Log in

View Full Version : [TEST RTE] Castlevania HD XBLA TU2



optantic
12-12-2012, 11:05 AM
Not sure if this the right place to post this, sorry if it's not.

Could some test this on Castlevania HD XBLA TU2 with at least 3 DLC characters installed
(tested on ALL DLCs installed, 6 extra characters, 5 extra stages, and 2 BGM). Address Range will be different if NO DLC installed.

Castlevania HD XBLA TU2 RTE v03
10857

Note: Poke Stats before GP, otherwise will need to reload RTE
Thanks to pureiso for isoLib!

Mirror Link
http://www.mediafire.com/download.php?bfn7025mmg9bti1

1. Enter Xbox360 IP and click Connect
10858
2. After loading Save, poke on the button and wait ~10 seconds
10568
3. check Stats at Main Menu
10647
4. Start Chapter

Note: Stats are not Saved after game is turned off or Exit Game while in Chapter

Link to All DLCs and TU2:
http://www.360haven.com/forums/showthread=20634-castlevania-hd-all-dlcs-tu2.html


using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;


namespace Castlevania_HD_XBLA_TU2
{
public partial class Form1 : Form
{
//Global variable for real time memory - so we can share between functions
private ISOLib.XBDMPackage.RealTimeMemory _rtm;
private uint[] _addresses;
private bool _flag = false;

public Form1()
{
InitializeComponent();
}

private void connectButton_Click(object sender, EventArgs e)
{
//Pointer Range, start address and dump length
_rtm = new ISOLib.XBDMPackage.RealTimeMemory(ipAddressTextBox .Text, 0xC7470000, 0x80000);

if (_rtm.Connect())
{

MessageBox.Show(this,string.Format("Connected"), string.Format("Castlevania HD XBLA TU2"), MessageBoxButtons.OK, MessageBoxIcon.Information);
pokeMemoryButton.Enabled = true;

toolStripStatus.Text = string.Format("Connected");
}
else
{
MessageBox.Show(this, string.Format("Already Connected or No Connection"), string.Format("Castlevania HD XBLA TU2"), MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}



private void pokeMemoryButton_Click(object sender, EventArgs e)
{
System.Threading.Thread oThread = new System.Threading.Thread(PokeMemory);

oThread.Start();
}

private void PokeMemory()
{

CheckForIllegalCrossThreadCalls = false;
try
{
if (_flag)//if you have the addresses already
_rtm.Poke(_addresses[0] + 0x68, "43C80000");
else
{
toolStripStatus.Text = string.Format("Estimate 35 seconds...");
toolStripStatus.Invalidate();

_addresses = _rtm.FindUIntOffset("09536F6D61204372757A006F727269730017029400000000");

toolStripStatus.Text = string.Format("Connected");
toolStripStatus.Invalidate();

