Nostafaru
Moderating the Crunch Bunch.
Retired Staff
Community Elite
Community Veteran
Determined Poster
Active Member
Console ID Poster
- Apr 6, 2014
- 2,020
- 1,783
- 443
Hello Crunchers Today i will show you something that is very useful for a lot of coders.
This tutorial will be about how to find DVARS. Now when i say DVARS you might be thinking of stuff like : cg_ fov 1
or commands like : g_bulletTracers 1 < - No that is not the type of DVARS we will be looking for. Those DVARS are for patches.
The DVARS we will find is just an address and the bytes to enable it. So you basically write it like this :
PS3.SetMemory(0x1234, new byte[] { 0x01 }); //The address 0x1234 is just used as an example.
or :
byte[] DvarExample = new byte[] { 0x01} ;
PS3.SetMemory(0x1234, DvarExample);
This is for all COD games.
Things Required :
The first thing we will start off with is how to dump your memory. The reason we will do this is because we want to paste our address in our memory dump
and then we can see the addresses we need but i`ll explain that later on.
There is more than just one way of dumping your memory, but the easiest way in my opinion is using Rawdog`s cPanel tool.
*NOTE!* To dump the memory via Rawdog`s cPanel, your Ps3 must be running DEX.
Download : chrome://mega/content/secure.html#!fNxhFLrA!KpF7jlE7PoCgEqkZ3Jd55Y4rHTFgAeED4OLJLq5zWpU
Things you want to do :
1. Open the cPanel and connect to your Playstation 3
2. Click on this button :
3. Now you`ll connect again and click on Dump memory.
4. Now you would have to choose the directory of where your memory dump should be placed :
5. Make sure to save the memory dump file as a .BIN file.
Now you are al done with dumping the memory! Let`s move on to the next step
Finding the DVARS
This will be the most important thing, how to locate DVARS and write them into the memory.
Open Up IDA pro(with the Ps3 plugins). And open the ELF of the game you want to find DVARS for. In this TUT i will use World at war.
Load it in IDA pro. And wait for it to load, you know it`s loaded when it says AU : idle
These are the tabs i normally have open :
To view strings, go to : View > Open Subviews > Strings.
Now search for a DVAR(Press ALT + T). If you wonder how you know which string is a DVAR just look here :
As an example in this tutorial i will use the easiest of them all which is : cg_fov. All COD ELF`s has this string in it. Now search for it.
Once you have located the correct address follow these steps :
1. Click on the string. Then you should see something like this :
You`ll have to copy this address.
Now as you have copied this : 006A0AF8
You have to go to the memory dump we made(in .BIN format) open it in Hex Editor and press CTRL + F.
Make sure you have set the datatype to : Hex - Values. Have it like this :
Now press OK to search once. The first search will NOT BE correct as it will only show a list of pointers which cannot be used to find our address.
Click F3 to search again. Then it will take you to the address that will tell us the correct info. Now click CTRL + E to cop the address.
Now go into a debugger and search for the address that we just found in the memory dump(What debugger you are using is not important as long as you can read and set values in it)
Now as you have done that, you will see the bytes that`s been written in the memory. And inside of here is the value for cg_fov.
Know you should see the bytes of what you also found in the memory dump. Now you just have to play around with some of the bytes in there.
Now i know that the standard value for cg_fov is : 82. As you see here it is
Now i can change the value to 99 to set it to 99, duhh If you want to set it to really high you can change it to : FF which is a HEX number. In Memory it will be : 255
Now you take the address you found and the bytes you found and program it into a tool.
This you will do with Visual Studio. Now code it like this : PS3.SetMemory(0x274DB29, new byte[] { 0x82 }); This will give the address 0x274DB29 the value of 0x82.
Now you are done with finding the DVARS ! You can do this with a lot of other addresses like : g_speed or high_jump_height
Some String for mods : Wallhack = r_znear, UAV = b_ShowCompassEnemies, Laser = cg_laser. And you can use Draw Crosshairs and a lot more.
