TheEliteOne
03-15-2010, 07:55 PM
Made by TheEliteOne
Mark and Recall is a fairly easy subroutine to write. You need to be able to press a button and store your co-ords into nop lines and press another button to recall them back.
So first we need are player's co-ords, to find these try one of these methods:
X and Z
- Set a 32 Bit Unknown Search
- Move to a different location on the map
- In your cheat devise search 1=Different
- Stay still, search 0=Same
- Repeat until you have 35 results
- Save your cheats
- Test, look for a teleportation code
Y
- Set a 32 Bit Unknown Search
- Walk up a hill
- Search 2=Greater
- Stay still, search 0=Same
- Walk down a hill
- Search 3=Less
- Stay still, search 0=Same
- Repeat until you have 35 results
- save your cheats
- Test, look for a hight changing code
Once you found your code, unDMA it, if you find one offset you found them all because they are all right next to each other:
X ;Distance/Lenght
Y ;Hight
Z ;Depth
Now we are ready to write are subroutine, so open PS2DIS and the ram dump of your game, find a nop cave and follow these steps:
- Loads the first half of the true controller address into t0
- Loads the second half of the controller address into t0
- Loads the first half of the true co-ord pointer into t1
- Loads the second half of the co-ord pointer into t1
- Loads the first half of the true nop addresses into t2
- Adds the mark button value to zero and stores it in t3
- Adds the recall button value to zero and stores it in t4
- Branches to the next bne if t0 doesn't equal t3
- No operation
- Loads the current value of the x offset into t5 (t1)
- Loads the current value of the Y offset into t6 (t1)
- Loads the current value of the Z offset into t7 (t1)
- Stores the contents of t5 to the second half of the first nop address (t3)
- stores the contents of t6 to the second half of the second nop address (t3)
- Stores the contents of t7 to the second half of the third nop address (t3)
- Branches to the jr ra if t0 doesn't equal t4
- No Operation
- Loads the value of the first nop address into t5 (t3)
- Loads the value of the second nop address into t6 (t3)
- Loads the value of the third nop address into t7 (t3)
- Stores the contents of t5 to the second half of the X offset (t1)
- stores the contents of t6 to the second half of the Y offset (t1)
- Stores the contents of t7 to the second half of the Z offset (t1)
- Jr ra
- Call are subroutine
If you don't fully get it look at a few examples:
Medal of Honor Heroes:
Controller Address:
- True Addressing: 08D442B0
- False Addressing: 005442B0
UnDMA Co-ordinates:
- 0xFFFFFFFF 0x0058361C
- 0x00000070 0x00000000 ;X Axis
- 0x00000074 0x00000000 ;Y Axis
- 0x00000078 0x00000000 ;Z Axis
My Selected Nop Addresses: (True Addressing)
- 08803000
- 08803004
- 08803008
For the second Mark and the second Recall of my subroutine:
- 0880300C
- 08803010
- 08803014
And here is my hack, Double Mark and Recall:
#Double Mark & Recall
;Credit: TheEliteOne
;No freeze
;L + Up - Mark
;L + Down - Recall
;L + Left - Mark 2
;L + Right - Recall 2
0x00339D78 0x0A358080
0x00560200 0x3C0808D4
0x00560204 0x8D0842B0
0x00560208 0x3C0908D8
0x0056020C 0x8D29361C
0x00560210 0x240A0110
0x00560214 0x240B0180
0x00560218 0x240C0140
0x0056021C 0x240D0120
0x00560220 0x3C0E0880
0x00560224 0x150A0007
0x0056022C 0x8D2F0070
0x00560230 0x8D380074
0x00560234 0x8D390078
0x00560238 0xADCF3000
0x0056023C 0xADD83004
0x00560240 0xADD93008
0x00560244 0x150B0007
0x0056024C 0x8D2F0070
0x00560250 0x8D380074
0x00560254 0x8D390078
0x00560258 0xADCF300C
0x0056025C 0xADD83010
0x00560260 0xADD93014
0x00560264 0x150C0007
0x0056026C 0x8DCF3000
0x00560270 0x8DD83004
0x00560274 0x8DD93008
0x00560278 0xAD2F0070
0x0056027C 0xAD380074
0x00560280 0xAD390078
0x00560284 0x150D0007
0x0056028C 0x8DCF300C
0x00560290 0x8DD83010
0x00560294 0x8DD93014
0x00560298 0xAD2F0070
0x0056029C 0xAD380074
0x005602A0 0xAD390078
0x005602A4 0x03E00008
To view this hack and it's commnads used better try this:
- Launch Medal of Honor Heroes
- Turn on Double Mark and Recall
- Take a ram dump
- Open that ram dump in PS2DIS at the address 00560200
Now you can see all the commands used. Look at all the examples I gave above wile looking at the code in PS2DIS, I'm sure you should be able to understand it, I will reply to this thread with any help I can.
-TEO
Mark and Recall is a fairly easy subroutine to write. You need to be able to press a button and store your co-ords into nop lines and press another button to recall them back.
So first we need are player's co-ords, to find these try one of these methods:
X and Z
- Set a 32 Bit Unknown Search
- Move to a different location on the map
- In your cheat devise search 1=Different
- Stay still, search 0=Same
- Repeat until you have 35 results
- Save your cheats
- Test, look for a teleportation code
Y
- Set a 32 Bit Unknown Search
- Walk up a hill
- Search 2=Greater
- Stay still, search 0=Same
- Walk down a hill
- Search 3=Less
- Stay still, search 0=Same
- Repeat until you have 35 results
- save your cheats
- Test, look for a hight changing code
Once you found your code, unDMA it, if you find one offset you found them all because they are all right next to each other:
X ;Distance/Lenght
Y ;Hight
Z ;Depth
Now we are ready to write are subroutine, so open PS2DIS and the ram dump of your game, find a nop cave and follow these steps:
- Loads the first half of the true controller address into t0
- Loads the second half of the controller address into t0
- Loads the first half of the true co-ord pointer into t1
- Loads the second half of the co-ord pointer into t1
- Loads the first half of the true nop addresses into t2
- Adds the mark button value to zero and stores it in t3
- Adds the recall button value to zero and stores it in t4
- Branches to the next bne if t0 doesn't equal t3
- No operation
- Loads the current value of the x offset into t5 (t1)
- Loads the current value of the Y offset into t6 (t1)
- Loads the current value of the Z offset into t7 (t1)
- Stores the contents of t5 to the second half of the first nop address (t3)
- stores the contents of t6 to the second half of the second nop address (t3)
- Stores the contents of t7 to the second half of the third nop address (t3)
- Branches to the jr ra if t0 doesn't equal t4
- No Operation
- Loads the value of the first nop address into t5 (t3)
- Loads the value of the second nop address into t6 (t3)
- Loads the value of the third nop address into t7 (t3)
- Stores the contents of t5 to the second half of the X offset (t1)
- stores the contents of t6 to the second half of the Y offset (t1)
- Stores the contents of t7 to the second half of the Z offset (t1)
- Jr ra
- Call are subroutine
If you don't fully get it look at a few examples:
Medal of Honor Heroes:
Controller Address:
- True Addressing: 08D442B0
- False Addressing: 005442B0
UnDMA Co-ordinates:
- 0xFFFFFFFF 0x0058361C
- 0x00000070 0x00000000 ;X Axis
- 0x00000074 0x00000000 ;Y Axis
- 0x00000078 0x00000000 ;Z Axis
My Selected Nop Addresses: (True Addressing)
- 08803000
- 08803004
- 08803008
For the second Mark and the second Recall of my subroutine:
- 0880300C
- 08803010
- 08803014
And here is my hack, Double Mark and Recall:
#Double Mark & Recall
;Credit: TheEliteOne
;No freeze
;L + Up - Mark
;L + Down - Recall
;L + Left - Mark 2
;L + Right - Recall 2
0x00339D78 0x0A358080
0x00560200 0x3C0808D4
0x00560204 0x8D0842B0
0x00560208 0x3C0908D8
0x0056020C 0x8D29361C
0x00560210 0x240A0110
0x00560214 0x240B0180
0x00560218 0x240C0140
0x0056021C 0x240D0120
0x00560220 0x3C0E0880
0x00560224 0x150A0007
0x0056022C 0x8D2F0070
0x00560230 0x8D380074
0x00560234 0x8D390078
0x00560238 0xADCF3000
0x0056023C 0xADD83004
0x00560240 0xADD93008
0x00560244 0x150B0007
0x0056024C 0x8D2F0070
0x00560250 0x8D380074
0x00560254 0x8D390078
0x00560258 0xADCF300C
0x0056025C 0xADD83010
0x00560260 0xADD93014
0x00560264 0x150C0007
0x0056026C 0x8DCF3000
0x00560270 0x8DD83004
0x00560274 0x8DD93008
0x00560278 0xAD2F0070
0x0056027C 0xAD380074
0x00560280 0xAD390078
0x00560284 0x150D0007
0x0056028C 0x8DCF300C
0x00560290 0x8DD83010
0x00560294 0x8DD93014
0x00560298 0xAD2F0070
0x0056029C 0xAD380074
0x005602A0 0xAD390078
0x005602A4 0x03E00008
To view this hack and it's commnads used better try this:
- Launch Medal of Honor Heroes
- Turn on Double Mark and Recall
- Take a ram dump
- Open that ram dump in PS2DIS at the address 00560200
Now you can see all the commands used. Look at all the examples I gave above wile looking at the code in PS2DIS, I'm sure you should be able to understand it, I will reply to this thread with any help I can.
-TEO