News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Going from gameshark code to patch?  (Read 6158 times)

azidahaka

  • Full Member
  • ***
  • Posts: 180
    • View Profile
Going from gameshark code to patch?
« on: May 02, 2014, 10:41:16 am »
I was wondering if it is possible to create a patch from a gameshark code...

I know that a GS code works over the RAM addresses while a patch works on the binary, but my reasoning is that those values on RAM must be read somewhere from the iso/rom before being transferred to RAM so it should be possible to locate and create a "stable" change in the medium.

I'm completely off in my understanding? is there a program or a tutorial able to do it?

thanks in advance! :)

BlackDog61

  • Hero Member
  • *****
  • Posts: 784
    • View Profile
    • Super Robot Wars A Portable translation thread
Re: Going from gameshark code to patch?
« Reply #1 on: May 02, 2014, 12:23:39 pm »
Hi there!

You are in the right and... at the same time things are more complex.
You are right that whatever reaches RAM was written there by the program; And the program has its instructions (executable) and data read from the ROM.
However...
The data you see in RAM can be the result of a long calculation from base things written in ROM. Let's take an example:
An RPG stores monsters info in its ROM "as is", among which base HP.
But it also has "golden monsters", which have 20% improvement in all characteristics over the generic version. Maybe the programmer stored the raw info with 20% increase already calculated. Maybe instead there is a flag that says that you encounter a normal or a golden monster, and calculations are made when the monsters' "form" is created in memory?

This is a simple example. There can be tons of things in the middle between "loading raw data from the ROM" and "writing something in the RAM".

In the end, the only reliable method is for you to use a debugger, breakpoints on RAM memory access to where you see the data, and execute "backwards" the code to see where that data comes from. Executing backwards is not possible, so this means a lot of assembly reading, interpreting, setting new breakpoints, etc, until you reach your goal.

So it's not like you'll find a "one-fit-them-all" tool for that...

I'd be glad if someone told me otherwise.  ;D

I hope this helps!

Black

[EDIT]
Actually... Going back in time (and in the program's execution flow) should in theory be possible IF (big uppercase not-yet-realistic "if";)) you asked the debugger to trace each and every instruction it executes until it reaches the breakpoint.
This kind of detailed tracing would make your computer run like a tortoise trying to haul a lorry full of bricks up the road to Grand Canyon, but... it would be nice. And the debugger's user interface could have a "back one instruction" button, all integrated in the user interface. Man, I would love this!!  :crazy:
Note: I hereby copyright the concept of backward breakpoint!!!
Now back to real life...  :police: Tracing is somewhat present in some emulators / debuggers. But it is kind of tough to interpret, and may not contain all that you need. So I am not sure this is "the most efficient way" forward. (Or backward... Err...)
With any luck, I brought you light until my signature and more confusion later. If that's the case, then you can just ignore the confusion all together.
« Last Edit: May 02, 2014, 12:44:45 pm by BlackDog61 »

azidahaka

  • Full Member
  • ***
  • Posts: 180
    • View Profile
Re: Going from gameshark code to patch?
« Reply #2 on: May 02, 2014, 12:54:37 pm »
it was quite clear :) still seems the issue is way more complicated and that one should start working from the iso and not from any GS code...

so one skilled man should find a way to understand from where the game loads certain values through a debugger?

FAST6191

  • Hero Member
  • *****
  • Posts: 3100
    • View Profile
Re: Going from gameshark code to patch?
« Reply #3 on: May 02, 2014, 02:22:59 pm »
Option 2 is you replicate the gameshark effect. This is one of the methods employed by some of the "trainer making" programs on the GBA and DS like gabsharky, GBAATM and DSATM.

Here you find the main loop of a program (or the vblank loop) and insert an instruction to write a value to the memory provided by the cheat. The cheat, the system and the requirements of the cheat can and will vary how you play this out* but a basic write of a short length of data to memory is hardly the longest of routines on any system.

*this does include making it easier if the original cheats need a bunch of IF type arrangements to get through the early game or something.

