DOSBox Static Addresses

Dread_Pony_Roberts

Code Cracker
Table Maker
Joined
Dec 9, 2018
Messages
220
Reaction score
110
I'm glad I could help.

It seems GOG is updating their DOSBox so they can use their new cloud saving on DOS games, I would check all your cheats for GOG DOS games because of it. I personally get around it because I use DOSBox Game Launcher for all my DOS games so the versions are never updated unless I want them to.
 

daninthemix

Expert Cheater
Joined
Jul 18, 2017
Messages
64
Reaction score
18
Can anyone advise the best way to find addresses that change every level? I'm talking about Syndicate Wars here (I posted a paid cheat request for it a while back) - I found all the pointers for the relevant values, they work every time I run the game, but only on the first level.

What would be a good approach to finding those values for every level? AOBscan? Do I need to go to a deeper level with my pointers?
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
daninthemix said:
What would be a good approach to finding those values for every level? AOBscan? Do I need to go to a deeper level with my pointers?
My suggestion is to either scan for a deeper pointer level or you should try to find some code which uses the addresses. Then make a code injection to copy the correct address into your own variable.
 

daninthemix

Expert Cheater
Joined
Jul 18, 2017
Messages
64
Reaction score
18
OK now I'm confused again. Using the current DOSBox from dosbox.com, version 0.74-2, modified date 30/08/2018 13:33.

If I manually add 0x01D1ABFC I get a pointer to 1630A020.

If I find a temp value (missiles), it's before that pointer, at 1261AC4C.

What do I do?
 

Warrax

What is cheating?
Joined
May 21, 2019
Messages
1
Reaction score
0
daninthemix said:
Anyone have the base address for DosBox 0.74.2.1?
I got 0x01D26C0C in Ida.

Problem is, I seem to be finding negative offsets when I search for the values and then they don't stay in the same place when I re-open the game. I am specifically using that version of DOSBox bundled as part of a GoG install of Master of Magic, to be specific.

So I find the address for DST with Ida, and then use that as my base pointer. Then in game I find what I need (in my case, Gold and Mana) and set up something that works while I have the game open. But as soon as I reopen the game, it falls apart. The offset has changed, so things are wrong when I reopen the table. I figure I must be doing something wrong either when I'm trying to add the VMEM base pointer or when I'm attempting to make the address relative to that pointer.

Any thoughts?
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
Hmm no exact idea right out of the box. A negative offset should definitively not happen at all.

Edit: but I can feel your pain. Same problem for me with Ultima Underworld, using DosBox 0.74-2.

Genereal Workflow to create the entrys:
  • add the VMEM Pointer
  • find the current address of whatever you want to cheat in your game
  • open up the windows calculator, set it to "programmer"
  • copy the address of your value via clipboard into the calculator
  • press minus on the calculator
  • copy the address where the VMEM points to into clipboard
  • paste the address into the calculator and press enter
  • copy the result (the difference of the two addresses) into the clipboard
  • add a new manual entry, as address enter "+" and paste the result from the calculator in
  • use drag&drop to attach your manual entry indented below the VMEM pointer
  • if all went right, the manuel entry now points to the same address as the result from your memory scan

have fun,
Marc
 

bwah

What is cheating?
Joined
Jul 21, 2019
Messages
1
Reaction score
0
When scanning dosbox with Cheat Engine, how do you limit the search area to MS-DOS conventional memory? How do you determine the conventional memory area?
 

ludo1800

What is cheating?
Joined
Jul 21, 2019
Messages
4
Reaction score
1
daninthemix said:
Anyone have the base address for DosBox 0.74.2.1?
As showed in the tuto video, with IDA, I found "1d26c0c".

                                                                                      ___________________


I try to found some values on Albion (1995) from GoG, wich is based on DosBox 0.74.2.1 apparently...

But, there is an issue, when I restart the game, the value are not in the same place, even with "pointers"...
Dread_Pony_Roberts said:
It seems GOG is updating their DOSBox so they can use their new cloud saving on DOS games
Hmmmm, is that why ?
Dread_Pony_Roberts said:
I personally get around it because I use DOSBox Game Launcher for all my DOS games so the versions are never updated unless I want them to.
So, you use a "personnal" version of DOSBox to launch games from GoG, if I understand correctly...
Can you be a little bit more specific, please ?
 

Dread_Pony_Roberts

Code Cracker
Table Maker
Joined
Dec 9, 2018
Messages
220
Reaction score
110
I should have clarified. DOSBox Game Launcher isn't a special version of DOSBox, it is just a launcher that allows you to more easily create configs and shortcuts for DOS games. The same can be accomplished by manually creating shortcuts that point to the DOSBox.exe itself and a config as shown in this example ("C:\DOSBOX\DOSBox.exe" -conf "..\dosbox.conf"). You can then put the commands to launch the game in the config's "autoexec" section.
 

ludo1800

What is cheating?
Joined
Jul 21, 2019
Messages
4
Reaction score
1
Okay, so, if I get it right :
You use the standard version of Dosbox as everybody else, with configuration files made by yourself
and not those released with the GoG version of the game.

But GoG uses their own personal modified version of DosBox ?
 

ludo1800

What is cheating?
Joined
Jul 21, 2019
Messages
4
Reaction score
1
Hmmmm, I try to launch with the standard version of DOSBOX...
It launches... I get the menu "Start / Settings / exit", I get the intro video, but if I press [Escape], I'm out, the program closes itself. And if I let the video going to its end, I get stuck with the image of Driscoll in his room, only [Escape] works and ends the program...

I'm affraid I still need a little help ;) !
 

Dread_Pony_Roberts

Code Cracker
Table Maker
Joined
Dec 9, 2018
Messages
220
Reaction score
110
Could you please tell me what game you're running, it may be a bit more technical fiddling to get it to work.
 

Dread_Pony_Roberts

Code Cracker
Table Maker
Joined
Dec 9, 2018
Messages
220
Reaction score
110
Hmm, that's odd. It worked fine for me.

Now that I think of it, you could probably take gog's shortcuts and link them to your own DOSBox.exe. I would put the DOSBox's folder in the game's folder and change the DOSBox's folder name to something like (DOSBOX SAFE). That should future proof it so you can cheat away.

I created the rest before I thought of that method. You can continue reading if that method doesn't work or you want to learn a bit more about how DOSBox works. If nothing works then it could be your DOSBox itself that is not working.

I'll give you a shortcut and config that should work albion so we can try to troubleshoot the problem.

The shortcut should look like
"(path to DOSBox)\DOSBox.exe" -conf "(path to conf)\dosbox_albion.conf"
You can add (-noconsole -c exit) to the end of the shortcut, this will remove the console and exit when you press the exit button in the game. It is best to not add this until you know that the game works, otherwise it will exit when the game crashes and you won't have a console to see what's happening.

The config should look like
# This is the configurationfile for DOSBox 0.74. (Please use the latest version of DOSBox)
# Lines starting with a # are commentlines and are ignored by DOSBox.
# They are used to (briefly) document the effect of each option.

[sdl]
# fullscreen: Start dosbox directly in fullscreen. (Press ALT-Enter to go back)
# fulldouble: Use double buffering in fullscreen. It can reduce screen flickering, but it can also result in a slow DOSBox.
# fullresolution: What resolution to use for fullscreen: original or fixed size (e.g. 1024x768).
# Using your monitor's native resolution with aspect=true might give the best results.
# If you end up with small window on a large screen, try an output different from surface.
# windowresolution: Scale the window to this size IF the output device supports hardware scaling.
# (output=surface does not!)
# output: What video system to use for output.
# Possible values: surface, overlay, opengl, openglnb, ddraw.
# autolock: Mouse will automatically lock, if you click on the screen. (Press CTRL-F10 to unlock)
# sensitivity: Mouse sensitivity.
# waitonerror: Wait before closing the console if dosbox has an error.
# priority: Priority levels for dosbox. Second entry behind the comma is for when dosbox is not focused/minimized.
# pause is only valid for the second entry.
# Possible values: lowest, lower, normal, higher, highest, pause.
# mapperfile: File used to load/save the key/event mappings from. Resetmapper only works with the defaul value.
# usescancodes: Avoid usage of symkeys, might not work on all operating systems.

fullscreen=true
fulldouble=false
fullresolution=original
windowresolution=original
output=surface
autolock=true
sensitivity=100
waitonerror=true
priority=higher,normal
mapperfile=mapper-0.74.map
usescancodes=true

[dosbox]
# language: Select another language file.
# machine: The type of machine tries to emulate.
# Possible values: hercules, cga, tandy, pcjr, ega, vgaonly, svga_s3, svga_et3000, svga_et4000, svga_paradise, vesa_nolfb, vesa_oldvbe.
# captures: Directory where things like wave, midi, screenshot get captured.
# memsize: Amount of memory DOSBox has in megabytes.
# This value is best left at its default to avoid problems with some games,
# though few games might require a higher value.
# There is generally no speed advantage when raising this value.

language=
machine=svga_s3
captures=capture
memsize=16

[render]
# frameskip: How many frames DOSBox skips before drawing one.
# aspect: Do aspect correction, if your output method doesn't support scaling this can slow things down!.
# scaler: Scaler used to enlarge/enhance low resolution modes.
# If 'forced' is appended, then the scaler will be used even if the result might not be desired.
# Possible values: none, normal2x, normal3x, advmame2x, advmame3x, advinterp2x, advinterp3x, hq2x, hq3x, 2xsai, super2xsai, supereagle, tv2x, tv3x, rgb2x, rgb3x, scan2x, scan3x.

frameskip=0
aspect=false
scaler=normal2x

[cpu]
# core: CPU Core used in emulation. auto will switch to dynamic if available and appropriate.
# Possible values: auto, dynamic, normal, simple.
# cputype: CPU Type used in emulation. auto is the fastest choice.
# Possible values: auto, 386, 386_slow, 486_slow, pentium_slow, 386_prefetch.
# cycles: Amount of instructions DOSBox tries to emulate each millisecond.
# Setting this value too high results in sound dropouts and lags.
# Cycles can be set in 3 ways:
# 'auto' tries to guess what a game needs.
# It usually works, but can fail for certain games.
# 'fixed #number' will set a fixed amount of cycles. This is what you usually need if 'auto' fails.
# (Example: fixed 4000).
# 'max' will allocate as much cycles as your computer is able to handle.
#
# Possible values: auto, fixed, max.
# cycleup: Amount of cycles to decrease/increase with keycombo.(CTRL-F11/CTRL-F12)
# cycledown: Setting it lower than 100 will be a percentage.

core=auto
cputype=auto
cycles=max
cycleup=1000
cycledown=1000

[mixer]
# nosound: Enable silent mode, sound is still emulated though.
# rate: Mixer sample rate, setting any device's rate higher than this will probably lower their sound quality.
# Possible values: 44100, 48000, 32000, 22050, 16000, 11025, 8000, 49716.
# blocksize: Mixer block size, larger blocks might help sound stuttering but sound will also be more lagged.
# Possible values: 1024, 2048, 4096, 8192, 512, 256.
# prebuffer: How many milliseconds of data to keep on top of the blocksize.

nosound=false
rate=44100
blocksize=1024
prebuffer=80


[midi]
# mpu401: Type of MPU-401 to emulate.
# Possible values: intelligent, uart, none.
# mididevice: Device that will receive the MIDI data from MPU-401.
# Possible values: default, win32, alsa, oss, coreaudio, coremidi, none.
# midiconfig: Special configuration options for the device driver. This is usually the id of the device you want to use.
# See the README/Manual for more details.

mpu401=intelligent
mididevice=default
midiconfig=

[sblaster]
# sbtype: Type of Soundblaster to emulate. gb is Gameblaster.
# Possible values: sb1, sb2, sbpro1, sbpro2, sb16, gb, none.
# sbbase: The IO address of the soundblaster.
# Possible values: 220, 240, 260, 280, 2a0, 2c0, 2e0, 300.
# irq: The IRQ number of the soundblaster.
# Possible values: 7, 5, 3, 9, 10, 11, 12.
# dma: The DMA number of the soundblaster.
# Possible values: 1, 5, 0, 3, 6, 7.
# hdma: The High DMA number of the soundblaster.
# Possible values: 1, 5, 0, 3, 6, 7.
# sbmixer: Allow the soundblaster mixer to modify the DOSBox mixer.
# oplmode: Type of OPL emulation. On 'auto' the mode is determined by sblaster type. All OPL modes are Adlib-compatible, except for 'cms'.
# Possible values: auto, cms, opl2, dualopl2, opl3, none.
# oplemu: Provider for the OPL emulation. compat might provide better quality (see oplrate as well).
# Possible values: default, compat, fast.
# oplrate: Sample rate of OPL music emulation. Use 49716 for highest quality (set the mixer rate accordingly).
# Possible values: 44100, 49716, 48000, 32000, 22050, 16000, 11025, 8000.

sbtype=sb16
sbbase=220
irq=7
dma=1
hdma=5
sbmixer=true
oplmode=auto
oplemu=default
oplrate=44100

[gus]
# gus: Enable the Gravis Ultrasound emulation.
# gusrate: Sample rate of Ultrasound emulation.
# Possible values: 44100, 48000, 32000, 22050, 16000, 11025, 8000, 49716.
# gusbase: The IO base address of the Gravis Ultrasound.
# Possible values: 240, 220, 260, 280, 2a0, 2c0, 2e0, 300.
# gusirq: The IRQ number of the Gravis Ultrasound.
# Possible values: 5, 3, 7, 9, 10, 11, 12.
# gusdma: The DMA channel of the Gravis Ultrasound.
# Possible values: 3, 0, 1, 5, 6, 7.
# ultradir: Path to Ultrasound directory. In this directory
# there should be a MIDI directory that contains
# the patch files for GUS playback. Patch sets used
# with Timidity should work fine.

gus=false
gusrate=44100
gusbase=240
gusirq=5
gusdma=3
ultradir=C:\ULTRASND

[speaker]
# pcspeaker: Enable PC-Speaker emulation.
# pcrate: Sample rate of the PC-Speaker sound generation.
# Possible values: 44100, 48000, 32000, 22050, 16000, 11025, 8000, 49716.
# tandy: Enable Tandy Sound System emulation. For 'auto', emulation is present only if machine is set to 'tandy'.
# Possible values: auto, on, off.
# tandyrate: Sample rate of the Tandy 3-Voice generation.
# Possible values: 44100, 48000, 32000, 22050, 16000, 11025, 8000, 49716.
# disney: Enable Disney Sound Source emulation. (Covox Voice Master and Speech Thing compatible).

pcspeaker=true
pcrate=44100
tandy=auto
tandyrate=44100
disney=true

[joystick]
# joysticktype: Type of joystick to emulate: auto (default), none,
# 2axis (supports two joysticks),
# 4axis (supports one joystick, first joystick used),
# 4axis_2 (supports one joystick, second joystick used),
# fcs (Thrustmaster), ch (CH Flightstick).
# none disables joystick emulation.
# auto chooses emulation depending on real joystick(s).
# (Remember to reset dosbox's mapperfile if you saved it earlier)
# Possible values: auto, 2axis, 4axis, 4axis_2, fcs, ch, none.
# timed: enable timed intervals for axis. Experiment with this option, if your joystick drifts (away).
# autofire: continuously fires as long as you keep the button pressed.
# swap34: swap the 3rd and the 4th axis. can be useful for certain joysticks.
# buttonwrap: enable button wrapping at the number of emulated buttons.

joysticktype=auto
timed=true
autofire=false
swap34=false
buttonwrap=false

[serial]
# serial1: set type of device connected to com port.
# Can be disabled, dummy, modem, nullmodem, directserial.
# Additional parameters must be in the same line in the form of
# parameter:value. Parameter for all types is irq (optional).
# for directserial: realport (required), rxdelay (optional).
# (realport:COM1 realport:ttyS0).
# for modem: listenport (optional).
# for nullmodem: server, rxdelay, txdelay, telnet, usedtr,
# transparent, port, inhsocket (all optional).
# Example: serial1=modem listenport:5000
# Possible values: dummy, disabled, modem, nullmodem, directserial.
# serial2: see serial1
# Possible values: dummy, disabled, modem, nullmodem, directserial.
# serial3: see serial1
# Possible values: dummy, disabled, modem, nullmodem, directserial.
# serial4: see serial1
# Possible values: dummy, disabled, modem, nullmodem, directserial.

serial1=dummy
serial2=dummy
serial3=disabled
serial4=disabled

[dos]
# xms: Enable XMS support.
# ems: Enable EMS support.
# umb: Enable UMB support.
# keyboardlayout: Language code of the keyboard layout (or none).

xms=true
ems=true
umb=true
keyboardlayout=auto

[ipx]
# ipx: Enable ipx over UDP/IP emulation.

ipx=false

[autoexec]
mount c ".."
imgmount d "..\game.ins" -t iso -fs iso
c:
albion.exe
exit


GOG splits up their configs by having a base config and other configs that contain different autoexecs, this is why you find their shortcuts containing two configs like ("C:\Games\GOG Games\Albion\DOSBOX\DOSBox.exe" -conf "..\dosbox_albion.conf" -conf "..\dosbox_albion_single.conf" -noconsole -c exit). The purpose is to make them more modular so they can have a settings.config, single.config, and so on. I personally don't like it because I think it's a bit too confusing, that is why I merged them in this config.
 

ludo1800

What is cheating?
Joined
Jul 21, 2019
Messages
4
Reaction score
1
Well...
I confess to be on something else at this time (WoW)...
I'll try to check this more seriously later...
Again, thanks for the tips...
 

Csimbi

RCE Fanatics
Talents
Joined
Apr 29, 2017
Messages
386
Reaction score
409
You know, you could just use Game Wizard 32 and save/load tables there.
That was the best tool at the time (24 or so years ago) and even though it's long dead, it does still work under DOSBox very well...
 

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,481
Reaction score
1,864
These days everyone wants to "learn how to do it" on the superficial level (e.g.: open this, click here, do that, works) and not "WHY DO I DO IT LIKE THIS?". So there you go, knowledge goes to waste and a handful of people can actually explain WHY they do things they do. But don't let me stop you, continue this way ;)
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
In case someone needs it: there is another version of DosBox (0.74G) which is being used for example in Lands of Lore 1+2 from GoG.
Code:
DosBox 0.74G:	0x1D442D0
Works as a charm with Lands of Lore 1. But in Lands of Lore 2, the game itself dynamically changes the memory addresses every time a savegame is loaded.

So I tried
  • a code injection - but the found assembler code changes too manyaddresses
  • an aob-to-data scan - but no working datablock found to attach
  • a pointer-scan with mem_mapped activated in the scanner settings and 32-bit-alignment plus static addresses deactivated in the pointer scanner - found some pathes and changed the addresses to membase+x Offset. On the next loading of the savegame, the pointers pointed to the wrong adresses.

Any hints on that matter?
 

Csimbi

RCE Fanatics
Talents
Joined
Apr 29, 2017
Messages
386
Reaction score
409
Have you guys heard of Game Wizard Pro?
Works fine under DOSBox and you can save/load tables just fine.
 

Marc

Expert Cheater
Fearless Donors
Table Maker
Joined
Mar 26, 2018
Messages
210
Reaction score
135
I even own a bought license lots of years ago :)

Problem is, we can not put GameWizard into a cheat table - and as far as I know, GW does not help against games which have dynamic memory allocation.... and I don't know how to mangle this thing into one of the GoG Builds, by the way.
 
Top