Quantcast

Jump to content

» «
Photo

How to make cheats for cheat device

2 replies to this topic
nerner
  • nerner

    OG

  • BUSTED!
  • Joined: 05 Jul 2008

#1

Posted 10 January 2010 - 03:47 PM

Well, this I have posted in a few other topics, but I thought it would be handier in it's own topic, if only for purposes of the archive and the forum index topic. It was originally posted for LCS but it still works with VCS, so let me take you through how to make your cheats.

How do I make my own cheats with the CheatMaker?

A. Before I begin it is worth saying that the CheatMaker is intended for advanced users and programmers. Some of the stuff here may be too complicated for everyone to understand.

A lot of the numbers you will be dealing with will be in hexadecimal which means instead of counting 0,1,2,3,4,5,6,7,8,9 and then 10, you count 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F and then 10, and the 10,11,12,13,14,15,16,17,18,19,1A,1B,1C,1D,1E,1F and then 20.

To make a cheat you need to find the location in memory of a value that, when changed, affects the game in some way. The memory, when the game is loaded, is full of numbers relating to all sorts of things from the number of bullets loaded in a particular gun to the radio station that is currently playing.

There are basically two ways to use the CheatMaker to find the memory locations and values that affact the game. You can use the Hex Editor and watch the values change as you do something or you can take memory captures and use the CheatMaker to analyse them.

Hex Editor

The hex editor is the second menu option in the CheatMaker menu. If you open the hex editor you will be asked to enter the memory location you want to look at. The memory location you enter is a hexadecimal number that can be anything between 08400000 (0x8400000) and 09FFFFFF (0x9FFFFFF).

There is also an option to open the Hex Editor PlayerObject that will show you the memory that controls Toni and you don't have to enter a specific memory location to view this.

Wether you are using the Hex Editor or the Hex Editor PlayerObject you will see a screen that looks like this,

LOCATION 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000550 01 00 00 00 02 00 00 03 00 00 00 04 00 00 00 00
00000560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000570 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00
00000580 00 00 00 00 00 00 00 00 00 06 00 00 00 07 00 08

All the numbers in memory in this example can be pin pointed by using the location column on the left and changing the last digit of the relevant row to the coresponding column header value (0 to F) it appears in.

You will notice that some of the numbers change when you move around or shoot a gun or something. When they change they turn white to help you spot them. So the numbers 01 to 08 that i've placed in this example have changed and the location of each of them is as follows,

01 = 00000550
02 = 00000554
03 = 00000557
04 = 0000055B

05 = 00000573

06 = 00000589
07 = 0000058D
08 = 0000058F

You may notice some people using a different notation when writing locations. For example 00000055 could be written 0x55. To use this notation just replace any 0's to the left of the first number with 0x. 00B5E501 could be written as 0xB5E501, 00005AB1 could be written as 0x5AB1 and so on.

Capture Method

You could use the Hex Editor or PlayerObject tools to find cheats by watching what values change when you do stuff but a much better way to find cheats is to use the CheatMaker's capture facility. In order to explain this I'm going to use the Max Money cheat I worked out as an example.

To work out this cheat you should start off with a known amount of money and then take a capture by selecting the New Capture option on the CheatMaker menu.

You will now see Capture1 has been added to the menu. When I took the first capture I had $00455155 so now move over the Capture1 menu item and press right on the D-Pad so it looks like this,

Capture1 == 0

Now Press X because we want to tell the CheatMaker that we are only interested in values that are equal to 455155 in that particular capture. Enter the value 455155.

Now we need to spend some money so go and buy a gun from somewhere. OK, I bought a couple of AK's and now I have $00446755. So select the New Capture option on the CheatMaker menu again and you should now have the following,

Capture1 == 455155
Capture2 == Capture1

Change the second capture to be equal to the new amount of money we have in the same way as we did for the first capture by hovering over it and using the D-Pad (this time press left on the D-Pad a few times) to change the comparison to be Capture2 == 0 and then pressing X to change the value from 0 to 446755.

Capture1 == 455155
Capture2 == 446755

Now spend some more money. The more captures we take the quicker we will be able to find the right memory location for money.

I now have $00438355 so I will take another capture and change the new one to be equal to that like so,

Capture1 == 455155
Capture2 == 446755
Capture3 == 438355

At this point i'm going to keep spending money and taking more and more captures until I end up with this,

Capture1 == 455155
Capture2 == 446755
Capture3 == 438355
Capture4 == 421555
Capture5 == 379555
Capture6 == 350155

I'm thinking that should be enough to find where my money is stored in memory.

Before we run the comparison we need to tell the CheatMaker what size number we are looking for by changing the Type option in the CheatMaker menu. The following types are available,

1-byte char 00 FF 0 to 255
2-byte short 00 00 FF FF 0 to 65535
4-byte int 00 00 00 00 FF FF FF FF 0 to 4294967295
Because the money can be $99999999 which is quite a big number we need to change the type of number we are searching for to be a 4-byte int so the menu should look like this,

Type: 4-byte int

Now select the Run Comparison option on the CheatMaker menu. The CheatMaker will now search through all the 6 captures looking for locations where the value was 455155 in the first capture, 446755 in the second, 438355 in the third and so on.

When it has finished you will see it only found one candidate (which is good),

08B89ACC 455155 446755 438355 421555 350155

So we can be pretty sure that 08B89ACC (0x8B89ACC) is the location of the new cheat.

Now we need to use the Hex Editor to change the value at that location and see if it changes the amount of money we have.

Open the Hex Editor and enter the location we found 08B89ACC.

Because the money value is a 4 byte int then it is actually stored in 4 locations in memory so in order to change it we need to change the value at 08B89ACC and the 3 locations that follow it 08B89ACD, 08B89ACE and 08B89ACF.

Now here's where it gets a bit strange. Because I have $350155 (which is 00 05 57 CB in hex) you would expect to see the following,

08B89ACC = 00
08B89ACD = 05
08B89ACE = 57
08B89ACF = CB

But what you actually see is this,

08B89ACC = CB
08B89ACD = 57
08B89ACE = 05
08B89ACF = 00

Yes, that's right, it's backwards. Don't ask, just accept it and this illustrates how you need to think about things when finding cheats.

OK, so lets test to see if this is a cheat or we've completly waisted our time. We want to change the amount of money we have to $99999999 and 99999999 is 05 F5 E0 FF in hex and backwards would be FF E0 F5 05 so change all the 4 locations to be this (by pressing X on them and changing the number),

08B89ACC = FF
08B89ACD = E0
08B89ACE = F5
08B89ACF = 05

Yey, watch your money start going up and up. It will stop at $99999999.

This example worked well because we were looking for known values but what if you wanted to find a cheat to change vehicle speed or something like that where we wouldn't know what exact speed we were going at when we take the captures?

You have other options when using the D-Pad to change the type of comparison the CheatMaker will do on your captures. For example if I didn't know how much money I had I could have tried the following to find the location,

Capture1
Capture2 > Capture1
Capture3 > Capture2
Capture4 > Capture3
Capture5 > Capture4
Capture6 > Capture5

With this method when you select the Run Comparison the CheatMaker would look for all locations where the value in Capture2 was bigger than the value at the same location in Capture1 and the value was bigger at the same location in Capture3 than in Capture2 and bigger still in Capture4 than in Capture3 and so on.

You can use the following comparisons,

== equal to
!= not equal to
> greater than
< less than
Here is another example that uses the "not equal to" method. In this example I'm trying to find if I can turn Custom Tracks on and off.

First, turn Custom Tracks off and take a capture. Next turn Custom Tracks on and take another capture. Turn it off again and take another capture. Turn it on again and take another and carry on like this until you have quite a few.

Now change the comparison settings to look like this,

Capture1
Capture2 != Capture1
Capture3 == Capture1
Capture4 != Capture1
Capture5 == Capture1
Capture6 != Capture1

Change the size of the number we want to be Type: 1-byte char because I'm guessing the value is 00 when Custom Tracks is off and 01 when it is on.

Now hit Run Comparison and check out any locations that look like possibilities using the Hex Editor.

I did manage to find this and it's at 09ADBC08 (0x9adbc08). Set it to 0 and the radio comes on and set it to 1 and press left on the D-Pad and your Custom Tracks start playing.

Saving Your Cheats

It's all well and good being able to find cheats but a pain in the neck having to go to the Hex Editor all the time to turn them on. Don't worry, help is at hand as there is a cheats.txt file you can put on your PSP so you can run your cheats from the User Cheats section of the CheatDevice menu.

The cheats.txt file should be placed in the CHEATS folder in the root of your PSP. By the root I mean the top level (DO NOT PLACE IT IN A FOLDER OR I WONT WORK).

Here is a cheats.txt file that contains the Max Money cheat we made and the radio cheats,

CODE
 
#cheat Max Money
setint(0x8b89acc, 99999999);

#cheat Radio On
setchar(0x9adbc08, 0);

#cheat Custom Tracks On
setchar(0x9adbc08, 1);


If you load up the CheatDevice with this cheats.txt when you go to the User Cheat menu you will see the following,

OFF Max Money
OFF Radio On
OFF Custom Tracks On

To define a cheat you type #cheat and then the name of the cheat as you want it to appear in the CheatDevice. Then you need to use one of the following functions to specify the memory location and the value it should be changed to when it is turned on,

setchar(startaddress, intvalue, ...);
sethex(startaddress, hexintvalue, ...;
setshort(startaddress, intvalue, ...);
setint(startaddress, intvalue, ...);
setfloat(startaddress, floatvalue, ...);

As you can see in my cheats.txt file I use setint for the Max Money cheat because it was a 4-byte int (remember) and setchar for the Custom Tracks because it was a 1-byte char.

There is a programming.txt file that comes with the CheatDevice that contains more detailed instructions on the formatting of the cheats.txt file so I won't go into too much detail here.

I will mention you also have a teleport function you can put in the cheats.txt file you can use to add your own custom teleport locations. It works like this,

teleport(x, y, z);

If you go somewhere in LCS and use the CheatDevice to find the co-ordinates then you can add that location to your cheats.txt file so you can teleport there at any time in the game. Let's update the above cheats.txt file to include a teleport location.

CODE
 
#cheat Max Money
setint(0x8b89acc, 99999999);

#cheat Radio On
setchar(0x9adbc08, 0);

#cheat Custom Tracks On
setchar(0x9adbc08, 1);

#cheat Teleport: Top of Tall Building
teleport(95, -1509, 216.98);

Durka Durka Mahn
  • Durka Durka Mahn

    Hello there...

  • Members
  • Joined: 14 Feb 2006

#2

Posted 11 January 2010 - 01:21 AM

Trying to get people back into it, eh?

nerner
  • nerner

    OG

  • BUSTED!
  • Joined: 05 Jul 2008

#3

Posted 11 January 2010 - 05:28 PM

QUOTE (Durka Durka Mahn @ Jan 11 2010, 02:21)
Trying to get people back into it, eh?

Everyone has moved offsite to other forums, although the good thing about that is that it gets rid of all of the spamming crew which sadly haunted the final pages of the CD threads, not naming any names...

nernbag




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users