Camera searching with Cheat Engine

[emoose]

Cheat Engine can be used to search the games memory, just needs a few tweaks to allow MEM_MAPPED searching & support for big-endian types.

https://exvsfbce.home.blog/2019/08/24/basic-cheat-engine-setup-on-rpcs3/ is a great guide for setting it up for this, it's meant for RPCS3 but applies to Xenia too.

Most cameras use floats for storing the camera rotations, so you'll probably want to use the "Float Big Endian" type from the guide above to search for them.

To make CE only search the games memory change Start in the 'Memory Scan Options' panel to 0000000100000000, and Stop to 0000000200000000.

Once you find a value you can attach CE's debugger to it to see what accesses that address, the code that does the access is some recompiled PPC->x64 done by Xenia though, but if you check the registers CE prints when it breaks one of them should have the address of the PPC code-block responsible for the access (normally 82XXXXXX), plug that address into IDA/ghidra and you can see the actual PPC behind it, hopefully with that you can find out what pointers/offsets are used to actually access the cameras values.
(alternatively Xenia does have a guest-debugger that can break when data is accessed and tell you the exact PPC address responsible, but seemed pretty unstable last time I tried it unfortunately, and hasn't really been maintained much over the past few years afaik)

Note that using CE to change any PPC code won't have any effect as that code has already been recompiled by Xenia into x64 - your only options are to either patch the XEX file yourself, or use xenia-canarys game patch support to patch the code before it's recompiled.

[Margen67]

Cheat Engine now includes Big Endian types;
You can enable them by going to Edit > Options > Extra Custom Types