for cheat code normally patch like this for example TOTK
from gdb monitor get info
Process: 0x51 (Application)
Program Id: 0x0100f2c0115b6000
Layout:
Alias: 0x1105c00000 - 0x2105bfffff
Heap: 0x2105c00000 - 0x2305bfffff
Aslr: 0x0008000000 - 0x7fffffffff
Stack: 0x1085c00000 - 0x1105bfffff
Modules:
0x0080000000 - 0x0080003fff nnrtld
0x0080004000 - 0x0084669fff EX-King.nss
0x008466a000 - 0x0084d12fff multimedia
0x0084d13000 - 0x0085a36fff nnSdk
[Item Pickup Multiplier (2x)]
040A0000 0162A408 52800041
040A0000 # ?? where is coming form dont know how atmosphere handle
016A408 # should be the offset finding from breeze/edizon or ghidra/gdb
52800041 # should be the opcode "mov w1, #2" in reverse order 41 00 80 52
[ Docked 720p ]
580F0000 04716F50
580F1000 00000090
780F0000 000000F0
680F01D0 00000360 00000600
for this example how to understand the cheat code how atmosphere or gdb dispatch for it
what I'm try to do is easy for code understand on IDA
seems protocol a bit complex from breeze implementation
StoreStatic (3 DWORDs)
Instruction Format: 0TMR00AA AAAAAAAA YYYYYYYY (YYYYYYYY)
EndConditionalBlock 2X000000 (X: End type (0 = End, 1 = Else))
LoadRegisterStatic 400R0000 VVVVVVVV VVVVVVVV
LoadRegisterMemory 5TMRI0AA AAAAAAAA
StoreStaticToAddress 6T0RIor0 VVVVVVVV VVVVVVVV
PerformArithmeticStatic 7T0RC000 VVVVVVVV
BeginKeypressConditionalBlock 8kkkkkkk
PerformArithmeticRegister 9TCRSIs0 (VVVVVVVV (VVVVVVVV))
StoreRegisterToAddress ATSRIOxa (aaaaaaaa)
...
more detail check breeze/source/assembleraction.cpp
maybe StoreStatic is good for me right now
from gdb monitor get info
Process: 0x51 (Application)
Program Id: 0x0100f2c0115b6000
Layout:
Alias: 0x1105c00000 - 0x2105bfffff
Heap: 0x2105c00000 - 0x2305bfffff
Aslr: 0x0008000000 - 0x7fffffffff
Stack: 0x1085c00000 - 0x1105bfffff
Modules:
0x0080000000 - 0x0080003fff nnrtld
0x0080004000 - 0x0084669fff EX-King.nss
0x008466a000 - 0x0084d12fff multimedia
0x0084d13000 - 0x0085a36fff nnSdk
[Item Pickup Multiplier (2x)]
040A0000 0162A408 52800041
040A0000 # ?? where is coming form dont know how atmosphere handle
016A408 # should be the offset finding from breeze/edizon or ghidra/gdb
52800041 # should be the opcode "mov w1, #2" in reverse order 41 00 80 52
[ Docked 720p ]
580F0000 04716F50
580F1000 00000090
780F0000 000000F0
680F01D0 00000360 00000600
for this example how to understand the cheat code how atmosphere or gdb dispatch for it
Post automatically merged:
Python:
```
import idaapi
import idc
import sys
import os
# cheatLib powered by Eiffel2018
from cheatLib import *
def add_bookmark(offset, comment, check_duplicate=True):
"""
Add a bookmark at the specified address with a comment.
:param offset: The address offset where the bookmark will be added.
:param comment: The comment to associate with the bookmark.
:param check_duplicate: If True, checks for existing bookmarks to avoid duplicates.
"""
for bslot in range(0, 1024, 1):
slotval = idc.get_bookmark(bslot)
if check_duplicate:
if slotval == offset:
print(f"Bookmark already exists at address 0x{offset:X}")
return
if slotval == 0xffffffffffffffff:
idc.put_bookmark(offset, 0, 0, 0, bslot, comment)
print(f"Bookmark added at address 0x{offset:X} with comment: {comment}")
break
def cheat_from_file(bid_file):
if os.path.exists(bid_file):
with open(bid_file, "r") as f:
lines = f.readlines()
current_cheat_name = None
current_values = []
for line in lines:
line = line.strip()
if not line:
continue # Skip empty lines
# Check if the line starts with a cheat name
cheat_name_match = re.search(r'\[(.*?)\]', line)
if cheat_name_match:
# Save the previous cheat's data before starting a new one
if current_cheat_name:
cheats.append((current_cheat_name, current_values))
# Start a new cheat entry
current_cheat_name = cheat_name_match.group(1).strip()
current_values = []
continue
# Check if the line starts with '040' for values
if len(line)>=8:
parts = line.split()
if len(parts) >= 2:
values = parts[1:] # Values after the prefix
current_values.append(values)
# Append the last cheat entry after finishing the loop
if current_cheat_name and current_values:
cheats.append((current_cheat_name, current_values))
def patch_ida_comment(cheat_name, values):
for address_offset, comment_text in values:
# Convert offset to absolute address
address_offset = int(address_offset,16)
opcpde = f"[ {comment_text[::-1]} ]"
# image_base = idaapi.get_imagebase()
absolute_address = image_base + address_offset
print(f"{absolute_address:x}")
comment = "cheatcode_ "+cheat_name + " " + opcpde
idc.set_cmt(absolute_address, comment, 1)
add_bookmark(absolute_address, comment)
cheats = []
bid_file =GetBID()+".txt"
cheat_from_file(bid_file)
for cheat_name, values in cheats:
if len(values) >0:
print(cheat_name, values)
patch_ida_comment(cheat_name, values)
```
Post automatically merged:
seems protocol a bit complex from breeze implementation
StoreStatic (3 DWORDs)
Instruction Format: 0TMR00AA AAAAAAAA YYYYYYYY (YYYYYYYY)
- T: Width of memory write (1, 2, 4, or 8 bytes)
- M: Memory region (0 = Main NSO, 1 = Heap, 2 = Alias)
- R: Register used as an offset
- A: Immediate offset
- YYYYYYYY: Value to be written
EndConditionalBlock 2X000000 (X: End type (0 = End, 1 = Else))
LoadRegisterStatic 400R0000 VVVVVVVV VVVVVVVV
LoadRegisterMemory 5TMRI0AA AAAAAAAA
StoreStaticToAddress 6T0RIor0 VVVVVVVV VVVVVVVV
PerformArithmeticStatic 7T0RC000 VVVVVVVV
BeginKeypressConditionalBlock 8kkkkkkk
PerformArithmeticRegister 9TCRSIs0 (VVVVVVVV (VVVVVVVV))
StoreRegisterToAddress ATSRIOxa (aaaaaaaa)
...
more detail check breeze/source/assembleraction.cpp
maybe StoreStatic is good for me right now
Last edited by Longjumping-Topic708,