Codes
WiiRd forum
March 28, 2024, 03:06:47 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome on the new server

Update 4.3 - do NOT update!
Gecko 1.9.3.1
Should I get a USB Gecko, I wanna hack?
How do I use my USB Gecko
Where can I get WiiRd?
 
   Home   CODE DATABASE GAMEHACKING Help Search Login Register  
Pages: 1 ... 14 15 [16] 17 18 ... 52
  Print  
Author Topic: Gecko dotNET Bugs and Requests  (Read 120206 times)
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #225 on: August 19, 2010, 03:25:06 PM »

I think I actually encountered that with Fatal Frame 4, when searching for CCCCCCFF, for some reason it would get all the data transferred and just...fail.  I think I fixed that bug recently...we'll see if it fixes things in the next release.

BTW, the log is time/date stamped, so if you know about what day you had the problem (August 7th was your post) then that might make it easier.
Logged

dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #226 on: August 21, 2010, 06:21:18 AM »

giantpune - I realized after posting r96 that I didn't take the 30 seconds needed to fix the Notepad support for the System Menu.  Rather than add another release post to the thread, I'm going to just point you at test build r97, which added Notepad support for System Menu debugging.

Mathew - I'll have to test multi-poke a bit more, but apparently the size of the poke is determined by the number of bytes you have in the poke text box.  Also, r96 has a fix for searches that might help the problem you were having.
Logged

DR4G0N
Hacker
Jr. Member
*****

Karma: 1
Posts: 52

hate, hate me plz, it's my fuel to keep going on


WWW
« Reply #227 on: August 23, 2010, 11:43:51 AM »

maybe u would be so kind to consider adding a pointer tab  Grin
as i have problems keeping wiirdgui to stay working and dotnet has given me no probs whatso-ever so far, i would greatly appreciate it
Logged
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #228 on: August 23, 2010, 01:35:25 PM »

Link mentioned ages ago that he wanted to make a separate pointer-search app.  But since it looks like everyone really wants that feature, then I would need a good description of how it works.  I never understood how the pointer tab worked...and it seemed like so much work and hand-waving for an uncertain outcome when an ASM patch or a C2 hook would be almost trivial.

Any descriptions of how the FST tab is supposed to work would be good, too.  Apparently that sometimes doesn't work?
Logged

IRS
Jr. Member
**

Karma: 1
Posts: 82

medal of honor heroes 2 hacker.


« Reply #229 on: August 23, 2010, 02:32:06 PM »

in my experience. one i dont really have a clue what good the FST tab is.. all it does is write a 06(+1)=07 string type.. and replaces the data from the file being swapped to the file being swapped over (ie source file over the destination file) i thought it was supposed to change the ASM reading those areas?

also for the pointer search.. i hate the GUI pointer search.. its not very clear as to which pointer it is supposed to be.. my preferred route of looking up a pointer when i was still working with them.. locate the address that is being "pointed" to. jot that down in a note pad. find another address that follows the same patterns. jot it down. open calculator find the difference between them.. then search all of mem1 with the search parameters "different by" and fill in the difference between the addresses you calculated. then you should have somewhere around 100 addresses. look for an address whose value is withing a 4 digit offset (below) the actual addresses you had located. if it is not the pointer.. try again.

anytime i worked with the pointer search it took an insane amount of time to dump the file and was honestly just painful trying to "guess" which area was correct.. not to mention for the only "my own" pointer code i made.. when searching in the pointer tab i failed to ever locate the address.. i made a code out of all of the addresses indicated in both the "good" and normal areas. then i gave my above method a shot.. found it very quickly.. so in my own experience and work.. a pointer tab is rather useless...
Logged
giantpune
Hacker
Full Member
*****

Karma: 5
Posts: 129


« Reply #230 on: August 25, 2010, 08:31:56 AM »

About the FST tab, I never used the one in wiird, so im not sure what its intended use is, but i know it had something to do with the files contained in the game disc and replacing one with another.  i can provide information that may be useful if you ever do figure out what the fst tab is supposed to do.

when the game is booted, the apploader is run which reads the main.dol into memory and the fst among other things.  the fst is read into the upper bit of mem1.  since the fst's size is directly determined by the number of files in the game, and the length of their names, it is not a constant size.  so, because of this the memory address of the beginning of the fst is always different.  to make finding the table easy, the apploader writes the address of the beginning of it to 0x80000038.  so, you read 0x80000038 and it will tell you another address and you go to that address and there is the fst.

each file/folder in the game has an entry that is 0xc bytes and after all the entries, there is a string table that contains all the names of the files ( null terminated ).  here is the struct of the 0xc bytes for each entry.
Code:
typedef struct
{
        union
        {
                struct
                {
                        u32 Type                :8;
                        u32 NameOffset  :24;
                };
                u32 TypeName;
        };
        union
        {
                struct          // File Entry
                {
                        u32 FileOffset;
                        u32 FileLength;
                };
                struct          // Dir Entry
                {
                        u32 ParentOffset;
                        u32 NextOffset;
                };
                u32 entry[2];
        };
} FEntry;
the first entry is the root entry, and you use it to see the total number of actual entries.  then you multiply the total entries * 0xc and then you have the distance it is to the name table.

so, by finding the fst and reading it, you can build a tree that shows the files and folders that make up the game.  to swap files, you can read the offset and size of file2.  then put overwrite the entry for file1 using these new offset and size.  now when the game tries to read file1, it will actually read file2.


heres what it looks like in SSBB-U
Spoiler for Hiden:
the address of the fst is 0x817DA5A0.  the next address holds the size of the fst including the name table.


if you go to that address, you get this


the first 0xc bytes is the root entry.  it is type 1 ( folder ), name offset & parent offset doesnt matter for the root entry, and its size is 0x1595.  this means that there is 5525 files & folders in this game.  and if you read 0x1595 * 0xc into the fst, you will be at the name table.


the second entry in the fst was type 0 ( file ), name offset is 0x0, file offset = 0x39c00000 and size 0x01000000.  if you jump back to the name table and add the name offset, then you will be at the name of this file.  so, this means that if the game ever wants to read "/border.dat" it will tell the IOS to give it the file at 0x39c00000 << 2 inside the game partition of the disc.  

moving on to the 3rd entry in the fst, it is a file with nameoffset 0xB, offset 0x00140000, size 0x0BEBC200.  0xB past the start of the name table is "dummy.dat".  so, by switching the 32bit values of 0x817da5b0 and 0x817da5bc you have switched the offset inside the disc that the game will request if it wants these 2 files. if you switch the 32bit values at 0x817da5b4 and 0x817da5c0 then you have switched the filesize the game will use for these files.

the 2 files i used here are never actually read by this game, but i chose them for simplicity.  you can use this same principal to switch music files for example and every level in mario can have the same music.
« Last Edit: August 25, 2010, 01:15:45 PM by giantpune » Logged
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #231 on: August 25, 2010, 12:25:27 PM »

Damn skippy.  Is this written down anywhere?  If not, it should be.
Logged

giantpune
Hacker
Full Member
*****

Karma: 5
Posts: 129


« Reply #232 on: August 25, 2010, 01:09:53 PM »

theres already plenty of code written to deal with the fst format. nintendo has been recycling this struct for years.  it is the same layout using in GC games.  i think it is used in the U8 archive format http://www.wiibrew.org/wiki/U8_archive.  the only thing specific here is its location in RAM.  the earliest documentation i saw of it is in yagcd http://hitmen.c02.at/files/yagcd/yagcd/chap13.html#sec13.4.  though i havent seen anyhting written down about it as it pertains to RAM hacking and switching files.

homebrew implementations include many of gamecube tools, trucha signer, wiiscrubber, wit/wwt, SNEEK, my fst creator, the fst devotab library from FTPii, and probably many more.  you can look at them for guidance turning the fst into a filetree.   the only code ive ever seen for it is c/c++ but im sure you can work up a c# version quickly.
« Last Edit: August 25, 2010, 01:13:30 PM by giantpune » Logged
Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #233 on: August 27, 2010, 08:19:03 PM »

I need to say something:
The v.95 update from geckodotnet fixed all codes applying bugs, meaning, it doesn´t freeze anymore!
Awesome, geckodotnet ftw  shocked

And requests:

- The abillity to search for more than 8 characters at once in the memory viewer or everywhere where you can search for values, (like wiiRD could in the Memory Viewer. -> Up to 3 adresses in a row!)
- A pointer search in geckodotnet or an extern application, because wiiRD often fails with the results and you can´t do a pointer search without it. (very important and requested often) Some people like doing a pointer search more than using ASM.
- The ability to automatically set the breakpoint again after it hit like with "autoupdate" in the Memory viewer
- When you select any adress and press gct code, it should always take the actual value from the adress and not 00000000. Especially when using "multiselected adresses" (CTRL + Mouse Click) in the search tab. (Matthew_Wi also requested that a few pages before)
- Is it possible to add a feature that you can write back the original instruction/value when the game froze or do anything except restarting and unfreeze the game? shocked (not paused, crashed)

Greetings... Smiley
« Last Edit: August 27, 2010, 08:30:08 PM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #234 on: August 27, 2010, 10:09:14 PM »

- It's not v .95.  It's r95.  There's a big difference.  Official builds that are supposed to be more stable have version numbers like 0.62 and alpha builds that introduce new features have release numbers like r95.  The alpha build of Gecko.NET is at r100 right now, and pretty soon the official build will be 0.63

- I'll see what I can do about searching for more characters.

- Link mentioned long ago wanting to make an external pointer app.  I'm not that interested in it, especially because I never managed to use the pointer search to find anything.

- If you want to set a breakpoint again immediately after hitting one, use a breakpoint condition that can never be true.  Like SRR0 == 00000000.  I must ask...why would you want to do this?

- This feature already exists, since r93 it began using the value in the New column as the second half of a GCT code created by using the Search Result Context Menu.

- It is possible to unfreeze games, but it is a lot like Black Magic.  It's not something that Gecko.NET could do for you.  Even if Gecko.NET knew which instruction caused the problem, it doesn't necessarily know what value it needs.  You need to reconstruct the data in the appropriate registers by hand.  By the time a game freezes, you may be past the instruction that froze the game, so you may also need to change the SRR0 register so that you can re-execute the botched portion of code.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #235 on: August 28, 2010, 12:29:33 AM »

- Link mentioned long ago wanting to make an external pointer app.  I'm not that interested in it, especially because I never managed to use the pointer search to find anything.

- I must say,
I also never managed to get any code with pointer search, but SOMETIMES you can´t do the code how you want it with ASM.
Or maybe you can do it, what do you think? For example in MKWii, if you make an ASM Item Hack, every COM Player has also the hacked item and not just you, because the Breakpoint is also used for the COM players! With pointer search you can just give yourself the inf. items for example, because the item adress keeps moving.(The actual popular code is written with Pointer!) If there would be a new app, the results won´t be such a mess all the time, that´s my hope for the project xD

- If you want to set a breakpoint again immediately after hitting one, use a breakpoint condition that can never be true.  Like SRR0 == 00000000.  I must ask...why would you want to do this?

- Why I want to automatically set the breakpoint again?
Easy! Sometimes you want to crack the values for a code like item/cloths modifier.
Then, when you change cloths or used item, the breakpoint shows you the new value and if it is set instantly again, you can keep on playing the game and change stuff and write down all the values, without clicking set breakpoint again Grin
As you see, it can be useful. tongue

- It's not v .95.  It's r95.  There's a big difference.  Official builds that are supposed to be more stable have version numbers like 0.62 and alpha builds that introduce new features have release numbers like r95.  The alpha build of Gecko.NET is at r100 right now, and pretty soon the official build will be 0.63
OK I´ll remember that!

- It is possible to unfreeze games, but it is a lot like Black Magic.  It's not something that Gecko.NET could do for you.  Even if Gecko.NET knew which instruction caused the problem, it doesn't necessarily know what value it needs.  You need to reconstruct the data in the appropriate registers by hand.  By the time a game freezes, you may be past the instruction that froze the game, so you may also need to change the SRR0 register so that you can re-execute the botched portion of code.
What I already know is that I can forget about using this "black magic"^^
It´s too hard for me now... I started with the ASM stuff 6 month ago and you are programming for 15years, hui. Shocked
« Last Edit: August 28, 2010, 12:39:36 AM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #236 on: August 28, 2010, 01:23:45 AM »

I also never managed to get any code with pointer search, but SOMETIMES you can´t do the code how you want it with ASM.
Or maybe you can do it, what do you think? For example in MKWii, if you make an ASM Item Hack, every COM Player has also the hacked item and not just you, because the Breakpoint is also used for the COM players! With pointer search you can just give yourself the inf. items for example, because the item adress keeps moving.(The actual popular code is written with Pointer!)

There is nothing that can't be done with ASM.  It sounds like the "ASM Item Hack" just needed a "player activator" to selectively enable.  One of the registers probably has a clue; player or COM.  Compare against that register to do different things.

You could also look for a different hook that only runs when handling the player.