Some of the same programs would look for a simple instruction that fiddled with it (if you see store R1 in [cheat location] then you can alter the instruction).

henke37

  • Hero Member
  • *****
  • Posts: 643
    • View Profile
Re: Going from gameshark code to patch?
« Reply #4 on: May 02, 2014, 02:57:26 pm »
It is possible to trace code execution backwards. You just need to look at the stack to find the return address and keep a look up table to spot possible jump origins. You need to use skills to figure out which of the jump origins is the one that was used this time.

azidahaka

  • Full Member
  • ***
  • Posts: 180
    • View Profile
Re: Going from gameshark code to patch?
« Reply #5 on: May 03, 2014, 09:20:51 am »
I imagine that doig it yoursef it's out of the picture unless you understand PSX ASM correct?

FAST6191

  • Hero Member
  • *****
  • Posts: 3100
    • View Profile
Re: Going from gameshark code to patch?
« Reply #6 on: May 03, 2014, 10:40:59 am »
If that was more directed at my post then though I would look oddly at someone claiming "I understand ASM" for a given system when they only know what I am about to discuss the whole ASM thing is a very much a spectrum.

For instance if you did a static disassembly of the code, ran a text search and found the location in question being fiddled with, changed something that was subbing it to an add (or a mov) and then assembled that instruction in the relevant place you would have done an assembly hack. You might not be close to figuring out say what http://nocash.emubase.de/psx-spx.htm#unpredictablethings means for you but you would have done it.

For henke37's method I would say if the above is beyond you then that is very much also outside what you might want to be trying right now.

azidahaka

  • Full Member
  • ***
  • Posts: 180
    • View Profile
Re: Going from gameshark code to patch?
« Reply #7 on: May 03, 2014, 12:19:57 pm »
i somehow figured it out  :P

It's unfortunate for such a thing to be so complex but i did expect it.

Thanks a lot for the inside view  :thumbsup:

Tirlititi

  • Jr. Member
  • **
  • Posts: 38
    • View Profile
Re: Going from gameshark code to patch?
« Reply #8 on: May 03, 2014, 12:34:35 pm »
On the other hand, I would like to add that RAM datas and ROM datas are somehow alike. If it's for text, the alphabet encoding will be the same in both RAM and ROM (most likely), the numbers have the same length, the ID of constant objects (a model, a sprite, etc...) are the same...

So knowledge about GS hacking sure helps when you try to deciphere ROM datas. But that's not something you can automate of course.
Quote from: Unmon
This staff of mine has transformed itself into a dragon and has swallowed up the universe! Oh, where are the rivers and mountains and the great earth?

MeganGrass

  • Jr. Member
  • **
  • Posts: 67
    • View Profile
    • GitHub
Re: Going from gameshark code to patch?
« Reply #9 on: May 03, 2014, 12:48:48 pm »
This is very easy to accomplish with the help of KC's armips application.

Random example:

Code: [Select]
.psx
.open "PSX.EXE",0x8000F800

.org 0x8002C900
li $v0, 0x80 ; HP Max
sb $v0, 0x8015E283 ; RAM Location

.close

Please note that you'll want to stick something like this into a function that is reused very often. If I need to test something like this, I'll inject it into a Controller routine, for example. Otherwise, your efforts will have been for nothing, as the value would likely get updated/erased by another function.
« Last Edit: May 03, 2014, 01:00:24 pm by MarkGrass »

BlackDog61

  • Hero Member
  • *****
  • Posts: 784
    • View Profile
    • Super Robot Wars A Portable translation thread
Re: Going from gameshark code to patch?
« Reply #10 on: May 03, 2014, 02:43:38 pm »
Option 2 is you replicate the gameshark effect. This is one of the methods employed by some of the "trainer making" programs on the GBA and DS like gabsharky, GBAATM and DSATM.

I hadn't even thought of it but it is great idea - thanks Fast!

Azidahaka: in the end, which was the method used for solving this precise request?

azidahaka

  • Full Member
  • ***
  • Posts: 180
    • View Profile
Re: Going from gameshark code to patch?
« Reply #11 on: May 03, 2014, 06:57:34 pm »
well since i'm clueless about such advanced topics i guess none :D

it seems there's no easy way to go, but i did learn something new and cool. The idea of a loader and trainer would sound very interesting, but even that unless there's some pre-made files to adapt i fear would be too advanced for my skills...