Affiliates |
|
Latest topics | » Deepest regards to the Sneaky CommunityFri Apr 10, 2020 11:27 pm by sabian49 » damn sneaky, RiP. It was funSat Oct 11, 2014 1:25 am by Sylen7Nato» Just Another Blonde Joke xD FUNNY AS FAWKMon Mar 03, 2014 5:37 pm by Rossy Redness » Hey it's Skinny107Tue Dec 03, 2013 8:24 pm by o5Gz » ps3 hacking!Mon Jun 10, 2013 9:42 pm by Sylen7Nato» PSP ISO ListMon Jun 10, 2013 9:28 pm by Sylen7Nato» tiger renderFri May 10, 2013 3:11 pm by mk7 » SWORN. Sun Dec 09, 2012 6:25 am by EverEffects» homefront redeem codeFri Nov 30, 2012 1:32 am by EverEffects» Calling SwornTue Nov 20, 2012 4:34 pm by EverEffects» Thought Id Stop By And Say HiThu Nov 15, 2012 3:40 am by HappySnacks69 » An Introduction Tue Nov 13, 2012 2:33 am by Ace700 |
Statistics | We have 4719 registered users The newest registered user is CraftPR
Our users have posted a total of 13086 messages in 2891 subjects
|
Who is online? | In total there is 1 user online :: 0 Registered, 0 Hidden and 1 Guest
None
Most users ever online was 328 on Sun Jul 04, 2021 8:20 am
|
|
| Author | Message |
---|
SwoRNLeaDejZ
Administrator
Posts : 2120 1337ness : 140 Join date : 2010-09-17 Age : 38 Location : Massachusetts
| Subject: DMA Hunter Plus Tutorial Fri Nov 05, 2010 3:43 pm | |
| This is a tutorial, written by SaNiK himself, on how to use DMAHunter with 2 RAM Dumps to find a DMA pointer. Enjoy. - SaNiK wrote:
- The Address
1) Addresses on the PSP are actually 0x08800000 and on 2) A cheat might have an address of 0x00005000, but that's not the real address, that's the "SHORTCUT ADDRESS" 3) The REAL address is 0x08805000 (Add 0x08800000 + 0x00005000) 4) So when the game uses the address, it uses the REAL ADDRESS to access it, and NOT the SHORTCUT ADDRESS 0x00005000 5) Remember the word "SHORTCUT ADDRESS"
Pointers 1) Pointers have 2 parts 2) Part 1 is the ADDRESS of the pointer itself 3) Part 2 is the VALUE inside the pointer (which is actually an address) 4) So let's say we go to address 0x08805000, and the number inside there is 0x08806000 7) This means that there is a pointer at 0x08805000 that points to 0x08806000
Pointer Offsets 1) From the above example we had a pointer at 0x08805000 that points to 0x08806000 2) BUT, let's say the player's health is at 0x08807000 3) We play the game, and then the pointer at at 0x08805000 NOW points to 0x08806500 4) We then notice that the player's health is no longer at 0x08807000 but instead at 0x08807500 5) This mean that the player's health is RELATIVELY DEPENDENT on the address that the pointer points to 6) We notice that to get the address of the player's health, we do: address of player's health=address that the pointer points to+0x1000 7) 0x1000 can be said to be the "RELATIVE OFFSET"
nitePR format 1) nitePR's DMA codes are in this format: 0xFFFFFFFF 0x___1____ 0x____2___ 0x____3___
2) In 0x___1____ is the "SHORTCUT ADDRESS" of the POINTER 3) 0x____2___ is the "RELATIVE OFFSET" that gets added to the ADDRESS POINTED TO BY THE POINTER 4) 0x____3___ is the VALUE that gets STORED at the POINTED ADDRESS
dmaHunter 1) Find a cheat by searching for it, write down the "SHORTCUT ADDRESS" 2) Dump RAM in slot 1 3) MAKE the game change the pointers (be it by restarting the game or joining a different map) 4) Find the cheat AGAIN by searching for it, write down the "SHORTCUT ADDRESS" 5) Dump RAM in slot 2 6) Quit 7) Connect the PSP to the USB Run DMA hunter
9) DMA hunter asks you for two RAM dumps 10) Select the RAM dumps in the proper order, order matters 11) So select RAM DUMP #1 first, and enter the "SHORTCUT ADDRESS" you got in step #1 12) Then select RAM DUMP #2, and enter the "SHORTCUT ADDRESS" you got in step #4
13) dmaHunter will now cross reference the two dumps to find all the values that changed by the same amount 14) If successful, dmaHunter should say (hopefully):
Quote: --Found, address "SHORTCUT ADDRESS", value changed from "REAL ADDRESS A" to "REAL ADDRESS B"
15) "SHORTCUT ADDRESS" is the ADDRESS OF THE POINTER 16) You now need to compute the "RELATIVE OFFSET"
17) The "RELATIVE OFFSET" can be gotten by first converting either "REAL ADDRESS A" or "REAL ADDRESS B" into "SHORTCUT ADDRESS" form 18) To do this, we pick either REAL ADDRESS A or B, and then subtract 0x08800000 to get the "converted SHORTCUT ADDRESS" , that's it
19) Finally, the OFFSET can be calculated by: "RELATIVE OFFSET"="SHORTCUT ADDRESS you got in step #1"-"SHORTCUT ADDRESS A which you converted" or "RELATIVE OFFSET"="SHORTCUT ADDRESS you got in step #4"-"SHORTCUT ADDRESS B which you converted" 20) Both equations should give you the same "RELATIVE OFFSET"
I take NO credit for this one, this is all SaNiK. - Attachments
- DMAhunter.zip
- You don't have permission to download attachments.
