A short intro to search for same amount of change

[TomSwitch]

In many games you are able to get something reduce by the same amount as you play. For example, pull the trigger and fire one shot, get hit and loose some health, cast a spell and use some amount of your MP bar.

There are a number of possibilities how the data may be represented in the game memory. Firstly the data type, secondly how much of it represent the amount, also whether it increase or decrease with use ( for example ammo can be shown as what is remaining on screen while in game code what is the useful one is how many shots has been fired )

The most common approach I would do is first assume u32 and decreasing, if not successful try f32 and decreasing, if not successful try f64 and decreasing, if not successful try u32 and increasing, if not successful try f32 and increasing, if not successful try f64 and increasing.

Before edizon se 3.8.29 the fact that the amount of change can be made the same can't be put to good use. With this version I have added feature to enable you to make a 4 in 1 search for the item that you can make to change the same amount.

To illustrate I will use the game Kirby and the Forgotten Land, the item we are searching is the life bar.
When the bar is full do a "SAME" search. (Dpad up on search tab)
Get hit by the enemy.
Perform a "NotA" search. (Dpad down twice)
Get hit by the enemy.
Perform a "DiffBA" search. (Dpad down twice)
Get hit by the enemy
Perform a "DiffBA" search.

Check the results to see if we have found the targets.
Look for the candidates in u32 and f32. (ZL+L and ZL+R to change the datatype)
The actual life is u32, the bar on screen is f32 and there is a bonus value that count how many times you get hit.

 

[Eiffel2018]

I want to confirm, is it this way?
SameA = the current value equal to the values in 1st dump
SameB = the current value equal to the values in 2nd dump
DiffAB = the different between the current value and last value, equal to that between dump A and dump B

Can I perform DiffAB in this way:
1st search -> SAME ,
then hurt, 2nd search -> NotA ,
then hurt, 3rd search -> DiffAB,
then hurt, 4th search -> DiffAB,
then full recover HP, 5th search -> SAME A
then hurt, 6th search -> DiffAB,
then hurt, 7th search -> DiffAB,

Besides of SAME A, can I use SAMEB/NotAB/DIFF/SAME/--/++ etc, during the steps of DiffAB

 

[TomSwitch]

I want to confirm, is it this way?
SameA = the current value equal to the values in 1st dump
SameB = the current value equal to the values in 2nd dump
DiffAB = the different between the current value and last value, equal to that between dump A and dump B

Can I perform DiffAB in this way:
1st search -> SAME ,
then hurt, 2nd search -> NotA ,
then hurt, 3rd search -> DiffAB,
then hurt, 4th search -> DiffAB,
then full recover HP, 5th search -> SAME A
then hurt, 6th search -> DiffAB,
then hurt, 7th search -> DiffAB,

Besides of SAME A, can I use SAMEB/NotAB/DIFF/SAME/--/++ etc, during the steps of DiffAB

Let's call the previous data set A and set B
set A is now produce by all unknown search as well as RANGE, !=, <, >
set A is the original previous data.
set B is new one I make recently.
NotA do a Diff search, then assign current data to set B ( Now you have two set of data )
NotAB search for data that is not in set A nor set B ( set A and set B is unchanged )
SameA and SameB search for data that is same with either set A or set B respectively ( set A and set B is unchanged )
DiffBA is set B value - set A value == current value - set B value
( set B becomes the new set A, current becomes set B so you can continue to get hit and do DiffBA)

Use any other unknown search set A is updated and set B is gone.

If you want to keep the original data from full health you can only use SameA, SameB, NotA, NotAB

 

[Eiffel2018]

Let's call the previous data set A and set B
set A is now produce by all unknown search as well as RANGE, !=, <, >
set A is the original previous data.
set B is new one I make recently.
NotA do a Diff search, then assign current data to set B ( Now you have two set of data )
NotAB search for data that is not in set A nor set B ( set A and set B is unchanged )
SameA and SameB search for data that is same with either set A or set B respectively ( set A and set B is unchanged )
DiffBA is set B value - set A value == current value - set B value
( set B becomes the new set A, current becomes set B so you can continue to get hit and do DiffBA)

Use any other unknown search set A is updated and set B is gone.

If you want to keep the original data from full health you can only use SameA, SameB, NotA, NotAB

Thanks, Tom!

I draft a table

is it correct for the current version?

 

[FAST6191]

This all seems like a complicated way of doing few shorthands for specific difference (several emulators having done this in the past, not sure what goes for hardware). I would probably say better to autofill said specific difference with the last used value, or if you are doing something truly fancy then an almost machine learning approach where it tries to guess which of the values it is following, or maybe just a dropdown list of possibles. Maybe throw in greater than/less than checkboxes to allow that as well.

