Announcement

**Gtlcpimp** · 03-12-2013, 05:14:53 AM

KSEG0 = 0x80000000 - 0x8007FFFF (Kernel Memory)
EE RAM = 0x00080000 - 0x01FFFFFF
IOP RAM = 0xBC000000 - 0xBC1FFFFF

**Lazy Bastard** · 03-12-2013, 09:34:47 AM

Good to see you're still around

**dnawrkshp** · 03-15-2013, 06:39:37 PM

Gtlcpimp, where do I put the exception handler?

I put it inside the kernel and performed a jal to it. That didn't cause any errors, but when I tried to throw an error (lw $at, 0x0000($zero) or jal 0x80000000) it just freezes.

Also, since it was in the kernel, I decided to add 0x80000000 to the address of the exception handler. I saw in my kernel dump the addresses that hold the locations of the exception handlers had 0x8 as their left most 4 bits. But that didn't work any better than having a 0x0.

I also assumed, since it was executed in the kernel, that it was already in kernel mode.

**47iscool** · 03-15-2013, 07:16:07 PM

I have so far posted 2 jokers for you in your PS2 joker request thread, just telling you in case you haven't checked.

**dnawrkshp** · 03-15-2013, 07:30:30 PM

Originally posted by 47iscool View Post

I have so far posted 2 jokers for you in your PS2 joker request thread, just telling you in case you haven't checked.

Yeah I added them. They will be in the next svn revision.

I also update the svn more than I update this thread. So currently the svn is at revision 381, which is more current than the rar attached to this post. You can download the revisions if you want more up to date versions. With subversion installed, execute cmd.exe or terminal and enter svn co "svn://gamehacking.org/artemis/trunk/CL-LiveDebug GUI/bin"

**47iscool** · 03-15-2013, 08:09:08 PM

I have never compiled open source software, should I download the "trunk" folder? I just installed Subversion.

**dnawrkshp** · 03-15-2013, 08:30:17 PM

No just svn checkout (co) the bin folder within the CL-LiveDebug GUi folder. That already has a compiled elf to run. I compile everything before I commit a new revision to see if it is working okay.

If you want to compile anything for the ps2, you need the unoffical PS2SDK. Lazy Bastard made a windows version, in case you are running windows, here: http://gamehacking.org/downloads/gshi_ps2sdk.7z.

**47iscool** · 03-15-2013, 08:32:49 PM

Thanks for the reply, judging by your second paragraph, you must be using Linux.

**Lazy Bastard** · 03-15-2013, 10:18:17 PM

Originally posted by dnawrkshp View Post

No just svn checkout (co) the bin folder within the CL-LiveDebug GUi folder. That already has a compiled elf to run. I compile everything before I commit a new revision to see if it is working okay.

If you want to compile anything for the ps2, you need the unoffical PS2SDK. Lazy Bastard made a windows version, in case you are running windows, here: http://gamehacking.org/downloads/gshi_ps2sdk.7z.

To be more accurate, I fixed the broken Windows version already in existence. Still, I haven't updated that package in years, so it's likely to not work with various updated components. In other words, good luck, and if it doesn't work, feel free to nudge someone to fix it...but it probably won't be me for the time being.

**dnawrkshp** · 03-15-2013, 11:59:25 PM

Originally posted by Lazy Bastard View Post

To be more accurate, I fixed the broken Windows version already in existence. Still, I haven't updated that package in years, so it's likely to not work with various updated components. In other words, good luck, and if it doesn't work, feel free to nudge someone to fix it...but it probably won't be me for the time being.

The only thing I haven't been able compile is root670's ps2rd GUI and a few old and broken sources. Otherwise it isn't much of a problem. Plus there are only a few new revisions that make it to the ps2sdk.

**47iscool** · 03-16-2013, 12:03:24 AM

Can you get PS2Rd the current version(I think it's 0.5) to make any cheats work?
I think this version just doesn't work, at least not with me.

**dnawrkshp** · 03-16-2013, 12:15:39 AM

You have to either include a mastercode or set autohook to true in the settings file. I have never gotten the debugger to work properly; so I can't add help for that. If you care about debugging over the net.

**47iscool** · 03-16-2013, 12:20:04 AM

I do have a mastercode, I will try the autohook thanks for the reply.

**Gtlcpimp** · 03-22-2013, 11:54:42 AM

Originally posted by dnawrkshp View Post

Gtlcpimp, where do I put the exception handler?

I put it inside the kernel and performed a jal to it. That didn't cause any errors, but when I tried to throw an error (lw $at, 0x0000($zero) or jal 0x80000000) it just freezes.

Also, since it was in the kernel, I decided to add 0x80000000 to the address of the exception handler. I saw in my kernel dump the addresses that hold the locations of the exception handlers had 0x8 as their left most 4 bits. But that didn't work any better than having a 0x0.

I also assumed, since it was executed in the kernel, that it was already in kernel mode.

Jump and Link (JAL) is limited to the space the function is operating within. The only way to JAL to a function located in kernel memory, the JAL itself must be within kernel memory. You do not do "jal 0x80001234", it will ruin the command structure and turn the instruction into something completely different. You have to keep the addresses under 0x02000000, another words you will have to do "jal 0x00001234". The "JAL" instruction technically is not a direct jump. It is still relative to the allocated memory space it's located in (Kernel RAM, EE RAM, IOP RAM, etc.)

If your function is not located in Kernel RAM and you wish to jump to it, you have to perform the Jump and Link Register instruction (JALR). Example of use (PS2Dis or CD2):

lui t9, $8000
ori t9, t9, $1234
jalr t9
nop

Keep in mind that in order to jump into kernel space, you must have initialized kernel mode first or it will throw an exception.

You can place the exception handler anywhere it can fit that does not obstruct any other function. Just as long as you ensure it's relocation does not disturb the handler itself, and that it is called by a function that has already forced the EE to enter kernel mode.

**dnawrkshp** · 03-22-2013, 09:37:00 PM

I installed the exception handler in the kernel at 0x80050000. Then I placed a jal $00060000 at 0x800002FC in order call the initial subroutine (identical to your hook subroutine for live debug). From there is stores all the registers (at - ra) in the stack and then calls the _installHandler.

That works perfectly but when I press L3 + R3, which executes the invalid line (jal $80000000), the result is a frozen PS2. So here is what I am working with. Keep in mind I am directly using your cds file with the handler subroutines.

Hook/Initial subroutine:

Code:

/*
	CodeDesigner v2.0
	Created by: Gtlcpimp
	Official CheatersLounge Product Copyright ©
*/
//Off of CL-LiveDebug

address $00060000

_init:
addiu sp, sp, $FFF0
sq ra, $0000(sp)
jalr k0
nop
call _start
lq ra, $0000(sp)
jr ra
addiu sp, sp, $0010

//==========================================================

_start:
addiu sp, sp, $FE00
sq at, $0000(sp)
sq v0, $0010(sp)
sq v1, $0020(sp)
sq a0, $0030(sp)
sq a1, $0040(sp)
sq a2, $0050(sp)
sq a3, $0060(sp)
sq t0, $0070(sp)
sq t1, $0080(sp)
sq t2, $0090(sp)
sq t3, $00a0(sp)
sq t4, $00b0(sp)
sq t5, $00c0(sp)
sq t6, $00d0(sp)
sq t7, $00e0(sp)
sq s0, $00f0(sp)
sq s1, $0100(sp)
sq s2, $0110(sp)
sq s3, $0120(sp)
sq s4, $0130(sp)
sq s5, $0140(sp)
sq s6, $0150(sp)
sq s7, $0160(sp)
sq t8, $0170(sp)
sq t9, $0180(sp)
sq k0, $0190(sp)
sq k1, $01a0(sp)
sq fp, $01b0(sp)
sq gp, $01c0(sp)
sq ra, $01d0(sp)

jal :_ReadPad
addiu a0, zero, $FFF6
beq v0, zero, :next1
nop

jal $00050000
nop

next1:

jal :_ReadPad
addiu a0, zero, $FFF9
beq v0, zero, :LDv3HookExit
nop

//lw at, $0000(zero)
jal $80000000
nop
nop
nop

LDv3HookExit:
lq at, $0000(sp)
lq v0, $0010(sp)
lq v1, $0020(sp)
lq a0, $0030(sp)
lq a1, $0040(sp)
lq a2, $0050(sp)
lq a3, $0060(sp)
lq t0, $0070(sp)
lq t1, $0080(sp)
lq t2, $0090(sp)
lq t3, $00a0(sp)
lq t4, $00b0(sp)
lq t5, $00c0(sp)
lq t6, $00d0(sp)
lq t7, $00e0(sp)
lq s0, $00f0(sp)
lq s1, $0100(sp)
lq s2, $0110(sp)
lq s3, $0120(sp)
lq s4, $0130(sp)
lq s5, $0140(sp)
lq s6, $0150(sp)
lq s7, $0160(sp)
lq t8, $0170(sp)
lq t9, $0180(sp)
lq k0, $0190(sp)
lq k1, $01a0(sp)
lq fp, $01b0(sp)
lq gp, $01c0(sp)
lq ra, $01d0(sp)
jr ra
addiu sp, sp, $0200

//==========================================================
_ReadPad:

addiu sp, sp, $FFF0
sw ra, $0000(sp)
sw s0, $0004(sp)
sw s1, $0008(sp)
add v0, zero, zero

//Joker address for Ratchet: Deadlocked. I use it for testing.
lui s0, $001E
ori s0, s0, $E682

lh s1, $0000(s0)
bne s1, a0, :_ReadPadQuit
nop

addiu v0, zero, $0001
beq zero, zero, :_ReadPadQuit
nop

_ReadPadQuit:
lw ra, $0000(sp)
lw s0, $0004(sp)
lw s1, $0008(sp)
jr ra
addiu sp, sp, $0010

First part of the handler (since you already have the file I don't see it meaningful to have anything but the address and installHandler below.

Code:

address $00050000

//==============================================================
_installHandler:

lui a0, $8000
addiu a1, zero, $8f5a

_IH_ScanLoop:

lh v0, $0000(a0)
lh v1, $0002(a0)
bne a1, v1, :_IH_ScanLoop
addiu a0, a0, 4

lui a0, $8001
daddu a0, a0, v0

setreg v0, :_ExceptionHandler

sw v0, $0004(a0) // TLB Modification
sw v0, $0008(a0) // TLB Load/Inst Fetch
sw v0, $000c(a0) // TLB Store
sw v0, $0010(a0) // Address Load/Inst Fetch
sw v0, $0014(a0) // Address Store
sw v0, $0018(a0) // Bus Error (instr)
sw v0, $001c(a0) // Bus Error (data)
//sw v0, $0020(a0) // Syscall()
//sw v0, $0024(a0) // Breakpoint
sw v0, $0028(a0) // Reserved Instruction
sw v0, $002c(a0) // Coprocessor Unsuable
sw v0, $0030(a0) // Overflow
sw v0, $0034(a0) // Something

jr ra

On another note, I am coming across a VERY annoying error with CD2.3. I have my AddToCodes menu laid out like so:

Code:

//==========================================================
_ATCMenu:
addiu sp, sp, $FFD0
sq ra, $0000(sp)
sq s1, $0010(sp)
sq s0, $0020(sp)

jal :_ClearPad
nop

lui t1, $0008
addiu t0, zero, $0002
sw t0, $4300(t1)

lui s1, $0008
add s5, zero, zero
daddiu s6, zero, $0001

daddu k0, zero, zero
daddu k1, zero, zero

_ACTMenuLoop:
// Clear menu space
lui t0, $0009        // Packet
addiu t1, zero, 0    // x
addiu t2, zero, 60   // y
daddu t3, s4, zero   // z
addiu t4, zero, $030 // r
addiu t5, zero, $030 // g
addiu t6, zero, $030 // b
daddu t7, zero, zero // size
addiu t8, zero, 640  // w
addiu t9, zero, 380  // h
jal :_AddPixel
nop
lui t0, $0009        // Packet

//Credit is due to Gtlcpimp for the brilliant setup to highlight certain values in blue
//Taken from his Memory Search Menu

//k1 being the marker placement
//k0 being whether you are in edit value mode or scroll mode
//0 = scroll, 1 = edit

addiu t1, zero, 18   // x (Edit mode)
multu t1, t1, k1
addiu t1, t1, 240

bne k0, zero, 2
nop
addiu t1, zero, 10   // x

addiu t2, zero, 20   // y
multu t2, t2, s5
addiu t2, t2, 180
daddu t3, s4, zero   // z
addiu t4, zero, $030 // r
addiu t5, zero, $030 // g
addiu t6, zero, $0A0 // b
addiu t7, zero, 80   // size

addiu t8, zero, 12   // w (Edit mode)

bne k0, zero, 2
nop
addiu t8, zero, 620  // w

addiu t9, zero, 20   // h
jal :_AddPixel
nop
lui a0, $0009
jal :_SendPacket
addiu a1, zero, 160

//Draw editable string
lw s3, $0040(s1)
sb zero, $000F(s3) //End the string a with a null byte

addiu a1, s3, $0000
lw a0, $001C(s1)
addiu t0, zero, 240
addiu t1, zero, 180
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0012
call _drawString

//Draw "Code Name:"
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $4870 // Code Name:
addiu t0, zero, 120
addiu t1, zero, 180
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

//Draw "R1 to store 00"
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $487C // R1 to store 00
addiu t0, zero, 140
addiu t1, zero, 100
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

//Draw "L1 to store 20"
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $488C // L1 to store 20
addiu t0, zero, 140
addiu t1, zero, 120
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

//Draw bits: and bit options
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $47B4 // Bits:
addiu t0, zero, 120
addiu t1, zero, 200
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

lui a1, $8004
lui v0, $0008
lb v0, $4300(v0)

bne v0, zero, 2
nop
addiu a1, a1, $47BC // 8

addiu v1, zero, 1
bne v0, v1, 2
nop
addiu a1, a1, $47BE // 16

addiu v1, zero, 2
bne v0, v1, 2
nop
addiu a1, a1, $47C1 // 32

//Text "8", or "16", or "32"
lw a0, $001C(s1)
addiu t0, zero, 230
addiu t1, zero, 200
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

[color=blue]//TAKE NOTE OF THIS
//With this uncommented it causes a freeze in the memory browser (which has no affiliation with this sub)
//But when I comment it, it doesn't freeze
//If I uncomment this and comment another segment equal in size it doesn't freeze
//If I uncomment that other segment and have the original one uncommented as well, it freezes...
//The green comments are what subs and comments I am referring to[/color]
[color=green]// /*
//Draw Offset: and Offset options
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $49D0 // Offset:
addiu t0, zero, 120
addiu t1, zero, 220
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString
// */[/color]

lui a1, $8004
lui v0, $0008
lb v0, $4301(v0)

bne v0, zero, 2
nop
addiu a1, a1, $49D8 // 0

addiu v1, zero, 1
bne v0, v1, 2
nop
addiu a1, a1, $49DA // 1

addiu v1, zero, 2
bne v0, v1, 2
nop
addiu a1, a1, $49DC // 2

addiu v1, zero, 3
bne v0, v1, 2
nop
addiu a1, a1, $49DE // 3

[color=green]// /*
//Text "0", or "1", or "2" or "3"
lw a0, $001C(s1)
addiu t0, zero, 230
addiu t1, zero, 220
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString
// */[/color]

//Text "Ok"
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $44DD // "Ok"
addiu t0, zero, 230
addiu t1, zero, 240
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

//Text "Cancel"
lw a0, $001C(s1)
lui a1, $8004
addiu a1, a1, $44C8 // "Cancel"
addiu t0, zero, 210
addiu t1, zero, 260
daddu t2, s4, zero
addiu t3, zero, $dc
addiu t4, zero, $dc
addiu t5, zero, $dc
addiu t6, zero, $0000
call _drawString

jal :vSync
nop

// ACT Menu Controls

bne s6, zero, :_ACTMenuWaitNoInput
nop

//------------------------------ Cross
jal :_ReadPad
addiu a0, zero, $BFFF
beq v0, zero, :_ACTNotCross
nop
addiu s6, zero, 1

// Exit ACTMenu and return 1
addiu v0, zero, 2 //Ok
bne v0, s5, 4
nop
addiu v0, zero, $0001
beq zero, zero, :_ACTMenuExit
nop

// Exit ACTMenu and return 0
addiu v0, zero, 3 //Cancel
bne v0, s5, 4
nop
add v0, zero, zero
beq zero, zero, :_ACTMenuExit
nop

//Edit mode for code name - ON
bne s5, zero, 2
nop
addiu k0, zero, $0001

_ACTNotCross:
//------------------------------ Triangle
jal :_ReadPad
addiu a0, zero, $EFFF
beq v0, zero, :_ACTNotTri
nop
addiu s6, zero, 1

//Edit mode for code name - OFF
beq k0, zero, 2
nop
addiu k0, zero, $0000

_ACTNotTri:
//------------------------------ R1
jal :_ReadPad
addiu a0, zero, $F7FF
beq v0, zero, :_ACTNotR1
nop
addiu s6, zero, 1

//Edit mode for code name - OFF
beq k0, zero, :_ACTNotR1
nop

lui t0, $0008
lw t0, $0040(t0)
add t0, k1, t0
sb zero, $0000(t0)

_ACTNotR1:
//------------------------------ L1
jal :_ReadPad
addiu a0, zero, $FBFF
beq v0, zero, :_ACTNotL1
nop
addiu s6, zero, 1

beq k0, zero, :_ACTNotL1
nop

//Store space at marked byte
addiu t1, zero, $0020 //Space character
lui t0, $0008

lui t0, $0008
lw t0, $0040(t0)
add t0, k1, t0
sb t1, $0000(t0)

_ACTNotL1:
//------------------------------ R2
jal :_ReadPad
addiu a0, zero, $FDFF
beq v0, zero, :_ACTNotR2
nop
addiu s6, zero, 1

beq k0, zero, :_ACTNotR2
nop

lui t0, $0008
daddu a0, k1, zero
lw a1, $0040(t0)
jal :_HandleATCIncDec
daddiu a2, zero, $0020

_ACTNotR2:
//------------------------------ L2
jal :_ReadPad
addiu a0, zero, $FEFF
beq v0, zero, :_ACTNotL2
nop
addiu s6, zero, 1

beq k0, zero, :_ACTNotL2
nop

lui t0, $0008
daddu a0, k1, zero
lw a1, $0040(t0)
jal :_HandleATCIncDec
daddiu a2, zero, $FFE0

_ACTNotL2:
//------------------------------ Up
jal :_ReadPad
addiu a0, zero, $FFEF
beq v0, zero, :_ACTNotUp
nop
addiu s6, zero, $0001

bne k0, zero, 4
nop

beq s5, zero, 2
nop
addiu s5, s5, -1

beq k0, zero, :_ACTNotUp
nop

lui t0, $0008
daddu a0, k1, zero
lw a1, $0040(t0)
jal :_HandleATCIncDec
daddiu a2, zero, $0001

_ACTNotUp:
//------------------------------ Down
jal :_ReadPad
addiu a0, zero, $FFBF
beq v0, zero, :_ACTNotDown
nop
addiu s6, zero, $0001

bne k0, zero, 5
nop

addiu t1, zero, $0003
beq s5, t1, 2
nop
addiu s5, s5, 1

beq k0, zero, :_ACTNotDown
nop

lui t0, $0008
daddu a0, k1, zero
lw a1, $0040(t0)
jal :_HandleATCIncDec
addiu a2, zero, $FFFF

_ACTNotDown:
//------------------------------ Left
jal :_ReadPad
addiu a0, zero, $FF7F
beq v0, zero, :_ACTNotLeft
nop
addiu s6, zero, $0001
addiu v0, zero, $0001
bne s5, v0, 7
nop
lui v1, $0008
lb v0, $4300(v1)
beq v0, zero, 3
nop
addiu v0, v0, -1
sb v0, $4300(v1)

//Code name marker decrementor
beq k0, zero, 4
nop
//addiu v0, zero, $0014
beq k1, zero, 2
nop
addiu k1, k1, -1


_ACTNotLeft:
//------------------------------ Right
jal :_ReadPad
addiu a0, zero, $FFDF
beq v0, zero, :_ACTNotRight
nop
addiu s6, zero, $0001
addiu v0, zero, $0001
bne s5, v0, 8
nop
addiu t1, zero, $0002
lui v1, $0008
lb v0, $4300(v1)
beq v0, t1, 3
nop
addiu v0, v0, 1
sb v0, $4300(v1)

beq k0, zero, 5
nop
addiu v0, zero, 14
beq k1, v0, 2
nop
addiu k1, k1, 1

_ACTNotRight:

beq zero, zero, :_ACTMenuLoop
nop

_ACTMenuWaitNoInput:
jal :_ReadPad
addiu a0, zero, -1
beq v0, zero, :_ACTMenuExitToLoop
nop
addu s6, zero, zero

_ACTMenuExitToLoop:

beq zero, zero, :_ACTMenuLoop
nop

_ACTMenuExit:

lq ra, $0000(sp)
lq s1, $0010(sp)
lq s0, $0020(sp)
jr ra
addiu sp, sp, $0030

If you look for the blue text in the CODE tag above, I have a description of what is going on.

Announcement

CL-LiveDebug v4 Beta

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment