Ok I found the address 0090F1B8 pcsx2_rev4282.exe+50F1B8 within cheat engine using pcsx2 rev 4282 how I convert this into a real address?
All other codes i've found come up as 2??????? addresses be it 8-bit, 16-bit or 32-bit search, that's the EE correct? so what is my above address 0090F1B8 from?
Address controls the found disc type, but i'm not sure it's overwriting what the emulated console memory sees or if it's overwriting what pcsx2 seeks before passing it on the emulated memory.
1: what game?
2: what is the code supposed to do?
I'm sure you mean 2-byte/4-byte I doubt you're pairing 2+ addresses and values
Since you are using newer version than r4029,all the codes you find are the same in Cheat Engine and those you put into .pnach
The only difference is the 2 at the beginning of the address
This 2 you must change depending on what type the code is or what will you use for type(byte,short,word or extended).
When you use for type extended you must replace it with for 0-255(0-FF) to 0,for 0-65535(0-FFFF) to 1 and for 0-4294967295(0-FFFFFFFF) to 2
When you use for type byte,short or word,you have to change it to 0
The address you found might be a pointer to EE data or maybe an instruction pointer to recompiled ELF code (if the Cheat Engine's debugger was involved).
But it is definitely not an EE address, and you can't rely on it because it will be different in different versions of PCSX2.
(03-28-2011, 12:21 AM)_DTG_ Wrote: [ -> ]The address you found might be a pointer to EE data or maybe an instruction pointer to recompiled ELF code (if the Cheat Engine's debugger was involved).
But it is definitely not an EE address, and you can't rely on it because it will be different in different versions of PCSX2.
Which raises a question for me. Do we know what causes re-compiler resets or a way to deal with them?
When I was making
http://www.youtube.com/watch?v=DiZOviKR1jg I had to keep starting over because the code for calculating dark matter would get recompiled and moved.
I ask because I notice some of the generated code is, odd. I might be able to contribute to the pcsx2 project and improve it, but I can't keep any of the generated code nailed down to analyze any of it
Well. It looks like PCSX2 recompiles a PS2 (ELF) code on-the-fly. So the only proper way to deal with it is to find the offset of the original ELF code before it gets recompiled. Then you can try to patch it, if you are familiar with
MIPS instructions set and have the necessary tools to reverse engineer it.
I have heard that
IDA Pro can disassemble PS2 or PS1 executables, but I'm not quite sure.
Also, there was a program called "
PS2 Dis".
Don't know how much they can be useful.
I've got a feeling it's a kernal address.
0x00100000-0x01FFFFFF EE shows as 2??????? in cheat engine.
Using 2090F1B8 in cheat engine has no effect but 0090F1B8 works.
Code:
Logical Address Range Physical Address Range Description Size
--------------------- ---------------------- ----------- -----
0x80000000-0x800FFFFF 0x00000000-0x000FFFFF EE Kernel 1 MB
0x00100000-0x01FFFFFF 0x00100000-0x01FFFFFF EE RAM (Cached) 31 MB
0x20100000-0x21FFFFFF 0x00100000-0x01FFFFFF EE RAM (Uncached) 31 MB
0x30100000-0x31FFFFFF 0x00100000-0x01FFFFFF EE RAM (Uncached&accelerated) 31 MB
0x10000000-0x11FFFFFF 0x10000000-0x11FFFFFF EE Registers (uncached) 32 MB
0x12000000-0x13FFFFFF 0x12000000-0x13FFFFFF GS Registers (uncached) 32 MB
0x1FC00000-0x1FFFFFFF 0x1FC00000-0x1FFFFFFF? Boot ROM0 (uncached) 4 MB
0x9FC00000-0x9FFFFFFF 0x1FC00000-0x1FFFFFFF? Boot ROM09 (cached) 4 MB
0xBFC00000-0xBFFFFFFF 0x1FC00000-0x1FFFFFFF? Boot ROM0b (uncached) 4 MB
0xBE000000-0xBE040000 0x1E000000-0x1E03FFFF? Boot ROM1 256 KB
0xBE400000-0xBE440000 0x1E400000-0x1E43FFFF? Boot ROM2 256 KB
0xBC000000-0xBC1FFFFF 0x1C000000-0x1C1FFFFF? IOP RAM 2 MB
0x70000000-0x70003FFF ---------------------- Scratch Pad 16 KB
Kernel empty and unused areas (NB: On non-modded consoles)
----------------------------------------------------------
Area Logical Address Range Physical Address Range Size
---- --------------------- ---------------------- ----
#1 0x80030000-0x80074FFF 0x00030000-0x00074FFF 282624 Bytes
#2 0x80078250-0x8007FFFF 0x00078250-0x0007FFFF 32176 Bytes
RAM Mirror Modes Logical Address Range Physical Address Range Size
---------------- --------------------- ---------------------- ----
Cached 0x00100000-0x01FFFFFF 0x00100000-0x01FFFFFF 31 MB
Uncached 0x20100000-0x21FFFFFF 0x00100000-0x01FFFFFF 31 MB
Uncached&accelerated 0x30100000-0x31FFFFFF 0x00100000-0x01FFFFFF 31 MB
Operating Modes Logical Address Range Physical Address Range Size
--------------- --------------------- ---------------------- ----
USEG 0x00000000-0x01FFFFFF 0x00000000-0x01FFFFFF 32 MB
KSEG0 0x80000000-0x81FFFFFF 0x00000000-0x01FFFFFF 32 MB
KSEG1 0xA0000000-0xA1FFFFFF 0x00000000-0x01FFFFFF 32 MB
Scratch Pad RAM Address Range
-----------------------------
0x70000000-0x70003FFF
ROM BIOS Mirror Address Range Logical Address Range Physical Address Range
----------------------------- --------------------- ----------------------
Uncached 0x1FC00000-0x1FFFFFFF 0x1FC00000-0x1FFFFFFF
Cached 0x9FC00000-0x9FFFFFFF 0x1FC00000-0x1FFFFFFF
Uncached 0xBFC00000-0xBFFFFFFF 0x1FC00000-0x1FFFFFFF
(03-28-2011, 02:08 AM)_DTG_ Wrote: [ -> ]Well. It looks like PCSX2 recompiles a PS2 (ELF) code on-the-fly. So the only proper way to deal with it is to find the offset of the original ELF code before it gets recompiled. Then you can try to patch it, if you are familiar with MIPS instructions set and have the necessary tools to reverse engineer it.
I have heard that IDA Pro can disassemble PS2 or PS1 executables, but I'm not quite sure.
Also, there was a program called "PS2 Dis".
Don't know how much they can be useful.
Doesn't solve the problem of me being able to analyze what the output of the recompiler is without it moving around on me.. but that doesn't matter cause...
Sure enough... I just drag and dropped the file into IDA and it disassembled it perfectly. At first I thought it was wrong and messed up, but I learned.. no it isn't messed up. MIPS doesn't even have a stack, I don't even...
It does explains why the code I was looking at running seemed odd.. I think getting into this right now is above my head and I'll save it for when I have more time