LinkBack URL
About LinkBacks
Make your Own CWCheat Codes
The original tutorial was done by hackerkts. It is now outdated, so I have taken the liberty of updating and maintaining the tutorial I posted here.
Tutorials
-Hacking fixed value non-DMA games
-Getting to know more about bits
-Hacking changing values in non-DMA games
-Understanding more about CWCheat database
-Hacking fixed value DMA games
-------------------------------------------
Spoiler for Hacking fixed value non-DMA games:
Tutorial: Hacking fixed value non-DMA games
Tool(s) used: CWCheat 0.2.2 REV.D
What's non-DMA? This might be the first question you're going to ask. Ok, for this tutorial what you only need to know is, non-DMA games address will not change, their addresses are permanent.
Objective: Hacking fixed values
Game used: Harvest Moon: Boy & Girl [US]
What do I mean by fixed values? Those values are visible and fixed, for example gold, time, attack and so on. Several UMD games use this method, but most homebrew uses this.
Let's get started, run the game. Check your current gold, in this case I have 1000G, hold Select button for 3 seconds (that's the default setting) and the cheat menu will pop out.
Scroll to "Cheat searcher" and press the X button, scroll to "Start a new search for a fixed value" and press the X button, press Square button and change the search bit to 16bit(8bit maximum value is 255, I wouldn't explain more about it). At the DEC put 1000, press X and wait for it to search.
It found 145 address, yours might be different result. Now let's change the value of gold. Go buy or sell anything. In this case I have 800G, so let's search for it, the steps are the same, except now you choose "Continue a search for a fixed value". You should get lesser address, repeat the step until you found one address left.
In rare cases, you will find that there are two or more addresses. Normally, one would be the address of the actual money, while the other would be the address for text, telling you the amount of money you have. Changing only the first one will result in both addresses changing, while changing the second one will only change one. It would be a safer approach to try the addresses one by one, rather than all in one time.
In this case, the gold address is 0x001B2F0C.
Spoiler for Getting to know more about bits:
-------------------------------------------
Tutorial: Getting to know more about bits
Tool(s) used: -
This tutorial will be short one, as my first tutorial I stated about the searching bit. Some people might not know why I choose 16bit for money, it's because of the range 16bit has. What you really need to know is,
8bit = 0-255
16bit = 0-65 535
32bit = 0-4 294 967 295
For more information about it, you can take a look at Integer (computer science) - Wikipedia, the free encyclopedia
The rest you don't need to know, mostly you will just end up using 8 and 16 bits, let's take look at 8bit. In Harvest Moon: Boy & Girl the gold range is definitely more than 255, so 8bit is out of the question. 16bit is possible, that's why I choose it.
Back to the first tutorial, the real money address is 0x001B2F0C, but in order for it to works in cwcheat, you have to put a 1 (because of 16bit) infront of the address. So it will looks like this, 0x101B2F0C.
I will cover up more about it on my other tutorial understanding more about cwcheat database.
Spoiler for Hacking changing values in non-DMA games:
-------------------------------------------
Tutorial: Hacking changing values in non-DMA games
Tool(s) used: CWCheat 0.2.2 REV.D
Objective: Finding the address for life bar (take note that I said life bar, it just show your character's life bar and no integer shown)
Game used: Boxhead - PSP Style
"How do we search the address of life bar? We don't even know the value of our life", alright it's pretty easy. First run the game on your PSP, start a battle and take note of your character life bar's marking.
Hold down Select button button for 3 second, go to "Cheat searcher", and now go to "Start a new search for a difference" (this option is something like "Start a new search for unknown value").
You will see this,
By now I believe you should know which search type to choose, for fighting games it's more likely to be 8bit. Let's continue. Went back to your game and make some changes to your life.First dump done!!
Select databasetype and modify data then resume search
Datatype: 8bit
After you make some changes with your life, go back to the cheat menu, "Cheat searcher", "Continue a search for a difference", if your life value is decreased then choose "less than before", if your life value is increase, then choose "greater than before". Or even better if you know the value that decreased/increased then you can simply choose "less by than before"/"greater by than before" respectively and put in the value (Press R and change the DEC amount).
