Help - How to create patch for psx games?

[salvadorc17]

Hi, i want to ask help for some duty. My goal is to patch psx game with some Cheats codes from gameshark to allow run those every time game is loaded.

I know the tool Cheat patcher can be used to aply patches, but how to create cheat file .cp with the values like.
'D'{0}
$932b488 d:28

[FAST6191]

If you ask to create a patch most will assume you want to create a patch file.

Anyway what you ask is plenty possible, however it might take some doing.

There are generally two classes of cheats, though not every device will have a cheat setup for both.

1) ROM editing cheat. Classically this would be the game genie.
2) RAM editing cheat. Classically this is every thing (action replay, gameshake, codebreaker, most cheats in emulators...)
Some also count save editing and there are devices for that but this is not that.
Some systems, the PS1 included in this, will copy the game's code to RAM to run as the CD drive is far too slow. This means some cheats will edit part of the binary which is in RAM and thus can be converted easily to a ROM patch.

Anyway time to see how PS1 cheats work
http://doc.kodewerx.org/hacking_psx.html
http://problemkaputt.de/psx-spx.htm#arcadecabinets (scroll down a bit).
Assuming the first is a name or something I still don't see the second. I will go with the basic theory of how to hardpatch cheats.

You have several methods
1) The hard but good way. If you are making an infinite life cheat there will be some routine in the game that subtracts from the life value. You find this subtraction and change it to an add or to do nothing. Easier said than done but still doable enough. Do note that many things can change a value, the usual example most teach is original NES mario; you have pits, time, hazards, enemies and possibly poison mushrooms to contend with.
You can also negate the failure method if you want. Regardless of what the health value is doing there will be something else that says if this then that else do something else. You change it so the thing you don't want to happen does not, most do this by finding the if stuff and changing it to a NOP so only the next thing runs.

2) Recreate cheat engine effect. In most consoles every screen update will be done in a vblank (or maybe hblank in some cases) and you usually have a so called vblank routine which determines many things like are you touching an enemy and if so reduce health. You then add a few instructions to say set this value in memory to maximum and in doing so hopefully negate any changes made by the rest of the game. Can fail if all the health is taken at once by something or if there is other an instadeath function. This is what most general purpose hardpatching tools will be doing.

In both cases you will want to know assembly coding/hacking, though this is often used as a way to teach people it so it is not so bad.

[salvadorc17]

So lets suppose i do have some ram memory values from the game, what should i do next?? convert those to gameshark/cheat code? And how to create patch file, which method to use..

[STARWIN]

Depends on the cheat code. There are roughly two cases. Either the RAM value is loaded from ROM or it is a "true" RAM value in the sense that it stores some variable that only exists when the game is running.

If it is loaded from ROM you can use a debugger (no$psx) and look around the values near that RAM location.. search the image in a hex editor for such a sequence of values and you usually find the correct offset in the image (sequence should be long enough that there is only one hit). Convert the offset to decimal if it is in hexadecimal and then divide it by 2352 (decimal) and you get the LBA. In cdmage you can see the file LBAs (=sector count=location) in the image, extract the one within which the target is, search it for that spot, change it as the cheat code changes it, insert it back to the image and you're done..

edit: to clarify, in this case the game loads that data from ROM to RAM at some point. you of course have to check the RAM contents there only after that has happened.

If it is a temporary variable you can't just convert it. You would then have to modify the code that is responsible for its management.

For something like a ppf patch you just need the original image and the hand-patched image.. that's what patch creators usually eat.