Using PS2Dis
By 1Up
Introduction
In this tutorial, I will explain the methods of making codes for a PS2
game, using the disassembling program, PS2DIS. It will teach you the
methods of making codes using the MIPS commands.
Frequently Asked Questions
Table of Contents
What do I need to make codes?
In order to make codes a game, you will need the disassembling
program, PS2DIS, you can pick up your free copy here: http://gshi.org/downloads/PS2Dis.zip.
You will also need the scus/slus file contained on the disc, the method
for obtaining this is using a DVD rom drive. You simply place the disc
in the DVD rom drive, and open the DVD up through the location of your
DVD rom drive, in the icon .MY COMPUTER.. The file will be labeled
scus/slus, followed by numbers. Once, open, you may drag the file to the
desktop, where it will save to. If you do not have a DVD rom drive,
often you can find people hosting the file for download, or many people
will send it to you, via email.
What do I do once I have what I need?
Once you have your scus/slus file, and the PS2DIS, you want to open
PS2DIS, and then click File, and then open, the file browser will pop
up. Find the location where you saved your file to, and then highlight
it, and click open. Once open, you will see the screen has now changed
colors and the files have popped up, along with many labels next to
them. Next you will want to invoke analyzer, in order to do this, click
the analyzer choice, where a drop down menu will appear, next select
invoke analyzer. This process will take a little while, depending on the
size of the file. If the game your making codes for contains, another
file you have gotten from another means, I.E. a demo disc, you can
import this file to be added to the list of labels. The method for doing
this is clicking the analyzer choice again, and then clicking Import
labels from other file (Ctrl-I). The file browser will pop up once
again, where you select your file from its saved location, just as you
did the previous file. The program will look as if it froze, but give it
a few minutes or so and it will be back to normal, and then your ready
to hack, once the file you imported is loaded, there is no need to
invoke the analyzer again.
Screenshot:
Where can I find the location of a particular
code I.m looking to make?
Though it is not as always as easy as just doing this, but the method
for finding the location of your is by browsing the labels. You may
browse the labels by selecting edit, and then jump to labeled (Ctrl-G).
A pop up will then appear containing all labels contained on the
scus/slus file. You can use the scroll bar and move up and down the
page, or you can type what your looking for into the search field,
because the files usually begin with numbers, symbols, or quotes and so
on, your not likely to find what your looking for, but some times you
will, but the best way is to just use the scroll bar. All files are
grouped according to their keywords, so you should be able to find what
you need pretty easily.
Screenshot:
Once I.ve found a label pertaining to my idea,
what do I do?
Highlight the label and double click it or hit enter. The program
will now go directly to the label you selected, where you are ready to
browse the files surrounding it, or hack the file itself.
Screenshot:
I have the label/file, but now what do I do?
Most code makers will begin, by browsing the surrounding
files/labels, to get an idea of what the code could be doing, many times
you will go to the label you have selected and end up in the middle of
the full process, which is the reasoning, behind going up or down the
page viewing all previous labels and labels to come. You can either mess
with the label you have selected/the surrounding labels or the labels
you find around it.
Ok, I.m ready to hack a code, but how do I do
that?
You will need the general idea of understanding MIPS.
MIPS
ADD -- Add
Description: Adds two registers and stores the result in a register
Operation: $d = $s + $t; advance_pc (4);
Syntax: add $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0000
ADDI -- Add immediate
Description: Adds a register and a signed immediate value and stores the
result in a register
Operation: $t = $s + imm; advance_pc (4);
Syntax: addi $t, $s, imm
Encoding: 0010 00ss ssst tttt iiii iiii iiii iiii
ADDIU -- Add immediate unsigned
Description: Adds a register and an unsigned immediate value and stores
the result in a register
Operation: $t = $s + imm; advance_pc (4);
Syntax: addiu $t, $s, imm
Encoding: 0010 01ss ssst tttt iiii iiii iiii iiii
ADDU -- Add unsigned
Description: Adds two registers and stores the result in a register
Operation: $d = $s + $t; advance_pc (4);
Syntax: addu $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0001
AND -- Bitwise and
Description: Bitwise ands two registers and stores the result in a
register
Operation: $d = $s & $t; advance_pc (4);
Syntax: and $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0100
ANDI -- Bitwise and immediate
Description: Bitwise ands a register and an immediate value and stores
the result in a register
Operation: $t = $s & imm; advance_pc (4);
Syntax: andi $t, $s, imm
Encoding: 0011 00ss ssst tttt iiii iiii iiii iiii
BEQ -- Branch on equal
Description: Branches if the two registers are equal
Operation: if $s == $t advance_pc (offset << 2)); else advance_pc
