More actions
No edit summary |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
|author=tomvita | |author=tomvita | ||
|lastupdated=2021/02/03 | |lastupdated=2021/02/03 | ||
|type= | |type=Save Managers and Editors | ||
|version=1.5 | |version=1.5 | ||
|license=Mixed | |license=Mixed | ||
Line 232: | Line 232: | ||
== External links == | == External links == | ||
* GitHub - https://github.com/tomvita/SE-tools | * GitHub - https://github.com/tomvita/SE-tools | ||
* GitHub - https://github.com/tomvita/EdiZon-SE | * GitHub - https://github.com/tomvita/EdiZon-SE | ||
Line 238: | Line 237: | ||
* GitHub - https://github.com/tomvita/Atmosphere | * GitHub - https://github.com/tomvita/Atmosphere | ||
* GitHub - https://github.com/tomvita/Noexes | * GitHub - https://github.com/tomvita/Noexes | ||
* GBAtemp - https://gbatemp.net/threads/se-tools-all-your-game-memory-hacking-needs-in-one-package.575131/ | |||
* Tutorials/Forum - https://gbatemp.net/forums/tomvitas-tools.328/ |
Latest revision as of 12:27, 22 April 2023
SE tools | |
---|---|
General | |
Author | tomvita |
Type | Save Managers and Editors |
Version | 1.5 |
License | Mixed |
Last Updated | 2021/02/03 |
Links | |
Download | |
Website | |
Source | |
SE tools is a set of tools for Nintendo Switch game memory hacking.
With SE tools you can search for memory location that will affect the behaviour of the game when modified and create cheat codes that modify these memory location.
SE tools consist of two major components and some optional components.
- EdiZon-SE is the memory searching tool.
- Pointersearcher-SE is the pointer searching tool. Many memory locations are dynamic and changes when the game relaunch and some even changes as the game progress. A pointer chain is required to locate these memory locaton.
All the tools are package into one release to be used with the latest version of atmosphere.
Installation
Copy content of NX.tools.zip to the root of you SD card and reboot.
Note: This pack is made for atmosphere 17.1 you must replace \atmosphere\contents\010000000000000D with a version that match your atmosphere version if you are not on 17.1. Go get it here if your atmosphere is older.
User guide
Search Memory
1. Assuming you already have atmosphere install. Copy the content of the zip files for the switch into the root of your SD card. Restart your switch.
2. Launch the game. Press Home
when there is something interesting you want to search. Press Up
then A
.
3. Take the example of the game "Kingdom Rush Frontiers" and we will search for the amount of gold you have. You will see the following screen.
4. Press Y
and L
and R
to navigate the setup for search.
5. Data Type is how the data is represented in memory. You have to make a guess what type it is. A good starting point is u16. (If that does not work try flt
and dbl
next).
6. Mode is how the content of memory is to be compared with the value you enter. In this case the value can been seen on game screen to be 840 so we choose ==
.
7. Region is where the app will search. Choose HEAP+MAIN
unless you already know where it is located.
8. In the VALUE tap press A
to enter the value 840. Highlite the Search Now!
box and press A
. after a few second you will see that some candidates has been found.
9. Go back to the game (press Home
and Home
). Spend some gold.
10. Press Home
then Up
then A
. Press Y
. Enter the new value. Search again and this time you will find that there is only a few candidates left. Go back and repeat from Step 8 if there is too many candidate.
11. Now select one of the candidate and press A
to modify the value. Go back to the game and see if you have found the right memory location.
12. Now that the memory location is found the next step is to add it to bookmark by press Plus
and enter a label. Press L
to toggle bookmark view.
13. Since we use data type u16 to perform the search you can see on the status line above that the address relative to Heap and that the type is u16. Press RStick
and take a look at the memory editor.
14. Since the value of the upper order bytes are zero maybe the datatype is u32. Go back to bookmark view. Press ZL+R
to change the datatype to u32. Now enter a large value and see what happens. We have confirm that the data type is u32.
15. Next we test if this memory location is dynamic. Let try RESTART
. The memory looks to be the same. How about QUIT
and come back. Now we see the memory location is no longer valid. We will need pointer in order to not need to keep repeating the search in this case.
16. We proceed to find the new memory location.
Search Pointer Chain
1. Next we will use the pointer searching tool on PC. Launch either pointersearcher.exe or pointersearcher64.exe (will need this for cases where more that 4Gbyte of memory is needed). Click on Attach dmnt
.
2. Fetch bookmark from EdiZon SE.
3. Copy and paste into the TargetAddress1. Click on Dump Ptr
.
4. When the dump is complete click on Reset and Search
. Adjust MaxDepth, OffsetNum and OffsetRange until candidates are found. In this example many targets are found.
5. To perform a second dump go back to the game make the memory location of gold change. Now we have gold2
. Select File2
and click on Dump ptr
to make the second dump. Click on Narrow Down Result
to reduce the number of targets.
6. Click on Export To EdiZon SE
to export the result ready for EdiZon SE to import into bookmark.
7. Clock on Push Export to EdiZon SE
which will push the file over to the switch. pointer search example:
8. On the switch press ZL+Plus
to import bookmark. The imported bookmark has the label import
.
9. To test whether this is the real deal. Change the game state and see if import
points to the gold.
10. Turns out that this pointer chain is only valid when some gold has been spend. The screen shot shows the pointer chain is able to resolve into the correct address of gold3
.
Create cheat code
1. Edit the bookmark label to what you want to show as the cheat code label.
2. Edit the value of memory to what you want the code to set.
3. To create cheat code choose the bookmark and press Y
. This will create a cheat code with the bookmark's label and set it to the current value at the memory location.
