Posted: 7/19/2015 10:47 AM
Post subject: Disassembly ?
Quote
Lil_Gecko
He/Him
Player (94)
Joined: 4/7/2011
Posts: 520
Hi ! First of all, I have absolutely no knowledge of how assembly works. I want to find out what makes the cards upgrade in the Tetra Master game of Final Fantasy IX. I've downloaded Cheat Engine and asked it what operation was done on the address of the card status. It gave me this : 
0040C600 - 74 08 - je psxjin.exe+C60A
0040C602 - 25 FFFF0000 - and eax,0000FFFF
0040C607 - 88 14 08   - mov [eax+ecx],dl <<
0040C60A - A1 8C519C00 - mov eax,[psxjin.exe+5C518C]
0040C60F - 85 C0  - test eax,eax

EAX=0000FA6B
EBX=01690048
ECX=03487020
EDX=800AC403
ESI=016D0050
EDI=00000000
ESP=0018E86C
EBP=00000000
EIP=0040C60A
If I do eax+ecx I got the address of the card status so that seems to be right. But what now ? It moves dl to the card address ? What is dl ? I'm completely lost. So if somebody could explain to me how this works, or need more infos. Testing every frame is very long and annoying, so if I could understand what makes it work, it would save me a lot of trouble. Thanks !
Posted: 7/19/2015 10:49 AM
Quote
Zanoab
Joined: 12/31/2009
Posts: 174
Cheat Engine is actually disassembling the emulator instead of the game. The best it can do in this case is count how many times the address is written to or accessed.
Posted: 7/19/2015 10:55 AM
Quote
Lil_Gecko
He/Him
Player (94)
Joined: 4/7/2011
Posts: 520
Hmmm I see. Is there an easy way to find out what calculations are done or at least what addresses are used in the incrementation of a value ?
Posted: 7/19/2015 11:03 AM
Quote
Zanoab
Joined: 12/31/2009
Posts: 174
I don't know what capabilities psxjin or bizhawk's psx core have that can help. With only Cheat Engine, it is just endless trial and error until you find something interesting. I hope somebody who knows more about those emulators can point you in the right direction. I'll look into it later when I get time because I am highly interested in finding out myself.
Posted: 7/19/2015 11:10 AM
Quote
Warepire
He/Him
Editor
Joined: 3/2/2010
Posts: 2174
Location: A little to the left of nowhere (Sweden)
I never tried to do this on a PSX game, so I can only give you a few general steps and hope that it sets you down the right path. You will need general knowledge of what files on a PSX disc contains code, and how they are related to each other. You will need a disassembler / debugger capable of handling the MIPS R3051 CPU. This is the CPU inside the PSX. You may need to modify the emulator to be able to get the internal program counter and stack at a given point. (This is not entirely necessary, but will help you when you're digging around the assembly code) You will need a MIPS R3051 CPU developers manual / assembly reference. A lot of free time to read up on this stuff and experiment with it.
Posted: 7/19/2015 11:10 AM
Quote
creaothceann
He/Him
Editor
Joined: 4/7/2005
Posts: 1874
Location: Germany
  1. Get an emulator with debugging abilities if you can. (I don't know much about the PSX scene so I don't know them.)
  2. Use RAM search to find the address of the value you want to watch/change. (This works best if the game doesn't use dynamic memory allocation.)
  3. Set a breakpoint for that address.
  4. When the breakpoint fires, examine the code that sets the value. You'll need hardware documentation to understand the code and the system.
Posted: 7/19/2015 11:27 AM
Quote
feos
Site Admin, Skilled player (1235)
Joined: 4/17/2010
Posts: 11264
Location: RU
NES TAS of 2011
http://tasvideos.org/ReverseEngineering.html
Warning: When making decisions, I try to collect as much data as possible before actually deciding. I try to abstract away and see the principles behind real world events and people's opinions. I try to generalize them and turn into something clear and reusable. I hate depending on unpredictable and having to make lottery guesses. Any problem can be solved by systems thinking and acting.