Hallo together, after preparing my xbox and reading your tutorials I tried one week to create a trainer for nhl14.But even 10 years of programming experience and basic knowledge about assembler were not enough to achieve my (very easy) goals. At the moment I´m stuck trying to set the score. To find the correct adress I pull my goalie and the opponent scores a lot.After using artmoney the result is about 30 adresses in the xbox 360 ram area (0xc000...) The most are display values or useless. One adress holds the right score.But we know ...dynamic memory... every game the adress changes... Let´s say I find the score in 0xc93A6F51.Set a breakpoint in VS2010 and nothing happens... Ok, look at 0xa93A6F51 and the score is also there.Breakpoint at 0xa93A6F51. The plan: Every time I score it hits the breakpoint.But: It hits the breakpoint all time at 82895274 82895250 5466067E clrlwi r6,r3,25 82895254 3863FFFC addi r3,r3,-4 ; 0FFFCh 82895258 28060000 cmplwi r6,0 8289525C 20C60080 subfic r6,r6,128 ; 80h 82895260 4182001C beq 8289527C 82895264 54C7F0BE srwi r7,r6,2 82895268 7CA62850 subf r5,r6,r5 8289526C 7CE903A6 mtctr r7 82895270 84E40004 lwzu r7,4(r4) 82895274 94E30004 stwu r7,4(r3) <- writes on my score-adress I set a breakpoint at 82895274 and see... it seems that this part of code writes a very large part of the memory from one area to another. I tried to compare the registers... maybe they differ depending on the memory adress (only difference are the EA and the value in r7) I also tried to have a look on the display values.Some of them get updated every 0.x seconds... and of course they need to load the score value from the adress in the registers.... but even there I did not find a spot to read or alter the score value/adress. (Or my assembler knowledge is too bad) I know that nhl15 comes out in about 0 days, but I guess that the mechanism does not differ a lot to alter the score and end the game.I would appreciate if anyone is willing to help. GAME NAME: NHL 14TITLE ID: 454109BE (EA-2494)MEDIA ID: 4AB5AEF5 TITLE UPDATE VERSION: Title Update: 0 Cheats: 1) Set Goals Home | 2) Set Goals Away 3) End game instantly Thanks to those who try to Help!
I found the offsets I searched for. Now I try to use the xpg user engine template. I want to hook on a instruction and do some stuff. My problem: Even if I change nothing, my game freeze. It seems that the SetHooks() function get stuck. When I call SetHooks() I also send a Notify-Message to the Queue. But this message does only appear after I reboot the console (with xbox neighborhood) I hope anyone is willing to help. VOID __declspec(naked) CheckGoals(VOID) { __asm { // orginal lines subf r5,r6,r5 mtctr r7 ldu r7,8(r4) stdu r7,8(r3) } __asm { lis r11,0x828A // return to 0x28a5b28 ori r11,r11,0x5B28 mtctr r11 bctr } } VOID SetHooks() { DWORD Stuff[4]; patchInJump( (PDWORD)Stuff, (DWORD)CheckGoals, FALSE ); DmSetMemoryD( (PDWORD)0x828A5B18, 4, &Stuff[0], NULL ); DmSetMemoryD( (PDWORD)0x828A5B1C, 4, &Stuff[1], NULL ); DmSetMemoryD( (PDWORD)0x828A5B20, 4, &Stuff[2], NULL ); DmSetMemoryD( (PDWORD)0x828A5B24, 4, &Stuff[3], NULL ); } VOID ButtonPressResult( MESSAGEBOX_RESULT g_mb_result ) { if( g_mb_result.rgwPasscode[0] == DPAD_DOWN && g_mb_result.rgwPasscode[1] == DPAD_DOWN && g_mb_result.rgwPasscode[2] == DPAD_DOWN && g_mb_result.rgwPasscode[3] == DPAD_DOWN ) { Sleep(500); Notify(L"Set Hook"); SetHooks(); memset( &g_mb_result.rgwPasscode[0], 0x00, 0x02 ); memset( &g_mb_result.rgwPasscode[1], 0x00, 0x02 ); memset( &g_mb_result.rgwPasscode[2], 0x00, 0x02 ); memset( &g_mb_result.rgwPasscode[3], 0x00, 0x02 ); Prompt = 0x9999; } }
Thank you for the reply. How can a hook or register be wrong? with Register you mean the one where the return adresse is in? The standard is r11 what i found in the code. Do i need to change this?
I tried to use another register. (changed to r16, it was empty and also not used) But the same effect. Editing the patchInJump() function gave me a deeper understanding what is happening... and I was completely confused. This is the orginal assembler code before I activate the code. Nothing special. 828A5B10 beq 828A5B2C 828A5B14 srwi r7,r6,3 828A5B18 subf r5,r6,r5 828A5B1C mtctr r7 828A5B20 ldu r7,8(r4) 828A5B24 stdu r7,8(r3) 828A5B28 bdnz 828A5B20 That is the code after I activate sethook() The 3. to 6. line changed to what is defined in patchInJump() The problem: I can´t see a jump to my VOID __declspec(naked) CheckGoals(VOID). The line 828A5B24 bctr jumps just a line down. So I don´t wonder that the game crashes. 828A5B10 beq 828A5B2C 828A5B14 srwi r7,r6,3 828A5B18 lis r11,-28381 828A5B1C addi r11,r11,-21568 828A5B20 mtctr r11 828A5B24 bctr (in ctr: 828A5B28, jump a line below -.- ) 828A5B28 bdnz 828A5B20 Do I understand anything wrong? Or do I use it in the wrong manner? Or maybe I have a broken Template? I have my template from the forum, called XPG Trainer Engine. Could be the one edited by t3fury. But I can´t imagine than his one is broken, cause many used it before. At this point I´m more than confused.
828A5B20 ldu r7,8(r4) 828A5B24 stdu r7,8(r3) 828A5B28 bdnz 828A5B20 Thats a loop there so i would try another spot.
A big flue later... I want to thank everyone who tried to help. I will start again to work on this and let you know about my further steps
Well it´s been a while. Had some other stuff to do but also found out what I searched for. I did not create a trainer (xex file) like you love it. Just a simple c# real-time-edit-tool But if there is some interest I can share the offsets so someone could put them into a trainer engine and create a instant-win-tool.
