search

soarqin / vita-rxcheat

VITA RxCheat
MIT License
26 stars 2 forks source link

cheat code go messy when .ini file is too long (or maybe too large) #6

Closed kjcm150 closed 6 years ago

kjcm150 commented 6 years ago

_S PCSG00488 _G 英雄伝説 空の軌跡 FC Evolution

_C0 yoshua stat _B 0x30000000 0x00000000 _L 0x1177DE7E 0x0000270F _L 0x1177DE80 0x0000270F _L 0x1177DE82 0x0000270F _L 0x1177DE84 0x0000270F _L 0x1177DE86 0x000000C8 _L 0x1177DE8C 0x000003E7 _L 0x1177DE8E 0x000003E7 _L 0x1177DE90 0x000003E7 _L 0x1177DE92 0x000003E7 _L 0x1177DE94 0x00000063 _L 0x1177DE96 0x00000063 _L 0x1177DE9A 0x00000063 _L 0x14FC5D06 0x0000270F _L 0x14FC5D08 0x0000270F _L 0x14FC5D0A 0x0000270F _L 0x14FC5D0C 0x0000270F _L 0x14FC5D0E 0x000000C8 _L 0x14FC5D14 0x000003E7 _L 0x14FC5D16 0x000003E7 _L 0x14FC5D18 0x000003E7 _L 0x14FC5D1A 0x000003E7 _L 0x14FC5D1C 0x00000063 _L 0x14FC5D1E 0x00000063 _L 0x14FC5D22 0x00000063 _B 0x00000000 0x00000000

_C0 estelle stat _B 0x30000000 0x00000000 _L 0x1177DE4A 0x0000270F _L 0x1177DE4C 0x0000270F _L 0x1177DE4E 0x0000270F _L 0x1177DE50 0x0000270F _L 0x1177DE52 0x000000C8 _L 0x1177DE58 0x000003E7 _L 0x1177DE5A 0x000003E7 _L 0x1177DE5C 0x000003E7 _L 0x1177DE5E 0x000003E7 _L 0x1177DE60 0x00000063 _L 0x1177DE62 0x00000063 _L 0x1177DE66 0x00000063 _L 0x14FC04FE 0x0000270F _L 0x14FC0500 0x0000270F _L 0x14FC0502 0x0000270F _L 0x14FC0504 0x0000270F _L 0x14FC0506 0x000000C8 _L 0x14FC050C 0x000003E7 _L 0x14FC050E 0x000003E7 _L 0x14FC0510 0x000003E7 _L 0x14FC0512 0x000003E7 _L 0x14FC0514 0x00000063 _L 0x14FC0516 0x00000063 _L 0x14FC051A 0x00000063 _B 0x00000000 0x00000000

soarqin commented 6 years ago
  1. I have tested reading the code in my test program and it reads okay
  2. "_B 0x30000000" will try to write memory to first heap allocated, using heap means the game may allocate memory dynamically and the memory address is not fixed every time, so that when game reboots, the cheats are not working any more.

Anywayz, I will diagnostic into this later.

kjcm150 commented 6 years ago

Thanks for reply.

The code won't go messy if I seperate every _L line like below.

_C0 yoshua hp _B 0x30000000 0x00000000 _L 0x1177DE7E 0x0000270F _B 0x00000000 0x00000000

_C0 yoshua max hp _B 0x30000000 0x00000000 _L 0x1177DE80 0x0000270F _B 0x00000000 0x00000000

And I think the address in this game is fixed, I reboot the game many times for testing.

soarqin commented 6 years ago

I have tested the code and confirmed that the problem is caused by incorrect implementation of free() in liballoc, will fix it asap

soarqin commented 6 years ago

Update: confirmed that the problem is caused by buffer overflow in sceClibStrncpy(it copies buffer past \0 terminate in string), fixed in 0.12 release, you can download it from 'releases' section