In game text hacking for mdw

xcoopa · April 27, 2010, 09:47:36 PM

Hi guys i am working on changing some text in MWR.
I have found the text and address but i am not quite sure how to
structure it? I wont it to activate normally when the game starts.
hear is what i have found--[spoiler]

[/spoiler]
the highlited seciton in the to pic is ware the text starts.
[spoiler]

[/spoiler]
any help would greatly appreciated

Romaap · April 27, 2010, 10:43:45 PM

Just use an Hex/ASCII converter to convert text to hex and replace the original numbers with that.

xcoopa · April 27, 2010, 11:18:46 PM

Thanks for the handy tool. ;D
I tried like this but it locks up.
example:
04D6C2D0 XXXXXXXX
04D6C2E0 XXXXXXXX
04D6C200 XXXXXXXX
wasnt sure if i would need to add extra lines or not?
i went ahead and did a pointer search, just in case and camo up with 20 some lines.
which after adding them up came out to 5 diifert address.
probable just wasting time there though.

dcx2 · April 28, 2010, 07:54:54 PM

You could use a string code (06 code type) instead of multiple 32-bit writes (04 code type).

xcoopa · April 28, 2010, 08:12:51 PM

Thanx i'll try that - i will try brake point to see if it loads to a spacific address .

and just noticed that the text changes address slightly- it depends on ware you start on the map.

dcx2 · April 29, 2010, 04:30:59 PM

Now that I think about it, I've never used a string code before, so I'm not sure exactly how it works. Can someone elaborate? This is my best guess, according to the codetype doc. Assuming we wanted to do this...

04D6C2D0 01234567
04D6C2D4 89ABCDEF
04D6C2D8 02468ACE
04D6C2DC 13579BDF

Would this string code do the same thing?

06D6C2D0 00000004
01234567 89ABCDEF
02468ACE 13579BDF

Though, I should mention that the game probably expects the text to end with a null terminator, which is a 0 (not the character 0, the actual value 0). Look at your first picture, at address 80D6C2F4. The first byte is 00; this is the null terminator. It marks the end of the string. If you forget to put a null terminator, all kinds of bad things can happen, because the game will continue reading beyond the text.

You should also be careful not to overflow a buffer. Whoever reads that string probably only allocates a small amount of space for it, and if you write a new string that's bigger it could cause more bad things to happen.

You should try setting a read breakpoint on the first character of the string, before it is displayed on the screen. This should help you find the asm instruction that's reading the string and putting it on the screen. That instruction will always have a reliable pointer to the string, no matter what level you're on.

Alternatively, you could put your alternate string in an unused portion of memory, and then modify the asm to always read your alternate string instead of what it's supposed to read.

wiiztec · April 29, 2010, 04:37:09 PM

No it would be

06D6C2D0 00000010
01234567 89ABCDEF
02468ACE 13579BDF

it goes by bytes not words

dcx2 · April 29, 2010, 05:43:41 PM

Right, that would make more sense, because strings are always going to be multiples of 8-bits, not 32.

BTW, I realized my own example code is terrible because it doesn't end with a 00. Instead, let's write "Hello World"

06D6C2D0 0000000C
48656C6C 6F20576F
726C6400 00000000

Notice how the string ends with the null terminator 00. Also notice how the null terminator is included in the count of bytes, 0xC = 12 decimal. It is also less than or equal to the size of the previous string (25 bytes), and so has no risk of overflowing the destination buffer.

xcoopa · April 29, 2010, 06:32:03 PM

Thanks guys, this helps a lot. the text dose end at 2E followd by 00cc0000. there is also 00 just before it starts.
and i noticed that as i move my mouse across 04D6C2D0 01234567
that the address changed by one number (01 showed 04D6C2D1)
I will give this another go around.
:)

dcx2 · April 29, 2010, 06:41:10 PM

Where do you get 04D6C2D1? Is this supposed to be "32 bit write to 80D6C2D1"? That's not going to work, because it's not aligned correctly....32 bit writes can only write to an address ending in 0, 4, 8, or C.

xcoopa · May 20, 2010, 10:27:52 PM

Just got a chance to start working on this again,
so this is what I have found out.
I inserted this

06D6C2DC 0000000C
48656C6C 6F20576F
726C6400 00000000
[spoiler]

[/spoiler]
I enabled it just be for the match starts. what i ened up with is (Choos Team) but it flashes Hello Wolrd for a split secound-- I had to pause the game and advance one frame at a time to catch it
[spoiler]

[spoiler]
[/spoiler]

[/spoiler]
but once the game advanced it froze. I am assuming i will need to use an ASM code ( which i don't know much about)

WiiOs-Ozelot · May 28, 2010, 03:39:36 PM

i saw a same Text in Range 90. How can I change the text in the range 90 with the 06 Prefix?

i have created a example for Range 90 and it works fine. is this correctly?

4A000000 92FFFF00
16000000 0000000C
48656C6C 6F20576F
726C6400 00000000
E0000000 80008000

What made this? 0000000C <-- Buffer, Lines? :confused:

i have here a exaples codes

[Write String BA]
06XXXXXX 0000000C
ZZZZZZZZ ZZZZZZZZ
ZZZZZZZZ 00000000

[Write String PO]
4A000000 XXXXXXXX
16000000 0000000C
ZZZZZZZZ ZZZZZZZZ
ZZZZZZZZ 00000000
E0000000 80008000

dcx2 · May 28, 2010, 05:34:57 PM

Quote from: -Ozelot- on May 28, 2010, 03:39:36 PM
What made this? 0000000C <-- Buffer, Lines? :confused:

That is the number of bytes that you want to write.

48656C6C 6F20576F 726C6400 <--- this is 0x0C bytes. Do not forget to include a 00 at the end in your byte count. The 00 tells the game where the end of the string is.

WiiOs-Ozelot · May 28, 2010, 05:40:24 PM

ah ok thx

WiiRd forum

News:

In game text hacking for mdw

xcoopa

Romaap

xcoopa

dcx2

xcoopa

dcx2

wiiztec

dcx2

xcoopa

dcx2

xcoopa

WiiOs-Ozelot

dcx2

WiiOs-Ozelot