Post subject: Finding a Dynamic Memory Address
cheeze42
He/Him
Joined: 6/5/2015
Posts: 15
So I'm currently messing with Kingdom Hearts: Chain of Memories and I wanted to find the address for an enemy's health. I use Ram Search and successfully find the address. However, upon reverting the save state and spawning the enemy later than before (thus having different RNG, etc.), the address now has completely different and unrelated numbers in it. I Ram Search again and find a totally different address that now holds the enemy health. By doing this over and over I find about 20 different addresses the health could be at, and I don't want to have to Ram Search every time. However, the addresses seem to follow some sort of pattern: there are only 3 possibilities for the last digit, and the addresses are in generally the same place. Also, once the health is assigned to an address, it doesn't move until I revert the savestate and do it again with different RNG (or whatever's moving it). So how should I consistently find the address? The TASVideos page says to find the pointer, but I'm not entirely sure how to do that. Or am I just going to have to use Ram Search repeatedly? Thanks in advance.
Games of Interest: -Pokemon Rumble (Wii) -Kingdom Hearts: Chain of Memories (GBA) -Kingdom Hearts: re:Coded (NDS)
Warepire
He/Him
Editor
Joined: 3/2/2010
Posts: 2178
Location: A little to the left of nowhere (Sweden)
What you want to examine first is: Is the distance between the addresses always the same, or if they have a common denominator. You could be dealing with an array of structures, if that's the case, you should also (hopefully), find the enemy position near its health value. They can be used to place the health value near the enemy using LUA (after a little position-translation). If the above is not the case, then you are probably dealing with a real dynamic memory allocation, and depending on implementation, these can be quite tricky to find. The first step is to look for a value that is equal to the address which contains the memory value. Note, that you may still be looking at a structure, so try to do a "fuzzy" search (meaning, look for values also slightly smaller than the address you have). When you believe you found something, watch that address and see if changes the way you expect it to. If that fails, you might be dealing with what I call offset-pointers, it's where the game has a hard-coded base value, and adds an offset to it to produce the pointer. For this, I usually dump the entire RAM state to a file using LUA, for a selection of the possible locations, then look for a value that changes with the same "distance" as the address moves using a hex editor. There might be other ways to do this though. I hope this was useful. Good luck!
ALAKTORN
He/Him
Former player
Joined: 10/19/2009
Posts: 2527
Location: Italy
Warepire wrote:
The first step is to look for a value that is equal to the address which contains the memory value. Note, that you may still be looking at a structure, so try to do a "fuzzy" search (meaning, look for values also slightly smaller than the address you have). When you believe you found something, watch that address and see if changes the way you expect it to.
I think rather than doing it only once, you should do it a bunch of times to narrow the search down. I’d say the first step is to make multiple savestates, each with a different HP address, then switch between the savestates while doing the RAM Search so that you can narrow it down a lot further.