Quote
Easy! Sometimes you want to crack the values for a code like item/cloths modifier.
Then, when you change cloths or used item, the breakpoint shows you the new value and if it is set instantly again, you can keep on playing the game and change stuff and write down all the values, without clicking set breakpoint again Grin

Click the "Log Steps" checkbox on the breakpoint tab.  It writes it down for you.

Also, when you find the address of interest, go to Memory Viewer, use Poke with 1, but change "Write" to "Add".

Quote
What I already know is that I can forget about using this "black magic"^^
It´s too hard for me now... I started with the ASM stuff 6 month ago and you are programming for 15years, hui. Shocked

Eh...more like 12.  But programming is only half of the story, the software.  There's a lot of hardware too.  The software is the actors, and the hardware is the stage.  Without knowledge of both, you cannot understand the story.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #237 on: August 28, 2010, 10:20:16 AM »

Click the "Log Steps" checkbox on the breakpoint tab.  It writes it down for you.
Also, when you find the address of interest, go to Memory Viewer, use Poke with 1, but change "Write" to "Add".
Nice method, and it´s working as wanted aswell... Tongue

There is nothing that can't be done with ASM.  It sounds like the "ASM Item Hack" just needed a "player activator" to selectively enable.  One of the registers probably has a clue; player or COM.  Compare against that register to do different things.
You could also look for a different hook that only runs when handling the player.
This would be awesome, if it works. I´ll ask for it later I guess, if I don´t find it out for my own (what I believe more)
But every instruction I ever found was executed for every com player as well... Huh? We´ll see... Smiley
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
Link
that dev there
Moderator
Hero Member
*****

Karma: 76
Posts: 1254

I hate everyone in this community. Except for you!


WWW
« Reply #238 on: August 30, 2010, 10:37:16 AM »

Link mentioned ages ago that he wanted to make a separate pointer-search app.  But since it looks like everyone really wants that feature, then I would need a good description of how it works.  I never understood how the pointer tab worked...and it seemed like so much work and hand-waving for an uncertain outcome when an ASM patch or a C2 hook would be almost trivial.

Any descriptions of how the FST tab is supposed to work would be good, too.  Apparently that sometimes doesn't work?

The pointer tab works extremely simple.. Basically it opens the two dumps provided as a FileStream and runs through them.. which is also the cause why it's so slow. It literally goes like:

read 80000000 -> check if pointer (meaning if it is a possible address) on both dumps--> no.. go ahead
80000004 -> check if pointer on both dumps -> no
....
80434458 -> check if pointer on both dumps -> yes
---> now if you do not do a pointer in pointer seach (double pointer would be the easy word) it basically compares the addresses the pointer is pointing to.. if the offset to the target address is identical for both pointers and the offset is within the given limits (normally 0 to 8000) then it is accepted as a possible pointer.

In case of a pointer in pointer search the search is actually extended at that place:

Check if [80434458]+0 is a pointer on both dumps -> no, next
Check if [80434458]+4 is a pointer on both dumps -> no...
until:
Check if [80434458]+8000 is a pointer on both dumps -> no, next

If it finds pointer it handles it just like above.


So the basic pointer search is pretty straight forward. I already did an attempt to write a pointer search application however so far it does not really work the way I want. I am trying to create a list of possible addresses - addresses which qualify as pointers as well as the address they point to. Additionally I want my application to be able to search the 80 and 90 area at the same time - there were cases already when people tried searching pointers and failed because an address in MEM1 pointed to the required address in MEM2 - as the current search cannot handle cross pointers that is certainly something I want to fix!+

Using the pointers in a sorted list in memory should technically allow for very quick pointer searches and even allowing 3rd or 4th recursion of pointers. Most important however for such a search would be a good seeking algorithm to seek within the lists and I really haven't yet managed to get that planned in algorithm form. The basic idea is there and should easily outbeat kenobi's mechanisms in case of speed by lengths - it will however be much more memory intense and heap intense - however: even if I stored 2 complete MEM1+MEM2 dumps in the PC memory it would require 176 MB - an amount of memory all PCs of today should manage to carry.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #239 on: August 30, 2010, 04:49:15 PM »

hope you can manage it, Link Cheesy
Funny that you wrote the same post 2 times Tongue
-------------

@dcx2:
the version r103 has a bug.
When I try to assemble something, the program crashes.
It may need more exact coding with the assembly history Smiley
« Last Edit: September 01, 2010, 08:07:44 PM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
Pages: 1 ... 14 15 [16] 17 18 ... 52
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!