+ Reply to Thread
Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2008
    Posts
    88
    Points
    233,651.00
    Rep Power
    189

    Default Using the Sprintf System

    This tutorial i've already wrote for 1337 but it lacked a lot and I decided to put information for public knowledge. There isn't much information into using the printing feature on games other than already put together codes from previous coders.

    First you need to know the register setup.

    a0 - Target destination
    a1 - String format
    a2 - Data to be printed on a0
    a3 - additional data to be printed on a0

    Next you need to know string formats.

    %s (ASCII)
    %d (Decimal)
    %x (Hexadecimal)
    %08X (used for putting 32-bit values)
    %8.8x (Same as above)

    Now you need to find a function that is printing information onto the screen for the game you are using, i'm going to use FTB2 patch version: 1.60 for this. I'm going to use the timer, so we need to find the string in the dump. The known string is %02d: %02d now there are three labels with this and we want to use the third label.

    Address: 0x08c99338
    Above this label is "Offline"

    Now that we have our address we need to get its refer which will take us to: 0x089b5854
    What we need from this is a jal that is sending the register information and pointers to another function that sends information to the sprintf system. So we want to scroll down and look for a jal that is going to end up sending both a0, a1 and a2 which will be this line: 0x089b585c

    Now you're probably thinking but Tonic that jal has a addiu a0, s1 below it and that is apart of what we need! well as you should already know jumps will carry the line below it to the location you jump it to. Now that we have our jal we can begin our own custom function to print information.

    First off you should always start a function off with stack allocation like below.

    addiu sp, sp, -$30
    sw a0, $0(sp)
    sw a1, $4(sp)
    sw a2, $8(sp)
    sw a3, $c(sp)
    sw ra, $10(sp)

    Now that this is out of the way we can start working on our part! Now there is another part from the timers refer that you need to remember, the timers string location (0x08c99338), once you remember that we need to add a lui for the address

    addiu sp, sp, -$30
    sw a0, $0(sp)
    sw a1, $4(sp)
    sw a2, $8(sp)
    sw a3, $c(sp)
    sw ra, $10(sp)
    lui t0, $08ca

    Now we need to add our destination arguement register (a0) and send it to the timers string so that it will kill the string format and send what we want.

    addiu sp, sp, -$30
    sw a0, $0(sp)
    sw a1, $4(sp)
    sw a2, $8(sp)
    sw a3, $c(sp)
    sw ra, $10(sp)
    lui t0, $08ca
    addiu a0, t0, $9338

    Afterwards we need to setup our a2 register for our text information, I'm going to use something simple and make it plain text but codes such as "weapon print damage" involve packets and what not so you will need to know the current setup and pick apart it to understand it.
    I'm going to use my own name "Tonic" for the text to print.

    addiu sp, sp, -$30
    sw a0, $0(sp)
    sw a1, $4(sp)
    sw a2, $8(sp)
    sw a3, $c(sp)
    sw ra, $10(sp)
    lui t0, $8ca
    addiu a0, t0, $9338
    lui t1, $08ff
    addiu a2, t1, $0

    Then at 0x08ff0000 we include my name...
    And now for the final part, the string format. I'm going to set my string format at 0x08ff1000 and we will include the JAL before the addiu a1 so that we don't need to waste space by putting a nop and to also finish off the stack allocation to finalize it.

    addiu sp, sp, -$30
    sw a0, $0(sp)
    sw a1, $4(sp)
    sw a2, $8(sp)
    sw a3, $c(sp)
    sw ra, $10(sp)
    lui t0, $8ca
    addiu a0, t0, $9338
    lui t1, $08ff
    addiu a2, t1, $0
    jal $08c13518
    addiu a1, t1, $1000
    lw a0, $0(sp)
    lw a1, $4(sp)
    lw a2, $8(sp)
    lw a3, $c(sp)
    lw ra, $10(sp)
    jr ra
    addiu sp, sp, $30

    Now we have to set a string format at 0x08ff1000, since I want my actual name to show on the timer we put 0x00007325 (%s) and export everything out of PS2Dis and slap a hook on it! and then Boom! We have a successful custom function to print information we want onto the timer!

    The sprintf system is handy for constantly updating a section of text on the screen and keeping space without constantly loading & storing different values. The example above is just a example but will give you a general knowledge of how to use the system and cut back on stuff. Now current released codes such as the "Memory viewer" or "Weapon damage printout 1.50" are wrote differently but I am supplying learners with a smaller and less complex way with the peace of mind of it never banning you for games such as SOCOM.
    COD5 Online Statistics.


    COD5 Zombie Statistics.

  2. #2
    Join Date
    Feb 2008
    Location
    New York
    Posts
    3,114
    Points
    1,443,436.34
    Rep Power
    212

    Default

    interesting, too bad my PSP is lost in the depths of my room lol

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts