How to make Cheat Engine Working on Dolphin Emulator



Dolphin basically already have the feature to include an 'Action Replay' Code and the like, which can be found on the internet, but did not rule out the possibility that the Cheat Code of games that we are looking for, is not found in any search engine.

In the case of looking for a cheat code for the emulator, you must enable 'MEM_MAPPED' mode inside "Scan Settings section", this is because normally Emulator stores memory in mapped memory.

For the case of dolphin emulator, it uses Big Endian Code. No wonder we find the cheat code for dolphin emulator from the cheat engine, the results are not there or was not found, because Cheat Engine 6.2 not support Big Endian Code. Actually CE can read Big Endian, but for ordinary people like us a little inconvenience to translate Big Endian Code from Hex. This A little understanding in Big Endian. Case in Decimal Value '9999 '. In Cheat engine, 4 Bytes in Memory Viewer will look "27 0F 00 00", while Big Endian is the opposite of the Hex Value, then the Big Endian Code will look something like "00 00 0F 27" with Decimal Value "3879".

To make Cheat Engine be able to easily search for Big Endian Code without having to convert, we need the following script Code:

This script is made ​​by the creator of Cheat Engine Darkbyte. [Source].


2 Byte Big Endian:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '2 Byte Big Endian',0

ByteSize:
dd 2

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov ax,[rcx] //eax now contains the bytes 'input' pointed to
xchg ah,al //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,ffff //cleanup
xchg ah,al //convert to big endian

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
xchg ch,cl //convert the little endian input into a big endian input
mov [rdx],cx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
xchg ah,al

mov [ebx],ax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]



4 Byte Big Endian:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]


To use it, simply right click the 'Value Type' and select 'Define New Custom Type' then Paste the two above code into box individually. After all the steps above done, lets start cheating.

Looking Pointer in Dolphin Emulator.
Pointer have a function to handle address that changes frequently. With the pointer, we can automatically follow changes addresses without we need to search for a new address.

a. Looking for a Base Address.
To find the pointer, we need Base Address and Offset. I found an easy way to find the base address for the various emulators. The first thing we have to do is find one "AR Code" and 1 Address from cheat engine for the same Cheat Code.

Examples: Baten Kaitos: Eternal Wings and the Lost Ocean Max Money Code:
  • Do a search for Money on 'Baten Kaitos [GCN]'. I found the address '80241B7C '. Make sure you find a code that begins with "80".
  • From AR Code I found a Code "04251B7C 000F423F". [04 = 4byte] [251B7C = Address / Offset] [000F423F = Money Value] 
  • Now open Windows Calculator and switch the view mode to 'Scentific' or 'Programmer' for Windows 7 and select 'HEX'.
  • Perform Reduction 80241B7C value - 251B7C = 7FFF0000.

  • From Cheat Engine, Scan 4byte Hex and do a search for '7FFF0000.
  • Once the search is complete, then you will get the base address that looks green on the left.

Note. It is recommended when looking for Base Address, make sure you just run the first game in the dolphin emu. If so, close the dolphin  and run again and do a search. 

b. Getting Pointer.
Once we find the base addresses, from cheat engine click on the 'Add Address Manually' tick 'Pointer', then enter the value from the search results on top most to the bottom box and enter above '251B7C 'Click' OK 'and voila 1 Pointer has been made.

But do not be happy yet. Because the Base address that we found out before it can change if we restart our PC, and that make our code was become unusable. As long as I use Cheat Engine, I have never come across this case except for Dolphin Emulator.

To fix this, I have made one script for Cheat Engine that you can download https://goo.gl/7OxTHc. This file in .CT format, to use it, click on "Open" from the cheat engine and load Dolpin.CT. Once opened, the display will look like the image below:
By using the script above, then we do not need to bother to look for the 'Base Adress'. Dang .. Then why are we just busy looking for a Base Addres!. Ok .. There is still much we can do with the result of the reduction we did above.

Here's how to use the script.
Once opened, Check the box located next to the word "AOB Pointer Script"


Click on 'Add Address manualy' and tick the box 'Pointer'

Enter the word "base" into the box below and enter '251B7C 'as an offset. Do not forget to select the type '4 byte Big Endian '.


As we know the base address, our job becomes easier. we can add another code into the cheat engine simply by changing the offset which we already know from the AR Code as an offset.

c. Looking for Offset
Case, we have get address and we wanted to make a pointer. Simply, if you perform the above reduction, then to find an offset, perform the reduction of [CE Address - 7FFFF0000] and the result is the offset that we needed to create a new pointer.

d. Searching Address
For example, we get the offset from the AR code, and we want to find the address for cheat engine without searching again on cheat engine. Perform the sum of [7FFF0000 + Offset ARCODE], and the result is the address for Cheat Engine.


Sumber https://www.blakbin.com/

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel