Exclusive How to Mod any game by yourself!

gams4

Gamer
Sep 18, 2015
134
53
28
23
I can nothing about PPC

00AEF61C = address ,static address
00005A8C = offset
value = 00001971

thanks for your help
 

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
I can nothing about PPC

00AEF61C = address ,static address
00005A8C = offset
value = 00001971

thanks for your help
To mod games by yourself you need to know some PPC. I can't help you like this because it's unclear what you're trying to do or what you want to modify.
 

luiz_neto

Newbie
Oct 19, 2015
14
6
13
Brasil
The NetCheat PS3 is out of date and I can not connect to my PS3 as CCAPI is at version 2.60 and the current is 2.70 rev4. Is there any update or any way to upgrade?
 
Last edited:

Cain532

Happy Modding
RG Admin
Feb 23, 2015
1,298
681
123
USA
The NetCheat PS3 is out of date and I can not connect to my PS3 as CCAPI is at version 2.60 and the current is 2.70 rev4. Is there any update or any way to upgrade?
You should be able to take the updated CCAPI lib and replace it with whatever version is sitting inside your NetCheat directory :)
 
  • Like
Reactions: gams4

weed 974

Newbie
Aug 11, 2016
1
0
11
21
Good work my brother if you have a Tuto like this for GTA V 1.26 motioned me !! I'm going more French :D:cigar::shame:
 

FloDoc

Verified
Aug 4, 2016
62
20
18
34
Great post! This will help a lot of people! Thanks for the CodeWizard tip, I was using a ppc compiler that was not giving me accurate opcodes, I will be trying CodeWizard going forward. I have been using this method for Dragon Age Inquisition but the memory ranges seem to make NetCheat crash. Also, there seems to be some function in the game that breaks it when certain functions (health, mana, skill points) are altered. More work to do I guess!
 
  • Like
Reactions: LEGACYY

carma66

Gamer
Jun 11, 2015
132
10
28
32
To mod games by yourself you need to know some PPC. I can't help you like this because it's unclear what you're trying to do or what you want to modify.

this tutorial is for numerical values offsets.

But i want to find "Infinite Special offset"

How i can search no numerical cheats?
 

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
this tutorial is for numerical values offsets.

But i want to find "Infinite Special offset"

How i can search no numerical cheats?
Search for unknown value in netcheat (changed/unchanged) or (increased/decreased)
 
  • Like
Reactions: Cain532

FloDoc

Verified
Aug 4, 2016
62
20
18
34
The only problem with searching unknown values with netcheat (not that there are many other options) is you have to have an incredible amount of fortitude lol. Because if your search ranges are too large and netcheat returns more than about 2000000 results, it will crash. So you have to break down your search ranges to like 50000 increments to find anything, so it definitely helps if you know some of the ranges before hand (I realize that's not always possible). Also, your unknown values can be floats or ints, so that increases the search time hahaha. I have found that you usually need to look for a floating value when your dealing with non numerical things like heath/stamina bars etc. I know this is super vague, but I am not a pro, only commenting on my experience.
 
  • Like
Reactions: Cyb3r and anxify

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
The only problem with searching unknown values with netcheat (not that there are many other options) is you have to have an incredible amount of fortitude lol. Because if your search ranges are too large and netcheat returns more than about 2000000 results, it will crash. So you have to break down your search ranges to like 50000 increments to find anything, so it definitely helps if you know some of the ranges before hand (I realize that's not always possible). Also, your unknown values can be floats or ints, so that increases the search time hahaha. I have found that you usually need to look for a floating value when your dealing with non numerical things like heath/stamina bars etc. I know this is super vague, but I am not a pro, only commenting on my experience.
Usually when I want to search for unknown value I start searching for value > zero if the value is bigger than zero.
 
  • Like
Reactions: FloDoc

FloDoc

Verified
Aug 4, 2016
62
20
18
34
More useful advise! do you try both int and float values? What do you find more of, floats or ints?
 

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
More useful advise! do you try both int and float values? What do you find more of, floats or ints?
Just focus on finding the changed value then compare it with the original. When you find it you can figure out which type it's.
 

