Hacking Values

Team CMP
Choosing what values to include in your code is relatively simple, but you still may not get the effect desired with out the correct value.

To start, I'll show you a common way to figure out the value for disable codes. Figuring out to choose a value to disable something with a value is pretty easy, usually it takes just a value of 00000000. Here's the TPCC's GTASA nitro boost code:

20326CE4 00000000

I'm gonna just take a guess at this, but by placing a value worth nothing here the game will have nothing to add. Well, you may ask "If there's nothing to add, then how would you even go anywhere because the speed would equal zero? " Well, if you looked at the mips code on the right, you will see that the mips command is "adda.s $f4, $f2" . Since there is only two registers($f4 and f2$) there will not be a final register stored at this address, and the value that is there will be added elsewhere or either used in comparison.

At another view, I guess I lied a bit. Well, setting 0 as the value does disable something since there is nothing to load, but the code might not disable to what you think..like above, it's not disabling cars driving speed to 0, it's making a value equal to 0 so you can make the vehicles faster. I know I sound confusing, but i don't know any other way of explain it. Just think of it this way, when code hackers use 0 as the value, they may not be trying to *directly* disable something in the game, but to make a line of code false so it will alter the effect and change something in the game.

Another question you may ask is "Since the value is 00000000, don't you have to use an 8 bit command?" Well, in this case a code that's 00326CE4 0000000 will usually do nothing. If the value was 1, then yes, you'd probably use an 8 bit command. Remeber that 8 bit commands cannot hold nothing bigger than two digits, 16 bit commands cant hold anything more than 4, and 32 bit commands cant hold anything more than 8 digits, but that is the highest it can go, of course. This also means that 32 bit can hold values from 8-0 digits and 16 bit can hold values from 4-0 digits. There's another key point to keep in mind as well. Certain values cannot be held at certain addresses. Look at the last digit of the addresses in the PS2DIS. For most parts of the file, you will see that each addresses skips in 32 bit and skips like this..0 -4-8-C-0-4, etc. You can use 32/16/8 bit writes at each of these commands. When you see an address that ends in 16 bit(0-2-4-6-8-A-C-E) you can use a 16 bit and 8bit commands here. Anything else- use an 8 bit command and that only. Pretty much anything in the blue area of the PS2DIS you would use 32 bit commands with..if they are in the white area then it may be necessary to make codes with 8 and/or 16 bit..

Sometimes just setting the value to 0 will do nothing, or make the game crash. And a value I see quite often in disabler codes is "03E00008" . Don't exactly know why you would use this value, but its used a lot. It's also common that the address of the code containing this value has a Function(FNC) at it. Another thing you should remember when using this value is it will almost always be two lines. Here's an example of the TPCC's no visual car damage code.

201629F0 03E00008

If you put the address in the PS2DIS, you see that there is a function here. This is not the end of the code, there is one more line that you need to make the code work.

201629F4 00000000

Most of the time just take the current address and increment the last digit by 4..in this case 0-4. And then add 00000000 for the value. Here's the complete code:

201629F0 03E00008
201629F4 00000000

Now on to enabling. To enable a code, usually just find the address you need and enter the 00000001. You enter a 1 because of boolean operator rules, because a 1 represents true, and 0 represents false. So if the code sees if it is true, it will activate that line of code. This is particulary useful on other functions in the white area of the slus. Functions in the white area don't look like FNC_xxxxxxx, but are just made of numbers and look
like __xxxxxxx. That's all there is too it. This code made by Skiller will make everyone armed with a weapon in GTA3.

0088D710 00000001

(Use this also to enable button cheats) Ok, now you've got the basic gist of disabling and enabling. To sum it up- this is what you're primarily going to want to do when you're disabling or enabling codes.

1. If you're trying to directly disable something, look for the address. Usually it will be at a FNC function. Enter the value as 03E00008, and make a second line for the code, with the last digit of the address incremented by 4. Enter 00000000 for the value of this line.

2. If you're trying to disable something or make the value false/equal to zero to alter the effects of something else, try using 00000000 as the value.

3. When enabling something, use 0000001 as the value.

Also, when testing, it may be a good idea to joker the disabler codes. You can disable and then enable the functions, to see if it has an effect. Quite often, you're game will freeze when doing this. If the game doesn't freeze, well then there's a good chance that this will have a somewhat obvious effect on this game somehow..but if you're not searching for something in particular, you will have to do a lot of testing to see what this code does..

For an example, let's try jokering the code above. Press X + O to turn the code off, and X + square to turn it back on.

E0029FFF 00700942 (remember to use the multi line joker command)
201629F0 03E00008
201629F4 00000000
E0023FFF 00700942
201629F0 27BDFF90
201629F4 FFBF0050

The last two lines contain the same value before they got changed. I tested the code, and it works! ^_^ So this may be something you want to try when testing codes. Another good way to test for values is using jokered increment and decrement commands. Use the same way above, just replace the constant writes with increment and 32 bit commands, and joker them. This normally wouldnt apply for FNC addresses since you would normally disable them, but you could try this for other addresses in the elf file.


