I know how to do this on PC games but didn't know how to for PS2 games. Now I know that, too! Your tutorials are gold! Really! Many thanks again!!! I'll try with some PS2 games!
-
Depends on what you're changing. I'll use player coordinates as an example. Below are two methods for modifying your player coordinates when the actual coordinates are dynamic:Originally posted by luc-ita View Post
1. Player pointer
Many games use something we call a player pointer. This address is static and the data points to the start of the player stats(health, location, etc). You can load the data at the player pointer and then load data from the pointer using offsets (player pointer + 0x44 may equal "x-coordinate"). The best way to find a player pointer is to find your player XYZ coordinates. These coordinates are almost always dynamic. Once you find them you can usually scroll up in pcsx2dis and start getting referrals. These referrals will usually lead back to one address that is static. If you find this address then you have a direct pointer to your player stats. It sounds confusing at first but it's rather simple and I will further explain with the game "25 to life".
Game: 25 to Life
Player pointer: 0x6DF8B4
offsets:
0x40: player coords X
0x44: player coords Y
0x48: player coords Z
To modify the player coord Y we would do this:
Code:// Store player pointer in t0 lui t0, $006E // this starts with 6E because the second half of the address is above 7FFF. Can't remember why this is needed. lw t0, $F8B4 // store player coord Y in to t1 lw t1, $44(t0) // your code here
2. Hijack a function
This one can be tricky if a static player pointer does not exist. Find the player XYZ coords as you did in the first method. Now scroll up in pcsx2dis and see if you can find any referrals in the same way you did before. You will most likely find one or two, and they will refer to dynamic pointers. This is exactly the same as a player pointer except it is not static and can not be used in the same way. Now you need to find out what is accessing that dynamic player pointer. Pcsx2dis will allow you to put a read-breakpoint on the address. Use this to see what accesses the player pointer. More than likely you will find some sort of updater function(not sure what else to call it) that accesses the player pointer constantly. Using pcsx2dis you will notice that your player pointer address is stored in one of the registers on the right. You can create a JAL from the current function to your codecave knowing that one of the registers holds the player pointer address.
The downside to this is that some functions control your player and most of the AI on screen. If that's the case then you will have to dig deeper to differentiate the player pointers. This isn't difficult but it requires understanding what the player pointer is storing for yourself and for the AI. Chances are the player pointer stores an ID or ID TYPE for every player on screen. If you find a pattern then you can make your function execute only when your ID comes through.
Create save states when working on player pointers since the main pointer will change every time you load. Sorry for the wall of text but it's much easier than I make it sound.Last edited by Harry62; 01-10-2016, 03:31:38 PM.Leave a comment:
-
Sorry for my bad english. I'll try studying the code and see what I can do. Maybe I'll find a unused part of RAM. I've an important question for you Harry62. In some PS2 games I've found a dynamic code! For example in the JAK and Daxter games. How can I modify a code that changes his address every change of map? With Cheat Engine I've made an Array Of Bytes Scan script...but how can I do the same with Codebreaker or Gameshark?Last edited by luc-ita; 01-09-2016, 06:12:04 PM.Leave a comment:
-
Many thanks Harry62! It's like nolberto82 did for Crash Bandicoot 2. But...I can't find a way to find a piece of code to do codecaves for PSX games! I remember Pyriel wrote that for PSX games it's not possible to do codecaves as well as for PS2 system.
Very nice example!!!
