|
Tutorial
Introduction to using scanmem
Featured You can use scanmem to cheat at nethack (on systems where nethack is not installed sgid), here is an example session finding and setting my gold to an arbitrary value. $ scanmem --pid `pidof nethack` info: attaching to pid 17907. info: maps file located at /proc/17907/maps opened. info: 17 suitable regions found. Please enter current value, or "help" for other commands. 0> The 0 in the scanmem prompt indicates there are no known matches, so I enter my current gold level (12 pieces) and ask it to search for possible matches. 0> 12 info: searching 0xbfff9000 - 0xc0000000...........ok info: searching 0x401c2000 - 0x401e3000...........ok info: searching 0x401c1000 - 0x401c2000...........ok info: searching 0x401b6000 - 0x401b8000...........ok info: searching 0x401b5000 - 0x401b6000...........ok info: searching 0x40189000 - 0x4018a000...........ok info: searching 0x40188000 - 0x40189000...........ok info: searching 0x40181000 - 0x40183000...........ok info: searching 0x4017f000 - 0x40181000...........ok info: searching 0x40070000 - 0x40071000...........ok info: searching 0x40068000 - 0x40070000...........ok info: searching 0x40030000 - 0x40031000...........ok info: searching 0x40029000 - 0x4002a000...........ok info: searching 0x4001f000 - 0x40020000...........ok info: searching 0x40016000 - 0x40017000...........ok info: searching 0x081d4000 - 0x0820a000...........ok info: searching 0x081b7000 - 0x081d4000...........ok info: we currently have 38 matches. 38> There are 38 possible matches, I wait until my gold level changes and enter the new value (15 pieces) 38> 15
info: we currently have 1 matches.
info: match identified, use "set" to modify value.
info: enter "help" for other commands.
1> list
[00] 0x081d6d88 { 15} (unassociated, typically .bss)
1> set 10000
info: setting *0x081d6d88 to 10000...
1>Excellent, only one possible match. I use the set command to set it to 10,000. The resulting nethack screen is below. Taviso the Digger St:17 Dx:9 Co:15 In:14 Wi:13 Ch:9 Lawful Dlvl:1 $:10000 HP:7(15) Pw:1(1) AC:9 Exp:1 Burdened scanmem is distributed with a man page that describes all of the commands. |
► Sign in to add a comment
In some games you may need to multiply all numbers by eight. Let's iamgine I have 110 gold coins in the game. 110*8=880. Look for the value 880 with scanmem. After finding a match you can edit the value. let's say I want to have 999 gold coins. 999*8=7992. Therefore give the following command: set 7992 instead of the common and sensible set 999
I've noticed that in some games scanmem finds what I'm looking for if I multiply the numbers by eight. Unfortunately other games appear to be impervious to this. For some reason certain games don't store their variables in x*8 nor in x*1 format. What should I try next?
what is the reason for multiplying with eight? what kind of memory arrangement requires this?
asd
The majority of games that this happens with seem to be flash games, but as for knowing why it does this, I'm not sure anyone is certain.
8 is due to the implement of flash, which prepend some flag bytes before an integer
There seems to be a problem with searching for strings. Every time I search for a string I get: error: failed to attach to 13770, Operation not permitted error: failed to search target address space.
Does anyone know how to search number format (double, float) from the command line. If I use '75', it only searches for INT 75, but sometimes i need 75.0 (FLOAT 32).
Thank you very much ....
Sorry , stupid me, should have used help option at first
You should add a donate button of some kind, I would totally donate to something like this.
Will you support iOS? it'll be a nightmare for some games requiring non-free plugins.