Tonic
10-26-2008, 07:08 AM
Hello, i'm going to show you everything you need to know from porting simple codes to sub routines.
First you need these.
Sca Prepatch (http://www.darksidehackers.com/downloads/sca2.0.rar)
Sca Afterpatch (http://socomcity.net/zrg23/socomca_3.5.rar)
S3 Afterpatch (http://www.socomcity.net/zrg23/s3_patch_3.0.rar)
PS2Dis (http://rapidshare.com/files/123630730/ps2dis099_23.zip)
First off we want to open the Socom Ca Prepatch dump with PS2dis and get a code that we want to port, in this tutorial i'm going to use Superjump as the example.
Here is the Off code for Superjump Prepatch
00705938 3f59999a
Now we want to hit G on our keyboard while 2.0 patch is opened in PS2Dis and enter 00705938 It will look like so
http://i203.photobucket.com/albums/aa239/toniccodes/port1.png
Now we want to hit enter and it will take us to a area with a bunch of other address/data what we want to do is look at the in the gray area of the PS2Dis which will look like so.
http://i203.photobucket.com/albums/aa239/toniccodes/port2.png
Now i highlighted the data we're going to use to port, now we want to open our Socom Ca Afterpatch dump and hit G on our keyboard and put the superjump Address in the box (It searches quicker and faster) Now we want to hit enter, after we do that we want to hit Ctrl + F on our keyboard a Find String box will open we want to put the data that i selected on the 2.0 dump in that box. then select As Hex String it will look like this
http://i203.photobucket.com/albums/aa239/toniccodes/port3.png
and hit OK or enter, it will bring us to something like this
http://i203.photobucket.com/albums/aa239/toniccodes/port4.png
Now as you see my address is already labeled, but to make sure you've ported a code correctly you want to compare the data around the Address it brings you to, and if they all match up what you do next is test and see if it works.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~Porting JAL's & such and such~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now lets say we want to port a code like Switch teams - O Menu
Well first we want to get the switch teams - O Menu out of the old G-CoVe archive. which this is it.
Switch Teams O-Menu
D070aa5C 0000????
2064bc60 0c098ef8
20ca0344 54495753
20ca0348 54204843
20ca034c 534D4145
20ca0350 00000000
switch off
D070aa5C 0000????
2064bc60 10620029
20ca0344 41454c43
20ca0348 48542052
20ca034c 52412045
20ca0350 002e4145
Now i'm only going to show you how to port the hard part which is the hook. this is the hook 2064bc60 10620029 Now i'm going to hit G in the 2.0 dump and put 0064bc60 and goto it. we'll see something like this.
http://i203.photobucket.com/albums/aa239/toniccodes/port5.png
Well we can't port the actual data from that line because its a beq, so porting that will either end in a long search or invalid data. so we're going to port the data from the line above it 0064bc5c now we look at the Gray area and port the data now we'll end up at a line with a beq under it in the Sca 4.0 dump. and now we'll compare but nothing matches up 100% so we're going to hit F5 again and search until we see something that looks like a match again. now we'll come to this 006538bc so we compare and guess what? it all matches! so now we need to figure out the jump data.
Well we're going to have to find out where it jumps to in the old dump so we take the on data from the old switch teams "0c098ef8" and hit enter in the old dump on the switch teams line "Beq" and in the Data box put 0c098ef8 in there, then hit enter and hit the RIGHT arrow key to see where its going. well its going to the following address "00263be0" Well we're going to port this address in the 4.0 dump so we hit G in the 4.0 dump and goto 00263be0 in it. after that hit Ctrl + F and put the data in the gray box from the 2.0 in that. and hit enter and do a search. But wait. the data won't be entirely 100% correct since there is a lui below, a lui is saying what ever below is loading from like which ever line calls out the lui will be 0074???? the ending data on the line that calls it will goto that. But everytime a patch is released the address is pushed up once so the lui should be lui a0, $0074 in this case. since the old was $0073 now there is also addiu's those also change. so you're really going to have to look compare and test. But i've came to this line 00264df0.
