Pointers to 90 memory region

[Apache81]

Hi guys :)

I'm trying to track down a pointer to the box where the items are stored for the game Pandora's Tower.
The box is allocated in the 90 portion memory.
When I try to make a pointer search in that region I got:

Code Select Expand

[824D234C]+5AE8C
[824DADF8]+30C8C
[824DAE20]+55EAC
[824DAE28]+5DA8C
[824DB1C8]+3236C
[824DB1CC]+30C8C
[824DB248]+3236C
[824DB24C]+30C8C
[824DB2B8]+30F8C
[8254824C]+55EAC
[82548A28]+5DA8C
but I cannot make codes with these address because if I try to read from those memory portion the Wii crashes.

I also tried to switch the pointer search to the memory region 80 (the combobox near the dumps buttons) but I got false pointer address (the location given contains other data).

What's the deal with these?


THANKS !!!  :)

[Bully@Wiiplaza]

Hmm... pretty weird that all pointers are out of bounds. Did you try forcing pointer in pointer or setting a breakpoint read?
If you used WiiRd, also try Pointer Search v4.0 by Dr.Pepper and see what you´ll get. I´m not a fan of pointers... ASM almost always works better. :eek:

Try this "template" though:

48000000 XXXXXXXX
DE000000 90009380
14YYYYYY ZZZZZZZZ
E0000000 80008000

XXXXXXXX is the address, YYYYYY is the offset and ZZZZZZZZ the new value.
But you probably already did this.

[Apache81]

Hmm... pretty weird that all pointers are out of bounds. Did you try forcing pointer in pointer or setting a breakpoint read?

I´m not a fan of pointers... ASM almost always works better. :eek:

Yes. I tried the pointer in pointer search and no results are displayed  :(
I also used the breakpoint and in fact I found the code that modify the values and I did a "Not decrease item when used" code but I would like to make a code that also to give infinite items it unlocks the "not already have items".

If you used WiiRd, also try Pointer Search v4.0 by Dr.Pepper and see what you´ll get.

Never heard of such a thing... I'll give it a try for sure  ;)

Try this "template" though:

48000000 XXXXXXXX
DE000000 90009380
14YYYYYY ZZZZZZZZ
E0000000 80008000

XXXXXXXX is the address, YYYYYY is the offset and ZZZZZZZZ the new value.
But you probably already did this.

Yep... I tried this but Wii crashes with every single pointer given by the search  :(

Thanks man !!!   :)

[Bully@Wiiplaza]

To affect all items (even the non-unlocked ones) it may help to set a breakpoint read and then overwrite the load instruction by load immediate and see if something happened (if it worked, make it a ram write in asm). It could also be the case that the game stores value 1 for item aquired or value 0 for not aquired. For this case, you need to write the 1´s using another breakpoint read so that your bp read on the item amount will execute for all items and make them infinite.

Here´s two codes for pokepark that I made that follow this theory:
[spoiler]All Bonus Challenges completed [Bully@Wiiplaza]
F6000001 80068100
7C630214 3863000C
D2000084 00000002
38000001 B0030008
60000000 00000000
E0000000 80008000
^ enable scores from all pokemon

Highscore Modifier [Bully@Wiiplaza]
F6000001 80008100
7FFF0214 7C1DF040
D20000B0 00000005
9421FFF0 91610008
3D600000 616BD6D8
91630000 81610008
38210010 80630000
60000000 00000000
E0000000 80008000
^ write new highscore for all pokemon (this will only work properly with the code above which makes the game think that I´ve played with every pokemon)[/spoiler]
Try it. ;D

[Apache81]

Thanks :)
I'll check it as soon as possible :)