Finding Functions

[-LeetGamer-]

Finding Functions
----------------------

All functions are a stack subroutine in the game. So you can search the push of the stack which is addiu sp sp -16, 16 is the most common amount that the game takes away from the stack pointer for functions. The hex value for that is 27BDFFF0, so you search that as an exact value and all the results will be the start of functions. You will get thousands of them. So how do you find what function is what? Cancel it, change the value to jr ra and the next line to a nop. If it isn't a nop some functions will freeze. See if some thing doesn't happen, like you can't shoot, that means that you have found the shooting function, or you cant walk, you found the moving function.

I use Silo's Auto Hexer, here is a link:

Code:

http://www.megaupload.com/?d=PF7822IW

To use it enter the location of the ram dump, if it automatically closes then move the ram dump up one derictory, so if it was in C/foloder/folder2/ramdump.ram and it closes try moving it to this C/folder/ramdump.ram

Then enter the value 27BDFFF0 and the other value as 03E00008, when it asks you if you are searching for a function type in "y" with out the quotes.

Now it will generate a text file called "Code List.txt" open that and all the results will be right there in nitePR format, ready to test. Try each one and if some thing doesn't happen, like I said above then it's the function for that. When you jr ra a function's push (The push is the first addiu of the stack routine, the addiu that takes bits away from the stack pointer, like addiu sp sp) it cancels the stack routine, now in the stack routine there will be Jal's which call other functions, if lets say you find the function for shooting, so your jr ra'ed the push and you can't shoot, follow the Jal's and cancel those, it may have some thing to do with shooting that you want, or that may be the real shooting function since it wasn't being called at the right time.

If you are looking for a specific function, like some sort of text that shows up every time some thing happends, you can find the address of the text and look it it's in a function, go to the push of it and jr ra it and nop the next address, if it cancels it then you found the function for the text.

Tutorial by TheEliteOne

[pspguy1234290]

Thank you so much I've been looking for a tutorial for this. I might have to read up on some mips, huh?

EDIT:the thing just keeps closing on me

[-LeetGamer-]

Thank you so much I've been looking for a tutorial for this. I might have to read up on some mips, huh?

EDIT:the thing just keeps closing on me

If it does move the ram dump in one derectory, like I said in the post lol

[pspguy1234290]

If it does move the ram dump in one derectory, like I said in the post lol

I did that already and it still closes on me.

[-LeetGamer-]

I did that already and it still closes on me.

You need to enter the full path of the ram dump, copy it from the address bar, it works fine for me, btw I'm on Windows 7, but you can also try using cheat devices to find functions, but the Auto Hexer the by far faster.

[S2h6699]

Do you have the source code for the hexer?

[-LeetGamer-]

Do you have the source code for the hexer?

I don't but you can ask Silo he would have it if he didn't delete it.

[SupremeGeneral]

Hey bro, shouldn't the JR RA value be 3E000008 instead of "03e00008"?

[-LeetGamer-]

Hey bro, shouldn't the JR RA value be 3E000008 instead of "03e00008"?

No the jr ra value is 0x03E00008

[xXsamuriaXx]

Hey bro, shouldn't the JR RA value be 3E000008 instead of "03e00008"?

Like TEO said Jr ra will always be 0x03e00008