Now what i'm going to do is go back to our switch teams address (after patch and hit enter (Make sure you saved the off data) and in the bottem box there will be something that says command in that command box type jal $00264df0 and it will automatically create the data. copy that data and put your on and off code together which will look like this
D0713d5c 0000????
206538c0 0c09937c
Off
D0713d5c 0000BBFF
206538c0 10620029
Now you want to port the other half of the code which is not hard since all you're doing is changing Clear The Area to Switch Teams (Word display change).
This method works for all codes that jump to another address, Now these are the TWO Most used commands in jumping j $????????? and jal $???????? just type whatever command the old uses with the new address.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~Porting Subroutine Codes~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well in this tutorial i'm going to explain how you can port Sub Routined codes from one series to another (Socom CA to Socom 3) in this tutorial i'm going to use Lobby Freeze as the example, Here is Lobby freeze Socom Ca below.
Lobby Freeze (Hold R2 + L2)
D0713D5C 0000FCFF
20264540 080D3ED8
20264544 00000000
2034FBA8 0803FFC0
D0713D5C 0010FCFF
20264540 27BDFF80
20264544 3C020071
2034FB94 24080006
2034FBA8 03E00008
Routine
200FFF00 3C190035
200FFF04 8F38FB94
200FFF08 240F000F
200FFF0C 130F0005
200FFF14 270E0001
200FFF18 AF2EFB94
200FFF1C 10000003
200FFF24 240D0001
200FFF28 AF2DFB94
200FFF2C 03E00008
First off. we need to port the hooks which is Switch teams and Taunt boot, do the methods above to port them.
Now what we need to have to edit this routine is taunt boot ported. which is 2031a6b4 24080006
Now first off we need to take our subroutine and paste in line into each address of the dump (000FFF00) now what we need to do is edit the first line.
200FFF00 3C190035
the digits in red is what we're going to change, and like i explained above a lui sets which ever line below it will goto in this case that is 0035???? well we need to look at the Taunt boot line which is 0031a6b4
The digits in red is what we're going to change 200FFF00 3C190035 to so it will be
200FFF00 3C190031
Now we're going to change the second line which is a lw (Load word) which loads the address and data. now in the dump it says lw t8, $FB94(t9) t9 is the lui above so it will be going to 0031FB94
well we're going to have to change the last four digits to the taunt boot s3 address which is a6b4 so now our routine will look like so.
200FFF00 3C190031
200FFF04 8F38A6B4
We leave the third and fourth line alone because. so our sub will be like so
200FFF00 3C190031
200FFF04 8F38A6B4
200FFF08 240F000F
200FFF0C 130F0005
well now we need to edit
200FFF18 AF2EFB94 the same way we did on line two, which is the last four digits, this line in the dump is a sw (Store Word) so it will be storing whatever data its supposed to be storing so we edited 200FFF18 AF2EFB94 to 200FFF18 AF2EA6B4
Now we put the rest of the routine together which will look like this
200FFF00 3C190031
200FFF04 8F38A6B4
200FFF08 240FA6B4
200FFF0C 130FA6B4
200FFF14 270E0001
200FFF18 AF2EFB94
200FFF1C 10000003
Now we need to take 200FFF28 AF2DFB94 and change it like the other lines so it will be 200FFF28 AF2DA6B4
put it all together and we have
200FFF00 3C190031
200FFF04 8F38a6b4
200FFF08 240F000F
200FFF0C 130F0005
200FFF14 270E0001
200FFF18 AF2Ea6b4
200FFF1C 10000003
200FFF24 240D0001
200FFF28 AF2Da6b4
200FFF2C 03E00008
After that put your entire code together which i will not do because you should be able to yourself.
the main things we need to change in this routine was the lui which sent the lw's and sw's loading from 0031, the lw's and sw's last four data is the last four digits of the taunt boot so it'd load and save to 0031A6B4.
IF you can't figure this out please feel free to ask in here.
Was wrote for the PS2 but works the same on PSP as long as you know how to load the ram with PS2Dis.
First you need these.
Sca Prepatch (http://www.darksidehackers.com/downloads/sca2.0.rar)
Sca Afterpatch (http://socomcity.net/zrg23/socomca_3.5.rar)
S3 Afterpatch (http://www.socomcity.net/zrg23/s3_patch_3.0.rar)
PS2Dis (http://rapidshare.com/files/123630730/ps2dis099_23.zip)
First off we want to open the Socom Ca Prepatch dump with PS2dis and get a code that we want to port, in this tutorial i'm going to use Superjump as the example.
Here is the Off code for Superjump Prepatch
00705938 3f59999a
Now we want to hit G on our keyboard while 2.0 patch is opened in PS2Dis and enter 00705938 It will look like so
http://i203.photobucket.com/albums/aa239/toniccodes/port1.png
Now we want to hit enter and it will take us to a area with a bunch of other address/data what we want to do is look at the in the gray area of the PS2Dis which will look like so.
http://i203.photobucket.com/albums/aa239/toniccodes/port2.png
Now i highlighted the data we're going to use to port, now we want to open our Socom Ca Afterpatch dump and hit G on our keyboard and put the superjump Address in the box (It searches quicker and faster) Now we want to hit enter, after we do that we want to hit Ctrl + F on our keyboard a Find String box will open we want to put the data that i selected on the 2.0 dump in that box. then select As Hex String it will look like this
http://i203.photobucket.com/albums/aa239/toniccodes/port3.png
and hit OK or enter, it will bring us to something like this
http://i203.photobucket.com/albums/aa239/toniccodes/port4.png
Now as you see my address is already labeled, but to make sure you've ported a code correctly you want to compare the data around the Address it brings you to, and if they all match up what you do next is test and see if it works.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~Porting JAL's & such and such~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now lets say we want to port a code like Switch teams - O Menu
Well first we want to get the switch teams - O Menu out of the old G-CoVe archive. which this is it.
Switch Teams O-Menu
D070aa5C 0000????
2064bc60 0c098ef8
20ca0344 54495753
20ca0348 54204843
20ca034c 534D4145
20ca0350 00000000
switch off
D070aa5C 0000????
2064bc60 10620029
20ca0344 41454c43
20ca0348 48542052
20ca034c 52412045
20ca0350 002e4145
Now i'm only going to show you how to port the hard part which is the hook. this is the hook 2064bc60 10620029 Now i'm going to hit G in the 2.0 dump and put 0064bc60 and goto it. we'll see something like this.
http://i203.photobucket.com/albums/aa239/toniccodes/port5.png
Well we can't port the actual data from that line because its a beq, so porting that will either end in a long search or invalid data. so we're going to port the data from the line above it 0064bc5c now we look at the Gray area and port the data now we'll end up at a line with a beq under it in the Sca 4.0 dump. and now we'll compare but nothing matches up 100% so we're going to hit F5 again and search until we see something that looks like a match again. now we'll come to this 006538bc so we compare and guess what? it all matches! so now we need to figure out the jump data.
Well we're going to have to find out where it jumps to in the old dump so we take the on data from the old switch teams "0c098ef8" and hit enter in the old dump on the switch teams line "Beq" and in the Data box put 0c098ef8 in there, then hit enter and hit the RIGHT arrow key to see where its going. well its going to the following address "00263be0" Well we're going to port this address in the 4.0 dump so we hit G in the 4.0 dump and goto 00263be0 in it. after that hit Ctrl + F and put the data in the gray box from the 2.0 in that. and hit enter and do a search. But wait. the data won't be entirely 100% correct since there is a lui below, a lui is saying what ever below is loading from like which ever line calls out the lui will be 0074???? the ending data on the line that calls it will goto that. But everytime a patch is released the address is pushed up once so the lui should be lui a0, $0074 in this case. since the old was $0073 now there is also addiu's those also change. so you're really going to have to look compare and test. But i've came to this line 00264df0.
Now what i'm going to do is go back to our switch teams address (after patch and hit enter (Make sure you saved the off data) and in the bottem box there will be something that says command in that command box type jal $00264df0 and it will automatically create the data. copy that data and put your on and off code together which will look like this
D0713d5c 0000????
206538c0 0c09937c
Off
D0713d5c 0000BBFF
206538c0 10620029
Now you want to port the other half of the code which is not hard since all you're doing is changing Clear The Area to Switch Teams (Word display change).
This method works for all codes that jump to another address, Now these are the TWO Most used commands in jumping j $????????? and jal $???????? just type whatever command the old uses with the new address.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~Porting Subroutine Codes~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well in this tutorial i'm going to explain how you can port Sub Routined codes from one series to another (Socom CA to Socom 3) in this tutorial i'm going to use Lobby Freeze as the example, Here is Lobby freeze Socom Ca below.
Lobby Freeze (Hold R2 + L2)
D0713D5C 0000FCFF
20264540 080D3ED8
20264544 00000000
2034FBA8 0803FFC0
D0713D5C 0010FCFF
20264540 27BDFF80
20264544 3C020071
2034FB94 24080006
2034FBA8 03E00008
Routine
200FFF00 3C190035
200FFF04 8F38FB94
200FFF08 240F000F
200FFF0C 130F0005
200FFF14 270E0001
200FFF18 AF2EFB94
200FFF1C 10000003
200FFF24 240D0001
200FFF28 AF2DFB94
200FFF2C 03E00008
First off. we need to port the hooks which is Switch teams and Taunt boot, do the methods above to port them.
Now what we need to have to edit this routine is taunt boot ported. which is 2031a6b4 24080006
Now first off we need to take our subroutine and paste in line into each address of the dump (000FFF00) now what we need to do is edit the first line.
200FFF00 3C190035
the digits in red is what we're going to change, and like i explained above a lui sets which ever line below it will goto in this case that is 0035???? well we need to look at the Taunt boot line which is 0031a6b4
The digits in red is what we're going to change 200FFF00 3C190035 to so it will be
200FFF00 3C190031
Now we're going to change the second line which is a lw (Load word) which loads the address and data. now in the dump it says lw t8, $FB94(t9) t9 is the lui above so it will be going to 0031FB94
well we're going to have to change the last four digits to the taunt boot s3 address which is a6b4 so now our routine will look like so.
200FFF00 3C190031
200FFF04 8F38A6B4
We leave the third and fourth line alone because. so our sub will be like so
200FFF00 3C190031
200FFF04 8F38A6B4
200FFF08 240F000F
200FFF0C 130F0005
well now we need to edit
200FFF18 AF2EFB94 the same way we did on line two, which is the last four digits, this line in the dump is a sw (Store Word) so it will be storing whatever data its supposed to be storing so we edited 200FFF18 AF2EFB94 to 200FFF18 AF2EA6B4
Now we put the rest of the routine together which will look like this
200FFF00 3C190031
200FFF04 8F38A6B4
200FFF08 240FA6B4
200FFF0C 130FA6B4
200FFF14 270E0001
200FFF18 AF2EFB94
200FFF1C 10000003
Now we need to take 200FFF28 AF2DFB94 and change it like the other lines so it will be 200FFF28 AF2DA6B4
put it all together and we have
200FFF00 3C190031
200FFF04 8F38a6b4
200FFF08 240F000F
200FFF0C 130F0005
200FFF14 270E0001
200FFF18 AF2Ea6b4
200FFF1C 10000003
200FFF24 240D0001
200FFF28 AF2Da6b4
200FFF2C 03E00008
After that put your entire code together which i will not do because you should be able to yourself.
the main things we need to change in this routine was the lui which sent the lw's and sw's loading from 0031, the lw's and sw's last four data is the last four digits of the taunt boot so it'd load and save to 0031A6B4.
IF you can't figure this out please feel free to ask in here.
Was wrote for the PS2 but works the same on PSP as long as you know how to load the ram with PS2Dis.