PCSX2dis v1.1 - A ps2dis-inspired, PCSX2-enabled Game Hacking Tool (W.I.P 13-02-2015)
#1
WARNING: PCSX2dis runs alongside PCSX2 1.2.1, and can be kept in the same folder with no side-effects. Keeping PCSX2dis with a different version of PCSX2 may work, but is likely to have side-effects, including possible config corruption and incompatible savestates.

Disclaimer: ps2dis is the name of a great PS2 hacking program created by Hanimar way back in the early 2000’s. Still one of the most-used tools in the hacking realm, it can be downloaded from here.

PCSX2dis was coded by LXShadow with strong inspiration from Hanimar’s work, but has no official affiliation. Borrowing most of ps2dis’ features and interface, PCSX2dis is intended as unofficial tribute to the original software with upgrades that take advantage of PCSX2’s powerful emulation capabilities. Due partly to its great inspiration from ps2dis, I desire no credit for the contents of this program in any way, shape or form.

Tl;dr, ps2dis was awesome. Here’s my ps2dis fanfiction =)


(I have finally YOLO'd this topic out into the wild! My forumophobia nags me and tells me that it sucks, so I'm gonna apologise for my Internet-newbie mistakes in advance! Sorry!)

PCSX2dis and What It Is

[Image: f7ExP8P.png%5D][Image: A6XDddh.png][Image: wDc8002.png][Image: kNqR0IZ.png][Image: WqdphAf.png]
PCSX2dis is an ambitious new hacking tool based on old hackers' favourite ps2dis. Created for advanced hackers and beginner/intermediate hackers who wish to learn ASM hacking, this is an all-purpose tool fixed to a modded version of PCSX2, designed to make PS2 game hacking easier than ever, all in realtime!

PCSX2dis’ true focus is to make both traditional and ASM code hacking as fast and intuitive as possible. It isn’t really the most advanced tool ever—it lacks support for the VU, R3000A and a few more things that I don’t really understand myself—but it’s great for finding things once unseen in PS2 games, such as debug menus and hidden levels, as well as easily enabling raw GameShark codes made by others without needing to mess with patch files or Cheat Engine.

PCSX2dis is used to:
• Analyse and display ASM game code
• Modify game code and game data in real-time
• Create and test RAW GameShark codes on-the-fly
• Create breakpoints to aid the discovery of new codes
• Act as a unified hacking and GameShark tool for intermediate-to-advanced game hackers

Features

Classic ps2dis features: A handy combined view of data and ASM code; labels that can help you remember what to find at a certain address; instant disassembly and reassembly; and the ability to save and load working projects.
Breakpoints: Instruction and data breakpoints are supported! One read breakpoint, one write breakpoint, and up to ten instruction (or “PC”) breakpoints can be set simultaneously. For those unaware of the concept, breakpoints make the game freeze when a certain condition (e.g. a memory address is written to) is met. The program shows you what line of code caused the freeze to happen, and allows you to make modifications. This is very handy, because tracking these lines of code down manually can be very hard!
(...and obviously, you can unfreeze the game afterwards, just FYI =P)
GameShark (RAW) codes: In addition to PCSX2’s patches and cheats, PCSX2dis lets you enable simple raw GameShark codes in its own little window for convenience. Great for rapid testing! You can either type these in manually, or edit the data on any line and hit Ctrl+Enter instead of Enter.
Mini Memory Scanner: Cheat Engine taking up too much screen space? Try out the integrated Code Scanner in the Active GameShark Codes window. Easy finding and easy testing =)
Easy memory modification: It’s as easy as going to a line, double-clicking the value, changing it and hitting Enter! ASM modders can also double-click the code section of the line, and reassemble that quickly. Decimal values? No problem, just convert the line to a word/halfword/byte and edit the rightmost section. Floating-point values? Just convert the line to a Float and do the same! Entire strings? Just convert the line to Byte and enclose your string with double-quotes (if you wish the string not to be null-terminated, omit the closing double-quote). Once again, with all of these you can use Ctrl+Enter to both change it and store it as GameShark code(s).
Register Overrides: Do you know the value of a certain register at a certain line, and PCSX2dis doesn’t? Feel free to let PCSX2dis know by right-clicking and adding a Register Override. You can override as many registers on a single line as you like.
Advanced Searches: The Search box has been some handy new options to play around with. Two of these can particularly help: One, you can now search for ASM code, with optional wildcards for every operand that isn't the instruction itself. (e.g. lw *,$****(*)). Two, you can now search for anonymous patterns: patterns of values that you don't know, where each (case-sensitive) letter you type represents one of the specific values. Any matching patterns of data in the game will be found. This is handy for finding button codes, or sequences of data whose values are unknown. For example, in Ratchet & Clank, in-game cheat codes are sequences of character movements. So to search for e.g. Right flip, Left flip, Right flip, Back flip, Back flip, Forward flip, Left flip; you could search for RLRBBFL. Or 1213342. Or maybe if you're funky, ><>vv^<. Or if you're more the contradictory type, <><^^v>. All of these searches will yield the same result(s).
Struct definitions: Have you found the global list of objects in a game's memory, but don't feel like labelling every single parameter for every single object? Meet struct definitions! A struct, in languages like C++, is an object of data consisting several variables. When multiple objects are created, the variables for each object can be easily found.
In PCSX2dis, a struct labels data in the list as though they were variables in a struct (or more importantly, a list of structs). Simply set up a data format (for example: the first four bytes in should be called 'x' and should be a word type, the next four bytes should be called 'y' and should be a word type, etc.), declare its size, and drop any number of these automatic-labelling formats into any part of the list. See the Edit->Struct Defitions and hit Add for more information. After creating a definition, right-click any line in the main list and hit Place Struct to declare an array of your structs!

Understanding PCSX2dis

Note: If you’ve already used ps2dis before, you’re pretty much already set! There’ll be a few new features and hotkeys you should check out, and you must now Analyse to detect labels, but otherwise the environment is virtually the same. Skip this section and knock yourself out!

When you open up PCSX2dis with a game loaded, you will get taken straight into the live memory view as explained in the Interface section. For those wondering why there’s no scrollbar, it’s because this list is hecka long (way over 8 million lines). Navigation isn’t as hard as it looks; be sure to check out the hotkeys before starting.

For those inexperienced with this kind of hacking, I’ll mention this first: the addresses and values you see in the list are the exact same kind as a normal code. That’s right--the ones you can find with a code scanner. Don’t worry about the assembly instructions (e.g. addiu v0,a0,$1337) that are shown on nearly every line, because those only matter when the line is actually a valid ASM code (which PCSX2dis doesn’t know, so it just assumes it is). So don’t be scared off just yet – the ASM code on the right hand side doesn’t actually matter unless you understand it, and you could in fact just use this program to change the values of your own codes more easily. =)

If you don't know ASM code, but want to give advanced hacking a shot, it's really essential to learn ASM. The ASM is basically the PS2 processor's programming language. It's so minimalistic and non-advanced, that every line of it can be converted into four bytes of data that the processor reads.

The PS2's ASM ("ASseMbly") language is known as MIPS. Click here for its Wikipedia page, and consider googling for MIPS tutorials and instruction references (some of which are seen on the Wikipedia page's External Links). Learning ASM can be hard; it's easiest for those who have programming experience, and learning by experimenting is always a good idea. Once again, check out the Quick Guides at the bottom of this topic as some of them may give you a taste of ASM modding!

Like ps2dis, it’s really hard to explain how to use this program from the ground-up. Instead of a multipurpose tutorial, I’ve written up some short guides that’ll help familiarise you with PCSX2dis’ interface and how it works. Check them out at the bottom of this post. As always, if you can’t figure out how to do something that should theoretically be easy, make sure you check out the Hotkeys!

The Interface
[Image: gCfg35e.png]
As shown in the desperately-Photoshopped screenshot spoilered above, PCSX2dis’s main view displays a column-based list representing the game’s memory.

Column 1: Address Column: This displays the address of the data at the current line. Oftentimes the data at the current line is displayed as more than a byte, therefore the next address on the list will skip these.

Attempting to edit anything on the Address column will do nothing.

Column 2: Value Column: This displays the value of the data at the current line. The data will vary in length depending on the type of the line. For example, a line converted to a Byte type (with the B key) will display only one byte. By default, every line (except those recognised as labels by the program) will be a Code type, which is four bytes long.

Attempting to edit anything on the Value column will change the raw value at the address, like a GameShark code.

Column 3: Label Column: This displays the label, which is a piece of text either generated by PCSX2dis (based on string data discovered in memory), or by the user. Anything in the label column does not affect the actual game’s data. This section is purely to help the user out: it can show you where a game’s string is, and can also be set by the user to help you remember an address for something.

Attempting to edit anything on the Label column will add (or replace) a label. Once again, this does not affect the game’s data.

Column 4: Converted Value Column: This displays the value of the game’s data at the current line. This is like the Value column, except this value is displayed differently depending on the type of the line (i.e., what the line was converted to). For example, a line converted to a 4-byte Word with the W key will display the hex value at the address (same as the Value column), as well as the decimal value of the address (the same value converted to decimal). By default, this column usually displays the data at an address as ASM code (converted with the U key), which is only actually valid in the code sections of the game’s memory.

Attempting to edit anything on the Converted Value column will give different results depending on the line’s type. For Words (4-byte), Halfs (2-byte) and Bytes (1-byte), the edit box will expect a decimal value and set the value based on that, unless you use the $ sign, which will use a hex value instead (e.g. $D3ADFAC3). For Codes (4-byte code), the edit box will expect a valid line of ASM code.

Additionally, for Bytes, a string (text) will be accepted if you begin the value with a double-quote (e.g. “pizza). If you also end it with a double-quote (e.g. “pizza”), the string will have a byte of 0 added to the end, which usually signifies the end of a string in game data.

Column 5: Autocomments Column: This section contains auto-generated comments, automatically produced during an Analysis and sometimes while exploring code. It uses a C-style syntax to describe the assumed values of the registers at certain points in the function. Naturally, this is only seen on Code lines.

Attempting to edit anything in the Autocomments column will (...probably? I forget =P) do nothing.

Hotkeys

I highly recommend you to learn the hotkeys here—they’ll make life much easier and some of them aren’t explicitly featured in menus or dialogs. Some of these hotkeys you’ve seen before in ps2dis; feel free to ignore those if you’re familiar with that program. However, the new ones will prove quite valuable, so check them out!

(Spoiler'd due to many newlines wow)

Ps2dis Standard:
Up: Go up 1 line
Down: Go down 1 line
Shift+Up: Scroll the screen up
Shift+Down: Scroll the screen down
Right Arrow: Go to selected line’s referenced address
Left Arrow: Go back through line history
Page Up: Jump up full page
Page Down: Jump down full page
G: Goto Address (dialog box)
Ctrl+G: Goto Label (another dialog box)
Ctrl+F: Search
F5: Search Next
Shift+F5: Search Previous
F3: Find Next Reference (of Marked Address)
Shift+F3: Find Previous Reference (of Marked Address)
Space: Mark/unmark highlighted address (for reference-finding)
U: Set line type to Code (note: In PCSX2dis, the Unknown and Code types are now merged)
W: Set line type to Word (4 bytes)
H: Set line type to Halfword (2 bytes)
B: Set line type to Byte
F: Set line type to Float

PCSX2dis New:
Middle-click (hold): Smooth scroll (may be buggy; last-minute addition!)
Shift+Left: Go forward (note: can be handy! Sometimes hitting Right Arrow won’t take you back to the same place) (Update: After discovering the archived original ps2dis page I've learned this may have existed in ps2dis using Ctrl+Left or Ctrl+Right. I'm keeping this as Shift+Left, however, for logical consistency with Shift+F3 and Shift+F5)
Ctrl+B: Set a PC breakpoint on current line
Enter/Double-click (with no Edit Box open): Open Edit Box to edit a line
Enter (with Edit Box open): Confirm changes
Ctrl+Enter (with Edit Box open): Confirm changes & activate with a GameShark freeze code
Tab (with Edit Box open): Change Edit Box section (towards the right)
Shift+Tab (with Edit Box open): Change Edit Box section (towards the left)
Right-click: Extra options