Writing it in PowerPC
Now i will teach you how to write this into an EBOOT.BIN, to do this you have to write in PowerPC.
There are 2 different ways of writing mods into an EBOOT.BIN.
1. Taking the address you have - 10 000 and write the bytes in the EBOOT.ELF file, must be a .ELF format, just make it to a .BIN when you are done.
2. Finding an empty address and writing PowerPC to it.
In this tutorial i will use the PowerPC method, as not all addresses can be found in the .ELF file, the cg_fov address i found : 0x274DB29 is to big to be in a .ELF file.
So we would write it in PowerPC(PPC).
This is very simple, these are some of the instructions you would use : li, lis and stb.
li = load immidiate
lis = load immidiate shifted
stb = store byte
What you would need to write this is a PPC Compiler(made by choco) look it up on google.
Once you have that you would find an empty address to write your PowerPC to. To do this, you can take what you "think" is an empty address and put a breakpoint on the address(in debugger) if it doesn`t freeze the process that means that its empty, and you can write to it.
As an example in thir tutorial i will use the address : 0x123456, that is not a real empty address just to show where you should have your empty address.
Your start address would be in here :
Now this is what you would write :
0x274DB29
lis %r3, 0x274D //Loading the first 2 bytes of the address into the register 3 (r3)
li %r4, 0x99 //Loading the value that you are using to turn on the mod into register 4 (r4) And 0x99 is the value i want cg_fov to be set as.
stb %r4, 0xB29(%r3) //Storing that byte at the address that you loaded
The reason we have this char : % in front of our registers is because Choco`s PPC Compiler wont understand it if you are not using it.
Now it converted our PowerPC coding into OP Codes and it looks like this : 3C 60 27 4D 38 80 00 99 98 83 0B 29
Now just go to the empty address and paste those OP Codes and you should have the mod
If you have any questions just leave them in the comments.
Peace out !
This tutorial will be about how to find DVARS. Now when i say DVARS you might be thinking of stuff like : cg_ fov 1
or commands like : g_bulletTracers 1 < - No that is not the type of DVARS we will be looking for. Those DVARS are for patches.
The DVARS we will find is just an address and the bytes to enable it. So you basically write it like this :
PS3.SetMemory(0x1234, new byte[] { 0x01 }); //The address 0x1234 is just used as an example.
or :
byte[] DvarExample = new byte[] { 0x01} ;
PS3.SetMemory(0x1234, DvarExample);
This is for all COD games.
Things Required :
- Your Game`s memory dump.
- A Debugger(So you can view your memory and write your values faster)
- IDA Pro(With PS3 plugins)
- Hex editor
- A brain(not included ).
The first thing we will start off with is how to dump your memory. The reason we will do this is because we want to paste our address in our memory dump
and then we can see the addresses we need but i`ll explain that later on.
There is more than just one way of dumping your memory, but the easiest way in my opinion is using Rawdog`s cPanel tool.
*NOTE!* To dump the memory via Rawdog`s cPanel, your Ps3 must be running DEX.
Download : chrome://mega/content/secure.html#!fNxhFLrA!KpF7jlE7PoCgEqkZ3Jd55Y4rHTFgAeED4OLJLq5zWpU
Things you want to do :
1. Open the cPanel and connect to your Playstation 3
2. Click on this button :
3. Now you`ll connect again and click on Dump memory.
4. Now you would have to choose the directory of where your memory dump should be placed :
5. Make sure to save the memory dump file as a .BIN file.
Now you are al done with dumping the memory! Let`s move on to the next step
Finding the DVARS
This will be the most important thing, how to locate DVARS and write them into the memory.
Open Up IDA pro(with the Ps3 plugins). And open the ELF of the game you want to find DVARS for. In this TUT i will use World at war.
Load it in IDA pro. And wait for it to load, you know it`s loaded when it says AU : idle
These are the tabs i normally have open :
To view strings, go to : View > Open Subviews > Strings.