EvilWiffles

Newbie
Nov 5, 2016
7
1
3
23
Hello, really great tutorial!
I don't know PPC myself but I was learning how to use Netcheat and finding pointers till I found out most of these pointers are always dynamic.

Games I'm focusing on are Demon's Souls and Dark Souls 1. Can easily grab stamina or HP but it's a shame since I'd like for these things to stick, when I die or warp. Using both BLUS versions if anyone is interested in maybe helping me out, and hopefully show me where I'd need to go.

Anyways, I've gotten the dynamic pointer (in this case 326DACD4) for stamina in DeS and in Debugger.
Can't post links it seems, oh well.
Code:
00286858 F9210090 std        r9,0x90(r1)
0028685C C9810090 lfd        f12,0x90(r1)                  50 (00286858) PIPE LHS[01]
00286860 2F8BFFCE cmpwi      cr7,r11,-0x32
00286864 FD80669C fcfid      f12,f12
00286868 9161007C stw        r11,0x7C(r1)
0028686C FC006018 frsp       f0,f12                        08 (00286864) REG PIPE
00286870 EDAD0028 fsubs      f13,f13,f0                    09 (0028686C) REG
00286874 D1BF0134 stfs       f13,0x134(r31)                10 (00286870) REG
00286878 419C0020 blt        cr7,0x00286898
0028687C 393D03D8 addi       r9,r29,0x3D8
00286880 792A0020 clrldi     r10,r9,32                     01 (0028687C) REG
00286884 800A0000 lwz        r0,0x0(r10)                   04 (00286880) REG LSU
00286888 7F805800 cmpw       cr7,r0,r11                    01 (00286884) REG
0028688C 419C000C blt        cr7,0x00286898                01 (00286888) REG
00286890 3921007C addi       r9,r1,0x7C
00286894 792A0020 clrldi     r10,r9,32                     01 (00286890) REG PIPE
00286898 800A0000 lwz        r0,0x0(r10)                   03 (00286894) REG LSU
0028689C 811F0020 lwz        r8,0x20(r31)                   PIPE
002868A0 901F03D4 stw        r0,0x3D4(r31)
002868A4 4BFFF89C b          0x00286140                    08
002868A8 811F0020 lwz        r8,0x20(r31)
002868AC 4BFFFABC b          0x00286368                    08
002868B0 38000000 li         r0,0x0
002868B4 901F02F4 stw        r0,0x2F4(r31)                 03 (002868B0) REG PIPE LSU
002868B8 4BFFFE8C b          0x00286744                    08
002868BC C1BF02F0 lfs        f13,0x2F0(r31)                 PIPE
002868C0 4BFFFA58 b          0x00286318                    08
002868C4 60000000 nop                                       PIPE
002868C8 2B840078 cmplwi     cr7,r4,0x78
002868CC 7C0802A6 mfspr      r0,lr                         02
002868D0 F821FF51 stdu       r1,-0xB0(r1)
002868D4 FBC100A0 std        r30,0xA0(r1)                  03 (002868D0) REG PIPE LSU
002868D8 FBE100A8 std        r31,0xA8(r1)
002868DC FBA10098 std        r29,0x98(r1)                   PIPE
002868E0 F80100C0 std        r0,0xC0(r1)
002868E4 83C28518 lwz        r30,-0x7AE8(r2)                PIPE
002868E8 7C7F1B78 mr         r31,r3
002868EC 419D0284 bgt        cr7,0x00286B70
002868F0 817E8360 lwz        r11,-0x7CA0(r30)
002868F4 78891788 clrlsldi   r9,r4,32,2
002868F8 7C09582E lwzx       r0,r9,r11                     03 (002868F4) REG LSU
002868FC 7C0007B4 extsw      r0,r0                         02 (002868F8) REG
00286900 7C005A14 add        r0,r0,r11                     01 (002868FC) REG
00286904 7C0903A6 mtspr      ctr,r0                        02 (00286900) REG
00286908 4E800420 bctr                                     08
I'm just wanting to lock stamina to constant max, which in my case is 88.

Also, would you have a copy of the CodeWizard version 1.2.6? I compiled mine from Github but it would've been easier if there was a place that was already compiled
 
Last edited:

Cain532

Happy Modding
RG Admin
Feb 23, 2015
1,298
681
123
USA
Hello, really great tutorial!
I don't know PPC myself but I was learning how to use Netcheat and finding pointers till I found out most of these pointers are always dynamic.

Games I'm focusing on are Demon's Souls and Dark Souls 1. Can easily grab stamina or HP but it's a shame since I'd like for these things to stick, when I die or warp. Using both BLUS versions if anyone is interested in maybe helping me out, and hopefully show me where I'd need to go.

Anyways, I've gotten the dynamic pointer (in this case 326DACD4) for stamina in DeS and in Debugger.
Can't post links it seems, oh well.
Code:
00286858 F9210090 std        r9,0x90(r1)
0028685C C9810090 lfd        f12,0x90(r1)                  50 (00286858) PIPE LHS[01]
00286860 2F8BFFCE cmpwi      cr7,r11,-0x32
00286864 FD80669C fcfid      f12,f12
00286868 9161007C stw        r11,0x7C(r1)
0028686C FC006018 frsp       f0,f12                        08 (00286864) REG PIPE
00286870 EDAD0028 fsubs      f13,f13,f0                    09 (0028686C) REG
00286874 D1BF0134 stfs       f13,0x134(r31)                10 (00286870) REG
00286878 419C0020 blt        cr7,0x00286898
0028687C 393D03D8 addi       r9,r29,0x3D8
00286880 792A0020 clrldi     r10,r9,32                     01 (0028687C) REG
00286884 800A0000 lwz        r0,0x0(r10)                   04 (00286880) REG LSU
00286888 7F805800 cmpw       cr7,r0,r11                    01 (00286884) REG
0028688C 419C000C blt        cr7,0x00286898                01 (00286888) REG
00286890 3921007C addi       r9,r1,0x7C
00286894 792A0020 clrldi     r10,r9,32                     01 (00286890) REG PIPE
00286898 800A0000 lwz        r0,0x0(r10)                   03 (00286894) REG LSU
0028689C 811F0020 lwz        r8,0x20(r31)                   PIPE
002868A0 901F03D4 stw        r0,0x3D4(r31)
002868A4 4BFFF89C b          0x00286140                    08
002868A8 811F0020 lwz        r8,0x20(r31)
002868AC 4BFFFABC b          0x00286368                    08
002868B0 38000000 li         r0,0x0
002868B4 901F02F4 stw        r0,0x2F4(r31)                 03 (002868B0) REG PIPE LSU
002868B8 4BFFFE8C b          0x00286744                    08
002868BC C1BF02F0 lfs        f13,0x2F0(r31)                 PIPE
002868C0 4BFFFA58 b          0x00286318                    08
002868C4 60000000 nop                                       PIPE
002868C8 2B840078 cmplwi     cr7,r4,0x78
002868CC 7C0802A6 mfspr      r0,lr                         02
002868D0 F821FF51 stdu       r1,-0xB0(r1)
002868D4 FBC100A0 std        r30,0xA0(r1)                  03 (002868D0) REG PIPE LSU
002868D8 FBE100A8 std        r31,0xA8(r1)
002868DC FBA10098 std        r29,0x98(r1)                   PIPE
002868E0 F80100C0 std        r0,0xC0(r1)
002868E4 83C28518 lwz        r30,-0x7AE8(r2)                PIPE
002868E8 7C7F1B78 mr         r31,r3
002868EC 419D0284 bgt        cr7,0x00286B70
002868F0 817E8360 lwz        r11,-0x7CA0(r30)
002868F4 78891788 clrlsldi   r9,r4,32,2
002868F8 7C09582E lwzx       r0,r9,r11                     03 (002868F4) REG LSU
002868FC 7C0007B4 extsw      r0,r0                         02 (002868F8) REG
00286900 7C005A14 add        r0,r0,r11                     01 (002868FC) REG
00286904 7C0903A6 mtspr      ctr,r0                        02 (00286900) REG
00286908 4E800420 bctr                                     08
I'm just wanting to lock stamina to constant max, which in my case is 88.