4. Press ZL+B
to quite and reload to see the cheat code appear on the cheats section.
Unknown value search
Here we use the game "Zombie Blast Crew" as an example.
The life bar has the value of 1400. But after some direct value search we can't find a memory location that can be used to change this value. We now try unknown value search as the representation isn't direct.
After the current value has been dumped go back to the game and let the life bar reduce a bit.
Continue with [--] search. You will need to do [--] or [++] search until the candidate list is reduced to a manageable amount. Recover HP with potion if needed. In general you should not allow the character to die because the address may change. In this case it does not change if you die but at this stage you won't know yet.
Now that there is not that many candidate left it's time to take a look at them. Those that looks promising you have to hack them to see if it works. Sometimes hacking value may cause the switch to crash. It is just too bad that the progress would be lost. This is a hazard that cannot be avoided. After some trial and error you will find that hacking the two value that is close to the display value divided by 10 makes a difference. One will keep you alive and the other will affect the life bar but you will still die.
Freeze both value will give you infinite HP. You will find that the life bar don't directly correspond to the value that affects the life bar. This is rather common. In this case probably the code only update the life bar when there is change and it put up the value you hack - HP that was just lost. Now with these two memory found you are ready to proceed to find pointers for these two value.
Moon jump search
1. For some games you can find moon jump this way. Please note that this isn't applicable to all games.
2. For many game a floating point number is added to make the character rise or fall.
3. Press the jump button. Make sure the character is on the rise then pause the game. Do a range search.
4. Next pause the game when the character is falling. Do a range search of the opposite polarity. (i.e. if you search for a positive range now search for a negative range and vice versa).
5. Repeat step 3 and 4 until you narrow down to a small candidate list.
6. Pause the game while the character is on the rise. Go to the candidate list and freeze a few of them. Go back to the game and see if the character keep rising continously. If it does one of the candidates you frozen is the moon jump memory location. Now unfreeze them one by one until the character stop rising. If nothing happens continue until the candidate list has been exhaused.
7. If you found the address proceed with step 8, if not repeat from step 3 with a different range, polarity or datatype, bear in mind that this method is not applicable to all games.
8. Added the found address to bookmark and label it moon jump.
9. Go to the bookmark you just added. Edit the value to a value you want this moon jump to be (how fast the character will rise). Press ZL+A
to add this to code. Press ZL+B
to reload dmnt and see that a new code has been added to the cheat code list.
10. Choose this code you just created. Press Rstick
to assign a moon jump button. Enable this code and test your newly created moon jump.
11. Repeat from step 9 and 10 if the value you set don't work well. When you are satisfied with your moon jump proceed to next step.
12. The memory location you found is not static in most cases. You may have to replace the static memory with a pointer. Once you found the pointer you can either replace the static code or repeat step 7 to 10.
Changelog
V1.5 2021/02/03
- Update the following components. Check the release notes for information on new features and bug fixes.
- This pack is made for atmosphere 17.1 you must replace \atmosphere\contents\010000000000000D with a version that match your atmosphere version if you are not on 17.1. Go get it here if your atmosphere is older.
V1.4 2020/12/01
- Bookmark added with "+" create an entry in BMDump.dat. This file will be use for bookmark import for pointersearcher SE.
- This change reduce potential clutter created by imported bookmarks. Having EdiZon SE running no longer block bookmark import.
- Now bookmark imported shows the bookmark label and can be drag and dropped into target cell for pointer search.
- Special thanks to CJBok for contributing to enhancements in pointersearcher SE.
- Update the following components.
- Dmnt version included in NX.tools.zip is for atmosphere 15.
- Use 010000000000000D.16.2.ZIP for atmosphere 16.2 or you can also get from here.
V1.3 2020/11/16
- Update EdiZon SE to 3.7.20.
- Now you have options to use separate bookmarks for each mission. With this option you can validate bookmarks imported for each mission in parallel.
- Now you can use search to narrow down the book mark list.
- Now press R when the search type is floating point negate the search values (good for some moon jump search).
- Now you are able to import cheat code from cheat database.
- On welcome screen you have the option to download updated cheat database and enable import from cheat database.
- If dmnt is already attached you will have to reload dmnt or restart the game. If dmnt isn't loaded the cheat will just work.
- Requires atmosphere 15.0.
- Made up of the following components:
V1.2 2020/11/03
- Copy content of NX.tools.zip to the root of your SD card.
- Requires atmosphere 15.0.
- EdiZon SE has a dump file format change. This result in Pointersearcher SE and Noexs sysmodule needing to be updated.
- Made up of the following components:
V1.1 2020/10/22
- Copy content of NX.tools.zip to the root of your SD card.
- Requires atmosphere 14.4.
- PointerSearcher-SE 0.5.7 fix a wireless dump file bug: Wireless dump not in ascending order when main > heap.
- This cause failure when the dump is use for narrow down.
- Made up of the following components:
V1.0 2020/10/07
- First release. Copy content of NX.tools.zip to the root of your SD card.
- Requires atmosphere 14.4.
- Made up of the following components:
External links
- GitHub - https://github.com/tomvita/SE-tools
- GitHub - https://github.com/tomvita/EdiZon-SE
- GitHub - https://github.com/tomvita/PointerSearcher-SE
- GitHub - https://github.com/tomvita/Atmosphere
- GitHub - https://github.com/tomvita/Noexes
- GBAtemp - https://gbatemp.net/threads/se-tools-all-your-game-memory-hacking-needs-in-one-package.575131/
- Tutorials/Forum - https://gbatemp.net/forums/tomvitas-tools.328/