Sometimes if you search using "less by than before" or "greater by than before" it might take a long time to search, and there's a probability that the game is hanged. Don't worry, there's always a solution. For example, if the value is decreased by 20, instead of choosing "less by than before" 20, you choose "less than before" same goes to increase value. This method might take longer time, but it's worth it when you found the right address
Just continue to change your character's life and search for the differences until you get a few addresses(just do some trial and error) or best, 1 address remain.
Hopefully by now hacking non-DMA games is not a problem for you.
Yes ofcourse you can search by "equal to before", I wouldn't recommend you to do that on the second search (first search -> start a new search, second search -> equal to before)
The reason is because, most values you found on the first search are fixed value, you will get a lot of addresses when you choose equal to before.
It's the same as you start searching for a fixed value (let's say 12), and you search again exact value 12. You will find yourself getting a lot of result.
Spoiler for Understanding more about CWCheat database:
-------------------------------------------
Tutorial: Understanding more about CWCheat database
Tool(s) used: -
Now let's get into the database, understand the format and learn to read it.
CWCheat database format:
_S is the game unique id (you can get the id at the cheat menu), _G is the game name, _C0 and _C1 is the cheat description, "what's the different between that 0 and 1?" 0 = [N] and 1 = [Y], it's just the default setting, disable or enable the cheat, it makes no big different, just use _C0 will do. _L is the cheat code._S
_G
_C0 or _C1
_L
Now let's have a look of non-DMA cheat format in the database,
Quote:
_S ID
_G Game name
_C0 Cheat description
_L 0x#XXXXXXX 0xXXXXXXXX
# is the bit,
0 = 8bit (0-255)
1 = 16bit (0-65 535)
2 = 32bit (0-4 294 967 295)
XXXXXXX is the address
XXXXXXXX is the value in hexadecimal
Now let's have a look of DMA cheat format in the database,
Quote:
_S ID
_G Game name
_C0 Cheat description
_L 0x6XXXXXXX 0xXXXXXXXX
_L0x000X0001 0xXXXXXXXX
6 will always start with 6, because it's a pointer. Next time you saw it start with 6, you automatically should know that it's a pointer
XXXXXXXis the pointer
XXXXXXXX is the offset
X is the code type,
0 = 8bit write
1 = 16bit write
2 = 32bit write
3 = 8bit inverse write
4 = 16bit inverse write
5 = 32bit inverse write
1 is 1 because it's a normal pointer, for almost all the time it's a normal pointer so you just leave it as 1.
XXXXXXXX is the value in hexadecimal
Try to open up cheat.db and figure which is non-dma and dma code, by now you should be able to add new cheat yourself.
Spoiler for Hacking fixed value DMA games:
-------------------------------------------
Tutorial: Hacking fixed value DMA games
Tool(s) used: CWCheat 0.2.2 REV.D, Pointer Searcher OR DMA hunter from nitePR Rev K STABLE
DMA stands for dynamic memory allocation, if a game is DMA, the address will change. "When will the address change?" It can be on when you go to different map, reload the game, load/save the game, bought someone in-game ects. DMA games are really a pain in the donkey if you don't know how to hack it, once you know how to find pointer and offset you can kick DMA games' donkey ;D
"What's pointer and offset?" Well, you only need to know pointer and offset will point to the right address, maybe a story will helps you understand more about it. As the story goes...
You had a crush with a girl(I will name her Grace) in your class, she sit on the front row first seat. The seat is the address. You don't dare to approach her and ask for her name and number, you only know where she seat.
One day, she was transferred to another class which you don't know which. What you're going to do to locate her? First you will need to know her name, you went to ask your teacher the girl name, so now you have her name, Grace. The name is actually the pointer, now you know her name, and her precious class (her precious class is just some bits of information, which is the offset). Now with her name and some bits of information, you're able to find her even if next time she transfered to another location.
Let's get started, I will use a easy dma game to hack
Objective: Find the pointer and offset for instant win
Game used: DownStream Panic [US] (ULUS-10322)
Requirement(s): Make sure your memory stick has some space, at least 100mb. Change the time of the menu pop out to 0 second (instant), you can do that at "Setting", "Controller check delay".
I assume at this step you already know how to hack a non-dma games(if you haven't read the previous tutorials, please do so before you continue), so let's get started. Start the game, search the address for the amount of fishes you saved.
Ok, I have found the address, jot down the address!
Level 1 - 0x00D88D88 (first address)
Now you'll need to make a dump, go to the cheat menu, "Enable dump function", go back to the game and press Square button. The game will pause and wrote "Dumping", once it's done the game will start again. Now your have your first dump.
Now you will need to make the address change, for this game each level has different address so let's proceed to level 2. Search for the address for the number of fishes you saved.
I've found it, jot down the address!
Level 2 - 0x00E88E68(second address)
Make a dump again, now you have your second dump.
Optional(but it's recommend to follow):
Make the address change again by going to next level, search and jot down your third address, make your third dump.
Let's check what you have in your hand now, you can find your dumps at your memory stick root,
Code:
first address - 0x00D88D88
second address - 0x00E88E68
third address - 0x00E802A8
dump 1 - MEMDUMP0.dmp
dump 2 - MEMDUMP1.dmp
dump 3 - MEMDUMP2.dmp
In the CWCheat archive (the one you downloaded from the website), there is a pointer searcher folder, along with the plugin itself. Choose your corresponding OS and open the executable. Take note that i'm still documenting on the CWCheat Pointer Searcher, please use the DMA hunter from nitePR Rev K STABLE method if you prefer it, but the CWCheat Pointer Searcher is much more automatic.
Spoiler for nitePR_revK_STABLE.zip:
Note: This is only for those who are still using the old CWCheat. Extract nitePR_revK_STABLE.zip to a folder, I will name it "nitePR revK", run DMAhunter.exe
Press open and select dump 1 and dump 2, now enter your first address, followed by your second address.
Wow, it found so many pointers, don't worry. That's why I asked you to make 3 dumps.
Spoiler for nitePR_revK_STABLE.zip:
Note: This is only for the DMAhunter.exe. Now save all the informations down. Right click on it, "Select All" and right click again. Now it's save to your clipboard, open up a notepad and paste everything in.
Remove,
Quote:
SANiK's DMA code hunter
Please get ready to select the two dumps
(Press enter to start)
Please enter the address of the cheat in RamDump #1
Please enter hex only (0xEF123... etc.): 0x00D88D88
Please enter the address of the cheat in RamDump #2
Please enter hex only (0xEF123... etc.): 0x00E88E68
Searching...
and also,
Quote:
Press any key to continue . . .
Save it as 1&2.txtdon't ask me why, just do it okay? You will know later.
Now repeat the step, but this time we choose dump 2 and 3. And put in second and third address. It found one pointer, that's great!
Spoiler for nitePR_revK_STABLE.zip:
Save it as 2&3.txt
Repeat it again, now use dump 1 and 3, first and third address.
Spoiler for nitePR_revK_STABLE.zip:
Save it as 1&3.txt
Remember to remove those words I said, now proceed to Compare 3 Memory Dumps paste in all the informations in 1&2.txt, 2&3.txt and 1&3.txt and click "Submit"
You should saw this
Quote:
Found 1 same pointers in all 3 dumps:
0XDE040
That script will helps you determine which pointer shown on all 3 dumps, now it's easy. We one pointer, so let's try to use it.
Go back to any text file you made just now, copy the information down.
Quote:
Found, address 0XDE040, value changed from 0X9688E50 to 0X9680290
0XDE040 is the pointer
0X9688E50 is value 1
0X9680290 is value 2
Let's get to the calculation part
Method 1:
Step 1: Convert value 1 into cheat format, minus 0x08800000 from value 1
0X9688E50 - 0x08800000 = 0x00E88E50
Step 2: Calculate the offset, minus the address 1 with the result you found on Step 1(minus from bigger value to a smaller value).
0x00E88E68 - 0x00E88E50 = 18
Method 2:
Step 1 : Convert value 2 into cheat format, minus 0x08800000 from value 2.
0X9680290 - 0x08800000 = 0x00E80290
Step 2: Calculate the offset, minus the address 2 with the result you found on Step 1(minus from bigger value to a smaller value).
0x00E802A8 - 0x00E80290 = 18
That's it, you found the pointer (0XDE040) and calculated out the offset (18).
Now you can kick dma-games' donkey! ;D
CWCHEAT 0.2.2 REV. D
Integer (computer science) - Wikipedia, the free encyclopedia
DMA hunter from nitePR Rev K STABLE
Reply With Quote
Kewl
