GitHub - tomvita/SE-tools at v1.1

Introduction:

SE tools is a set of tools for Nintendo Switch game memory hacking.

With SE tools you can search for memory location that will affect the behaviour of the game when modified and create cheat codes that modify these memory location.

SE tools consist of two major components and some optional components.

EdiZon-SE is the memory searching tool.

Pointersearcher-SE is the pointer searching tool. Many memory locations are dynamic and changes when the game relaunch and some even changes as the game progress. A pointer chain is required to locate these memory locaton.

Here all the tools I made is package into one release for the latest version of atmosphere.

Quick Start: Search Memory

Assuming you already have atmosphere install. Copy the content of the zip files for the switch into the root of your SD card. Restart your switch.
Launch the game. Press "HOME" when there is something interesting you want to search. Press "up" then "A".
Take the example of the game "Kingdom Rush Frontiers" and we will search for the amount of gold you have. You will see the following screen.
Press "Y" and "L" and "R" to navigate the setup for search.
Data Type is how the data is represented in memory. You have to make a guess what type it is. A good starting point is u16. (If that does not work try "flt" and "dbl" next).
Mode is how the content of memory is to be compared with the value you enter. In this case the value can been seen on game screen to be 840 so we choose "==".
Region is where the app will search. Choose "HEAP+MAIN" unless you already know where it is located.
In the VALUE tap press "A" to enter the value 840. Highlite the "Search Now!" box and press "A". after a few second you will see that some candidates has been found.
Go back to the game (press "HOME" and "HOME"). Spend some gold.
Press "HOME" then "UP" then "A". Press "Y". Enter the new value. Search again and this time you will find that there is only a few candidates left. Go back and repeat from Step 8 if there is too many candidate.
Now select one of the candidate and press "A" to modify the value. Go back to the game and see if you have found the right memory location.
Now that the memory location is found the next step is to add it to bookmark by press "+" and enter a label. Press "L" to toggle bookmark view.
Since we use data type u16 to perform the search you can see on the status line above that the address relative to Heap and that the type is u16. Press "RStick" and take a look at the memory editor.
Since the value of the upper order bytes are zero maybe the datatype is u32. Go back to bookmark view. Press "ZL"+"R" to change the datatype to u32. Now enter a large value and see what happens. We have confirm that the data type is u32.
Next we test if this memory location is dynamic. Let try "RESTART". The memory looks to be the same. How about "QUIT" and come back. Now we see the memory location is no longer valid. We will need pointer in order to not need to keep repeating the search in this case.
We proceed to find the new memory location.

Quick Start: Search Pointer Chain

Next we will use the pointer searching tool on PC. Launch either pointersearcher.exe or pointersearcher64.exe (will need this for cases where more that 4Gbyte of memory is needed). Click on "Attach dmnt".
Fetch bookmark from EdiZon SE.
Copy and paste into the TargetAddress1. Click on "Dump Ptr".
When the dump is complete click on "Reset and Search". Adjust MaxDepth, OffsetNum and OffsetRange until candidates are found. In this example many targets are found.
To perform a second dump go back to the game make the memory location of gold change. Now we have "gold2". Select "File2" and click on "Dump ptr" to make the second dump. Click on "Narrow Down Result" to reduce the number of targets.
Click on "Export To EdiZon SE" to export the result ready for EdiZon SE to import into bookmark.
Clock on "Push Export to EdiZon SE" which will push the file over to the switch.
On the switch press "ZL"+"+" to import bookmark. The imported bookmark has the label "import"
To test whether this is the real deal. Change the game state and see if "import" points to the gold.
Turns out that this pointer chain is only valid when some gold has been spend. The screen shot shows the pointer chain is able to resolve into the correct address of "gold3".

Quick Start: Create cheat code

Edit the bookmark label to what you want to show as the cheat code label.
Edit the value of memory to what you want the code to set.
To create cheat code choose the bookmark and press "Y". This will create a cheat code with the bookmark's label and set it to the current value at the memory location.
Press "ZL"+B to quite and reload to see the cheat code appear on the cheats section