Put Pointers Into Codes?

Discussion in 'Wii - Hacking' started by HackingNewbie, Feb 5, 2017.

  1. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    If I found a pointer, how would I put it into a cheat code? I couldn't find anything on it on the geckocodes.org codetype documentation, and I don't understand what's said on it anyway.
    Any help would be appreciated!
     


  2. sup3rgh0st

    sup3rgh0st Top Tier Ghost

    Member
    284
    179
    Apr 22, 2010
    United States
  3. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    I looked there, but I don't understand anything said on there.

    — Posts automatically merged - Please don't double post! —

    I mean a pointer like this:
    [12345678]+123
    or something
     
  4. sup3rgh0st

    sup3rgh0st Top Tier Ghost

    Member
    284
    179
    Apr 22, 2010
    United States
    You could start by reverse engineering existing codes that are simple. 04345878 386003E7 for example gives you Infinite Coins in Super Mario Galaxy. If you look at the link I posted, codes that start with '04' performs a 32 bit write. So you can see that "386003E7" (a big number) is being written into ba+345878, which is most likely where coins are stored. Try experimenting and seeing where it gets you!
     
  5. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    But I still don't know how to put a pointer like [12345678]+1234 into a code
     
  6. sup3rgh0st

    sup3rgh0st Top Tier Ghost

    Member
    284
    179
    Apr 22, 2010
    United States
    What's the address/pointer you found?
     
  7. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    I didn't find anything, just wanted an example of putting something random like [12345678]+1234 into a code
     
  8. sup3rgh0st

    sup3rgh0st Top Tier Ghost

    Member
    284
    179
    Apr 22, 2010
    United States
  9. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    Is there not a way to compute pointers? I just want to compute the pointer then write a value to the resulting address. Like, find the value of address, say, 80102456 then add 0xFE to that value, then write to the resulting address. This would be like putting the pointer [80102456]+FE.
     
  10. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,308
    8,766
    Oct 27, 2002
    France
    Engine room, learning
    you need to look at the code type link.
    there's no definitive solution, it all depends on the address range and the value you want to edit.

    You already have the address and the value, or you want to make a search?

    If you already have the necessary addresse+shift+value, then all you need is to read the code type and generate your cheat code.
    if you don't have it and want to search, OR if you want a detailed and easy tutorial to learn how to use the code type, follow this tutorial :
    https://gamehacking.org/faqs/wiiexample1.htm
    https://gamehacking.org/faqs/wiiexample2.htm

    specifically, the second page as it talks about pointers.

    edit:
    some tags for my own usage. I'm tired of looking hours for my previous message to find these links.
    cheatcode wii usbgecko tutorial guide pointers search code type
     
    Last edited by Cyan, Feb 5, 2017
  11. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    I'm brainstorming ways to compute pointers right now. I'm thinking PPC ASM.
     
  12. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,308
    8,766
    Oct 27, 2002
    France
    Engine room, learning
    you should really read and try to understand my 2 links, for your own knowledge.
    don't see it as "you need to do it that way" but like something new you can learn. maybe it will help you understand how to compute [address]+value=xxx into PPC ASM code.

    it's not really pure PPC ASM code you are writing, but more a dedicated language injected into memory and loaded on every cycle by a PPC program.
    that's two different things writing ASM to replace existing instructions and writing cheatcodes to let a PPC program interpret it.

    pure ASM replacement is usually done using a text file located on SD card (gameconfig.txt) and it's replacing the memory at specific addresses at launch.
    cheatcode is running differently, by adding a new function to the memory (the cheat code interpreter) and loading your cheat code data in memory too. on each cycle (usually vertical buffer sync) it runs the cheat code interpreter.

    gameconfig.txt example :
    codeliststart = 80570000
    codelistend = 80580000
    hooktype = 7
    poke(800042B8, 60000000)
    pokeifequal(803E9930, 4BFECA1D, 803E9930, 60000000)
    pokeifequal(803E99A8, 4BFECA1D, 803E99A8, 60000000)
    pokeifequal(803E9D5C, 4BFECA1D, 803E9D5C, 60000000)

    like you see, the format is very different than the cheatcode format as it contains instruction in human readable text.
    the same result can be achieved with both gameconfig and cheatcode, it's just two different ways to edit the memory.
     
