sk7net escribió:Una pregunta: ¿que son los trainers que mencionais?
![[poraki]](/images/smilies/nuevos/dedos.gif "por aquí!")
Super Vegeta escribió:sk7net escribió:Una pregunta: ¿que son los trainers que mencionais?
trucos al estilo como antes era el action replay, pero metidos en el propio juego.
![[oki]](/images/smilies/net_thumbsup.gif "Ok!")
Needed:
xppdll.xex - must be in the same directory as *Trainer_RIGHTSTICK.xex
xpploadersample source code
Game memory address you will be poking
Recommended
xextool - command -l (To get game title ID)
Loader Coding - xpploadersample
line 73
Spoiler
0x434307FC = title Id (Super Street Fighter IV)
game:\\434307FC.txt = cheat text location
XINPUT_GAMEPAD_RIGHT_THUMB = click right thumb stick to activate / deactivate cheat
SetupCheats(0x434307FC, "game:\\434307FC.txt", XINPUT_GAMEPAD_RIGHT_THUMB);
Coding Cheat
434307FC.txt must be in the same location as default.xex, *Trainer_RIGHTSTICK.xex and appdll.xex
Spoiler
XPP codetypes (by the2000 [aka extra2000])
This document describes valid codetypes used by XPowerPlay.
**NOTE: All values of X, A, V, & N are in hexadecimal format unless specified
otherwise. Do not prepend values with any prefixes(0x, $, etc.).
================================================================================
Write Commands
================================================================================
0 = 8 bit write
1 = 16 bit write
2 = 32 bit write
Format:
XX AAAAAAAA VVVVVVVV
XX = 0/1/2
AAAAAAAA = address in memory
VVVVVVVV = value
VVVVVVVV is written to memory location AAAAAAAA.
Example:
2 85400010 00FF00FF
The code above writes 00FF00FF(in 32 bits) to 85400010.
================================================================================
And Commands
================================================================================
3 = 8 bit And
4 = 16 bit And
5 = 32 bit And
Format:
XX AAAAAAAA VVVVVVVV
XX = 3/4/5
AAAAAAAA = address in memory
VVVVVVVV = value
The value at memory location AAAAAAAA is bitwise anded with VVVVVVVV. The result
is written to memory location AAAAAAAA.
Example:
4 85400010 0F0F
The code above will obtain the 16 bit value at 85400010, then apply bitwise and
of 0F0F to that value. The resulting value is stored back 85400010 afterwards.
================================================================================
Or Commands
================================================================================
6 = 8 bit Or
7 = 16 bit Or
8 = 32 bit Or
Format:
XX AAAAAAAA VVVVVVVV
XX = 6/7/8
AAAAAAAA = address in memory
VVVVVVVV = value
The value at memory location AAAAAAAA is bitwise ored with VVVVVVVV. The result
is written to memory location AAAAAAAA.
Example:
6 85400010 FF
The code above will obtain the 8 bit value at 85400010, then apply bitwise or of
FF to that value. The resulting value is stored back 85400010 afterwards.
================================================================================
Xor Commands
================================================================================
9 = 8 bit Xor
A = 16 bit Xor
B = 32 bit Xor
Format:
XX AAAAAAAA VVVVVVVV
XX = 9/A/B
AAAAAAAA = address in memory
VVVVVVVV = value
The value at memory location AAAAAAAA is bitwise xored with VVVVVVVV. The result
is written to memory location AAAAAAAA.
Example:
B 85400010 FF008800
The code above will obtain the 32 bit value at 85400010, then apply bitwise xor
of FF008800 to that value. The resulting value is stored back 85400010
afterwards.
================================================================================
Increment Commands
================================================================================
C = 8 bit Increment
D = 16 bit Increment
E = 32 bit Increment
Format:
XX AAAAAAAA VVVVVVVV
XX = C/D/E
AAAAAAAA = address in memory
VVVVVVVV = value
The value at memory location AAAAAAAA is added with VVVVVVVV. The result is
written to memory location AAAAAAAA.
Example:
E 85400010 0000FFFF
The code above will obtain the 32 bit value at 85400010, 0000FFFF will be added
to that 32 bit value. The sum will be stored back to 85400010 afterwards.
================================================================================
Decrement Commands
================================================================================
F = 8 bit Decrement
10 = 16 bit Decrement
11 = 32 bit Decrement
Format:
XX AAAAAAAA VVVVVVVV
XX = F/10/11
AAAAAAAA = address in memory
VVVVVVVV = value
The value at memory location AAAAAAAA is subtracted with VVVVVVVV. The result is
written to memory location AAAAAAAA.
Example:
10 85400010 1010
The code above will obtain the 16 bit value at 85400010. That value will be
subtracted with 1010. The difference will be stored back to 85400010 afterwards.
================================================================================
Equal Test Commands
================================================================================
12 = 8 bit Equal
13 = 16 bit Equal
14 = 32 bit Equal
Format:
XX AAAAAAAA VVVVVVVV NN
XX = 12/13/14
AAAAAAAA = address in memory
VVVVVVVV = value
NN = number of lines to skip/apply
If the value at memory location AAAAAAAA is equal to VVVVVVVV, XPP will
apply the NN lines of codes directly below this code. Else, NN lines of codes
directly below this code will be skipped.
Example:
12 85400010 AA 01
02 8540FF70 0098967F
The code above will obtain the 8 bit value at 85400010. If the value is equal to
AA, then the code below it will be executed. Otherwise it will be skipped.
================================================================================
Not Equal Test Commands
================================================================================
15 = 8 bit Not Equal
16 = 16 bit Not Equal
17 = 32 bit Not Equal
Format:
XX AAAAAAAA VVVVVVVV NN
XX = 15/16/17
AAAAAAAA = address in memory
VVVVVVVV = value
NN = number of lines to skip/apply
If the value at memory location AAAAAAAA is not equal to VVVVVVVV, XPP will
apply the NN lines of codes directly below this code. Else, NN lines of codes
directly below this code will be skipped.
Example:
15 85400010 AA 02
01 8540FF70 0098
01 8540FF72 967F
The code above will obtain the 8 bit value at 85400010. If the value is not
equal to AA, then the 2 codes below it will be executed. Otherwise, these codes
will be skipped.
================================================================================
Greater Than Test Commands
================================================================================
18 = 8 bit Greater Than
19 = 16 bit Greater Than
1A = 32 bit Greater Than
Format:
XX AAAAAAAA VVVVVVVV NN
XX = 18/19/1A
AAAAAAAA = address in memory
VVVVVVVV = value
NN = number of lines to skip/apply
If the value at memory location AAAAAAAA is greater than to VVVVVVVV, XPP will
apply the NN lines of codes directly below this code. Else, NN lines of codes
directly below this code will be skipped.
Example:
19 85400010 AAFF 04
00 8540FF70 00
00 8540FF71 98
00 8540FF72 96
00 8540FF73 7F
The code above will obtain the 16 bit value at 85400010. If the value is greater
than AAFF, then the 4 codes below it will be executed. Otherwise, these codes
will be skipped.
================================================================================
Less Than Test Commands
================================================================================
1B = 8 bit Less Than
1C = 16 bit Less Than
1D = 32 bit Less Than
Format:
XX AAAAAAAA VVVVVVVV NN
XX = 1B/1C/1D
AAAAAAAA = address in memory
VVVVVVVV = value
NN = number of lines to skip/apply
If the value at memory location AAAAAAAA is less than to VVVVVVVV, XPP will
apply the NN lines of codes directly below this code. Else, NN lines of codes
directly below this code will be skipped.
Example:
1C 85400010 AAFF 04
00 8540FF70 00
00 8540FF71 98
00 8540FF72 96
00 8540FF73 7F
The code above will obtain the 16 bit value at 85400010. If the value is less
than AAFF, then the 4 codes below it will be executed. Otherwise, these codes
will be skipped.
================================================================================
Multi-write Commands (Condensed Codes)
================================================================================
1E = 8 bit Less Than
1F = 16 bit Less Than
20 = 32 bit Less Than
Format:
XX AAAAAAAA VVVVVVVV NN SSSS IIII
XX = 1E/1F/20
AAAAAAAA = initial address in memory
VVVVVVVV = initial value value
NN = number of times to write
SSSS = offset from one code to the next
IIII = increment of one value to the next
VVVVVVVV will be written to AAAAAAAA. This will be done NN times, while
incrementing AAAAAAAA with SSSS every iteration, and incrementing VVVVVVVV with
IIII every iteration.
