How to find and modify a value at a specific memory address

● ARCHIVED · READ-ONLY
Started by Tsukihime 8 posts View original ↗
  1. Tsukihime
    #1 Source
    Earlier I found out that I can use memory editing to surpass the FPS limits imposed by RM's dll. I used cheat engine to find the address.





    Now the problem I'm having is that I have no idea how to find this address at runtime in RM and consequently how to modify it.


    Anyone have any idea?
  2. FenixFyreX
    #2 Source
    I would check out the original Resolution Breaker script that our unknown friend posted on pastebin. It shows rather well how to do this. It starts with a base address and adds values in a proc to make changes, etc. Have you checked out how exactly it works?


    EDIT: The anonymous script I'm talking about is this, in case anyone is curious.
  3. Tsukihime
    #3 Source
    I checked it out but it looks like the actual offsets were somehow figured out (I guess they are always a specific offset from the base address). That's where I'm stuck.
  4. FenixFyreX
    #4 Source
    All processes have a base address, the one the script I linked gives you is, I think, the one you need to work from. As for the offset of the FPS restriction in memory; try adding what you found from cheat engine to the base address CPtr that the script uses, and see if that works? I'm pretty sure the worst case senario is that RPG Maker crashes (actually that is a lie; however overwriting memory values doesn't usually crash your computer unless you overwrite huge chunks, and/or go outside the process' memory cache).


    Memory locations like these are hard to find; the majority of this kind of thing is trial and error; trying one value out, moving on to the next if it doesn't work. I would work in 4-byte memory sections. As in, if this address doesn't work, add 4 and continue. The majority of in-memory code is represented as 4-byte integers (longs and pointers as well, if it's 32-bit architecture).
  5. Tsukihime
    #5 Source
    Alright, let's see if this will lead me to find what I want



    I managed to get it so that when I close and restart, it automatically goes to correct address.

    However, if I open a new project and start a game there and try to use the same address, it doesn't work.

    I get an offset of 0x214...not sure what to do with that.

    Hmm wonder where to go from there.

    EDIT: looked at a different video



    This one tells me that green addresses are base pointers and that's what I should be looking for.

    Looking through the list, I do find one. It points to RGSS DLL

    RGSS300.dll+25EB00So the pointer to the value is located at wherever the DLL is plus the offset.This one always points to the correct value even if I start up different instances of the game.

    So now the question is...what would be the value of RGSS300.dll?

    Oh, wait, so RGSS300.dll starts at 0x10000000, which is the "fixed" address.

    So I should be able to modify this address and it will work, but the game just crashes.

    base = 0x10000000mod = -> adr, val { DL::CPtr.new(base + adr)[0, val.size] = val } f = -> rate { [rate].pack("l").scan /.{4}/ }o = f.(60)[0]mod.(0x25EB00, o)That's not right. I need to add the offset as well

    Code:
    base = 0x10000000mod = -> adr, val { DL::CPtr.new(base + adr)[0, val.size] = val }    f = -> rate { [rate].pack("l").scan /.{4}/ }o = f.(60)[0]mod.(0x25EB00 + 0x214, o)
    And now I start the game, and it doesn't crash! and I have 60 FPS.Might be on to something.

    So I switch to 120, and...it's still 60 FPS. Didn't work :(

    Cheat engine still reports it as 60. Which is weird...I'd like to believe I'm changing the value of those 4 bytes starting at the given address.

    UPDATE

    OK...didn't think of the basics.

    I printed out the value at that address when the game starts normally and it was 0. So I don't have the right address, cause I expect it to be 60.
  6. Tsukihime
    #6 Source
    OMG yes I figured it out. Will create an article about it.


    Basically, I had all the numbers I needed.


    Base pointer: 0x10000000


    Offset to something in the DLL: 0x25EB00


    Some other offset to the actual value: 0x214


    The thing that I was missing was the fact that the value stored at 0x1025EB00 was an address, and so I had to read that address, add 0x214 to it, and then I'm at the actual value I want.
  7. FenixFyreX
    #7 Source
    Awesome! I'm glad you figured this out! Something accomplished, and two things gained! We have pretty much all the mods to RGSS now, haha.
  8. Tsukihime
    #8 Source
    I was looking over what you said about the types of values that could be stored and it occurred to me that I might have been missing something big.


    Cause even in CE, I was looking at the pointers and it said 0x10000000 + 0x25EB00 = 0x0093281E or something and that didn't make any sense to me initially. Then I realized that value was a memory address.