• Login
  • Register
  • Dolphin Forums
  • Home
  • FAQ
  • Download
  • Wiki
  • Code


Dolphin, the GameCube and Wii emulator - Forums › Game Modifications › Cheats, Hacks, & Game Patches v
« Previous 1 ... 5 6 7 8 9 ... 18 Next »

Searching for cheats with memory accesses instead of value changes
View New Posts | View Today's Posts

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Searching for cheats with memory accesses instead of value changes
04-29-2020, 06:22 AM
#1
HoldYourWaffle
Unregistered
 
The built-in cheat search is based on changes of values in memory. This works great if you're able to manipulate your to-be-cheated value, like health or ammo, but some things can't be (easily) manipulated, like (fixed) character abilities.
However, although it might not be possible to change these values, it's often trivial to know when they're accessed (read or written from memory). For example, I know that these values are read when I open a character's ability list.

As far as I know there's currently no built-in way to search for cheats like this.
I found the MemoryWatcher while poking around in the source code, but it's very not-user-friendly and, most important for me personally, doesn't support Windows (although I did find an (abandoned) PR for a Windows port).
I think a GUI based solution for this, similar to the existing cheat search, could be a very useful addition to Dolphin (although obviously not a full replacement for the MemoryWatcher functionality).

Similar to value-based search, this "access-based search" could work with a basic process of elimination to narrow down results.
For example, finding the address(es) for a character's ability list might look something like this:
  1. Start the 'searching' process. All memory addresses accessed from this point on are stored.
  2. Do something in the game that definitely accesses your intended address, like opening a character's ability list.
  3. End this 'scan'. All addresses that were not accessed in this time period are definitely not our cheat, so they can be 'eliminated'.
We now have a list of addresses that were used when opening the list, as well as a lot of 'junk results' from other things that happened in the same time-frame. To eliminate the majority of these junk results:
  1. Start the next 'scan'. All memory accesses to addresses that were not previously eliminated are stored.
  2. This time do something that definitely does not access your intended address. Walk around, talk to people, open menu's, whatever you like, as long as the intended address(es) (character abilities) are not accessed.
  3. End this 'scan'. All addresses accessed in this time period are definitely not our cheat, so they can be 'eliminated' as well.
Our list is now hopefully a lot shorter (although probably not entirely junk free), but this unfortunately includes uninteresting things like textures and animations. Fortunately this can be narrowed down further quite easily, simply by doing another 'elimination round' like this:
  1. Start a new 'scan'.
  2. Open up a different character's ability list. This will (probably) use a lot of the same addresses as the previous one, with the notable difference being that a different character's abilities are accessed.
  3. End this 'scan'. All addresses that were accessed are eliminated.
Just like value-based search this might not narrow the results down enough, which brings us to the 'last' step:
  1. Rinse and repeat. Keep eliminating addresses based on if they should've been accessed or not within a specific time-frame, until only a few addresses remain.
In some cases it might even be possible to know what value was read/written (for example an ID for a certain ability), which could be used to further narrow down results.


This is not a perfect way to find cheats of course, but neither is the value-based search.
However, I'm very much a noob when it comes to how emulation (or programs in general) work this close to the metal, so perhaps this method is not actually feasible.

I'd love to contribute this myself, but I haven't done much with C++ beyond "Hello world!" and knowing the basics of pointers (although I have about 10 years of (hobby) experience in other languages). Even if I decided to learn C++ (which I'm very close to doing), I still wouldn't know anything about emulation, and I feel like that could cause issues when contributing to an emulator...
Reply
05-11-2020, 05:08 PM
#2
Modception Offline
Junior Member
**
Posts: 18
Threads: 0
Joined: May 2020
Not sure if it'd work well. There can be a lot of memory that's read by opening a list, stuff that gets shuffled around, etc. Comparing access between two different character ability lists being opened might work though.

There was a custom debugger build that had something similar, except it tried to look for blocks of code being accessed at certain times. It was kind of janky, but worked once in awhile https://forums.dolphin-emu.org/Thread-wip-debugger-build

If you wanted to try it as an experiment, it might not be too hard. The only tricky thing would be finding how to stream memory accesses to a file. You would want to make sure not to write duplicates though.
Find
Reply
« Next Oldest | Next Newest »


  • View a Printable Version
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 1 Guest(s)



Powered By MyBB | Theme by Fragma

Linear Mode
Threaded Mode