Finding Functions
----------------------

All functions are a stack subroutine in the game. So you can search the push of the stack which is addiu sp sp -16, 16 is the most common amount that the game takes away from the stack pointer for functions. The hex value for that is 27BDFFF0, so you search that as an exact value and all the results will be the start of functions. You will get thousands of them. So how do you find what function is what? Cancel it, change the value to jr ra and the next line to a nop. If it isn't a nop some functions will freeze. See if some thing doesn't happen, like you can't shoot, that means that you have found the shooting function, or you cant walk, you found the moving function.

I use Silo's Auto Hexer, here is a link:

Code:
http://www.megaupload.com/?d=PF7822IW
To use it enter the location of the ram dump, if it automatically closes then move the ram dump up one derictory, so if it was in C/foloder/folder2/ramdump.ram and it closes try moving it to this C/folder/ramdump.ram

Then enter the value 27BDFFF0 and the other value as 03E00008, when it asks you if you are searching for a function type in "y" with out the quotes.

Now it will generate a text file called "Code List.txt" open that and all the results will be right there in nitePR format, ready to test. Try each one and if some thing doesn't happen, like I said above then it's the function for that. When you jr ra a function's push (The push is the first addiu of the stack routine, the addiu that takes bits away from the stack pointer, like addiu sp sp) it cancels the stack routine, now in the stack routine there will be Jal's which call other functions, if lets say you find the function for shooting, so your jr ra'ed the push and you can't shoot, follow the Jal's and cancel those, it may have some thing to do with shooting that you want, or that may be the real shooting function since it wasn't being called at the right time.

If you are looking for a specific function, like some sort of text that shows up every time some thing happends, you can find the address of the text and look it it's in a function, go to the push of it and jr ra it and nop the next address, if it cancels it then you found the function for the text.

Tutorial by TheEliteOne