News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: One very big problem with PS1 hacking  (Read 635 times)

battleonfan1

  • Newbie
  • *
  • Posts: 4
    • View Profile
One very big problem with PS1 hacking
« on: June 13, 2018, 08:20:40 pm »
There is a tried and true method for hacking Windows executables. Use Cheat Engine to find dyanmic memory addresses, find what accesses/writes to that address and then find that instruction in IDA Pro to use their pseudocode.

This method doesn't really work with PS1 games as well as N64/PS2 or any game system that uses a MIPS instruction set.

IDA Pro has no trouble disassembling a PS1 Executable, but the problem lies in the fact that Cheat Engine uses x86 instructions instead of MIPS.

I've tried to use the built-in debuggers for Bizhawk and pSX but neither of them, to my knowledge at least, have "Find out what writes/accesses this address". This makes it super hard to find out which function to analyze in IDA.

So I'm wondering if anyone has any experience with reverse engineering PS1 games and how to identify functions.

Gemini

  • Hero Member
  • *****
  • Posts: 1980
  • 時を越えよう、そして彼女の元に戻ろう
    • View Profile
    • Apple of Eden
Re: One very big problem with PS1 hacking
« Reply #1 on: June 14, 2018, 12:02:22 pm »
No idea where you searched, but pSX has indeed write/read breakpoint support in its debugger.
I am the lord, you all know my name, now. I got it all: cash, money, and fame.

tvtoon

  • Sr. Member
  • ****
  • Posts: 323
    • View Profile
Re: One very big problem with PS1 hacking
« Reply #2 on: June 17, 2018, 10:24:43 am »
Don't you want a function call tracer?

You can workaround by learning about the branching instructions and setting breakpoints.
My choice: use no$psx. :)

acediez

  • Full Member
  • ***
  • Posts: 215
    • View Profile
Re: One very big problem with PS1 hacking
« Reply #3 on: June 18, 2018, 07:44:48 pm »
If you want to work with CheatEngine, you can use ePSXe 1.925. This version uses fixed RAM locations. Here's a video about it by https://www.youtube.com/watch?v=aZxtts7HBNY