In Depth Tutorial: Porting DMAs

[Nice marmite]

A lot of people see a DMA code, and say that it can't be ported, but that isnt the case.
I wont go in to making a DMA (or UnDMAin a code, as that is a different matter)
If you want to know how to port DMAs, this is the best tut for you.
Credit to me, (and imok gave me a little help too :D, not with the tut though! lol)

REQUIREMENTS
To know how to port a normal code
A basic knowledge of MIPS (very basic)
Also, you must make your own dump (make it online, in a game.) And if you are porting from a previous patch, you should find an online dump for that too. (credit to Prestige for telling me this, as it helps with loads of stuff, and to Scal24 for telling me you need it!)

NOTE
If you dont understand the first two sections, you will probably find porting DMAs harder. You should understand with just a basic knowledge of MIPS though.


CONTENTS
1. Explanation of a DMA, and "UnDMAing"
2. The different parts of a DMA
3. How to port it

EXPLANATION OF THE TERMS
1. DMA stands for Dynamic Memory Allocation. This basically means that the addresses of the data is constantly changing.
So to when a code is made like this 0xFFFFFFFF 0x******** the address is staying the same. This is why it is called unDMAing a code. Because you are preventing the memory from allocating different addresses.


DMA STRUCTURE/SYNTAX
2. A DMA is predominantly made of 4 parts (although it can be bigger)

#Perfect Respawn
;Omega2058
0xFFFFFFFF 0x00505858
0x00000A60 0xFFFFFFFF

BLUE= this is an address that the code jumps to, when you follow the jump here you are near the target of the cheat.
GREEN= this is the offset of the target address, that the cheat is finding.
RED= this is the data that is employed into the target of the cheat.

This is how the code works:
When the code is activated, it will jump to 0050585, which should be a j (or something). Therefore it jumps to the address found in the data of 0050585, in this case: 09b4f400 (real addressing), it adds 00000A60, to get to the target and then employ the data FFFFFFFF


PORTING OUR CODE
3. Now, as you can hopefully see (if not, please post for help), the DMA is structured differently to a normal code. There are several things we need to do to port our code. As play the EU version of SOCOM, I will show you porting from 1.6>>>EU, but remember, the same technique works for any patch, etc.

a) Open ps2dis (two windows!)
b) Load both the dumps you are using (for me 1.6 and EU) and load the address from the shortcut address (00000000)
c) Press G and copy/paste in The address that our cheat jumps to, that we are about to port (for me 00505858). Note, this is always the hex value that follows 0xFFFFFFFF as far as I have ever seen.
d) Now port this as you would any normal address (I get 00515dd 8). Now we have the first line of the code 0xFFFFFFFF 0x00515dd8 :D
~~~~~~~~~~~~
e) Look at the data at 0050585 (US). You will see an address that is a jump. Now this is in real addressing so you need to minus 08800000. 09b4f400-08800000=0134f400. This is where the US code jumps to
f) So port this address (0134f400) and write it down somewhere. I get 0143a850
~~~~~~~~~~~~
g) Now find the target address of the code we are porting, which is the offset+the place where the code jumps to in the code we are porting (for me US). A60+0134f400=134FE60
h) Now port the target address (134FE60). I get 143B2B0.
i) Now to get the offset, you just do 0143a850-143B2B0=a60 (EU offset) We have the offset
0xFFFFFFFF 0x00515dd8
0x00000A60
~~~~~~~~~~~~
j) Now just copy across the original hex value (as long as its not a jal etc) and we have our code

#Perfect Respawn EU
;Omega2058
;ported by nice marmite
0xFFFFFFFF 0x00515dd8
0x00000A60 0xFFFFFFFF


If you have any questions, or want to comment feel free. Equally if I have done something wrong, please tell me

[Rage-]

great tut bro

[Nice marmite]

Thanks, I am just helping, cuz there are a lot of people who dont understand this. :D

[SOCOM]

I don't Understant How to find the offset ?

[Scal24]

When the code is activated, it will jump to 00505858 and add 00000A60, to get to the target. 00505858+00000A60=005062B8
and then employ the data FFFFFFFF

that part is wrong. You don't add the offset to the 505858

this is how it works. 00505858 is an address, and it's value is a 'j' or a jump, so it jumps to a different area. So you are in a game, an you go to 505858, and you see...

0x00505858 0x09a9c68

09a9c68 is in real addressing. Subtract 08800000 from it, and you get

0129c68

That is where 505858 jumps to. You add your offset to that address, and you are at your code. The address that it jumps to changes, that's why it is DMA.

Hope that helped.


P.S. This means that the way you did this most likely wrong, if you want further info/help on making a new tutorial, just pm me.

[Nice marmite]

Sorry, I did know that, but I forgot it while I was writing the tut, xD

I have edited it now, so it should be right, and thanks for taking the time to explain.

I don't Understant How to find the offset ?

As for your problem, to find the offset you must do this:

1. Find where the offset takes you in the US code (ie where the cheat jumps to plus the US offset)

2. Then port the address of this^

3. Then find the difference between that^ and the place where theh cheat takes you in EU

[mr.criminal]

nice man this helps alot

[Scal24]

You won't be able to port the exact line (00505858) usually, because the hex values will be different. I would go to a line near it, port that, and then go back to the original line, if you understand what I'm saying.

[Horizontal]

Thank you!

[Nice marmite]

You won't be able to port the exact line (00505858) usually, because the hex values will be different. I would go to a line near it, port that, and then go back to the original line, if you understand what I'm saying.

Yeah, that would probably help... thanks.