Finding a specific function for example these functions:
Ammo Function
Health Function
Damage Function
Speed Function
Etc
Etc
What I do is make a simple search out of it. Like this:
I make Infinite Ammo(doesn't have to be unDMA'd) then I can find the ammo function.
Infinite Health ==> Health function
Flash(super speed) ==> Speed Function
First of all what you can do with this function is also defeat Multi-Levels of DMA I will explain how/why later.
What I do is lets take Infinite Ammo as an example it's usually in most games is Multi-Levels of DMA. I unDMA it until I get a working pointer and offset. Lets say my first working pointer and offset are:
0x08E30000(pointer) 0x0020(offset)
I can do two things I will show you first the longer way. Open your cheatdevice's searcher and go to Find Exact Value set to 16bit search and put in your offset which in this example is 0x0020 so I put it in like this:
____0020 and start search. yes you will get lots and lots of results. How to know you got right code in right function:
You copy address and paste in decoder. If the MIPS Command is a "lw" or "sw" loading/storing 0020 follow the function to the start which will start like this: addiu sp, sp, $FFXX[The "XX" are variables] then disable the function with a jr ra[0x03E00008]. The thing you were looking for should happen in example if you were looking for damage function their shouldn't be any damage given/taken. In the example we are looking for Ammo Function so it would either do these: Unable to shoot/No ammo is lost.
The shorter way:
I would set search settings to 0x00004000 -- 0x00900000. Then go to Exact Value Search and put in "0x8c420020" to start off search since my offset is 0020 and I start with a lw v0, $0020(v0) if I don't get results I undo and add 0x00010000. Easier way to rember is just change this number 0x8c420020 in red always add 1 to it. Meaning you put this in Exact Value Search"0x8C42XXXX" [Again "XXXX" are variables where you put your offset]. So I do this until I get a result. I check result by following to the start of the function and jr ra it as well. Look if anything is disabled and what you were looking for is disabled then you found your function.
How/Why this defeats Multi-Levels of DMA:
This finds the base pointer for you used in the function. All you have to do is follow what the LW line is loading the offset of your code to. Like in example my LW line is this: lw v1, $0020(v0) all I have to do is find what is in v0. Take a look at this sample:
So your Multi-Levels of DMA are defeated.
Other things you can do with functions:
Once you find a function like the ammo function you can find other functions as well. Like Gun Function, Speed Function, Etc Etc
Just follow the jal commands in the function everything in the game is linked somehow so when you find one function you can quickly find many more!!
Ammo Function
Health Function
Damage Function
Speed Function
Etc
Etc
What I do is make a simple search out of it. Like this:
I make Infinite Ammo(doesn't have to be unDMA'd) then I can find the ammo function.
Infinite Health ==> Health function
Flash(super speed) ==> Speed Function
First of all what you can do with this function is also defeat Multi-Levels of DMA I will explain how/why later.
What I do is lets take Infinite Ammo as an example it's usually in most games is Multi-Levels of DMA. I unDMA it until I get a working pointer and offset. Lets say my first working pointer and offset are:
0x08E30000(pointer) 0x0020(offset)
I can do two things I will show you first the longer way. Open your cheatdevice's searcher and go to Find Exact Value set to 16bit search and put in your offset which in this example is 0x0020 so I put it in like this:
____0020 and start search. yes you will get lots and lots of results. How to know you got right code in right function:
You copy address and paste in decoder. If the MIPS Command is a "lw" or "sw" loading/storing 0020 follow the function to the start which will start like this: addiu sp, sp, $FFXX[The "XX" are variables] then disable the function with a jr ra[0x03E00008]. The thing you were looking for should happen in example if you were looking for damage function their shouldn't be any damage given/taken. In the example we are looking for Ammo Function so it would either do these: Unable to shoot/No ammo is lost.
The shorter way:
I would set search settings to 0x00004000 -- 0x00900000. Then go to Exact Value Search and put in "0x8c420020" to start off search since my offset is 0020 and I start with a lw v0, $0020(v0) if I don't get results I undo and add 0x00010000. Easier way to rember is just change this number 0x8c420020 in red always add 1 to it. Meaning you put this in Exact Value Search"0x8C42XXXX" [Again "XXXX" are variables where you put your offset]. So I do this until I get a result. I check result by following to the start of the function and jr ra it as well. Look if anything is disabled and what you were looking for is disabled then you found your function.
How/Why this defeats Multi-Levels of DMA:
This finds the base pointer for you used in the function. All you have to do is follow what the LW line is loading the offset of your code to. Like in example my LW line is this: lw v1, $0020(v0) all I have to do is find what is in v0. Take a look at this sample:
- Code:
lui v0, $0880
lw v0, $3FFC(v0)<--Pointer 08803FFC loaded in v0
lw v1, $0020(v0)<--Offset
lw v2, $0120(v1)<--2nd offset
So your Multi-Levels of DMA are defeated.
Other things you can do with functions:
Once you find a function like the ammo function you can find other functions as well. Like Gun Function, Speed Function, Etc Etc
Just follow the jal commands in the function everything in the game is linked somehow so when you find one function you can quickly find many more!!
- Code:
[Search]Finding a Function
Created by: FoodFx
u have to learn all this by steps....
i was just sayen hes dumb not a fucking dumbass 
dh
