Murderface
10-16-2008, 10:46 AM
So, if you've been taking a look at some of the guides here, you've probably heard the term DMA tossed around a bit. Don't worry, DMA isn't something to be scared of, and is really easy to beat once you get used to it. DMA does not mean a game is unhackable
For those of you that don't know, DMA means Dynamic Memory Allocation. In short, it means that the game rotates the addresses of most things in whatever game you're playing, so it is "harder to hack".
But, if you think about it logically, if the game re-arranges everything, it must have a way to tell itself how to find the new value right? If it didn't, then how would it know where all the values for player health, ammo value, etc were? Well, that's actually the secret on how you can beat DMA!
This Guide May NOT be Reposted without my permission!
How to tell if your code is DMA'ed:
Okay, so theres a couple defenitive ways to know if the code you are attempting to make is DMA'ed. The sure fire way to test is, make your code, and it should work on the level/stage you are on. Try going to another stage/ level and if your code no longer works, then the address is DMA'ed. Thats the sure-fire way to tell, you can also try re-starting the game and see if your code still works, If not, then you'll have to un-dma it. Theres also a couple things I've noticed that should help you recognize a dma code on the spot:
Most DMA addresses, from my experience, though this does not apply to all games , will start with an address like:
0x01300000 or higherGenerally, if a game is not DMA'ed, the address for health,time,ammo,etc tends to be in a lower address.
Multiplayer games: Though not always true, generally games that have infrastructure play are DMA'ed. That's the manufacturer's way of stopping people from hacking their way to the top.
"Patched Games" Socom is a great example of this, If a company releases a patch for thier game, that generally means that they are making addresses and values harder to find and edit.
Code type: Probably the least definite way to tell, but it is common for addresses for player Health, ammo values, and player location(coordinates) to be DMA'ed, especially in first person shooters
Keep in mind, that none of my ways can tell you for sure that you code is on a DMA address, like I said earlier, the only sure fire way to tell without opening a memory dump on your computer is to try a code in different stages/levels, if it ever stops working, then it's probably DMA.
Real/ Plugin Formats:
One thing to learn before attempting to un-dma a code, is how different plugins read addresses, and how they relate to the actual address in-game. Now, I'm just gonna post the same code in 2 different address formats as an example, the first is in nitepr format, the second is in "real" format
NitePR:
0x0016EEBC
Real Format:
0x0896EEBCNow, look closely at the addresses, notice the addresses are similar towards the end, but in the beginning they are different. Now, the second address is how the game would actually refer to the address, so thats what we need to find out where our DMA code will be. What happens is, when NitePR loads a games memory, it starts numbering the lines at 0x00000000 rather than the actual value, however, in all games memory, it starts numbering lines with 0x08800000. But when hacking, it can prove invaluable to know how to find a real address.
So, to convert addresses, its actually easy, and you don't need any extra tools! If you're running windows, simply open the calculator. Now go to the menu up top, see where it says scientific and standard? Click scientific. Now a lot more button should show up, but don't let them intimidate you.
Look up in the top left corner, where there are 4 buttons labeled HEX DEC OCT BIN, and click the button for HEX. Now you're all set for your work. Lets paste the address for the NitePR code in, minus the 0x part.
0016EEBC
One thing you should know, is that calculator will automatically remove any zeros in front of a number. So in calculator it will show up as 16EEBC. Now, our next step is to add 08800000 (thats 88 with 5 zeros after it) That will result in 896EEBC. To but that back into address format, you need to put zeros in front of the # until there are 8 hex total. In this situation, we only need 1 zero. That gives us 0x0896EEBC
Now, that was a little rough to explain, but you need to understand how to convert real addresses to and from real format to make codes with DMAHunter
The Prep:
I assume if you've made it this far in my guide, that you know the basics of nitepr and code making, so thats how I am going to explain it. Start a game, go into a level, and search for an address like ammo value. Once you have your address, WRITE IT DOWN! This is crucial that you do so, you will need it later. It will also help if you write "Dump1" or something similar next to it, that way you won't get mixed up. Now, go into the PRX menu of NitePR, and go down to where it says:
Dump RAM? Slot 0
And hit X, your memory stick light should flash for a little less than a minute.
Now, do something that will change the code's address, such as changing levels, or restarting the game,sometimes dying will also move the address.
The next step is to re-find your "new" address, write it down, and you need to make a dump like before,but this time make sure it says "dump 1" or anything different to the first time you made a dump
Now, this next part is up to you, normally, 2 dumps will be enough, but somtimes it wont, so you can chosse to repeat the process if you like. But, if you think you're done, then you're done with your psp for now, go ahead and grab your USB cable and hook up your psp to your pc.