    Last edited by Cyan, Feb 5, 2017
  13. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    Yup, I'll look now
     
  14. CosmoCortney

    CosmoCortney The Hacker Furry

    Member
    1,550
    1,470
    Apr 18, 2013
    Germany
    on the cool side of the pillow
    The documentation is a bit bad explained in some cases.
    In general you have to load the base address first and then add a range check.
    48000000 LLLLLLLL // loads the pointer at LLLLLLLL
    DE000000 80008180 // range check


    to tell a code it is depended on a pointer add 0x10 to the codetype so 00 becomes 10, 02 -> 12, 2E -> 3E. Then put an unsigned offset where the address should be.
    Lets use a 32-bit ram write
    48000000 LLLLLLLL
    DE000000 80008180
    14QQQQQQ VVVVVVVV // QQQQQQ = unsigned offset, VVVVVVVV = Value
    E0000000 80008000 // terminator

    An example:
    48000000 801B7780
    DE000000 80008180
    12001D3A 0000000A
    E0000000 80008000

    this loads the pointer situated at 801B7780, then performs a range check, then adds the offset of 0x001D3A to the pointer and writes the 16-bit value of 000A to it. Last it terminates the code.

    If you have a negative offset use 4A100000 QQQQQQQQ beneath the range check and leave the offset of the RAM write 000000.
    Example:

    48000000 90ABE000
    DE000000 809080A0
    4A100000 FFFEDED0
    14000000 00010000
    14000004 00000001
    E0000000 80008000
     
    Last edited by CosmoCortney, Feb 5, 2017
    HackingNewbie and DarkFlare69 like this.
  15. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    So for setting the 32-bit value of 0x12345678 to [0x12345678]+0x123 it would be
    Code:
    48000000 12345678
    DE000000 80008180
    14000123 12345678
    E0000000 80008000
    
    ?
     
  16. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,308
    8,766
    Oct 27, 2002
    France
    Engine room, learning
    the idea is correct.
    you'll have to change the "range check" value.
    the address of your pointer will not always points to what you want. One time this address could point to HP, another time it could point to enemy data, another time to Item count (it all depends the game needs at a specific time).
    you wouldn't want the cheatcode to edit the iteam value, while you want only infinite health.

    so you need to check the range pointed by that address is really in the "usual Health address value".
    DE000000 XXXXYYYY
    the cheatcode will be active only if the "12345678" address contains a value between XXXX0000 and YYYY0000

    on your example, here is what's happening :
    you picked a bad example value, it's confusing, so I added colors
    48000000 12345678 = pointer at address 12345678. (Set PO = 32bit value 0x12345678)
    DE000000 80008180 = if the value at PO address 12345678 is between 80000000 and 81800000 then continue executing the cheatcode (If 0x80000000 < PO value < 0x81800000)
    14000123 12345678 = shift the value found at 12345678 by 123 and write 12345678 to the new address (address located at value of PO + 0x123 = 32bit value 0x12345678)
    E0000000 80008000 = Cheatcode end
     
    Last edited by Cyan, Feb 5, 2017
  17. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    So problem solved???
     
  18. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,308
    8,766
    Oct 27, 2002
    France
    Engine room, learning
    partly yes.
    you'll have to test it to see if it works and doesn't create issues in different menus (because of the range part).

    also, not all cheats are 32 bit long, so you'll need different code type. you might need 12 instead of 14 for 16bits values, etc.
     
    Last edited by Cyan, Feb 5, 2017
  19. HackingNewbie
    OP

    HackingNewbie GBAtemp Fan

    Member
    476
    96
    Dec 29, 2016
    United Kingdom
    Somewhere in 2008
    OK, I'll test when my shuriken usb arrives with a pointer I find.
     
  20. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,308
    8,766
    Oct 27, 2002
    France
    Engine room, learning
    don't be afraid of failures.
    the most you try and the most you'll understand all this non-sense numbers :P