[Help] Memory Hacking Software and Dolphin issue

antassantas · (This post was last modified: 07-15-2014, 02:09 AM by antassantas.)

I have recently downloaded both MHS and Dolphin 4.0.2-2135 and have been trying to figure out values for the game "The Hobbit" on the GCN since I am figuring out tricks for speedrunning it. I followed this guide: ' https://forums.dolphin-emu.org/Thread-cheat-engine-and-dolphin-solution-inside?highlight=memory+hacking+software ', but it did not seem to work for me. Everytime I try to open process in MHS to dolphin, the above in MHS says "<Unknown> opened by L. Sprio". I heard this was a normal thing but when I find a value such as coins it will not let me change the in-game value through MHS and when I try to enter the Hex Editor or some other part of the program, it crashes. I am still trying to figure it out, but am at a loss. Any help would be greatly appreciated.

Info: Windows 7 64-bit, 3770k, Radeon 7800 HD series, 32GB corsair vengeance

himalayan · 07-15-2014, 02:28 AM #2

ahh christ. Memeory hacking in Dolphin is complicated due to how the addresses and values are stored (little-endian or big endian)... one of the two.

I can help you out if you want to try and download 'cheat engine' software which has the same purpose

otherwise you may want to do some research on big endian and little endian and how hex is stored in Dolphin; I've read up on it before so I know it's out there somewhere

antassantas · (This post was last modified: 07-15-2014, 05:12 AM by antassantas.)

(07-15-2014, 02:28 AM)himalayan Wrote: ahh christ. Memeory hacking in Dolphin is complicated due to how the addresses and values are stored (little-endian or big endian)... one of the two.

I can help you out if you want to try and download 'cheat engine' software which has the same purpose

otherwise you may want to do some research on big endian and little endian and how hex is stored in Dolphin; I've read up on it before so I know it's out there somewhere

I have also tried Cheat Engine 6.4 with dolphin and got better results with it in regards to opening the process and finding values in-game. However the problem with CE is that when I try to find what address my certain object is at, it usually has about 5 different addresses for, lets say coin count, and when I try to change the value it immediately goes back to the value that it was before. Any help on this problem would probably solve(mostly) this situation. Also sometimes when I try to edit the multiple values they flash on and off my set values, but do not change in-game for a set period of time, only a quick flash.

himalayan · 07-15-2014, 07:41 AM #4

You need to define a new process in Cheat Engine.

Right click where it says "Valve Type" then click "Define New Customer Type (Auto Assembler)"

Copy this for 2-Bit Big Endian (Dolphin)

Spoiler: (Show Spoiler)

And this for 4-byte Big Endian

Spoiler: (Show Spoiler)

Then save the processes and you're done. Next time; search on Dolphin using the 2-Byte and 4-Byte Big Endian Value Types in Cheat Engine

This will find what you need; I've used this for loads of things (SSBB Coins for one), Rupees in Zelda, loads, I know it works fine.

Hope this helps

antassantas · 07-15-2014, 08:04 AM #5

(07-15-2014, 07:41 AM)himalayan Wrote: You need to define a new process in Cheat Engine.

Right click where it says "Valve Type" then click "Define New Customer Type (Auto Assembler)"

Copy this for 2-Bit Big Endian (Dolphin)

Spoiler: (Show Spoiler)

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '2 Byte Big Endian',0

ByteSize:
dd 2

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov ax,[rcx] //eax now contains the bytes 'input' pointed to
xchg ah,al //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,ffff //cleanup
xchg ah,al //convert to big endian

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
xchg ch,cl //convert the little endian input into a big endian input
mov [rdx],cx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
xchg ah,al

mov [ebx],ax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]

And this for 4-byte Big Endian

Spoiler: (Show Spoiler)

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]

Then save the processes and you're done. Next time; search on Dolphin using the 2-Byte and 4-Byte Big Endian Value Types in Cheat Engine

This will find what you need; I've used this for loads of things (SSBB Coins for one), Rupees in Zelda, loads, I know it works fine.

Hope this helps

I have done this and I still end up with multiple addresses with the same value which is what the count of in-game value of coins is in-game. the 2 byte seems to crash when on 2nd scan. But even when I receive the addresses for which coins is counted on as a value, when I try to change the value it immediately reverts back to the previous value. Any thoughts?

**mbc07** · 07-15-2014, 02:21 PM #6

Well, I have little to zero experience with this but wouldn't be easier to use the built-in functions available in Dolphin instead of separate apps?

antassantas · 07-15-2014, 02:55 PM #7

I have tried the in dolphin memory and it seems to be on par with mhs, but it lacks the ability to realtime change calues(I think) and even if it could it is still not working for changing the values. It may also have less options and no hex editor compared to CE and mhs, unless i have not found it yet.

himalayan · 07-15-2014, 04:36 PM #8

I struggled with Dolphin's editor as well - Cheat Engine was the easiest for me.

I know what you mean: When I was using Cheat Engine for SSBB coins I had to change 2 values to '9999' at the same time for it to work. It seems to find at least 2 values for whatever integer/value you try to change.

If I get chance later on I'll do a video/screenshots of how I did it. My Dolphin was a bit temperamental during the scanning but I was cautious.

antassantas · 07-15-2014, 08:31 PM #9

(07-15-2014, 04:36 PM)himalayan Wrote: I struggled with Dolphin's editor as well - Cheat Engine was the easiest for me.

I know what you mean: When I was using Cheat Engine for SSBB coins I had to change 2 values to '9999' at the same time for it to work. It seems to find at least 2 values for whatever integer/value you try to change.

If I get chance later on I'll do a video/screenshots of how I did it. My Dolphin was a bit temperamental during the scanning but I was cautious.

I tried to change both amounts at the same time just like you did, but had no luck with the results. Some of my in game items have 2-8 different addresses for one item and when i try to change single or multiple values they still don't work.