(03-02-2017, 08:37 AM)asasega Wrote: @El_Patas, both, depends on the game, but at the end of the day even the elf resides in memory. But I know why you asked, because of patterns and offsets.
In this case is a memory location, meaning it's a value and it is not an asm hack, so it's not located in the elf file. But even in this case, if you have access to both versions you can find the location easily with the debugger, just set a break on read to the address in the ntsc version and see which instruction reads it, and then make your pattern and you will easily find the same instruction in the pal elf. Then when you play that version set an break on execute on that instruction during gameplay, and you will find from which address the value gets loaded.
I have access to both versions of Motorstorm Arctic Edge, but never i used the debugger of pcsx2.
With the NTSC-U version of the game running i open the debugger, i add a new breakpoint.
In the blank box of adress i write the adress of 2039BAF8, in the size box i left the default size of 0x00000001.
I quit the mark of the box "Write" for having only selected the "Read" one, i need quit the write box or is not needed?
When i press ok, in the right yellow window is selected this value:
00284D7C lw v1, 0x3B8 (s0)
All this is ok?
The value 00284D7C is what you replace by 00000001 for having the 60fps?
@El_Patas
00284D7C lw v1, 0x3B8 (s0), this is ok.
but 00284D7C is an address, we don't modify addresses but values of addresses. This address has this intruction lw v1, 0x3B8 (s0) which in hex is 8E0303B8.
This intruction loads the value from 2039BAF8 which determines the framerate.
So now we must find the same instruction in PAL elf. For this we must create a pattern. I included a screenshot for easier understanding.
You can right click the address 002847DC and click "Go to in Memory view". When we choose to make a pattern it is good to choose instructions which do not deal with addresses, because addresses can vary between different regions of a game. So I choose the three instructions starting from 00284D84.
The pattern is 2d 20 40 00 1e 00 02 24 23 20 44 00 marked with red in the screenshot. Now you just search for this pattern in the PAl elf. You can use PS2Dis which is a mips disassembler or a hexeditor whichever you prefer. It is possible that you will find more then one occurence of the pattern, you have to look carefully so that the instructions nearby looks the same. I managed to obtain the PAL elf and I included a screenshot for you. Notice that instructions with addresses would have been no good, because in the PAL elf the values are different, remember this when you make patterns.
After you find your instruction, during gameplay set a execute breakpoint for this instruction, in our case is address 00284c44 lw v1, $03b8(s0). Now when you the execution breaks you take the value of the s0 register from the left pane with the registers and add to it 3B8, then you will have the address in the PAL version.