Limitations

• Currently, only EE memory and instructions are supported. R3000A and VU support is unplanned. This is because in every hacking scenario I’ve been in so far, finding debug menus and secret levels normally happens on the EE. Other than that I’d have no idea what I’m doing if I attempted to add R3000A and VU support. =P
• Customisability is limited. Stay calm and try to get used to the tiny font for now. After all, the small size means that lots more fits on the screen, right? =>
• Stability is not guaranteed. This guy’s more of a hacker than a programmer, so unfortunately the program suffers from some general hackyness. As always, saving projects frequently is highly recommended!

Known Issues

These are issues I’ve noticed in the program and hoping to fix in the coming updates. Unfortunately my blood is more hacker than it is tidy-programmer, so I’ve still got some stuff to clean up. I apologise for the inconvenience. Here’s the stuff that I know I’ve done a little wrong!

• Step Over is not yet implemented. Will do this ASAP!
• Any breakpoints on a branch instruction are currently glitched: clicking ‘Continue’ will just make the instruction repeat itself. The current solution is to click Step first, then Continue. I suspected there might be side-effects to this glitch, particularly the delay slot being executed multiple times, but this doesn’t seem to be the case.
• Displayed register values may be invalid at a data breakpoint (instruction breakpoints should be fine). In addition, if you change them at a data breakpoint, the registers will not be changed
• Actually, breakpoints might just crash sometimes. Messing with the EE recompiler has its dangers. Make sure you save projects frequently and use savestates in the emulator!
• Support for analysed code visualisation (the Autocomments section) is simplistic and generally incomplete. However, it’s still handy when it’s right. Just make sure you double-check Wink
• Code Scanner search results don’t automatically update over time. This is more of a missing feature than a bug and I’ll try and get it supported soon!
• Some instructions – mostly floating-point instructions – are still unsupported for now.

Updates

Last Update: 13/02/2015

13/02/2015 (v1.1)
WARNING: Project files saved in this version will not be compatible with the previous version.
+ Breakpoints now update the register values in the main list when they're hit
+ A new hotkey has ben added: Hit O on any line to jump to its value relative to the current address (Offset)
+ Coloured lines on the list can now be mixed & matched! Warning: doing several things to a single line may result in rainbows.
+ Struct definitions are now supported! No more pesky manual labelling for the implied struct arrays in memory.
+ Added 'Set Data Types' menu option which can quickly declare multiple addresses as a certain type

* Fixed many navigation/history bugs
* Save will now save codes in the GameShark window that aren't updated


Possibly To Come

• A breakpoint Ignore List so that specific read/write lines could be found in a haystack of other read/write lines that affect the same address

Questions and Feedback

Since I kind of suck at explaining stuff ( =( ), feel free to ask questions on this topic. For the short time I continue to support this program (I'm mostly a retired hacker) I'll try to answer them and see what I can change in both the program itself and the explanatory release details I've put here.

This will be my first and only release, so I apologise for any newbie mistakes I may have made in this topic or the program itself, and would appreciate any... er... correctional tips. =)

Thanks for checking this out, and happy hacking!

Quick Guides
Click the Spoiler button to view these. More guides may be added in the future!

Note: In all of these guides, you should run your game up to a point where you’ll notice your changes before you start.

