Kodewerx
https://www.kodewerx.org/forum/

Nitro Hax - Action Replay clone for the DS
https://www.kodewerx.org/forum/viewtopic.php?f=11&t=894
Page 4 of 5

Author:  Arcane [ Sun Apr 01, 2007 3:26 pm ]
Post subject: 

M3 Slot 2, right?

I'm running a Slot 1..

Author:  luney [ Sun Apr 01, 2007 5:27 pm ]
Post subject: 

Actually, they will run on any slot 1 cart if one were to use the EZFlash's 3 in 1 accessory cart with it. Dipstar runs from the 3 in 1 and is hooked to the rom by patching the rom with the dipstar patcher. Cory on the EZFlash forums has written stuff to make the 3 in 1 work with other manufacturer's slot 1 carts.

Author:  TeenTin [ Sun Apr 01, 2007 8:07 pm ]
Post subject: 

Dualscreenman wrote:
They only work on M3s and it's name is Dipstar.


Yup ! Dipstar ROCKS !! :wink:

Author:  lemmayoshi [ Sun Apr 01, 2007 8:58 pm ]
Post subject: 

Actually, no, it sucks.

Author:  TeenTin [ Mon Apr 02, 2007 12:45 am ]
Post subject: 

lemmayoshi wrote:
Actually, no, it sucks.


Hehe, it supports ROMs, at least.

Author:  chishm [ Mon Apr 02, 2007 2:35 am ]
Post subject: 

Here's version 0.81.

Now the cheat engine is called only on VBlank interrupt, not for any other interrupt. To achieve this, I modified the ARM7 interrupt dispatcher. I noticed that the return address (the one modified by the old hook) always pointed to the very next function, so there was a constant offset between the dispatcher and the return function. I therefore replaced the ldr lr, =return_func with adr lr, return_func. I also realised that I could save an instruction by having the IME enabled check use r3 instead of r1. By the time it got to the IRQ flag check loop, r3 was guaranteed to be #0x01, so I could remove the mov r3, #0x01 instruction. With these two saved words, and a bit of creativity in the IRQ flag check loop, I was able to make it only call the cheat engine when a Vblank happened (thanks to the hardware engineers for making the Vblank flag bit 0).

Long story short, I had to make a certain assumption about the games. If this assumption proves false, some games that worked before may fail. Tell me if they do.

Author:  Parasyte [ Mon Apr 02, 2007 9:49 am ]
Post subject: 

This is how I check for Vblank in Kwurdi:

Code:
TrainerARM9:
   @ Exit if we're not handling VBlank
   ldr    r3, [lr,#-8]
   ldr    r3, [r3]
   cmp    r3, r0
   bxne   r0


It locates the handler dispatchers by loading the pointer near the return address, loads the first dispatcher, and compares it to r0 (which contains the pointer to the current dispatcher to be called). This works very well because I patch the interrupt handler after it is autoloaded into its final location; I replace the bx r0 with a static branch to my debug handler (b TrainerARM9/b TrainerARM7). :D

Note: This code is released under the GPL v2.

Author:  chishm [ Mon Apr 02, 2007 10:42 pm ]
Post subject: 

Heh, you make the same assumption about the IRQ return being immediately after the IRQ dispatcher. I like my method because it only ever gets to the cheat engine if a VBlank occured, so it doesn't waste cycles checking whether it should be in the cheat engine or not.

Author:  Master SL [ Wed Apr 04, 2007 1:39 pm ]
Post subject: 

TeenTin wrote:
lemmayoshi wrote:
Actually, no, it sucks.


Hehe, it supports ROMs, at least.


Quality>All

I prefer the NH doesn;t support ROMs than it be as crappy as Dipstar is.

Author:  jjahuja [ Sat Apr 07, 2007 8:03 am ]
Post subject: 

the link isn`t workin.

Author:  dlong [ Sat Apr 07, 2007 8:55 am ]
Post subject: 

Yes, it is.

Author:  Master SL [ Mon Apr 09, 2007 9:13 am ]
Post subject: 

Wait so will you ever make it support roms?

Author:  Dualscreenman [ Mon Apr 09, 2007 9:23 am ]
Post subject: 

No, kthx.

Author:  Master SL [ Mon Apr 09, 2007 11:11 am ]
Post subject: 

T_T
The sadness.

*falls to the ground*
*twitches*
Gets ran over by the same two people shouting OMG and ONOX*

Author:  chishm [ Tue Apr 17, 2007 12:06 am ]
Post subject: 

Version 0.82 is now available from the usual place (see first post in topic). Hopefully supports Animal Crossing now. If you are using an XML file from Datel, it should interpret the master code correctly (thanks to kenobi for help decoding it). If not, try the following code. It should be the first in the cheat list:
Code:
<cheat>
   <name>Master code</name>
   <codes>master cf000001 023ff090 </codes>
</cheat>

If that doesn't work, try the following. Turn it on manually and make sure it is the first in the list:
Code:
<cheat>
   <name>Master code</name>
   <codes>cf000001 023ff090 </codes>
</cheat>

As a last resort, try this:
Code:
<cheat>
   <name>Master code</name>
   <codes>cf000001 02000000 </codes>
</cheat>

Author:  Parasyte [ Tue Apr 17, 2007 12:37 am ]
Post subject: 

The last one will never work. The first two will only work if your code engine + list of codes is 2KB maximum. (Kwurdi works with AC by using the 0x027FF000 mirror.)

