ok this is a little tutorial on god and ikill and how it is patched /code caved as some say Things you will need a xbox rgh / jtag a trainer tool such as xce2,trainer tool there are a few of theese out there contrary against common belief not simple dump this only gives you offsets in 0xC and 0xD theese do not break in VS Visual studio 2010 or above xbox nieghbourhood rgloader installed on xbox (this makes a differance especially to search times ) A BRAIN (most important ) and last but not least the game all offsets and break points will be made up theese will not be from a game ! 1st thing you need to do is find heallth offset , not allways easy so first of if you are looking at a bar on screen and searchung for that you would do a first search in trainer tool as blank no value the tool will find everything . when you are hit the bar goes down so you search less than last search if you are hit again you hit less than last search if you replenish health you hit greater than last search until you have only a few offsets left pick one in tool and change value allways go less if youre health drops its the right one if not its wrong Yes you can poke higher but if you have full health you wont know if it changed when you have the correct offset put it in vs and set it as a break point VS must be set up on debug and attached to console once you get a break nop it this is simple ie 0x82123456 D03F0022 stfs fr1,34h(r31) you would go to memory put 0x82123456 in it hit enter there will be massive amounts of numbers in little boxes go to first one right click on it and pick 4 byte integer then you will see D03F0022 in the first box double click it and press enter then change to 60000000 now everything has god mode you have it ai has it even the boxes have it . you know change the nop back to D03F0022 then set 0x82123456 as youre break point in vs go to debug/windows/registers and double click go to registers page and right click then tick control and integer this gives you registers well come back to theese in a sec once everything is set get hit and the game will break at something like this 82675888 D1830034 stfs fr12,34h(r3) go to registers and you will see something like this r0 = 0000000000000034 r1 = 000000007015DC90 r2 = 0000000000000000 r3 = 00000000482EC6F8 r4 = 00000000FFFFF029 r5 = 000000007015DD60 r6 = FFFFFFFFFFFFFFFF r7 = 0000000000000000 r8 = 0000000000000640 r9 = 0000000000000029 r10 = 0000000000003FD1 r11 = 0000000047327820 r12 = 0000000082888370 r13 = 0000000080235000 r14 = 0000000000000001 r15 = 0000000078310074 r16 = 000000000000000E r17 = FFFFFFFFFFFFF037 r18 = 0000000000000023 r19 = 0000000000000007 r20 = FFFFFFFFFFFFF04B r21 = 0000000000000000 r22 = 0000000000000001 r23 = 0000000000000001 r24 = 000000007015DF30 r25 = 0000000000000028 r26 = 0000000000000001 r27 = 0000000000000000 r28 = 0000000000003FF9 r29 = 0000000000000018 r30 = 00000000FFFFF029 r31 = 00000000482EC6F8 cr = 42000448 xer = 20000000 copy and paste this to notepad of youre choice but note pad + is better for comparing registers Once you have first set hit ai and copy the registers again until you have at least 3 sets of registers for you and 3 for ai when starting out i would recomend at least 5 sets of each , once you have the registers and hopefully kept the set for player together and the set for ai together you need to compare them i am going to make this easy i have changed the value in r0 PLAYER r0 = 0000000000000034 r1 = 000000007015DC90 r2 = 0000000000000000 r3 = 00000000482EC6F8 r4 = 00000000FFFFF029 r5 = 000000007015DD60 r6 = FFFFFFFFFFFFFFFF r7 = 0000000000000000 r8 = 0000000000000640 r9 = 0000000000000029 r10 = 0000000000003FD1 r11 = 0000000047327820 r12 = 0000000082888370 r13 = 0000000080235000 r14 = 0000000000000001 r15 = 0000000078310074 r16 = 000000000000000E r17 = FFFFFFFFFFFFF037 r18 = 0000000000000023 r19 = 0000000000000007 r20 = FFFFFFFFFFFFF04B r21 = 0000000000000000 r22 = 0000000000000001 r23 = 0000000000000001 r24 = 000000007015DF30 r25 = 0000000000000028 r26 = 0000000000000001 r27 = 0000000000000000 r28 = 0000000000003FF9 r29 = 0000000000000018 r30 = 00000000FFFFF029 r31 = 00000000482EC6F8 cr = 42000448 xer = 20000000 AI r0 = 0000000000000000 r1 = 000000007015DC90 r2 = 0000000000000000 r3 = 00000000482EC6F8 r4 = 00000000FFFFF029 r5 = 000000007015DD60 r6 = FFFFFFFFFFFFFFFF r7 = 0000000000000000 r8 = 0000000000000640 r9 = 0000000000000029 r10 = 0000000000003FD1 r11 = 0000000047327820 r12 = 0000000082888370 r13 = 0000000080235000 r14 = 0000000000000001 r15 = 0000000078310074 r16 = 000000000000000E r17 = FFFFFFFFFFFFF037 r18 = 0000000000000023 r19 = 0000000000000007 r20 = FFFFFFFFFFFFF04B r21 = 0000000000000000 r22 = 0000000000000001 r23 = 0000000000000001 r24 = 000000007015DF30 r25 = 0000000000000028 r26 = 0000000000000001 r27 = 0000000000000000 r28 = 0000000000003FF9 r29 = 0000000000000018 r30 = 00000000FFFFF029 r31 = 00000000482EC6F8 cr = 42000448 xer = 20000000 r0 is differant from player and ai so we would use that as an ident ,an ident tells the computer/game who is being hit now that we have idents and know the break point is good we get the break point and 3 lines of code above it like this //8267587C C1A30034 lfs fr13,34h(r3) patch address //82675880 7C7C1B78 mr r28,r3 //82675884 ED8D0028 fsubs fr12,fr13,fr0 //82675888 D1830034 stfs fr12,34h(r3)//break point this is what we use to do a patch this is a patch / code cave ASM void God(){// name of patch //8267587C C1A30034 lfs fr13,34h(r3)// patch address basiclly the address to tell game to start the patch/code cave //82675880 7C7C1B78 mr r28,r3 //82675884 ED8D0028 fsubs fr12,fr13,fr0 //82675888 D1830034 stfs fr12,34h(r3)// this is what we will mod DWORD p1,ret; float f1;// p1 is youre ident ret is just the return address float is so it knows float is used and f1 is so we can store the value of fr12 __asm lfs fr13,34h(r3)// copied from first line of offsets above __asm mr r28,r3 // copied from second __asm fsubs fr12,fr13,fr0 // copied from 3rd line __asm stw r0,p1// here we store our ident into p1 __asm stfs fr12,f1 // here we store our breakpoint into f1 ,f1 is so the computer knows its float if(MyTrainer.Cheat[1] && p1 == 0x34 )f1= 100.0; // this gives us god as p1 is set at player ident of r0== 0000000000000034 you can miss out all the 0s if(MyTrainer.Cheat[2] && p1 == 0 )f1= 0.0; // this gives ikill as ai ident is set at p1==0 this is all you need if it is 0x0000000000000000 __asm lfs fr12,f1 // here we load the value back to fr12 depending on whos hit __asm stfs fr12,34h(r3) here we store the value so we stay at full health and ai die ret = 0x8267588C; this is the return address were the game stops the patch and goes back to normal __asm mtctr ret//this ends the patch __asm bctr//this ends the patch }//this ends the patch A lot of patches are very simillar you just change the breakpoint and codes around it but its the same set up so you could just copy and paste over each part slowly and you will get a patch for a differant break point to use patch addres you would do this if(Cheat[1] || Cheat[2] ) Memory->ChkAsmPatch(2, 0x8267587C, 0xC1A30034, God);// god is the name of the patch this is the patch without the explanations ASM void God(){ //8267587C C1A30034 lfs fr13,34h(r3) //82675880 7C7C1B78 mr r28,r3 //82675884 ED8D0028 fsubs fr12,fr13,fr0 //82675888 D1830034 stfs fr12,34h(r3) DWORD p1,ret; float f1; __asm lfs fr13,34h(r3) __asm mr r28,r3 __asm fsubs fr12,fr13,fr0 __asm stw r0,p1 __asm stfs fr12,f1 if(MyTrainer.Cheat[1] && p1 == 0x34 )f1= 100.0; if(MyTrainer.Cheat[2] && p1 == 0 )f1= 0.0; __asm lfs fr12,f1 __asm stfs fr12,34h(r3) ret = 0x8267588C; __asm mtctr ret __asm bctr }