Also, would you have a copy of the CodeWizard version 1.2.6? I compiled mine from Github but it would've been easier if there was a place that was already compiled
Awesome work buddy :) so can you tell me exactly which of these addresses it's stopping on when it breaks? It'd be defined with a small yellow arrow in ProDG when the breakpoint hits.
 

EvilWiffles

Newbie
Nov 5, 2016
7
1
3
23
Awesome work buddy :) so can you tell me exactly which of these addresses it's stopping on when it breaks? It'd be defined with a small yellow arrow in ProDG when the breakpoint hits.
I swapped to just focusing on HP, think it's worth more time looking at compared to just stamina at this point :o.
Code:
00280390 4E800020 blr                                      08
00280394 60000000 nop                                       PIPE
00280398 7F6007B4 extsw      r0,r27
0028039C 807F0304 lwz        r3,0x304(r31)
002803A0 38800000 li         r4,0x0
002803A4 F8010090 std        r0,0x90(r1)                    PIPE
002803A8 C8010090 lfd        f0,0x90(r1)                   50 (002803A4) LHS[01]
002803AC FC00069C fcfid      f0,f0                          PIPE
002803B0 FFE00018 frsp       f31,f0                        09 (002803AC) REG
002803B4 480F858D bl         0x00378940                    08
002803B8 60000000 nop
002803BC 39210080 addi       r9,r1,0x80                     PIPE
002803C0 38000001 li         r0,0x1
002803C4 3961007C addi       r11,r1,0x7C                    PIPE
002803C8 90010078 stw        r0,0x78(r1)
002803CC EC3F0072 fmuls      f1,f31,f1                      PIPE
002803D0 FC20081E fctiwz     f1,f1                         09 (002803CC) REG
002803D4 7C204FAE stfiwx     f1,0,r9                       09 (002803D0) REG PIPE
002803D8 80010080 lwz        r0,0x80(r1)
002803DC 2F800001 cmpwi      cr7,r0,0x1                    02 (002803D8) REG
002803E0 9001007C stw        r0,0x7C(r1)
002803E4 409D00F8 ble        cr7,0x002804DC
002803E8 796B0020 clrldi     r11,r11,32
002803EC 381C03C4 addi       r0,r28,0x3C4                   PIPE
002803F0 3BBC03C8 addi       r29,r28,0x3C8
002803F4 780A0020 clrldi     r10,r0,32                      PIPE
002803F8 38000000 li         r0,0x0
002803FC 812B0000 lwz        r9,0x0(r11)
00280400 90010074 stw        r0,0x74(r1)                   03 (002803F8) REG LSU
00280404 913F03C8 stw        r9,0x3C8(r31)                  PIPE
00280408 812A0000 lwz        r9,0x0(r10)
0028040C 2F890000 cmpwi      cr7,r9,0x0                    02 (00280408) REG
00280410 419C00D4 blt        cr7,0x002804E4
00280414 7BAB0020 clrldi     r11,r29,32
00280418 800B0000 lwz        r0,0x0(r11)                   03 (00280414) REG LSU
0028041C 7F804800 cmpw       cr7,r0,r9                     02 (00280418) REG
00280420 419C0098 blt        cr7,0x002804B8
00280424 800A0000 lwz        r0,0x0(r10)
00280428 38800001 li         r4,0x1
0028042C 807F0304 lwz        r3,0x304(r31)
[COLOR=#ffff4d]00280430 901F03C4 stw        r0,0x3C4(r31)[/COLOR]
00280434 480F850D bl         0x00378940                    08
00280438 60000000 nop

r0 is 265 and r31 is 860173680
I can nop this address but nothing comes out of it. I can only understand few mnemonics at this point but I got a nice little chart to help me understand some things I'm looking at :p.
 

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
I can nop this address but nothing comes out of it. I can only understand few mnemonics at this point but I got a nice little chart to help me understand some things I'm looking at :p.
If noping it doesn't work then you must likely have found a mirror address.
 

