Finding Pointers With TempAR

This is a quick and simple guide on how to search for pointers for games with DMA that VitaCheat can use. The Vita games are notorious in using DMA (Dynamic Memory Allocation). One example is Stardew Valley. Let say you search for code reference in Stardew Valley and you've found some references and they work. Then you close the game. The next time you launch game the code reference that you have previously searched doesn't work anymore because code reference have shifted. This is why we need pointers.

This would not be possible without the various contributions from the people mentioned in the credits. This is a community effort.

This guide is based on xJam.es's (raing3) guide from MaxConsole.

VitaCheat Manuals

• Users & CheatFile manual

Password is psvitacheat

Difficulty

Moderate, must have experience on how to use VitaCheat.

Requirements

• TempAR or TempAR - Vita Edition

• VitaCheat

Tutorial

We'll be using the game Stardew Valley (1.02 Comp Pack) as an example and we'll be searching for the stamina which is a floating point value. Make sure you have enough space on your memory card.

Note: Stardew Valley have DMA (obviously) but just to make it clear, the code reference that you see in this guide is not necessarily your code reference. If you follow this tutorial you should get the same pointer code.

Step 1: Get Code Reference and Dump the Memory

We need two code references and two memory dumps so you'll have to do this step two times.

1. Launch the game and start by searching code reference for the stamina. The default stamina value is 270 in floating point.

2. Open the VitaCheat by pressing + and go to the Go Search menu. Select the value field and press to switch the value type to float. Enter 270, type 32-bit and set the range to 0x81000000 - 0x89000000 then press the First Search.

Note: Floating point values are always 32-bit.

3. Once search is done, we get 11 suspicious results. Quit VitaCheat to return to the game and use the pickaxe to lower your stamina to 268. The hex value of 268 (Float) is 0x43860000 (converter), remember this value because we need it later.

4. Open VitaCheat and go back to the Go Search menu. Press the and you'll see the address which value have changed or updated. In my case, I got 0x852E877C. Write it down.

Note: Since the result is only 11 in this case it's better to browse for the code reference manually by pressing the . But if you get hundreds or thousands of results then you need to update the stamina/money/item value by using the pickaxe in this case or by buying items or using items, etc. Once the value is updated enter the updated value and then press the Search Again. This will eliminate useless results. Refer to the User's manual for details.

5. Now that we have our reference we can now dump the memory. Go to the Cross-Memory menu and Choose Export Memory Safe Mode. Set range to 0x81000000 - 0x86000000 and press the start button to begin dumping. Once done you'll get PCSE01235_0x81000000_0x86000000_0.bin under ux0:vitacheat/mem/. Sometimes memory dump fails (see TempAR Tips: Corrupted Memory Dump).

Note: My code reference starts at 0x85 so my range is 0x81000000 - 0x86000000.

6. Once done quit the game to reshuffle the memory locations then repeat the whole process again to get the second code reference and memory dump.

Step 2: Get the Pointer Code with TempAR

By following the steps above you should now have two memory dumps:

• PCSE01235_0x81000000_0x86000000_0.bin

• PCSE01235_0x81000000_0x86000000_1.bin

And two of my code reference:

• 0x852E877C

• 0x85392CCC

---

Launch TempAR and follow the settings below:

Name	Values
Memory Dump	PCSE01235_0x81000000_0x86000000_0.bin
Address	852E877C
Memory Dump	PCSE01235_0x81000000_0x86000000_1.bin
Address	85392CCC
Mode	Other...
Base Address	0x81000000
Maximum Offset	0x1000
Value	0x43860000 Remember the hex value from Step 1-3? Enter it here.
32-bit	Checked Because our value is a floating point
Only Display the Optimal Pointer Paths	Checked
RAW Code	Unchecked
Include Negatives	Unchecked Check this if positive pointers yield no results
Real Addresses	Checked
CWCheat	Checked

And now we have the pointer code which is 0x849FFB30! If you followed this tutorial then you should get the same pointer code.

Note: If you get multiple green results always prioritize the first result and if that didn't work continue testing each green results until you get the pointer code.

Note: Now if there's no green result then use the Include Negatives or increase the Maximum Offset (see TempAR Tips: Extending the Base Address & Maximum Offsets). If there's still no green results then you're either using wrong code reference, the wrong value or the game you're trying to crack have multi-level pointers. Refer to Finding Multi-Level Pointers With TempAR.

Step 3: Converting CWCheat Code to VitaCheat

Now that we have our level 1 pointer code the next step is to convert the CWCheat code to VitaCheat format (see TempAR Tips: Levels).

_C0 Generated Code
_L 0x639FFB30 0x43860000
_L 0x00020001 0x0000022C

_V0 Infinite Stamina
$3201 849FFB30 0000022C
$3300 00000000 44098000

• _V0 Infinite Stamina: Is the code description

• $3201: $3 is the identifier for the pointer code

• 849FFB30: The level 1 pointer code. Follow the green result because that's the real address (see TempAR Tips: Real Address).

• 0000022C: The level 1 pointer value

• 44098000: The cheat value. It can be 999 (float) which is 0X4479C000 or whatever value you want.

Refer to the Cheatfile manual: Pointer Write to learn more about the VitaCheat's identifiers.

Credits

• AnalogMan & 0x3000027E - For suggesting that TempAR can be used for the VitaCheat's memory dump
• Smoker1 - For giving me the heads up about eighthdayregret's findings
• eighthdayregret - For proving that TempAR actually worked with VitaCheat and for providing the correct information of VitaCheat's values that can be used for TempAR
• xJam.es - The author of the MaxConsole article
• raing3 - The creator of TempAR
• FINALCHEAT - The creator of VitaCheat