[Help] Trying to find pointer value for DesMuMe emulator?

[Zylox]

Hey guys, im trying to hack pokemon platinum with cheat engine, and to start im working with the health value of the pokemon in battle. I'm able to find the value, but i've noticed that whenever i restart the game, that memory address location changes. So now i'm trying to find a pointer to said memory location, but whenever i run pointer scans i get nothing, and finding what accesses the health value gives me the easy guess pointer of "140000000" with two offsets, one that's always 5411250, and another thats always 22C57xx, where the xx always changes with each boot. I'm not entirely sure what to do from here. If anyone knows, could they help me out? Thanks!

[LeFiXER]

You mean Cheat Engine as the Cheat Engine? It would be better to utilise the internal cheat engine for DesMuMe.

[Zylox]

Yeah, the cheat engine. As far as I could tell, the internal cheat engine for DesMuMe doesn't really have pointer scanning, but i might be completely wrong. I also couldn't find anything online about it

[TimFun13]

In most emulators, pointers don't seem to work in the same way. You're better off with code injection, but you might have to deal with shared code. If you haven't done it already, you should start with the CE tutorials.

[Zylox]

Okay. I'm mainly trying to make it so that I can live edit the game through a lua script, but since pointers don't seem to work the same way I guess that wouldn't really be possible huh

[TimFun13]

Look into the code injection with the Auto Assembler. It's assembly so it takes some time to learn, but it works faster when running. And you can still use Lua to put it all together in the end.

[Zylox]

Thats really reassuring to hear. Thanks for the help!

[Zylox]

So after further research, and doing what was recommended, i think for Pokemon Platinum, at least, it doesn't seem to be very possible. For example, in battle I was taking 1 hp per turn of my own pokemon, and was looking for the value to manipulate in cheat engine. However, when I looked at what accesses/writes to the hp address, the assembler code always looked like

Code: Select all

mov [r9+rbp+05411250],r10d

. I tested removing each of those registers and that offset in the auto assembler to see what happens, and changing any of them break the game. Also, they don't seem to be related to the hp dropping at all, as after I change it, the game freezes after I hit "fight" on the emulator. Not sure if i'm doing something wrong. If I am, please point it out!

[zachillios]

So after further research, and doing what was recommended, i think for Pokemon Platinum, at least, it doesn't seem to be very possible. For example, in battle I was taking 1 hp per turn of my own pokemon, and was looking for the value to manipulate in cheat engine. However, when I looked at what accesses/writes to the hp address, the assembler code always looked like

Code: Select all

mov [r9+rbp+05411250],r10d

. I tested removing each of those registers and that offset in the auto assembler to see what happens, and changing any of them break the game. Also, they don't seem to be related to the hp dropping at all, as after I change it, the game freezes after I hit "fight" on the emulator. Not sure if i'm doing something wrong. If I am, please point it out!

What you more than likely found was a shared instruction used to either display values or to update a large array of values, so when you nop it, you're effectively shutting down multiple key functions. Try and break and trace the instruction and see if you can find a single instruction that's effecting the health value. Older emulators do this frequently (Visual Boy Advance to name one.)

[Zylox]

Okay! That sounds like a plan. Once (if) I find that instruction, i should be able to nop it and it wont do anything to the health right?

[zachillios]

Okay! That sounds like a plan. Once (if) I find that instruction, i should be able to nop it and it wont do anything to the health right?

That depends on how the game codes it. If it's just a dec function then hypothetically, yeah you should be able to. If it's a mov function then you'd probably need to make a simple script to write the value you'd want it to write. Nop'ing works sometimes but it's a more bruteforce method.

[Zylox]

I've done a bunch of work and actually found pointers to each of the locations I need. Now as a test, I'm trying to read them in lua, through my address table. However since they're pointers it doesn't really seem to be reading them from the address list correctly. Is there a specific way of reading pointers from the address list in lua? Thanks!

[sanitka]

I've done a bunch of work and actually found pointers to each of the locations I need. Now as a test, I'm trying to read them in lua, through my address table. However since they're pointers it doesn't really seem to be reading them from the address list correctly. Is there a specific way of reading pointers from the address list in lua? Thanks!

finding item in your address list by ID (similar way by name):

Code: Select all

mr = addressList.getMemoryRecordByID(<my_ID>)
addr=mr.getAddress()

memory reading of Double (similar for other data-types):

Code: Select all

hexAddr = tonumber("0x" .. <my_stored_address>)
value = readDouble(hexAddr)

[Zylox]

I've done a bunch of work and actually found pointers to each of the locations I need. Now as a test, I'm trying to read them in lua, through my address table. However since they're pointers it doesn't really seem to be reading them from the address list correctly. Is there a specific way of reading pointers from the address list in lua? Thanks!

finding item in your address list by ID (similar way by name):

Code: Select all

mr = addressList.getMemoryRecordByID(<my_ID>)
addr=mr.getAddress()

memory reading of Double (similar for other data-types):

Code: Select all

hexAddr = tonumber("0x" .. <my_stored_address>)
value = readDouble(hexAddr)

I've done pretty much all you said, and it looks like when I do

Code: Select all

mr.getAddress()

It gives me my pointer, but not my offset. Do I need to put that in manually? Definitely wouldn't be great if I had to, but I think it could work.

[TimFun13]

Check the "celua.txt" file in the CE folder.

Code: Select all

...
MemoryRecord Class:
The memoryrecord objects are the entries you see in the addresslist

properties
...
  Address: string - Get/set the interpretable address string. Useful for simple address settings.
  AddressString: string - Get the address string shown in CE (ReadOnly)
  OffsetCount: integer - The number of offsets. Set to 0 for a normal address
  Offset[] : integer - Array to access each offset
  OffsetText[] : string - Array to access each offset using the interpretable text style

  CurrentAddress: integer - The address the memoryrecord points to
  ...

You need to use "CurrentAddress", or use "Address" as your base and iterate through the offsets.

But if you're only trying to write to it in lua you can also just use a string thus allowing a bracket notation.

Code: Select all

writeInteger("[[game.exe+BEEF]+58]+8", 100)

[Link]
There's a list of all the read and write functions on this wiki page as well as in the "celua.txt" file.