(adsbygoogle = window.adsbygoogle || []).push({}); So when making a rtm tool you need bytes correct?

so i have an address. But i don't know how to test out this address so i can use it. also i don't know where to find bytes at for the address. to make an rtm tool. if anyone can help

You must login or register to view this content.

^ a picture feel free to circle anything to show me. I'm a visual learner!

It varies depending on what it actually is. You usually have to use your head to figure it out unless you can find something which uses it and has bytes on it. But if per say it was health it would probably be 0x00, 0x00, 0x00, 0x64 (0x64 = 100 in decimal) so setting it to 0x00, 0x00, 0x00, 0xFF would give you more health. Or if it was something like a vision it would probably go 1, 2, 3, 4, 5 in a sequence (or 1 << 1, 1<<2, 1 << 3, 1<<4, 1<<5) just as an example. But most of the time unless it has a reference to the actual address you have to try logical guessing.

The answer to your question is opcode. All opcode [in 32bit powerpc] are 4 bytes in length, each byte ID's both the instruction, what GPR to use and the last 2 bytes regard operands. For example...

li r3, 1 --> 38 60 00 01

0x38 (the first byte) is the start of the LI instruction, 0x60 (the second byte) when divided by 0x20, gives you the exact GPR field to use. 0001 (the third and forth byte) is the immediate value to store inside the destination register (specified by the second byte), upon research you will learn the definition of an immediate value is a signed 16bit (2 byte) value (or in terms of datatype, a short (or int16)), which just makes the system much more logical. Other instructions work differently, but use the same logic.

In 32bit PowerPC, GPR's can only range from r0-r31, seeing as an 8bit value could never cover each and every GPR, every instruction has four opcodes (that increment by one), one to use the 1st lower half (r0-r7), a 2nd to use the 2nd lower half (r8-r15). a third to use the 2nd higher half (r16-r23) and a forth to use the 1st higher half (r23-r31). As you can see, the main exponent here is 0x7, each 7 registers equals a relap. (Incase you haven't figured it out yet, 0x38 = r0-r7, 0x39 = r8-r15, 0x3A = r15-r23, 0x3B = r23-r31)

Note that many instructions have their own different type of system for IDing segments of the 32bit opcode, this exact procedure is meant to be used with the LI instruction. If you're having issues working it out, in IDA, you can also go into the hex view tab and hit F2, and alter bytes and see the outcome (aka opcode debugging).

EDIT:

Just to be sure your question is 100% answered, could you elaborate in what you exactly want?

What exactly I want is how can I use this address in a game andrto find out what bytes it is
Looks like Ida pro is more of a language
What I did
I opened two ida's
Jumped to an address in the 1.17 eboot.elf
Then highlighted what was under loc
Hex viewed it and copied a line in hex
Then I went onto the other ida 1.19 eboot.elf loaded on it
I pressed Alt + B and input the Hex line I copied from 1.17 eboot.elf
And I got that result in the screenshot above
In videos guys said that the loc_ was the new offset for the game

IDA is nothing more than a disassembler, not a 'language' lol. So you're trying to port addresses? All you have to do is find static patterns, which by that is a list of opcode that is unique to one function, that shouldn't change anytime soon - that way each update you'll always find results.

So find anything unique that ill find the same in the newer .elf?

Yes, if you're doing it via code you'll have to do the math to go to the correct instruction address (seeing as a static result wouldn't always start with the address you're altering), if you're doing it by hand then you'll know what to look for.

I'll try when I get back home
I'll get back at you if I need answers

Answered unless OP says otherwise.