Tweet
I see you wrote your own graphics lib, similar to the G2 lib 
Nice.
Nice.
-
I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ... -
Yeah, I have written that a long time ago. Revisions as the days went by for improvements, I just couldn't ever get the other GS libs to work properly. They would either not compile, not work entirely, or not enter a good resolution to fit my needs. So I set up my own that pushes individual pixels into a packet. Super slow at first, but with revisions and improvement got pretty fast, just doesn't work the same as the other GS libs, but fits my needs
Comment
-
Yeah, I always found major shortcomings with gsLib and gsKit, which is why I updated and modified G2...but even that was a bit unwieldy.I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...Comment
-
I've tried more games since. These 4 stand out:
Fatal Frame 3 + Enter The Matrix = It works perfectly as far as I can tell.
Clock Tower 3 + Dark Cloud 1 = L3 + R3 don't activate LD, so maybe it didn't find the joker?
I keep encountering the same stuff over and over. These are misc things I noticed:
LD's screen can stretch 3 different ways. It's either perfect (rarely, Fatal Frame 3), slightly too big so I'm missing the right 1/4 side of the screen, or so big it stretches it so I only see the top left portion of the screen.
If the safe-guard keeps looping and the game normally works, you can usually just keep pressing START and it will eventually go.
Some games have tiny altered graphics, which isn't too much of a problem. It comes in 3 varieties: None (most games), a little (RE Outbreak, Beyond Good And Evil), & quite a lot but still playable (Disgaea).
Some games butcher the screen once it leaves LD (Dragon Quest 8).
Lag comes in about 4 flavors: None (rarest, Fatal Frame 3, Enter The Matrix), barely any (3rd rarest, MGS 2: Sons Of Liberty), playable if you have the patience (more than half of the games, RE Outbreaks, Genji), and no way in hell you'll be able to get to the actual gameplay part within 30 minutes (2nd rarest, Grimgrimoire, Darkwatch).
I also finally noticed that when I press R2 on a result it will go to that address in the memory editor, which is a very nice and useful thing for me.
You also said something about blaming the joker scan thing for lag. Whatever it was, could you elaborate? Somebody might have an instant solution. If you point out to me where in memory it is, I might be able to fix it.
Area 51 = Slight menu lag. The game never stopped loading. My game isn't
Beyond Good & Evil = A little lag. Some game sprites are bigger and incorrect looking, but it seems to work perfectly otherwise.
Castlevania: Curse Of Darkness = No lag. Aside from the almost every game sort of screen stretched too far right, it works perfectly.
Castlevania: Lament Of Innocence = No lag during gameplay, just a tiny bit while viewing movies. Returning to the game from LD caused the graphics to instantly garble and freeze the game.
Clocktower 3 = The movies are lagging a bit. No gameplay lag. R3 + L3 doesn't work. Can't use LD.
Dark Cloud 1 = Game won't start. With LD3.0.3, it seemed to work fine without lag until I realized R3 + L3 don't activate LD, so it still doesn't work.
Dark Cloud 2 = Game won't start. Works perfectly with LD3.0.3.
Darkwatch = Game won't start. With LD3.0.3, there are missing graphics and mega lag, otherwise it seems to work.
Devil May Cry 1 = The game always freezes about 1 second into gameplay. It works just fine in the menus, aside from the LD screen being stretched so big that I only see the top left quarter of the screen. LD3.0.3 couldn't make it past all 3 intro movies, it just sort of stopped loading I'm guessing.
Devil May Cry 2 = It's a little laggy, but it seems to work just fine.
Disgaea 1 = Severe lag, and makes most things disappear. About the only visuals left are the character sprites and the levels. Screen is very stretched vertically, so I'm missing the bottom half of the screen. Otherwise though, it still works completely.
Disgaea 2 = Doesn't work, the safeguard loops endlessly. Stretched LD screen too. Some lag too.
Dragon Quest 8 = Works fine, but leaving LD butchers the graphics to the point where it's almost completely incomprehensible.
Dynasty Warriors 4: Xtreme Legends = Same as Dynasty Warriors 5.
Dynasty Warriors 5 = This game truly loops the safeguard forever. It also seems that at random times the LD screen is different sizes. Once it was a perfect fit, and now it's mega big.
Dynasty Warriors 6 = Same as Dynasty Warriors 5.
Enter The Matrix = Perfect.
Evil Dead: A Fistful Of Boomstick = After the menus and movies, the game freezes while loading the actual level. From what little I see before that, there doesn't seem to be much lag, and LD works fine.
Extermination = Seems to mostly work fine. LD is stretched so I only see the top left section of the screen. Exiting LD tampers with graphics. Most can be fixed by pressing START to go into the deformed start menu, and then go to the left menu. Most things will be fixed, but not all. It doesn't fix any of the missing text though.
Fatal Frame 2: Crimson Butterfly = Nearly perfect. A lot of text is missing. The most notable thing is that this game always has LD set to the screen correctly.
Fatal Frame 3: The Tormented = Perfect. No lag, nothing. LD screen size is always perfect too.
Final Fantasy 7 Demo (comes with Dragon Quest 8) = Other than the LD screen being stretched wrongly and a little lag, it works.
Genji: Dawn Of The Samurai = The game moves at about 1/2 its normal speed. The LD menu is stretched so I only see its top left corner. Everything works though.
Haunting Ground = I tried 3 times with LD3.0.4 and it wouldn't start, but it started right up with LD3.0.3. MEGA LAG!
Metal Gear Solid 2: Sons Of Liberty = Other than a little lag and the LD menu being horizontally stretched like it is for almost every game, it's perfect.
Metal Gear Solid 2: Substance = I tried 4 times and it didn't start. It worked perfectly with LD3.0.3 though with the little bit of lag.
Metal Gear Solid 3: Snake Eater = Same as Dynasty Warriors 5, but I'm certain that I saw no lag.
Metal Gear Solid 3: Subsistence = Same as Dynasty Warriors 5, but I'm certain that I saw no lag.
Obscure 1 = Game won't start. Just gets stuck at a loading screen. It could just be very severe lag too, like some of these games that took forever to start.
Obscure 2: The Aftermath = Don't be fooled by the long loading time at the start, this game works. Unusually long loading times. LD is a little big for the screen. I'm missing part of the bottom and right screen. It doesn't do that to the game. It seems to work perfectly otherwise.
Psychonauts = It works, but entering LD3.0.4 will permanently garble the game's graphics and have them in the wrong areas of the screen.
Resident Evil Outbreak File #1 v1.0 = Identical to file #2.
Silent Hill Origins = This is almost perfect. No lag, LD3.0.4 works perfectly. Then I went to activate a cutscene. The game didn't freeze, it just didn't do it. My character is trapped in animation where he would have normally activated a cutscene, but the other stuff is still going on.Comment
-
Nice testing...
Maybe we should start documenting testing, by version number...a wiki page, perhaps?I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...Comment
-
You're a big help with testing, thanks!Originally posted by bungholio View Post
If you have a working compiler, you can recompile the ELF with modifying the scanner. It has a configuration table, which can be found in the source main.c file.
The configuration table starts on line 965 (I forgot to comment out in the main.c source file, but it is commented in the CodeDesigner source file).
The scan size indicates how large the loop is. I would assume the joker scanner is causing the lag, seeing as it's the only thing entering a loop (assuming you don't have any pre-loaded patches loaded up). You can shorten the loop and/or increase it's start point to lessen the lag, worth a shot (I just haven't done that yet).Code:*(u32*)0x8007E800 = 0x00100000; // Start point *(u32*)0x8007E804 = 0x00001000; // Scan size *(u32*)0x8007E808 = 0x00000000; // Index *(u32*)0x8007E80C = 0x8007e820; // Defined patters address *(u32*)0x8007E810 = 0x00000000; // Storage 1 *(u32*)0x8007E814 = 0x00000000; // Storage 2 *(u32*)0x8007E818 = 0x00000000; // Storage 3 *(u32*)0x8007E81C = 0x00000000; // Storage 4
Yes, the results page will go to the address with the press of R2, this is noted in the README file. I set that up to make it easier to go to and edit the address. All controller input features are noted in the README file under each menu set.
A fix for the screen being chopped up (to do list):
- Add a resolution detect
- Change all print settings to adjust in proportion to resolution
- Initialize draw space / buffer in the same resolution as game
- Add top left corner detection
- Set top left x,y position to same as the game
Hopefully (once the to do list is done), it will stop the butchering of the screen.
A fix for being locked out of game due to IOP shutting off controller (to do list):
- Add controller status checking
- Add function to wait for the controller to be ready
- Set controller check function to automatically resume game once the controller status fails
- Add idle time out to exit debugger if you are idle for more than x cycles
Features to add to improve performance and open more availability to games with unknown joker pattern (yet another to do list):
- Add custom configuration via text document ("LDv3Config.ini")
- Add menu on ELF to pre-configure a joker
- Add menu on ELF to manage configurations in "LDv3Config.ini" file
LazyBastard, I could use some of your help figuring out how to hook this next part--
- Add exception handler to the debugger when something goes wrong, with an error report log (to let us all know why it crashed or stopped working)
I can accomplish all of the above except the last portion on my own easily. I am unfamiliar with the exception handler hooking system, so I could use some advice on how to set up the hooks for one. However I think it would be nice to have an exception handler and even possibly a skip error setup to keep it from locking you out permanently when something screws up.Last edited by Gtlcpimp; 11-08-2010, 12:01:55 PM.Comment
-
Every last bit of your code confuses me. I've got unsigned 4 bytes. It's this 0x8007E800. If you start writing before 0x00080000, you may mess up the ps2's code or IOP or whatever it is called. What's the 8 though?
Could you please post that scanning part from your CodeDesigner source that you think is the lagger? I'm just guessing without it.
lw v0, $0004(t9)
beq 0, v0, $skip to end (the joker can't be at address 00000000)
blah blah pattern stuff
Once the exact address is found, store it at $0004(t9).
It's just 2 extra lines at the beginning of the function somewhere, and 1 line for storing the result address if you haven't already.
I still have many games to test. I'm trying to sort them in alphabetical order.Last edited by bungholio; 11-08-2010, 12:48:49 PM.Comment
-
0x80000000 - 0x8007FFFF = KSEG0 (Kernel memory)
0xA0000000 - 0xA007FFFF = KSEG1 (Mirror of KSEG0)
0x00080000 - 0x02000000 = EE RAM (User space)
0xBC000000 - 0xBC200000 = IOP RAM (IOP, obviously)
The source is available in the bounty source sub version network repository for artemis...
https://artemis.bountysource.com/svn...vn0_4|svn0_4_3
You can view it with your web browser.
You cannot write below 0x00080000, because 0x00000000 - 0x00080000 does not exist. This portion of RAM is actually mapped to 0x80000000 (KSEG0) with the EE.Comment
-
https://artemis.bountysource.com/svn.../LDv3Joker.cds
I'm looking and not correctly comprehending. You guys have some completely different and more logical understanding of this than my barely coherent stuff. Why is there a "s2 scan length" and a "s3 scanned index"? I don't know what they are. What's the 4 = "//Reached limit"? 4 of what, and why is it a limit? Line 73 is most likely what I'm looking for. I've got to try to summarize and understand this in my head.
My "scanned index" is the word located at ("whatever word loaded from address 8007e810" << 2) + 10 + 8007e800. Where that's likely to lead and why is beyond me. "A copy of it" + 1 is also stored at 8007e808. No clue why. What's a scanned index? Even a likely value must give me a hint. It's probably something I've just naturally been doing without knowing it was a useful or easy technique commonly known by others. Going by line 209, scanned index is 0, resulting in v0 being stored at 8007e810. v0 = 0 + 4.
a0 = 1000. 1000 = Memory Address?
After gazing lost for about an hour, isn't yours set up to scan if a joker is found, and if it isn't it does I don't know what. I'm completely confused. What am I looking at?
All I ever did was have a specific place for the joker in memory. I would first start by loading whatever was at that address and if it was 0, it hasn't scanned for the joker yet. If it's 1, none of the patterns were found. If it wasn't those two, it was the address of the joker. It would start by scanning for all 4 patterns 1 at a time. If it finds one, it stores the address of the joker. If it goes through all 4 and doesn't find one, it stores 1. That way it will only go through once right away. You'd just need to determine when to execute it so it finds it when it's ready.
If that's a problem, you can have it link to a special portion of code if it returns 1. If it does, go to a code that loads a certain doubleword in memory and starts adding 1 to it and continuing onward until it reaches a certain value. Once it does, it resets the 1 to 0. It would be like a simple little interval added in that would make it execute less code by saving it from going through all the pattern scanning and whatever.Last edited by bungholio; 11-09-2010, 02:03:03 PM.Comment
-
The comments tell you what the registers are being used for. Hate to say it but you are totally lost my friend..Comment
-
I understand that. The comments supply a value too. Why? Is it a meaningless default, or what the register will be after code is executed?Last edited by bungholio; 11-09-2010, 02:03:26 PM.Comment
-
Comments do nothing, that's why they are called comments. They are for the developer, basically just keeping notes.Comment
-
I've got to look again. I didn't even notice those were just comments. About all I know of C is the // single line comment and the /* */ comment block.
Those weren't comments? From line 206 to 215 in that previous link. So are they just supplied default and/or meaningless values just waiting to be changed?
I'm trying to understand codes. https://artemis.bountysource.com/svn...LDv3Cheats.cds
Line 31 confuses me. You said you put a 512 code line limit or something like that at some point. Why is it exiting if it hasn't reached the limit?
Lines 37-39 just mean it loaded no next code, so it's done?
Lines 41-46 check to see if you turned on the code. If so, execute it.
I'm assuming line 50 explains my confusion with line 31. It makes room for the next code if another is turned on, and subtracts 1 until it reaches 512 codes and then it just doesn't bother turning codes on after that since it goes back to _CheatEngineMainLoop.
Since you are shifting 25, did you get things typed wrong at lines 93 & 97? 2 bytes writes would start with 1, but that 25-bit shift would cause you to compare and look for $0008, and the 4-byte writes would make it so the first 2 would make you compare for $0010.
I saw line 50 "addiu s1, s1, -1". Should that be "addi", or is that a shortcut to adding 65535?
I think I have some understanding of this one.Last edited by bungholio; 11-10-2010, 08:12:51 AM.Comment
-
Those are the pre-set configuration settings. They are not meaningless, they actually are the values. In CodeDesigner v2, if you want to set a value to an address, you can simply use the hexcode command.Originally posted by bungholio View Post
If you do not have 512 codes, why continue looping? Waste of CPU power, so it exits the loop when it reaches the end of the list or the 512 code limit (whichever happens first).Originally posted by bungholio View Post
It loops back to the top of the main loop after it increments the address, and decrements the counter variable. It then compares to make sure the limit isn't reached, and then compares to make sure it is not the end of the list. If both check false, it executes the next code command write.Originally posted by bungholio View Post
I re-shifted to the left 25 bits to subtract from the address, and then shifted it 24 bits to the right. This was mainly because I prefer a 0x1 for write byte, not 0x8. Just my preference is all.Originally posted by bungholio View Post
"addi" stands for Add Immediate. "addiu" stands for Add Immediate Unsigned. They perform the same task, only "addiu" is more accurate and handles a bit more on the CPU.Originally posted by bungholio View PostComment
-
I was thinking right then. Is that hexcode command a one time only write?Originally posted by Gtlcpimp View Post
Then I'm thinking on track.Originally posted by Gtlcpimp View Post
I'm confused. I was led to believe ADDI was used to add and subtract, while ADDIU was used to add only. Or is this some common programmer thing to skip steps in thinking because there's an easier shortcut?Originally posted by Gtlcpimp View PostLast edited by bungholio; 11-10-2010, 02:01:18 PM.Comment
Comment