- (6 Kb) Downloaded 31 times
|
| | | Literiture Vip
Posts : 313 1337ness : -11 Join date : 2010-10-02 Age : 28
| Subject: Re: DMA Hunter Plus Tutorial Fri Nov 05, 2010 5:13 pm | |
| Couldnt really understand the part on the pointer offset, plus when i dum the ram , plugged my psp , the dump looks like a .flv folder |
| | | SwoRNLeaDejZ
Administrator
Posts : 2120 1337ness : 140 Join date : 2010-09-17 Age : 38 Location : Massachusetts
| Subject: Re: DMA Hunter Plus Tutorial Fri Nov 05, 2010 5:32 pm | |
| dude, you load the game, find the address, goto PRX in NitePR and Dump Ram in Slot #0, then do it again, in slot #1, and then again in slot #2, you will have three files on the ROOT of your memory stick, called dump0.ram dump1.ram dump2.ram
those are your ram dumps. |
| | | Emu Newbie
Posts : 22 1337ness : 0 Join date : 2011-07-09 Age : 30
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 2:35 am | |
| Ugh, this program makes me sick. If you want to defeat dma do this: --1. Find your DMA code address ______1. Convert your code to real addressing ______2. Write your code down --2. Go to exact searcher in the searcher tab ______1. Input the code in the hex value slot that you wrote down ______2. Subtract 4 from the address (last number on right in hex) ______3. Search..... ______4. If no results undo search and repeat steps 2 - 3 in this category --3. If result if found write down the address and its hex value ______1. The Address is you pointer so make your code: 0xffffffff 0x<Pointer> ______2. Subtract the hex value of the pointer from your dma address ______3. The subtraction is your offset which its usual format is 0x000000XX ______4. Complete the code: - Code:
-
#DMA_TEST 0xFFFFFFFF 0x<Pointer> 0x<Offset> 0x<Value> note: Value is your own value |
| | | SwoRNLeaDejZ
Administrator
Posts : 2120 1337ness : 140 Join date : 2010-09-17 Age : 38 Location : Massachusetts
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 2:49 am | |
| - Emu wrote:
- Ugh, this program makes me sick.
If you want to defeat dma do this:
--1. Find your DMA code address ______1. Convert your code to real addressing ______2. Write your code down --2. Go to exact searcher in the searcher tab ______1. Input the code in the hex value slot that you wrote down ______2. Subtract 4 from the address (last number on right in hex) ______3. Search..... ______4. If no results undo search and repeat steps 2 - 3 in this category --3. If result if found write down the address and its hex value ______1. The Address is you pointer so make your code: 0xffffffff 0x<Pointer> ______2. Subtract the hex value of the pointer from your dma address ______3. The subtraction is your offset which its usual format is 0x000000XX ______4. Complete the code: - Code:
-
#DMA_TEST 0xFFFFFFFF 0x<Pointer> 0x<Offset> 0x<Value> note: Value is your own value I understand all that bro, but the everyday user on this site, would not. Plus this post is relatively old, rather than breathing life into an old thread, why not write a tutorial?? Sounds like an idea now doesn't it... |
| | | Emu Newbie
Posts : 22 1337ness : 0 Join date : 2011-07-09 Age : 30
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 3:04 am | |
| Well, the smart thing to do is to not post if old and can easily be googled. Plus it was a suggestion on what to do.
OFFTOPIC: The chatbox won't let me log in -_-" |
| | | SwoRNLeaDejZ
Administrator
Posts : 2120 1337ness : 140 Join date : 2010-09-17 Age : 38 Location : Massachusetts
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 5:32 am | |
| - Emu wrote:
- Well, the smart thing to do is to not post if old and can easily be googled. Plus it was a suggestion on what to do.
OFFTOPIC: The chatbox won't let me log in -_-" Sorry about that, read my original reply again, didn't realize i sounded like such an asshat I am busy working on the other site and I didn't mean to be snappy |
| | | JZydex Finest
Posts : 495 1337ness : 3 Join date : 2011-03-19 Age : 28 Location : salinas ca.
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 6:06 am | |
| Didnt sanik invent Nitepr And did he also play FTB2?? |
| | | Emu Newbie
Posts : 22 1337ness : 0 Join date : 2011-07-09 Age : 30
| Subject: Re: DMA Hunter Plus Tutorial Sat Jul 09, 2011 11:10 pm | |
| Yeah SANiK invented nitePR but the source is pure garbage. I also don't know if he played ftb2 or not. |
| | | KnightMaire Vip
Posts : 229 1337ness : 20 Join date : 2011-01-29 Age : 31 Location : Massachusetts
| Subject: Re: DMA Hunter Plus Tutorial Sun Jul 10, 2011 12:38 am | |
| - Emu wrote:
- but the source is pure garbage
- SaNiK wrote:
- Good luck decoding what it all does.
A hint to how messy it is: I used #include files instead of linking code/separating code into .c files =o It's messy like that because I didn't actually sit down and plan nitePR out... I added as I went along. |
| | | Emu Newbie
Posts : 22 1337ness : 0 Join date : 2011-07-09 Age : 30
| Subject: Re: DMA Hunter Plus Tutorial Sun Jul 10, 2011 12:44 am | |
| Let me clear things up for you some more since you do research. Yeah SANiK's source is messy (which I didn't comment on about his neatness) but he coded everything very poorly besides the Hexidecimal Function. Even if he didn't plan it out he could have written the crapola! in a much shorter code source.
|
| | | Sponsored content
| Subject: Re: DMA Hunter Plus Tutorial | |
| |
| | | |
Page 1 of 1 | |
| Permissions in this forum: | You cannot reply to topics in this forum
| |
| |
| |