Cheat Engine

DFA · How do I cheat? Reputation: 0 Joined: 07 Feb 2012 Posts: 4

I am using ePSXe 1.7.0
and Cheat Engine 6.1

Game: SaGa Frontier

I started on a project on SaGa Frontier ROM hacking
here are my discoveries so far - http://biolab.warsworldnews.com/viewtopic.php?f=3&t=23
(sorry for the link, the forum wont allow links for me, but its a legit non-spam link)

when using CEP, i use the base address value 0094C020

when it comes to adding gameshark codes to Cheat Engine.
i use base address + code's address

for example, the map number is stored at 1300c

0094C020 + 1300c gives me the map number address with cheat engine.

95F02C is the address of the map number (with Cheat Engine)

if i use copy & paste, to increment the address by 1, the new address looks like this.

ePSXe.exe+55F02C
the value of the ePSXe.exe portion is 00400000

Apparently this is the "base adddress"??

I am confused why copy and paste is adding ePSXe.exe+
i do not want this portion on my address, is there any way to remove it?

I dont understand why its 00400000 also

I am mostly trying to just monitor values (event flags to see when they change) and i am having trouble with the program inserting ePSXe.exe+ portion the the address. because I am already adding 0094C020 to my address, now its like 2 operations just to find my address??

also, i will summerize this, any way possible to get MIPS disassembly in the debugger window? I think it is just showing me the MIPS instructions recompiled for x86.

Dark Byte · Posted: Tue Feb 07, 2012 10:45 am Post subject:

Modules (like DLL's and .EXE's) can be loaded at a random location every time the program starts, that's why it's prefered to use modulename+offset notations
Older .exe's don't do that and always load at 00400000 so just statically using addresses like 0094c020 is possible for those

You can't prevent the rewriting by copy/paste combined with a offset change else eventually you'd get addresses written down as 0094c020+2+2+2+2+2+2+2+2+2
Just do a copy paste and edit the new address manually

About mips instructions: It's not possible, and besides, emulators do not execute mips code but x86 code. Perhaps you can find a pointer somewhere that points to the mips code but it's not accessed after it has been compiled to x86

DFA · How do I cheat? Reputation: 0 Joined: 07 Feb 2012 Posts: 4

Sorry, i dont know much about pointers or how to use them with Cheat Engine.

1) how can i make a breakpoint when a value at one of my addresses changes? What I am doing specifically, in this game, each character has a byte for their event flags. I have added the addresses manually by adding the base address + RAM address, and i added labels.
it works as intended, i see a list of all the characters and their flags are what they should be.
I would like to know, is there any way I can set process to stop running (like a breakpoint) when a value changes.

2) when using ePSXe 1.7.0, its gving me ePSXe.exe+
what if i am trying to use another emulator or program, how do i adjust the offset? how do i change the value of what ePSXe.exe is giving.

3) is there anyway i can make the address be displayed with an offset, as mentioned earlier, i must add like 1300c to the base adresss 0094C020.
i would like to know if theres a way possible to display 1300c instead of both values added together

also, what is that 07CC before the ePSXe.exe ?

Dark Byte · Posted: Tue Feb 07, 2012 2:48 pm Post subject:

1: you can set a breakpoint yes, in the memoryview window select the bytes, rightclick and choose the option to break on write
But understand that the code that changes the address is the code of the emulator that changes the value, not that of the game

2: you must know the exact version of the emulator and know where it stores the emulated ram's base address

3: no, you'll have to use the description if you wish to show that

7cc means the processid of the emulator

DFA · How do I cheat? Reputation: 0 Joined: 07 Feb 2012 Posts: 4

I dont know if u are familiar with CEP

(ugh, cant post links, google search: cep psx , its the first post, has link to download CEP)

but its a basic memory editor designed specifically for emulators.

Someone else found the base address for ePSXe 1.7.0 is 0094C020

does this mean, the person who found this base address added 400000 to 0054C020) to find 0094C020?

I dont know, if somehow you understand my confusion and could clear things up for me.

to Re-iterate, in CEP i use base address 0094C020 for my GameShark codes. when I want to convert (to Cheat Engine) my GameShark codes, i add the address to the base address 0094C020. Then I am finding out that its actually ePSXe.exe+0054C020?

Anyway sorry If I am not explaining my confusion fully, but please try to clear up this confusion.

Please explain this stuff as best as you can. What i learn from you, i will pass this information along to other PSX ROM hackers.

Also 1 more thing, a small part.
What if i change emulators, so the ePSXe+ portion is no longer good.
do i need to write a program to edit each line in the XML or something?

Dark Byte · Posted: Wed Feb 08, 2012 1:34 am Post subject:

0094C020 looks like a module address
An address that falls inside a module can be written as modulename+offset , so an alternate exactly correct address is "ePSXe.exe+0054C020"

But from what I understand from emulators this just means that ePSXe.exe+0054C020 contains the virtual address where the emulated memory of the psx is stored

So I don't think it's 0094c020+gamesharkaddress, but actually [0094c020]+gamesharkaddress
Read that as: Get the address at 0094c020 and add the gameshark offset to it