 

[Eiffel2018]

my suggestion


It will be flexible for the users, and easy to learn
Set A = last value
Set B = the 2nd last value

I can also use a -- after a ++ between repeating DiffAB loop,
since the HP/MP reducing cannot be continue repeatedly in many cases

 

[Eiffel2018]

my suggestion
View attachment 300896

It will be flexible for the users, and easy to learn
Set A = last value
Set B = the 2nd last value

I can also use a -- after a ++ between repeating DiffAB loop,
since the HP/MP reducing cannot be continue repeatedly in many cases

oh, my false,
then Not A is the same as DIFF,
then Same A is the same as SAME,
it may be deleted

revised

 

[Eiffel2018]

In my experience,
there are several kinds of unknown search.

A) HP / MP / EXP without numerals (may perform a DiffAB test, or just use ++ / -- / sameA many times)

B) Moonjump (may perform a RANGE unknown search, and use ++ / -- / SAME / >0 / <0 , However we cannot use ++ / -- / SAME after using >0 or <0 before)

C) Movement Speed (may perform StateA/StateB search, i.e. SameA / SameB / NotAB to capture the status of Running / Walking / Rest)

D) walk through the walk (it is also difficult for me, I remember Zit mastered that. I guess he tested for 1 and 0 when the player touch the wall or door, it can be search by ==0, ==1 directly)

E) event/quest completed (it is difficult, that I can only compare the game save files and trace the require function)

F) time relate ( no better method, only be search by repeating ++ or --, may add a Range for reducing the results)

 

[TomSwitch]

This table is now added to the release note. Should have made this rather than trying to explain in words

 

[TomSwitch]

The DiffBA has a weakness, the difference has to be exact. In the case of HP bar for Kirby there is a bar value that starts at 1 (float). Fixed change can be missed when computed as a ratio due to rounding for float. Some ratio can not be represented by a float exactly. ( for example 1/3 = 0.3333333….., any float representation is never equals to 1/3 )

DiffBA I also use a short cut. I assume it’s 32 bit and I compute the 32 bit value as float. This only works for not too big integer. ( I don’t think we really need to consider very big integer )

DiffBA has a very specific use case.

For BA what I have in mind is B-A. The name is perhaps not well chosen.

 

[Eiffel2018]

The DiffBA has a weakness, the difference has to be exact. In the case of HP bar for Kirby there is a bar value that starts at 1 (float). Fixed change can be missed when computed as a ratio due to rounding for float. Some ratio can not be represented by a float exactly. ( for example 1/3 = 0.3333333….., any float representation is never equals to 1/3 )

DiffBA I also use a short cut. I assume it’s 32 bit and I compute the 32 bit value as float. This only works for not too big integer. ( I don’t think we really need to consider very big integer )

DiffBA has a very specific use case.

For BA what I have in mind is B-A. The name is perhaps not well chosen.

This is an issue with all float type search

Consider this case in Cheat Engine, there are friendly options to handle the endian

if you search 3.333 by the method of :-
Rounded (default): search range 3.3325 to 3.3335
Rounded (extreme): search range 3.332 to 3.334
Truncated: search range 3.333 to 3.334

Since I don't know how the game program rounding its numbers, I usually use "Rounded (extreme)".
I also use the method "Rounded (extreme)" manually in EdizonSE [A..B search] too

For accurate the result, I give more digit to search, e.g. search for 2.5 , I go with 2.5000000 for getting a good result

 

[wert521451]

In many games you are able to get something reduce by the same amount as you play. For example, pull the trigger and fire one shot, get hit and loose some health, cast a spell and use some amount of your MP bar.

There are a number of possibilities how the data may be represented in the game memory. Firstly the data type, secondly how much of it represent the amount, also whether it increase or decrease with use ( for example ammo can be shown as what is remaining on screen while in game code what is the useful one is how many shots has been fired )

The most common approach I would do is first assume u32 and decreasing, if not successful try f32 and decreasing, if not successful try f64 and decreasing, if not successful try u32 and increasing, if not successful try f32 and increasing, if not successful try f64 and increasing.

Before edizon se 3.8.29 the fact that the amount of change can be made the same can't be put to good use. With this version I have added feature to enable you to make a 4 in 1 search for the item that you can make to change the same amount.

To illustrate I will use the game Kirby and the Forgotten Land, the item we are searching is the life bar.
When the bar is full do a "SAME" search. (Dpad up on search tab)
Get hit by the enemy.
Perform a "NotA" search. (Dpad down twice)
Get hit by the enemy.
Perform a "DiffBA" search. (Dpad down twice)
Get hit by the enemy
Perform a "DiffBA" search.

Check the results to see if we have found the targets.
Look for the candidates in u32 and f32. (ZL+L and ZL+R to change the datatype)
The actual life is u32, the bar on screen is f32 and there is a bonus value that count how many times you get hit.
View attachment 300738View attachment 300739

Hello, can you find simple changes in this search method? For example, the game achievement is changed from 00 to 01, and then it is always 01. Can you search for a simple change? thank

 

[FAST6191]

Hello, can you find simple changes in this search method? For example, the game achievement is changed from 00 to 01, and then it is always 01. Can you search for a simple change? thank

Achievements/trophies in many systems will be external to the game and more menu level things or separate concepts within the game.

Anyway to search for things like that you have two main approaches.

1) Get used to savestates and old saves.
If you say need 200 kills to get a trophment you find the kill counter/countdown instead (should be standard cheat search, do also bear in mind you can make it easier by giving yourself infinite ammo/health/potions/...) and then save at 199. Get that extra kill and do the search for things that changed between then and now, restore savestate and try again, restore savestate and don't get the kill but see what stayed the same (hopefully eliminating any background animations/music/... that so happened to change). Repeat until you find it, hopefully it is as simple as a savestate and not needing a 5 minute save reload or a 10 minute profile restoration/new profile and replay, and also hopefully you don't fat finger the search button and search the wrong thing and wipe out any progress.

2) You do a debugging session based on the value/conditions.
In the case of the 200 kills thing above then somewhere in the game will be something that checks the kill counter. Set a break on read to the kill counter and somewhere in the mix will be some kind IF greater than 200 then goto trophment else carry on. Hopefully that does not happen every frame and instead maybe every time the kill counter is added to (in which case break on write might be a better choice and analysing code surrounding that).

This might not work if it is menu level/emulator level -- most retro achievements are basically cheat searches that found a kill counter or some series of values (if the level counter went up and the health value did not change throughout that then *ping* completed a level undamaged).

As ever you can also move sideways, though this can be harder. Anyway if there is a permanent flag but it is next to something else that changes enough to be searched for then find that something else and then look at the area surrounding it as most flags don't sit alone in memory and are usually in a nice table of some form.

Do also check the flag change does not happen as a result of an item in your inventory you can't drop as in that case you are back with inventory cheats (and probably moving sideways -- get infinite money, buy lots of start town daggers and then find out if this is a location based counter or a item value counter, though key items might be a separate concept so see if you can find, and possibly lose, a key item).

 

[Eiffel2018]

Achievements/trophies in many systems will be external to the game and more menu level things or separate concepts within the game.

Anyway to search for things like that you have two main approaches.

1) Get used to savestates and old saves.
If you say need 200 kills to get a trophment you find the kill counter/countdown instead (should be standard cheat search, do also bear in mind you can make it easier by giving yourself infinite ammo/health/potions/...) and then save at 199. Get that extra kill and do the search for things that changed between then and now, restore savestate and try again, restore savestate and don't get the kill but see what stayed the same (hopefully eliminating any background animations/music/... that so happened to change). Repeat until you find it, hopefully it is as simple as a savestate and not needing a 5 minute save reload or a 10 minute profile restoration/new profile and replay, and also hopefully you don't fat finger the search button and search the wrong thing and wipe out any progress.

2) You do a debugging session based on the value/conditions.
In the case of the 200 kills thing above then somewhere in the game will be something that checks the kill counter. Set a break on read to the kill counter and somewhere in the mix will be some kind IF greater than 200 then goto trophment else carry on. Hopefully that does not happen every frame and instead maybe every time the kill counter is added to (in which case break on write might be a better choice and analysing code surrounding that).

This might not work if it is menu level/emulator level -- most retro achievements are basically cheat searches that found a kill counter or some series of values (if the level counter went up and the health value did not change throughout that then *ping* completed a level undamaged).

As ever you can also move sideways, though this can be harder. Anyway if there is a permanent flag but it is next to something else that changes enough to be searched for then find that something else and then look at the area surrounding it as most flags don't sit alone in memory and are usually in a nice table of some form.

Do also check the flag change does not happen as a result of an item in your inventory you can't drop as in that case you are back with inventory cheats (and probably moving sideways -- get infinite money, buy lots of start town daggers and then find out if this is a location based counter or a item value counter, though key items might be a separate concept so see if you can find, and possibly lose, a key item).

The key is how to get the address where those 0s and 1s are stored.
Singular items or events/achievements etc, often stored as 01010101 or FFFFFFFF

It is very difficult (probably impossible) to obtain such an address only through CheatVM (like EdizonSE).

For this, comparing save files is a good way to

First you can use DBI, copy a save file;
Then make a little change and save again, then compare the 2 save files
This will give you a chance to get the data pattern of the project/event section

Finally search for the pattern in EdizonSE. and track that address through GDB. Then we can make a rare cheat function

 

[FAST6191]

The key is how to get the address where those 0s and 1s are stored.
Singular items or events/achievements etc, often stored as 01010101 or FFFFFFFF

It is very difficult (probably impossible) to obtain such an address only through CheatVM (like EdizonSE).

For this, comparing save files is a good way to

First you can use DBI, copy a save file;
Then make a little change and save again, then compare the 2 save files
This will give you a chance to get the data pattern of the project/event section

Finally search for the pattern in EdizonSE. and track that address through GDB. Then we can make a rare cheat function

Are you still finding flags buried in with other values? Most things I see on vaguely modern systems are individual bytes given over to each concept as memory is no longer that valuable.
Combined values can be used for in battle status effects (said combinations usually seeing some kind of boolean logic done as a mask for their respective commands/calculations) and control states but generally full ints or whatever are declared for what are binary in the classical sense of the term values in most modern games I play with, not to mention most cheat searches will tend to start from a "fresh/clean" state anyway.