Now search for a DVAR(Press ALT + T). If you wonder how you know which string is a DVAR just look here :
Code:
DVARS is often written like this : cg_, g_, sv_. Example : cg_fov <- look at the cg_ before the function name. Then you know it its a DVAR or not.
As an example in this tutorial i will use the easiest of them all which is : cg_fov. All COD ELF`s has this string in it. Now search for it.
Once you have located the correct address follow these steps :
1. Click on the string. Then you should see something like this :
You`ll have to copy this address.
Now as you have copied this : 006A0AF8
You have to go to the memory dump we made(in .BIN format) open it in Hex Editor and press CTRL + F.
Make sure you have set the datatype to : Hex - Values. Have it like this :
Now press OK to search once. The first search will NOT BE correct as it will only show a list of pointers which cannot be used to find our address.
Click F3 to search again. Then it will take you to the address that will tell us the correct info. Now click CTRL + E to cop the address.
Now go into a debugger and search for the address that we just found in the memory dump(What debugger you are using is not important as long as you can read and set values in it)
Now as you have done that, you will see the bytes that`s been written in the memory. And inside of here is the value for cg_fov.
Know you should see the bytes of what you also found in the memory dump. Now you just have to play around with some of the bytes in there.
Now i know that the standard value for cg_fov is : 82. As you see here it is
Now i can change the value to 99 to set it to 99, duhh If you want to set it to really high you can change it to : FF which is a HEX number. In Memory it will be : 255
Now you take the address you found and the bytes you found and program it into a tool.
This you will do with Visual Studio. Now code it like this : PS3.SetMemory(0x274DB29, new byte[] { 0x82 }); This will give the address 0x274DB29 the value of 0x82.
Now you are done with finding the DVARS ! You can do this with a lot of other addresses like : g_speed or high_jump_height
Some String for mods : Wallhack = r_znear, UAV = b_ShowCompassEnemies, Laser = cg_laser. And you can use Draw Crosshairs and a lot more.
Writing it in PowerPC
Now i will teach you how to write this into an EBOOT.BIN, to do this you have to write in PowerPC.
There are 2 different ways of writing mods into an EBOOT.BIN.
1. Taking the address you have - 10 000 and write the bytes in the EBOOT.ELF file, must be a .ELF format, just make it to a .BIN when you are done.
2. Finding an empty address and writing PowerPC to it.
In this tutorial i will use the PowerPC method, as not all addresses can be found in the .ELF file, the cg_fov address i found : 0x274DB29 is to big to be in a .ELF file.
So we would write it in PowerPC(PPC).
This is very simple, these are some of the instructions you would use : li, lis and stb.
li = load immidiate
lis = load immidiate shifted
stb = store byte
What you would need to write this is a PPC Compiler(made by choco) look it up on google.
Once you have that you would find an empty address to write your PowerPC to. To do this, you can take what you "think" is an empty address and put a breakpoint on the address(in debugger) if it doesn`t freeze the process that means that its empty, and you can write to it.
As an example in thir tutorial i will use the address : 0x123456, that is not a real empty address just to show where you should have your empty address.
Your start address would be in here :
Now this is what you would write :
0x274DB29
lis %r3, 0x274D //Loading the first 2 bytes of the address into the register 3 (r3)
li %r4, 0x99 //Loading the value that you are using to turn on the mod into register 4 (r4) And 0x99 is the value i want cg_fov to be set as.
stb %r4, 0xB29(%r3) //Storing that byte at the address that you loaded
The reason we have this char : % in front of our registers is because Choco`s PPC Compiler wont understand it if you are not using it.
Now it converted our PowerPC coding into OP Codes and it looks like this : 3C 60 27 4D 38 80 00 99 98 83 0B 29
Now just go to the empty address and paste those OP Codes and you should have the mod
If you have any questions just leave them in the comments.
Peace out !