In the PS2 Guide Section you will find other good Values Hacking Tutorials

Hacking Max Values
Hacking Float Values


_____________________________

The tutorial above would tell you how to make mods for codes like jump higher, run faster, etc. Values to find out for those codes would usually be easy to test with, the bigger the value the higher you will jump or the faster you can run. But if you may make a mod that changes your look, or the certain color of something, you Usually can't figure out those values by using knowledge, but by trial and error. There's also another option, but this won't work for all games. modification code values can sometimes be found in the game by placing your disk in a dvd drive, and searching the game for .dat, .cfg, .txt, and files like that.(They would usually be found in a "data" section.) For example, the car color code for San Andreas. If you go to the data folder you will see a file called carcol.dat, or something similar. Open the file with a text editor and you will see the color values next to the color name, And all you have to do is use the values for the color modification mod. Another way to find modification values is search the slus for string labels, and the values are usually two digits. These values good serve a purpose; I believe a few GTAVC codes were made using this method.

Well that's really all I can explain about what values to use for certain codes..You probably will encounter codes that aren't modification codes, enabler or disabler codes and there value is completely different to what was explained above..there probably just used to make the codes have greater or lesser effects, by just altering the original values, or using the value from a different address to get the effects of something else. Use control + F to find that value in the PS2DIS. Make sure it's converted so the PS2DIS can find it, (Just take the value apart two digits at a time, that means there would be four different two digit values total, and the rearrange them by placing them backwards, example 24a578e8 would be e878a524) and then select as hex string and case insensitive. You may find that value..

Example: Helicopters generate fire animations(GTASA)

So, let's find the label "Heli Dust". The address is 0015E3A4.

Next, let's find the label "Large fires" . (I believe this is the correct label). Record the value on this line, it should be 24A57BC0. Now write this value to the heli dust address. Here's the complete code:

2015E3A4 24A57BC0

And it works ;). When the helicopter gets near the ground, instead of generating dust animations, it generates a fire animation instead.

Heh, one more thing..This is actually quite important..Remember when I said you could use the .dat, .cfg, .txt files to find values? Well search for these values in the PS2DIS! And you might find the address needed for the code ;) And that's about it this for this tutorial. You got the easy part covered..I hope this helped you.



Boolean Values In PS2 Games
======================
By: Dark Killer

In this tutorial I will show you how to indentify and modify boolean values in ps2 games.

What is a boolean value?
-=-=-=-=-=-=-=-=-=-=-

Boolean values are used to denote the result of a logical operation. A boolean value can be either true (1) or false (0).

How would I find a boolean value in PS2DIS?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Some words to look out for in labels would be:

"Toggle"
"Enable"
"Disable"
"Use"

Dissasembly Examples:
-=-=-=-=-=-=-=-=-=-

Typically theres two ways boolean values work in ps2 games. There's the "straight-forward" way (which i'll cover in the latter half on this tutorial) and theres the function call way. In the form of a function call there will be a store instruction to an area high in memory which holds the result of some logical operation performed elsewhere. This is where either 0x01 or 0x00 is stored according to the result of said logical operation. To find this you want to be on the lookout for a store byte instruction (syntax: sb $t, offset($s)).

Ex: The Punisher
00151034 a022b9f8 sb v0, $b9f8(at) (__0053b9f8)
00151038 3c01005f lui at, $005f
0015103c 8c22b1f8 lw v0, $b1f8(at)
00151040 1040000d beq v0, zero, $00151078
00151044 3c060045 lui a2, $0045
00151048 3c040181 lui a0, $0181
0015104c 3c050045 lui a1, $0045
00151050 24c6c4c0 addiu a2, a2, $c4c0 ("Big_head_mode")

the first line is storing the least significant byte (read: the last byte in the address' data) into v0. the address its calling is 0053b9f8. lets have a look at the data on that address:

0053b9f8 00000000 nop

the least significant byte is 0x00 which would mean that the logical operation returned a boolean false. we need to change that:

Enable Big Heads (Credit: delcano)
0053b9f8 00000001

now I know you're probably wondering "why didn't you put a '2' in front of the address?"

the reason is that we only need to write 1 byte (8-bits) to the address. '20' would signify a 32-bit write (although in most cases it wouldnt matter since the data is all zeros anyway, its just better to use the proper 8-bit write)

now onto the "straight-forward" way:

sometimes a label will bring you directly to the address holding the boolean value.

Ex: Grand Theft Auto 3
0041848C 00000000 nop BombsAreFree_8CGarages

Bombs Are Free
0041848C 00000001

Also, be on the watch for lbu commands that refer to addresses. Press right in the PS2dis and if you are directed to an address with a nop command that is usually situated in a unloaded area, there is a fairly good place this is a boolean switch. You may not know what the code does if you set the value as true, so you'll have to look around. Sometimes the ps2dis does not direct you the address containing the boolean switch, so sometimes you'll have to search the slus file. Generally, search for large nop patterns such as "00000000000000000000000000000000000"