of putting something random like [12345678]+1234 into a code

sup3rgh0st · Feb 5, 2017

If 0x80184565 held arrows in Twilight Princess, 04184565 0000FFFF would write 0000FFFF into the arrows address (ba + 184565). (assuming arrows is a 32 bit value)
These might also help, otherwise, I'd suggest learning more about pointers and memory before proceeding.
https://gamehacking.org/faqs/wiicodetypes.html
https://smashboards.com/threads/guide-to-ar-and-gecko-code-writing-for-complete-noobs.336650/

HackingNewbie · Feb 5, 2017

sup3rgh0st said:
If 0x80184565 held arrows in Twilight Princess, 04184565 0000FFFF would write 0000FFFF into the arrows address. (assuming arrows is a 32 bit value)
These might also help, otherwise, I'd suggest learning more about pointers and memory before proceeding.
https://gamehacking.org/faqs/wiicodetypes.html
https://smashboards.com/threads/guide-to-ar-and-gecko-code-writing-for-complete-noobs.336650/

Is there not a way to compute pointers? I just want to compute the pointer then write a value to the resulting address. Like, find the value of address, say, 80102456 then add 0xFE to that value, then write to the resulting address. This would be like putting the pointer [80102456]+FE.

Cyan · Feb 5, 2017

you need to look at the code type link.
there's no definitive solution, it all depends on the address range and the value you want to edit.

You already have the address and the value, or you want to make a search?

If you already have the necessary addresse+shift+value, then all you need is to read the code type and generate your cheat code.
if you don't have it and want to search, OR if you want a detailed and easy tutorial to learn how to use the code type, follow this tutorial :
https://gamehacking.org/faqs/wiiexample1.htm
https://gamehacking.org/faqs/wiiexample2.htm

specifically, the second page as it talks about pointers.

edit:
some tags for my own usage. I'm tired of looking hours for my previous message to find these links.
cheatcode wii usbgecko tutorial guide pointers search code type

HackingNewbie · Feb 5, 2017

Cyan said:
you need to look at the code type link.
there's no definitive solution, it all depends on the address range and the value you want to edit.

You already have the address and the value, or you want to make a search?

If you already have the necessary addresse+shift+value, then all you need is to read the code type and generate your cheat code.
if you don't have it and want to search, OR if you want a detailed and easy tutorial to learn how to use the code type, follow this tutorial :
https://gamehacking.org/faqs/wiiexample1.htm
https://gamehacking.org/faqs/wiiexample2.htm

specifically, the second page as it talks about pointers.

I'm brainstorming ways to compute pointers right now. I'm thinking PPC ASM.

Cyan · Feb 5, 2017

you should really read and try to understand my 2 links, for your own knowledge.
don't see it as "you need to do it that way" but like something new you can learn. maybe it will help you understand how to compute [address]+value=xxx into PPC ASM code.

it's not really pure PPC ASM code you are writing, but more a dedicated language injected into memory and loaded on every cycle by a PPC program.
that's two different things writing ASM to replace existing instructions and writing cheatcodes to let a PPC program interpret it.

pure ASM replacement is usually done using a text file located on SD card (gameconfig.txt) and it's replacing the memory at specific addresses at launch.
cheatcode is running differently, by adding a new function to the memory (the cheat code interpreter) and loading your cheat code data in memory too. on each cycle (usually vertical buffer sync) it runs the cheat code interpreter.

gameconfig.txt example :
codeliststart = 80570000
codelistend = 80580000
hooktype = 7
poke(800042B8, 60000000)
pokeifequal(803E9930, 4BFECA1D, 803E9930, 60000000)
pokeifequal(803E99A8, 4BFECA1D, 803E99A8, 60000000)
pokeifequal(803E9D5C, 4BFECA1D, 803E9D5C, 60000000)

like you see, the format is very different than the cheatcode format as it contains instruction in human readable text.
the same result can be achieved with both gameconfig and cheatcode, it's just two different ways to edit the memory.

HackingNewbie · Feb 5, 2017

Cyan said:
you should really read and try to understand my 2 links, for your own knowledge.
don't see it as "you need to do it that way" but like something new you can learn. maybe it will help you understand how to compute [address]+value=xxx into PPC ASM code.

Yup, I'll look now

CosmoCortney · Feb 5, 2017

The documentation is a bit bad explained in some cases.
In general you have to load the base address first and then add a range check.
48000000 LLLLLLLL // loads the pointer at LLLLLLLL
DE000000 80008180 // range check

to tell a code it is depended on a pointer add 0x10 to the codetype so 00 becomes 10, 02 -> 12, 2E -> 3E. Then put an unsigned offset where the address should be.
Lets use a 32-bit ram write
48000000 LLLLLLLL
DE000000 80008180
14QQQQQQ VVVVVVVV // QQQQQQ = unsigned offset, VVVVVVVV = Value
E0000000 80008000 // terminator

An example:
48000000 801B7780
DE000000 80008180
12001D3A 0000000A
E0000000 80008000

this loads the pointer situated at 801B7780, then performs a range check, then adds the offset of 0x001D3A to the pointer and writes the 16-bit value of 000A to it. Last it terminates the code.

