├── Memlocs
├── UO.rcnet
├── CLoS-PC.ods
├── DSR.rcnet
├── DaS-IDs.ods
├── FTL.rcnet
├── DaS-debug.rcnet
├── Deathloop.rcnet
├── DSR-PC-Memlocs.ods
├── DaS-PC-memlocs.ods
├── DmC-PC-memlocs.ods
├── Pandemic-UWP.rcnet
├── DaS-CE-code(old).ods
├── DaS-FileFormats.ods
├── DaS3-PC-memlocs.ods
├── DeS-PS3-memlocs.ods
├── DeS-PS3-savelocs.ods
├── GoW1-PS3-memory.ods
├── GoW2-PS3-memlocs.ods
├── PSTEE-PC-memlocs.ods
├── Risen-PC-memlocs.ods
├── SWTFU-PC-memlocs.ods
├── SP-TSOT-PC-memlocs.ods
├── StateOfDecay2-MS.rcnet
├── DeS-PS3-LUA-Functions.ods
├── Pandemic-UWP-exelocs.ods
├── SoT-MS-2.113.2405.2.rcnet
├── SoT-MS-2.113.5908.2.rcnet
├── GoW-Steam-1.0.438.9704.rcnet
├── GoW-Steam-1.0.441.9126.rcnet
├── KingdomCome-MS-1.9.4.0.rcnet
├── PS4RemotePlay-PC-memlocs.ods
├── DaS-PC-memlocs-debug(old).ods
├── Dishonored2-UWP-1.77.9.0.rcnet
├── EldenRing-Steam-1.3.0.0.rcnet
├── EldenRing-Steam-1.3.1.0.rcnet
├── EldenRing-Steam-1.3.2.0.rcnet
├── FortuneStreet-Wii-FileInfo.ods
├── FortuneStreet-Wii-memlocs.ods
├── GoWR-Steam-1.0.614.9211.rcnet
├── GoWR-Steam-1.0.618.4551.rcnet
├── MedievalDynasty-GOG-2.4.0.4.rcnet
├── KingsBounty-TheLegend-PC-memlocs.ods
├── DeS-PS3-Thens-mdlviewlist.loadlistlist
├── DarkSoulsRemastered-Steam-1.3.1.0.rcnet
├── Celeste-MS.CT
├── GoW3-PS3-NPUA70080_101.ct
├── GoW1-PS3-NPUA80490_101-ToggleInfiniteJumps.txt
├── GoW1-PS2-SCUS97467.CT
├── GoW1-PS2-FLP.bt
├── GoW1-PS3-NPUA80490_101-Savefile.bt
├── GoW2-PS3-NPUA80491_101.CT
├── SuperMeatBoy.CT
├── DarkestDungeon.CT
├── GoW2-PS3-assembly-R3=save.txt
├── GoW3-PS3-BCUS98111_103-Savefile.bt
├── GoW2-PS3-savelocs.txt
├── GoW3-PS3-BCUS98111_103-InfiniteJumps.txt
├── Medieval_Dynasty-GOG-2.4.0.4.CT
├── _rint-file.txt
├── FTL.CT
├── wo.CT
├── EldenRing-Steam-1.3.1.0.ct
├── SuperMeatBoy-PS-DeathCounter.txt
├── Celeste-MS-PS-DeathCounter.txt
├── GoW3-PS3-BCUS98111_103.txt
├── DeS-PS3-BLUS30443_100_LogoSkip.txt
├── DeS-PS3-BLUS30443_100_LoadSysPropsFromFile.txt
├── DeS-PS3-BLUS30443_100_LoadM99Luabnd.txt
├── ssbm.CT
├── GoWR-Steam-1.0.614.9211-Savefile.bt
├── GOWA-PS3-savelocs.txt
├── GoW1-PS3-NPUA80490_101-UnlockCam.txt
├── GoW3-PS3-BCUS98111_103-RPCS3SaveDumper.txt
├── GoW1-PS3-NPUA80490_101-RPCS3SaveDumper.txt
├── GoW2-PS3-memlocs.txt
├── JumpKing-PS-Counters.txt
├── gow.CT
├── KingdomCome-MS-1.9.4.0.CT
├── DeS-PS3-BLUS30443_100_NoDcxSdat.txt
├── _rint-memory.txt
├── GoW1-PS2-Wadfile.bt
├── GoWR-Steam-1.0.614.134.CT
├── StateOfDecay2-SetDemoMode.txt
├── StateOfDecay2-SetTimeDilation.txt
├── GoW-Steam-1.0.438.9704.CT
├── GoW3-PS3-memlocs.txt
├── PokemonPlatinum-PS-DeSmuME.txt
├── GoW-Steam-1.0.441.9126.CT
├── StateOfDecay2-ObjectDump.txt
├── DeS-PS3-BLUS30443_100_ModdingTutChanges.txt
├── DeS-PS3-BLUS30443_100_ModdingTutorialScript_Part5_m08_00_00_00.txt
└── Dishonored2-UWP-1.77.9.0.CT
├── .gitattributes
└── .gitignore
/Memlocs/UO.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/UO.rcnet
--------------------------------------------------------------------------------
/Memlocs/CLoS-PC.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/CLoS-PC.ods
--------------------------------------------------------------------------------
/Memlocs/DSR.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DSR.rcnet
--------------------------------------------------------------------------------
/Memlocs/DaS-IDs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-IDs.ods
--------------------------------------------------------------------------------
/Memlocs/FTL.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/FTL.rcnet
--------------------------------------------------------------------------------
/Memlocs/DaS-debug.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-debug.rcnet
--------------------------------------------------------------------------------
/Memlocs/Deathloop.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/Deathloop.rcnet
--------------------------------------------------------------------------------
/Memlocs/DSR-PC-Memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DSR-PC-Memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DaS-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DmC-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DmC-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/Pandemic-UWP.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/Pandemic-UWP.rcnet
--------------------------------------------------------------------------------
/Memlocs/DaS-CE-code(old).ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-CE-code(old).ods
--------------------------------------------------------------------------------
/Memlocs/DaS-FileFormats.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-FileFormats.ods
--------------------------------------------------------------------------------
/Memlocs/DaS3-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS3-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DeS-PS3-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-savelocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DeS-PS3-savelocs.ods
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS3-memory.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoW1-PS3-memory.ods
--------------------------------------------------------------------------------
/Memlocs/GoW2-PS3-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoW2-PS3-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/PSTEE-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/PSTEE-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/Risen-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/Risen-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/SWTFU-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/SWTFU-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/SP-TSOT-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/SP-TSOT-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/StateOfDecay2-MS.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/StateOfDecay2-MS.rcnet
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-LUA-Functions.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DeS-PS3-LUA-Functions.ods
--------------------------------------------------------------------------------
/Memlocs/Pandemic-UWP-exelocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/Pandemic-UWP-exelocs.ods
--------------------------------------------------------------------------------
/Memlocs/SoT-MS-2.113.2405.2.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/SoT-MS-2.113.2405.2.rcnet
--------------------------------------------------------------------------------
/Memlocs/SoT-MS-2.113.5908.2.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/SoT-MS-2.113.5908.2.rcnet
--------------------------------------------------------------------------------
/Memlocs/GoW-Steam-1.0.438.9704.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoW-Steam-1.0.438.9704.rcnet
--------------------------------------------------------------------------------
/Memlocs/GoW-Steam-1.0.441.9126.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoW-Steam-1.0.441.9126.rcnet
--------------------------------------------------------------------------------
/Memlocs/KingdomCome-MS-1.9.4.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/KingdomCome-MS-1.9.4.0.rcnet
--------------------------------------------------------------------------------
/Memlocs/PS4RemotePlay-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/PS4RemotePlay-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DaS-PC-memlocs-debug(old).ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DaS-PC-memlocs-debug(old).ods
--------------------------------------------------------------------------------
/Memlocs/Dishonored2-UWP-1.77.9.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/Dishonored2-UWP-1.77.9.0.rcnet
--------------------------------------------------------------------------------
/Memlocs/EldenRing-Steam-1.3.0.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/EldenRing-Steam-1.3.0.0.rcnet
--------------------------------------------------------------------------------
/Memlocs/EldenRing-Steam-1.3.1.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/EldenRing-Steam-1.3.1.0.rcnet
--------------------------------------------------------------------------------
/Memlocs/EldenRing-Steam-1.3.2.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/EldenRing-Steam-1.3.2.0.rcnet
--------------------------------------------------------------------------------
/Memlocs/FortuneStreet-Wii-FileInfo.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/FortuneStreet-Wii-FileInfo.ods
--------------------------------------------------------------------------------
/Memlocs/FortuneStreet-Wii-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/FortuneStreet-Wii-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/GoWR-Steam-1.0.614.9211.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoWR-Steam-1.0.614.9211.rcnet
--------------------------------------------------------------------------------
/Memlocs/GoWR-Steam-1.0.618.4551.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/GoWR-Steam-1.0.618.4551.rcnet
--------------------------------------------------------------------------------
/Memlocs/MedievalDynasty-GOG-2.4.0.4.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/MedievalDynasty-GOG-2.4.0.4.rcnet
--------------------------------------------------------------------------------
/Memlocs/KingsBounty-TheLegend-PC-memlocs.ods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/KingsBounty-TheLegend-PC-memlocs.ods
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-Thens-mdlviewlist.loadlistlist:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DeS-PS3-Thens-mdlviewlist.loadlistlist
--------------------------------------------------------------------------------
/Memlocs/DarkSoulsRemastered-Steam-1.3.1.0.rcnet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wulf2k/Game-MemLocs/HEAD/Memlocs/DarkSoulsRemastered-Steam-1.3.1.0.rcnet
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 |
7 | # Standard to msysgit
8 | *.doc diff=astextplain
9 | *.DOC diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot diff=astextplain
13 | *.DOT diff=astextplain
14 | *.pdf diff=astextplain
15 | *.PDF diff=astextplain
16 | *.rtf diff=astextplain
17 | *.RTF diff=astextplain
18 |
--------------------------------------------------------------------------------
/Memlocs/Celeste-MS.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Deaths"
7 | 0
8 | 4 Bytes
9 | Celeste.dll+0x75bb88
10 |
11 | 54
12 |
13 |
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Windows image file caches
2 | Thumbs.db
3 | ehthumbs.db
4 |
5 | # Folder config file
6 | Desktop.ini
7 |
8 | # Recycle Bin used on file shares
9 | $RECYCLE.BIN/
10 |
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 |
17 | # Windows shortcuts
18 | *.lnk
19 |
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 |
24 | # OSX
25 | # =========================
26 |
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 |
31 | # Thumbnails
32 | ._*
33 |
34 | # Files that might appear in the root of a volume
35 | .DocumentRevisions-V100
36 | .fseventsd
37 | .Spotlight-V100
38 | .TemporaryItems
39 | .Trashes
40 | .VolumeIcon.icns
41 |
42 | # Directories potentially created on remote AFP share
43 | .AppleDB
44 | .AppleDesktop
45 | Network Trash Folder
46 | Temporary Items
47 | .apdisk
48 | Memlocs/~$DSR-PC-Memlocs.ods
49 |
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-NPUA70080_101.ct:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 1
6 | "xpos"
7 | 0
8 | Custom
9 | Float Big Endian
10 | 35659960+80
11 |
12 |
13 | 0
14 | "CurrHp"
15 | 0
16 | Custom
17 | Float Big Endian
18 | 35659AF4
19 |
20 |
21 | 3
22 | "checkpoint"
23 | 1
24 | 0
25 | Custom
26 | 4 Bytes Big Endian
27 | 005FBEC0
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS3-NPUA80490_101-ToggleInfiniteJumps.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $path = "D:\Emus\PS3\dev_hdd0\game\NPUA80490\USRDIR\EBOOT.BIN"
5 |
6 |
7 |
8 | $ba = [System.IO.File]::ReadAllBytes($path)
9 | #----------------------------------------------------------------------------------
10 | Function RUInt32
11 | {
12 | Param (
13 | $addr
14 | )
15 | [bitconverter]::ToUInt32($ba,$addr)
16 | }
17 | #----------------------------------------------------------------------------------
18 | Function WBytes
19 | {
20 | Param (
21 | $addr,
22 | $wb
23 | )
24 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
25 | }
26 | #----------------------------------------------------------------------------------
27 |
28 | cls
29 |
30 | [byte[]] $oldcode = 0x80, 0x03, 0x02, 0xc0
31 | [byte[]] $newcode = 0x4e, 0x80, 0x00, 0x20
32 |
33 | if ((RUInt32 0) -ne 0x00454353) {
34 | "No match, BIN still encrypted?"
35 | } else {
36 | "First 4 bytes match"
37 |
38 | if ((RUint32 (0x080b08 - 0xF700)) -eq [UInt32]"0xc0020380") {
39 | "Original bytes found, patching in infinite jumps."
40 | WBytes (0x080b08 -0xF700) $newcode
41 | [System.IO.File]::WriteAllBytes($path, $ba)
42 | "Bytes written successfully"
43 | ""
44 | pause
45 | } else {
46 | if ((RUint32 (0x080b08 - 0xF700)) -eq 0x2000804e) {
47 | "Patched bytes found, restoring double jump."
48 | WBytes (0x080b08 -0xF700) $oldcode
49 | [System.IO.File]::WriteAllBytes($path, $ba)
50 | "Bytes written successfully"
51 | ""
52 | pause
53 | } else {
54 | "Unrecognized bytes found hook at location, no changes made."
55 | "Has EBOOT.BIN been resigned as NONDRM?"
56 | ""
57 | pause
58 | }
59 | }
60 | }
61 |
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS2-SCUS97467.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 1
6 | "Checkpoint -->"
7 | 1
8 | 0
9 | 4 Bytes
10 | 0032C838
11 |
12 |
13 | 2
14 | "Stance"
15 | 1
16 | 0
17 | 4 Bytes
18 | 0032C896
19 |
20 |
21 | 0
22 | "Red Orbs"
23 | 0
24 | Byte
25 | 0032C8BE
26 |
27 |
28 |
29 |
30 |
31 |
32 | checkpoint
33 | 0055F4E0
34 |
35 |
36 | camdata
37 | 31D116A0
38 |
39 |
40 | kratos
41 | 30A46C70
42 |
43 |
44 | flashInterface
45 | 30A1EA08
46 |
47 |
48 | goPlayer
49 | 31D0F264
50 |
51 |
52 |
53 |
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS2-FLP.bt:
--------------------------------------------------------------------------------
1 | //------------------------------------------------
2 | //--- 010 Editor v13.0 Binary Template
3 | //
4 | // File: God of War, *.FLP
5 | // Authors:
6 | // Version:
7 | // Purpose:
8 | // Category:
9 | // File Mask:
10 | // ID Bytes:
11 | // History:
12 | //------------------------------------------------
13 |
14 | typedef struct {
15 | uint id ;
16 | uint16 unk0x04 ;
17 | uint16 unk0x06 ;
18 | uint16 unk0x08 ;
19 | uint16 unk0x0a ;
20 |
21 | uint GlobalHandlerCount ; //Size 0x4
22 | uint GlobalHandlerPtr_0x10 ; //0x60
23 |
24 | uint MeshCount ; //Size 0x4, Size 0x8
25 | uint MeshPtr_0x18 ; //0x634
26 |
27 | uint FontCount ; //Size 0x780?
28 | uint FontPtr_0x20 ; //0x8c4
29 |
30 | uint StaticLabelCount ; //Size 0xA8?
31 | uint StaticLabelPtr_0x28 ; //0x104c
32 |
33 | uint DynamicLabelCount ;
34 | uint DynamicLabelPtr_0x30 ; //0x5a74
35 |
36 | uint Count6 ;
37 | uint unkPtr_0x38 ; //0x5e94
38 |
39 | uint Count7 ;
40 | uint unkPtr_0x40 ; //0x98dc
41 | uint unkPtr_0x44 ; //0x16470
42 |
43 | uint16 Count8 ;
44 | uint16 unk_0x4a ;
45 | uint unkPtr_0x4c ; //0x2296c
46 |
47 | uint16 unk0x50 ;
48 | uint16 unk0x52 ;
49 | uint unkPtr_0x54 ;
50 | uint16 StringsSize ;
51 | uint16 unk0x5a ;
52 | uint StringsPtr ;
53 | } HDR;
54 |
55 |
56 | LittleEndian();
57 | struct FILE {
58 | HDR header;
59 | } file ;
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS3-NPUA80490_101-Savefile.bt:
--------------------------------------------------------------------------------
1 | //------------------------------------------------
2 | //--- 010 Editor v9.0.1 Binary Template
3 | //
4 | // File:
5 | // Authors:
6 | // Version:
7 | // Purpose:
8 | // Category:
9 | // File Mask:
10 | // ID Bytes:
11 | // History:
12 | //------------------------------------------------
13 |
14 | BigEndian();
15 |
16 | //------------------------------------------------
17 |
18 |
19 |
20 | typedef struct {
21 | char Wad1[0xa];
22 | byte Wad1Active;
23 | char Wad2[0xa];
24 | byte Wad2Active;
25 | } wadState ;
26 |
27 | typedef struct {
28 | char unk1[0x30];
29 | float KratosPos[4];
30 | uint KratosStance ;
31 | char unk2[0x4c];
32 | } playerState ;
33 |
34 | typedef struct {
35 | char CamName[0x18];
36 | char CamWad[0x18];
37 | char unk[0x90];
38 | } cameraState ;
39 |
40 | typedef struct {
41 | char unk[0xec];
42 | } musicState ;
43 |
44 | typedef struct {
45 | char unk[0x1c4];
46 | } entityState ;
47 |
48 | typedef struct {
49 | byte WorldIdle;
50 | byte MusicVolume;
51 | byte SoundVolume;
52 | byte Vibration;
53 | byte WideScreen;
54 | byte DeFlicker;
55 | byte SoundMode;
56 | byte PowerUp_FirstTime;
57 | byte Costume_Choice;
58 | byte Difficulty;
59 | byte EndGame;
60 | } globalState ;
61 |
62 | typedef struct {
63 | float EntityTimeInSeconds;
64 | int EntityWarpWadSlot;
65 | int EntityWarpPlayerReady;
66 | int WadInfoNWads;
67 | } wadInfo ;
68 |
69 | uint cafebad1 ; //0x0
70 | uint Costume; //0x4
71 | wadState wads; //0x8
72 | playerState player; //0x1e
73 | cameraState camera; //0xae
74 | musicState music; //0x16e
75 | entityState entity; //0x25a
76 | globalState global; //0x41e
77 | wadInfo wad; //0x429
78 | FSeek(0x13ffc); uint checksum ; //0x13ffc
--------------------------------------------------------------------------------
/Memlocs/GoW2-PS3-NPUA80491_101.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Music Volume"
7 | 0
8 | Custom
9 | 4 Bytes Big Endian
10 | 307E306C
11 |
12 |
13 | 1
14 | "SFX Volume"
15 | 0
16 | Custom
17 | 4 Bytes Big Endian
18 | 307E3070
19 |
20 |
21 | 2
22 | "Invert Flight Controls"
23 | 0
24 | Custom
25 | 4 Bytes Big Endian
26 | 307E3078
27 |
28 |
29 | 4
30 | "Full Frame"
31 | 0
32 | Custom
33 | 4 Bytes Big Endian
34 | 307E307c
35 |
36 |
37 | 3
38 | "Hints/Tutorial"
39 | 0
40 | Custom
41 | 4 Bytes Big Endian
42 | 307E3088
43 |
44 |
45 | 5
46 | "checkpoint -->"
47 | 1
48 | 0
49 | Custom
50 | 4 Bytes Big Endian
51 | 5944e0
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/Memlocs/SuperMeatBoy.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Deaths"
7 |
8 | 0
9 | 4 Bytes
10 | SuperMeatBoy.exe+0x2d55ac
11 |
12 | 1c8c
13 |
14 |
15 |
16 | 1
17 | "deltaTime?"
18 |
19 | 0
20 | Float
21 | SuperMeatBoy.exe+0x2d6f9c
22 |
23 | 34
24 |
25 |
26 |
27 | 2
28 | "Frame Count?"
29 |
30 | 0
31 | 4 Bytes
32 | 00576FA4
33 |
34 |
35 | 3
36 | "deltaTime?"
37 |
38 | 0
39 | Float
40 | SuperMeatBoy.exe+0x2d6e88
41 |
42 |
43 | 4
44 | "GetTime"
45 |
46 | 0
47 | 4 Bytes
48 | 00576FB8
49 |
50 |
51 | 5
52 | "Display HUD"
53 |
54 | 0
55 | Byte
56 | supermeatboy.exe+0x1b6640
57 |
58 |
59 |
60 |
61 |
--------------------------------------------------------------------------------
/Memlocs/DarkestDungeon.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Gold"
7 | 0
8 | 4 Bytes
9 | Darkest.exe+1c20ab0
10 |
11 | 0
12 | 20
13 | 154
14 | ce4
15 |
16 |
17 |
18 | 1
19 | "Busts"
20 | 0
21 | 4 Bytes
22 | Darkest.exe+1c20ab0
23 |
24 | 48
25 | 20
26 | 154
27 | ce4
28 |
29 |
30 |
31 | 4
32 | "Portraits"
33 | 0
34 | 4 Bytes
35 | Darkest.exe+1c20ab0
36 |
37 | 90
38 | 20
39 | 154
40 | ce4
41 |
42 |
43 |
44 | 3
45 | "Deeds"
46 | 0
47 | 4 Bytes
48 | Darkest.exe+1c20ab0
49 |
50 | d8
51 | 20
52 | 154
53 | ce4
54 |
55 |
56 |
57 | 2
58 | "Crests"
59 | 0
60 | 4 Bytes
61 | Darkest.exe+1c20ab0
62 |
63 | 120
64 | 20
65 | 154
66 | ce4
67 |
68 |
69 |
70 |
71 |
72 |
--------------------------------------------------------------------------------
/Memlocs/GoW2-PS3-assembly-R3=save.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 | 929f8 - 2f830000 - cmpwi cr7,r3,0x0
4 |
5 | 929f8 - 484bf4a2 - ba 4bf4a0
6 | ------------
7 | 4bf4a0 - 3e203154 - lis r17, 0x3154
8 | 4bf4a4 - 62310b20 - ori r17,r17,0x0b20
9 | 4bf4a8 - c0f10000 - lfs f7, 0x0(r17)
10 | 4bf4ac - fce0381e - fctiwz f7,f7
11 | 4bf4b0 - 3dc00057 - lis r14, 0x0057
12 | 4bf4b4 - 61ce7628 - ori r14,r14,0x7628
13 | 4bf4b8 - 7ce077ae - stfiwx f7,0,r14
14 | ------------------R3 = Save
15 | ------------------Begin controller detect, 0x0082256b, R3 = 00000400 = Save
16 | 4bf4bc - 3dc00082 - lis r14,0x0082
17 | 4bf4c0 - 61ce256e - ori r14,256e
18 | 4bf4c4 - 89ce0000 - lbz r14,0x0(r14)
19 | 4bf4c8 - 71ce0004 - andi r14,r14,0x4
20 | 4bf4cc - 69ce0005 - xori r14,r14,0x5
21 | 4bf4d0 - 2f8e0002 - cmpwi cr7,r14,0x2
22 | 4bf4d4 - 409c0008 - bge cr7,0x004bf4dc
23 | ------------------If R3 Pressed
24 | 4bf4d8 - 480933a2 - ba 000933a0
25 | ------------------Else
26 | ------------------Begin controller detect, 0x0082256b, L3 = 00020000 = Swim Toggle
27 | 4bf4dc - 3dc00082 - lis r14,0x0082
28 | 4bf4e0 - 61ce256e - ori r14,256e
29 | 4bf4e4 - 89ce0000 - lbz r14,0x0(r14)
30 | 4bf4e8 - 71ce0002 - andi r14,r14,0x2
31 | 4bf4ec - 69ce0003 - xori r14,r14,0x3
32 | 4bf4f0 - 3e2030a1 - lis r17,30a1
33 | 4bf4f4 - 6231e4a8 - ori r17,r17,e4a8
34 | 4bf4f8 - 2f8e0002 - cmpwi cr7,r14,0x2
35 | 4bf4fc - 409c0010 - bge cr7,0x0047a91c
36 | ------------------If L3 Pressed
37 | 4bf500 - 39e00001 - li r15,0x1
38 | 4bf504 - 99f10000 - stb r15,0x0(r17)
39 | 4bf508 - 48000030 - ba 0x0047a948
40 | ------------------Else L3 not pressed
41 | 4bf50c - 89f10000 - lbz r15,0x0(r17)
42 | 4bf510 - 2f8f0000 - cmpwi cr7,r15,0x0
43 | 4bf514 - 419e0024 - beq cr7,0x004bf538
44 | ------------------If L3 not pressed and var = 1
45 | 4bf518 - 39e00000 - li r15,0x0
46 | 4bf51c - 99f10000 - stb r15,0x0(r17)
47 | 4bf520 - 3e203154 - lis r17,3154
48 | 4bf524 - 6231441a - ori r17,r17,441a
49 | 4bf528 - 89d10000 - lbz r14,0x0(r17)
50 | 4bf52c - 71ce0002 - andi r14,r14,0x2
51 | 4bf530 - 69ce0002 - xori r14,r14,0x2
52 | 4bf534 - 99d10000 - stb r14,0x0(r17)
53 | ------------------If L3 not pressed and var = 0
54 | ------------------Clean Up
55 | ---------------------------
56 | 4bf538 - 39c00000 - li r14, 0
57 | 4bf53c - 39e00000 - li r15, 0
58 | 4bf540 - 3a000000 - li r16, 0
59 | 4bf544 - 3a200000 - li r17, 0
60 | 4bf548 - 2f830000 - cmpwi cr7,r3,0x0
61 | 4bf54c - 480929fe - ba 0x000929fc
62 |
63 |
64 |
65 | 0x00577614 - Health
66 | 0x00577628 - Red Orbs
67 | 0x0082256c - Controller value
68 | 0x3154441a - Swimming
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-BCUS98111_103-Savefile.bt:
--------------------------------------------------------------------------------
1 | //------------------------------------------------
2 | //--- 010 Editor v9.0.1 Binary Template
3 | //
4 | // File:
5 | // Authors:
6 | // Version:
7 | // Purpose:
8 | // Category:
9 | // File Mask:
10 | // ID Bytes:
11 | // History:
12 | //------------------------------------------------
13 |
14 | BigEndian();
15 |
16 | //------------------------------------------------
17 | typedef struct {
18 | short size ;
19 | char sec[size];
20 | } sec ;
21 |
22 | typedef struct {
23 | char data[0x1c];
24 | } u2;
25 | typedef struct {
26 | char data[0xc];
27 | } u3;
28 |
29 | typedef struct {
30 | char CamName[0x38];
31 | char CamWad[0x38];
32 | char unk[0xA0];
33 | } cameraState;
34 | typedef struct {
35 | short secSize ;
36 | uint unk1;
37 | uint camcount;
38 | uint unk2[2];
39 | cameraState cams[camcount];
40 | } camdata ;
41 |
42 | typedef struct {
43 | int playerStateSize ;
44 | char unk1[0x30];
45 | float KratosPos[4];
46 | uint unk2[2];
47 | uint KratosStance ;
48 | char unk3[0x64];
49 | } playerState ;
50 |
51 | typedef struct {
52 | short musicStateSize ;
53 | char unk[musicStateSize];
54 | } musicState ;
55 |
56 | typedef struct {
57 | uint unk[4];
58 | uint wadNum;
59 | uint unk2[3];
60 | uint dataSize;
61 | char wadName[0x14];
62 | char data[dataSize];
63 | } wadInfoEntry;
64 | typedef struct {
65 | char unk[0x3e];
66 | char name[0x14];
67 | char unk2[0xe];
68 | } rWadInfoEntry;
69 | typedef struct {
70 | uint wadCount;
71 | wadInfoEntry wad[wadCount] ;
72 | uint rWadCount;
73 | uint unk[3];
74 | rWadInfoEntry rWad[rWadCount];
75 | } wadInfo;
76 |
77 |
78 | uint coed ;
79 |
80 | sec sec1;
81 | camdata camera;
82 | playerState player;
83 | musicState music;
84 |
85 | sec sec2;
86 | sec def ;
87 | sec sec3;
88 | sec sec4 ;
89 | sec sec5;
90 | sec sec6 ;
91 | sec sec7;
92 | sec sec8 ;
93 | sec sec9;
94 |
95 | uint unk1cnt ;
96 | uint unk2cnt ;
97 |
98 | short unk1[unk1cnt];
99 | u2 unk[unk2cnt];
100 | char unk3[0x10];
101 |
102 | uint unk4cnt ;
103 | u3 unk4[unk4cnt];
104 |
105 | float playtime ;
106 | wadInfo wadinfo ;
--------------------------------------------------------------------------------
/Memlocs/GoW2-PS3-savelocs.txt:
--------------------------------------------------------------------------------
1 | MASTER.BIN
2 | 04 - Checksum Base
3 | 08-0b - Secs Played
4 | 0e - Difficulty
5 | 0f - Bonus Play
6 |
7 | A2 - Treasures
8 | 01 - Collect 20 Cyclops Eyes
9 | A3 - Treasures
10 | 01 - Easy
11 | 02 - Normal
12 | 04 - Hard
13 | 08 - Very Hard
14 | 10 - ???
15 | 20 - ??
16 | 40 - God Ranking in Challenge Mode
17 | 80 - Titan Ranking in Challenge Mode
18 |
19 |
20 | DATA0x.BIN
21 | 0007 - Costume
22 | 0008-1b - Wad #1
23 | 001d-30- Wad #2
24 |
25 | 0076 - X Pos
26 | 007a - Height
27 | 007e - Y Pos
28 |
29 | 0090 - Swimming
30 | .
31 | 009b - Unlocked
32 | 01 - Blade of Olympus
33 | 02 - ?
34 | 04 - Urn of Gaia
35 | 08 - Urn of the Gorgons
36 | 10 - Urn of Olympus
37 | 20 - Urn of Prometheus
38 | 40 - Urn of the Fates
39 | 80 - Urn of Poseidon
40 | 009c - Unlocked
41 | 01 - ? - Is Something....
42 | 02 - Rage of the Titans
43 | 04 - Amulet of the Fates
44 | 08 - ?
45 | 10 - ?
46 | 20 - SoD
47 | 40 - Hammer
48 | 80 - Head of Euryale
49 | 009d - Unlocked
50 | 01 - PRage
51 | 02 - CRage
52 | 04 - TBane
53 | 08 - ? - Is Something.....
54 | 10 - Golden Fleece
55 | 20 - AQuake
56 | 40 - Icarus Wings
57 | 80 - ? - Is something.....
58 |
59 | 00a2 - Health
60 | 00a6 - Magic
61 | 00aa - Item Bar
62 | 00ae - Rage
63 | 00b2 - Magic Regen
64 | 00b6 - Red Orbs
65 |
66 | 00cc - Health Extensions
67 | 00cd - Magic Extensions
68 | 00ce - Item Extensions
69 | 00cf - Blades Level
70 |
71 | 00d1 - AQ Level
72 | 00d2 - CR Level
73 | 00d3 - PR Level
74 | 00d4 - TB Level
75 | 00d5 - SoD Level
76 | 00d6 - BH Level
77 | 00d7 - EH Level
78 | 00d8 - BoO Level
79 | 00d9 - Last Selected Magic
80 | 01 - PR
81 | 02 - CR
82 | 03 - TB
83 | 06 - AQ
84 | 10 - EH
85 | 00da - Active Subweapon
86 | 0e - SoD
87 | 0f - BH
88 | 11 - BoO
89 |
90 | 00db - 0 Forced Subwep equipped, 1 Blades Equipped
91 | 00dc - Gorgon Eyes
92 | 00dd - Phoenix Feathers
93 |
94 | 00e2 - Cyclops Eyes
95 |
96 | 00ed - Costume
97 |
98 | 00f6 - Camera
99 | 010e - CamWad
100 |
101 | 083e - Time Played
102 | 0842 - Frozen for cutscene
103 | 0843 - Difficulty
104 | 0844 - Infinite Health
105 | 0845 - Urn of Olympus (Infinite Magic)
106 | 0846 - Urn of Prometheus (Infinite Rage)
107 | 0847 - Urn of the Gorgons (Weapons Petrify Enemies)
108 | 0848 - Urn of Poseidon (Poseidon's Rage)
109 | 0849 - Urn of Gaia (10x red orbs)
110 | 084a - Urn of the Fates (Extend Combo Time)
111 |
112 | 084c - Bonus Play
113 |
114 | 0895 - Times Saved
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-BCUS98111_103-InfiniteJumps.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $path = "D:\Emus\PS3\dev_hdd0\game\BCUS98111\USRDIR\EBOOT.BIN"
5 |
6 |
7 |
8 |
9 | $ba = [System.IO.File]::ReadAllBytes($path)
10 | #----------------------------------------------------------------------------------
11 | Function RBytes
12 | {
13 | Param (
14 | $addr,
15 | $len
16 | )
17 | $rb = [byte[]]::new($len)
18 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $len)
19 | $rb
20 | }
21 | #----------------------------------------------------------------------------------
22 | Function RUInt32
23 | {
24 | Param (
25 | $addr
26 | )
27 | [bitconverter]::ToUInt32($ba,$addr)
28 | }
29 | #----------------------------------------------------------------------------------
30 | Function WBytes
31 | {
32 | Param (
33 | $addr,
34 | $wb
35 | )
36 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
37 | }
38 | #----------------------------------------------------------------------------------
39 | Function XorBytes
40 | {
41 | Param (
42 | [byte[]] $b1,
43 | [byte[]] $b2
44 | )
45 | $xb = [byte[]]::new($b1.count)
46 | for($i=0; $i -lt $b1.count ; $i++)
47 | {
48 | $xb[$i] = $b1[$i] -bxor $b2[$i]
49 | }
50 | $xb
51 | }
52 | #----------------------------------------------------------------------------------
53 | function ArrEq($a, $b) {
54 | -not (compare $a $b -syncwindow 0)
55 | }
56 | #----------------------------------------------------------------------------------
57 |
58 |
59 | cls
60 |
61 | [byte[]] $oldcode = 0x90, 0x1b, 0x04, 0x3c
62 | [byte[]] $newcode = 0x60, 0x00, 0x00, 0x00
63 | [byte[]] $xorcode = 0xf0, 0x1b, 0x04, 0x3c
64 | #[System.BitConverter]::ToString($newcode);
65 |
66 |
67 | $codeloc = 0xccb94 - 0xF700
68 |
69 | if ((RUInt32 0) -ne 0x00454353) {
70 | "No match, BIN still encrypted?"
71 | } else {
72 | "First 4 bytes match"
73 |
74 | $currcode = RBytes $codeloc 4
75 |
76 | if ((ArrEq $currcode $oldcode) -or (ArrEq $currcode $newcode))
77 | {
78 | if (ArrEq $currcode $oldcode) {
79 | "Patching in infinite jumps"
80 | }
81 | if (ArrEq $currcode $newcode) {
82 | "Restoring limited jumps"
83 | }
84 |
85 | [byte[]] $xb = XorBytes $currcode $xorcode
86 |
87 | WBytes $codeloc $xb
88 | [System.IO.File]::WriteAllBytes($path, $ba)
89 | "Bytes written successfully"
90 | ""
91 | pause
92 |
93 | } else {
94 | "Bytes mismatch at code location"
95 | "No changes made"
96 | ""
97 | pause
98 | }
99 | }
100 |
--------------------------------------------------------------------------------
/Memlocs/Medieval_Dynasty-GOG-2.4.0.4.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "TD_BPL -->"
7 | 1
8 | 0
9 | 8 Bytes
10 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0
11 |
12 |
13 | 1
14 | "IsDebugBuild"
15 | 1
16 | 0
17 | 8 Bytes
18 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 438
19 |
20 |
21 | 2
22 | "IsDevelopmentBuild"
23 | 1
24 | 0
25 | 8 Bytes
26 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 458
27 |
28 |
29 | 3
30 | "IsShippingBuild"
31 | 1
32 | 0
33 | 8 Bytes
34 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 4f8
35 |
36 |
37 | 4
38 | "IsTestBuild"
39 | 1
40 | 0
41 | 8 Bytes
42 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 518
43 |
44 |
45 | 5
46 | "IsWindows"
47 | 1
48 | 0
49 | 8 Bytes
50 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 538
51 |
52 |
53 | 6
54 | "IsXboxOne"
55 | 1
56 | 0
57 | 8 Bytes
58 | Medieval_Dynasty-Win64-Shipping.exe+36f0bf0 + 568
59 |
60 |
61 |
62 |
63 |
64 |
65 |
--------------------------------------------------------------------------------
/Memlocs/_rint-file.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\Emus\PS3\dev_hdd0\game\NPUA80490\USRDIR\EBOOT.BIN"
2 | $ba = [System.IO.File]::ReadAllBytes($path)
3 |
4 | $bigendian = $true
5 |
6 | ##########################################
7 | Function RBytes
8 | {
9 | Param (
10 | $addr,
11 | $len
12 | )
13 | [byte[]] $rb = [byte[]]::new($len)
14 | [System.Buffer]::BlockCopy($ba, $addr, $rb, $0, $rb.Length)
15 | $rb
16 | }
17 | ##########################################
18 | Function RUInt32
19 | {
20 | Param (
21 | $addr
22 | )
23 | [byte[]] $rb = [byte[]]::new(4)
24 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, 4)
25 | if ($bigendian) {
26 | [Array]::Reverse($rb)
27 | }
28 | [bitconverter]::ToUInt32($rb,0)
29 | }
30 | ##########################################
31 | Function WBytes
32 | {
33 | Param (
34 | $addr,
35 | $wb
36 | )
37 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
38 | }
39 | ##########################################
40 | Function WInt32
41 | {
42 | Param (
43 | $addr,
44 | [Int32]$val
45 | )
46 | $wb = [bitconverter]::GetBytes($val)
47 | if ($bigendian) {
48 | [Array]::Reverse($wb)
49 | }
50 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
51 | }
52 | ##########################################
53 | Function WSingle
54 | {
55 | Param (
56 | $addr,
57 | [float]$val
58 | )
59 | $wb = [bitconverter]::GetBytes($val)
60 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
61 | }
62 | ##########################################
63 | Function WStrA
64 | {
65 | Param (
66 | $addr,
67 | $str
68 | )
69 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
70 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
71 | }
72 | ##########################################
73 | Function WStrU
74 | {
75 | Param (
76 | $addr,
77 | $str
78 | )
79 | $i = 0
80 | foreach ($char in $str) {
81 | $wb = [System.Text.Encoding]::Unicode.GetBytes($char)
82 | if ($bigendian) {
83 | [Array]::Reverse($wb)
84 | }
85 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr + $i * $wb.length, $wb.Length)
86 | }
87 | }
88 | ##########################################
89 | Function WUInt32
90 | {
91 | Param (
92 | $addr,
93 | $val
94 | )
95 | $wb = [bitconverter]::GetBytes($val)
96 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
97 | }
98 | ##########################################
99 | Function XorBytes
100 | {
101 | Param (
102 | [byte[]] $b1,
103 | [byte[]] $b2
104 | )
105 | [byte[]] $b3 = [byte[]]::new($b1.count)
106 | for($i=0; $i -lt $b1.count ; $i++)
107 | {
108 | $b3[$i] = $b1[$i] -bxor $b2[$i]
109 | }
110 | $b3
111 | }
112 | ##########################################
113 |
--------------------------------------------------------------------------------
/Memlocs/FTL.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Fuel"
7 | 0
8 | 4 Bytes
9 | FTLGame.exe+513490
10 |
11 | ec
12 |
13 |
14 |
15 | 3
16 | "Drones"
17 | 0
18 | 4 Bytes
19 | FTLGame.exe+513490
20 |
21 | f0
22 |
23 |
24 |
25 | 2
26 | "Scrap"
27 | 0
28 | 4 Bytes
29 | FTLGame.exe+513490
30 |
31 | f4
32 |
33 |
34 |
35 | 1
36 | "Missiles"
37 | 0
38 | 4 Bytes
39 | FTLGame.exe+513490
40 |
41 | f8
42 |
43 |
44 |
45 | 4
46 | "Hull"
47 | 0
48 | 4 Bytes
49 | FTLGame.exe+513490
50 |
51 | fc
52 |
53 |
54 |
55 | 5
56 | "Beacons"
57 | 0
58 | 4 Bytes
59 | FTLGame.exe+5139B0
60 |
61 |
62 | 8
63 | "Total Scrap"
64 | 0
65 | 4 Bytes
66 | FTLGame.exe+5139D8
67 |
68 |
69 | 7
70 | "Scrap sector?"
71 | 0
72 | 4 Bytes
73 | FTLGame.exe+5139F4
74 |
75 |
76 | 6
77 | "Sector"
78 | 0
79 | 4 Bytes
80 | FTLGame.exe+513C00
81 |
82 |
83 | 9
84 | "Difficulty"
85 | 4 Bytes
86 | FTLGame.exe+513C0C
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/Memlocs/wo.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 4
6 | "xTile"
7 |
8 | 4 Bytes
9 | jfxwebkit.dll+022c3c78
10 |
11 | 35c8
12 | 1124
13 | 1b0
14 | 5e8
15 | 13ac
16 |
17 |
18 |
19 | 7
20 | "yTile"
21 |
22 | 4 Bytes
23 | jfxwebkit.dll+022c3c78
24 |
25 | 35cc
26 | 1124
27 | 1b0
28 | 5e8
29 | 13ac
30 |
31 |
32 |
33 | 0
34 | "xPos"
35 |
36 | Float
37 | "OpenAL64.dll"+0005C308
38 |
39 | C0
40 |
41 |
42 |
43 | 1
44 | "yPos"
45 |
46 | Float
47 | "OpenAL64.dll"+0005C308
48 |
49 | C8
50 |
51 |
52 |
53 | 2
54 | "Height"
55 |
56 | Float
57 | "OpenAL64.dll"+0005C308
58 |
59 | C4
60 |
61 |
62 |
63 | 3
64 | "Facing"
65 |
66 | Float
67 | "OpenAL64.dll"+0005C308
68 |
69 | 130
70 |
71 |
72 |
73 | 6
74 | "pointerscan result"
75 |
76 | 4 Bytes
77 | "jfxwebkit.dll"+01C8191C
78 |
79 | 1AC
80 | 3E8
81 | 298
82 |
83 |
84 |
85 |
86 | Info about this table:
87 |
88 |
89 |
--------------------------------------------------------------------------------
/Memlocs/EldenRing-Steam-1.3.1.0.ct:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 4
6 | "DebugFlags"
7 |
8 | 1
9 |
10 |
11 | 7
12 | "Set C3 to fix DbgDrawCrashes"
13 | 1
14 | 0
15 | Byte
16 | eldenring.exe+25EAD70
17 |
18 |
19 | 3
20 | "Player NoDead"
21 | 0
22 | Byte
23 | eldenring.exe+3c65050
24 |
25 |
26 | 2
27 | "Player Hide"
28 | 0
29 | Byte
30 | eldenring.exe+3c65058
31 |
32 |
33 | 9
34 | "Draw ChrHitboxes"
35 | 0
36 | Byte
37 | eldenring.exe+3c68eff
38 |
39 |
40 | 8
41 | "Draw Geometry"
42 | 0
43 | Byte
44 | eldenring.exe+3c689f0
45 |
46 |
47 | 6
48 | "Draw Boundary Walls"
49 | 0
50 | Byte
51 | eldenring.exe+3c68f00
52 |
53 |
54 | 0
55 | "Enable All Map PoI"
56 | 0
57 | Byte
58 | eldenring.exe+3c6b7b1
59 |
60 |
61 | 1
62 | "Display Full Map"
63 | 0
64 | Byte
65 | eldenring.exe+3c6b7b0
66 |
67 |
68 | 5
69 | "Draw Stagger Bar"
70 | 0
71 | Byte
72 | eldenring.exe+3c65048
73 |
74 | 69
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
--------------------------------------------------------------------------------
/Memlocs/SuperMeatBoy-PS-DeathCounter.txt:
--------------------------------------------------------------------------------
1 | $ErrorActionPreference= 'silentlycontinue'
2 | $procname = "SuperMeatBoy"
3 |
4 | [console]::CursorVisible = $false
5 |
6 | $Host.UI.RawUI.BackgroundColor = 'Black'
7 | $Host.UI.RawUI.ForegroundColor = 'Green'
8 |
9 | Function RBytes
10 | {
11 | Param (
12 | $addr,
13 | $sizetoread
14 | )
15 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
16 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
17 | $buff
18 | }
19 |
20 | Function RAsciiStr
21 | {
22 | Param (
23 | $addr
24 | )
25 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 30))).Split([char]0)[0]
26 | }
27 | Function RInt16
28 | {
29 | Param (
30 | $addr
31 | )
32 | [bitconverter]::ToInt16($(RBytes $addr 2),0)
33 | }
34 | Function RInt32
35 | {
36 | Param (
37 | $addr
38 | )
39 | $sizetoread = 4
40 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
41 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
42 | [bitconverter]::ToInt32($(RBytes $addr 4),0)
43 | }
44 | Function RUInt8
45 | {
46 | Param (
47 | $addr
48 | )
49 | RBytes $addr 1
50 | }
51 | Function RUInt16
52 | {
53 | Param (
54 | $addr
55 | )
56 | [bitconverter]::ToUInt16($(RBytes $addr 2),0)
57 | }
58 | Function RUInt32
59 | {
60 | Param (
61 | $addr
62 | )
63 | $sizetoread = 4
64 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
65 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
66 | [bitconverter]::ToUInt32($(RBytes $addr 4),0)
67 | }
68 | Function RSingle
69 | {
70 | Param (
71 | $addr
72 | )
73 | $sizetoread = 4
74 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
75 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
76 | [bitconverter]::ToSingle($(RBytes $addr 4),0)
77 | }
78 | $signature = @"
79 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
80 | uint h,bool b ,uint p);
81 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
82 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
83 | "@
84 |
85 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
86 | $access = 0x001F0FFF
87 |
88 |
89 | cls
90 |
91 | do {
92 | $ba = (get-Process $procname).MainModule.BaseAddress
93 | $procid = (get-Process $procname).ID
94 | $proc = $rpm::OpenProcess($access, $false, $procid)
95 |
96 | #125
97 | #$deathloc = (RUInt32 ($ba + 0x30a380)) + 0x38AC
98 |
99 | #og
100 | $deathloc = (RUInt32 ($ba + 0x2d55ac)) + 0x1c8c
101 | $deaths = RInt32 $deathloc
102 |
103 |
104 | $startdate = [datetime] "2021/11/14 14:58:00"
105 | $enddate = get-date
106 | $playtime = NEW-TIMESPAN -start $startdate -end ($enddate.ToShortDateString() + " " + $enddate.ToLongTimeString())
107 |
108 | $delta = RSingle ($ba + 0x2d6e88)
109 |
110 |
111 | [Console]::SetCursorPosition(0,0)
112 | "Total playtime: " + $playtime.Days.ToString() + "d " + $playtime.Hours.ToString().PadLeft(2, '0') + ":" + $playtime.Minutes.ToString().PadLeft(2, '0') + ":" + $playtime.Seconds.ToString().PadLeft(2, '0') + " "
113 | "Deaths: $deaths "
114 | "Frametime: $delta "
115 |
116 | sleep 0.1
117 | }
118 | while ($true)
--------------------------------------------------------------------------------
/Memlocs/Celeste-MS-PS-DeathCounter.txt:
--------------------------------------------------------------------------------
1 | $ErrorActionPreference= 'silentlycontinue'
2 | $procname = "Celeste"
3 |
4 | [console]::CursorVisible = $false
5 |
6 | $Host.UI.RawUI.BackgroundColor = 'Black'
7 | $Host.UI.RawUI.ForegroundColor = 'Green'
8 |
9 | Function RBytes
10 | {
11 | Param (
12 | $addr,
13 | $sizetoread
14 | )
15 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
16 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
17 | $buff
18 | }
19 |
20 | Function RAsciiStr
21 | {
22 | Param (
23 | $addr
24 | )
25 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 30))).Split([char]0)[0]
26 | }
27 | Function RInt16
28 | {
29 | Param (
30 | $addr
31 | )
32 | [bitconverter]::ToInt16($(RBytes $addr 2),0)
33 | }
34 | Function RInt32
35 | {
36 | Param (
37 | $addr
38 | )
39 | $sizetoread = 4
40 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
41 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
42 | [bitconverter]::ToInt32($(RBytes $addr 4),0)
43 | }
44 | Function RInt64
45 | {
46 | Param (
47 | $addr
48 | )
49 | $sizetoread = 8
50 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
51 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
52 | [bitconverter]::ToInt64($(RBytes $addr 8),0)
53 | }
54 | Function RUInt8
55 | {
56 | Param (
57 | $addr
58 | )
59 | RBytes $addr 1
60 | }
61 | Function RUInt16
62 | {
63 | Param (
64 | $addr
65 | )
66 | [bitconverter]::ToUInt16($(RBytes $addr 2),0)
67 | }
68 | Function RUInt32
69 | {
70 | Param (
71 | $addr
72 | )
73 | $sizetoread = 4
74 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
75 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
76 | [bitconverter]::ToUInt32($(RBytes $addr 4),0)
77 | }
78 | Function RUInt64
79 | {
80 | Param (
81 | $addr
82 | )
83 | $sizetoread = 8
84 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
85 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
86 | [bitconverter]::ToUInt64($(RBytes $addr 8),0)
87 | }
88 | Function RSingle
89 | {
90 | Param (
91 | $addr
92 | )
93 | $sizetoread = 4
94 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
95 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
96 | [bitconverter]::ToSingle($(RBytes $addr 4),0)
97 | }
98 | $signature = @"
99 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
100 | uint h,bool b ,uint p);
101 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
102 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
103 | "@
104 |
105 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
106 | $access = 0x001F0FFF
107 |
108 |
109 | cls
110 |
111 | do {
112 | #$ba = (get-Process $procname).MainModule.BaseAddress
113 | $procid = (get-Process $procname).ID
114 | $proc = $rpm::OpenProcess($access, $false, $procid)
115 |
116 | foreach ($mod in (get-Process $procname).Modules) {
117 | if ($mod.ModuleName -eq "Celeste.dll") {
118 | $ba = $mod.BaseAddress
119 | }
120 | }
121 |
122 |
123 | $deathloc = [IntPtr]((RInt64 ($ba.ToInt64() + 0x75bb88)) + 0x54)
124 | $deaths = RInt32 $deathloc
125 |
126 |
127 |
128 | [Console]::SetCursorPosition(0,0)
129 | "Deaths: $deaths "
130 |
131 |
132 | sleep 1
133 | }
134 | while ($true)
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-BCUS98111_103.txt:
--------------------------------------------------------------------------------
1 | D:\emus\ps3\dev_hdd0\home\00000001\savedata
2 | BCUS98111-AUTOSAVE
3 | BCUS98111-USERDATA
4 |
5 | 52b2dc
6 | +4c Red Orbs
7 |
8 |
9 | SAVEDATA
10 | +00046 UInt16 Offset to SND_
11 |
12 | +0004F Byte Camera Style related (?)
13 |
14 | +00058 0x10 RCM_ Cam Name
15 | +00168 0x10 CAM Name
16 | +001A0 0x20 WAD Name
17 |
18 | [0x46]
19 | +00048 UInt32 Msg offset?
20 |
21 | +0007C Float xPos
22 | +00080 Float yPos
23 | +00084 Float zPos
24 |
25 | +000A0 Byte Unlocks
26 | 00000001 Aphrodite's Garter
27 | 00000010 Hephaestus' Ring
28 | 00000100 Hera's Chalice
29 | 00001000 Zeus' Eagle
30 | 00010000 Daedalus' Schematics
31 | +000A1 Byte Unlocks
32 | 00000001 Nemesis Whip
33 | 00000010 Blades of Athena
34 | 00000100 Claws of Hades
35 | 00001000 Hades Helm
36 | 00010000 Helios' Shield
37 | 00100000 Hermes' Coin
38 | 01000000 Hercules' Shoulder Guard
39 | 10000000 Poseidon's Conch Shell
40 | +000A2 Byte Unlocks
41 | 00000010 Blade of Olympus (Rage)
42 | 00000100 Boots of Hermes
43 | 00001000 Poseidon's Trident
44 | 00010000 Blade of Olympus
45 | 10000000 Nemean Cestus
46 | +000A3 Byte Unlocks
47 | 00000001 Bow of Apollo
48 | 00000100 Head of Helios
49 | 00001000 Boreas Icestorm
50 | 00010000 Golden Fleece
51 | 00100000 Icarus Wings
52 |
53 | +000A8 Float Health
54 | +000AC Float Magic
55 | +000B0 Float Item
56 | +000B4 Float Rage
57 | +000B8 Float Health Regen
58 | +000BC Float Magic Regen
59 | +000C0 Float Item Regen
60 |
61 | +000C4 Float Red Orbs
62 |
63 | +000DA Byte Health Extensions (0-4)
64 | +000DB Byte Magic Extensions (0-5)
65 | +000DC Byte Item Extension (0-5)
66 | +000DD Byte Bow of Apollo Level (0-1)
67 | +000DE Byte Boots of Hermes Level (0-1)
68 | +000DF Byte Head of Helios Level (0-1)
69 | +000E0 Byte Nemean Cestus Level (0-4)
70 | +000E1 Byte Nemesis Whip Level (0-4)
71 | +000E2 Byte Blades Level (0-5)
72 | +000E3 Byte Claws of Hades Level (0-4)
73 |
74 | +000E6 Byte Selected Weapon
75 |
76 | +000E9 Byte Gorgon Eyes
77 | +000EA Byte Phoenix Feathers
78 | +000EB Byte Minotaur Horns
79 |
80 | +0048A Byte Difficulty
81 | +0048B Byte Costume
82 | 0 Kratos
83 | 1 Fear Kratos
84 | 2 Apollo
85 | 3 Morpheus Armor
86 | 4 Phantom of Chaos
87 | 5 Forgotten Warrior
88 | 6 Dominus
89 | 7 Deimos
90 | 8 Kratos
91 |
92 |
93 | +004F4 Int32 Red Orbs Collected
94 |
95 |
96 |
97 | ----------------
98 | USERDATA\SAVEDATA
99 | +0x06 Byte Unlocks
100 | 00000001 Challenge #5 Beaten
101 | 00000010 Challenge #6 Beaten
102 | 00000100 Challenge #7 Beaten
103 | +0x07 Byte Unlocks
104 | 00000001 Easy Beaten
105 | 00000010 Normal Beaten
106 | 00000100 Hard Beaten
107 | 00001000 Very Hard Beaten
108 | 00010000 Challenge #1 Beaten
109 | 00100000 Challenge #2 Beaten
110 | 01000000 Challenge #3 Beaten
111 | 10000000 Challenge #4 Beaten
112 | +0x0E Byte Music Volume (0-100)
113 | +0x0F Byte Speech Volume (0-100)
114 | +0x10 Byte SFX Volume (0-100)
115 | +0x11 Byte Cinematics Volume (0-100)
116 | +0x12 Byte Sound Mode
117 | 0 Stereo
118 | 1 Headphones
119 | 2 Dolby Pro Logic II
120 | +0x13 Byte Brightness (0-100)
121 | +0x14 Byte Screen Scale (0-100)
122 | +0x15 Byte Screen Location X (0-100)
123 | +0x16 Byte Screen Location Y (0-100)
124 | +0x17 Byte Tutorial Display (0/1/3)
125 | +0x18 Byte Subtitles
126 | +0x1A Byte Invert Flight Controls
127 | +0x1B Byte Invert Free Camera
128 |
129 | +0x1D Byte Costume
130 | 0 Kratos
131 | 1 Fear Kratos
132 |
133 | --------------
134 | Cheat Code - 10054010
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_LogoSkip.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\Emus\PS3\dev_hdd0\game\NPUB30910\USRDIR\EBOOT.BIN"
2 | $size = (Get-Item $path).length
3 |
4 | $ba = [System.IO.File]::ReadAllBytes($path)
5 | ##########################################
6 | Function RBytes
7 | {
8 | Param (
9 | $addr,
10 | $size
11 | )
12 | [byte[]] $rb = [byte[]]::new(4)
13 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $rb.Length)
14 | $rb
15 | }
16 | ##########################################
17 | Function RUInt32
18 | {
19 | Param (
20 | $addr
21 | )
22 | [bitconverter]::ToUInt32($ba,$addr)
23 | }
24 |
25 | ##########################################
26 | Function WBytes
27 | {
28 | Param (
29 | $addr,
30 | $wb
31 | )
32 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
33 | }
34 | ##########################################
35 | Function WStrA
36 | {
37 | Param (
38 | $addr,
39 | $str
40 | )
41 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
42 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
43 | }
44 | ##########################################
45 | Function WStrU
46 | {
47 | Param (
48 | $addr,
49 | $str
50 | )
51 | $wb = [System.Text.Encoding]::Unicode.GetBytes($str)
52 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
53 | }
54 | ##########################################
55 | Function WUInt32
56 | {
57 | Param (
58 | $addr,
59 | $val
60 | )
61 | $wb = [bitconverter]::GetBytes($val)
62 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
63 | }
64 | ##########################################
65 | Function XorBytes
66 | {
67 | Param (
68 | [byte[]] $b1,
69 | [byte[]] $b2
70 | )
71 | [byte[]] $b3 = [byte[]]::new($b1.count)
72 | for($i=0; $i -lt $b1.count ; $i++)
73 | {
74 | $b3[$i] = $b1[$i] -bxor $b2[$i]
75 | }
76 | $b3
77 | }
78 | ##########################################
79 | Function AreArraysEqual($a1, $a2) {
80 | if ($a1 -isnot [array] -or $a2 -isnot [array]) {
81 | throw "Both inputs must be an array"
82 | }
83 | if ($a1.Rank -ne $a2.Rank) {
84 | return $false
85 | }
86 | if ([System.Object]::ReferenceEquals($a1, $a2)) {
87 | return $true
88 | }
89 | for ($r = 0; $r -lt $a1.Rank; $r++) {
90 | if ($a1.GetLength($r) -ne $a2.GetLength($r)) {
91 | return $false
92 | }
93 | }
94 |
95 | $enum1 = $a1.GetEnumerator()
96 | $enum2 = $a2.GetEnumerator()
97 |
98 | while ($enum1.MoveNext() -and $enum2.MoveNext()) {
99 | if ($enum1.Current -ne $enum2.Current) {
100 | return $false
101 | }
102 | }
103 | return $true
104 | }
105 | ##########################################
106 |
107 |
108 | #Modify TitleStep 32 to not trigger logos
109 | cls
110 | $codeloc = 0x189b38 - 0xF700
111 | [byte[]] $newcode = 0x38, 0x80, 0x00, 0x00
112 | [byte[]] $oldcode = 0x38, 0x80, 0x00, 0x01
113 |
114 |
115 |
116 | if (AreArraysEqual(RBytes $codeloc 4) $oldcode) {
117 | "Old bytes found, patching."
118 | WBytes $codeloc $newcode
119 | [System.IO.File]::WriteAllBytes($path, $ba)
120 | "Bytes written successfully"
121 | ""
122 | pause
123 | } else {
124 | if (AreArraysEqual(RBytes $codeloc 4) $newcode) {
125 | "New bytes found, patching."
126 | WBytes $codeloc $oldcode
127 | [System.IO.File]::WriteAllBytes($path, $ba)
128 | "Bytes written successfully"
129 | ""
130 | pause
131 | } else {
132 | "Bytes not recognized, doing nothing."
133 | ""
134 | pause
135 | }
136 | }
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_LoadSysPropsFromFile.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\Emus\PS3\dev_hdd0\game\NPUB30910\USRDIR\EBOOT.BIN"
2 | $size = (Get-Item $path).length
3 |
4 | $ba = [System.IO.File]::ReadAllBytes($path)
5 | ##########################################
6 | Function RBytes
7 | {
8 | Param (
9 | $addr,
10 | $size
11 | )
12 | [byte[]] $rb = [byte[]]::new(4)
13 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $rb.Length)
14 | $rb
15 | }
16 | ##########################################
17 | Function RUInt32
18 | {
19 | Param (
20 | $addr
21 | )
22 | [bitconverter]::ToUInt32($ba,$addr)
23 | }
24 |
25 | ##########################################
26 | Function WBytes
27 | {
28 | Param (
29 | $addr,
30 | $wb
31 | )
32 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
33 | }
34 | ##########################################
35 | Function WStrA
36 | {
37 | Param (
38 | $addr,
39 | $str
40 | )
41 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
42 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
43 | }
44 | ##########################################
45 | Function WStrU
46 | {
47 | Param (
48 | $addr,
49 | $str
50 | )
51 | $wb = [System.Text.Encoding]::Unicode.GetBytes($str)
52 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
53 | }
54 | ##########################################
55 | Function WUInt32
56 | {
57 | Param (
58 | $addr,
59 | $val
60 | )
61 | $wb = [bitconverter]::GetBytes($val)
62 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
63 | }
64 | ##########################################
65 | Function XorBytes
66 | {
67 | Param (
68 | [byte[]] $b1,
69 | [byte[]] $b2
70 | )
71 | [byte[]] $b3 = [byte[]]::new($b1.count)
72 | for($i=0; $i -lt $b1.count ; $i++)
73 | {
74 | $b3[$i] = $b1[$i] -bxor $b2[$i]
75 | }
76 | $b3
77 | }
78 | ##########################################
79 | Function AreArraysEqual($a1, $a2) {
80 | if ($a1 -isnot [array] -or $a2 -isnot [array]) {
81 | throw "Both inputs must be an array"
82 | }
83 | if ($a1.Rank -ne $a2.Rank) {
84 | return $false
85 | }
86 | if ([System.Object]::ReferenceEquals($a1, $a2)) {
87 | return $true
88 | }
89 | for ($r = 0; $r -lt $a1.Rank; $r++) {
90 | if ($a1.GetLength($r) -ne $a2.GetLength($r)) {
91 | return $false
92 | }
93 | }
94 |
95 | $enum1 = $a1.GetEnumerator()
96 | $enum2 = $a2.GetEnumerator()
97 |
98 | while ($enum1.MoveNext() -and $enum2.MoveNext()) {
99 | if ($enum1.Current -ne $enum2.Current) {
100 | return $false
101 | }
102 | }
103 | return $true
104 | }
105 | ##########################################
106 |
107 |
108 | #Load loose system.properties file from system:/
109 | cls
110 | $codeloc = 0xa9ce24 - 0xF700
111 | [byte[]] $newcode = 0x38, 0x60, 0x00, 0x00
112 | [byte[]] $oldcode = 0x4b, 0x5a, 0xde, 0x35
113 |
114 |
115 |
116 | if (AreArraysEqual(RBytes $codeloc 4) $oldcode) {
117 | "Old bytes found, patching."
118 | WBytes $codeloc $newcode
119 | [System.IO.File]::WriteAllBytes($path, $ba)
120 | "Bytes written successfully"
121 | ""
122 | pause
123 | } else {
124 | if (AreArraysEqual(RBytes $codeloc 4) $newcode) {
125 | "New bytes found, patching."
126 | WBytes $codeloc $oldcode
127 | [System.IO.File]::WriteAllBytes($path, $ba)
128 | "Bytes written successfully"
129 | ""
130 | pause
131 | } else {
132 | "Bytes not recognized, doing nothing."
133 | ""
134 | pause
135 | }
136 | }
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_LoadM99Luabnd.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\Emus\PS3\dev_hdd0\game\NPUB30910\USRDIR\EBOOT.BIN"
2 | $size = (Get-Item $path).length
3 |
4 | $ba = [System.IO.File]::ReadAllBytes($path)
5 | ##########################################
6 | Function RBytes
7 | {
8 | Param (
9 | $addr,
10 | $size
11 | )
12 | [byte[]] $rb = [byte[]]::new(4)
13 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $rb.Length)
14 | $rb
15 | }
16 | ##########################################
17 | Function RUInt32
18 | {
19 | Param (
20 | $addr
21 | )
22 | [bitconverter]::ToUInt32($ba,$addr)
23 | }
24 |
25 | ##########################################
26 | Function WBytes
27 | {
28 | Param (
29 | $addr,
30 | $wb
31 | )
32 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
33 | }
34 | ##########################################
35 | Function WStrA
36 | {
37 | Param (
38 | $addr,
39 | $str
40 | )
41 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
42 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
43 | }
44 | ##########################################
45 | Function WStrU
46 | {
47 | Param (
48 | $addr,
49 | $str
50 | )
51 | $wb = [System.Text.Encoding]::Unicode.GetBytes($str)
52 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
53 | }
54 | ##########################################
55 | Function WUInt32
56 | {
57 | Param (
58 | $addr,
59 | $val
60 | )
61 | $wb = [bitconverter]::GetBytes($val)
62 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
63 | }
64 | ##########################################
65 | Function XorBytes
66 | {
67 | Param (
68 | [byte[]] $b1,
69 | [byte[]] $b2
70 | )
71 | [byte[]] $b3 = [byte[]]::new($b1.count)
72 | for($i=0; $i -lt $b1.count ; $i++)
73 | {
74 | $b3[$i] = $b1[$i] -bxor $b2[$i]
75 | }
76 | $b3
77 | }
78 | ##########################################
79 | Function AreArraysEqual($a1, $a2) {
80 | if ($a1 -isnot [array] -or $a2 -isnot [array]) {
81 | throw "Both inputs must be an array"
82 | }
83 | if ($a1.Rank -ne $a2.Rank) {
84 | return $false
85 | }
86 | if ([System.Object]::ReferenceEquals($a1, $a2)) {
87 | return $true
88 | }
89 | for ($r = 0; $r -lt $a1.Rank; $r++) {
90 | if ($a1.GetLength($r) -ne $a2.GetLength($r)) {
91 | return $false
92 | }
93 | }
94 |
95 | $enum1 = $a1.GetEnumerator()
96 | $enum2 = $a2.GetEnumerator()
97 |
98 | while ($enum1.MoveNext() -and $enum2.MoveNext()) {
99 | if ($enum1.Current -ne $enum2.Current) {
100 | return $false
101 | }
102 | }
103 | return $true
104 | }
105 | ##########################################
106 |
107 |
108 | #Allow loading of m99.luabnd
109 | cls
110 | $codeloc = 0x34e48c - 0xF700
111 | [byte[]] $newcode = 0x60, 0x00, 0x00, 0x00
112 | [byte[]] $oldcode = 0x41, 0x9e, 0x00, 0xdc
113 | [byte[]] $codexor = 0x21, 0x9e, 0x00, 0xdc
114 |
115 |
116 | if (AreArraysEqual(RBytes $codeloc 4) $oldcode) {
117 | "Old bytes found, patching."
118 | WBytes $codeloc $newcode
119 | [System.IO.File]::WriteAllBytes($path, $ba)
120 | "Bytes written successfully"
121 | ""
122 | pause
123 | } else {
124 | if (AreArraysEqual(RBytes $codeloc 4) $newcode) {
125 | "New bytes found, patching."
126 | WBytes $codeloc $oldcode
127 | [System.IO.File]::WriteAllBytes($path, $ba)
128 | "Bytes written successfully"
129 | ""
130 | pause
131 | } else {
132 | "Bytes not recognized, doing nothing."
133 | ""
134 | pause
135 | }
136 | }
--------------------------------------------------------------------------------
/Memlocs/ssbm.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Time remaining"
7 |
8 | Custom
9 | 4 Byte Big Endian
10 | 8046B6C8
11 |
12 |
13 | 1
14 | "target of 2nd hp display"
15 |
16 | Byte
17 | 804A1134
18 |
19 |
20 | 2
21 | "Timer Active"
22 |
23 | Byte
24 | 8046B6A5
25 |
26 |
27 | 3
28 | "P1 char id"
29 |
30 | Byte
31 | 803F0E0A
32 |
33 |
34 | 4
35 | "P1 color id"
36 |
37 | Byte
38 | 803F0E09
39 |
40 |
41 | 5
42 | "Match end boolean"
43 |
44 | Byte
45 | 8046B6A6
46 |
47 |
48 | 6
49 | "Match state flag?"
50 |
51 | Byte
52 | 8046B6A0
53 |
54 |
55 | 7
56 | "P3 HP"
57 |
58 | Custom
59 | 2 Byte Big Endian
60 | 804A119A
61 |
62 |
63 | 8
64 | "Camera y angle"
65 |
66 | Custom
67 | Float Big Endian
68 | 80452C80
69 |
70 |
71 | 10
72 | "Camera x angle"
73 |
74 | Custom
75 | Float Big Endian
76 | 80452C7C
77 |
78 |
79 | 11
80 | "P1 x pos"
81 |
82 | Custom
83 | Float Big Endian
84 | 80E4B990
85 |
86 |
87 | 12
88 | "p1 height"
89 |
90 | Custom
91 | Float Big Endian
92 | 80E4B994
93 |
94 |
95 |
96 |
97 |
--------------------------------------------------------------------------------
/Memlocs/GoWR-Steam-1.0.614.9211-Savefile.bt:
--------------------------------------------------------------------------------
1 | //------------------------------------------------
2 | //--- 010 Editor v9.0.1 Binary Template
3 | //
4 | // File:
5 | // Authors:
6 | // Version:
7 | // Purpose:
8 | // Category:
9 | // File Mask:
10 | // ID Bytes:
11 | // History:
12 | //------------------------------------------------
13 |
14 | LittleEndian();
15 |
16 | //------------------------------------------------
17 |
18 |
19 | typedef struct {
20 | char unkData[0x20];
21 | } firstunk ;
22 |
23 | typedef struct {
24 | uint64 modifiedTime ;
25 | uint version;
26 | uint buildChangelist;
27 | uint prefsSize ;
28 | uint saveGameSize ;
29 | uint totalSize ;
30 | uint padding;
31 |
32 | } SaveFileHeader;
33 |
34 | typedef struct {
35 | uint64 modifiedTime ;
36 | uint version ;
37 | uint buildChangeList ;
38 | char title[0x100];
39 | char debugString[0x40];
40 | uint gamePlayTime ;
41 | uint saveGameSessionId ;
42 | uint nHardSaveBytes ;
43 | uint nSoftSaveBytes ;
44 | uint nSoftPlayerStateDataBytes ;
45 | uint requiredPlayGoChunkNameHash ;
46 | uint realmMsgID;
47 | uint regionMsgID;
48 | uint questMsgID;
49 | uint questDescMsgID;
50 | uint imgID;
51 | uint serialNumber ;
52 | byte bitfield;
53 | byte puzzleAssistance;
54 | byte difficultySimplified;
55 | byte difficulty;
56 | byte systemVersion[0x3c];
57 | } SaveGameDataHeader;
58 |
59 | typedef struct {
60 | ushort mapStateSize ;
61 | byte mapState[mapStateSize];
62 | } GameMap;
63 |
64 | typedef struct {
65 | ushort progressionFactsSoftStateSize;
66 | byte progressionFacts[progressionFactsSoftStateSize];
67 | } ProgressionFactsSoftState;
68 |
69 | typedef struct {
70 | uint questSoftStateSize ;
71 | byte questData[questSoftStateSize];
72 | } questSoftState;
73 |
74 | typedef struct {
75 | ushort equipmentSaveSize ;
76 | byte equipmentData[equipmentSaveSize];
77 | } equipmentStateData;
78 |
79 | typedef struct {
80 | uint resourcesSoftStateSize ;
81 | byte resourcesData[resourcesSoftStateSize];
82 | } resourcesStateData;
83 |
84 | typedef struct {
85 | ushort lootSaveSize ;
86 | byte lootData[lootSaveSize];
87 | } lootManagerStateData;
88 |
89 | typedef struct {
90 | ushort skillTreeStateSize ;
91 | byte skillTreeData[skillTreeStateSize];
92 | } skillTreeStateData;
93 |
94 | typedef struct {
95 | uint encounterSoftStateSize ;
96 | byte encounterSoftStateVersion;
97 | byte encounterStateData[encounterSoftStateSize];
98 | } encounterSoftStateData;
99 |
100 | typedef struct {
101 | byte size ;
102 | byte data[size];
103 | } generic8;
104 | typedef struct {
105 | ushort size ;
106 | byte data[size];
107 | } generic16;
108 | typedef struct {
109 | uint size ;
110 | byte data[size];
111 | } generic32;
112 |
113 |
114 | SaveFileHeader sfh;
115 | firstunk unkdata;
116 | SaveGameDataHeader sgdh;
117 | FSeek(0x440); GameMap mapState;
118 | ProgressionFactsSoftState progression;
119 | questSoftState quest;
120 | equipmentStateData equipment;
121 | resourcesStateData resources;
122 | lootManagerStateData loot;
123 | skillTreeStateData skillTree;
124 |
125 | generic16 partySoftStateSize;
126 | generic16 compassStateSize;
127 | encounterSoftStateData encounter;
128 | generic32 levelScriptingSoftSave;
129 | generic16 banter;
130 |
131 |
132 | uint end;
--------------------------------------------------------------------------------
/Memlocs/GOWA-PS3-savelocs.txt:
--------------------------------------------------------------------------------
1 | System
2 | -----
3 | 17 - Difficulties Beaten
4 | - 1 = Easy
5 | - 2 = Normal
6 | - 4 = Hard
7 | - 8 = Very Hard
8 | 1A - Artifacts
9 | - 01 = Statue Worker's Idol (Increased stun)
10 | - 02 = AntiKythera Mechanism (HP Drain)
11 | - 04 = ????
12 | 1B - Artifacts
13 | - 01 = Prisoner's Oath Stone (Inf Rage)
14 | - 02 = Circe's Vial (3x combo time)
15 | - 04 = Oracle Seeker's Offering (10x red orbs)
16 | - 08 = Aletheia's Charm (66% damage)
17 | - 10 = Boat Captain's Idol (Inf Magic)
18 | - 20 = Orkos' Cloak (HP Regen)
19 | - 40 = StoneMason's Chisel (Reduced Cooldown)
20 | - 80 = Archimedes' Treatise (Win QTEs)
21 | 1C - Game Text
22 | - 1 = English
23 | - 2 = French
24 | - 3 = Portugese
25 | - 4 = Spanish
26 | 1D - Speech Text
27 | - 1 = English
28 | - 2 = French
29 | - 3 = Portugese
30 | - 4 = Spanish
31 | 1E - Music Volume (0-255)
32 | 1F - Speech Volume (0-255)
33 | 20 - SFX Volume (0-255)
34 | 21 - Cinematic Volume (0-255)
35 | 22 - Sound Mode
36 | - 0 = Stereo
37 | - 1 = Headphones
38 | - 2 = Dolby Pro Logic II
39 | 23 - Brightness (0-100)
40 | 24 - Screen Scale (0-100)
41 | 25 - Screen Location X (0-100)
42 | 26 - Screen Location y (0-100)
43 | 27 - Tutorial Display
44 | - 02 = On
45 | 28 - Show Subtitles
46 |
47 |
48 | Profdata
49 | ----
50 |
51 | 00000324 - Start, search for value
52 |
53 | +0C = Current HP (Float Value)
54 | +14 = Current Magic (Float Value)
55 | +18 = ? Unknown Float ?
56 | +24 = Current Rage
57 |
58 | +30 = Red Orbs (Float Value)
59 | +34 = Artifacts?
60 | +35 = Artifacts?
61 | +38 = X co-ord
62 | +3C = Height
63 | +40 = Y co-rd
64 | +61 = Swimming (50 = Yes, 8 = No)
65 | +DB = Blades Level
66 | +E3 = Orbs spent on Blades
67 | +E7 - (Next inventory item)
68 |
69 | +EB = Lightning of Zeus Level
70 | +EC = Lightning of Zeus Unlocked
71 | +F3 = Orbs spent on Lightning
72 | +FB = Fire of Ares Level
73 | +FC = Fire of Ares Unlocked
74 | +10C = Ice of Poseidon Unlocked
75 | +11C = Soul of Hades Unlocked
76 | +112 = Lightning Red Orbs Spent
77 | +2D7 = Item count?
78 |
79 |
80 |
81 |
82 |
83 |
84 | 2C04FF00 - 2nd offset
85 | +14 = Difficulty
86 | +18 = NG+
87 |
88 |
89 |
90 | 0BOC
91 | 4Lightning
92 | 5Fire
93 | 6Ice
94 | 7Soul
95 | A?
96 | B?
97 | C?
98 | B?
99 | 4E?
100 | 4F?
101 |
102 | 01 01 00 00 00 00 00 00 00 00 00 04 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 08 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 0B 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 20 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 23 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 40 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 41 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 8E 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 91 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 93 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 95 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 93 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 95 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
103 |
104 |
105 |
106 | 3d09e30 - Kratos Health
107 |
108 | 5b09cdd - Kratos Red Orbs - derived,dec
109 | 5b09e30 - Kratos Health - derived,Float
110 |
111 | 994ffb4 - Kratos Speed - Float
112 | 994ffd4 - Kratos Health - Float
113 |
114 | 9953f04 - start of checkpoint?
115 |
116 | 5b6dd28 - Kratos Red Orbs - Float
117 | d56dd28 - Kratos Red Orbs
118 |
119 |
120 | f146300 - Creature HP
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS3-NPUA80490_101-UnlockCam.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $path = "D:\Wherever\PS3\dev_hdd0\game\NPUA80490\USRDIR\EBOOT.BIN"
5 |
6 |
7 |
8 | $ba = [System.IO.File]::ReadAllBytes($path)
9 | #----------------------------------------------------------------------------------
10 | Function RUInt32
11 | {
12 | Param (
13 | $addr
14 | )
15 | [bitconverter]::ToUInt32($ba,$addr)
16 | }
17 | #----------------------------------------------------------------------------------
18 | Function WBytes
19 | {
20 | Param (
21 | $addr,
22 | $wb
23 | )
24 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
25 | }
26 | #----------------------------------------------------------------------------------
27 |
28 |
29 | [byte[]] $hookjump = 0x48, 0x4b, 0xc8, 0x02
30 | [byte[]] $newcode = 0x3e, 0x00, 0x00, 0x54, 0x62, 0x10, 0xce, 0x2c, 0x82, 0x10, 0x00, 0x00, 0x2f, 0x90, 0x00, 0x00, 0x41, 0x9e, 0x00, 0x90, 0x3e, 0x20, 0x00, 0x54, 0x62, 0x31, 0xce, 0x28, 0x3d, 0xc0, 0x00, 0x6e, 0x61, 0xce, 0x34, 0xd2, 0x89, 0xce, 0x00, 0x00, 0x71, 0xcf, 0x00, 0x04, 0x2f, 0x8f, 0x00, 0x04, 0x41, 0x9e, 0x00, 0x28, 0x71, 0xcf, 0x00, 0x02, 0x2f, 0x8f, 0x00, 0x02, 0x41, 0x9e, 0x00, 0x44, 0x89, 0xf1, 0x00, 0x00, 0x2f, 0x8f, 0x00, 0x00, 0x41, 0x9e, 0x00, 0x58, 0x39, 0xe0, 0x00, 0x00, 0x99, 0xf1, 0x00, 0x00, 0x48, 0x00, 0x00, 0x4c, 0x89, 0xf1, 0x00, 0x00, 0x2f, 0x8f, 0x00, 0x01, 0x41, 0x9e, 0x00, 0x40, 0x39, 0xe0, 0x00, 0x01, 0x99, 0xf1, 0x00, 0x00, 0x89, 0xf0, 0x00, 0x05, 0x71, 0xef, 0x00, 0x01, 0x69, 0xef, 0x00, 0x01, 0x99, 0xf0, 0x00, 0x05, 0x48, 0x00, 0x00, 0x24, 0x89, 0xf1, 0x00, 0x00, 0x2f, 0x8f, 0x00, 0x01, 0x41, 0x9e, 0x00, 0x18, 0x39, 0xe0, 0x00, 0x01, 0x99, 0xf1, 0x00, 0x00, 0x89, 0xf0, 0x00, 0x03, 0x69, 0xef, 0x00, 0x01, 0x99, 0xf0, 0x00, 0x03, 0x39, 0xc0, 0x00, 0x00, 0x39, 0xe0, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x3a, 0x20, 0x00, 0x00, 0x4e, 0x80, 0x00, 0x20
31 |
32 | cls
33 |
34 | if ((RUInt32 0) -ne 0x00454353) {
35 | "No match, BIN still encrypted?"
36 | } else {
37 | "First 4 bytes match"
38 |
39 | if ((RUint32 (0x0a6e58 - 0xF700)) -eq 0x2000804e) {
40 | "Hook location found"
41 | WBytes (0x0a6e58 -0xF700) $hookjump
42 | WBytes (0x4bc800 -0xF700) $newcode
43 | [System.IO.File]::WriteAllBytes($path, $ba)
44 | "Bytes written successfully"
45 | ""
46 | pause
47 | } else {
48 | ""
49 | "Hook location not as expected. Wrong version, or already patched?"
50 | ""
51 | pause
52 | }
53 | }
54 |
55 |
56 |
57 | <# Assembly for newcode, usable with https://shell-storm.org/online/Online-Assembler-and-Disassembler/
58 |
59 | start:
60 | lis 16,0x0054
61 | ori 16,16,0xce2c
62 | lwz 16,0x0(16)
63 | cmpwi cr7,16,0x0
64 | beq cr7,cleanup
65 |
66 | camnull:
67 | lis 17,0x0054
68 | ori 17,17,0xce28
69 | lis 14,0x006e
70 | ori 14,14,0x34d2
71 | lbz 14,0x0(14)
72 | andi. 15,14,0x4
73 | cmpwi cr7,15,0x4
74 | beq cr7, rpress
75 |
76 | rnopress:
77 | andi. 15,14,0x2
78 | cmpwi cr7,15,0x2
79 | beq cr7, lpress
80 |
81 | rlnopress:
82 | lbz 15,0x0(17)
83 | cmpwi cr7,15,0x0
84 | beq cr7, cleanup
85 |
86 | rlnopressprevone:
87 | li 15,0x0
88 | stb 15,0x0(17)
89 | b cleanup
90 |
91 | rpress:
92 | lbz 15,0x0(17)
93 | cmpwi cr7,15,0x1
94 | beq cr7, cleanup
95 |
96 | li 15,0x1
97 | stb 15,0x0(17)
98 | lbz 15,0x5(16)
99 | andi. 15,15,0x1
100 | xori 15,15,0x1
101 | stb 15,0x5(16)
102 | b cleanup
103 |
104 | lpress:
105 | lbz 15,0x0(17)
106 | cmpwi cr7,15,0x1
107 | beq cr7, cleanup
108 |
109 | li 15,0x1
110 | stb 15,0x0(17)
111 | lbz 15,0x3(16)
112 | xori 15,15,0x1
113 | stb 15,0x3(16)
114 |
115 | cleanup:
116 | li 14, 0
117 | li 15, 0
118 | li 16, 0
119 | li 17, 0
120 | blr
121 |
122 | #>
123 |
124 |
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-BCUS98111_103-RPCS3SaveDumper.txt:
--------------------------------------------------------------------------------
1 | $savepath = 'D:\temp\gow\GoW3-Saves\'
2 |
3 |
4 | $procname = "rpcs3"
5 | $bigendian = $true
6 |
7 |
8 | [console]::CursorVisible = $false
9 | $Host.UI.RawUI.BackgroundColor = 'Black'
10 | $Host.UI.RawUI.ForegroundColor = 'Green'
11 |
12 | Function RBytes
13 | {
14 | Param (
15 | $addr,
16 | $sizetoread
17 | )
18 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
19 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
20 | $buff
21 | }
22 |
23 | Function RAsciiStr
24 | {
25 | Param (
26 | $addr
27 | )
28 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 30))).Split([char]0)[0]
29 | }
30 | Function RInt16
31 | {
32 | Param (
33 | $addr
34 | )
35 | $buff = RBytes $addr 2
36 | if ($bigendian -eq $true) {
37 | [Array]::Reverse($buff)
38 | }
39 | [bitconverter]::ToInt16($buff,0)
40 | }
41 | Function RInt32
42 | {
43 | Param (
44 | $addr
45 | )
46 | $buff = RBytes $addr 4
47 | if ($bigendian -eq $true) {
48 | [Array]::Reverse($buff)
49 | }
50 | [bitconverter]::ToInt32($buff,0)
51 | }
52 | Function RInt64
53 | {
54 | Param (
55 | $addr
56 | )
57 | $buff = RBytes $addr 8
58 | if ($bigendian -eq $true) {
59 | [Array]::Reverse($buff)
60 | }
61 | [bitconverter]::ToInt64($buff,0)
62 | }
63 | Function RUInt8
64 | {
65 | Param (
66 | $addr
67 | )
68 | RBytes $addr 1
69 | }
70 | Function RUInt16
71 | {
72 | Param (
73 | $addr
74 | )
75 | $buff = RBytes $addr 2
76 | if ($bigendian -eq $true) {
77 | [Array]::Reverse($buff)
78 | }
79 | [bitconverter]::ToUInt16($buff,0)
80 | }
81 | Function RUInt32
82 | {
83 | Param (
84 | $addr
85 | )
86 | $buff = RBytes $addr 4
87 | if ($bigendian -eq $true) {
88 | [Array]::Reverse($buff)
89 | }
90 | [bitconverter]::ToUInt32($buff,0)
91 | }
92 | Function RUInt64
93 | {
94 | Param (
95 | $addr
96 | )
97 | $buff = RBytes $addr 8
98 | if ($bigendian -eq $true) {
99 | [Array]::Reverse($buff)
100 | }
101 | [bitconverter]::ToUInt64($buff,0)
102 | }
103 | Function RSingle
104 | {
105 | Param (
106 | $addr
107 | )
108 | $buff = RBytes $addr 4
109 | if ($bigendian -eq $true) {
110 | [Array]::Reverse($buff)
111 | }
112 | [bitconverter]::ToSingle($buff,0)
113 | }
114 | $signature = @"
115 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
116 | uint h,bool b ,uint p);
117 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
118 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
119 | "@
120 |
121 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
122 | $access = 0x001F0FFF
123 |
124 | $ba = (get-Process $procname).MainModule.BaseAddress
125 | $procid = (get-Process $procname).ID
126 | $proc = $rpm::OpenProcess($access, $false, $procid)
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 | $prevcam = ""
135 | $currcam = ""
136 | $wad = ""
137 | [String]$path = ""
138 |
139 |
140 | $cpoffset = 0
141 |
142 | do {
143 | $cpoffset = RInt32 0x300568e00
144 | $cpoffset = $cpoffset + 0x300000000
145 | $currcam = RAsciiStr ($cpoffset + 0x58)
146 | $wad = RAsciiStr ($cpoffset + 0x90)
147 |
148 | if ($prevcam -ne $currcam) {
149 | $prevcam = $currcam
150 |
151 |
152 |
153 | $path = Get-Date -Format "yyyyddMMHHmmss"
154 | $path = $savepath + $path + "_" + $wad
155 |
156 | $ba = RBytes $cpoffset 0x24000
157 | [io.file]::WriteAllBytes($path, $ba)
158 | }
159 |
160 | cls
161 | "currCAM: " + $currcam
162 | "currWAD: " + $wad
163 | sleep 1
164 | }
165 | while ($true)
166 |
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS3-NPUA80490_101-RPCS3SaveDumper.txt:
--------------------------------------------------------------------------------
1 | $savepath = 'D:\temp\gow\GoW1-Saves\'
2 |
3 |
4 | $procname = "rpcs3"
5 | $bigendian = $true
6 |
7 |
8 | [console]::CursorVisible = $false
9 | $Host.UI.RawUI.BackgroundColor = 'Black'
10 | $Host.UI.RawUI.ForegroundColor = 'Green'
11 |
12 | Function RBytes
13 | {
14 | Param (
15 | $addr,
16 | $sizetoread
17 | )
18 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
19 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
20 | $buff
21 | }
22 |
23 | Function RAsciiStr
24 | {
25 | Param (
26 | $addr
27 | )
28 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 30))).Split([char]0)[0]
29 | }
30 | Function RInt16
31 | {
32 | Param (
33 | $addr
34 | )
35 | $buff = RBytes $addr 2
36 | if ($bigendian -eq $true) {
37 | [Array]::Reverse($buff)
38 | }
39 | [bitconverter]::ToInt16($buff,0)
40 | }
41 | Function RInt32
42 | {
43 | Param (
44 | $addr
45 | )
46 | $buff = RBytes $addr 4
47 | if ($bigendian -eq $true) {
48 | [Array]::Reverse($buff)
49 | }
50 | [bitconverter]::ToInt32($buff,0)
51 | }
52 | Function RInt64
53 | {
54 | Param (
55 | $addr
56 | )
57 | $buff = RBytes $addr 8
58 | if ($bigendian -eq $true) {
59 | [Array]::Reverse($buff)
60 | }
61 | [bitconverter]::ToInt64($buff,0)
62 | }
63 | Function RUInt8
64 | {
65 | Param (
66 | $addr
67 | )
68 | RBytes $addr 1
69 | }
70 | Function RUInt16
71 | {
72 | Param (
73 | $addr
74 | )
75 | $buff = RBytes $addr 2
76 | if ($bigendian -eq $true) {
77 | [Array]::Reverse($buff)
78 | }
79 | [bitconverter]::ToUInt16($buff,0)
80 | }
81 | Function RUInt32
82 | {
83 | Param (
84 | $addr
85 | )
86 | $buff = RBytes $addr 4
87 | if ($bigendian -eq $true) {
88 | [Array]::Reverse($buff)
89 | }
90 | [bitconverter]::ToUInt32($buff,0)
91 | }
92 | Function RUInt64
93 | {
94 | Param (
95 | $addr
96 | )
97 | $buff = RBytes $addr 8
98 | if ($bigendian -eq $true) {
99 | [Array]::Reverse($buff)
100 | }
101 | [bitconverter]::ToUInt64($buff,0)
102 | }
103 | Function RSingle
104 | {
105 | Param (
106 | $addr
107 | )
108 | $buff = RBytes $addr 4
109 | if ($bigendian -eq $true) {
110 | [Array]::Reverse($buff)
111 | }
112 | [bitconverter]::ToSingle($buff,0)
113 | }
114 | $signature = @"
115 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
116 | uint h,bool b ,uint p);
117 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
118 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
119 | "@
120 |
121 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
122 | $access = 0x001F0FFF
123 |
124 | $ba = (get-Process $procname).MainModule.BaseAddress
125 | $procid = (get-Process $procname).ID
126 | $proc = $rpm::OpenProcess($access, $false, $procid)
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 | $prevcam = ""
135 | $currcam = ""
136 | $wad = ""
137 | [String]$path = ""
138 |
139 |
140 | $cpoffset = 0
141 |
142 | do {
143 | $cpoffset = RInt32 0x3004fd268
144 | $cpoffset = $cpoffset + 0x300000000
145 | $currcam = RAsciiStr ($cpoffset + 0xae)
146 | $wad = RAsciiStr ($cpoffset + 0xc6)
147 |
148 | if ($prevcam -ne $currcam) {
149 | $prevcam = $currcam
150 |
151 |
152 |
153 | $path = Get-Date -Format "yyyyddMMHHmmss"
154 | $path = $savepath + $path + "_" + $wad + "_" + $currcam
155 |
156 | $ba = RBytes $cpoffset 0x14000
157 | [io.file]::WriteAllBytes($path, $ba)
158 | }
159 |
160 | cls
161 | "currCAM: " + $currcam
162 | "currWAD: " + $wad
163 | sleep 1
164 | }
165 | while ($true)
166 |
--------------------------------------------------------------------------------
/Memlocs/GoW2-PS3-memlocs.txt:
--------------------------------------------------------------------------------
1 | GoW2-memlocs
2 | Live Data:
3 | 53a084 - Camera Angle?
4 | 53a758 - HUD visible?
5 |
6 | 5761f4 - TOC pointer (307e2ac8)
7 |
8 | 576758 - 01 = Stop everything.
9 |
10 | 576768 - Playtime
11 |
12 | 576773 - Urn of Olympus (Infinite Magic)
13 | 576777 - Urn of Prometheus (Infinite Rage)
14 | 57677b - Urn of the Gorgons (Weapons Petrify Enemies)
15 | 57677f - Urn of Poseidon (Poseidon's Rage)
16 | 576783 - Urn of Gaia (10x red orbs)
17 | 576787 - Urn of the Fates (Extend Combo Time)
18 |
19 | 57678b - ??
20 | 57678f - Bonus Play
21 |
22 | 57760d - Unlocked Spells
23 | 01 - Blade of Olympus
24 | 02 - ?
25 | 04 - Urn of Gaia
26 | 08 - Urn of the Gorgons
27 | 10 - Urn of Olympus
28 | 20 - Urn of Prometheus
29 | 40 - Urn of the Fates
30 | 80 - Urn of Poseidon
31 | 57760e - Unlocked Spells
32 | 01 - ?
33 | 02 - Rage of the Titans
34 | 04 - Amulet of the Fates
35 | 08 - ?
36 | 10 - ?
37 | 20 - SoD
38 | 40 - Hammer
39 | 80 - Head of Euryale
40 | 57760f - Unlocked Spells
41 | 01 - PRage
42 | 02 - CRage
43 | 04 - TBane
44 | 08 - ?
45 | 10 - Golden Fleece
46 | 20 - AQuake
47 | 40 - Icarus Wings
48 | 80 - ?
49 |
50 |
51 | 577618 - Magic Remaining
52 | 577620 - Rage Remaining
53 | 577624 - Magic Regen
54 | 57762a - Red Orbs
55 |
56 | 577646 - TB Level
57 |
58 | 577de8 - UI State
59 | 577e2f - 1 = Controller Removed
60 | 577e57 - 1 = Challenge Select Menu
61 | 577e5f - 1 = Arena of the Fates
62 | 577e6c - 1 = Screen turns white
63 |
64 |
65 | 57815b - Treasures (OR'd with 57830b)
66 | 57830b - Treasures (OR'd with 57815b)
67 |
68 | 307fef18 - Various menu status
69 |
70 | 31540b1a - Swimming
71 | 31540b20 - Kratos HP
72 |
73 | 31544410 - Kratos Size
74 | 31544414 - Kratos Speed
75 | 3154441a - Swimming
76 |
77 | 31544420 - Health Remaining
78 | 31544430 - Health Regen
79 |
80 | 31545170 - Health Remaining
81 |
82 | 37f79708 - Controller input?
83 |
84 |
85 | Checkpoint Data:
86 | 581095 - Unlocked Spells
87 | 581096 - Unlocked Spells
88 | 581097 - Unlocked Spells
89 |
90 | 581846 - Infinite Health
91 | 58184e - Bonus Play
92 |
93 | 581920 - Checksum modifier
94 | 581927 - Costume
95 | 581928 - Wad #1
96 | 58193d - Wad #2
97 |
98 | 581996 - X Pos
99 | 58199a - Z Pos
100 | 58199e - Y Pos
101 |
102 | 5819b0 - Swimming
103 | 5819bb - Urns Unlocked
104 | 5819bc - Weapons Unlocked
105 | 5819bd - Spells Unlocked
106 |
107 | 5819c2 - Health Remaining
108 | 5819c6 - Magic Remaining
109 | 5819ca - Amulet?
110 | 5819ce - Rage?
111 | 5819d2 - Magic Regen
112 | 5819d6 - Red Orbs
113 | 5819ec - Health Extensions
114 | 5819ed - Magic Extensions
115 | 5819ee - Amulet Extensions
116 | 5819ef - Blades Level
117 |
118 | 5819f1 - AQ Level
119 | 5819f2 - CR Level
120 | 5819f3 - PR Level
121 | 5819f4 - TB Level
122 | 5819f5 - SoD Level
123 | 5819f6 - BH Level
124 | 5819f7 - EH Level
125 | 5819f8 - BoO Level
126 | 5819f9 - Last Selected Magic
127 | 5819fa - Active Subweapon
128 | 5819fb - 0 Forced Subwep Equipped
129 | 5819fc - Gorgon Eyes
130 | 5819fd - Phoenix Feathers
131 |
132 | 581a02 - Cyclops Eye
133 |
134 | 582162 - Kratos Frozen
135 | 582163 - Difficulty
136 |
137 |
138 | 58b923 - Save Point name?
139 |
140 | 82256c - Controller?
141 |
142 |
143 | 307e2ac8 - TOC start
144 | +0x0c8 - MTemplate_Opacity
145 | +0x208 - SpecialLevel
146 | +0x20c - Urns Available
147 | +0x210 - Cheat (Undetermined effect)
148 | +0x214 - Demo
149 | +0x21c - EnableButtons (In menu)
150 | +0x2a0 - FreeCombat_InfiniteHealth
151 | +0x2a4 - FreeCombat_InfiniteMagic
152 |
153 | Code Modification:
154 | Inf Jumps
155 | 99dd0 - 9008016c
156 | 99e00 - 90080168
157 | 99fec - 901e0168
158 | a1430 - 80090000
159 | a3dec - 83c90000
160 | a3fac - 911d016c
--------------------------------------------------------------------------------
/Memlocs/JumpKing-PS-Counters.txt:
--------------------------------------------------------------------------------
1 | #$ErrorActionPreference= 'silentlycontinue'
2 |
3 |
4 | [console]::CursorVisible = $false
5 |
6 | $Host.UI.RawUI.BackgroundColor = 'Black'
7 | $Host.UI.RawUI.ForegroundColor = 'Green'
8 |
9 |
10 | $mmf = [System.IO.MemoryMappedFiles.MemoryMappedFile]::CreateOrOpen("JKTP", 0x1000)
11 | $mmfa = $mmf.CreateViewAccessor()
12 |
13 |
14 |
15 |
16 |
17 | cls
18 |
19 | do {
20 |
21 |
22 | $jumps = $mmfa.ReadInt32(0x10)
23 | $falls = $mmfa.ReadInt32(0x20)
24 | $ticks = $mmfa.ReadInt32(0x30)
25 |
26 | $seconds = ([string][Math]::Floor((($ticks % 3600) / 60))).PadLeft(2,'0')
27 | $minutes = ([string][Math]::Floor((($ticks % 216000) / 3600))).PadLeft(2,'0')
28 | $hours = ([string][Math]::Floor((($ticks % 5184000) / 216000))).PadLeft(2,'0')
29 | $days = [string][Math]::Floor(($ticks / 5184000))
30 |
31 | $x = $mmfa.ReadSingle(0x40)
32 | $y = $mmfa.ReadSingle(0x50)
33 | $screen = $mmfa.ReadInt32(0x60)
34 |
35 | [Console]::SetCursorPosition(0,0)
36 | "Jumps: $jumps "
37 | "Falls: $falls "
38 | "Time played: " + $days + "d " + $hours + ":" + $minutes + ":" + $seconds + " "
39 | "Screen: $screen "
40 | "Pos: $x, $y "
41 | sleep 0.5
42 | }
43 | while ($true)
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 | <#
66 |
67 | Uses the following modification to the game:
68 |
69 | In JumpKing.Player
70 | public int m_last_screen;
71 |
72 |
73 | ----
74 |
75 |
76 |
77 | using System;
78 | using System.IO.MemoryMappedFiles;
79 | using BehaviorTree;
80 | using EntityComponent;
81 | using JumpKing.Controller;
82 | using JumpKing.GameManager;
83 | using JumpKing.GameManager.MultiEnding;
84 | using JumpKing.GameManager.TitleScreen;
85 | using JumpKing.Level;
86 | using JumpKing.MiscSystems;
87 | using JumpKing.MiscSystems.Achievements;
88 | using JumpKing.PauseMenu;
89 | using JumpKing.Player;
90 | using Microsoft.Xna.Framework;
91 | using TimerCallback;
92 |
93 | namespace JumpKing
94 | {
95 | // Token: 0x02000020 RID: 32
96 | public partial class JumpGame
97 | {
98 | // Token: 0x060000A7 RID: 167
99 | public void Update(GameTime gameTime)
100 | {
101 | float p_delta = 0.0166666675f;
102 | this.m_controller_manager.Update();
103 | this.m_behavior_tree.Run(p_delta);
104 | if (PauseManager.instance == null || !PauseManager.instance.IsPaused)
105 | {
106 | LevelManager.Update(p_delta);
107 | this.m_entity_manager.Update(p_delta);
108 | WeatherManager.instance.Update(p_delta);
109 | JumpGame._screen_shake_manager.Update(p_delta);
110 | }
111 | long offset = 0L;
112 | long size = 4096L;
113 | using (MemoryMappedFile memoryMappedFile = MemoryMappedFile.CreateOrOpen("JKTP", 4096L))
114 | {
115 | using (MemoryMappedViewAccessor memoryMappedViewAccessor = memoryMappedFile.CreateViewAccessor(offset, size))
116 | {
117 | memoryMappedViewAccessor.Write(16L, AchievementManager.instance.GetAllTimeStats().jumps);
118 | memoryMappedViewAccessor.Write(32L, AchievementManager.instance.GetAllTimeStats().falls);
119 | memoryMappedViewAccessor.Write(48L, AchievementManager.instance.GetAllTimeStats()._ticks);
120 | if (GameLoop.m_player != null)
121 | {
122 | BodyComp component = GameLoop.m_player.GetComponent();
123 | memoryMappedViewAccessor.Write(64L, component.position.X);
124 | memoryMappedViewAccessor.Write(80L, component.position.Y);
125 | memoryMappedViewAccessor.Write(96L, component.m_last_screen);
126 | }
127 | }
128 | }
129 | }
130 | }
131 | }
132 |
133 |
134 | #>
--------------------------------------------------------------------------------
/Memlocs/gow.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 9
6 | "Options"
7 |
8 |
9 | 1
10 |
11 |
12 | 6
13 | "Wide Screen"
14 |
15 | Byte
16 | 2076D8A4
17 |
18 |
19 | 7
20 | "Progressive Scan"
21 |
22 | Byte
23 | 2076D8A8
24 |
25 |
26 | 5
27 | "Soften"
28 |
29 | Byte
30 | 2076D8AC
31 |
32 |
33 | 3
34 | "Music Volume"
35 |
36 | Byte
37 | 2076D898
38 |
39 |
40 | 4
41 | "SFX Volume"
42 |
43 | Byte
44 | 2076D89C
45 |
46 |
47 | 8
48 | "Sound Mode"
49 |
50 | Byte
51 | 2076D8B0
52 |
53 |
54 | 2
55 | "Vibration"
56 |
57 | 1
58 | Byte
59 | 202A11C0
60 |
61 |
62 |
63 |
64 | 1
65 | "HP"
66 |
67 | Float
68 | 20795978
69 |
70 |
71 | 10
72 | "Freeze FX?"
73 |
74 | Byte
75 | 2029C0B8
76 |
77 |
78 | 11
79 | "Freeze AI?"
80 |
81 | Byte
82 | 205780D4
83 |
84 |
85 | 12
86 | "GameState?"
87 |
88 | Byte
89 | 2029E561
90 |
91 |
92 | 13
93 | "Current Menu Item"
94 |
95 | Byte
96 | 20781090
97 |
98 |
99 |
100 |
101 |
--------------------------------------------------------------------------------
/Memlocs/KingdomCome-MS-1.9.4.0.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 2
6 | "Enable Console Cheats"
7 | 0
8 | Byte
9 | WHGame.DLL+0x298ef40
10 |
11 | 0x512
12 |
13 |
14 |
15 | 0
16 | "Enable console commands"
17 | 0
18 | Byte
19 | WHGame.DLL+298ef28
20 |
21 | 1de
22 |
23 |
24 |
25 | 1
26 | "Editor mode?"
27 | 0
28 | Byte
29 | WHGame.DLL+298F112
30 |
31 |
32 | 4
33 | "----"
34 |
35 | 1
36 |
37 |
38 | 8
39 | "CActionGame"
40 | 1
41 | 0
42 | 8 Bytes
43 | WHGame.DLL+2f57a48
44 |
45 | 0
46 |
47 |
48 |
49 | 10
50 | "CCryAction"
51 | 1
52 | 0
53 | 8 Bytes
54 | WHGame.DLL+2f57a90
55 |
56 |
57 | 5
58 | "CLog"
59 | 1
60 | 0
61 | 8 Bytes
62 | WHGame.DLL+0x298ef58
63 |
64 | 0
65 |
66 |
67 |
68 | 9
69 | "CPlayer"
70 | 1
71 | 0
72 | 8 Bytes
73 | WHGame.DLL+2f57a48
74 |
75 | 0
76 | a00
77 |
78 |
79 |
80 | 3
81 | "CSystem"
82 | 1
83 | 0
84 | 8 Bytes
85 | WHGame.DLL+0x298ef40
86 |
87 | 0
88 |
89 |
90 |
91 | 11
92 | "CXConsole"
93 | 1
94 | 0
95 | 8 Bytes
96 | WHGame.dll+298ef28
97 |
98 | 0
99 |
100 |
101 |
102 | 6
103 | "CVars"
104 |
105 |
106 | 1
107 |
108 |
109 | 7
110 | "wh_horse_JumpOnSlopeNormalZLimit"
111 | 0
112 | Float
113 | WHGame.DLL+36C3588
114 |
115 |
116 |
117 |
118 |
119 |
120 |
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_NoDcxSdat.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\ps3\app_home\EBOOT.FSELF"
2 | $size = (Get-Item $path).length
3 |
4 | $ba = [System.IO.File]::ReadAllBytes($path)
5 | ##########################################
6 | Function RBytes
7 | {
8 | Param (
9 | $addr,
10 | $size
11 | )
12 | [byte[]] $rb = [byte[]]::new(4)
13 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $rb.Length)
14 | $rb
15 | }
16 | ##########################################
17 | Function RUInt32
18 | {
19 | Param (
20 | $addr
21 | )
22 | [bitconverter]::ToUInt32($ba,$addr)
23 | }
24 | ##########################################
25 | Function WBytes
26 | {
27 | Param (
28 | $addr,
29 | $wb
30 | )
31 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
32 | }
33 | ##########################################
34 | Function WStrA
35 | {
36 | Param (
37 | $addr,
38 | $str
39 | )
40 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
41 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
42 | }
43 | ##########################################
44 | Function WStrU
45 | {
46 | Param (
47 | $addr,
48 | $str
49 | )
50 | $wb = [System.Text.Encoding]::Unicode.GetBytes($str)
51 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
52 | }
53 | ##########################################
54 | Function WUInt32
55 | {
56 | Param (
57 | $addr,
58 | $val
59 | )
60 | $wb = [bitconverter]::GetBytes($val)
61 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
62 | }
63 | ##########################################
64 | Function XorBytes
65 | {
66 | Param (
67 | [byte[]] $b1,
68 | [byte[]] $b2
69 | )
70 | [byte[]] $b3 = [byte[]]::new($b1.count)
71 | for($i=0; $i -lt $b1.count ; $i++)
72 | {
73 | $b3[$i] = $b1[$i] -bxor $b2[$i]
74 | }
75 | $b3
76 | }
77 | ##########################################
78 | Function AreArraysEqual($a1, $a2) {
79 | if ($a1 -isnot [array] -or $a2 -isnot [array]) {
80 | throw "Both inputs must be an array"
81 | }
82 | if ($a1.Rank -ne $a2.Rank) {
83 | return $false
84 | }
85 | if ([System.Object]::ReferenceEquals($a1, $a2)) {
86 | return $true
87 | }
88 | for ($r = 0; $r -lt $a1.Rank; $r++) {
89 | if ($a1.GetLength($r) -ne $a2.GetLength($r)) {
90 | return $false
91 | }
92 | }
93 |
94 | $enum1 = $a1.GetEnumerator()
95 | $enum2 = $a2.GetEnumerator()
96 |
97 | while ($enum1.MoveNext() -and $enum2.MoveNext()) {
98 | if ($enum1.Current -ne $enum2.Current) {
99 | return $false
100 | }
101 | }
102 | return $true
103 | }
104 | ##########################################
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | cls
113 |
114 | [byte[]] $newcode1 = 0x60, 0x00, 0x00, 0x00 #SDAT
115 | [byte[]] $oldcode1 = 0x40, 0x9e, 0x01, 0x20
116 |
117 | [byte[]] $newcode2 = 0x4b, 0xff, 0xfe, 0xe8 #SDAT
118 | [byte[]] $oldcode2 = 0x41, 0x9e, 0xfe, 0xe8
119 |
120 |
121 | [byte[]] $newcode3 = 0x60, 0x00, 0x00, 0x00 #DCX
122 | [byte[]] $oldcode3 = 0x40, 0x9e, 0x00, 0xcc
123 |
124 |
125 | cls
126 | if ($size -eq 9602848) {
127 | "EBOOT.BIN size too small, decrypt and decompress before running this script."
128 | } else {
129 | if ((RUint32 (0x66af08 - 0xF700)) -eq [UInt32]"0x20019e40") {
130 | "Original bytes found, patching out DCX/SDAT."
131 | WBytes (0x66af08 -0xF700) $newcode1
132 | WBytes (0x66b024 -0xF700) $newcode2
133 | WBytes (0x66aefc -0xF700) $newcode3
134 | [System.IO.File]::WriteAllBytes($path, $ba)
135 | "Bytes written successfully"
136 | ""
137 | pause
138 | } else {
139 | if ((RUint32 (0x66af08 - 0xF700)) -eq [UInt32]"0x00000060") {
140 | "Patched bytes found, restoring DCX/SDAT."
141 | WBytes (0x66af08 -0xF700) $oldcode1
142 | WBytes (0x66b024 -0xF700) $oldcode2
143 | WBytes (0x66aefc -0xF700) $oldcode3
144 | [System.IO.File]::WriteAllBytes($path, $ba)
145 | "Bytes written successfully"
146 | ""
147 | pause
148 | } else {
149 | "Unrecognized bytes found hook at location, no changes made."
150 | "Has EBOOT.BIN been resigned as NONDRM?"
151 | ""
152 | pause
153 | }
154 | }
155 | }
--------------------------------------------------------------------------------
/Memlocs/_rint-memory.txt:
--------------------------------------------------------------------------------
1 | $savepath = 'D:\temp\gow\GoW1-Saves\'
2 |
3 |
4 | $procname = "rpcs3"
5 | $bigendian = $true
6 |
7 |
8 | [console]::CursorVisible = $false
9 | $Host.UI.RawUI.BackgroundColor = 'Black'
10 | $Host.UI.RawUI.ForegroundColor = 'Green'
11 |
12 | Function RBytes
13 | {
14 | Param (
15 | $addr,
16 | $sizetoread
17 | )
18 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
19 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
20 | $buff
21 | }
22 |
23 | Function RAsciiStr
24 | {
25 | Param (
26 | $addr
27 | )
28 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 0x50))).Split([char]0)[0]
29 | }
30 | Function RInt16
31 | {
32 | Param (
33 | $addr
34 | )
35 | $buff = RBytes $addr 2
36 | if ($bigendian -eq $true) {
37 | [Array]::Reverse($buff)
38 | }
39 | [bitconverter]::ToInt16($buff,0)
40 | }
41 | Function RInt32
42 | {
43 | Param (
44 | $addr
45 | )
46 | $buff = RBytes $addr 4
47 | if ($bigendian -eq $true) {
48 | [Array]::Reverse($buff)
49 | }
50 | [bitconverter]::ToInt32($buff,0)
51 | }
52 | Function RInt64
53 | {
54 | Param (
55 | $addr
56 | )
57 | $buff = RBytes $addr 8
58 | if ($bigendian -eq $true) {
59 | [Array]::Reverse($buff)
60 | }
61 | [bitconverter]::ToInt64($buff,0)
62 | }
63 | Function RUInt8
64 | {
65 | Param (
66 | $addr
67 | )
68 | RBytes $addr 1
69 | }
70 | Function RUInt16
71 | {
72 | Param (
73 | $addr
74 | )
75 | $buff = RBytes $addr 2
76 | if ($bigendian -eq $true) {
77 | [Array]::Reverse($buff)
78 | }
79 | [bitconverter]::ToUInt16($buff,0)
80 | }
81 | Function RUInt32
82 | {
83 | Param (
84 | $addr
85 | )
86 | $buff = RBytes $addr 4
87 | if ($bigendian -eq $true) {
88 | [Array]::Reverse($buff)
89 | }
90 | [bitconverter]::ToUInt32($buff,0)
91 | }
92 | Function RUInt64
93 | {
94 | Param (
95 | $addr
96 | )
97 | $buff = RBytes $addr 8
98 | if ($bigendian -eq $true) {
99 | [Array]::Reverse($buff)
100 | }
101 | [bitconverter]::ToUInt64($buff,0)
102 | }
103 | Function RSingle
104 | {
105 | Param (
106 | $addr
107 | )
108 | $buff = RBytes $addr 4
109 | if ($bigendian -eq $true) {
110 | [Array]::Reverse($buff)
111 | }
112 | [bitconverter]::ToSingle($buff,0)
113 | }
114 |
115 | Function WBytes
116 | {
117 | Param (
118 | $addr,
119 | $wb
120 | )
121 | $rpm::WriteProcessMemory($proc,$addr,$wb,$wb.length,$null);
122 | }
123 | Function WUInt32
124 | {
125 | Param (
126 | $addr,
127 | $val
128 | )
129 | $wb = [bitconverter]::GetBytes($val)
130 | if ($bigendian) {
131 | [Array]::Reverse($wb)
132 | }
133 | $rpm::WriteProcessMemory($proc,$addr,$wb,$wb.length,$null)|Out-Null
134 | }
135 |
136 |
137 | $signature = @"
138 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
139 | uint h,bool b ,uint p);
140 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
141 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
142 | [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(
143 | IntPtr hp,IntPtr Base,[In]Byte[] buff,int Size,[Out]int bwrite);
144 | [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(
145 | IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flNewProtect, out uint lpflOldProtect);
146 | "@
147 | $PAGE_EXECUTE_READWRITE = 0x40
148 | $oldProtection = 0
149 |
150 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
151 | $access = 0x001F0FFF
152 |
153 | $ba = (get-Process $procname).MainModule.BaseAddress
154 | $procid = (get-Process $procname).ID
155 | $proc = $rpm::OpenProcess($access, $false, $procid)
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 | $prevtime = 0
164 | $currtime = 0
165 | [String]$path = ""
166 | [String]$wad1 = ""
167 | [String]$wad2 = ""
168 |
169 | do {
170 | $currtime = [Math]::Floor([decimal](RSingle 0x30055f54a))
171 | if ($prevtime -lt $currtime) {
172 | $prevtime = $currtime
173 |
174 | $wad1 = RAsciiStr 0x30055f4e8
175 | $wad2 = RAsciiStr 0x30055f4f3
176 |
177 | $path = $prevtime
178 | $path = $path.PadLeft(6, '0')
179 | $path = $savepath + $path + "_" + $wad1 + "_" + $wad2
180 |
181 | $ba = RBytes 0x30055f4e0 0x14000
182 | [io.file]::WriteAllBytes($path, $ba)
183 | }
184 |
185 | cls
186 | "Checkpoint playtime (s): " + $currtime
187 | "WAD 1: " + $wad1
188 | "WAD 2: " + $wad2
189 | sleep 1
190 | }
191 | while ($true)
192 |
--------------------------------------------------------------------------------
/Memlocs/GoW1-PS2-Wadfile.bt:
--------------------------------------------------------------------------------
1 | //------------------------------------------------
2 | //--- 010 Editor v13.0 Binary Template
3 | //
4 | // File: God of War, *.WAD
5 | // Authors:
6 | // Version:
7 | // Purpose:
8 | // Category:
9 | // File Mask:
10 | // ID Bytes:
11 | // History:
12 | //------------------------------------------------
13 |
14 | typedef struct {
15 | int16 chunkID ;
16 | int16 unk1 ;
17 | int size ;
18 | char chunkName[0x18] ;
19 | if (size > 0)
20 | {
21 | char data[size] ;
22 | }
23 | pad();
24 | parse();
25 | } PUSHHW;
26 |
27 | typedef struct {
28 | int16 chunkID ;
29 | int16 unk1 ;
30 | int size ;
31 | char chunkName[0x18] ;
32 | pad();
33 | } POPHW;
34 |
35 | typedef struct {
36 | int16 chunkID ;
37 | int16 unk1 ;
38 | int size ;
39 | char chunkName[0x18] ;
40 | if (size > 0)
41 | {
42 | char data[size] ;
43 | }
44 | pad();
45 | parse();
46 | } PUSHCONTEXT;
47 |
48 | typedef struct {
49 | int16 chunkID ;
50 | int16 unk1 ;
51 | int size ;
52 | char chunkName[0x18] ;
53 | pad();
54 | } POPCONTEXT;
55 |
56 | typedef struct {
57 | int16 chunkID ;
58 | int16 unk1 ;
59 | int size ;
60 | char chunkName[0x18] ;
61 | if (size > 0)
62 | {
63 | switch(ReadShort(FTell()))
64 | {
65 | case 0x21:
66 | uint serverID ;
67 |
68 | break;
69 | default:
70 | char data[size] ;
71 | break;
72 | }
73 | }
74 | pad();
75 | } CLIENTPARM;
76 |
77 | typedef struct {
78 | int16 chunkID ;
79 | int16 unk1 ;
80 | int size ;
81 | char chunkName[0x18] ;
82 | pad();
83 | parse();
84 | } GROUPSTART;
85 |
86 | typedef struct {
87 | int16 chunkID ;
88 | int16 unk1 ;
89 | int size ;
90 | char chunkName[0x18] ;
91 | pad();
92 | } GROUPEND;
93 |
94 | typedef struct {
95 | int16 chunkID ;
96 | int16 unk1 ;
97 | int val ;
98 | char chunkName[0x18] ;
99 | pad();
100 | Printf("%s = %d\n", chunkName, val);
101 | } DYNASTRING;
102 |
103 | typedef struct {
104 | int16 chunkID ;
105 | int16 unk1 ;
106 | int size ;
107 | char chunkName[0x18] ;
108 | if (size > 0)
109 | {
110 | char data[size] ;
111 | }
112 | pad();
113 | } DATABLOCK;
114 |
115 | typedef struct {
116 | int16 chunkID ;
117 | int16 unk1 ;
118 | int size ;
119 | char chunkName[0x18] ;
120 | if (size > 0)
121 | {
122 | char unk[size] ;
123 | }
124 | pad();
125 | } UNKCHUNK;
126 |
127 |
128 | void parse()
129 | {
130 | local byte deeper = 1;
131 |
132 | while (deeper == 1)
133 | {
134 | if (FEof()) {return;}
135 | switch(ReadShort(FTell()))
136 | {
137 | case 0x18: //IFFProcessDynaString
138 | DYNASTRING DynaString ;
139 | break;
140 | case 0x1E: //IFFProcessClientParm
141 | CLIENTPARM ClientParm ;
142 | break;
143 | case 0x28: //IFFProcessGroupStart
144 | GROUPSTART Group ;
145 | break;
146 | case 0x32: //IFFProcessGroupEnd
147 | GROUPEND GroupEnd ;
148 | return;
149 | break;
150 | case 0x3c: //IFFActivate
151 |
152 | break;
153 | case 0x46: //IFFPushContext
154 | case 0x29a: //IFFPushContext
155 | PUSHCONTEXT PushContext ;
156 | break;
157 | case 0x50: //IFFPopContext
158 | case 0x309: //IFFPopContext
159 | POPCONTEXT PopContext ;
160 | break;
161 | case 0x6f: //IFFProcessDataBlockAlign16
162 | DATABLOCK DataBlock ;
163 | break;
164 | case 0x378: //IFFPushHeapWrapper
165 | PUSHHW PushHW ;
166 | break;
167 | case 0x3E7: //IFFPopHeapWrapper
168 | POPHW PopHW ;
169 | return;
170 | break;
171 | default:
172 | UNKCHUNK unkChunk ;
173 | break;
174 | }
175 | }
176 | }
177 |
178 | void pad()
179 | {
180 | local int pos = FTell();
181 | local int pad = 0x10 - (pos % 0x10);
182 | if (pad < 0x10)
183 | {
184 | char padding[pad] ;
185 | }
186 | }
187 |
188 |
189 | LittleEndian();
190 | struct FILE {
191 | parse();
192 | } file ;
--------------------------------------------------------------------------------
/Memlocs/GoWR-Steam-1.0.614.134.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 8
6 | "Difficulty"
7 | 0
8 | Byte
9 | 142441EC0
10 |
11 |
12 | 7
13 | "Photo Mode, Show Kratos"
14 | 0
15 | Byte
16 | GoWR.exe+251D5ED
17 |
18 |
19 | 6
20 | "BW Mode"
21 | 0
22 | Byte
23 | GoWR.exe+3fc9b7c
24 |
25 |
26 | 2
27 | "goPlayer -->"
28 | 1
29 | 0
30 | 8 Bytes
31 | GoWR.exe+5b07600
32 |
33 |
34 | 3
35 | "goCreature -->"
36 | 1
37 | 0
38 | 8 Bytes
39 | [GoWR.exe+5b07608]
40 |
41 |
42 | 4
43 | "00000000"
44 | 1
45 | 0
46 | 8 Bytes
47 | [GoWR.exe+5b07608]+0
48 |
49 |
50 | 9
51 | "Last Attacked Handle"
52 | 0
53 | 4 Bytes
54 | [GoWR.exe+5b07608]+2b00
55 |
56 |
57 | 10
58 | "currHP"
59 | 0
60 | Float
61 | [GoWR.exe+5b07608]+2b90
62 |
63 |
64 | 20
65 | "maxHP"
66 | 0
67 | Float
68 | [GoWR.exe+5b07608]+2bf0
69 |
70 |
71 | 5
72 | "currRage"
73 | 0
74 | Float
75 | [GoWR.exe+5b07608]+2c28
76 |
77 |
78 | 21
79 | "maxRage"
80 | 0
81 | Float
82 | [GoWR.exe+5b07608]+2c88
83 |
84 |
85 | 19
86 | "Name"
87 | 0
88 | String
89 | 10
90 | 0
91 | 0
92 | 1
93 | [GoWR.exe+5b07608]+7078
94 |
95 |
96 | 12
97 | "Last Attacker Handle"
98 | 0
99 | 4 Bytes
100 | [GoWR.exe+5b07608]+7500
101 |
102 |
103 | 13
104 | "Strength"
105 | 0
106 | Float
107 | [GoWR.exe+5b07608]+7ca0
108 |
109 |
110 | 18
111 | "Defense"
112 | 0
113 | Float
114 | [GoWR.exe+5b07608]+7ca4
115 |
116 |
117 | 17
118 | "Runic"
119 | 0
120 | Float
121 | [GoWR.exe+5b07608]+7ca8
122 |
123 |
124 | 16
125 | "Vitality"
126 | 0
127 | Float
128 | [GoWR.exe+5b07608]+7cac
129 |
130 |
131 | 15
132 | "Luck"
133 | 0
134 | Float
135 | [GoWR.exe+5b07608]+7cb0
136 |
137 |
138 | 14
139 | "Cooldown"
140 | 0
141 | Float
142 | [GoWR.exe+5b07608]+7cb4
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
--------------------------------------------------------------------------------
/Memlocs/StateOfDecay2-SetDemoMode.txt:
--------------------------------------------------------------------------------
1 | $procname = "StateOfDecay2-Win64-Shipping"
2 | $bigendian = $false
3 |
4 | [console]::CursorVisible = $false
5 | $Host.UI.RawUI.BackgroundColor = 'Black'
6 | $Host.UI.RawUI.ForegroundColor = 'Green'
7 |
8 | Function RBytes
9 | {
10 | Param (
11 | $addr,
12 | $sizetoread
13 | )
14 | $pos = $addr
15 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
16 | $read = $rpm::ReadProcessMemory($proc,$pos,$buff,$buff.length,$null);
17 | $buff
18 | }
19 | Function RAsciiStr
20 | {
21 | Param (
22 | $addr
23 | )
24 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 0x50))).Split([char]0)[0]
25 | }
26 | Function RUnicodeStr {
27 | Param (
28 | $addr
29 | )
30 | ([System.Text.Encoding]::Unicode.GetString($(RBytes $addr 0x50))).Split([char]0)[0]
31 | }
32 | Function ReadAndConvert {
33 | Param (
34 | [IntPtr]$addr,
35 | [int]$byteCount,
36 | [string]$convertType
37 | )
38 | $buff = RBytes $addr $byteCount
39 | if ($bigendian -eq $true) {
40 | [Array]::Reverse($buff)
41 | }
42 |
43 | switch ($convertType) {
44 | "Int16" { return [BitConverter]::ToInt16($buff, 0) }
45 | "Int32" { return [BitConverter]::ToInt32($buff, 0) }
46 | "Int64" { return [BitConverter]::ToInt64($buff, 0) }
47 | "UInt8" { return $buff[0] }
48 | "UInt16" { return [BitConverter]::ToUInt16($buff, 0) }
49 | "UInt32" { return [BitConverter]::ToUInt32($buff, 0) }
50 | "UInt64" { return [BitConverter]::ToUInt64($buff, 0) }
51 | "Single" { return [BitConverter]::ToSingle($buff, 0) }
52 | default { throw "Unknown conversion type $convertType" }
53 | }
54 | }
55 | Function RInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "Int16" }
56 | Function RInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Int32" }
57 | Function RInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "Int64" }
58 | Function RUInt8 { Param ([IntPtr]$addr) ReadAndConvert $addr 1 "UInt8" }
59 | Function RUInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "UInt16" }
60 | Function RUInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "UInt32" }
61 | Function RUInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "UInt64" }
62 | Function RSingle { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Single" }
63 |
64 | Function WBytes {
65 | Param (
66 | [IntPtr]$addr,
67 | [Byte[]]$data
68 | )
69 | $size = $data.Length
70 | $written = 0
71 | $success = $rpm::WriteProcessMemory($proc, $addr, $data, $size, [ref]$written)
72 | if (-not $success -or $written -ne $size) {
73 | throw "Failed to write memory at $addr"
74 | }
75 | }
76 | Function WInt16 { Param ([IntPtr]$addr, [Int16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
77 | Function WInt32 { Param ([IntPtr]$addr, [Int32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
78 | Function WInt64 { Param ([IntPtr]$addr, [Int64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
79 | Function WUInt8 { Param ([IntPtr]$addr, [Byte]$val) WBytes $addr @($val) }
80 | Function WUInt16 { Param ([IntPtr]$addr, [UInt16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
81 | Function WUInt32 { Param ([IntPtr]$addr, [UInt32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
82 | Function WUInt64 { Param ([IntPtr]$addr, [UInt64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
83 | Function WSingle { Param ([IntPtr]$addr, [Single]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
84 | Function WAsciiStr {
85 | Param (
86 | [IntPtr]$addr,
87 | [string]$str,
88 | [int]$maxLen = 0x50
89 | )
90 | $bytes = [System.Text.Encoding]::ASCII.GetBytes($str)
91 | if ($bytes.Length -ge $maxLen) {
92 | $bytes = $bytes[0..($maxLen-2)]
93 | }
94 | $padded = New-Object Byte[]($maxLen)
95 | [Array]::Copy($bytes, $padded, $bytes.Length)
96 | WBytes $addr $padded
97 | }
98 |
99 | Function WUnicodeStr {
100 | Param (
101 | [IntPtr]$addr,
102 | [string]$str,
103 | [int]$maxLen = 0x50
104 | )
105 | $bytes = [System.Text.Encoding]::Unicode.GetBytes($str)
106 | if ($bytes.Length -ge $maxLen) {
107 | $bytes = $bytes[0..($maxLen-2)]
108 | }
109 | $padded = New-Object Byte[]($maxLen)
110 | [Array]::Copy($bytes, $padded, $bytes.Length)
111 | WBytes $addr $padded
112 | }
113 |
114 |
115 | $signature = @"
116 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
117 | uint h,bool b ,uint p);
118 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
119 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
120 | [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(
121 | IntPtr hp,IntPtr Base,[In]Byte[] buff,int Size,out int bwrite);
122 | [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(
123 | IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flNewProtect, out uint lpflOldProtect);
124 | "@
125 | $PAGE_EXECUTE_READWRITE = 0x40
126 | $oldProtection = 0
127 |
128 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
129 | $access = 0x001F0FFF
130 |
131 | $ba = (get-Process $procname).MainModule.BaseAddress
132 | $procid = (get-Process $procname).ID
133 | $proc = $rpm::OpenProcess($access, $false, $procid)
134 |
135 |
136 | Function SetDemoMode {
137 | Param (
138 | [byte]$val
139 | )
140 |
141 | WUInt8 $ulIsDemo $val
142 | Write-Host "ULIsDemo = " $val
143 | }
144 |
145 | cls
146 | $verIdent = RInt32 ($ba + [Int64]0xe8)
147 | $ver = "Dunno"
148 | if ($verIdent -eq 0x49274e48) {
149 | $ver = "MS"
150 | $daytonVehicleVtPtr = $ba + [Int64]0x03418E40
151 | $namesTablePtr = $ba + [Int64]0x044DB248
152 | $ulIsDemo = $ba + [Int64]0x043FB1F0
153 | $worldPtr = $ba + [Int64]0x045D7C88
154 | Write-Host "MS version found."
155 | }
156 | if ($verIdent -eq 0xd54624b7) {
157 | $ver = "Steam"
158 | $daytonVehicleVtPtr = $ba + [Int64]0x034E8930
159 | $namesTablePtr = $ba + [Int64]0x04629DC8
160 | $ulIsDemo = $ba + [Int64]0x04549D70
161 | $worldPtr = $ba + [Int64]0x04726808
162 | Write-Host "Steam version found."
163 | }
164 | if ($ver -eq "Dunno") {
165 | Write-Host "Matching bytes not found, incompatible version of game or process not found."
166 | } else {
167 | cd \
168 | Write-Host "SetDemoMode 1"
169 | SetDemoMode 1
170 | }
--------------------------------------------------------------------------------
/Memlocs/StateOfDecay2-SetTimeDilation.txt:
--------------------------------------------------------------------------------
1 | $procname = "StateOfDecay2-Win64-Shipping"
2 | $bigendian = $false
3 |
4 | [console]::CursorVisible = $false
5 | $Host.UI.RawUI.BackgroundColor = 'Black'
6 | $Host.UI.RawUI.ForegroundColor = 'Green'
7 |
8 | Function RBytes
9 | {
10 | Param (
11 | $addr,
12 | $sizetoread
13 | )
14 | $pos = $addr
15 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
16 | $read = $rpm::ReadProcessMemory($proc,$pos,$buff,$buff.length,$null);
17 | $buff
18 | }
19 | Function RAsciiStr
20 | {
21 | Param (
22 | $addr
23 | )
24 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 0x50))).Split([char]0)[0]
25 | }
26 | Function RUnicodeStr {
27 | Param (
28 | $addr
29 | )
30 | ([System.Text.Encoding]::Unicode.GetString($(RBytes $addr 0x50))).Split([char]0)[0]
31 | }
32 | Function ReadAndConvert {
33 | Param (
34 | [IntPtr]$addr,
35 | [int]$byteCount,
36 | [string]$convertType
37 | )
38 | $buff = RBytes $addr $byteCount
39 | if ($bigendian -eq $true) {
40 | [Array]::Reverse($buff)
41 | }
42 |
43 | switch ($convertType) {
44 | "Int16" { return [BitConverter]::ToInt16($buff, 0) }
45 | "Int32" { return [BitConverter]::ToInt32($buff, 0) }
46 | "Int64" { return [BitConverter]::ToInt64($buff, 0) }
47 | "UInt8" { return $buff[0] }
48 | "UInt16" { return [BitConverter]::ToUInt16($buff, 0) }
49 | "UInt32" { return [BitConverter]::ToUInt32($buff, 0) }
50 | "UInt64" { return [BitConverter]::ToUInt64($buff, 0) }
51 | "Single" { return [BitConverter]::ToSingle($buff, 0) }
52 | default { throw "Unknown conversion type $convertType" }
53 | }
54 | }
55 | Function RInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "Int16" }
56 | Function RInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Int32" }
57 | Function RInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "Int64" }
58 | Function RUInt8 { Param ([IntPtr]$addr) ReadAndConvert $addr 1 "UInt8" }
59 | Function RUInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "UInt16" }
60 | Function RUInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "UInt32" }
61 | Function RUInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "UInt64" }
62 | Function RSingle { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Single" }
63 |
64 | Function WBytes {
65 | Param (
66 | [IntPtr]$addr,
67 | [Byte[]]$data
68 | )
69 | $size = $data.Length
70 | $written = 0
71 | $success = $rpm::WriteProcessMemory($proc, $addr, $data, $size, [ref]$written)
72 | if (-not $success -or $written -ne $size) {
73 | throw "Failed to write memory at $addr"
74 | }
75 | }
76 | Function WInt16 { Param ([IntPtr]$addr, [Int16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
77 | Function WInt32 { Param ([IntPtr]$addr, [Int32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
78 | Function WInt64 { Param ([IntPtr]$addr, [Int64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
79 | Function WUInt8 { Param ([IntPtr]$addr, [Byte]$val) WBytes $addr @($val) }
80 | Function WUInt16 { Param ([IntPtr]$addr, [UInt16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
81 | Function WUInt32 { Param ([IntPtr]$addr, [UInt32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
82 | Function WUInt64 { Param ([IntPtr]$addr, [UInt64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
83 | Function WSingle { Param ([IntPtr]$addr, [Single]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
84 | Function WAsciiStr {
85 | Param (
86 | [IntPtr]$addr,
87 | [string]$str,
88 | [int]$maxLen = 0x50
89 | )
90 | $bytes = [System.Text.Encoding]::ASCII.GetBytes($str)
91 | if ($bytes.Length -ge $maxLen) {
92 | $bytes = $bytes[0..($maxLen-2)]
93 | }
94 | $padded = New-Object Byte[]($maxLen)
95 | [Array]::Copy($bytes, $padded, $bytes.Length)
96 | WBytes $addr $padded
97 | }
98 |
99 | Function WUnicodeStr {
100 | Param (
101 | [IntPtr]$addr,
102 | [string]$str,
103 | [int]$maxLen = 0x50
104 | )
105 | $bytes = [System.Text.Encoding]::Unicode.GetBytes($str)
106 | if ($bytes.Length -ge $maxLen) {
107 | $bytes = $bytes[0..($maxLen-2)]
108 | }
109 | $padded = New-Object Byte[]($maxLen)
110 | [Array]::Copy($bytes, $padded, $bytes.Length)
111 | WBytes $addr $padded
112 | }
113 |
114 |
115 | $signature = @"
116 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
117 | uint h,bool b ,uint p);
118 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
119 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
120 | [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(
121 | IntPtr hp,IntPtr Base,[In]Byte[] buff,int Size,out int bwrite);
122 | [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(
123 | IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flNewProtect, out uint lpflOldProtect);
124 | "@
125 | $PAGE_EXECUTE_READWRITE = 0x40
126 | $oldProtection = 0
127 |
128 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
129 | $access = 0x001F0FFF
130 |
131 | $ba = (get-Process $procname).MainModule.BaseAddress
132 | $procid = (get-Process $procname).ID
133 | $proc = $rpm::OpenProcess($access, $false, $procid)
134 |
135 |
136 | Function SetTimeDilation {
137 | Param (
138 | [Single]$speed
139 | )
140 | $ptr = RInt64 ($worldPtr)
141 | $ptr = RInt64($ptr + [Int64]0x30)
142 | $ptr = RInt64 ($ptr + [Int64]0x2d0)
143 | $ptr = $ptr + [Int64]0x4f8
144 |
145 | WSingle $ptr $speed
146 | }
147 |
148 | cls
149 | $verIdent = RInt32 ($ba + [Int64]0xe8)
150 | $ver = "Dunno"
151 | if ($verIdent -eq 0x49274e48) {
152 | $ver = "MS"
153 | $daytonVehicleVtPtr = $ba + [Int64]0x03418E40
154 | $namesTablePtr = $ba + [Int64]0x044DB248
155 | $worldPtr = $ba + [Int64]0x045D7C88
156 | Write-Host "MS version found."
157 | }
158 | if ($verIdent -eq 0xd54624b7) {
159 | $ver = "Steam"
160 | $daytonVehicleVtPtr = $ba + [Int64]0x034E8930
161 | $namesTablePtr = $ba + [Int64]0x04629DC8
162 | $worldPtr = $ba + [Int64]0x04726808
163 | Write-Host "Steam version found."
164 | }
165 | if ($ver -eq "Dunno") {
166 | Write-Host "Matching bytes not found, incompatible version of game or process not found."
167 | }
168 |
169 |
170 |
171 |
172 |
173 |
174 | SetTimeDilation 1.00
175 |
--------------------------------------------------------------------------------
/Memlocs/GoW-Steam-1.0.438.9704.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 11
6 | "Log"
7 |
8 | 0
9 | String
10 | 256
11 | 0
12 | 0
13 | 1
14 | [GoW.exe+4e435a0]+3100+[[GoW.exe+4e435a0]+b104]*100
15 |
16 |
17 | 8
18 | "Take No Damage"
19 |
20 | 0
21 | Byte
22 | GoW.exe+273fc5a
23 |
24 |
25 | 7
26 | "Difficulty"
27 |
28 | 0
29 | Byte
30 | GoW.exe+1067094
31 |
32 |
33 | 0
34 | "GamePause"
35 |
36 | 0
37 | Byte
38 | GoW.exe+11abbe4
39 |
40 |
41 | 1
42 | "XP"
43 |
44 | 1
45 | 4 Bytes
46 | "GoW.exe"+01393420
47 |
48 | 30
49 |
50 |
51 |
52 | 2
53 | "HS"
54 |
55 | 1
56 | 4 Bytes
57 | "GoW.exe"+01393420
58 |
59 | 1F0
60 |
61 |
62 |
63 | 3
64 | "goPlayer"
65 |
66 | 1
67 | 0
68 | 8 Bytes
69 | GoW.exe+2255238
70 |
71 | 0
72 |
73 |
74 |
75 | 4
76 | "Kratos_goSoldier"
77 |
78 | 1
79 | 0
80 | 8 Bytes
81 | GoW.exe+2255238
82 |
83 | 0
84 | 8
85 |
86 |
87 |
88 | 5
89 | "Size"
90 |
91 | 0
92 | Float
93 | GoW.exe+2255238
94 |
95 | a8
96 | 8
97 |
98 |
99 |
100 | 6
101 | "Current HP"
102 |
103 | 0
104 | Float
105 | GoW.exe+2255238
106 |
107 | 388
108 | 8
109 |
110 |
111 |
112 |
113 |
114 | 12
115 | "Atreus_goGameObject"
116 |
117 | 1
118 | 0
119 | 8 Bytes
120 | GoW.exe+11abc00
121 |
122 | 0
123 |
124 |
125 |
126 | 13
127 | "Size"
128 |
129 | 0
130 | Float
131 | GoW.exe+11abc00
132 |
133 | a8
134 | 220
135 |
136 |
137 |
138 | 14
139 | "Current HP"
140 |
141 | 0
142 | Float
143 | GoW.exe+11abc00
144 |
145 | 388
146 | 220
147 |
148 |
149 |
150 |
151 |
152 | 10
153 | "-------------"
154 |
155 | 1
156 |
157 |
158 | 15
159 | "Photo Mode Activate"
160 |
161 | Auto Assembler Script
162 | [ENABLE]
163 | alloc(code, 0x1000)
164 | CreateThread(code)
165 |
166 | code:
167 | pushfq
168 | call GoW.exe+5A31C0
169 | popfq
170 | ret
171 |
172 | [DISABLE]
173 | dealloc(code)
174 |
175 |
176 |
177 | 16
178 | "Photo Mode Deactivate"
179 |
180 | Auto Assembler Script
181 | [ENABLE]
182 | alloc(code, 0x1000)
183 | CreateThread(code)
184 |
185 | code:
186 | pushfq
187 | call GoW.exe+5A31A0
188 | popfq
189 | ret
190 |
191 | [DISABLE]
192 | dealloc(code)
193 |
194 |
195 |
196 |
197 |
198 |
--------------------------------------------------------------------------------
/Memlocs/GoW3-PS3-memlocs.txt:
--------------------------------------------------------------------------------
1 | Instructions:
2 |
3 | 0x9408c - 2f800000 - check if r0 (kptr + 0x1850) > 0
4 | 0x940a8 - 419e01b4 - Check if in-range of save
5 | 0x94220 - 2f830000 - cmp r3 to non-zero, save if so
6 | 0x94288 - First save instruction
7 |
8 | 0xccb94 - 901b043c - nop for inf jumps
9 |
10 | (Nop following 2 to manually write Kratos pos)
11 | 0x077448 - 7c09e1ce - Write Kratos model pos
12 | 0x350cf0 - 7c0901ce - write Kratos model pos
13 |
14 | 507c60 - Distance from savepoint to prompt R1
15 | - 7f800000 = inf
16 | - 40800000 = 4
17 |
18 |
19 | 52afed - Difficulty
20 | 52b083 - (Options) Flight Controls - 1 = Inverted
21 | 52b210 - Current WAD?
22 | 52be70 - (Options) Music Volume
23 | 52be74 - (Options) SFX Volume
24 | 52be78 - (Options) Speech volume
25 | 52be7c - (Options) Cinematic Volume
26 |
27 | 52be87 - (Options) Sound Mode
28 | - 0 = Stereo
29 | - 1 = Headphones
30 | - 2 = Dolby Pro Logic II
31 |
32 |
33 |
34 | 546ccc - Beginning of variables
35 | 548234 - Beginning of variables and pointers to them
36 |
37 | 550860 - Pointer to selected menu item
38 |
39 | 550c38 - Freeze Kratos
40 | 550c5c - Costume
41 | 550c58 - Seconds Played?
42 |
43 | 550ca8 - CA Enemy #1 ID
44 | 550cac - CA Enemy #2
45 | 550cb0 - CA Enemy #3
46 | 550cb4 - CA Enemy #4
47 | 550cb8 - CA Enemy #5
48 | - 13 = Gorgon
49 | - 14 = Gorgon Serpent
50 | - 1e = Siren Seductress
51 | - 1f = Lost Soul
52 | - 20 = Wraith of Olympus
53 |
54 | 5513b3 - Main menu = 1 (?)
55 | 5513b7 - Select menu = 1 (?)
56 | 5513ba - Start menu = 1 (?)
57 | 5513bc - Challenge menu = 1
58 | 5513cb - Combat Arena menu = 1
59 | 5513cf - CA hp level, 4 = Infinite
60 | 5513d3 - CA mp level, 5 = Infinite
61 | 5513d7 - CA item level, 4 = Infinite
62 | 5513da - CA difficulty
63 | 5513df - CA night stage
64 |
65 | 5511f7 - CA Enemy #1 Count
66 | 5511fc - CA Enemy #2 Count
67 |
68 | 55120b - CA Enemy #1 Respawn
69 | 55120f - CA Enemy #2 Respawn
70 |
71 |
72 | 567420 - Pointer to Cam?
73 | 567460 - (Options) Free Camera - 1 = Inverted
74 |
75 | 567964 - Pointer to pointer to Kratos?
76 | - p+0x8 - Pointer to Kratos?
77 |
78 | 567a17 - Deaths(?)
79 | 567b1c - hp (display)
80 | 567b20 - Magic (display)
81 | 567b30 - Red Orb (display)
82 | 567b40 - Pointer to Kratos (no?)
83 |
84 | 568020 - Game state
85 | - 0 = to menu
86 | - a = Load menu?
87 | 568160 - Current WAD
88 | 568180 - Beginning of data copied to checkpoint
89 |
90 | 5689c8 - Start of preferences save
91 | +0x6
92 | 00000001 Challenge 5
93 | 00000010 Challenge 6
94 | 00000100 Challenge 7
95 | +0x7
96 | 00000001 Easy
97 | 00000010 Normal
98 | 00000100 Hard
99 | 00001000 Very Hard
100 | 00010000 Challenge 1
101 | 00100000 Challenge 2
102 | 01000000 Challenge 3
103 | 10000000 Challenge 4
104 |
105 |
106 |
107 | 568df0 - pointer to checkpoint?
108 | 568df8 - pointer to camdata?
109 |
110 | 5690e0 - (Stats) Total Deaths (4 byte int)
111 | 5690e4 - (Stats) Total Saves (4 byte int)
112 |
113 |
114 | 569360 - (Options) Tutorial Display
115 | - 1 = Off
116 | - 3 = On
117 |
118 | 569361 - (Options) Show Subtitles - 1 = On
119 |
120 | 64014c - Controller input
121 | 640adb - (Options) Brightness (0-100)
122 | 640bc0 - (Options) Screen Scale (4 byte int)
123 | 640bc4 - (Options) Screen Location X (4 byte int)
124 | 640bc8 - (Options) Screen Location y (4 byte int)
125 | 640bcc - Non-zero = Invisible HUD/Kratos
126 |
127 |
128 |
129 | 300e9c30 - pointer from 568DF0 - cp start
130 | +0x19c - cp xpos
131 | +0x1a0 - cp zpos
132 | +0x1a4 - cp ypos
133 | +0x1b4 - ?? 00000001 ????
134 | +0x1b8 - ?? 10000000 ????
135 | +0x1c8 - cp hp1
136 | +0x1cc - cp magic
137 | +0x1d0 - cp item bar
138 | +0x1d4 - cp rage
139 | +0x1d8 - cp hp regen
140 | +0x1dc - cp magic regen
141 | +0x1e0 - cp red orbs
142 | +0x1fa - hp extensions
143 | +0x1fb - magic extensions
144 | +0x1fc - item extensions
145 | +0x206 - selected weapon
146 | +0x207 - active weapon
147 | +0x5aa - difficulty
148 | +0x5ab - costume
149 | - 00 - Normal
150 | - 01 - Fear Kratos
151 | - 02 - Apollo
152 | - 03 - Morpheus
153 | - 04 - Phantom of Chaos
154 | - 05 - Forgotten Warrior
155 | - 06 - Dominus
156 | - 07 - Deimos
157 | +0x5ac - Infinite HP
158 | +0x5b0 - Infinite MP
159 | +0x5b2 - Disable Trophies(?)
160 | +0x5b3 - Infinite Item
161 | +0x844 - Start of level variables
162 |
163 | 321ee998 - Wad_R_Perm start
164 |
165 | 3160e7a4 - More Cam vars?
166 |
167 | 325b2a60 - Cam vars?
168 | - 40030009 00240007
169 | -00240007 -> 00240002 = Walk without animation
170 |
171 | 325b2ab0 - Kratos model X Pos
172 |
173 | 325c5430 - Cam z pos
174 | 325c5434 - Cam x pos
175 | 325c5438 - Cam y pos
176 |
177 | 322C2D60 - freecam zoom
178 | 325c6150 - Cam vars? - main?
179 | 325c6780 - Cam Pointer?
180 |
181 | 325c69f0 (changes) - Zoom in Freelook
182 |
183 | (34c85270)
184 | (3967a030)
185 | 567974 pointer's pointer - Kratos Start
186 |
187 | +0x0090 - x Pos
188 | +0x0094 - Z pos
189 | +0x0098 - Y pos
190 | +0x0110 - X velocity
191 | +0x0114 - z velocity
192 | +0x0118 - y velocity
193 | +0x01a8 - Kratos Size
194 | +0x01ac - Kratos Speed
195 | +0x01b0 - Swimming
196 | - 00000001 = standing
197 | - 00000080 = Weak Swimming
198 | - 00000200 = swimming
199 | - 00001000 = Diving down
200 | +0x01bc - Kratos HP
201 | +0x01e0 - HP Regen speed
202 | +0x03d0 - Glow Counter current (Stop glow when hit max)
203 | +0x03d4 - Glow Counter Max
204 | +0x043c - Jump counter?
205 | +0x19ac - Rage weapon? 280 = BoO
206 | +0x19e0 - x pos (first location when loading)
207 | +0x1a04 - Unlocks
208 | - 10000000 = Daedalus' Schematics (Inf Item)
209 | - 20000000 = ???
210 | - 40000000 = ???
211 | - 80000000 = ????
212 | - 01000000 = Aphrodite's Garter
213 | - 02000000 = Hephaestus' Ring
214 | - 04000000 = Hera's Chalice
215 | - 08000000 = Zeus' Eagle
216 | - 00100000 = Helios' Shield
217 | - 00200000 = Hermes' Coin
218 | - 00400000 = Hercules' Shoulder Guard
219 | - 00800000 = Poseidon's Conch Shell
220 | - 00010000 = Nemesis Whip
221 | - 00020000 = Blades of Athena
222 | - 00040000 = Claws of Hades
223 | - 00080000 = Hades Helm
224 | - 00001000 = Blade of Olympus
225 | - 00002000 = ????
226 | - 00004000 = ????
227 | - 00008000 = Nemean Cestus
228 | - 00000100 = ???
229 | - 00000200 = Blade of Olympus (Rage)
230 | - 00000400 = Boots of Hermes
231 | - 00000800 = Poseidon's Trident
232 | - 00000010 = Golden Fleece
233 | - 00000020 = Icarus Wings
234 | - 00000040 = ????
235 | - 00000080 = ????
236 | - 00000001 = Bow of Apollo
237 | - 00000002 = ????
238 | - 00000004 = Head of Helios
239 | - 00000008 = Boreas Icestorm
240 |
241 | +0x1a10 - Magic Bar
242 | +0x1a14 - Item Bar
243 | +0x1a20 - Magic Regen Speed
244 | +0x1a28 - Red Orbs
245 | +0x1a3e - HP Extensions
246 | +0x1a3f - Magic Extension
247 | +0x1a40 - Item Extensions
248 | +0x1a46 - BoE level (5 - BoA)
249 | +0x1a4a - Active weapon
250 | - 0-1 - Unarmed
251 | - 10 - Cestus
252 | - 100A - Blade of Olympus
253 | - 11 - Nemesis Whip
254 | - 12 - Blades of Athena
255 | - 13 - Claws of Hades
256 | +0x1a4d - Gorgon Eyes
257 | +0x1a4e - Phoenix Feathers
258 |
259 | (First area only)
260 | 357c42e0 - CCFreeLookN
261 | 35cd7dec - Pointer to CamPPH40
262 | 35cd7f1c - Pointer to CamPPH40A
263 | 35cd8b6c - Pointer to CCFreeLookN
264 |
265 | 396936e8 - 1 = Save if at savepoint
266 | 39694b14 - Distance from save point
267 |
268 | Ranges
269 |
270 | 00010000 00910000
271 | 10000000 10090000
272 | 20000000 20030000
273 | 30000000 38900000
274 | 38C00000 3BF00000
275 | 50000000 50100000
276 | 60000000 60010000
277 | 60100000 60110000
278 | 60200000 60210000
279 | 60300000 60310000
280 | C0000000 CF900000
281 | D0010000 D0090000
282 | D00A0000 D00B0000
283 |
284 |
285 |
286 | Save:
287 | 5AB - Costume variable
--------------------------------------------------------------------------------
/Memlocs/PokemonPlatinum-PS-DeSmuME.txt:
--------------------------------------------------------------------------------
1 | $procname = "DeSmuME_0.9.11_x64"
2 |
3 | Function RBytes
4 | {
5 | Param (
6 | $addr,
7 | $sizetoread
8 | )
9 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
10 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
11 | $buff
12 | }
13 |
14 | Function RAsciiStr
15 | {
16 | Param (
17 | $addr
18 | )
19 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 30))).Split([char]0)[0]
20 | }
21 | Function RInt16
22 | {
23 | Param (
24 | $addr
25 | )
26 | [bitconverter]::ToInt16($(RBytes $addr 2),0)
27 | }
28 | Function RInt32
29 | {
30 | Param (
31 | $addr
32 | )
33 | $sizetoread = 4
34 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
35 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
36 | [bitconverter]::ToInt32($(RBytes $addr 4),0)
37 | }
38 | Function RUInt8
39 | {
40 | Param (
41 | $addr
42 | )
43 | RBytes $addr 1
44 | }
45 | Function RUInt16
46 | {
47 | Param (
48 | $addr
49 | )
50 | [bitconverter]::ToUInt16($(RBytes $addr 2),0)
51 | }
52 | Function RUInt32
53 | {
54 | Param (
55 | $addr
56 | )
57 | $sizetoread = 4
58 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
59 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
60 | [bitconverter]::ToUInt32($(RBytes $addr 4),0)
61 | }
62 | $signature = @"
63 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
64 | uint h,bool b ,uint p);
65 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
66 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
67 | "@
68 |
69 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
70 | $access = 0x001F0FFF
71 | $procid = (get-Process $procname).ID
72 | $proc = $rpm::OpenProcess($access, $false, $procid)
73 |
74 |
75 |
76 |
77 |
78 |
79 | [UInt32]$global:seed = 0
80 |
81 | Function Decrypt
82 | {
83 | Param (
84 | $addr,
85 | $sizetoread
86 | )
87 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
88 | $read = $rpm::ReadProcessMemory($proc,$addr,$buff,$buff.length,$null);
89 |
90 | For ($i=0; $i -le $buff.length - 2; $i = $i + 2) {
91 | $global:seed = (((0x41c64e6dL * $global:seed) + 0x6073L) -band 0xffffffffL)
92 | $buff[$i] = ($buff[$i] -bxor (($global:seed -shr 16) -band 0xffL))
93 | $buff[$i + 1] = ($buff[$i + 1] -bxor [byte](($global:seed -shr 24) -band 0xffL))
94 | }
95 | $buff
96 | }
97 |
98 | $saveloc = 0x14568f4a8
99 | [UInt32]$pv = RUInt32 $saveloc
100 | [UInt16]$chksum = RUInt16 ($saveloc + 6)
101 | [UInt32]$global:seed = $chksum
102 | [UInt32]$shuf = [UInt32]((($pv -band 0x3e000) -shr 0xd) % 24)
103 |
104 |
105 |
106 | [UInt32]$global:seed = $chksum
107 | switch ($shuf){
108 | 0 {
109 | $ba = Decrypt ($saveloc + 0x8) 0x20
110 | $bb = Decrypt ($saveloc + 0x28) 0x20
111 | $bc = Decrypt ($saveloc + 0x48) 0x20
112 | $bd = Decrypt ($saveloc + 0x68) 0x20
113 | }
114 | 1 {
115 | $ba = Decrypt ($saveloc + 0x8) 0x20
116 | $bb = Decrypt ($saveloc + 0x28) 0x20
117 | $bd = Decrypt ($saveloc + 0x48) 0x20
118 | $bc = Decrypt ($saveloc + 0x68) 0x20
119 | }
120 | 2 {
121 | $ba = Decrypt ($saveloc + 0x8) 0x20
122 | $bc = Decrypt ($saveloc + 0x28) 0x20
123 | $bb = Decrypt ($saveloc + 0x48) 0x20
124 | $bd = Decrypt ($saveloc + 0x68) 0x20
125 | }
126 | 3 {
127 | $ba = Decrypt ($saveloc + 0x8) 0x20
128 | $bd = Decrypt ($saveloc + 0x28) 0x20
129 | $bb = Decrypt ($saveloc + 0x48) 0x20
130 | $bc = Decrypt ($saveloc + 0x68) 0x20
131 | }
132 | 4 {
133 | $ba = Decrypt ($saveloc + 0x8) 0x20
134 | $bc = Decrypt ($saveloc + 0x28) 0x20
135 | $bd = Decrypt ($saveloc + 0x48) 0x20
136 | $bb = Decrypt ($saveloc + 0x68) 0x20
137 | }
138 | 5 {
139 | $ba = Decrypt ($saveloc + 0x8) 0x20
140 | $bd = Decrypt ($saveloc + 0x28) 0x20
141 | $bc = Decrypt ($saveloc + 0x48) 0x20
142 | $bb = Decrypt ($saveloc + 0x68) 0x20
143 | }
144 | 6 {
145 | $bb = Decrypt ($saveloc + 0x8) 0x20
146 | $ba = Decrypt ($saveloc + 0x28) 0x20
147 | $bc = Decrypt ($saveloc + 0x48) 0x20
148 | $bd = Decrypt ($saveloc + 0x68) 0x20
149 | }
150 | 7 {
151 | $bb = Decrypt ($saveloc + 0x8) 0x20
152 | $ba = Decrypt ($saveloc + 0x28) 0x20
153 | $bd = Decrypt ($saveloc + 0x48) 0x20
154 | $bc = Decrypt ($saveloc + 0x68) 0x20
155 | }
156 | 8 {
157 | $bc = Decrypt ($saveloc + 0x8) 0x20
158 | $ba = Decrypt ($saveloc + 0x28) 0x20
159 | $bb = Decrypt ($saveloc + 0x48) 0x20
160 | $bd = Decrypt ($saveloc + 0x68) 0x20
161 | }
162 | 9 {
163 | $bd = Decrypt ($saveloc + 0x8) 0x20
164 | $ba = Decrypt ($saveloc + 0x28) 0x20
165 | $bb = Decrypt ($saveloc + 0x48) 0x20
166 | $bc = Decrypt ($saveloc + 0x68) 0x20
167 | }
168 | 10 {
169 | $bc = Decrypt ($saveloc + 0x8) 0x20
170 | $ba = Decrypt ($saveloc + 0x28) 0x20
171 | $bd = Decrypt ($saveloc + 0x48) 0x20
172 | $bb = Decrypt ($saveloc + 0x68) 0x20
173 | }
174 | 11 {
175 | $bd = Decrypt ($saveloc + 0x8) 0x20
176 | $ba = Decrypt ($saveloc + 0x28) 0x20
177 | $bc = Decrypt ($saveloc + 0x48) 0x20
178 | $bb = Decrypt ($saveloc + 0x68) 0x20
179 | }
180 | 12 {
181 | $bb = Decrypt ($saveloc + 0x8) 0x20
182 | $bc = Decrypt ($saveloc + 0x28) 0x20
183 | $ba = Decrypt ($saveloc + 0x48) 0x20
184 | $bd = Decrypt ($saveloc + 0x68) 0x20
185 | }
186 | 13 {
187 | $bb = Decrypt ($saveloc + 0x8) 0x20
188 | $bd = Decrypt ($saveloc + 0x28) 0x20
189 | $ba = Decrypt ($saveloc + 0x48) 0x20
190 | $bc = Decrypt ($saveloc + 0x68) 0x20
191 | }
192 | 14 {
193 | $bc = Decrypt ($saveloc + 0x8) 0x20
194 | $bb = Decrypt ($saveloc + 0x28) 0x20
195 | $ba = Decrypt ($saveloc + 0x48) 0x20
196 | $bd = Decrypt ($saveloc + 0x68) 0x20
197 | }
198 | 15 {
199 | $bd = Decrypt ($saveloc + 0x8) 0x20
200 | $bb = Decrypt ($saveloc + 0x28) 0x20
201 | $ba = Decrypt ($saveloc + 0x48) 0x20
202 | $bc = Decrypt ($saveloc + 0x68) 0x20
203 | }
204 | 16 {
205 | $bc = Decrypt ($saveloc + 0x8) 0x20
206 | $bd = Decrypt ($saveloc + 0x28) 0x20
207 | $ba = Decrypt ($saveloc + 0x48) 0x20
208 | $bb = Decrypt ($saveloc + 0x68) 0x20
209 | }
210 | 17 {
211 | $bd = Decrypt ($saveloc + 0x8) 0x20
212 | $bc = Decrypt ($saveloc + 0x28) 0x20
213 | $ba = Decrypt ($saveloc + 0x48) 0x20
214 | $bb = Decrypt ($saveloc + 0x68) 0x20
215 | }
216 | 18 {
217 | $bb = Decrypt ($saveloc + 0x8) 0x20
218 | $bc = Decrypt ($saveloc + 0x28) 0x20
219 | $bd = Decrypt ($saveloc + 0x48) 0x20
220 | $ba = Decrypt ($saveloc + 0x68) 0x20
221 | }
222 | 19 {
223 | $bb = Decrypt ($saveloc + 0x8) 0x20
224 | $bd = Decrypt ($saveloc + 0x28) 0x20
225 | $bc = Decrypt ($saveloc + 0x48) 0x20
226 | $ba = Decrypt ($saveloc + 0x68) 0x20
227 | }
228 | 20 {
229 | $bc = Decrypt ($saveloc + 0x8) 0x20
230 | $bb = Decrypt ($saveloc + 0x28) 0x20
231 | $bd = Decrypt ($saveloc + 0x48) 0x20
232 | $ba = Decrypt ($saveloc + 0x68) 0x20
233 | }
234 | 21 {
235 | $bd = Decrypt ($saveloc + 0x8) 0x20
236 | $bb = Decrypt ($saveloc + 0x28) 0x20
237 | $bc = Decrypt ($saveloc + 0x48) 0x20
238 | $ba = Decrypt ($saveloc + 0x68) 0x20
239 | }
240 | 22 {
241 | $bc = Decrypt ($saveloc + 0x8) 0x20
242 | $bd = Decrypt ($saveloc + 0x28) 0x20
243 | $bb = Decrypt ($saveloc + 0x48) 0x20
244 | $ba = Decrypt ($saveloc + 0x68) 0x20
245 | }
246 | 23 {
247 | $bd = Decrypt ($saveloc + 0x8) 0x20
248 | $bc = Decrypt ($saveloc + 0x28) 0x20
249 | $bb = Decrypt ($saveloc + 0x48) 0x20
250 | $ba = Decrypt ($saveloc + 0x68) 0x20
251 | }
252 | }
253 |
254 | $pokedexid = [bitconverter]::ToUInt16($ba,0)
255 | $helditem = [bitconverter]::ToUInt16($ba,2)
256 | $otid = [bitconverter]::ToUInt16($ba,4)
257 | $otsecid = [bitconverter]::ToUInt16($ba,6)
258 | $xp = [bitconverter]::ToUInt32($ba,0x8)
259 | $friendship = $ba[0xa]
260 | $ability = $ba[0xb]
261 |
262 | $hpe = $ba[0x10]
263 |
264 | $global:seed = $pv
265 | $bs = Decrypt ($saveloc + 0x88) 0x64
266 |
267 | $level = $bs[0x4]
268 | $currhp = [bitconverter]::ToUInt16($bs,6)
269 | $maxhp = [bitconverter]::ToUInt16($bs,8)
270 | $atk = [bitconverter]::ToUInt16($bs,0xa)
271 | $def = [bitconverter]::ToUInt16($bs,0xc)
272 | $spd = [bitconverter]::ToUInt16($bs,0xe)
273 | $satk = [bitconverter]::ToUInt16($bs,0xc)
274 | $sdef = [bitconverter]::ToUInt16($bs,0xe)
--------------------------------------------------------------------------------
/Memlocs/GoW-Steam-1.0.441.9126.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 11
6 | "Log"
7 | 0
8 | String
9 | 256
10 | 0
11 | 0
12 | 1
13 | [GoW.exe+4F23B08]+3100+[[GoW.exe+4F23B08]+b104]*100
14 |
15 |
16 | 8
17 | "!IsDeathAllowed"
18 | 0
19 | Byte
20 | GoW.exe+2741c5a
21 |
22 |
23 | 7
24 | "Difficulty"
25 | 0
26 | Byte
27 | GoW.exe+1069094
28 |
29 |
30 | 0
31 | "GamePause"
32 | 0
33 | Byte
34 | GoW.exe+2256e59
35 |
36 |
37 | 3
38 | "goPlayer"
39 | 1
40 | 0
41 | 8 Bytes
42 | GoW.exe+2257238
43 |
44 | 0
45 |
46 |
47 |
48 | 4
49 | "Kratos_goSoldier"
50 | 1
51 | 0
52 | 8 Bytes
53 | GoW.exe+2257238
54 |
55 | 0
56 | 8
57 |
58 |
59 |
60 | 5
61 | "Size"
62 | 0
63 | Float
64 | GoW.exe+2257238
65 |
66 | a8
67 | 8
68 |
69 |
70 |
71 | 6
72 | "Current HP"
73 | 0
74 | Float
75 | GoW.exe+2257238
76 |
77 | 388
78 | 8
79 |
80 |
81 |
82 | 17
83 | "Rage"
84 | 0
85 | Float
86 | GoW.exe+2257238
87 |
88 | 3e8
89 | 8
90 |
91 |
92 |
93 |
94 |
95 | 12
96 | "Atreus_goGameObject"
97 | 1
98 | 0
99 | 8 Bytes
100 | GoW.exe+11adc00
101 |
102 | 0
103 |
104 |
105 |
106 | 13
107 | "Size"
108 | 0
109 | Float
110 | GoW.exe+11adc00
111 |
112 | a8
113 | 220
114 |
115 |
116 |
117 | 14
118 | "Current HP"
119 | 0
120 | Float
121 | GoW.exe+11adc00
122 |
123 | 388
124 | 220
125 |
126 |
127 |
128 | 18
129 | "Rage"
130 | 0
131 | Float
132 | GoW.exe+11adc00
133 |
134 | 3e8
135 | 220
136 |
137 |
138 |
139 |
140 |
141 | 10
142 | "-------------"
143 | 1
144 |
145 |
146 | 20
147 | "CineSkipEnabled"
148 | 0
149 | Byte
150 | GoW.exe+2256e3c
151 |
152 |
153 | 25
154 | "DisableIncomingDamage(notworking)"
155 | 0
156 | Byte
157 | GoW.exe+2741c5e
158 |
159 |
160 | 22
161 | "IsPlatinum"
162 | 0
163 | Byte
164 | GoW.exe+75e2f5
165 |
166 |
167 | 21
168 | "NewGamePlusAvailable"
169 | 0
170 | Byte
171 | GoW.exe+2256e33
172 |
173 |
174 | 15
175 | "EVT_COMPASS_TOGGLE_CHEAT"
176 | Auto Assembler Script
177 | [ENABLE]
178 | alloc(code, 0x1000)
179 | CreateThread(code)
180 |
181 | code:
182 | sub rsp, 0x28
183 |
184 | mov rcx, GoW.exe+76BE70
185 | mov rcx, [rcx]
186 | call GoW.exe+76BE70
187 |
188 | add rsp, 0x28
189 | ret
190 |
191 | [DISABLE]
192 | dealloc(code)
193 |
194 |
195 |
196 | 16
197 | "SetDifficulty"
198 | Auto Assembler Script
199 | [ENABLE]
200 | alloc(code, 0x1000)
201 | CreateThread(code)
202 |
203 | code:
204 | sub rsp, 0x28
205 |
206 | mov rcx, 0
207 | call GoW.exe+6cc490
208 |
209 | add rsp, 0x28
210 | ret
211 |
212 | [DISABLE]
213 | dealloc(code)
214 |
215 |
216 |
217 | 24
218 | "test0"
219 | Auto Assembler Script
220 | [ENABLE]
221 | alloc(code, 0x1000)
222 | CreateThread(code)
223 |
224 | code:
225 | sub rsp, 0x28
226 |
227 | mov rax, GoW.exe
228 | mov rax, [rax+122ab68]
229 | mov rax, [rax+4cb8] //goheroa00
230 | mov rcx, [rax+58]
231 | call GoW.exe+6f7180
232 |
233 | add rsp, 0x28
234 | ret
235 |
236 | [DISABLE]
237 | dealloc(code)
238 |
239 |
240 |
241 | 19
242 | "test"
243 | Auto Assembler Script
244 | [ENABLE]
245 |
246 | alloc(lua, 0x1000)
247 | alloc(script, 0x10000)
248 | alloc(szNull, 0x1000)
249 | registersymbol(script)
250 | registersymbol(szNull)
251 | label(strlen)
252 |
253 |
254 | szNull:
255 | db 90
256 | align 10 CC
257 |
258 | script:
259 | db 'print("test4321")',0
260 |
261 |
262 |
263 | registersymbol(lua)
264 | lua:
265 |
266 |
267 | sub rsp, 100
268 |
269 |
270 | mov [rsp+8],rbx
271 | push rdi
272 | sub rsp,30
273 |
274 | mov rbx,script
275 | mov rax, GoW.exe
276 | mov rax, [rax+122ab68]
277 | mov rax, [rax+4cb8] //goheroa00
278 | mov rax, [rax+58]
279 |
280 | mov rdi,rax
281 | mov r8,-1
282 |
283 | strlen:
284 | inc r8
285 | cmp byte ptr [rbx+r8],0
286 | jne short strlen
287 |
288 |
289 | mov qword ptr [rsp+20],0
290 | mov r9,szNull
291 | mov rdx,rbx
292 | mov rcx,rdi
293 |
294 | call GoW.exe+9da730 //LUA_loadbufferx
295 |
296 | mov qword ptr [rsp+28],0
297 | mov qword ptr [rsp+20],0
298 | xor r9d,r9d
299 | lea r8d,[rax-1]
300 | xor edx,edx
301 | mov rcx,rdi
302 |
303 | call GoW.exe+9d6f80 //LUA_pcallk
304 |
305 | mov al,1
306 | mov rbx,[rsp+40]
307 | add rsp,30
308 | pop rdi
309 |
310 | add rsp,100
311 | ret
312 |
313 | [DISABLE]
314 |
315 | dealloc(lua)
316 | dealloc(script)
317 | unregistersymbol(script)
318 | unregistersymbol(szNull)
319 |
320 |
321 |
322 | 23
323 | "test2"
324 | Auto Assembler Script
325 | [ENABLE]
326 | CreateThread(lua)
327 |
328 | [DISABLE]
329 |
330 |
331 |
332 |
333 |
334 |
335 |
--------------------------------------------------------------------------------
/Memlocs/StateOfDecay2-ObjectDump.txt:
--------------------------------------------------------------------------------
1 | $procname = "StateOfDecay2-Win64-Shipping"
2 | $bigendian = $false
3 |
4 | [console]::CursorVisible = $false
5 | $Host.UI.RawUI.BackgroundColor = 'Black'
6 | $Host.UI.RawUI.ForegroundColor = 'Green'
7 |
8 | Function RBytes
9 | {
10 | Param (
11 | $addr,
12 | $sizetoread
13 | )
14 | $pos = $addr
15 | [Byte[]] $buff = New-Object Byte[]($sizetoread)
16 | $read = $rpm::ReadProcessMemory($proc,$pos,$buff,$buff.length,$null);
17 | $buff
18 | }
19 | Function RAsciiStr
20 | {
21 | Param (
22 | $addr
23 | )
24 | ([System.Text.Encoding]::ASCII.GetString($(RBytes $addr 0x200))).Split([char]0)[0]
25 | }
26 | Function RUnicodeStr {
27 | Param (
28 | $addr
29 | )
30 | ([System.Text.Encoding]::Unicode.GetString($(RBytes $addr 0x200))).Split([char]0)[0]
31 | }
32 | Function ReadAndConvert {
33 | Param (
34 | [IntPtr]$addr,
35 | [int]$byteCount,
36 | [string]$convertType
37 | )
38 | $buff = RBytes $addr $byteCount
39 | if ($bigendian -eq $true) {
40 | [Array]::Reverse($buff)
41 | }
42 |
43 | switch ($convertType) {
44 | "Int16" { return [BitConverter]::ToInt16($buff, 0) }
45 | "Int32" { return [BitConverter]::ToInt32($buff, 0) }
46 | "Int64" { return [BitConverter]::ToInt64($buff, 0) }
47 | "UInt8" { return $buff[0] }
48 | "UInt16" { return [BitConverter]::ToUInt16($buff, 0) }
49 | "UInt32" { return [BitConverter]::ToUInt32($buff, 0) }
50 | "UInt64" { return [BitConverter]::ToUInt64($buff, 0) }
51 | "Single" { return [BitConverter]::ToSingle($buff, 0) }
52 | default { throw "Unknown conversion type $convertType" }
53 | }
54 | }
55 | Function RInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "Int16" }
56 | Function RInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Int32" }
57 | Function RInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "Int64" }
58 | Function RUInt8 { Param ([IntPtr]$addr) ReadAndConvert $addr 1 "UInt8" }
59 | Function RUInt16 { Param ([IntPtr]$addr) ReadAndConvert $addr 2 "UInt16" }
60 | Function RUInt32 { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "UInt32" }
61 | Function RUInt64 { Param ([IntPtr]$addr) ReadAndConvert $addr 8 "UInt64" }
62 | Function RSingle { Param ([IntPtr]$addr) ReadAndConvert $addr 4 "Single" }
63 |
64 | Function WBytes {
65 | Param (
66 | [IntPtr]$addr,
67 | [Byte[]]$data
68 | )
69 | $size = $data.Length
70 | $written = 0
71 | $success = $rpm::WriteProcessMemory($proc, $addr, $data, $size, [ref]$written)
72 | if (-not $success -or $written -ne $size) {
73 | throw "Failed to write memory at $addr"
74 | }
75 | }
76 | Function WInt16 { Param ([IntPtr]$addr, [Int16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
77 | Function WInt32 { Param ([IntPtr]$addr, [Int32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
78 | Function WInt64 { Param ([IntPtr]$addr, [Int64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
79 | Function WUInt8 { Param ([IntPtr]$addr, [Byte]$val) WBytes $addr @($val) }
80 | Function WUInt16 { Param ([IntPtr]$addr, [UInt16]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
81 | Function WUInt32 { Param ([IntPtr]$addr, [UInt32]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
82 | Function WUInt64 { Param ([IntPtr]$addr, [UInt64]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
83 | Function WSingle { Param ([IntPtr]$addr, [Single]$val) WBytes $addr ([BitConverter]::GetBytes($val)) }
84 | Function WAsciiStr {
85 | Param (
86 | [IntPtr]$addr,
87 | [string]$str,
88 | [int]$maxLen = 0x50
89 | )
90 | $bytes = [System.Text.Encoding]::ASCII.GetBytes($str)
91 | if ($bytes.Length -ge $maxLen) {
92 | $bytes = $bytes[0..($maxLen-2)]
93 | }
94 | $padded = New-Object Byte[]($maxLen)
95 | [Array]::Copy($bytes, $padded, $bytes.Length)
96 | WBytes $addr $padded
97 | }
98 |
99 | Function WUnicodeStr {
100 | Param (
101 | [IntPtr]$addr,
102 | [string]$str,
103 | [int]$maxLen = 0x50
104 | )
105 | $bytes = [System.Text.Encoding]::Unicode.GetBytes($str)
106 | if ($bytes.Length -ge $maxLen) {
107 | $bytes = $bytes[0..($maxLen-2)]
108 | }
109 | $padded = New-Object Byte[]($maxLen)
110 | [Array]::Copy($bytes, $padded, $bytes.Length)
111 | WBytes $addr $padded
112 | }
113 |
114 | $signature = @"
115 | [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(
116 | uint h,bool b ,uint p);
117 | [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(
118 | IntPtr hp,IntPtr Base,[Out]Byte[] buff,int Size,[Out]int bread);
119 | [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(
120 | IntPtr hp,IntPtr Base,[In]Byte[] buff,int Size,out int bwrite);
121 | [DllImport("kernel32.dll")] public static extern bool VirtualProtectEx(
122 | IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flNewProtect, out uint lpflOldProtect);
123 | "@
124 | $PAGE_EXECUTE_READWRITE = 0x40
125 | $oldProtection = 0
126 |
127 | $rpm = Add-Type -MemberDefinition $signature -Name rpm -PassThru
128 | $access = 0x001F0FFF
129 |
130 | $ba = (get-Process $procname).MainModule.BaseAddress
131 | $procid = (get-Process $procname).ID
132 | $proc = $rpm::OpenProcess($access, $false, $procid)
133 |
134 |
135 |
136 | Function GetNameFromNameOffset {
137 | Param (
138 | [Int32]$offset
139 | )
140 |
141 | [IntPtr]$table = RInt64 ($namesTablePtr)
142 | if ($offset -lt 0x1000) {
143 | $offset = RInt32 ($ba + [Int64]0x44da8e0 + ($offset * 4))
144 | #FIX FOR STEAM
145 | }
146 | $name = RAsciiStr ($table + [Int64]$offset + 8)
147 |
148 | $name
149 | }
150 | Function GetObjFromObjId {
151 | Param (
152 | [Int32]$id
153 | )
154 | [IntPtr]$table = RInt64 ($objTablePtr)
155 | $obj = RInt64 ($table + [Int64](0x18 * $id))
156 | $obj
157 | }
158 |
159 |
160 |
161 |
162 |
163 | class UObject {
164 | [IntPtr]$BaseAddress
165 | UObject([IntPtr]$addr) {
166 | $this.BaseAddress = $addr
167 | }
168 | [int] ObjNum() {
169 | return RInt32 ($this.BaseAddress.ToInt64() + 0xc)
170 | }
171 | [string] ObjName() {
172 | $ptr = RInt64 ([IntPtr]($this.BaseAddress.ToInt64() + 0x10))
173 | $nameId = RInt32($ptr + 0x18)
174 | return GetNameFromNameOffset $nameId
175 | }
176 | [string] Name() {
177 | $nameId = RInt32([IntPtr]($this.BaseAddress.ToInt64() + 0x18))
178 | return GetNameFromNameOffset $nameId
179 | }
180 | }
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 | $verIdent = RInt32 ($ba + [Int64]0xe8)
192 | $ver = "Dunno"
193 | if ($verIdent -eq 0x49274e48) {
194 | $ver = "MS"
195 | $daytonVehicleVtPtr = $ba + [Int64]0x03418E40
196 | $namesTablePtr = $ba + [Int64]0x044DB248
197 | $objTablePtr = $ba + [Int64]0x044E3B30
198 | $worldPtr = $ba + [Int64]0x045D7C88
199 | }
200 | if ($verIdent -eq 0xd54624b7) {
201 | $ver = "Steam"
202 | $daytonVehicleVtPtr = $ba + [Int64]0x034E8930
203 | $namesTablePtr = $ba + [Int64]0x04629DC8
204 | $objTablePtr = $ba + [Int64]0x046326b0
205 | $worldPtr = $ba + [Int64]0x04726808
206 | }
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 | ############################## DUMP OBJECT LIST
228 |
229 | function DumpObjs {
230 | $numobj = RInt32 ($objTablePtr - 0x8)
231 | $ptr = RInt64 $objTablePtr
232 |
233 | for ($i = 1; $i -le $numobj; $i++) {
234 | $ptr = (RInt64 $objTablePtr) + ($i * 0x18)
235 | $obj = [UObject]::New((RInt64($ptr)))
236 |
237 | "{0,6} {1,-18} {2,-18} {3,-20} {4}" -f `
238 | $i, ("0x{0:X}" -f $ptr), ("0x{0:X}" -f $obj.BaseAddress), $obj.ObjName(), $obj.Name()
239 | }
240 | }
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 | ########################## INDIVIDUAL OBJECT PROPERTY DUMPER - INTEGRATE SOMEHOW
253 |
254 |
255 |
256 |
257 |
258 |
259 | function GetProps {
260 | param(
261 | [Parameter(Mandatory = $true)]
262 | [Int64] $MainPtr
263 | )
264 |
265 | $results = @()
266 |
267 | $ptr = RInt64 ($MainPtr + 0x10L)
268 | $size = RInt32 ($ptr + 0x40L)
269 |
270 | $results += ("Size: {0:X}" -f $size)
271 |
272 | while ($ptr -ne 0) {
273 | $nameId = RInt32 ($ptr + 0x18L)
274 | $name = GetNameFromNameOffset $nameId
275 | $bits = RUInt64 ($ptr + 0x30L)
276 |
277 | $classptr = RInt64 ($ptr + 0x10L)
278 | $classnameId = RInt32 ($classptr + 0x18L)
279 | $classname = GetNameFromNameOffset $classnameId
280 | $offset = RUInt32 ($ptr + 0x50L)
281 |
282 | $line = switch ($classname) {
283 | "ArrayProperty" {
284 | $val = RUInt64 ($MainPtr + $offset)
285 | "{0,8:X} {1,-30} {2,30} {3}" -f $offset, $classname, ("0x{0:X16}" -f $val), $name
286 | }
287 | "BoolProperty" {
288 | $val = RUInt8 ($MainPtr + $offset)
289 | "{0,8:X} {1,-30} {2,30:X} {3}" -f $offset, $classname, $val, $name
290 | }
291 | "ByteProperty" {
292 | $val = RUInt8 ($MainPtr + $offset)
293 | "{0,8:X} {1,-30} {2,30:X} {3}" -f $offset, $classname, $val, $name
294 | }
295 | "IntProperty" {
296 | $val = RInt32 ($MainPtr + $offset)
297 | "{0,8:X} {1,-30} {2,30} {3}" -f $offset, $classname, $val, $name
298 | }
299 | "FloatProperty" {
300 | $val = RSingle ($MainPtr + $offset)
301 | "{0,8:X} {1,-30} {2,30:F4} {3}" -f $offset, $classname, $val, $name
302 | }
303 | "NameProperty" {
304 | $val = RUInt64 ($MainPtr + $offset)
305 | $val = GetNameFromNameOffset $val
306 | "{0,8:X} {1,-30} {2,30} {3}" -f $offset, $classname, $val, $name
307 | }
308 | "ObjectProperty" {
309 | $val = RUInt64 ($MainPtr + $offset)
310 | "{0,8:X} {1,-30} {2,30} {3}" -f $offset, $classname, ("0x{0:X16}" -f $val), $name
311 | }
312 | default {
313 | "{0,8:X} {1,-30} {2,30} {3}" -f $offset, $classname, "", $name
314 | }
315 | }
316 |
317 | $results += $line
318 | $ptr = RInt64 ($ptr + 0x58L)
319 | }
320 |
321 | return $results
322 | }
323 |
324 | $mainptr = 0x0002D3817C0L
325 |
326 | GetProps $mainptr
327 |
328 |
329 |
330 |
331 |
332 |
333 |
334 |
335 |
336 |
337 |
338 |
339 |
340 |
341 |
342 |
343 |
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_ModdingTutChanges.txt:
--------------------------------------------------------------------------------
1 | $path = "D:\DesDemo\Emu\dev_hdd0\game\NPUB30910\USRDIR\EBOOT.BIN"
2 | $size = (Get-Item $path).length
3 |
4 | $bigendian = $true
5 |
6 | $ba = [System.IO.File]::ReadAllBytes($path)
7 | ##########################################
8 | Function RBytes
9 | {
10 | Param (
11 | $addr,
12 | $size
13 | )
14 | [byte[]] $rb = [byte[]]::new(4)
15 | [System.Buffer]::BlockCopy($ba, $addr, $rb, 0, $rb.Length)
16 | $rb
17 | }
18 | ##########################################
19 | Function RUInt32
20 | {
21 | Param (
22 | $addr
23 | )
24 | [bitconverter]::ToUInt32($ba,$addr)
25 | }
26 | ##########################################
27 | Function WBytes
28 | {
29 | Param (
30 | $addr,
31 | $wb
32 | )
33 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
34 | }
35 | ##########################################
36 | Function WStrA
37 | {
38 | Param (
39 | $addr,
40 | $str
41 | )
42 | $wb = [System.Text.Encoding]::UTF8.GetBytes($str)
43 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
44 | }
45 | ##########################################
46 | Function WStrU
47 | {
48 | Param (
49 | $addr,
50 | $str
51 | )
52 |
53 | $wb = [System.Text.Encoding]::Unicode.GetBytes($str)
54 | if ($bigendian) {
55 | for ($i = 0; $i -lt $str.Length; $i++)
56 | {
57 | $a = $wb[$i * 2]
58 | $b = $wb[$i * 2 + 1]
59 | $wb[$i * 2 + 1] = $a
60 | $wb[$i * 2] = $b
61 | }
62 | }
63 |
64 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
65 | }
66 | ##########################################
67 | Function WUInt32
68 | {
69 | Param (
70 | $addr,
71 | $val
72 | )
73 | $wb = [bitconverter]::GetBytes($val)
74 | [System.Buffer]::BlockCopy($wb, 0, $ba, $addr, $wb.Length)
75 | }
76 | ##########################################
77 | Function XorBytes
78 | {
79 | Param (
80 | [byte[]] $b1,
81 | [byte[]] $b2
82 | )
83 | [byte[]] $b3 = [byte[]]::new($b1.count)
84 | for($i=0; $i -lt $b1.count ; $i++)
85 | {
86 | $b3[$i] = $b1[$i] -bxor $b2[$i]
87 | }
88 | $b3
89 | }
90 | ##########################################
91 | Function AreArraysEqual($a1, $a2) {
92 | if ($a1 -isnot [array] -or $a2 -isnot [array]) {
93 | throw "Both inputs must be an array"
94 | }
95 | if ($a1.Rank -ne $a2.Rank) {
96 | return $false
97 | }
98 | if ([System.Object]::ReferenceEquals($a1, $a2)) {
99 | return $true
100 | }
101 | for ($r = 0; $r -lt $a1.Rank; $r++) {
102 | if ($a1.GetLength($r) -ne $a2.GetLength($r)) {
103 | return $false
104 | }
105 | }
106 |
107 | $enum1 = $a1.GetEnumerator()
108 | $enum2 = $a2.GetEnumerator()
109 |
110 | while ($enum1.MoveNext() -and $enum2.MoveNext()) {
111 | if ($enum1.Current -ne $enum2.Current) {
112 | return $false
113 | }
114 | }
115 | return $true
116 | }
117 | ##########################################
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 | cls
126 |
127 | [byte[]] $newcode1 = 0x60, 0x00, 0x00, 0x00 #SDAT
128 | [byte[]] $oldcode1 = 0x40, 0x9e, 0x01, 0x20
129 |
130 | [byte[]] $newcode2 = 0x4b, 0xff, 0xfe, 0xe8 #SDAT
131 | [byte[]] $oldcode2 = 0x41, 0x9e, 0xfe, 0xe8
132 |
133 |
134 | [byte[]] $newcode3 = 0x60, 0x00, 0x00, 0x00 #DCX
135 | [byte[]] $oldcode3 = 0x40, 0x9e, 0x00, 0xcc
136 |
137 | #----------------------------
138 | #dbgA hooks to call RInt
139 | $dbgAloc = 0x4392f0 -0xF700
140 | [byte[]] $dbgAhook = 0x49, 0x70, 0xd4, 0xc2, 0x60, 0x00, 0x00, 0x00
141 | [byte[]] $dbgAorig = 0x38, 0x60, 0xff, 0xff, 0x4e, 0x80, 0x00, 0x20
142 |
143 | #rename GetDbgRandomA to RInt
144 | $dbgAorigNameULoc = 0x16e0fe0 - 0xF700
145 | [byte[]] $dbgAnewNameU = 0x00, 0x52, 0x00, 0x49, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x00, 0x00
146 | [byte[]] $dbgAorigNameU = 0x00, 0x47, 0x00, 0x65, 0x00, 0x74, 0x00, 0x44, 0x00, 0x62, 0x00
147 | $dbgAorigNameALoc = 0x16e3aa0 - 0xF700
148 | [byte[]] $dbgAnewNameA = 0x52, 0x49, 0x6e, 0x74, 0x00
149 | [byte[]] $dbgAorigNameA = 0x47, 0x65, 0x74, 0x44, 0x62
150 |
151 | $RIntLoc = 0x170d4c0 - 0xF700
152 | [byte[]] $RIntCode = 0x3c, 0x60, 0x01, 0xb4, 0x60, 0x63, 0x9c, 0x38, 0x80, 0x63, 0x00, 0x00, 0x80, 0x63, 0x00, 0x00, 0x4e, 0x80, 0x00, 0x20, 0x60, 0x00, 0x00, 0x00
153 | [byte[]] $RIntOrig = 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
154 | #-------------------------------------------
155 | #$dbgB hooks to call WInt
156 | $dbgBloc = 0x4392f8 - 0xF700
157 | [byte[]] $dbgBhook = 0x49, 0x70, 0xd5, 0x02, 0x60, 0x00, 0x00, 0x00
158 | [byte[]] $dbgBorig = 0x38, 0x60, 0xff, 0xff, 0x4e, 0x80, 0x00, 0x20
159 |
160 | $dbgBorigNameULoc = 0x16e1000 - 0xF700
161 | [byte[]] $dbgBnewNameU = 0x00, 0x57, 0x00, 0x49, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x00, 0x00
162 | [byte[]] $dbgBorigNameU = 0x00, 0x47, 0x00, 0x65, 0x00, 0x74, 0x00, 0x44, 0x00, 0x62, 0x00
163 | $dbgBorigNameALoc = 0x16e3ab0 - 0xF700
164 | [byte[]] $dbgBnewNameA = 0x57, 0x49, 0x6e, 0x74, 0x00
165 | [byte[]] $dbgBorigNameA = 0x47, 0x65, 0x74, 0x44, 0x62
166 |
167 | $WIntLoc = 0x170d500 - 0xF700
168 | [byte[]] $WIntCode = 0x3c, 0x60, 0x01, 0xb4, 0x60, 0x63, 0x9c, 0x38, 0x80, 0x63, 0x00, 0x00, 0x3c, 0x80, 0x01, 0xb4, 0x60, 0x84, 0x9c, 0x3c, 0x80, 0x84, 0x00, 0x00, 0x90, 0x83, 0x00, 0x00, 0x4e, 0x80, 0x00, 0x20, 0x60, 0x00, 0x00, 0x00
169 | [byte[]] $WIntOrig = 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
170 | #-------------------------------------------
171 | #$ShowRankingDialog hooks to call SLoc
172 | $srdLoc = 0x0043e740 - 0xF700
173 | [byte[]] $srdHook = 0x49, 0x70, 0xd5, 0x42, 0x60, 0x00, 0x00, 0x00
174 | [byte[]] $srdOrig = 0x7c, 0x83, 0x23, 0x78, 0x7c, 0x08, 0x02, 0xa6
175 |
176 | $srdOrigNameULoc = 0x016dfd08 - 0xF700
177 | [byte[]] $srdNewNameU = 0x00, 0x53, 0x00, 0x4c, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x00, 0x00
178 | [byte[]] $srdOrigNameU = 0x00, 0x53, 0x00, 0x68, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x52, 0x00
179 | $srdOrigNameALoc = 0x016e3038 - 0xF700
180 | [byte[]] $srdNewNameA = 0x53, 0x4c, 0x6f, 0x63, 0x00
181 | [byte[]] $srdOrigNameA = 0x53, 0x68, 0x6f, 0x77, 0x52
182 |
183 | $SLocLoc = 0x170d540 - 0xF700
184 | [byte[]] $SLocCode = 0x3c, 0x60, 0x01, 0xb4, 0x60, 0x63, 0x9c, 0x38, 0x90, 0x83, 0x00, 0x00, 0x4e, 0x80, 0x00, 0x20, 0x60, 0x00, 0x00, 0x00
185 | [byte[]] $SLocOrig = 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
186 | #-------------------------------------------
187 | #$ShowRankingDataModel hooks to call SVal
188 | $srdmLoc = 0x00444598 - 0xF700
189 | [byte[]] $srdmHook = 0x49, 0x70, 0xd5, 0x82, 0x60, 0x00, 0x00, 0x00
190 | [byte[]] $srdmOrig = 0xf8, 0x21, 0xff, 0x81, 0x7c, 0x08, 0x02, 0xa6
191 |
192 | $srdmOrigNameULoc = 0x016dfd58 - 0xF700
193 | [byte[]] $srdmNewNameU = 0x00, 0x53, 0x00, 0x56, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x00, 0x00
194 | [byte[]] $srdmOrigNameU = 0x00, 0x53, 0x00, 0x68, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x52, 0x00
195 | $srdmOrigNameALoc = 0x016e3068 - 0xF700
196 | [byte[]] $srdmNewNameA = 0x53, 0x56, 0x61, 0x6c, 0x00
197 | [byte[]] $srdmOrigNameA = 0x53, 0x68, 0x6f, 0x77, 0x52
198 |
199 | $SValLoc = 0x170d580 - 0xF700
200 | [byte[]] $SValCode = 0x3c, 0x60, 0x01, 0xb4, 0x60, 0x63, 0x9c, 0x3c, 0x90, 0x83, 0x00, 0x00, 0x4e, 0x80, 0x00, 0x20, 0x60, 0x00, 0x00, 0x00
201 | [byte[]] $SValOrig = 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
202 | #-------------------------------------------
203 | #GetSummonBlackResult hooks to call GetChrInsFrom Id
204 | $gsblNameULoc = 0x16dfaf0 - 0xF700
205 | $gsblNameALoc = 0x16e2f10 - 0xF700
206 | $gsblCodeLoc = 0x4128c0 - 0xF700
207 |
208 | [byte[]] $gsblCode = 0x3c, 0x60, 0x01, 0xb4, 0x60, 0x63, 0x9c, 0x3c, 0x80, 0x83, 0x00, 0x00, 0x3c, 0x60, 0x01, 0xb3, 0x60, 0x63, 0xd6, 0xe0, 0x80, 0x63, 0x00, 0x00, 0x48, 0x29, 0x6b, 0xba
209 | [byte[]] $gsblOrig = 0xf8, 0x21, 0xff, 0x81, 0x7c, 0x08, 0x02, 0xa6, 0xf8, 0x01, 0x00, 0x90, 0x80, 0x63, 0x00, 0x14, 0x38, 0x00, 0xff, 0xff, 0x2f, 0x83, 0x00, 0x00, 0x78, 0x63, 0x00, 0x20
210 | #-------------------------------------------
211 | $dbgMenuCodeLoc = 0x16f444 - 0xf700
212 | [byte[]] $dbgMenuCode = 0x4b, 0xfe, 0xd4, 0x35
213 | [byte[]] $dbgMenuOrig = 0x48, 0x01, 0xc3, 0x8d
214 | #-------------------------------------------
215 |
216 |
217 |
218 |
219 |
220 |
221 | cls
222 | if ($size -eq 9602848) {
223 | "EBOOT.BIN size too small, decrypt and decompress before running this script."
224 | } else {
225 | if ((RUint32 (0x66af08 - 0xF700)) -eq [UInt32]"0x20019e40") {
226 | "Original bytes found, patching in new code."
227 | WBytes (0x66af08 -0xF700) $newcode1
228 | WBytes (0x66b024 -0xF700) $newcode2
229 | WBytes (0x66aefc -0xF700) $newcode3
230 |
231 | WBytes $dbgAorigNameULoc $dbgANewNameU
232 | WBytes $dbgAorigNameALoc $dbgANewNameA
233 | WBytes $dbgAloc $dbgAhook
234 | WBytes $RIntLoc $RIntCode
235 |
236 | WBytes $dbgBorigNameULoc $dbgBNewNameU
237 | WBytes $dbgBorigNameALoc $dbgBNewNameA
238 | WBytes $dbgBloc $dbgBhook
239 | WBytes $WIntLoc $WIntCode
240 |
241 | WBytes $srdOrigNameULoc $srdNewNameU
242 | WBytes $srdOrigNameALoc $srdNewNameA
243 | WBytes $srdLoc $srdHook
244 | WBytes $SLocLoc $SLocCode
245 |
246 | WBytes $srdmOrigNameULoc $srdmNewNameU
247 | WBytes $srdmOrigNameALoc $srdmNewNameA
248 | WBytes $srdmLoc $srdmHook
249 | WBytes $SValLoc $SValCode
250 |
251 | WStrU $gsblNameULoc ("GetChrFromId" + [char]$null)
252 | WStrA $gsblNameALoc ("GetChrFromId" + [char]$null)
253 | WBytes $gsblCodeLoc $gsblCode
254 |
255 | WBytes $dbgMenuCodeLoc $dbgMenuCode
256 |
257 | [System.IO.File]::WriteAllBytes($path, $ba)
258 | "Bytes written successfully"
259 | ""
260 | pause
261 | } else {
262 | if ((RUint32 (0x66af08 - 0xF700)) -eq [UInt32]"0x00000060") {
263 | "Patched bytes found, restoring original code."
264 | WBytes (0x66af08 -0xF700) $oldcode1
265 | WBytes (0x66b024 -0xF700) $oldcode2
266 | WBytes (0x66aefc -0xF700) $oldcode3
267 |
268 | WBytes $dbgAorigNameULoc $dbgAOrigNameU
269 | WBytes $dbgAorigNameALoc $dbgAOrigNameA
270 | WBytes $dbgAloc $dbgAorig
271 | WBytes $RIntLoc $RIntOrig
272 |
273 | WBytes $dbgBorigNameULoc $dbgBOrigNameU
274 | WBytes $dbgBorigNameALoc $dbgBOrigNameA
275 | WBytes $dbgBloc $dbgBorig
276 | WBytes $WIntLoc $WIntOrig
277 |
278 | WBytes $srdOrigNameULoc $srdOrigNameU
279 | WBytes $srdOrigNameALoc $srdOrigNameA
280 | WBytes $srdLoc $srdOrig
281 | WBytes $SLocLoc $SLocOrig
282 |
283 | WBytes $srdmOrigNameULoc $srdmOrigNameU
284 | WBytes $srdmOrigNameALoc $srdmOrigNameA
285 | WBytes $srdmLoc $srdmOrig
286 | WBytes $SValLoc $SValOrig
287 |
288 | WStrU $gsblNameULoc ("GetSummonBlackResult" + [char]$null)
289 | WStrA $gsblNameALoc ("GetSummonBlackResult" + [char]$null)
290 | WBytes $gsblCodeLoc $gsblOrig
291 |
292 | WBytes $dbgMenuCodeLoc $dbgMenuOrig
293 |
294 | [System.IO.File]::WriteAllBytes($path, $ba)
295 | "Bytes written successfully"
296 | ""
297 | pause
298 | } else {
299 | "Unrecognized bytes found hook at location, no changes made."
300 | "Has EBOOT.BIN been resigned as NONDRM?"
301 | ""
302 | pause
303 | }
304 | }
305 | }
--------------------------------------------------------------------------------
/Memlocs/DeS-PS3-BLUS30443_100_ModdingTutorialScript_Part5_m08_00_00_00.txt:
--------------------------------------------------------------------------------
1 | function Initialize_m08_00_00_00(proxy)
2 |
3 |
4 | -- New Stuff in Initialize function for Modding Tutorial, Part 5 --
5 | --Set up lever actions, for objects 1000 and 1009
6 | proxy:OnDistanceAction( 0, LOCAL_PLAYER, 1000, "LeverSummon_Pull", LeverDist_A, HELPID_PULL_LEVER, 0, LeverAngle_A, everytime);
7 | proxy:OnDistanceAction( 0, LOCAL_PLAYER, 1009, "LeverFire_Pull", LeverDist_A, HELPID_PULL_LEVER, 0, LeverAngle_A, everytime);
8 |
9 | --Set Game Options, Brightness and Show HUD
10 | --Just to show that we can
11 | --These custom functions are shown below
12 | SetBrightness(proxy, 10);
13 | ShowHud(proxy, 1);
14 |
15 | --Initialize dragon settings
16 | --EventFlag 9110 will be used in our lever functions to determine if he should be visible or hidden
17 | proxy:SetEventFlag( 9110 , false );
18 | --EnableLogic is false, so he won't think for himself
19 | proxy:EnableLogic( 110 , false );
20 | --SuperArmor is true, so he won't stagger if hit
21 | proxy:SetSuperArmor( 110 , true );
22 | --Draw and Coli are disabled so he's hidden, and won't block anybody moving through him
23 | proxy:SetDrawEnable( 110, false );
24 | proxy:SetColiEnable( 110, false );
25 | -- End of new stuff in Initialize function for Modding Tutorial, Part 5 --
26 |
27 |
28 |
29 |
30 | -- Commands from previous modding tutorials --
31 | --Our old warp
32 | proxy:OnRegionJustIn( 99100, 10000, 100, "OnEvent_99100", everytime );
33 |
34 | --Call a function when our barrel breaks
35 | proxy:OnObjectDestroy(8000,2010,"OnEvent_8000",once);
36 |
37 | --To ensure our Talker character is loaded and visible
38 | proxy:SetAlwayEnableBackread_forEvent( 700 , true );
39 |
40 | --Set up region triggers and prepare Talk
41 | proxy:OnRegionJustIn( 7000 , 10000 , 70 , "OnEvent_7000_In",everytime);
42 | proxy:OnRegionJustOut( 7000 , 10000 , 70 , "OnEvent_7000_Out",everytime);
43 | proxy:RegistSimpleTalk( 7000 , 700 , 47500 , TALK_ATTR_ALL-TALK_ATTR_VOICE);
44 | -- End of commands from previous modding tutorials --
45 | --
46 | end
47 | -------------------------------------------------------------------------------------------------------
48 | -------------------------------------------------------------------------------------------------------
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 | -------------------------------------------------------------------------------------------------------
58 | -------------------------------------------------------------------------------------------------------
59 | -- New functions for Modding Tutorial Part 5 --
60 | --This is called immediately when the X button is pressed
61 | function LeverSummon_Pull(proxy,param)
62 | --Call the function SummonDragon in 3 seconds, to give the pull animation time to end
63 | proxy:OnKeyTime2( 0, "SummonDragon", 3.0, 0, 1, once);
64 | --Warp us to the region we created at the lever, so that we're the right distance and facing
65 | --Otherwise our pull animation would likely grab air to either side of the lever
66 | proxy:Warp( 10000, 1010 );
67 | --Start the lever pull animation (8000) on us (10000)
68 | proxy:PlayAnimation( 10000, 8000 );
69 | --Start the lever's (1000) being-pulled animation (1)
70 | proxy:PlayAnimation( 1000, 1 );
71 | end
72 | --This is called 3 seconds after the above, thanks to the OnKeyTime2 call
73 | function SummonDragon(proxy, param)
74 | --Check the "Is the dragon summoned" event flag that we arbitrarily decided was 9110
75 | --If false (not summoned) then make him visible and collideable, and set the flag true
76 | if proxy:IsCompleteEvent( 9110 ) == false then
77 | proxy:SetDrawEnable( 110, true );
78 | proxy:SetColiEnable( 110, true );
79 | proxy:SetEventFlag( 9110 , true );
80 | else
81 | --If 9110 is true, then we're turning the dragon off here, and setting the flag appropriately
82 | proxy:SetDrawEnable( 110, false );
83 | proxy:SetColiEnable( 110, false );
84 | proxy:SetEventFlag( 9110 , false );
85 | end
86 | --Either way, warp him to the summon spot
87 | --We just won't see/touch him, depending on the above
88 | proxy:Warp( 110, 1001 );
89 | --Set his animation to -1 so that he doesn't immediately fly away, depending on what he was doing
90 | proxy:PlayLoopAnimation( 110, -1 );
91 | end
92 |
93 | --This is called immediately when the X button is pressed
94 | function LeverFire_Pull(proxy,param)
95 | --Call the function BreatheFire in 3 seconds
96 | proxy:OnKeyTime2( 0, "BreatheFire", 3.0, 0, 1, once);
97 | --Warp us to the lever region
98 | proxy:Warp( 10000, 1019 );
99 | --Play the pulling animation for us and the lever
100 | proxy:PlayAnimation( 10000, 8000 );
101 | proxy:PlayAnimation( 1009, 1 );
102 | end
103 | --This is called 3 seconds after the above, thanks to the OnKeyTime2 call
104 | function BreatheFire(proxy, param)
105 | --We want him visible and touchable for his attack run, regardless of the flag
106 | proxy:SetDrawEnable( 110, true );
107 | proxy:SetColiEnable( 110, true );
108 | --Bring him to the Region we specified for him to start his attack run from
109 | proxy:Warp( 110, 1119 );
110 | --Wait 0.1 seconds before calling the next function, to avoid any weird race conditions
111 | -- between the warp and the animation start
112 | proxy:OnKeyTime2( 0, "BreatheFire_StartAnim", 0.1, 0, 1, once);
113 | end
114 | --This is called 0.1 seconds after the above
115 | function BreatheFire_StartAnim(proxy, param)
116 | --Prevent the player from moving / running away
117 | proxy:DisableMove( 10000, 1 );
118 | --Force the attack run animation, regardless of other animations in progress
119 | proxy:ForcePlayAnimationStayCancel( 110 , 7007 );
120 |
121 | --Custom function (below), set SVal to the dragon's event ID
122 | proxy:SVal( 110 );
123 | --Custom function (below), get the character's pointer in memory from the ID we just set with SVal
124 | drg = proxy:GetChrFromId();
125 |
126 | --Get the game's WorldChrMan pointer in memory
127 | wcm = GetWorldChrMan(proxy);
128 | --Get the memory address of the character pointer that the game is currently pointing the camera at
129 | wcm = wcm + 516;
130 |
131 | --Custom function (below), write the dragon's memorypointer to the above address
132 | --The camera will stop following us, and now follow the dragon
133 | WInt(proxy, wcm, drg);
134 | --Custom function (below), Turn off the HUD, for cinematic effect
135 | ShowHud(proxy, 0);
136 |
137 | --When the dragon finishes his attack run, call the BreatheFire_End function
138 | proxy:OnChrAnimEnd( 800 , 110 , 7007 , "BreatheFire_End" , once );
139 | end
140 | --This is called when the dragon finishes animation 7007, thanks to the OnChrAnimEnd call above
141 | function BreatheFire_End(proxy, param)
142 | --The character can move once again
143 | proxy:DisableMove( 10000, 0 );
144 |
145 | --Like above, find the memory address of the camera's focus, this time write 0 to it
146 | -- The camera will point at us by default if nothing is specified there
147 | wcm = GetWorldChrMan(proxy);
148 | wcm = wcm + 516;
149 | WInt(proxy, wcm, 0);
150 |
151 | --Turn the HUD back on
152 | ShowHud(proxy, 1);
153 |
154 | --If the dragon has been summoned, ensure he's visible
155 | if proxy:IsCompleteEvent( 9110 ) == true then
156 | proxy:SetDrawEnable( 110, true );
157 | proxy:SetColiEnable( 110, true );
158 | --If the dragon was hidden, re-hide him
159 | else
160 | proxy:SetDrawEnable( 110, false );
161 | proxy:SetColiEnable( 110, false );
162 | end
163 |
164 | --Warp him back and reset his animation regardless
165 | proxy:Warp( 110, 1001 );
166 | proxy:PlayLoopAnimation( 110, -1 );
167 | end
168 |
169 |
170 | --This function will read game memory directly at the address specified
171 | function RInt(proxy, loc)
172 | proxy:SLoc(loc);
173 | val = proxy:RInt();
174 | return val;
175 | end
176 | --This function will write game memory directly at the address specified
177 | --** You can easily crash the game if this function is used carelessly **--
178 | function WInt(proxy, loc, val)
179 | proxy:SLoc(loc);
180 | proxy:SVal(val);
181 | proxy:WInt();
182 | return;
183 | end
184 |
185 | --This function gets the memory address of the game's Character Manager object
186 | function GetWorldChrMan(proxy)
187 | wcmptr = 28563168;
188 | wcm = RInt(proxy, wcmptr);
189 | return wcm;
190 | end
191 | --This function gets the memory address of the GameData Manager object
192 | --This object handles lots of things, but we use it to access the HUD and Brightness options
193 | function GetGameDataMan(proxy)
194 | gdmptr = 28635036;
195 | gdm = RInt(proxy, gdmptr);
196 | return gdm;
197 | end
198 | --Turn the HUD on or off
199 | --This function is so long because RInt returns a 4 byte integer value, and
200 | -- The HUD value is only a single byte in that value
201 | function ShowHud(proxy, val)
202 | gdm = GetGameDataMan(proxy);
203 | opt = RInt(proxy, gdm + 40);
204 | optval = RInt(proxy, gdm + 40);
205 |
206 | if optval > 16777215 then
207 | subs = 16777216;
208 | optval = optval - 16777216;
209 | else
210 | subs = 0;
211 | end
212 | if optval > 65535 then
213 | hud = 65536;
214 | optval = optval - 65536;
215 | else
216 | hud = 0;
217 | end
218 | if optval > 255 then
219 | clr = 256;
220 | optval = optval - 256;
221 | else
222 | clr = 0;
223 | end
224 | if optval == 1 then
225 | cud = 1;
226 | optval = 0;
227 | else
228 | cud = 0;
229 | end
230 |
231 | clr = 256;
232 | cud = 1;
233 |
234 | optval = subs + (65536 * val) + clr + cud;
235 | WInt(proxy, opt + 40, optval);
236 | end
237 | --Set the game's brightness value directly
238 | function SetBrightness(proxy, val)
239 | gdm = GetGameDataMan(proxy);
240 | opt = RInt(proxy, gdm + 40);
241 | WInt(proxy, opt + 16, val);
242 | end
243 | -- End of new functions for Modding Tutorial, Part 5 --
244 | -------------------------------------------------------------------------------------------------------
245 | -------------------------------------------------------------------------------------------------------
246 |
247 |
248 |
249 |
250 |
251 | -------------------------------------------------------------------------------------------------------
252 | -------------------------------------------------------------------------------------------------------
253 | -- Functions from previous modding tutorials --
254 | --Functions that trigger when we enter/leave the Talk Region
255 | function OnEvent_7000_In(proxy,param)
256 | proxy:PlayLoopAnimation( 700 , 8110 );
257 | proxy:TalkNextPage( 7000 );
258 | end
259 | function OnEvent_7000_Out(proxy,param)
260 | proxy:StopLoopAnimation( 700 );
261 | proxy:CloseTalk( 7000 );
262 | end
263 |
264 | --Warps us to the ball when we hit the barrel
265 | function OnEvent_8000(proxy,param)
266 | proxy:WarpDmy( 10000, 2020, 1 );
267 | end
268 |
269 | --Our old warp
270 | function OnEvent_99100(proxy)
271 | proxy:Warp( 10000, 101 );
272 | print("Event_99100 end");
273 | end
274 | -- End of functions from previous modding tutorials --
275 | -------------------------------------------------------------------------------------------------------
276 | -------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
/Memlocs/Dishonored2-UWP-1.77.9.0.CT:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 0
6 | "Cam xPos"
7 |
8 | 0
9 | Float
10 | Dishonored2_x64ShippingRetail.exe+51f57d4
11 |
12 |
13 | 1
14 | "Cam yPos"
15 |
16 | 0
17 | Float
18 | Dishonored2_x64ShippingRetail.exe+51f57d8
19 |
20 |
21 | 2
22 | "Cam zPos"
23 |
24 | 0
25 | Float
26 | Dishonored2_x64ShippingRetail.exe+51f57dc
27 |
28 |
29 | 11
30 | "Player xPos"
31 |
32 | 0
33 | Float
34 | "Dishonored2_x64ShippingRetail.exe"+048A3318
35 |
36 | 78
37 | 330
38 | 10
39 |
40 |
41 |
42 | 13
43 | "Player yPos"
44 |
45 | 0
46 | Float
47 | "Dishonored2_x64ShippingRetail.exe"+048A3318
48 |
49 | 7c
50 | 330
51 | 10
52 |
53 |
54 |
55 | 12
56 | "Player zPos"
57 |
58 | 0
59 | Float
60 | "Dishonored2_x64ShippingRetail.exe"+048A3318
61 |
62 | 80
63 | 330
64 | 10
65 |
66 |
67 |
68 | 3
69 | "isLoading"
70 |
71 | 0
72 | Byte
73 | Dishonored2_x64ShippingRetail.exe+4A685A8
74 |
75 |
76 | 4
77 | "levelName"
78 |
79 | 0
80 | String
81 | 60
82 | 0
83 | 0
84 | 1
85 | Dishonored2_x64ShippingRetail.exe+5841040
86 |
87 |
88 | 5
89 | "fadeValue"
90 |
91 | 0
92 | Float
93 | "Dishonored2_x64ShippingRetail.exe"+061C7B50
94 |
95 | 7DC
96 | 8
97 | 0
98 |
99 |
100 |
101 | 6
102 | "canInteract"
103 | 0
104 | 4 Bytes
105 | "Dishonored2_x64ShippingRetail.exe"+04A10448
106 |
107 | 0
108 | 13B0
109 | A0
110 | 10
111 | 6D0
112 |
113 |
114 |
115 | 7
116 | "interactTarget"
117 | 1
118 | 0
119 | 4 Bytes
120 | "Dishonored2_x64ShippingRetail.exe"+04A10448
121 |
122 | 4
123 | 80
124 | 88
125 | A0
126 | 10
127 | 6D0
128 |
129 |
130 |
131 | 9
132 | "Kills"
133 |
134 | 4 Bytes
135 | Dishonored2_x64ShippingRetail.exe+46EEBB8
136 |
137 |
138 | 10
139 | "Chaos Score"
140 |
141 | 1
142 | 4 Bytes
143 | "Dishonored2_x64ShippingRetail.exe"+048A3318
144 |
145 | 24
146 | 60
147 | 268
148 | 330
149 | 10
150 |
151 |
152 |
153 | 14
154 | "cVars"
155 |
156 |
157 | 1
158 |
159 |
160 | 32
161 | "in_controlInactiveWindow"
162 |
163 | 0
164 | 4 Bytes
165 | Dishonored2_x64ShippingRetail.exe+4a63a78
166 |
167 |
168 | 29
169 | "com_drawThreadSpeeds"
170 |
171 | 0
172 | 4 Bytes
173 | Dishonored2_x64ShippingRetail.exe+4a6a0f8
174 |
175 |
176 | 31
177 | "com_newLoadScreen"
178 |
179 | 0
180 | 4 Bytes
181 | Dishonored2_x64ShippingRetail.exe+4a6abe8
182 |
183 |
184 | 17
185 | "com_allowConsole"
186 |
187 | 0
188 | 4 Bytes
189 | Dishonored2_x64ShippingRetail.exe+4a6b8a8
190 |
191 |
192 | 30
193 | "com_drawPresentables"
194 |
195 | 0
196 | 4 Bytes
197 | Dishonored2_x64ShippingRetail.exe+507b5e8
198 |
199 |
200 | 27
201 | "com_debugHUD"
202 |
203 | 0
204 | 4 Bytes
205 | Dishonored2_x64ShippingRetail.exe+51b3778
206 |
207 |
208 | 18
209 | "win_consoleVisibility"
210 |
211 | 0
212 | 4 Bytes
213 | Dishonored2_x64ShippingRetail.exe+583be38
214 |
215 |
216 | 34
217 | "cas_debug"
218 |
219 | 0
220 | 4 Bytes
221 | Dishonored2_x64ShippingRetail.exe+5855a28
222 |
223 |
224 | 33
225 | "win_outputDebugString"
226 |
227 | 0
228 | 4 Bytes
229 | Dishonored2_x64ShippingRetail.exe+583bfb8
230 |
231 |
232 | 16
233 | "win_pauseOnFocusLoss"
234 |
235 | 0
236 | 4 Bytes
237 | Dishonored2_x64ShippingRetail.exe+58403a8
238 |
239 |
240 | 25
241 | "ark_debugAiCharactersLinearVelocity"
242 |
243 | 0
244 | 4 Bytes
245 | Dishonored2_x64ShippingRetail.exe+59d0198
246 |
247 |
248 | 28
249 | "ark_debugPhysicsBoundingRadiuses"
250 |
251 | 0
252 | 4 Bytes
253 | Dishonored2_x64ShippingRetail.exe+59d0b98
254 |
255 |
256 | 26
257 | "ark_darkVisionSoundDrawDebug"
258 |
259 | 0
260 | 4 Bytes
261 | Dishonored2_x64ShippingRetail.exe+61b8158
262 |
263 |
264 | 24
265 | "ai_debugCam"
266 |
267 | 0
268 | 4 Bytes
269 | Dishonored2_x64ShippingRetail.exe+61e09e8
270 |
271 |
272 | 20
273 | "pm_jumpheight"
274 |
275 | 0
276 | Float
277 | Dishonored2_x64ShippingRetail.exe+61e116c
278 |
279 |
280 | 23
281 | "pm_stepsize"
282 |
283 | 0
284 | Float
285 | Dishonored2_x64ShippingRetail.exe+61e11ec
286 |
287 |
288 | 21
289 | "pm_thirdPerson"
290 |
291 | 0
292 | 4 Bytes
293 | Dishonored2_x64ShippingRetail.exe+61e2468
294 |
295 |
296 | 22
297 | "pm_thirdPersonHeight"
298 |
299 | 0
300 | Float
301 | Dishonored2_x64ShippingRetail.exe+61e226c
302 |
303 |
304 | 15
305 | "ark_fieldOfView"
306 |
307 | 0
308 | Float
309 | Dishonored2_x64ShippingRetail.exe+61E3D9c
310 |
311 |
312 | 19
313 | "player_debugShake"
314 |
315 | 0
316 | 4 Bytes
317 | Dishonored2_x64ShippingRetail.exe+61e3e18
318 |
319 |
320 |
321 |
322 |
323 |
324 |
--------------------------------------------------------------------------------