» Tools Tutorial
Tools Tutorial

This tools guide is intended for you the curious ones. I assume you who read this already have an ample knowledge of running the emulator you want to hack.

ArtMoney (Memory Editor)

First thing first, we need the right tool. My tool of trade is ArtMoney, downlodable from ArtMoney's website. ArtMoney has a built-in emulator memory search, although due to the trend of SVN builds, the database cannot keep-up most of time.

ArtMoney has problem with 64-bit process, in which it slows down considerably. This makes hacking with Dolphin and DeSmuMe a chore.

artmoney1.png
ArtMoney's main window, showing found address and table address.

Configuring Art Money

[Search > Option > General]
Refresh time (ms): 1
Freeze time (ms): 1
[Additional tab]
Uncheck: Refresh the values in table only on form focus
Check: Ask to save the table with unsaved changes when you exit
[Searching tab]
Check: Enable Undo/Redo the filtration

Hacking Example 1 - Exact Value ~ WarCraft III (PC)

Start WC3 and play a scenario. Notice how much gold in your mine. Example you have 25000 gold in the mine.

  • Alt+Tab out of WC3 and run ArtMoney.
  • On [Select Process] pull down, choose 'WarCraft III'
  • Now press [Search].
  • Set search to 'Exact Value' (because you know how much the number you're searching)
  • Enter 25000 on value
  • Type filed: to know what the number type is, you only need to use your logic. Click on the […] button to select type.
  • Since the value is 25000, no way it can be an Integer 1 Byte (Max 255). And it can't be Integer 2 Byte either (Max 65,535). Usually money value is set to Integer 4 bytes (highest money amount I know is 99,999,999, while Integer 4 byte max amount is 4,294,967,295).
  • Check the Integer 4 Byte and uncheck other options. Press [OK]
  • Your Type field should read 'Custom'
  • Leave address range to ALL
  • Click OK

Depending on your processor clock, you should get a list of addresses in a minute.

  • Go back to WC3.
  • Command one of your peon to enter the gold mine, thus reducing the gold amount by 10. Now in the mine your gold will be 24990
  • Alt+Tab, and back to ArtMoney
  • Click on [Filter] button
  • Enter 24990 in the value field.
  • Click OK
  • Number of addresses should be reduced.
  • Go back to WC3 and command one of your peon to enter the gold mine, reducing the gold amount by 10. Now in the mine your gold will be 24980.
  • Alt+Tab to ArtMoney
  • Click on [Filter] button
  • Enter 24980 in the value field.
  • Click OK.
  • Repeat going back and forth between WC3 and ArtMoney, reducing the gold in mine and filter the address in process.
  • Sooner or later you'll get 1 address.
  • Click on the address on the left table and click on the red arrow button.
  • The address should move to the right table where you can edit it. Input another value, example 100000. NOTE: Value won't change if you still has the text cursor inside the value field!
  • Go back to WC3 and see if the gold mine is updated. If yes, the congrats! You've done your first address filtering!

At this point you might want to toy around with ArtMoney a bit until you have the 'instinct of address choice', especially searching memory in lesser console emulation. In some cases, the addresses won't be down to just 1 address.

Now what if you don't know the exact amount such as life bar? See the below instruction:

Hacking Example 2 - Unknown Value ~ Resident Evil (ePSXe)

Start the game, ensure you have a good amount of health, since if you're dead, it can complicate things. Utilize ePSXe's save states to help you with the procedure.

Note: ArtMoney have a state function, but we will not using that when I refer to save state or load state

  • Save state before you meet an enemy.
  • Go to ArtMoney. Use this parameters:
    • Select Process: 'ePSXe…' (Depends on your version number).
    • Search: 'Unknown Value'
    • Type: 'Integer 2 Byte'
    • Click OK
  • When search is over, go back to Resident Evil, and go meet an enemy. Let the enemy hit you once and pause the game.
  • Back to ArtMoney:
    • Filter: Unknown Value
    • Value: Was Decreased
    • Click OK
  • Let the enemy hit you again and filter.
  • If your life drops to danger and you think you will die from the next hit, use load state. The following procedure applies when you used load state:
    • Use your common sense: you're back to the state before your health is reduced, so it has more value than the last filter.
    • Filter: Unknown Value
    • Value: Was Increased
    • Click OK
  • Let the enemy hit you, and filter with "Was Decreased".
  • Keep filtering back and forth until there is 1 address left.
  • Add the address to the table.
  • Change the value. Does your life state changed? If yes, then bingo.

Common Hacking Tricks

  • Due to how game are structured, most address you seek are most likely located on even address (address ended on even number, e.g. 00BA0310, 00BA0314, 00BA031A, 00BA031E, etc.).
  • Money value are commonly stored using Integer 4 Bytes.
  • Character stat are usually placed in succession. If your character stat has a maximum of 99, it is most likely an Integer 1 Byte. If that particular stat is stored on 00F90314, the next stat is most likely stored in 00F90315 or 00F90316.
  • There are usually 2 types of item addresses:
    • Pre-determined address: Your inventory only store the number of item and the game arrange it on a specific order in your inventory. Usually you have no option to arrange your item manually.
    • Slot address: Your inventory consists of item type and item number. Usually you have the option to sort items manually. The item address can be stored per slot (i.e. Item 1 Type, followed by Item 1 Number), or per type (i.e. Item 1 Type, followed by Item 2 Type, all way until all inventory slot accounted for, then start Item 1 Number, Item 2 Number, and so on).

Offset Change

Many games and/or emulators have randomized address, such as WarCraft III, Dolphin, and DeSmuMe. On these programs, the next time you launched them, your ArtMoney table will no longer point to the correct address. On this case, you will always need an address in the table which value can be easily searched, such as money or numbered Hit Points.

  • Open the ArtMoney table.
  • Let's use money for an example. Select the money address from the table.
  • Search again for money. Usually, it has same last address number.
  • Once you find it, click on it, but don't add to the table. Once selected, [Right Click > More > Auto apply the offset > Auto apply the offset to all]
  • That command will adjust the selected found address to the selected table address. So ensure you're selecting the correct table address.

Calculator (Hexadecimal Calculator/Converter)

Microsoft Windows came with a surprisingly good calculator application. When you set [View > Programmer], you can use Hexadecimal-Decimal conversion (and vice versa) and calculation.

BruteforceSaveData (PlayStation 3 Save Data Resigner)

BruteforeSaveData, also known as BSD, is a save data resigner for PS3. Basically it can resign your savedata in order to use it with other account. It can also decrypt the save data to apply cheats via save data edit. However, due to drama and massive ego problem of the creators, the development have been discontinued. The latest version can be downloaded from here: BruteforceSaveData 4.6

Note: Save data editing can only change stored data such as your character's current money or current HP. It cannot make your character have unlimited money.

XVI32 (Hexadecimal Editor)

A hex editor is needed to easily modify the values of a decrypted PS3 saves. The hex editor I recommend is XVI32, downloadable from Freeware Hex Editor XVI32. XVI32 comes with a powerful scripting tool, thus makes it easy to change a single byte within thousands of addresses. All save data editing on this site will use XVI32's scripting function.

Emulators

Although there could be an alternative, the emulators I listed below are the ones I am most familiar with. To properly use an emulator, you can read their respective wiki. Be careful when looking for help in said emulator's forum, as their troubleshooting is mostly hokum.

ePSXe and PEC (PlayStation)

This emulator is the most stable one available, although the interface can be unfriendly and it cannot properly play music tracks. The PEC (PlayStation Emulation Cheater) is a separate program that enables GameShark codes, which is convenient as it has functions that ArtMoney does not have.

I currently use ePSXe 1.9.0. It has static address, but has difference of A579A0 than Gameshark address. Example, if the Gameshark address is 0013A50B, then add that address by A579A0, resulting in 00B91E79 as the emulation address.

Recommended Plugins:

  • Video: "psx emulation cheater", configure GPU Plugin to "Pete's OpenGL2 Driver 2.9" or "P.E.Op.S Soft Driver 1.18"
  • Audio: P.E.Op.S DSound Audio Driver 1.9 or Eternal's SPU Plugin 1.50

PCSX2

The only viable emulator for PS2. This emulator is very taxing on your system due to its 32-bit architecture. The emulator has a static address, and corresponds to the PS2 address, which is the best part of the program. If the raw address is 004B4860, then the emulation address is simply 204B4860.

PPSSPP

Dolphin

VBA-M

DeSmuMe

Fusion

ZSNES

Further Reading