If you have a negative offset use 4A100000 QQQQQQQQ beneath the range check and leave the offset of the RAM write 000000.
Example:

48000000 90ABE000
DE000000 809080A0
4A100000 FFFEDED0
14000000 00010000
14000004 00000001
E0000000 80008000

HackingNewbie · Feb 5, 2017

CosmoCortney said:
The documentation is a bit bad explained in some cases.
In general you have to load the base address first and then add a range check.
48000000 LLLLLLLL // loads the pointer at LLLLLLLL
DE000000 80008180 // range check

to tell a code it is depended on a pointer add 0x10 to the codetype so 00 becomes 10, 02 -> 12, 2E -> 3E. Then put an unsigned offset where the address should be.
Lets use a 32-bit ram write
48000000 LLLLLLLL
DE000000 80008180
14QQQQQQ VVVVVVVV // QQQQQQ = unsigned offset, VVVVVVVV = Value
E0000000 80008000 // terminator

An example:
48000000 801B7780
DE000000 80008180
12001D3A 0000000A
E0000000 80008000

this loads the pointer situated at 801B7780, then performs a range check, then adds the offset of 0x001D3A to the pointer and writes the 16-bit value of 000A to it. Last it terminates the code.

If you have a negative offset use 4A100000 QQQQQQQQ beneath the range check and leave the offset of the RAM write 000000.
Example:

48000000 90ABE000
DE000000 809080A0
4A100000 FFFEDED0
14000000 00010000
14000004 00000001
E0000000 80008000

So for setting the 32-bit value of 0x12345678 to [0x12345678]+0x123 it would be

Code:

48000000 12345678
DE000000 80008180
14000123 12345678
E0000000 80008000

?

Cyan · Feb 5, 2017

the idea is correct.
you'll have to change the "range check" value.
the address of your pointer will not always points to what you want. One time this address could point to HP, another time it could point to enemy data, another time to Item count (it all depends the game needs at a specific time).
you wouldn't want the cheatcode to edit the iteam value, while you want only infinite health.

so you need to check the range pointed by that address is really in the "usual Health address value".
DE000000 XXXXYYYY
the cheatcode will be active only if the "12345678" address contains a value between XXXX0000 and YYYY0000

on your example, here is what's happening :
you picked a bad example value, it's confusing, so I added colors
48000000 12345678 = pointer at address 12345678. (Set PO = 32bit value 0x12345678)
DE000000 80008180 = if the value at PO address 12345678 is between 80000000 and 81800000 then continue executing the cheatcode (If 0x80000000 < PO value < 0x81800000)
14000123 12345678 = shift the value found at 12345678 by 123 and write 12345678 to the new address (address located at value of PO + 0x123 = 32bit value 0x12345678)
E0000000 80008000 = Cheatcode end

HackingNewbie · Feb 5, 2017

Cyan said:
the idea is correct.
you'll have to change the "range check" value.
the address of your pointer will not always points to what you want. One time this address could point to HP, another time it could point to enemy data, another time to Item count (it all depends the game needs at a specific time).
you wouldn't want the cheatcode to edit the iteam value, while you want only infinite health.

so you need to check the range pointed by that address is really in the "usual Health address value".
DE000000 XXXXYYYY
the cheatcode will be active only if the "12345678" address contains a value between XXXX0000 and YYYY0000

on your example, here is what's happening :

48000000 12345678 = pointer at address 12345678
DE000000 80008180 = if the value at address 12345678 is between 80000000 and 81800000 then continue executing the cheatcode
14000123 12345678 = shift the value found at 12345678 by 123 and write 12345678 to the new address (you picked a bad example value, it's confusing, so I added colors)
E0000000 80008000 = Cheatcode end

So problem solved???

Cyan · Feb 5, 2017

partly yes.
you'll have to test it to see if it works and doesn't create issues in different menus (because of the range part).

also, not all cheats are 32 bit long, so you'll need different code type. you might need 12 instead of 14 for 16bits values, etc.

HackingNewbie · Feb 5, 2017

Cyan said:
partly yes.
you'll have to test it to see if it works and doesn't create issues in different menus (because of the range part).

also, not all cheats are 32 bit long, so you'll need different code type. you might need 12 instead of 14 for 16bits values, etc.

OK, I'll test when my shuriken usb arrives with a pointer I find.

Cyan · Feb 5, 2017

don't be afraid of failures.
the most you try and the most you'll understand all this non-sense numbers

Hacking Put Pointers Into Codes?

Well-Known Member

Top Tier Ghost

Well-Known Member

Top Tier Ghost

Well-Known Member

Top Tier Ghost

Well-Known Member

Top Tier Ghost

Well-Known Member

GBATemp's lurking knight

Well-Known Member

GBATemp's lurking knight

Well-Known Member

i snack raw pasta and chew lollipops

Well-Known Member

GBATemp's lurking knight

Well-Known Member

GBATemp's lurking knight

Well-Known Member

GBATemp's lurking knight

Similar threads

Popular threads in this forum