EvilWiffles

Newbie
Nov 5, 2016
7
1
3
23
If noping it doesn't work then you must likely have found a mirror address.
Would I need to find the pointer in Netcheat or look in other ranges?

Stamina stopped regenerating when I edited it to nop. It's still degenerate though
 
Last edited:

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
849
123
Would I need to find the pointer in Netcheat or look in other ranges?

Stamina stopped regenerating when I edited it to nop. It's still degenerate though
I see, there's 2 functions for stamina (increase/decrease) which means you have found the wrong one, let the stamina to fully regenerate, set a breakpoint on the address then try decreasing it, then you will get the correct function, now try to nop it and see what happens.
 

EvilWiffles

Newbie
Nov 5, 2016
7
1
3
23
I see, there's 2 functions for stamina (increase/decrease) which means you have found the wrong one, let the stamina to fully regenerate, set a breakpoint on the address then try decreasing it, then you will get the correct function, now try to nop it and see what happens.
I went to find the HP for Dark Souls 1 and found a working one that doesn't seem like it's a mirror.
Code:
6 1198FF94 FFFFE754
0 00000000 00000268
Works when restarting the game a few times.

Code:
002A86D0 60000000 nop
002A86D4 800100A4 lwz        r0,0xA4(r1)
002A86D8 2B80000F cmplwi     cr7,r0,0xF                    01 (002A86D4) REG
002A86DC 419D0580 bgt        cr7,0x002A8C5C                01 (002A86D8) REG
002A86E0 83810084 lwz        r28,0x84(r1)
002A86E4 92E100A4 stw        r23,0xA4(r1)                   PIPE
002A86E8 9B010090 stb        r24,0x90(r1)
002A86EC 930100A0 stw        r24,0xA0(r1)                   PIPE
002A86F0 81410078 lwz        r10,0x78(r1)
002A86F4 38800014 li         r4,0x14
002A86F8 38A00004 li         r5,0x4
002A86FC 7D435378 mr         r3,r10                         PIPE
002A8700 812A0000 lwz        r9,0x0(r10)
002A8704 8169002C lwz        r11,0x2C(r9)                  03 (002A8700) REG PIPE LSU
002A8708 800B0000 lwz        r0,0x0(r11)                   03 (002A8704) REG LSU
002A870C F8410028 std        r2,0x28(r1)                    PIPE
002A8710 7C0903A6 mtspr      ctr,r0
002A8714 804B0004 lwz        r2,0x4(r11)
002A8718 4E800421 bctrl                                    08
002A871C E8410028 ld         r2,0x28(r1)                    PIPE
002A8720 2F830000 cmpwi      cr7,r3,0x0
002A8724 7C7D1B78 mr         r29,r3                         PIPE
002A8728 419E04A4 beq        cr7,0x002A8BCC
002A872C 7BAB0020 clrldi     r11,r29,32                    01 (002A8724) REG
002A8730 39200000 li         r9,0x0
002A8734 7FA4EB78 mr         r4,r29                         PIPE
[COLOR=#ffff4d]>002A8738 938B0008 stw        r28,0x8(r11)[/COLOR]
002A873C 992B0011 stb        r9,0x11(r11)                   PIPE
002A8740 938B0000 stw        r28,0x0(r11)
002A8744 93EB0004 stw        r31,0x4(r11)                   PIPE
002A8748 92CB000C stw        r22,0xC(r11)
002A874C 992B0010 stb        r9,0x10(r11)                   PIPE
002A8750 80010084 lwz        r0,0x84(r1)
002A8754 81210088 lwz        r9,0x88(r1)                    PIPE
002A8758 7F80F800 cmpw       cr7,r0,r31
002A875C 39290001 addi       r9,r9,0x1                      PIPE
002A8760 91210088 stw        r9,0x88(r1)                   03 (002A875C) REG LSU
002A8764 419E0448 beq        cr7,0x002A8BAC
002A8768 5720063E clrlwi     r0,r25,24
I edited to nop and it'll just freeze the game up. Nice I got it working but the game is very laggy when I force constant write. Want to avoid that if it's even possible
 
Last edited: