Hello RG members, today i'll learn you a big thing to find and do what you like in ps3 debugger, this lesson is targeting and intermediate ps3 debugger users, so the pro's are off the topic :p, so let's start.
Our objective: How to find caller functions in ProDG Debugger.
Introduction: The caller functions is a routine used to call address in the memory and do what game want from that address, Example: ammo caller function will decrease your ammo by -1 every time you shoot, in this lesson i'll show you how to make Max And Infinite Money after selling something on RE5 BLES00485.
Requirements:
- DEX PS3 & ProDG TM and Debugger.
- NetCheat PS3.
- Game with Debug eboot.
- Good knowledge of PowerPC.
- PPC Compiler. (I Use CodeWizard)
- Working Brain.
1st: Start your game and NetCheat PS3 then Connect and Attach, go to search tab and choose "Search = Equal To" and "Type = 4bytes", write your money value in the value TextBox Make sure you remove the checkmark from "HEX Checkbox", in my case my money value is 27105, set the ranges Start Address: 30000000 and Stop Address: 40000000, usual ranges in PS3 memory is "30000000 to 40000000" or "40000000 to 50000000", then press Initial Scan, See the pic for more clarification:
[HIDE]
[/HIDE]
After the initial scan it founds 2 address with the same value and that's good because in some games it'll gives you more than 100 results, so the next step we'll decrease or increase our money amount so let's sell a bullet for example, i sold a handgun bullet with $2 silly me :p, i haven't sold anything big cause it's only 2 addresses if you have more addresses you have to make big change to your amount, now let's search for the new value which is 27107:
[HIDE]
[/HIDE]
In my case i got the same result with the 2 addresses, that's mean one of the 2 addresses is just a mirror to the real one, so what we're going to do is copy them from Netcheat Search tab "Hold shift and select them with left mouse then right mouse click and click copy" then go to codes tab and paste them(CTRL+V) in the big empty field, now we try to change each address one by one, so let's change the first only that means we have to put "/" in front of the other address so it'll not change, example:
0 300FD1A8 000069E3
/0 38878BD8 000069E3
0 = write to address in NetCheat
300FD1A8 = Address we'll write to
000069E3 = 27107 Which my money last value
Let's try to change to 0000FFFF which is equal to 65535, so let's change it by clicking the big write button, see the picture below:
[HIDE]
[/HIDE]
In my case it hasn't changed which means it's the mirror address so now we know what's the real address, it's the second address ( 38878BD8 ), you can try and change to 0000FFFF if you want to make sure, it'll change to 65535 immediately now let's copy that address and go to next step.
2nd: Now since we have the right address for the money let's figure out the function who's calling and altering that address, first i'll show you my Debugger layout to make sure you're work properly:
[HIDE]
[/HIDE]
Now let's take our copied address and add 0x in front of that address so it'll be like this 0x38878BD8, now from Debugger navigation bar select [ Debug > Hardware breakpoints ], now paste the address 0x38878BD8 in the address field and checkmark on [ on WRITE ] then click [ OK ], Now let's try to sell something (Sell and buy each one has a different function so in this lesson we going to use sell because if you start new game you'll not have money to buy things). Now when you sell anything the game will freeze immediately and the debugger will be like this:
[HIDE]
[/HIDE]
What's important is Disassembly and Registers and Callstack windows, it's showing the PPC instruction (as i said before you have to have some good PPC knowledge). Now let's see the line where the breakpoint is:
[HIDE]
[/HIDE]
Before anything you have to know what you want to do, in my case i want the game to give me the max amount of money when i sell anything, in most games there's a max value stored in a register, so you have to know what's the max value for your game, in RE5 max money you can get is 9,999,999 if you convert to hex it'll be 0x98967F, so now let's check the registers window and see if there's any register holding that value:
[HIDE]
[/HIDE]
Voila! we found our register it's r9, how do i know there's always max value in a register? Well the answer is because the game needs to compare between your value and the max, if you reached the max the game will not give you more!
Take a look here:
00AEAE20 3D200098 lis r9,0x98 00AEAE24 800300D8 lwz r0,0xD8(r3) 00AEAE28 6129967F ori r9,r9,0x967F 01 (00AEAE20) REG 00AEAE2C 7C840214 add r4,r4,r0 PIPE 00AEAE30 7F844840 cmplw cr7,r4,r9 01 (00AEAE2C) REG 00AEAE34 409D0008 ble cr7,0x00AEAE3C 01 (00AEAE30) REG 00AEAE38 7D244B78 mr r4,r9 00AEAE3C 908300D8 stw r4,0xD8(r3) 03 (00AEAE38) REG PIPE LSU
It compares r4 which is your money value with r9 which is the max value, if r4 == r9 then move register r9 to r4 which tells the game to give you no more money if you have the max :p.
So how can we set the max value after selling?
The answer is simple, if you look to address 00AEAE3C it's telling the game to store r4 to our money address which is the value after selling something, so now we're going to force the game to store the max value in our address, simply we change r4 to r9 in address 00AEAE3C, so it'll look like this:
00AEAE3C 908300D8 stw r9,0xD8(r3) 03 (00AEAE38) REG PIPE LSU
Now open CodeWizard and write in your ppc code you want to compile, in my case it's "stw r9, 0xD8(r3)", then press Assemble:
[HIDE]
[/HIDE]
Copy the code from CodeWizard right window after you remove the spaces between the bytes, then go to debugger in memory view window address paste 0x00AEAE3C then enter, don't forget to put 0x before the address, now press (CTRL+I) or right click then choose Fill the memory with a value, small window will pop-up write in the compiled code from CodeWizard with 0x in the first filed, Start Adress will be our address which is "0x00AEAE3C" Length will 4 Bytes:
[HIDE]
[/HIDE]
Now click OK and you are done now let's disable the breakpoint and try to test sell anything, to disable breakpoint same when setting it just click disable, and here's the result:
[HIDE]
[/HIDE]
And that's all folks, Happy modding! 😀
