(05-09-2015, 03:13 PM)monsterjamp Wrote: @Aced14: Nice, I was actually trying to figure out how to make a patch for Frequency based on your post about Amplitude. If you don't mind me asking, can you explain how you figured out the patch again? I understand you overwrote some code with your own code and I sort of understand MIPS assembly. But how did you find which address to write to (How did you know to overwrite $f0)?
Based on your reference to $f0, I presume you're talking about MIPS registers as opposed to addresses.
What I did was use PCSX2's debugger. I setup a breakpoint on one of the memory addresses Amplitude's ELF file was about to write the X FOV into. When I loaded my savestate and encountered the breakpoint, I went to the debugger's "Registers - FPR" tab. It contains an outline of all float registers' values at that point in time. All of the latter float registers ($f20 through $f31) appeared to be unused because they all contained 0.000000.
Amplitude's ELF file normally writes $f0's value into the aforementioned memory address. I ended up injecting a jump command right before it writes to that address. It goes to an area of the ELF file's memory I overwrote with custom MIPS logic. From there, I loaded 0.75 into the unused $f31 register, multiplied the $f0 register's value against it, then stored the result back into $f31. The reason I didn't use $f0 for the result is because the ELF file still uses $f0 for a couple of division calculations after its value gets written to memory. I didn't want to interfere with those calculations. I then wrote $f31's value into the memory address I keep referring to instead of $f0's value. Finally, I jumped back to where I came from (2 lines latter).
Is that the kind of information you were looking for? If you're still unsure about anything or have a more specific question, I could try to explain further
.
(05-09-2015, 03:13 PM)monsterjamp Wrote: Also how did you convert the MIPS code to a pnach?
I usually use ps2dis to do it, but other ways exist too.
Keep in mind that there are sometimes differences in how the tools I'm about to cover interpret and/or display plain-text MIPS instructions (HEX representations should always be the same). I personally use ps2dis as my "benchmark" for MIPS instructions. When I develop pnaches that necessitate injecting custom MIPS logic, I include ps2dis' plain-text instructions in line comments.
Here's how to do it with ps2dis...
- Open an ELF file in ps2dis.
- Go to "Analyzer - Invoke Analyzer" (probably isn't necessary for your purpose - but it's the first thing I always do).
- Go to any line of code and double-click it.
- In the pop-up window, enter a MIPS instruction into the "Command" field. The "Data" field's value will change on-the-fly. "Data" is a HEX representation of the instruction. I usually copy its value for use in Cheat Engine (for testing) and my pnaches.
- Repeat the previous step as many times as needed.
Other tools that can achieve the same kind of purpose...
- Pelvicthrustman's PS2 Hacking Toolkit - MIPS Mini Assembler:
- Allows you convert MIPS instructions to HEX, one at a time.
- PCSX2's debugger:
- Run a game in PCSX2.
- Go to "Debug - Open Debug Window..." in PCSX2's file menu. If it's not there, upgrade to the latest Git version of PCSX2.
- Click the "Break" button.
- Select any line of code in the right panel and start typing. An "Assemble opcode" window will automatically pop-up, showing what you're typing in.
- Finish typing your MIPS instruction, then click the "OK" button.
- Right click on the line you modified and select "Copy Instruction (Hex)".
- Repeat steps 4-6 as needed.
Edit: Added more context as to why I didn't directly store my widescreen calculation's result in the $f0 register instead of $f31 (third paragraph after the first quote block).
