Author Topic: Murderface's DMA Kiling Guide  (Read 30 times)

Offline Bot

  • Programmer
  • Registered User
  • *****
  • Posts: 95
  • Who Likes You? 10001
  • Administrator
  • Location: Somewhere?
    • View Profile
Murderface's DMA Kiling Guide
« on: December 21, 2011, 01:58:55 am »
So, if you've been taking a look at some of the guides here, you've probably heard the term DMA tossed around a bit. Don't worry, DMA isn't something to be scared of, and is really easy to beat once you get used to it. DMA does not mean a game is unhackable

 For those of you that don't know, DMA means Dynamic Memory Allocation. In short, it means that the game rotates the addresses of most things in whatever game you're playing, so it is "harder to hack".
 But, if you think about it logically, if the game re-arranges everything, it must have a way to tell itself how to find the new value right? If it didn't, then how would it know where all the values for player health, ammo value, etc were? Well, that's actually the secret on how you can beat DMA!

 This Guide May NOT be Reposted without my permission!
How to tell if your code is DMA'ed:
 Okay, so theres a couple defenitive ways to know if the code you are attempting to make is DMA'ed. The sure fire way to test is, make your code, and it should work on the level/stage you are on. Try going to another stage/ level and if your code no longer works, then the address is DMA'ed. Thats the sure-fire way to tell, you can also try re-starting the game and see if your code still works, If not, then you'll have to un-dma it. Theres also a couple things I've noticed that should help you recognize a dma code on the spot:

1. Most DMA addresses, from my experience, though this does not apply to all games , will start with an address like:

Generally, if a game is not DMA'ed, the address for health,time,ammo,etc tends to be in a lower address.
Multiplayer games: Though not always true, generally games that have infrastructure play are DMA'ed. That's the manufacturer's way of stopping people from hacking their way to the top.
"Patched Games" Socom is a great example of this, If a company releases a patch for thier game, that generally means that they are making addresses and values harder to find and edit.
Code type: Probably the least definite way to tell, but it is common for addresses for player Health, ammo values, and player location(coordinates) to be DMA'ed, especially in first person shooters

Keep in mind, that none of my ways can tell you for sure that you code is on a DMA address, like I said earlier, the only sure fire way to tell without opening a memory dump on your computer is to try a code in different stages/levels, if it ever stops working, then it's probably DMA.

Real/ Plugin Formats:

 One thing to learn before attempting to un-dma a code, is how different plugins read addresses, and how they relate to the actual address in-game. Now, I'm just gonna post the same code in 2 different address formats as an example, the first is in nitepr format, the second is in "real" format
 Real Format:
 Now, look closely at the addresses, notice the addresses are similar towards the end, but in the beginning they are different. Now, the second address is how the game would actually refer to the address, so thats what we need to find out where our DMA code will be. What happens is, when NitePR loads a games memory, it starts numbering the lines at 0x00000000 rather than the actual value, however, in all games memory, it starts numbering lines with 0x08800000. But when hacking, it can prove invaluable to know how to find a real address.

 So, to convert addresses, its actually easy, and you don't need any extra tools! If you're running windows, simply open the calculator. Now go to the menu up top, see where it says scientific and standard? Click scientific. Now a lot more button should show up, but don't let them intimidate you.
 Look up in the top left corner, where there are 4 buttons labeled HEX DEC OCT BIN, and click the button for HEX. Now you're all set for your work. Lets paste the address for the NitePR code in, minus the 0x part.
 Originally Posted by calculator
 One thing you should know, is that calculator will automatically remove any zeros in front of a number. So in calculator it will show up as 16EEBC. Now, our next step is to add 08800000 (thats 88 with 5 zeros after it) That will result in 896EEBC. To but that back into address format, you need to put zeros in front of the # until there are 8 hex total. In this situation, we only need 1 zero. That gives us 0x0896EEBC

 Now, that was a little rough to explain, but you need to understand how to convert real addresses to and from real format to make codes with DMAHunter

The Prep:
 I assume if you've made it this far in my guide, that you know the basics of nitepr and code making, so thats how I am going to explain it. Start a game, go into a level, and search for an address like ammo value. Once you have your address, WRITE IT DOWN! This is crucial that you do so, you will need it later. It will also help if you write "Dump1" or something similar next to it, that way you won't get mixed up. Now, go into the PRX menu of NitePR, and go down to where it says:
 Dump RAM? Slot 0
 And hit X, your memory stick light should flash for a little less than a minute.
 Now, do something that will change the code's address, such as changing levels, or restarting the game,sometimes dying will also move the address.
 The next step is to re-find your "new" address, write it down, and you need to make a dump like before,but this time make sure it says "dump 1" or anything different to the first time you made a dump
 Now, this next part is up to you, normally, 2 dumps will be enough, but somtimes it wont, so you can chosse to repeat the process if you like. But, if you think you're done, then you're done with your psp for now, go ahead and grab your USB cable and hook up your psp to your pc.

 The Tool:
 The tool we're gonna use to make our codes is called DMAHunter, it should have been in the zip file with nitePR, but, just in case it wasn't, heres an upload of it: Once you've got it downloaded, go ahead and open it. You should get a window that looks like this

Now press enter and a screen asking you to select the location of dump 1 should pop up, so lets navigate to our PSP and select the first dump we made, DUMP 0. Then It will ask you to select the second dump.

 Next, It will ask you the location of the first address in the dump. For that, simply enter the address of your first search, the first one you wrote down.
 Then it will ask for the second address, so write the second address, No converting is required for either of these.
 Hit enter.
 Now the words Searching..... Should appear, followed by some data that looks like this:
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
 You will probably have many lines, I just used one for an example. Notice it says "Press any key to continue...." at the bottom, DO NOT PRESS ANYTHING! Instead, right click and hit mark, then drag a white box over all the text and hit enter. Then open notepad and hit CTRL+ V to paste the text there, we're now done with DMAHunter, so you can close it.

 Now that you have it all copied in notepad, let me explain a few parts of what results it gave you
 --Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
 The part in red is what's known as the "Pointer" address, this is because it is literally pointing at where your code's address moved. The part in green is where the pointer is pointing in your first dump, so its showing in real address format where your address would be located in your first dump. The part in blue is showing where the pointer is pointing in the second dump.

 Now, to make a cheat for this, you need to understand how to format a DMA code in nitePR.
 Here is an example DMA code:
#Animation Freeze Online
0x00000088 0x00000001
 Okay, all DMA codes need to start with the orange part, this is just a "sticky note" if you will, telling nitePR that this is a DMA code. Now, the part in red is the pointer address itself. To get this, take the first part of your result, where it says "--Found, address 0X6D1834" and put that address there.
 Okay, for the second line, this is called the "offset" address. In other words, this is saying in hex how far away from the pointer the code you want is away from the pointer. Lastly, the part I did not collor is the value you would normally put for your code.

 So, for the result DMAHunter gave us,
--Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
 We already have the data we need for the first line for our code. Like I showed you earlier, you will have to add zeros to the front of your pointer address so that it is 8 digits long.
 So we have this so far:
 0xFFFFFFFF 0X006D1834

 Now, to find our offset, there is some math involved. But luckily we have our calculator to help us!
 Take the address the pointer is pointing to in the first dump (the green part)
 --Found, address 0X6D1834, value changed from 0X94FA0F0 to 0X9635410
 This address is stored in the "real address" format, so we need to conver it to the nitepr address format. To do this, we have to subtract 8800000 (thats 88 with 5 zeros) from that address, so lets paste our first address into calculator, minus the 0x part
 Now we need to subtract 8800000
 This will give us:

 Now we have two addresses in the same format, what you need to do is take the address you just got, and subtract the address you found in your first dump. This will give you your offset address, in this case it's 56C

 We now have all of the pieces we need to make our code:
#Our Cheat
0xFFFFFFFF 0X006D1834
0x0000056C 0x00000F0F
 ^Insert your desired value
 Hopefully this guide has been enough to find your code, but if not, here's some advice from users at OHG.
Signed, Bot

Share on Facebook Share on Twitter