ROM Hack [Question] [3DS CFW NTR] How to build a game.plg file with pointer code?

TPRammus

Member
OP
Newcomer
Joined
Jul 15, 2016
Messages
6
Trophies
0
Age
34
XP
89
Country
Gambia, The
Hey there!

I have NTR on my 3DS installed and I want to create a cheat code. I have already found the address + pointer (it is 16FF9342 and the offset is 3FF). So how do I paste it into the gameplg.c?
The code for just an address (without offset) is:
Code:
    if (cheatEnabled[0]) {
        WRITEU16(0x16FF9342, 0x00000012); //0x16FF9342 is the address, 0x00000012 is the value which should be written to that address
    }
And here's the complete gameplg.c: http://pastebin.com/ua7yLzNV
 
  • Like
Reactions: kenjiy

TPRammus

Member
OP
Newcomer
Joined
Jul 15, 2016
Messages
6
Trophies
0
Age
34
XP
89
Country
Gambia, The
I did get an answer from the user Nanquitas (Nanquitas on GitHub) (Once again thank you very much Nanquitas!)
This is for pointers:
Nanquitas said:
Code:
void pointers_exemple(void)
{
    unsigned int    pointer;
    unsigned int    offset;
    unsigned int     pointer_value;

    pointer = 0x10000000; //<-- Assign my pointer address to 0x10000000
    pointer = READU32(pointer); //<-- My pointer is now equal to the address pointed at 0x1000000
    pointer_value = READU32(pointer); //<-- Assign pointer_value with the value stocked in the address pointed by 0x10000000
    offset = 0x1234; //<-- Assign my offset to 0x1234;
    pointer = 0x10000000;
    pointer = READU32(pointer) + offset; //<-- Assigne my pointer with the address contained at 0x10000000 and add 0x1234 to the retrieved address
    pointer_value = READU32(pointer); //<-- ppointer_value is now equal to the value stocked at the address pointed by 0x10000000 + offset;
    pointer = 0x10000000;
    pointer = READU32(pointer) + offset; //<-- Initialize my pointer to the address stocked at 0x10000000 + offset
    pointer = READU32(pointer); //<-- Pointer is now equal to the address stocked at the address stocked at 0x10000000 + offset (Second level pointer)
    pointer = READU32(pointer) + 0x5000; //<-- Pointer is now equal to (the address stocked at (the address stocked at (the address stocked at 0x10000000 + offset)) + 0x5000) (Third level pointer)
    pointer_value = READU32(pointer); //<-- Retrieve the value stocked at my third level pointer
}

regards, TPRammus
 
  • Like
Reactions: Nanquitas

Nanquitas

Well-Known Member
Member
Joined
Sep 29, 2015
Messages
2,345
Trophies
0
Age
31
Location
South of France :)
XP
3,346
Country
France
No problem :)

I'll add this if you don't have the macros:
Code:
#ifndef WRITEU8
#    define WRITEU8(addr, data)       *(volatile unsigned char *)(addr) = data & 0xFF
#endif
#ifndef WRITEU16
#    define WRITEU16(addr, data)     *(volatile unsigned short *)(addr) = data & 0xFFFF
#endif
#ifndef WRITEU32
#    define WRITEU32(addr, data)     *(volatile unsigned int*)(addr) = data
#endif
#ifndef READU8
#    define READU8(addr)           *(volatile unsigned char *)(addr)
#endif
#ifndef READU16
#    define READU16(addr)         *(volatile unsigned short *)(addr)
#endif
#ifndef READU32
#    define READU32(addr)         *(volatile unsigned int *)(addr)
#endif
 

TPRammus

Member
OP
Newcomer
Joined
Jul 15, 2016
Messages
6
Trophies
0
Age
34
XP
89
Country
Gambia, The
No problem :)

I'll add this if you don't have the macros:
Code:
#ifndef WRITEU8
#    defi...

Could you please make an example? I am not using macros btw. (I am using Cheat entries):

Code:
if (cheatEnabled[0]) {
        //code
    }
I don't really get into it so it would be awesome if you could make an example (if yes, take 0x00123456 as address and 0x089 as offset)

regards, TPRammus
 

Nanquitas

Well-Known Member
Member
Joined
Sep 29, 2015
Messages
2,345
Trophies
0
Age
31
Location
South of France :)
XP
3,346
Country
France
Macros are a term in C which means a pattern which will execute a thing.
You need the macros I posted in order to easily edit addresses or else you'll need to do:
Code:
data = *(u32 *)0x12345;
instead of:
Code:
data = READU32(0x12345);

Well...

For the exemple we'll take the giant link cheats from my Zelda OOT cheats plugin:
Code:
void    giant_link(void)
{
    u32    pointer;

    pointer = READU32(0x087B18E8) + 0x64; //<-- My pointer is equal to the address stocked at the address 0x087B18E8 and we add 0x64 to this address
    WRITEU32(pointer, 0x3CA3D70A);        //<-- We write the value 0x3CA3D70A in the address previously retrieved
    WRITEU32(pointer + 4, 0x3CA3D70A);    //<-- We write the value 0x3CA3D70A in the address previously retrieved + 4
    WRITEU32(pointer + 8, 0x3CA3D70A);    //<-- We write the value 0x3CA3D70A in the address previously retrieved + 8
}
 
  • Like
Reactions: TPRammus

Nanquitas

Well-Known Member
Member
Joined
Sep 29, 2015
Messages
2,345
Trophies
0
Age
31
Location
South of France :)
XP
3,346
Country
France
There's many ways today but all of them require a memdump and analyze part.

I'm doing my memdumps with a plugin of my creation which give me the same header as a gateway's dump so I can then use the soft for gateway.

Else I like to use either Cheat Engine or IDA Pro.
 
  • Like
Reactions: TPRammus

TPRammus

Member
OP
Newcomer
Joined
Jul 15, 2016
Messages
6
Trophies
0
Age
34
XP
89
Country
Gambia, The
There's many ways today but all of them require a memdump and analyze part.

I'm doing my memdumps with a plugin of my creation which give me the same header as a gateway's dump so I can then use the soft for gateway.

Else I like to use either Cheat Engine or IDA Pro.


And you are not willing to share this plugin I guess? :D
 
Last edited by TPRammus,

Nanquitas

Well-Known Member
Member
Joined
Sep 29, 2015
Messages
2,345
Trophies
0
Age
31
Location
South of France :)
XP
3,346
Country
France
I share it but it's a dirty version and the proper version will not come soon (if it comes).

How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.
Go in it and select the process you want to dump then you'll have two choice:
- A to select a specific region to dump
- B to dump all memory regions

You can cancel a dump by pressing B while the dump.

The dump will be named by the titleID of the process dumped.
This dumper allows several dump since it'll add a suffix.

The dumps made have a header like a Gateway's dump so you can use this tool to facilitate your search.

Have fun ! :)

Update 18/07/16:
  • Correct bugs
  • Add the support of region above 0x20000000 (useful for games like Monster Hunter)

Update 24/07/16:
  • Unblock the locked state region
 

Attachments

  • ProcessDumper2.zip
    41.3 KB · Views: 3,086
Last edited by Nanquitas, , Reason: Update

jimmyleen

Well-Known Member
Member
Joined
Feb 28, 2016
Messages
1,171
Trophies
0
XP
704
Country
I share it but it's a dirty version and the proper version will not come soon (if it comes).

How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.
Go in it and select the process you want to dump then you'll have two choice:
- A to select a specific region to dump
- B to dump all memory regions

You can cancel a dump by pressing B while the dump.

The dump will be named by the titleID of the process dumped.
This dumper allows several dump since it'll add a suffix.

The dumps made have a header like a Gateway's dump so you can use this tool to facilitate your search.

Have fun ! :)

Update 18/07/16:
  • Correct bugs
  • Add the support of region above 0x20000000 (useful for games like Monster Hunter)

Update 24/07/16:
  • Unblock the locked state region

I don't know if you will continue to work on it but the latest version of ProcessDumper2.0 won't dump every app and game, it has to be dumped one at a time.
 

Nath74k

Active Member
Newcomer
Joined
Oct 16, 2016
Messages
32
Trophies
0
Age
29
XP
59
Country
France
How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.

It doesn't work for me.
When I press A on a specific PID, a blue bar loads on the top screen, and then nothing happens. I can't choose a specific region or game.
 

Nath74k

Active Member
Newcomer
Joined
Oct 16, 2016
Messages
32
Trophies
0
Age
29
XP
59
Country
France
That's because you use my RAM Explorer plugin.

This one also have a dumper but it's not the 2.0.
Redownload the plugin above.

I've downloaded the plg on this page like two or three hours ago, and I'm going on the "Process Dumper" tab on the NTR menu
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: @Sonic Angel Knight lol