hit tracker

Finding Pointer Codes With Gateway RAM Dump

Discussion in 'Game Cheat Codes Discussion' started by xJam.es, Jan 25, 2016.

  1. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    Gateway have provided a fantastic in-game menu for searching out those static numbers. The additional challenge we have is DMA (Dynamic Memory Allocation) which means codes are not always in the same place.

    To tackle this we need to hunt down where the game is told to find the data, and use that same reference for our code.

    Difficulty Level
    Moderate, a level of ARCode & Gateway Cheat Menu experience and confidence using PC software required.

    What you will need

    Part 1: Dumping RAM (x2)
    First you want to load your game of choice, start hunting down your code reference using the usual methods (e.g. 32 Bit Search, change value, Search Again ..). Once found, make a note of your offset and value, head to the first page of the Gateway Cheat Menu and Dump RAM.

    Next you want to either reload your game, or the current level (whatever prompts the game to move the reference) and hunt down your code reference again. Make a note of it & dump the RAM.

    Part 2: Prepping your PC
    Make sure you've downloaded the 2 pieces of PC software.

    Copy both of your RAM dumps from your Gateway Red Card MicroSD into a folder on your PC. Open up Gateway RAM Tools and click Add Files.. then select both of your RAM Dumps.

    Once loaded, put a tick next to each file and in the Tools menu select Export RAW RAM Dump.

    2016-03-09 (5).png

    Part 3: Searching for Pointers
    Now you have your 2 extended RAM dumps, you need to search for the pointers. Open up TempAR and switch to the Pointer Searcher tab.

    For the 2 Memory Dump boxes (grey) click in them and select each of the -extended dumps you made.

    Underneath each memory dump box, type the reference you noted from Gateway's Cheat Menu.

    Other Settings
    Mode: Other..
    Base Address: 0x00000000
    Maximum Offset: 0x1000 (You can change this IF you know what you are doing)
    Value: 0x00000000 (The hex value you wish to include in your cheat, i.e. Number of lives, items etc..)
    32-bit: Checked
    Only Display Optimal Pointer Paths: Checked
    RAW Code: Unchecked
    Include Negatives: Unchecked (You can change this if positive pointers yield no results)
    Real Addresses: Unchecked
    AR: Checked

    Click Find Pointers and wait for the program to finish.

    2016-01-25 (2).png

    Part 4: Creating Cheat Codes
    With any luck you'll have a list of pointers appear in TempAR and at least some of these pointers in green. Green is what want to use, these green codes mean BOTH of your RAM Dumps contain addresses which point to your target value.

    Click on the first of your green references and a code will be generated below You will need to modify this code before using it.

    Copy your code into a new text file, saving it with the naming convention recommended by Gateway (titleID followed by .txt). Above your code give it a description in square brackets (e.g [Infinite Lives] ).

    This is where you need to modify the code, looking at my code i can see it is invalid.
    Code:
    [Cheat Name]
    6314A64E4 00000000 <- Code Too Long
    B314A64E4 00000000 <- Code Too Long
    00000208 00000004
    D2000000 00000000
    My code starts in memregion 0x30000000 so i need to use a code to move the pointer first, then execute it. This is what i now have.
    Code:
    [Cheat Name]
    D3000000 30000000 <- Move To memregion 0x30000000
    614A64E4 00000000 <- Second character removed
    B14A64E4 00000000 <- Second character removed
    00000208 00000004
    D2000000 00000000

    The final step is to try the code out in your Gateway Menu, Dont forget to enable it when you start up the game. If this code doesn't work, or your game crashes, you'll need to try again with a different green pointer.

    If you do not have any green items in your list, you have not found a verified pointer. Try ticking the Include Negatives and see if that helps.

    This takes some time and patience, but together as a community, we'll have some awesome cheats!
     
    Last edited: Jul 8, 2016
  2. 403
    12
    0
    msparky83

    msparky83 Loyal Member

    Joined:
    Jun 23, 2006
    Also, if you create a working static code from your pointers and it seems to work great no matter which level your on....thats awesome. However if when you boot your console again and it no longer works (even though you verified that it did with all three files and all levels) (example im using Regular Show: Mordecai and Rigby in 8 Bit Land) well then for some reason your pointer no longer works and I find its better to start the ENTIRE process all over again. I just found another new static address that finally works (including surviving reboot of console)

    Here is my code that I submitted for that.

    Code:
    USA: Regular Show"  Mordecai and Rigby in 8 Bit Land
    [Inf Time]
    D3000000 10000000
    663F5E04 00000000
    B63F5E04 00000000
    20000090 0000007B
    D2000000 00000000
     
    Pongozila, xJam.es and Jp120 like this.
  3. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    Note: Pointer codes may not always work in the first instance, this then gives the dilemma of using Pointer to Pointer codes, when you need to effectively "bunny hop" from one pointer to another.

    This is where things get more difficult and there is no one-true answer on where to get the code. For the dedicated hackers, this is the challenge.

    If you wish to find a pointer to pointer code, in TempAR, in your list of initial results, double click one of the items and it will load all the pointers which lead to that address.
     
    Pongozila likes this.
  4. 1,642
    186
    0
    makikatze

    makikatze Gateway Kitty [MOD] Loyal Member

    Joined:
    Dec 29, 2014
    Occupation:
    A free cat
    Location:
    In my cat basket
    Hi xJam.es, do you have the source code of your code and could you maybe release it somehow? I'm pretty sure we could create a multi-platform version of it for other users like me, who does his Gateway stuff on a Mac.

    Maybe we could also work together somehow to create a program which does unite your program and TempAR? Although, I have to say, I would probably rewrite such a huge program in C# (which would then run on Linux, Mac and Windows through Mono without the hassle of multiple source codes).
     
  5. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    How about over this week I start reprogramming it to C# and use that as the release? Happy to get the source released and wanting to work on a few more features
     
  6. 1,642
    186
    0
    makikatze

    makikatze Gateway Kitty [MOD] Loyal Member

    Joined:
    Dec 29, 2014
    Occupation:
    A free cat
    Location:
    In my cat basket
    That would be great :D
    Just be sure to use MonoDevelop to rewrite your code to C# as Linux and Mac cannot use Windows Forms unfortunately.
     
  7. 8
    2
    3
    Rohul1997

    Rohul1997 Loyal Member

    Joined:
    Jan 29, 2016
    Can someone please help me out? Whenever I run TempAR I get this:
    Untitled.png
     
  8. 1,642
    186
    0
    makikatze

    makikatze Gateway Kitty [MOD] Loyal Member

    Joined:
    Dec 29, 2014
    Occupation:
    A free cat
    Location:
    In my cat basket
  9. 8
    2
    3
    Rohul1997

    Rohul1997 Loyal Member

    Joined:
    Jan 29, 2016
    OMG thank you very much I thought my computer was playing up

    I've just created a pointer code, this guide works great thanks a lot
     
  10. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    Thanks guys, fixed link in OP.

    @Rohul1997 - 'grats on first pointer cheat!
     
  11. 8
    2
    3
    Rohul1997

    Rohul1997 Loyal Member

    Joined:
    Jan 29, 2016
    Is it possible to register the current value of the pointer address and increase the value?
    For example how would I implement this pointer value:
    68C671C8 00000000
    B8C671C8 00000000
    000000C8 00000000
    D2000000 00000000

    Into this?
    DD000000 00000140
    D9000000 ?????????
    D4000000 00004000
    D6000000 ?????????
    D2000000 00000000
     
  12. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    I'm not 100% sure on exactly what you're looking to do, but i'm going to guess you want to essentially merge the 2 bits of code. sooo..

    Code:
    68C671C8 00000000
    B8C671C8 00000000
    D9000000 000000C8
    D4000000 00004000
    D6000000 000000C8
    D2000000 00000000
    Code:
    68C671C8 00000000 <- Check for non-zero pointer
    B8C671C8 00000000 <- Move the pointer based on value at address
    D9000000 000000C8 <- Load the value at pointer+offset into the register
    D4000000 00004000 <- Add 0x4000 to the register
    D6000000 000000C8 <- Write the register to pointer+offset
    D2000000 00000000 <- Exit code
     
  13. 8
    2
    3
    Rohul1997

    Rohul1997 Loyal Member

    Joined:
    Jan 29, 2016
    Thank you, Thank you thats exactly what I was looking for your a star.
     
  14. 3
    0
    0
    Ragrappy

    Ragrappy Loyal Member

    Joined:
    Jan 16, 2016
    Can you use conditionals with a pointer?

    I hacked a pointer for, The Legend of Zelda: Ocarina of Time 3D, that extends the chain of the Hookshot/Longshot as far as I want.
    The issue is that Link will keep being pulled forward if he hooks onto something. Here is the code:

    68720914 00000000
    B8720914 00000000
    20000280 000000FF
    D2000000 00000000

    Where would I put my conditionals for my code? Whenever the Hookshot/Longshot hook onto something or hit a wall, the value of the chain is set to "00." So how could I write a pointer with a conditional that tells the game to stop the code when the value of the Hookshot/Longshot is "00?"

    "FF" is my max value.
     
  15. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    you'll want a Type 6 code (if not zero) to trigger the cheat. May not work if your zero check is the same location as the figure you're editing.. but worth a (hook)shot.

    Code:
    68720914 00000000
    B8720914 00000000
    60000280 00000000
    20000280 000000FF
    D2000000 00000000
     
  16. 3
    0
    0
    Ragrappy

    Ragrappy Loyal Member

    Joined:
    Jan 16, 2016
    Holy shit! It works!!!!
    Thank you so much!!!

    I've been trying to get this to work forever now!
    Everytime I tried to edit something the game froze.

    I will totally give you credit for helping me!!! Thank you!
     
  17. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    Happy to help :)
     
  18. 28
    1
    0
    storm75x

    storm75x Loyal Member

    Joined:
    Dec 12, 2014
    Oh wow. This is great!
    I'll be linking this thread from Fort42. Good work, keep it up!
     
  19. 243
    15
    18
    Smoker1

    Smoker1 Loyal Member

    Joined:
    Jul 22, 2014
    Where are the RAM Dumps placed on the Device SD Card? Want to Delete them to free up Space
     
  20. 161
    32
    28
    xJam.es

    xJam.es Loyal Member

    Joined:
    Jan 21, 2016
    Location:
    England
    Thanks storm75x, more updates coming soon!

    Smoker1 - they are saved on the red card incrementally, starting at 00000.bin
     

Share This Page