TASVideos

Tool-assisted game movies
When human skills are just not enough

Memory Search

Examining memory addresses is useful in the making of TASes for looking at important values that are hidden from the player or difficult to determine just by looking at the screen. They are also important for making bots to assist gameplay, which is covered on the Lua scripting page.

Memory search is also known as "cheat search", which is a misleading name.

Table of contents [expand all] [collapse all]

Searching

There are more memory addresses than one can imagine, so to find what we are looking for, we must filter the memory addresses using the search box.

First, go to some relevant point in the game, one where you are about to change the value of what you want to find. Open the search box. Don't search anything yet, but click "Start" or "Reset". This initializes the memory addresses to those currently in the game. If you want to find addresses with a specific value now, enter the value, select "equal to", and click search.

Now play the game until the value has presumably changed. Now go back to the search box. Select one of "less than", "equal to", "not equal to" and so on. If comparing to the previous value, select "previous value" and click search. If trying to find addresses with a specific value, enter the value, select "equal to", and click search. Click "Update values" if the emulator doesn't do this automatically.

Keep doing this until you have narrowed down the possibilities and you can easily guess which one it is. Sometimes there may be two or more addresses which are similar to the one you're trying to find.

It is recommended to select "2-bytes" for search. This avoids confusion near byte boundaries (such as when 127 goes to -128, or 255 goes to 0). If it doesn't work, try "1-byte".

A Useful Example - Finding X Position.

The simplest yet most useful byte one can often find is the x position of a character. By monitoring x position one can be sure to maximize the distance covered in a given period of time. The following would be a procedure applicable to most games where x position would need to be found.

Super Mario Bros. (Japan, USA) will be used as an example.

  • Start 1-1.
  • Tools -> Cheat Search.
  • Reset

The emulator sorts bytes based on how the value is changing. When standing still the x position should stay ‘equal’. Once moved to a different location, the x position is ‘not equal’ to the previous value. It should be noted that the search by default always compares to the previous value, not the original value. Another option is to compare the value to a known value.

  • Click Reset to start a new search of all bytes.
  • While standing at the original location, hit ‘equal’ numerous times while the game is playing. This sorts out all bytes that change when you stand still (timers, random numbers).
  • Move to the right, stop walking, and press ‘not equal’ exactly one time. After this, press ‘equal’ a few more times while standing at the same location.

Following this method further, it should narrow the possibilities to about 20 bytes. Observing these bytes while playing in real time one could conclude that the x position is located at 0400. Further investigation will find the x subpixel position at 0086. The subpixel is Mario's x position decimal value out of 256. These memory addresses can be placed in Tools -> Memory Watch for convenient observation while playing.

Checking whether the guess is correct

When you have found the address or there are a few addresses left and you can't figure out which one it is, watch the addresses in memory. Play the game, and the correct address or addresses should stand out.

Check for important addresses nearby

You can easily save work by checking around the address you found. For example, if you found the player's X position, it is reasonable to assume the player's Y position is two or four bytes ahead.

Other Resources

  • Ram Search contains further documentation on the RAM Search dialog that is common in many rerecording emulators. It may be a helpful resource to further detail the information on this page.
  • Memory Hacking Software by L. Spiro is an external memory search tool that works with any program. It is extremely useful for finding bytes in emulators without built in cheat search functions.

Links


Combined RSS Feed
MemorySearch last edited by FractalFusion on 2010-06-24 00:43:35
Page info and history | Latest diff | List referrers | View Source