I need help.Last edited by luc-ita; 01-08-2016, 07:22:26 PM.Leave a comment:
-
You can write a jump code for almost any game. Find the player y-coordinate and write a function to increase it while holding a specified button.Originally posted by luc-ita View Post
PS2 example:
Code:address $200A0100 // check player pointer lui t0, $006E lw t0, $F8B4(t0) beq t0, zero :FAIL nop // load y-coord and add to it lwc1 $f0, $0044(t0) //load y-axis data lui t1, $3F80 // increase by 1.0 mtc1 t1, $f1 add.s $f2, $f1, $f0 //increase y-axis data by 1.0 swc1 $f2, $0044(t0) //store y-axis data FAIL: jr ra // hook to custom jump function while holding X address $D070DBC2 hexcode $0000BFFF address $203d9bac j $000A0100 // original data while no buttons pressed address $D070DBC2 hexcode $0000FFFF address $203d9bac jr ra
Last edited by Harry62; 01-08-2016, 10:43:29 AM.Leave a comment:
-
Rugrats in Paris the Movie PAL-E SLES-03342 PSX
Unfortunately the character does not jump, so no InfiniteJumps hackCode:#1 red ticket gives 999 red tickets and 999 gold tickets 80018EC2 2400 80018ECA 2400 80018ED2 2400 80018EDC 03E7 80018EDE 2402 #Items costs zero //Visually the prices don't change but costs zero tickets 80087A50 0000 #999 Shots hit\Bowling points 80087AA0 03E7
Leave a comment:
-
Rugrats - Search for Reptar\Rugrats - Alla Ricerca di Reptar PAL-I SLES-01671 PSX
Code:#MoonJump ASM method D00CF03A BFFF 80062C1A 2400 D00CF03A FFFF 80062C1A 0043 D00CF03A BFEF 80062C1A 2400 D00CF03A FFFF 80062C1A 0043 D00CF03A BFCF 80062C1A 2400 D00CF03A FFFF 80062C1A 0043 D00CF03A BF6F 80062C1A 2400 D00CF03A FFFF 80062C1A 0043 #MoonJump RAM method D00CF03A BFFF 800E4142 FC18 D00CF03A BFEF 800E4142 FC18 D00CF03A BFCF 800E4142 FC18 D00CF03A BF6F 800E4142 FC18 #GodMode 80078C0E 2400 #1 coin == complete mini-game 300E3BC8 0001 #1 egg == complete mini-game 300E3BCC 0001 #Infinite flashlight's charge 300F61DA 0000 #Infinite remote control's charge 300EF0E6 0000 #1 biscuit == complete mini-game 80058C1A 2400 #1 ballon == complete 1 box 80052E2E 2400 #Infinite tries at Angelica's circus 8008111E 1000 #Have all pieces of the puzzle 800C6B44 0FFF #Max timer // press R1 button // Activate ONLY on levels with timer D00CF03A F7FF 800C5924 FFFF #Clear the timer // press L2 button D00CF03A FEFF 800C5924 0001 #Joker command D00CF03A ???? #Another joker command D00E93EA ????
Leave a comment:
-
Disney's Hercules PAL-I SCES-00894 PSX
Code://Codes for MoonJump (Hold X button) #MoonJump Your Basic DID D00382C2 BFFF 301D66B2 000E #MoonJump Centaur's Forest D00382C2 BFFF 301D4212 000E #MoonJump The Big Olive D00382C2 BFFF 301D493A 000E #MoonJump Hydra Canyon D00382C2 BFFF 301E342A 000E #MoonJump Medusa's Lair D00382C2 BFFF 301DD512 000E #MoonJump Vortex Of Souls D00382C2 BFFF 301E0662 000E #Instant super punch D00382C2 EFFF 30074930 00FF #Have all letters per level 30035064 00FF #Have all jars per level 30035059 000F #Max health (GodMode) 8003506C 7FFF #Max length of the life's bar 30035066 00FF #Have helmet max charged 80035074 7FFF #Have lightning sword max charged 8003506E 7FFF #Have fire sword max charged 80035070 7FFF #Have thunder sword max charged 80035072 7FFF #Max lives 80035054 0009 #Max coins 8003505C 7FFF 80035060 7FFF #1 hit kill boss Hades //press Select button D00382C2 FFFE 301E08FE 0000 #1 hit kill boss Hydra //press Select button D00382C2 FFFE 3007E948 0000 #1 hit kill boss Medusa //press Select button D00382C2 FFFE 3007AA2C 0000 #1 hit kill boss Centaur, Minotaur, Black Hawks //press Select button D00382C2 FFFE 3007468E 0000 #Joker command D00382C2 ????