How to change the value of an address you already know
1. In PCSX2dis, make sure the list is in focus (click on it), and hit the G key
2. Copy & paste (or type) the address you wish to go to, then hit Enter
3. Highlight the line of the address. If your address is in between two lines (lines default to four bytes each), hit either the B key (to turn the current line into four separate lines), or the H key (to turn the current line into two separate lines). You should choose based on how many bytes your address uses. (You can convert back at any time by hitting U.)
4. Find your address and double-click the value next to it. A box should appear
5. Type in your new desired value
6. Hit Enter (or, if you want to freeze the code to your new value, hit Ctrl+Enter)
7. You’re done! =)

How to change a piece of in-game text
1. Find a piece of text that you know appears in the game. You can find many of them by looking through the Labels (to see the labels, click Analyse -> Analyse All; then after it’s done, go to Edit->Go to Label)
2. On the far-right side, there should be a text that says ‘.byte’, along with hex and decimal values for each character. If not, highlight the line where you know the text is and hit B to convert it to bytes
3. Double-click that text. A box should appear
4. Type in your new text. You must start this with a “ and, normally, you should end it with a “ too.
5. Hit Enter (or, if you want to freeze it, hit Ctrl+Enter)
6. Done! =)

How to make the game stop changing the value of an address

1. Make sure you have an address in-hand before starting. If you don’t have one you could use the Code Scanner to find one
2. Go to your address by hitting G, pasting it in the box and hitting Enter
3. Highlight the line of the address. If your exact address isn't on the list, it's between two lines. Highlight the line closest to your address rounded down; then hit either the B key (to turn the current line into four separate lines), or the H key (to turn the current line into two separate lines).
4. Right-click the line with your address and click Set As Write Breakpoint
5. If the game hasn’t frozen already, do something in the game that will make the value of your address change. For example, if you used a Score code, do something that will make your score change
6. The game should freeze. You’ll see a brightly-coloured line on the list. This will either be the line that changed the value of your address, or the line above it. The one that changed it will say something like ‘sw x,$xxxx(x)’, ‘sb x,$xxxx(s)’, or something very similar
7. Double-click the line that you think changed the value of your address (check the suggestions above). Make sure you double-click on the Converted Values section (with text like e.g. sw x,$xxxx(x)). A box should appear
8. Type nop into the box, and hit Enter
9. Unfreeze the game by clicking the Continue button on the right. If it freezes again on the same line (this is a glitch, sorry!), click the Step button and then click Continue.
10. If the game freezes again on a different line, repeat steps 6-9 until the game stops freezing
11. If the game’s still working, congratulations! You’ve just removed a piece of the game code that changes the value of this address (and, if you’re particularly unlucky, possibly the values of some others too… =P)


Download
Well--what are you waiting for?! Download the attachment and give it a try! =>


Attached Files
.zip   PCSX2dis-v11.zip (Size: 2,34 MB / Downloads: 4.528)
Reply

Sponsored links

#2
looks pretty great for asm hacking, i will look into it Smile and, is it compatible with the 1.3.xxx versions of orphis build bot ?
We're supposed to be working as a team, if we aren't helping and suggesting things to each other, we aren't working as a team.
- Refraction
Reply
#3
I guess he has to compile it for each version of pcsx2. So I would say this is an extended 1.2.1 and not compatible/including the development builds.

It is a bit funny that pcsx2 had for some time no real debugger and now has two (Kingkom's and this).
But Kingkom is read only if I heard it correctly, while here you can actually change something...
Reply
#4
(11-20-2014, 01:35 PM)s.sakash Wrote: looks pretty great for asm hacking, i will look into it Smile and, is it compatible with the 1.3.xxx versions of orphis build bot ?

Hey thanks. =) Unfortunately I don't know about compatibility with the later builds, but if you make a backup of the PCSX2 ini folder, and avoid saving savestates without loading them first, it's safe to try out. The main issue I think is the savestate format, which might be backwards-incompatible by default, and/or might have been updated between 1.2.1 and 1.3.xxx.

(11-20-2014, 03:01 PM)willkuer Wrote: I guess he has to compile it for each version of pcsx2. So I would say this is an extended 1.2.1 and not compatible/including the development builds.

It is a bit funny that pcsx2 had for some time no real debugger and now has two (Kingkom's and this).
But Kingkom is read only if I heard it correctly, while here you can actually change something...

Yeah- PCSX2 1.2.1 is the official latest stable release (AFAIK), and those are far easier to keep track of than the constantly-updating SVN builds =P

I'm a bit of a solo artist in the hacking scene so I hadn't really kept up with the PCSX2 builds and the debugger. I felt that it'd been too long without one too, I guess the creator of Kingkom and I were hit by the same impulse =)
Reply
#5
why is vu support not implemented, other than that this is quite good. Smile
Reply
#6
(11-21-2014, 03:04 PM)white fang Wrote: why is vu support not implemented, other than that this is quite good. :)

Quote:PCSX2dis - A ps2dis-inspired, PCSX2-enabled Game Hacking Tool (W.I.P)

-----

Nice work, man. Do you plan on making a repo for this sometime in the future?. It would be easier to keep it up to date :p
Reply
#7
Thanks dude. =) Actually, full disclosure is that I'm actually pretty clueless about that sort of thing; my programming and hacking was a self-taught hobby and this is just one of the things I've done as a side to my efforts in game design. I might not be able to fully dedicate it, but any ideas where to start?

To be honest I just wanted to get this program out there in case it could be useful to other game hackers. =) I don't know how long I can support it, because of other work/education. But if you or anyone on the team would be able to incorporate it into the conventional environment I'd greatly appreciate it! There'd be a lot of cleaning up to do though....my code kind of sucks, especially the four-year-old parts =P
Reply
#8
Firstly, I want to say thanks for this very useful tool. I'm still learning about memory and asm patches and this has helped me greatly.

I feel like I'm really close to making my first proper asm hack, but I've hit a problem that I just can't solve:

Following your "How to make the game stop changing the value of an address", I've managed to edit the asm code for several games to manipulate in-game variables (eg gear number, view option). I can then use the address I find to create a pnach to patch the memory address to nop (or the other codes I've used). This is where I hit trouble:

Doing a reboot in PCSX2 with my pnach causes it to crash (after loads of "TLB Miss" errors). When I load a state, the game and pnach work perfectly.

Is this is some sort of ELF integrity check performed on boot? Can anyone give me any hints? I can post more specifics if it would help.
Reply
#9
Hey Ted, sorry about the super-late response (was kind of worried this thing died, though I can't believe I haven't checked for so long D=). Out of curiosity, what game is this? It's a minor possibility, but the game might be using DLLs to replace its own code at certain points. If this is the case your 'nop' might be in place when the code it's affecting is completely different.

You could check to see if the game code changes itself to confirm or debunk this theory; if it indeed doesn't, more specifics would be appreciated =) I'm not too sure what the problem might be since I haven't many any changes to the patch system. Edit: Re-reading your message, errrr, this is probably happening to every game you hack? All right then--bring on the specifics!!

By the way, this is wayy overdue, but I've uploaded an updated version of the program. There were some major problems in this release that I didn't notice until I used the tool some time ago. If the back/forward behaviour has been annoying and there's been glitches saving and loading, you're in luck. =)
Reply
#10
(02-13-2015, 07:06 PM)LXShadow Wrote: Hey Ted, sorry about the super-late response (was kind of worried this thing died, though I can't believe I haven't checked for so long D=). Out of curiosity, what game is this? It's a minor possibility, but the game might be using DLLs to replace its own code at certain points. If this is the case your 'nop' might be in place when the code it's affecting is completely different.

You could check to see if the game code changes itself to confirm or debunk this theory; if it indeed doesn't, more specifics would be appreciated =) I'm not too sure what the problem might be since I haven't many any changes to the patch system. Edit: Re-reading your message, errrr, this is probably happening to every game you hack? All right then--bring on the specifics!!

By the way, this is wayy overdue, but I've uploaded an updated version of the program. There were some major problems in this release that I didn't notice until I used the tool some time ago. If the back/forward behaviour has been annoying and there's been glitches saving and loading, you're in luck. =)
I must say, I stumbled upon this thread a few months back and this was something I've wanted for a long time. I've been using ps2dis for years so it's nice to have most of that functionality along side ps2dis. Being able to find referrals live is really helpful.
Reply




Users browsing this thread: 1 Guest(s)