_rtm.Poke(_addresses[0] + 0x68, "43C80000");//SOMA
_rtm.Poke(_addresses[0] + 0x6C, "48000000");
_rtm.Poke(_addresses[0] + 0x70, "43000000");
_rtm.Poke(_addresses[0] + 0x74, "48000000");
_rtm.Poke(_addresses[0] + 0x78, "48000000");
_rtm.Poke(_addresses[0] + 0x7C, "48000000");
_rtm.Poke(_addresses[0] + 0x80, "48000000");
_rtm.Poke(_addresses[0] + 0x390, "43C80000");//ALUCARD
_rtm.Poke(_addresses[0] + 0X394, "48000000");
_rtm.Poke(_addresses[0] + 0x398, "43000000");
_rtm.Poke(_addresses[0] + 0x39C, "48000000");
_rtm.Poke(_addresses[0] + 0x3A0, "48000000");
_rtm.Poke(_addresses[0] + 0x3A4, "48000000");
_rtm.Poke(_addresses[0] + 0x3A8, "48000000");
_rtm.Poke(_addresses[0] + 0x6B8, "43C80000");//JOHATHAN
_rtm.Poke(_addresses[0] + 0x6BC, "48000000");
_rtm.Poke(_addresses[0] + 0x6C0, "43000000");
_rtm.Poke(_addresses[0] + 0x6C4, "48000000");
_rtm.Poke(_addresses[0] + 0x6C8, "48000000");
_rtm.Poke(_addresses[0] + 0x6CC, "48000000");
_rtm.Poke(_addresses[0] + 0x6D0, "48000000");
_rtm.Poke(_addresses[0] + 0x9E0, "43C80000");//Julius
_rtm.Poke(_addresses[0] + 0x9E4, "48000000");
_rtm.Poke(_addresses[0] + 0x9E8, "43000000");
_rtm.Poke(_addresses[0] + 0x9EC, "48000000");
_rtm.Poke(_addresses[0] + 0x9F0, "48000000");
_rtm.Poke(_addresses[0] + 0x9F4, "48000000");
_rtm.Poke(_addresses[0] + 0x9F8, "48000000");
_rtm.Poke(_addresses[0] + 0xD08, "43C80000");//Richter
_rtm.Poke(_addresses[0] + 0xD0C, "48000000");
_rtm.Poke(_addresses[0] + 0xD10, "43000000");
_rtm.Poke(_addresses[0] + 0xD14, "48000000");
_rtm.Poke(_addresses[0] + 0xD18, "48000000");
_rtm.Poke(_addresses[0] + 0xD1C, "48000000");
_rtm.Poke(_addresses[0] + 0xD20, "48000000");
_rtm.Poke(_addresses[0] + 0x1030, "43C80000");//Shanoa
_rtm.Poke(_addresses[0] + 0x1034, "48000000");
_rtm.Poke(_addresses[0] + 0x1038, "43000000");
_rtm.Poke(_addresses[0] + 0x103C, "48000000");
_rtm.Poke(_addresses[0] + 0x1040, "48000000");
_rtm.Poke(_addresses[0] + 0x1044, "48000000");
_rtm.Poke(_addresses[0] + 0x1048, "48000000");
_rtm.Poke(_addresses[0] + 0x1358, "43C80000");//Charlotte
_rtm.Poke(_addresses[0] + 0x135C, "48000000");
_rtm.Poke(_addresses[0] + 0x1360, "43000000");
_rtm.Poke(_addresses[0] + 0x1364, "48000000");
_rtm.Poke(_addresses[0] + 0x1368, "48000000");
_rtm.Poke(_addresses[0] + 0x136C, "48000000");
_rtm.Poke(_addresses[0] + 0x1370, "48000000");
_rtm.Poke(_addresses[0] + 0x1680, "43C80000");//Yoko
_rtm.Poke(_addresses[0] + 0x1684, "48000000");
_rtm.Poke(_addresses[0] + 0x1688, "43000000");
_rtm.Poke(_addresses[0] + 0x168C, "48000000");
_rtm.Poke(_addresses[0] + 0x1690, "48000000");
_rtm.Poke(_addresses[0] + 0x1694, "48000000");
_rtm.Poke(_addresses[0] + 0x1698, "48000000");
_rtm.Poke(_addresses[0] + 0x19A8, "43C80000");//Maria
_rtm.Poke(_addresses[0] + 0x19AC, "48000000");
_rtm.Poke(_addresses[0] + 0x19B0, "43000000");
_rtm.Poke(_addresses[0] + 0x19B4, "48000000");
_rtm.Poke(_addresses[0] + 0x19B8, "48000000");
_rtm.Poke(_addresses[0] + 0x19BC, "48000000");
_rtm.Poke(_addresses[0] + 0x19C0, "48000000");
_rtm.Poke(_addresses[0] + 0x1CD0, "43C80000");//Simon
_rtm.Poke(_addresses[0] + 0x1CD4, "48000000");
_rtm.Poke(_addresses[0] + 0x1CD8, "43000000");
_rtm.Poke(_addresses[0] + 0x1CDC, "48000000");
_rtm.Poke(_addresses[0] + 0x1CE0, "48000000");
_rtm.Poke(_addresses[0] + 0x1CE4, "48000000");
_rtm.Poke(_addresses[0] + 0x1CE8, "48000000");
_rtm.Poke(_addresses[0] + 0x1FF8, "43C80000");//FUMA
_rtm.Poke(_addresses[0] + 0x1FFC, "48000000");
_rtm.Poke(_addresses[0] + 0x2000, "43000000");
_rtm.Poke(_addresses[0] + 0x2004, "48000000");
_rtm.Poke(_addresses[0] + 0x2008, "48000000");
_rtm.Poke(_addresses[0] + 0x200C, "48000000");
_rtm.Poke(_addresses[0] + 0x2010, "48000000");


}

if (decimal.Parse(_rtm.Peek(_addresses[0] + 0x10, 0x04)) != 0) MessageBox.Show(this, string.Format("All Stats Successfully Changed"), string.Format("Castlevania HD XBLA TU2"), MessageBoxButtons.OK, MessageBoxIcon.Information);
else MessageBox.Show(this, string.Format("Poke Done"), string.Format("Castlevania HD XBLA TU2"), MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{

MessageBox.Show(this, ex.Message, string.Format("Castlevania HD XBLA TU2"), MessageBoxButtons.OK, MessageBoxIcon.Information);
}


finally
{
_flag = false;
System.Threading.Thread.CurrentThread.Abort();
}
}
}
}


Thanks pureiso for ISOLib

X360Quicky
12-14-2012, 05:40 AM
Nice optantic, I don't think I've seen you around for a little while, good to see you working on things. Do you mind me asking why the "35 second" delay? Curiosity is just damn nosy. :053:

optantic
12-14-2012, 06:43 AM
Trying to make my first RTE :)
I think it takes 35 seconds to dump the memory length 0x80000 and then search for the pointer and apply the values.

fullmetal172
12-14-2012, 07:34 AM
not able to download this says its restricted for me for some reason

optantic
12-14-2012, 10:29 PM
added mediafire link

X360Quicky
12-15-2012, 06:11 PM
Trying to make my first RTE :)
I think it takes 35 seconds to dump the memory length 0x80000 and then search for the pointer and apply the values.

Oh OK, 35 seconds seems a bit long to me, you might want to go over your code. My halo 4 RTE (not released) does a search of memory length 0x200000 then searches for pointers, then checks the values stored, and applies my set values if the values match my checks, it tries to do this continuously every 1/4 of a second to make sure it's poking the correct location. The first search takes a maximum of 5 seconds (I plan to try to make it quicker), then it continuously does it automatically within a second, I've tested it by reloading the map which changes all the values, changing to other maps, and restarting the console, and it's doing it in the correct times.

Well done on your first RTE by the way, but like I said you may want to work on the timings. :053:

optantic
12-16-2012, 12:43 AM
Updated RTE to v02
1. lowered atk, strength since 9999 strength is overkilled, it'll stuck on Boss1 if it's killed before dropping down, soul attacks still does 9999 damages
2. lowered base HP to 400 since all traps still takes off 10% damage regardless how much HP you got

@X360Quicky, could it be faster if you're using xbdm.xex from dev kernel?
Maybe, you could try out the RTE if you have the game and see how long it takes to poke on your console, I've included the link to All DLCs and TU2 in the first post.
Or check out the coding (spoiler) and see what could be done to improve the speed?

X360Quicky
12-16-2012, 02:08 AM
Updated RTE to v02
1. lowered atk, strength since 9999 strength is overkilled, it'll stuck on Boss1 if it's killed before dropping down, soul attacks still does 9999 damages
2. lowered base HP to 400 since all traps still takes off 10% damage regardless how much HP you got

@X360Quicky, could it be faster if you're using xbdm.xex from dev kernel?
Maybe, you could try out the RTE if you have the game and see how long it takes to poke on your console, I've included the link to All DLCs and TU2 in the first post.
Or check out the coding (spoiler) and see what could be done to improve the speed?

Lol everybody seems to be using this ISOLib. If I'm wrong with anything then correct me as I have never used ISOLib before, I just do things myself as always.
So..."_rtm = new ISOLib.XBDMPackage.RealTimeMemory(ipAddressTextBox .Text, 0xC7470000, 0x80000);" I assume this is to get debug access to the 360 through XBDM.dll, and the memory address and length to dump to find the base memory location to use poking activity? or maybe it does it manually through tcp?

but...what is this? "_addresses = _rtm.FindUIntOffset("09536F6D61204372757A006F72726 9730017029400000000");" is it finding the first occurrence, or all occurrences of the string from the memory dump from (memory address: 0xC7470000, length: 0x80000) to get the memory address(es) and storing it in a char array? because if it is then it's different to how I do things.

And then there is this: "_rtm.Poke(_addresses[0] + 0x68, "43C80000");//SOMA
what is that doing? poking the memory address of: (_addresses[0] + 0x68) to the value of: "43C80000"?
because if it is, wouldn't it make sense to do this: _rtm.Poke(_addresses[0] + 0x68, "43C80000480000004300000048000000480000004800000048 000000"); ? so instead of poking 4 bytes of data 7 times wasting time, you could simply poke 28 bytes of data once! This would work as 0x68, 0x6C, 0x70, 0x74, 0x78, 0x7C, 0x80 are all 4 bytes apart and you was poking 4 bytes before so you was basically breaking up 28 bytes to do separately. Depending on how the dll is set up that code will work else you'd need to write it up yourself to poke 28 bytes instead of 4. You have a quite a lot that don't need poking so many times.

I'll try your RTE tomorrow, I'm on RGLoader so we'll se if it makes a difference, if not...
I don't have the game right now but I will try and get the game tomorrow, and compile something up and see what times I get.

My apologies for the long message. (I don't know how to do spoilers or anything on here lol.) :053:

optantic
12-16-2012, 03:30 AM
Lol everybody seems to be using this ISOLib. If I'm wrong with anything then correct me as I have never used ISOLib before, I just do things myself as always.
So..."_rtm = new ISOLib.XBDMPackage.RealTimeMemory(ipAddressTextBox .Text, 0xC7470000, 0x80000);" I assume this is to get debug access to the 360 through XBDM.dll, and the memory address and length to dump to find the base memory location to use poking activity? or maybe it does it manually through tcp?

Because, ISOLib is the only one available to public???
I know nothing about coding, I just try to use what's available to the public and try to edit them to make it work on other game.

It sets the Start Address and Length to dump in order to find the pointer address when click on a poke button.



but...what is this? "_addresses = _rtm.FindUIntOffset("09536F6D61204372757A006F72726 9730017029400000000");" is it finding the first occurrence, or all occurrences of the string from the memory dump from (memory address: 0xC7470000, length: 0x80000) to get the memory address(es) and storing it in a char array? because if it is then it's different to how I do things.

After dumping the memory length, search and find the only occurrence in the memory range and use it as a reference to poke other address.



And then there is this: "_rtm.Poke(_addresses[0] + 0x68, "43C80000");//SOMA
what is that doing? poking the memory address of: (_addresses[0] + 0x68) to the value of: "43C80000"?
because if it is, wouldn't it make sense to do this: _rtm.Poke(_addresses[0] + 0x68, "43C80000480000004300000048000000480000004800000048 000000"); ? so instead of poking 4 bytes of data 7 times wasting time, you could simply poke 28 bytes of data once! This would work as 0x68, 0x6C, 0x70, 0x74, 0x78, 0x7C, 0x80 are all 4 bytes apart and you was poking 4 bytes before so you was basically breaking up 28 bytes to do separately. Depending on how the dll is set up that code will work else you'd need to write it up yourself to poke 28 bytes instead of 4. You have a quite a lot that don't need poking so many times.

I thought it could only poke 4 bytes at a time :)
Just tried poking 28 bytes at once, but doesn't seem to make any difference in terms of Time.



I'll try your RTE tomorrow, I'm on RGLoader so we'll se if it makes a difference, if not...
I don't have the game right now but I will try and get the game tomorrow, and compile something up and see what times I get.

My apologies for the long message. (I don't know how to do spoilers or anything on here lol.) :053:
It would be nice if you could get poke time down to a few seconds. Just release it as your RTE :)

to use spoiler tag use with the *
[*spoiler] [*/spoiler]

optantic
01-03-2013, 09:33 AM
Updated to v3, guess it's Final version.

speedfly
01-08-2013, 12:45 PM
need change country to unite state and language change to english

Serious_M
01-11-2013, 05:47 PM
nice work optantic

thegutta
01-11-2013, 05:50 PM
Awesome work optantic :)

CloudStrife7x
01-11-2013, 06:20 PM
great work on this optantic you beast :026:

Irishzone
01-16-2013, 06:39 PM
is there anyway you can make a save with all the new weapons that were added to dlc stage like the valmanway +1, etc...

optantic
01-16-2013, 09:08 PM
is there anyway you can make a save with all the new weapons that were added to dlc stage like the valmanway +1, etc...
try use the save editor

DaMovieGuru
02-04-2013, 06:00 AM
For the life of me, I cannot get the application to connect; it keeps giving me that "unhandled exception" error. Are we talking about the ip address the xbox gives you by means of wireless or ethernet; is the ftpdll plugin required?

optantic
02-04-2013, 07:07 AM
Try install xbdm.xex plugin and see if it works

DaMovieGuru
02-05-2013, 08:28 AM
Try install xbdm.xex plugin and see if it works

Well, I'd be damned-- it works! Y'all modders are just pure genius!

Nerg
01-31-2015, 12:13 PM
Good work man. Thanks.