3.6. Searching for references

Once you have found an address, it is often useful to be able to find code in the game that refers to it, so you can change the behaviour of the game, going from a lives counter to infinite lives, or a counter that stores the delay until you are next allowed to take a shot into a rapid- fire cheat.

To use the results of a references search effectively, you must know a little ARM code.

Open the Search window and choose the 'References' option, filling in the address you want to find references to in the field next to the option. Click on Search and you'll end of with a list of addresses that either contain a pointer to the address you're searching for, or an instruction that accesses that address. In the case of a pointer, you will probably have to do another search for references to the address containing the pointer, to find the code that accesses the pointer and hence the original address.

An instruction may refer to an address either by pointing to it with an Adr instruction (or a two-instruction AdrL directive), or indexed by a register. Hence Desktop Hacker can spot references to an address buried in a workspace block indexed by R12 or any other register. Of course Desktop Hacker still cannot spot all possible accesses to an address.

For infinite something-or-the-other, look for a Ldr instruction with a Sub instruction shortly after it, and a Str instruction shortly after that. Remove the Str instruction and you won't lose lives, or whatever. Anything else... you're on your own with the ARM code.

--) /!\ Advanced searching
(-- /!\ List processing
/\ Finding cheats

23rd April 1998