Author:  chishm [ Tue Apr 17, 2007 2:21 am ]
Post subject: 

The last one (0x02000000) does work if you use maybe 10 lines of cheats. The cheat engine itself is about 1KiB (0x3F8 bytes for the code), so that leaves room for over 100 lines (8 bytes per line) of cheats when using 0x023ff090 as the address. In the worst case scenario for getting it working, I can make a version that makes use of the Opera expansion cart.

EDIT: Clarified statements.

Author:  Parasyte [ Tue Apr 17, 2007 5:28 am ]
Post subject: 

No, the last one will not work because the game makes calls to several tiny stubs written in Thumb assembly which are scattered throughout the secure area data. (This is why games cannot run if it is not decrypted.) You can get away with overwriting maybe 256 bytes maximum beginning from the beginning of the secure area, but it really depends on the game.

Author:  chishm [ Tue Apr 17, 2007 6:54 am ]
Post subject: 

I know the game uses the secure area, and I still maintain that the cheat engine may work when located at 0x02000000. That was the address I was originally using when I got the cheat engine running for the game (using a different method, not the DS Card wrapper). However, I could only enable maybe 3, maybe 5, actual cheats before the game would crash. Perhaps the method I used to run it had an influence, but the location is still worth trying if nothing else works.

Author:  HyperHacker [ Wed Apr 18, 2007 8:19 pm ]
Post subject: 

Regarding ARDS hacks, why not check for the specific codes used to apply the hacks and emulate them? When someone uses the code to enable offset support for a given code type, then ignore that line and enable offset support within your own engine.

Author:  chishm [ Fri Apr 20, 2007 9:28 pm ]
Post subject: 

HyperHacker:
That would be impractical. The AR hacks are not in a fixed format, and Nitro Hax would have to be updated every time a new one was created.

Author:  SithViperX [ Tue May 29, 2007 2:05 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

I get an error that says "Fat init error" When i try to boot NitroHax....Is there something I need to do? DLDI patch? (What is that exactly?)

Author:  Dualscreenman [ Tue May 29, 2007 2:30 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

Yes, you will need a DLDI patch for your flashcart.

http://chishm.drunkencoders.com/DLDI/

Author:  SithViperX [ Tue May 29, 2007 4:18 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

Edit: Fixed My original problem, but have one question: Is it possible to have more than one cheats.xml files for Nitrohax? So far I can only get one game to be an xml file and I really would like to use it for more than one game.

Author:  SithViperX [ Sat Jun 09, 2007 10:17 am ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

Currently I cannot get NitroHax to work with Zelds Aimbot code, probably has something to do with the fact that it's an ASM code (i think that is right)

Will this ever be supported?

Author:  chishm [ Sat Jun 09, 2007 8:57 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

ASM codes are supported, but you need to use the correct code type. Use C2000000 0000xxxx (where xx is the length of the ASM code in bytes) instead of 023FE074 012FFF11 E0000000 0000xxxx and remove 023FE074 E3520003 from the end of the code.

Author:  SithViperX [ Sun Jun 10, 2007 12:27 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

chishm wrote:
ASM codes are supported, but you need to use the correct code type. Use C2000000 0000xxxx (where xx is the length of the ASM code in bytes) instead of 023FE074 012FFF11 E0000000 0000xxxx and remove 023FE074 E3520003 from the end of the code.


Sorry to keep asking questions, but are those PARTICULAR values the ones I have to change, or are they different for every code? (Zelds code does not have any of those values except for E0000000 0000xxxx)

Author:  Hextator [ Sun Jun 10, 2007 3:19 pm ]
Post subject: 

As I've said, my aim bot does not use the 023FE074 012FFF11 code. Instead, it uses a custom hook that I made (I didn't want to have to worry about my need for executing in thumb to be a hassle and wanted to use my own stack).

If the aim bot code doesn't work, well, hell, I can't see why it wouldn't, so I guess you're pretty screwed. :\

That, or the hook I used interferes with the standard code hook, which I was certain it didn't.

Also, I noticed chishm and Parasyte discussing a need for making the code handler only execute on V Blank interrupts.

Why must it only be executed then? What's wrong with having it be executed more often? Is it just plain too laggy?

Edit: Here's the address I hooked from for my aim bot:

0x37FDCE4

Can someone tell me if the issue is related to where I hooked from? Assuming you all recognize that address, if it is indeed related to a code handling hook.

Author:  Topspin [ Sun Jun 10, 2007 3:52 pm ]
Post subject:  Re:

TeenTin wrote:
lemmayoshi wrote:
Actually, no, it sucks.


Hehe, it supports ROMs, at least.

Supercard update supports AR and Dipstar codes on ROMs.

Author:  chishm [ Sun Jun 10, 2007 7:02 pm ]
Post subject:  Re: Nitro Hax - Action Replay clone for the DS

It seems it would be easiest to just modify the source code for the aim bot than to try and port the compiled AR code to NH.

I don't recognise that address off the top of my head. What was there before you hooked it?

Page 4 of 5 All times are UTC - 8 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/