Example:
1F 82550010 0000 04 2000 1000
The code above expands to:
1 82550010 0000
1 82552010 1000
1 82554010 2000
1 82556010 3000
Sample Cheat - Tales of Vesperia[4E4D07E9]
Spoiler
#Tales of Vesperia[4E4D07E9]
#Infinite Gald
2 8274BD88 05F5E0FF
#Yuri Codes
#Max Level
2 82750778 000000C8
#Infinite/Max HP
2 8275077C 0000270F
2 82750784 0000270F
2 82750794 0000270F
#Infinite/Max MP
2 82750780 000003E7
2 82750788 000003E7
2 82750798 000003E7
#Infinite Experience
2 82750790 05F5E0FF
#Max Attack
2 82750868 0000270F
#Max Magic Attack
2 8275086C 0000270F
Constants for gamepad buttons
Spoiler
XINPUT_GAMEPAD_DPAD_UP
XINPUT_GAMEPAD_DPAD_DOWN
XINPUT_GAMEPAD_DPAD_LEFT
XINPUT_GAMEPAD_DPAD_RIGHT
XINPUT_GAMEPAD_START
XINPUT_GAMEPAD_BACK
XINPUT_GAMEPAD_LEFT_THUMB
XINPUT_GAMEPAD_RIGHT_THUMB
XINPUT_GAMEPAD_LEFT_SHOULDER
XINPUT_GAMEPAD_RIGHT_SHOULDER
[TUT] How to poll for button presses for a trainer
credit to brienj
This is a tutorial on how to poll your controllers for button presses, so you can use the values for a trainer. This tutorial assumes you know how to open an xex file in IDA Pro and know how to already make a trainer. This tutorial will just tell you how to get the values that are contained in each register when people press buttons on their controllers. It is still unknown by me on how to get values for triggers on wireless controllers though. Perhaps when I get my own actual wireless controller I can do some more testing on it.
Ok, we will use the default.xex file for Dead Rising 2 for this tutorial. This is the original xex, except this one has been set to debug. The first step is to load the xex file into IDA Pro using xorloser's plugins. Next, go to the Function window and look for the "XamInputGetState" function:
Once you find that function, you double-click on it, and you will be taken to the function
Next you will double-click on this highlighted area here, which will take you to the function that calls this function
Now we are at function sub_826A11C0
You'll notice that this has two functions that call it
I have decided to go with the bottom calling function
So double-click that and it takes you to an actual function that should always get called now, but I have highlighted the function call that calls the controller stuff
Now the function AFTER the return from the controller function is where we can hook in and get the values, and I've highlighted that here
So you would put a branch function, to wherever you are branching to, then make sure you include "cmplwi %r3, 0" BEFORE you return to 828B50C0.
Now to let you know what the values should be to look for at this point.
First things first. If r3 is NOT 0, then return control back and do nothing, as the function is doing something other than polling the controllers at that point. If r3 is NOT 0, it is NOT checking the controllers. This is useful, because if r3 is 0, you can use r3 for whatever use you want, as long as you set the value of r3 back to 0 before returning control back to game and performing the "cmplwi %r3, 0" function. This is also true for the other registers, just make sure after you check them, and use them for other things, that you set them back to what they are, or if you notice later on in the function if a value will be loaded into a register, it won't matter anyway, as in the case of r11, which has a value loaded into it later on in the function, whether it jumps or not.
Ok, now that you know that r3 determines if it's actually polling the controllers if it is zero, I'll list all the important registers and the values they will contain:
r3 = 0 (This means that the game is actually checking your controllers)
r10 = 0 (when a face button is pressed, not trigger though) (Wired and Wireless)
r5 = left trigger value (00 - FF) (Wired ONLY)
r7 = right trigger value (00 - FF) (Wired ONLY)
r11 = value of button presses (do a cmplwi on it)
r6 = value of button presses (Wired ONLY, better to just use r11 anyway)
Button Press Table (Add values together if pressed together):
D-Pad Up: 1
D-Pad Down: 2
D-Pad Left: 4
D-Pad Right: 8
Start = 10
Back = 20
LSB = 40
RSB = 80
LB = 100
RB = 200
A Button = 1000
B Button = 2000
X Button = 4000
Y Button = 8000
e.g. Back + LB + X = 4120
Needed Files Attached
Attached Files
Attached File xpp0.2a.zip 3.32MB
