DOSBox Static Addresses

[Marc]

Many thanks for explaining that, really good to know.
Table works finde, of course - added it to my DOSBox-Template file.

[SunBeam]

Like I use to tell people.. before the emulator is started break on VirtualAlloc and start from there.

[FitDynamite]

Anyone got the base addresses for .74-3 ?

Have been trying to find this too. Couldn't find it anywhere. Ended up finding it myself.

DosBox 0.74-3
Base address: 0193C370

It works for me.

[mgr.inz.Player]

First, you found not a base, you found module offset for multilevel pointer base address.

Anyway, it depends on which memory block game is using for storing some values. 2MB (VideoMemory), 4MB, 16MB.

Usually it is 16MB. Paste this code to addresslist:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"Find and set user symbols"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{$Lua}
if syntaxcheck then return end

[ENABLE]
for i,v in ipairs(enumMemoryRegions()) do
  if v.RegionSize==0x1001000 and v.AllocationProtect==4 then
    unregisterSymbol('GameMemoryStart') registerSymbol('GameMemoryStart',v.BaseAddress+0x20)
  end
end

[DISABLE]
unregisterSymbol('GameMemoryStart')
</AssemblerScript>
    </CheatEntry>
    <CheatEntry>
      <ID>1</ID>
      <Description>"GameMemoryStart"</Description>
      <VariableType>Byte</VariableType>
      <Address>GameMemoryStart</Address>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Attach CE to dosbox, activate "Find and set user symbols", then just use "GameMemoryStart" symbol.

For example there is table for "Cosmo's Cosmic Adventure 1 V1.20"
viewtopic.php?t=412

Health is pointer with last offset 1FCFC.
With "GameMemoryStart" symbol you can just use GameMemoryStart+1FCFC. It is universal, whatever DOSBOX version you use, it should work.
(at least all DOSBox versions up to this date)


If you really want to use pointers than symbols - you can do pointer scan with max level 1 ( and max offset 128 to speedup scanning even more)
In previous page I showed how to do this for pointers for VideoMemory, you can do the same for for 16MB and 4MB memory blocks.
Right click "GameMemoryStart" and choose "pointer scan for this address", max level 1, like in this screenshot:
(of course you will have different address)


That way, after few pointer rescans, I found pointers to GameMemoryStart (the 16MB memory block):
["DOSBox.exe"+0193C370]+0
["DOSBox.exe"+0074D728]+0
["DOSBox.exe"+0074D6D4]+0
["DOSBox.exe"+0074D6D0]+0
["DOSBox.exe"+0034DACC]+0
["DOSBox.exe"+0034DA94]+0
["DOSBox.exe"+0034D728]+0
["DOSBox.exe"+0034D6D4]+0
["DOSBox.exe"+0034D6D0]+0


As you see, there's also a pointer with base address: DOSBox.exe+0193C370 (modulename+moduleoffset)
And moduleoffset is the same as yours.

[FitDynamite]

Wow player really know this stuff. Nice post!

Seriously, thanks for your reply. I am new to CE. While I don't really understand 100% what you were trying to say, I definitely am learning a thing or two from your post here.

I was (a lousy) DOS programmer back like 25 years ago. I still remembered video memory starts at 0xa000 address if i'm not mistaken. Text mode starts at 0xb800 or something like that. So I'm a bit confused when you refers to video memory at 2MB, but then again it was a really, really, really long time ago and I don't do programming anymore.

Let me do some serious reading, and hope you don't mind if i have a question or two.

[mgr.inz.Player]

I got a PC when Windows Me was released. Before that I had only C64 I didn't do much with programming in DOS - simple tasks in Turbo Pascal 7 (with graph library) and some very basic executable modifications with Hiew 6.50. To sum this up - DOS is not my thing.

GameMemoryStart, VideoMemory, GameOtherMemoryStart those are just names for memory regions allocated by DOSBox. Those names were the first thing which came to my mind.

Code: Select all

So I'm a bit confused when you refers to video memory at 2MB

2MB allocated by DOSBox.

[daninthemix]

Okay, this table works on DOSBox if the memsize value is set to 16MB or above.

1) Activate 'find and set symbols', wait until 'GameMemoryStart' gets populated.

2) Find your cheat address

3) Subtract the address of GameMemoryStart from your cheat address, then manually add the cheat value as GameMemoryStart+[offset you calculated in step 2]

[Curley16]

I don't have the baseaddress, but you can use an another DOX Box version like v0.73 and drag+drop the .EXE file to the desktop icon and your game will load the game from v0.73. Then try Cheat Engine with base 0x01D3FD40.

[odd144]

I am trying to use cheat engine with Dos Box, this forum is all very confusing to a newb, why is the Youtube video private, think that would have helped me along?

Thanks