Memory Hacking Software

[BrollyLSSJ]

I was just playing a little-bit with MHS to get the values for SUPER Combo and ULTRA Combo, but every time after some sub search, SF4 closes itself and one time MHS crashed. But using TSearch worked fine (though the adresses were always different after a match, so I wanted to try MHS again to find a pointer for the values. Could you maybe take a look into that problem?

[liqmysaq]

maybe u have your MHS set to pause the process when searching. that will cause the game to crash in alot of games. when u click the new search button (single magnify glass) click on the button that says General Search Options (or click Tools -> Options -> General Search tab) and uncheck the box next to Pause Target Process. that would explain why u get crashed after every search. hopefully that fixes it for ya.

[BrollyLSSJ]

Thank you, that seems to have solved it. Is there a way to find a pointer to a specific address? The address I found is 0D84DE6E, but when i try to find it in pointer search, it says, it isn't dividable by 4.

[liqmysaq]

thats probably not the right address or maybe its a short and not a long. open the hex editor and see what all changes when u use the address.
the address is probably 0D84DE6C or 0D84DE70 if its a long.

[BrollyLSSJ]

Thank you. I will try it next time (have to search the address again, as it gets changed every time I start a new match. I found that address searching for unassigned short, as it only got a value from 0 to 1000, two other addresses I found, got also from 0 to 1000 and one from 0 to 400.

[BrollyLSSJ]

Ok, I found the following addresses:

1424CB56
1424CB4A
1424CB5E
1424CB6A

. I took a look in the hex editor and if i change the value for like 1424CB56, it changes the four things under the 6 and the 7 in the line 1424CB50. If I change the type to a long, it marks the 6 to the 9 in that line. Should I try to search for the values (E8 03 00 00) in the pointer search?

[WhiteHat]

I was just playing a little-bit with MHS to get the values for SUPER Combo and ULTRA Combo...

Hi... I have this game too and am curious what kind of value are they ?
Power, Damage or something else ? Or are they just indexes value, like 1000 = Super Combo and 2000 = Ultra Combo ?

Thanks in advance...

[liqmysaq]

if u change the value using MHS and its a long of course 4 of the bytes will change, you just changed them. you need to make the value change by doing something in the game. so its a completely legit change. then u look in hex editor and see whats changed.

ur probably right if the value goes no higher than 1000, its likely a short. if u found other addresses that do what u want, have you tried finding pointers for them? i assume that you have.. and they must give you the same problem.

EDIT: i was lookin around on cheat engine forums and i came across a table for SF4. its for unlocking things.. its unrelated to this thread other than its for SF4. you can try to convert the CT into an lssave using CoMPMStR's CT <-> LSSAVE converter (its a CE 5.5 table so i dont know if it can decode it or not, im sure it can though. if it doesnt work then open it in cheat engine and copy the addresses into ur MHS lol).
heres a link to the table at cheat engine forum: http://forum.cheatengine.org/viewtopic.php?t=433780 (links to cheat engine forum, so open in a new tab/window)

[BrollyLSSJ]

My numbers were for Health, Healthrefreshment (when you do a focus attack and get hit, but successfully hit the enemy with it, your lost health get "refunded"), Super Combo and Ultra Combo. Health and Super Combo are at maximum, if they are at 1000. Ultra Combo is maximum if it is at 400. I've already unlocked the characters. It was easy on the easiest difficulty.

[L. Spiro]

The Pointer Search assumes a 4-byte pointer to a 4-byte value (the principle behind the Pointer Search is meant to be simple anyway, so this is not really a flaw).


The value you have is an unsigned short, which can indeed be aligned to a byte boundary other than 4.
In this special case, simply put your address into a Data-Type Search -> Unsigned Long/Exact Value search.
In other words, search for an Unsigned Long whose is your address (0D84DE6E in your first example).

Once found, you can change the type from Unsigned Long to Void so that it will be treated as an address instead of a number.


If you are going to put the target value (at address 0D84DE6E) into the main list directly, you must set its type to [n]Unsigned Short[/b].

You must also use this type to search for them.


L. Spiro

[BrollyLSSJ]

Thank you. I will try it as soon as I have time =)

[BrollyLSSJ]

I am getting a "not found" message box for the new addresses i found.

[[Psych]]

Just a note about the pausing crash. To pause, the debugger needs to be attached, and when this happens Xlive freaks out. It performs various checks on the game's memory and has various anti-debug tricks. So, making sure the process isn't paused while scanning should be the solution for this. It will slow the scan down a bit, but it should avoid the crash.

[BrollyLSSJ]

The crashing problem was already solved , but i still am not able to find the addresses. Do I have to change them to Long before searching for them?

[[Psych]]

Haven't trained it so can't offer specific advice. However, if you aren't bringing anything up then try a different data-type. LONG is your standard 4-byte DWORD scans, which you generally start with for variables such as ammo etc, which tend to be integers/whole numbers only (IE, not REAL numbers/decimalised).

You should start with those scans. You will also bring up single-precision FLOATs with that scan, as they are essentially 4-bytes in length too; they just won't 'look right' when you see them visually (in the scan window). If you can't pick anything up, then drop to 2-byte/WORD searches, and failing that, drop to BYTE searches. A lot of games use 2-byte for variables such as ammo.

Now for health, in a fighting game like this (or, well, most games actually) you'll most likely just have an energy 'bar' with no visual amount displayed. So you have to start with an unknown value scan. Then search decreased and increased on your next 'sub-searches' depending on whether you gain or lose health. Eventually you will narrow down to only a handful of addresses, which you can then modify of freeze to isolate the real one.

I very much doubt anything will be encrypted on a game like this (it's only street fighter!), however stranger things have happened. As this game uses Xlive, it may be making use of it's 'protected buffers'. Basically, all this means is that certain variables can be 'routed through' these protected buffers, encrypting it as it goes along. Like GTA4 for most of it's stuff. The only way to nail an encrypted value is to search unknown, then changed and unchanged searches. These are lengthy and time-consuming, and you may be left with many addresses to filter through.

Anyway, i'm guessing you'll get by fine by using a different datatype if you fail on using LONG. So give it a go and report back. Remember, that if you die, then you're health will most likely be allocated to a different memory spot (due to DMA) so if this happens you will have to restart the scan. It won't work if you search, lose some health, search, die, search, respawn, search (as you'll have lost it already). Mix it up a bit by making use of the in-game pause and using some unchanged/stayed the same searches.

Good luck, report back

~Psych