The Tool:
The tool we're gonna use to make our codes is called DMAHunter, it should have been in the zip file with nitePR, but, just in case it wasn't, heres an upload of it:
http://www.megaupload.com/?d=OXXXTPL2
Once you've got it downloaded, go ahead and open it. You should get a window that looks like this:
http://i327.photobucket.com/albums/k449/Haxcommunity/screen1.png
Now press enter and a screen asking you to select the location of dump 1 should pop up, so lets navigate to our PSP and select the first dump we made, DUMP 0. Then It will ask you to select the second dump.
Next, It will ask you the location of the first address in the dump. For that, simply enter the address of your first search, the first one you wrote down.
Then it will ask for the second address, so write the second address, No converting is required for either of these.
Hit enter.
Now the words Searching..... Should appear, followed by some data that looks like this:
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410You will probably have many lines, I just used one for an example. Notice it says "Press any key to continue...." at the bottom, DO NOT PRESS ANYTHING! Instead, right click and hit mark, then drag a white box over all the text and hit enter. Then open notepad and hit CTRL+ V to paste the text there, we're now done with DMAHunter, so you can close it.
Now that you have it all copied in notepad, let me explain a few parts of what results it gave you
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
The part in red is what's known as the "Pointer" address, this is because it is literally pointing at where your code's address moved. The part in green is where the pointer is pointing in your first dump, so its showing in real address format where your address would be located in your first dump. The part in blue is showing where the pointer is pointing in the second dump.
Now, to make a cheat for this, you need to understand how to format a DMA code in nitePR.
Here is an example DMA code:
#Animation Freeze Online
0xFFFFFFFF 0x001A5BA0
0x00000088 0x00000001Okay, all DMA codes need to start with the orange part, this is just a "sticky note" if you will, telling nitePR that this is a DMA code. Now, the part in red is the pointer address itself. To get this, take the first part of your result, where it says "--Found, address 0X6D1834" and put that address there.
Okay, for the second line, this is called the "offset" address. In other words, this is saying in hex how far away from the pointer the code you want is away from the pointer. Lastly, the part I did not collor is the value you would normally put for your code.
So, for the result DMAHunter gave us,
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410We already have the data we need for the first line for our code. Like I showed you earlier, you will have to add zeros to the front of your pointer address so that it is 8 digits long.
So we have this so far:
#Code
0xFFFFFFFF 0X006D1834
Now, to find our offset, there is some math involved. But luckily we have our calculator to help us!
Take the address the pointer is pointing to in the first dump (the green part)
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
This address is stored in the "real address" format, so we need to conver it to the nitepr address format. To do this, we have to subtract 8800000 (thats 88 with 5 zeros) from that address, so lets paste our first address into calculator, minus the 0x part
94FA0F0
Now we need to subtract 8800000
This will give us:
0x00CFA0F0
Now we have two addresses in the same format, what you need to do is take the address you just got, and subtract the address you found in your first dump. This will give you your offset address, in this case it's 56C
We now have all of the pieces we need to make our code:
#Our Cheat
0xFFFFFFFF 0X006D1834
0x0000056C 0x00000F0F
^Insert your desired valueHopefully this guide has been enough to find your code, but if not, here's some advice from users at OHG:
if your getting a LOT of results, try finding a pointer in there thats points to an address CLOSE to your first code. Usually, this will be your pointer.
you know what i do :
i make 3 memory dumps instead of 2
and then i use 1&2 and get the results (A)
then 2&3 (B)
then 1&3 (C)
then i compare A, B, and C.....and i end up with much less results......so you may want to try this
IF UR POINTER CODE IS NOT WORKING DO THIS FIRST BEFORE ANYTHING ELSE:
DECREASE UR OFFSET BY TWO
(OFFSET= 0x0000056C in the FINAL PRODUCT)
THIS HAPPENS 99.9% of THE TIME TO ME SO JUST DECREASE UR OFFSET BY 2
Well, I hope you enjoyed my guide, and hopefully you learned something new today! If you have questions, comments, please, leave them below!
Thanks Goes Out To:
WAZGOINGON, For making a guide that I understood, and helped serve as a template for this one
WhoIsYou, for helping explain making DMA codes better on a 1 on 1 basis
K3S, for reccommending checking results against eachother, this truly helped me alot
HaxCommunity's Members, truly my motivation for keeping my hacking going.
HaxCommunity's Staff, for doing their jobs, which allows me time off to develop new hacks and guides, couldn't do it without you
All of OneHitGamer, for their great guides, and all their help and answers to my questions, no matter how noobish
For those of you that don't know, DMA means Dynamic Memory Allocation. In short, it means that the game rotates the addresses of most things in whatever game you're playing, so it is "harder to hack".
But, if you think about it logically, if the game re-arranges everything, it must have a way to tell itself how to find the new value right? If it didn't, then how would it know where all the values for player health, ammo value, etc were? Well, that's actually the secret on how you can beat DMA!
This Guide May NOT be Reposted without my permission!
How to tell if your code is DMA'ed:
Okay, so theres a couple defenitive ways to know if the code you are attempting to make is DMA'ed. The sure fire way to test is, make your code, and it should work on the level/stage you are on. Try going to another stage/ level and if your code no longer works, then the address is DMA'ed. Thats the sure-fire way to tell, you can also try re-starting the game and see if your code still works, If not, then you'll have to un-dma it. Theres also a couple things I've noticed that should help you recognize a dma code on the spot:
Most DMA addresses, from my experience, though this does not apply to all games , will start with an address like:
0x01300000 or higherGenerally, if a game is not DMA'ed, the address for health,time,ammo,etc tends to be in a lower address.
Multiplayer games: Though not always true, generally games that have infrastructure play are DMA'ed. That's the manufacturer's way of stopping people from hacking their way to the top.
"Patched Games" Socom is a great example of this, If a company releases a patch for thier game, that generally means that they are making addresses and values harder to find and edit.
Code type: Probably the least definite way to tell, but it is common for addresses for player Health, ammo values, and player location(coordinates) to be DMA'ed, especially in first person shooters
Keep in mind, that none of my ways can tell you for sure that you code is on a DMA address, like I said earlier, the only sure fire way to tell without opening a memory dump on your computer is to try a code in different stages/levels, if it ever stops working, then it's probably DMA.
Real/ Plugin Formats:
One thing to learn before attempting to un-dma a code, is how different plugins read addresses, and how they relate to the actual address in-game. Now, I'm just gonna post the same code in 2 different address formats as an example, the first is in nitepr format, the second is in "real" format
NitePR:
0x0016EEBC
Real Format:
0x0896EEBCNow, look closely at the addresses, notice the addresses are similar towards the end, but in the beginning they are different. Now, the second address is how the game would actually refer to the address, so thats what we need to find out where our DMA code will be. What happens is, when NitePR loads a games memory, it starts numbering the lines at 0x00000000 rather than the actual value, however, in all games memory, it starts numbering lines with 0x08800000. But when hacking, it can prove invaluable to know how to find a real address.
So, to convert addresses, its actually easy, and you don't need any extra tools! If you're running windows, simply open the calculator. Now go to the menu up top, see where it says scientific and standard? Click scientific. Now a lot more button should show up, but don't let them intimidate you.
Look up in the top left corner, where there are 4 buttons labeled HEX DEC OCT BIN, and click the button for HEX. Now you're all set for your work. Lets paste the address for the NitePR code in, minus the 0x part.
0016EEBC
One thing you should know, is that calculator will automatically remove any zeros in front of a number. So in calculator it will show up as 16EEBC. Now, our next step is to add 08800000 (thats 88 with 5 zeros after it) That will result in 896EEBC. To but that back into address format, you need to put zeros in front of the # until there are 8 hex total. In this situation, we only need 1 zero. That gives us 0x0896EEBC
Now, that was a little rough to explain, but you need to understand how to convert real addresses to and from real format to make codes with DMAHunter
The Prep:
I assume if you've made it this far in my guide, that you know the basics of nitepr and code making, so thats how I am going to explain it. Start a game, go into a level, and search for an address like ammo value. Once you have your address, WRITE IT DOWN! This is crucial that you do so, you will need it later. It will also help if you write "Dump1" or something similar next to it, that way you won't get mixed up. Now, go into the PRX menu of NitePR, and go down to where it says:
Dump RAM? Slot 0
And hit X, your memory stick light should flash for a little less than a minute.
Now, do something that will change the code's address, such as changing levels, or restarting the game,sometimes dying will also move the address.
The next step is to re-find your "new" address, write it down, and you need to make a dump like before,but this time make sure it says "dump 1" or anything different to the first time you made a dump
Now, this next part is up to you, normally, 2 dumps will be enough, but somtimes it wont, so you can chosse to repeat the process if you like. But, if you think you're done, then you're done with your psp for now, go ahead and grab your USB cable and hook up your psp to your pc.
The Tool:
The tool we're gonna use to make our codes is called DMAHunter, it should have been in the zip file with nitePR, but, just in case it wasn't, heres an upload of it:
http://www.megaupload.com/?d=OXXXTPL2
Once you've got it downloaded, go ahead and open it. You should get a window that looks like this:
http://i327.photobucket.com/albums/k449/Haxcommunity/screen1.png
Now press enter and a screen asking you to select the location of dump 1 should pop up, so lets navigate to our PSP and select the first dump we made, DUMP 0. Then It will ask you to select the second dump.
Next, It will ask you the location of the first address in the dump. For that, simply enter the address of your first search, the first one you wrote down.
Then it will ask for the second address, so write the second address, No converting is required for either of these.
Hit enter.
Now the words Searching..... Should appear, followed by some data that looks like this:
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410You will probably have many lines, I just used one for an example. Notice it says "Press any key to continue...." at the bottom, DO NOT PRESS ANYTHING! Instead, right click and hit mark, then drag a white box over all the text and hit enter. Then open notepad and hit CTRL+ V to paste the text there, we're now done with DMAHunter, so you can close it.
Now that you have it all copied in notepad, let me explain a few parts of what results it gave you
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
The part in red is what's known as the "Pointer" address, this is because it is literally pointing at where your code's address moved. The part in green is where the pointer is pointing in your first dump, so its showing in real address format where your address would be located in your first dump. The part in blue is showing where the pointer is pointing in the second dump.
Now, to make a cheat for this, you need to understand how to format a DMA code in nitePR.
Here is an example DMA code:
#Animation Freeze Online
0xFFFFFFFF 0x001A5BA0
0x00000088 0x00000001Okay, all DMA codes need to start with the orange part, this is just a "sticky note" if you will, telling nitePR that this is a DMA code. Now, the part in red is the pointer address itself. To get this, take the first part of your result, where it says "--Found, address 0X6D1834" and put that address there.
Okay, for the second line, this is called the "offset" address. In other words, this is saying in hex how far away from the pointer the code you want is away from the pointer. Lastly, the part I did not collor is the value you would normally put for your code.
So, for the result DMAHunter gave us,
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410We already have the data we need for the first line for our code. Like I showed you earlier, you will have to add zeros to the front of your pointer address so that it is 8 digits long.
So we have this so far:
#Code
0xFFFFFFFF 0X006D1834
Now, to find our offset, there is some math involved. But luckily we have our calculator to help us!
Take the address the pointer is pointing to in the first dump (the green part)
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
This address is stored in the "real address" format, so we need to conver it to the nitepr address format. To do this, we have to subtract 8800000 (thats 88 with 5 zeros) from that address, so lets paste our first address into calculator, minus the 0x part
94FA0F0
Now we need to subtract 8800000
This will give us:
0x00CFA0F0
Now we have two addresses in the same format, what you need to do is take the address you just got, and subtract the address you found in your first dump. This will give you your offset address, in this case it's 56C
We now have all of the pieces we need to make our code:
#Our Cheat
0xFFFFFFFF 0X006D1834
0x0000056C 0x00000F0F
^Insert your desired valueHopefully this guide has been enough to find your code, but if not, here's some advice from users at OHG:
if your getting a LOT of results, try finding a pointer in there thats points to an address CLOSE to your first code. Usually, this will be your pointer.
you know what i do :
i make 3 memory dumps instead of 2
and then i use 1&2 and get the results (A)
then 2&3 (B)
then 1&3 (C)
then i compare A, B, and C.....and i end up with much less results......so you may want to try this
IF UR POINTER CODE IS NOT WORKING DO THIS FIRST BEFORE ANYTHING ELSE:
DECREASE UR OFFSET BY TWO
(OFFSET= 0x0000056C in the FINAL PRODUCT)
THIS HAPPENS 99.9% of THE TIME TO ME SO JUST DECREASE UR OFFSET BY 2
Well, I hope you enjoyed my guide, and hopefully you learned something new today! If you have questions, comments, please, leave them below!
Thanks Goes Out To:
WAZGOINGON, For making a guide that I understood, and helped serve as a template for this one
WhoIsYou, for helping explain making DMA codes better on a 1 on 1 basis
K3S, for reccommending checking results against eachother, this truly helped me alot
HaxCommunity's Members, truly my motivation for keeping my hacking going.
HaxCommunity's Staff, for doing their jobs, which allows me time off to develop new hacks and guides, couldn't do it without you
All of OneHitGamer, for their great guides, and all their help and answers to my questions, no matter how noobish