Xbox 360Fixed version of XeClutch's Cheat Engine for Xbox 360
Posted:

Xbox 360Fixed version of XeClutch's Cheat Engine for Xbox 360Posted:

XeCrippy
  • Winter 2018
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
This been on github for years but I could never getting working well enough to actually be usable. I have went through and tried to fix what I could and made some improvements. It's slow so I wouldn't recommend it for very large chunks of memory.

Key Features:
- Lets you save/load your cheat table to/from a .Json file
- Added a checkbox for searching values that are in reverse byte order (like stats on later cod's)
- String searching
- Cheat table refresh option
- Used parallelization to try and speed up the search process. It will utilize all available processors on the cpu now instead of a single thread.
- Some basic optimizations
- Automatically convert your cheat tables to a .cs class
- it still needs a bit of work

Suggested Memory Ranges:
Physical RAM = 0xC2000000-0xE0000000 (this will be slow so I'd suggest split it into two searches at least. I timed it at 20:xx minutes but it can vary for different games)
Allocated Memory = 0x40000000-0x50000000
Base Image for most games = 0x82000000-0x87000000 (length can vary)
Heap = 0x30000000 - ? (Approximate)
Stack = 0x70000000- ? (Approximate)

Less Common Regions:
0x50000000 - 0x70000000
0x87000000-0x89000000[

Notes:
You can not set data breakpoints on addresses in 0xCxxxxxxx range. I believe you can for 0xD0000000.
Heap/Stack won't be much use.
Allocated Memory is where you will find a lot of addresses.
Call of Duty games most everything will be between 0x82000000-0x85000000


I had to learn the hard way that most public search tools don't properly handle Little Endian. For example, say you're looking for kills on MW3 and you have 999 (0x000003E7)...you actually would search for 3875733504(0xE7030000), which will not work because it's larger than UInt32. So XCE Tools and even X360 Trainer Tool won't handle it.

So for this one on a game like MW3 you just check the Little Endian box and search for the value that actually shows in game. So no data conversion needed on the users end.

Credit goes to XeClutch for the original concept which can be found here

https://i.imgur.com/gLPPn8r.png
https://i.gyazo.com/d35f1815f4e67c987c3b39a0ca0cfbf3.png

Virus Scan

Download

GitHub

Cheat Tables

Paper Boy (XBLA)
[
  {
    "Address": "0x8253E3B0",
    "Description": "In game timer",
    "Type": "UInt",
    "Value": "0"
  },
  {
    "Address": "0x820A62E4",
    "Description": "breakpoint for score (sth r6,0(r11))",
    "Type": "Assembly",
    "Value": ""
  },
  {
    "Address": "0x82080608",
    "Description": "game timer breakpoint (nop to freeze ex: 60000000)",
    "Type": "Assembly",
    "Value": ""
  },
  {
    "Address": "0x825471E2",
    "Description": "Lives (max 255)",
    "Type": "Byte",
    "Value": "61"
  },
  {
    "Address": "0x8254737C",
    "Description": "In game score (little endian)",
    "Type": "UIntLittleEndian",
    "Value": "25000"
  }
]


COD 3
[
  {
    "Address": "0x82A4E17C",
    "Description": "Grenades (lethals)",
    "Type": "UInt",
    "Value": "93"
  },
  {
    "Address": "0x82A4E184",
    "Description": "Flash bang (tactical)",
    "Type": "UInt",
    "Value": "5"
  },
  {
    "Address": "0x82A4E178",
    "Description": "ammo-magazine",
    "Type": "UInt",
    "Value": "8"
  },
  {
    "Address": "0x82A4E008",
    "Description": "ammo-inventory",
    "Type": "UInt",
    "Value": "999"
  },
  {
    "Address": "0x82A1A8F8",
    "Description": "Gamertag",
    "Type": "String",
    "Value": "XeCrippy\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
  }
]


Duke Nukem 3D
[
  {
    "Address": "0x833897D8",
    "Description": "ammo",
    "Type": "UShort",
    "Value": "200"
  },
  {
    "Address": "0x82112048",
    "Description": "InfAmmo(off=0x396BFFFF on= 0x396B0000",
    "Type": "Assembly",
    "Value": "0x396B0000"
  },
  {
    "Address": "0x839C8FB6",
    "Description": "health",
    "Type": "UShort",
    "Value": "9411"
  }
]




*The issues with follow up searches should be fixed if anyone wants to help test. Once I can get the searches working right I will add some more features and search options to it. Ultimately I want to make kind of a guide or a wizard app to go with it or some tutorials.


Last edited by XeCrippy ; edited 10 times in total

The following 5 users thanked XeCrippy for this useful post:

Frog (12-05-2023), dj (12-02-2023), TTG_JAMBO (11-28-2023), Ghost (11-28-2023), 3CH (11-28-2023)
#2. Posted:
TTG_JAMBO
  • Christmas!
Status: Offline
Joined: May 16, 200914Year Member
Posts: 472
Reputation Power: 74
Status: Offline
Joined: May 16, 200914Year Member
Posts: 472
Reputation Power: 74
Thanks as always legend, been going through your recent releases
#3. Posted:
XeCrippy
  • Fairy Master
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
I didn't realize the follow up searches were failing after the 2nd search so I just pushed an update to fix it. Also fixed an error with the 'Previous' value column not updating properly. This tool has been taking some serious testing time so if anyone who tries it finds an error just let me know and I'll try to fix it.
#4. Posted:
XeCrippy
  • Fairy Master
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
I just added an update for this with some small fixes and also an option to convert your cheat table to a csharp class for convenience
#5. Posted:
XeCrippy
  • Winter 2019
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
I have been working hard on a solution for this tool and have finally made some progress. I have started rebuilding it in c++ and can say that I have at least increased the speed of the memory dump significantly. This program reads memory at about 4-6mbps on my PC, while the c++ version is currently reading at around ~20mbps and I think I can hopefully improve it some more.

If it can perform at least as fast as xce tools 2 then it will be useful with the cheat table functionality
#6. Posted:
sonnyyyy
  • Winter 2021
Status: Offline
Joined: Dec 04, 20203Year Member
Posts: 157
Reputation Power: 34
Status: Offline
Joined: Dec 04, 20203Year Member
Posts: 157
Reputation Power: 34
i remember trying this years ago and couldnt get it to work haha
good to see it fixed and improved
#7. Posted:
XeCrippy
  • Rated Awesome
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
Status: Offline
Joined: May 12, 20167Year Member
Posts: 1,889
Reputation Power: 1259
I have made a little progress with the c++ version for this. I have the main search and subsequent searches completed. I still have to finish the string searching and add some more options like search for only changed values, searching for a range of values, or unknown values, etc. It is faster than the c# version but I'm trying to balance speed/stability because I am using socket connection and no Xbox 360 sdk libraries so it's been tricky handling receiving the response without getting buffer overflows or connection timing out. This is just a pic from testing so the layout may change and there will be more options

https://i.imgur.com/bqcikea.png
Users browsing this topic: None
Jump to:


RECENT POSTS

HOT TOPICS