ROM Hack [Question] [3DS CFW NTR] How to build a game.plg file with pointer code?

[TPRammus]

Hey there!

I have NTR on my 3DS installed and I want to create a cheat code. I have already found the address + pointer (it is 16FF9342 and the offset is 3FF). So how do I paste it into the gameplg.c?
The code for just an address (without offset) is:

    if (cheatEnabled[0]) {
        WRITEU16(0x16FF9342, 0x00000012); //0x16FF9342 is the address, 0x00000012 is the value which should be written to that address
    }

And here's the complete gameplg.c: http://pastebin.com/ua7yLzNV

 

[TPRammus]

I did get an answer from the user Nanquitas (Nanquitas on GitHub) (Once again thank you very much Nanquitas!)
This is for pointers:

void pointers_exemple(void)
{
    unsigned int    pointer;
    unsigned int    offset;
    unsigned int     pointer_value;

    pointer = 0x10000000; //<-- Assign my pointer address to 0x10000000
    pointer = READU32(pointer); //<-- My pointer is now equal to the address pointed at 0x1000000
    pointer_value = READU32(pointer); //<-- Assign pointer_value with the value stocked in the address pointed by 0x10000000
    offset = 0x1234; //<-- Assign my offset to 0x1234;
    pointer = 0x10000000;
    pointer = READU32(pointer) + offset; //<-- Assigne my pointer with the address contained at 0x10000000 and add 0x1234 to the retrieved address
    pointer_value = READU32(pointer); //<-- ppointer_value is now equal to the value stocked at the address pointed by 0x10000000 + offset;
    pointer = 0x10000000;
    pointer = READU32(pointer) + offset; //<-- Initialize my pointer to the address stocked at 0x10000000 + offset
    pointer = READU32(pointer); //<-- Pointer is now equal to the address stocked at the address stocked at 0x10000000 + offset (Second level pointer)
    pointer = READU32(pointer) + 0x5000; //<-- Pointer is now equal to (the address stocked at (the address stocked at (the address stocked at 0x10000000 + offset)) + 0x5000) (Third level pointer)
    pointer_value = READU32(pointer); //<-- Retrieve the value stocked at my third level pointer
}

regards, TPRammus

 

[Nanquitas]

No problem

I'll add this if you don't have the macros:

#ifndef WRITEU8
#    define WRITEU8(addr, data)       *(volatile unsigned char *)(addr) = data & 0xFF
#endif
#ifndef WRITEU16
#    define WRITEU16(addr, data)     *(volatile unsigned short *)(addr) = data & 0xFFFF
#endif
#ifndef WRITEU32
#    define WRITEU32(addr, data)     *(volatile unsigned int*)(addr) = data
#endif
#ifndef READU8
#    define READU8(addr)           *(volatile unsigned char *)(addr)
#endif
#ifndef READU16
#    define READU16(addr)         *(volatile unsigned short *)(addr)
#endif
#ifndef READU32
#    define READU32(addr)         *(volatile unsigned int *)(addr)
#endif

 

[TPRammus]

No problem

I'll add this if you don't have the macros:

#ifndef WRITEU8
#    defi...

Could you please make an example? I am not using macros btw. (I am using Cheat entries):

if (cheatEnabled[0]) {
        //code
    }

I don't really get into it so it would be awesome if you could make an example (if yes, take 0x00123456 as address and 0x089 as offset)

regards, TPRammus

 

[Nanquitas]

Macros are a term in C which means a pattern which will execute a thing.
You need the macros I posted in order to easily edit addresses or else you'll need to do:

data = *(u32 *)0x12345;

instead of:

data = READU32(0x12345);

Well...

For the exemple we'll take the giant link cheats from my Zelda OOT cheats plugin:

void    giant_link(void)
{
    u32    pointer;

    pointer = READU32(0x087B18E8) + 0x64; //<-- My pointer is equal to the address stocked at the address 0x087B18E8 and we add 0x64 to this address
    WRITEU32(pointer, 0x3CA3D70A);        //<-- We write the value 0x3CA3D70A in the address previously retrieved
    WRITEU32(pointer + 4, 0x3CA3D70A);    //<-- We write the value 0x3CA3D70A in the address previously retrieved + 4
    WRITEU32(pointer + 8, 0x3CA3D70A);    //<-- We write the value 0x3CA3D70A in the address previously retrieved + 8
}

 

[TPRammus]

Macros are a term in C whic...

Thank you now I got it!
But one more question: Which tool do you use to find addresses and pointers?

regards, TPRammus

 

[Nanquitas]

There's many ways today but all of them require a memdump and analyze part.

I'm doing my memdumps with a plugin of my creation which give me the same header as a gateway's dump so I can then use the soft for gateway.

Else I like to use either Cheat Engine or IDA Pro.

 

[TPRammus]

There's many ways today but all of them require a memdump and analyze part.

I'm doing my memdumps with a plugin of my creation which give me the same header as a gateway's dump so I can then use the soft for gateway.

Else I like to use either Cheat Engine or IDA Pro.

And you are not willing to share this plugin I guess?

 

[Nanquitas]

I share it but it's a dirty version and the proper version will not come soon (if it comes).

How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.
Go in it and select the process you want to dump then you'll have two choice:
- A to select a specific region to dump
- B to dump all memory regions

You can cancel a dump by pressing B while the dump.

The dump will be named by the titleID of the process dumped.
This dumper allows several dump since it'll add a suffix.

The dumps made have a header like a Gateway's dump so you can use this tool to facilitate your search.

Have fun !

Update 18/07/16:

• Correct bugs
• Add the support of region above 0x20000000 (useful for games like Monster Hunter)

Update 24/07/16:

• Unblock the locked state region

 

[TPRammus]

I share it but it's a dirty version and the proper version will not come soon (if it comes).

How to us...

Oh my god you are my hero! I can't thank you enough!

 

[Nanquitas]

Glad to see that you like it

 

[Nanquitas]

Made a little update of the plugin. (See above)

 

[Nanquitas]

New update of the dumper: Download the attached file.

 

[jimmyleen]

I share it but it's a dirty version and the proper version will not come soon (if it comes).

How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.
Go in it and select the process you want to dump then you'll have two choice:
- A to select a specific region to dump
- B to dump all memory regions

You can cancel a dump by pressing B while the dump.

The dump will be named by the titleID of the process dumped.
This dumper allows several dump since it'll add a suffix.

The dumps made have a header like a Gateway's dump so you can use this tool to facilitate your search.

Have fun !

Update 18/07/16:

• Correct bugs
• Add the support of region above 0x20000000 (useful for games like Monster Hunter)

Update 24/07/16:

• Unblock the locked state region

I don't know if you will continue to work on it but the latest version of ProcessDumper2.0 won't dump every app and game, it has to be dumped one at a time.

 

[Nanquitas]

Yes, it's the purpose of this dumper.

It' let you choose the process to dump.

 

[jimmyleen]

Yes, it's the purpose of this dumper.

It' let you choose the process to dump.

What I mint to say is when pressing B the dumper doesn't dump all the data for every game or app.

 

[Nanquitas]

You first choose the app, then you press b and you wait for the dump to be finished.

 

[Nath74k]

How to use it:
- Put the plugin in the sd:/plugin/home/dumper.plg folder;
- Create a dump folder in the root of your SD (important or it won't work).

Then when you'll load NTR, a ProcessDumper2.0 line will be available in the ntr menu.

It doesn't work for me.
When I press A on a specific PID, a blue bar loads on the top screen, and then nothing happens. I can't choose a specific region or game.

 

[Nanquitas]

That's because you use my RAM Explorer plugin.

This one also have a dumper but it's not the 2.0.
Redownload the plugin above.

 

[Nath74k]

That's because you use my RAM Explorer plugin.

This one also have a dumper but it's not the 2.0.
Redownload the plugin above.

I've downloaded the plg on this page like two or three hours ago, and I'm going on the "Process Dumper" tab on the NTR menu