Last edited by luc-ita; 01-05-2016, 08:38:24 AM.Leave a comment:
-
Lion King - Simba's Mighty Adventure\Il Re Leone - La Grande Avventura Di Simba PAL-I SLES-03271 PSX
Code:#No loss of lives when die 8001A8A6 1000 #999 lives 80075650 03E7 #Always have 100 coins 80021300 0064 80021302 3402 80021320 0064 80021322 3402 8002A5B4 0064 8002A5B6 3402 #Infinite jumps (Continuously press X button) 8001BF22 0042 #GodMode 8001A73A 1000 #1 fruit == 999 fruits 800212C8 03E7 800212CA 3442 #Every coin\letter\fruit gives 1 life 800212CE 2400 8002137E 2400 80021386 2400 800213F2 2400 #Always have all SIMBA's letters 30094DB6 009F //Videos #Skip all game videos 8003EC9E 2400 #Skip intro logo Disney 3009569C 0000 #Skip intro logo Activision 3009566C 0000 #Skip intro logo Paradox 30095684 0000 #Skip intro video 300956CC 0000 #Joker command D00A99C2 ???? #Unlock only "Trucchi" in the options menu' // At the main screen go to the options menu' holding the L1 button // Hearing a sound D00A99C2 FBFF 80073ED0 8000 30073ED4 0000 D00A99C2 FFFF <-- this part isn't an error. it's intentionally done 80073ED0 0080 to fix a little problem with the heard sound #Unlock "Trucchi" and "Thanks" in the options menu' // At the main screen go to the options menu' holding the L2 button // Hearing a sound D00A99C2 FEFF 80073EF8 8000 30073EFC 0000 D00A99C2 FFFF <-- this part isn't an error. it's intentionally done 80073EF8 0080 to fix a little problem with the heard sound #Activate\Deactivate debug menu' // R2 activate, R1 deactivate D00A99C2 FDFF 30094188 0001 D00A99C2 F7FF 30094188 0000
Leave a comment:
-
Pirates of the Caribbean - At World's End PAL (En-Fr-De-Es-It-Nl) SLES-54179 PS2
Code:#Master Code 902F4D30 0C0BD2F4 #GodMode // R1+R2 on, R2 off D03D0902 000000C0 2010A6A8 00000000 D03D0902 00000080 2010A6A8 460C0001 #1 Hit kill // L1+L2 on, L2 off D03D0902 00000030 201D521C 44800700 D03D0902 00000020 201D521C 46140001
Leave a comment:
-
Daxter [EU] UCES-00044 PSP
Code:_S UCES-00044 _G Daxter [EU] _C0 God Mode _L 0x200E03F0 0x10000008 _L 0x200AFD8C 0x10000007 _L 0x200D93B0 0x00000000 _C0 Deactivate God Mode _L 0x200E03F0 0x14A00008 _C0 God Mode at minigames _L 0x201F91E0 0x10000007 _L 0x201F373C 0x00000000 _C0 1 Precursor orb worth 999 orbs _L 0x200F30F4 0x340503E7 _C0 1 Skull gem worth 999 gems _L 0x20196B7C 0x340503E7 _C0 Infinite insecticide (spray gun) _L 0x200B0BDC 0x00000000 _L 0x200AA33C 0x00000000 _C0 Infinite insecticide (vehicle) _L 0x20198d88 0x00000000
Leave a comment:
-
Need For Speed Underground Rivals [EU] ULES-00025 PSP
Code:_S ULES-00025 _G Need For Speed Underground Rivals [EU] _C0 2000.000.000 Points _L 0x203913D0 0x3B9ACA00 _L 0x20A803FC 0xC4653600 _C0 Points don't decrease _L 0x200AF35C 0x0A22BCFC _L 0x200AF364 0x0A22BCFC _L 0x200AF36C 0x0A22BCFC _C0 Infinite NOS // use the nos until the end then it recharges and remains locked _L 0x200FBB3C 0x00000000 _C0 Engine game's speed // float hex // default 3F800000 _L 0x202FA7CC 0x???????? _C0 Graphical quality/Texture dimensions // float hex // 3F800000 default // 00000000 no texture // 40000000 larger texture _L 0x202F91CC 0x???????? _C0 Disables camera's flickering at high speed _L 0x202EE3A4 0x00000000 _C0 Road's light // float hex // default 3F800000 // I like 41100000 // Try 4479C000 _L 0x202F8AF0 0x???????? _C0 FOV // float hex // default 3F800000 // Try 3F000000 _L 0x205D2FC8 0x???????? _L 0x205D2FCC 0x????????
Last edited by luc-ita; 12-27-2015, 12:41:14 PM.Leave a comment:
-
Disney's Tarzan Game Boy Color
Code:#Infinite jumps 00D-5C9-6EA 00D-5D9-6EA #GodMode 008-D6F-4C1 008-D7F-919 008-D8F-E69 #255 bananas taken 01FFD4C0
Leave a comment:
Leave a comment: