Announcement

**jin299** · 07-19-2014, 01:42:51 PM

I have had no luck in so far successfully running the ps2 dis program on my mac computer, so It looks like I will have to go and take the memory viewer route, so how exactly would i manually alter the value with the memory viewer in the debugger?

**Helder** · 07-19-2014, 06:28:04 PM

Just go to the memory viewer which on a windows machine you press TAB key to switch between the viewer and breakpoint list, then right click somewhere on the viewer and choose "Go To" and paste the address that you want to change. So go to 80119b60 and the ori v1,0,$?? is this in hex: 340300?? but to input this into the the viewer you have to reverse it from:

340300??

to

??000334

obviously the ?? is the value you want and then after entering that you will see the instruction has changed to what we wanted. I suggest to get Boot Camp and install Windows XP or 7 and you might have less issues.

**jin299** · 07-23-2014, 03:16:31 PM

Helder it did everything you said went to address with the instruction ibu 80119B60 placed a breakpoint on that address which then caused something to write to register v1 I then changed that instruction to ori v1, zero, $1B and it loaded Bison II player model so I'm learning something new every time I do asm hacking, which is good to know.

I found that for some reason the debugger would not except the mips instruction ori v1,0,$1B instead I had to put it as ori,v1,zero,$1B then the debugger excepted the instruction.

Now there is is a very important question I have to ask you which I'm finding to be quite confusing about mips asm language, is the 0 in this example ori v1,0, is the 0 a separate register, like does it basically set the value v1 of a register to 0, example 00000000 is now the final result being stored into register v1, or is my assumption completely wrong, to think of it like that? o

on a side note I also found the character modifier code that effects both player 2 in practice mode, which Is pretty cool to see.

**Helder** · 07-23-2014, 08:28:16 PM

I could be wrong and I'm sure Pyriel or someone more knowledgeable in MIPS than myself could put it clear but I assume it puts the value at zero then adds the value we state in the instruction to it and then stores it in the register. The reason I say this is because if you don't state that zero it just adds our value to the last 16bits of the register and when we include the zero it completely wipes the value there and inserts our value (which is what we want).

**jin299** · 07-24-2014, 05:37:09 PM

Oh Okay, now I have had a request from someone on youtube who asked me about, how to possibly find the win routine modifier for Bison II so that we we can trick the game into thinking Bison II won the match as opposed to losing it in the game Street Fighter Ex2 plus.

I need some advice man on how to to find the code in asm that controls Bison II that tells the game whether or not he has lost the match or won it, any idea's on how i could make a a code using using the debugger to do so?

**Helder** · 07-24-2014, 06:51:17 PM

I would look at the round modifier and then play with some regular characters and when you get a break scroll up till you find where the value is loading and put a break on that address then when you get a break on that load go line by line and note any conditional and branches since I assume it does and Bison II likely takes a different branch.

**jin299** · 07-25-2014, 02:44:59 PM

By round modifier Helder do you mean the modifier that sets how many rounds You fight in a match, or do you mean place a breakpoint on the round modifier that tells you if the player won or lost a a round?

Quick question man how exactly would I find the values that control bison II winning routine, would the registers give me an indication or a clue as to where to look? and does bison II need to be controlled to find the the routine?

**Helder** · 07-25-2014, 08:23:44 PM

Come on man you have to try on your own I can't always give exact steps to everything, this is how you learn by thinking and experimenting.

What I meant was the rounds won which is usually some point system of 1 to 2 and after that the winner is decided, like say you win round 1 then on round 2 you have a marker for winning round 1. I would put a break on that point in round 2 while being Bison II so when you win and the game says you lose you want to find the load when the break occurred then go line by line and write down every branch before the store which we got on the break. Then repeat the same steps with a normal player noting the branches and compare the 2, there should be one or more that differ so copy it from the player to Bison II and it should allow him to keep playing.

This is all hypothetical since it might not be like this and from my experience I'm assuming it MIGHT be like this and you should start having the same thought pattern or simply hack alot more simpler codes till you're more familiar with the ASM and how routines generally work. Don't worry about youtube people they can wait or have them request here, but you need to practice so start using what you've learned and your head to try to figure things out.

**jin299** · 07-26-2014, 03:20:06 PM

Okay I'll try and hack the code, but I will be quite awkward to hack seeing as I don't know load the gameshark code for cpu Bison II, when into the game using the debugger, because I don't think you can add cheats in the particular kind of debugger can you?

So I usually use the pec plugin which means that I have to resort to using the EPSXE emulator to load my gameshark codes into the game, because the no cash debugger doesn't seem to have, support this feature, at least I don't think it does if my knowledge serves me correctly?

**Demonic722** · 07-26-2014, 04:19:30 PM

Originally posted by jin299 View Post

Okay I'll try and hack the code, but I will be quite awkward to hack seeing as I don't know load the gameshark code for cpu Bison II, when into the game using the debugger, because I don't think you can add cheats in the particular kind of debugger can you?

So I usually use the pec plugin which means that I have to resort to using the EPSXE emulator to load my gameshark codes into the game, because the no cash debugger doesn't seem to have, support this feature, at least I don't think it does if my knowledge serves me correctly?

I doubt there's a full-fledged Action Replay/Gameshark feature since most of Martin's debuggers are lacking in that area. In the hex editor, below the game's assembly, you can execute simple writes by performing these steps:

Code:

1. Right-click
2. Goto ... 
3. Enter address
4. Type in new value

You could also change values similarly in the area adjacent to the hex editor.

**jin299** · 07-26-2014, 04:53:58 PM

Damn typo's lol thanks for the the heads up Demonic722, It's a shame that Martin debuggers lack this feature because the debugger is overall very good, and apart from lacking a few important debugging features like trace loggers the debugger runs psx games perfectly, Mess debuggers have amazing debugging systems but in my own personal opinion are not very user friendly for beginners to use and can be quite difficult to set up properly.

**jin299** · 07-29-2014, 03:25:37 PM

Helder, could you check and see if there's a way to hack the cpu Balrog's Punch bag animation through ram hacking using Art Money to do so, because I'm pretty sure there's must be at least one way it could possibly be hacked without the aid of a debugger because i'm a bit skeptical of that ram code I previously found for the game the code seems quite buggy to begin with, and for all we know probably isn't even the correct address in the first place, there's has to be an easier alternative?

I have tried many different ways of trying to hack the code with the pec and Cheat Engine, but couldn't seem to find anything relating to any of the character intro animation sequences or Balrog's ?

**Helder** · 07-29-2014, 07:03:10 PM

What you found is correct but if you freeze that value it won't move past the animation because another value needs to be there. The proper way to do it is use the debugger to find the address pointer that has the value for the animation table and change all player1 table values to the new animation value so whatever pointer address that is loaded will use the animation. Once that's done it's a good idea to have a conditional like a player check so it only works with Balrog.

**jin299** · 07-29-2014, 10:07:59 PM

Thats good to know that the address I found is the right one, so all we have to do is manipulate the instruction that loads the animation character values, but how would I change all players 1 table values to then new animation value?

**Helder** · 07-29-2014, 10:34:33 PM

No you're not manipulating the instructions (I tried it an it froze like it did for you), you're manipulating the data that it fetches somewhere in RAM that has the animation values but you use the debugger and the registers to find the address that has these values.

Announcement

Hacking Sequential codes PSX

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment