i tryed using xce tool but i had no luck trying to find the health offset. i used peek poker to dump the ram then search for exact values in artmoney to which i found 5 floats i found the correct address but i cannot breakpoint it as its not in the 0x8XXXXXXX Range... offset: 0x0CD34944 or (0xCCD34944) ive read the Team Akatsuki's guide which didnt really help. i read about mirrored values or sister values which didnt show the same value so how i would i find the real function ?
You don't have to have a offset in 0x8 range to set a breakpoint, it can be any offset. Have you tried searching with xce in 0x4-0x5 range? 0xC could be mirrored in 0xA, however its not common to get a break there. What game is it for?
Edit 1: in visual studio debugger i set a breakpoint for my offset in 0xC but the code didnt break when i lost health... i also tryed the mirrored values to no avail so im guessing the offset i found was only for show, i found it in artmoney as i dont understand xce ---------------------------------------------------------------------------------------------------------------------- thanks for the time to help a fellow enthusiast out, considering your an admin on this awsome website Im making a trainer for borderlands the pre-sequel: my original aim was to make a rte tool for fun mods that havent been made with any trainer or rte such as super jump/friction/gravity and visual mods like FOV (funny because that was one of the few offsets i found and was able to mod as it wasnt dynamic) anyway .... well you see i read that in the guide that values can be mirrored but when i tryed this for example (I dont have x360 trainer tool as shown in the guide so ive had to stick with peek poker and art money) <-- maybe thats where im going wrong as i cant get my head around xce i found a tutorial but it didnt help using full ram dumps i wrote down my health then i would lose X amount of health then redump untill i was left with only a few offsets. using peek poker i typed in the first offset and there it was my health just to make sure i lost some more health and re-peeked and the value change so i knew for sure that was the correct offset i havent got the offset at the minute as i deleted my dumps but it was along the lines of - 0x0A1234A5, i could only peek this value anytime i tryed to change it, it would return back to the original value. i know that the offset is only for show it isnt the actual function. but im guessing i wont be able to find the jump height so easily, on a good note i do have over 500 editable floats from decompiling the XEX in IDA they are all in the 82xxxxxx range (quite obviously), i sifted through about 80 of them before i gave up. i know ill have to breakpoint the offset but my problem is finding the correct function ------------------------------------------------------------------------------------------------------- TL;DR: could you help me out, i have every editable float from the borderlands the pre sequel, im not trying to aim for infinite health im looking for fun values such as friction and jump height, i need to find a solution or a way to sift through these floats haha i really dont want to look through hundreds of functions in IDA because it would take me forever heres something funny that i found its called green hills (when you start walking it looks like youve taken mushrooms) And here is FOV Code: FOV: 820CB90C Shield: 0x82000B60 (if you change this it only removes the numbers doesnt actually effect shield capacity) UPSIDE DOWN MODE: 0x820CBCF8 Font Scale: 0x82000EE0 Green Hills: 0x820CB910 - default 1.0 - Value: 1.1
ok lets start from the beginning and walk you through then.... I would def advise using and getting familiar with XCE tool as it is miles better than dumping/art money. So xce.... pick a range you want to search in (I always start with 0x4-0x5 and with this game that is where the values are stored), then select a byte value you want to search. For health it is typically float 32. Your first search you will click "Init", (at this point you can set a range of values to search in to help limit the amount of results, if you have full health you can search 1.0-1000 which will typically separate all the garbage out. so you would type in the range and click "range"). We will then get hit or gain health and then click "Inc/Dec" accordingly. Get hit/gain health again and click "Inc/Dec" again. Continue this until you have a few offsets and set your breakpoints in VS. I will mention that this game in particular requires a cave on health as the breakpoint is shared between player/AI. So after finding the correct offset you will need a cave to obtain health. Hope this helped you a bit, if not just tell me where you need help and I can try and explain better
Borderlands is usually in 0x4 range from past 2 games i worked on before. The easiest way to find it is to find ammo offset and get its breakpoint. Unless the devs decided to stop being lazy on this version ammo and health breakpoints was shared in borderlands and borderlands 2 which required a code cave for inf health, inf ammo and 1 hit kill.
Right im just trying both suggestions now, will report back on the findings. just for arguments sake, lets say i found an offset in the 0x4 range - e.g. 0x40ABCD12 - should i add that to a breakpoint in visual studio then lose health, will it break the code? Edit: The version of XCE i have does not show float 32, just float, will it search for all? YES, Right visual studio broke, im using ammo but i still cant poke any changes it gets reset straight away?
Yes when you find 0x4 offset set breakpoint in VS, lose health and get breakpoint. You can then use that offset to manipulate the ppc to give full health/ammo (as said in this case the health is shared so cave needed). Post your results and maybe we can help more for you. Post the breakpoint and +- 4 from break.
It works like a charm, i was narrowed down to 2 offsets in XCE when i breakpoint them visual studio pointed me to these 2 offsets: 82C4251C 82359014 i read in the guide that they may not actually be the real function you either look up or down a few lines, which is was i found, as im using ammo it was "82C42510" which had (-1) next to the registers sure enough when i NOP the code my ammo didnt drop. (ive overwritted the original bytes with NOP so i cant post the original just yet, sorry) although that was a success, i do have 2 more questions. I then moved on to the health, so in xce i set the range from 0x4 - 0x5, initialised then reduced my health untill i was left with only one offset (ive ticked 4 bytes and float in the range, im not to sure how to NOP floats) but then when i set a breakpoint for the offset i got in XCE everytime i click PLAY in visual studio it breaks straight away, every time, as if its constantly changing... See this isnt my main objective though, health/armour/money has already been created in a trainer on this very website. What im hoping to achieve is fun modifications like super speed/super jump, would you have any insight on how i could find these functions/offsets? The problem is they are static values, jump height never changes (the only time i can think of when it would change is going from different locations within borderlands such as when your on the moon the gravity differs from when your in a town like concordia) Edit: I had one idea as to how i could find the value of the jump height, i could find the standard value for other games and try and find it within borderlands, i know this game is different for the jump height as most games, i know its a long shot but i could search for a range such as 200-600 then manually go through each one. It would take such a long time. One thing i know for sure, in call of duty there are DVARs, people have managed to dump every one and manually searched for jump height then changed it accordingly, the way they did it is by sending it to the games "CMD" command, what i found by decompiling the xex is also a function called "aCMD" i could look at the source code for a RTE and see how they did it through RPC then try and recreate the same scenario?
Another question, disregard my last post im sure i will find out in due time. ive located the offset for gun damage here is the code in visual studio 828DD9E0 stfs fr31,0Ch(r10) and heres 1 below and 3 above 828DD9D4 ld r30,-18h(r1) 828DD9D8 ld r31,-10h(r1) 828DD9DC blr 828DD9E0 stfs fr31,0Ch(r10) 828DD9E4 b 828DD9C4 i got a hit on an enemy with my gun and paused it in XCE when the number came up then i switched guns then repeated the process, i then breakpoint the offset in VS and sure enough when the enemy got hit the code broke. my question is how would i change the value to say 999 instead of 26? which is the original value of my guns damage Edit: weapon damage 828DD9E0 stfs fr31,0Ch(r10) 8312B040 std r7,70h(r3) they hit me 82B3DC44 stwu r9,4(r10) 8312B040 std r7,70h(r3) so how would i code cave this? for some reason the registers arent showing (they did last night) LOL my bad i didnt select integers haha
828DD9E0 stfs fr31,0Ch(r10) 8312B040 std r7,70h(r3) can you show me more of the code surrounding these offsets, preferably a min of +-4. In memory when debugging on break here, check what the value is on r10+0Ch and in the immediate window type ?fr31 to check the current value on break of fr31. Just to make sure we have the correct break and correct value to modify.
I have given up on this now youve already created a trainer, i was just using it to learn from. Although it seems you didnt cave the health both me and ai arent losing health