(4);
Syntax: beq $s, $t, offset
Encoding: 0001 00ss ssst tttt iiii iiii iiii iiii
BGEZ -- Branch on greater than or equal to zero
Description: Branches if the register is greater than or equal to
zero
Operation: if $s >= 0 advance_pc (offset << 2)); else advance_pc (4);
Syntax: bgez $s, offset
Encoding: 0000 01ss sss0 0001 iiii iiii iiii iiii
BGEZAL -- Branch on greater than or equal to zero and link
Description: Branches if the register is greater than or equal to zero
and saves the return address in $31
Operation: if $s >= 0 $31 = PC + 8 (or nPC + 4); advance_pc (offset <<
2)); else advance_pc (4);
Syntax: bgezal $s, offset
Encoding: 0000 01ss sss1 0001 iiii iiii iiii iiii
BGTZ -- Branch on greater than zero
Description: Branches if the register is greater than zero
Operation: if $s > 0 advance_pc (offset << 2)); else advance_pc (4);
Syntax: bgtz $s, offset
Encoding: 0001 11ss sss0 0000 iiii iiii iiii iiii
BLEZ -- Branch on less than or equal to zero
Description: Branches if the register is less than or equal to zero
Operation: if $s <= 0 advance_pc (offset << 2)); else advance_pc (4);
Syntax: blez $s, offset
Encoding: 0001 10ss sss0 0000 iiii iiii iiii iiii
BLTZ -- Branch on less than zero
Description: Branches if the register is less than zero
Operation: if $s < 0 advance_pc (offset << 2)); else advance_pc (4);
Syntax: bltz $s, offset
Encoding: 0000 01ss sss0 0000 iiii iiii iiii iiii
BLTZAL -- Branch on less than zero and link
Description: Branches if the register is less than zero and saves the
return address in $31
Operation: if $s < 0 $31 = PC + 8 (or nPC + 4); advance_pc (offset <<
2)); else advance_pc (4);
Syntax: bltzal $s, offset
Encoding: 0000 01ss sss1 0000 iiii iiii iiii iiii
BNE -- Branch on not equal
Description: Branches if the two registers are not equal
Operation: if $s != $t advance_pc (offset << 2)); else advance_pc
(4);
Syntax: bne $s, $t, offset
Encoding: 0001 01ss ssst tttt iiii iiii iiii iiii
DIV -- Divide
Description: Divides $s by $t and stores the quotient in $LO and the
remainder in $HI
Operation: $LO = $s / $t; $HI = $s % $t; advance_pc (4);
Syntax: div $s, $t
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1010
DIVU -- Divide unsigned
Description: Divides $s by $t and stores the quotient in $LO and the
remainder in $HI
Operation: $LO = $s / $t; $HI = $s % $t; advance_pc (4);
Syntax: divu $s, $t
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1011
J -- Jump
Description: Jumps to the calculated address
Operation: PC = nPC; nPC = (PC & 0xf0000000) | (target << 2);
Syntax: j target
Encoding: 0000 10ii iiii iiii iiii iiii iiii iiii
JAL -- Jump and link
Description: Jumps to the calculated address and stores the return
address in $31
Operation: $31 = PC + 8 (or nPC + 4); PC = nPC; nPC = (PC & 0xf0000000)
| (target << 2);
Syntax: jal target
Encoding: 0000 11ii iiii iiii iiii iiii iiii iiii
JR -- Jump register
Description: Jump to the address contained in register $s
Operation: PC = nPC; nPC = $s;
Syntax: jr $s
Encoding: 0000 00ss sss0 0000 0000 0000 0000 1000
LB -- Load byte
Description: A byte is loaded into a register from the specified
address.
Operation: $t = MEM[$s + offset]; advance_pc (4);
Syntax: lb $t, offset($s)
Encoding: 1000 00ss ssst tttt iiii iiii iiii iiii
LUI -- Load upper immediate
Description: The immediate value is shifted left 16 bits and stored in
the register. The lower 16 bits are zeroes.
Operation: $t = (imm << 16); advance_pc (4);
Syntax: lui $t, imm
Encoding: 0011 11-- ---t tttt iiii iiii iiii iiii
LW -- Load word
Description: A word is loaded into a register from the specified
address.
Operation: $t = MEM[$s + offset]; advance_pc (4);
Syntax: lw $t, offset($s)
Encoding: 1000 11ss ssst tttt iiii iiii iiii iiii
MFHI -- Move from HI
Description: The contents of register HI are moved to the specified
register.
Operation: $d = $HI; advance_pc (4);
Syntax: mfhi $d
Encoding: 0000 0000 0000 0000 dddd d000 0001 0000
MFLO -- Move from LO
Description: The contents of register LO are moved to the specified
register.
Operation: $d = $LO; advance_pc (4);
Syntax: mflo $d
Encoding: 0000 0000 0000 0000 dddd d000 0001 0010
MULT -- Multiply
Description: Multiplies $s by $t and stores the result in $LO.
Operation: $LO = $s * $t; advance_pc (4);
Syntax: mult $s, $t
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1000
MULTU -- Multiply unsigned
Description: Multiplies $s by $t and stores the result in $LO.
Operation: $LO = $s * $t; advance_pc (4);
Syntax: multu $s, $t
Encoding: 0000 00ss ssst tttt 0000 0000 0001 1001
NOP -- no operation
Description: Performs no operation.
Operation: advance_pc (4);
Syntax: nop
Encoding: 0000 0000 0000 0000 0000 0000 0000 0000
Note: The encoding for a NOOP represents the instruction SLL $0, $0, 0
which has no side effects. In fact, nearly every instruction that has $0
as its destination register will have no side effect and can thus be
considered a NOOP instruction.
OR -- Bitwise or
Description: Bitwise logical ors two registers and stores the result in
a register
Operation: $d = $s | $t; advance_pc (4);
Syntax: or $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0101
ORI -- Bitwise or immediate
Description: Bitwise ors a register and an immediate value and stores
the result in a register
Operation: $t = $s | imm; advance_pc (4);
Syntax: ori $t, $s, imm
Encoding: 0011 01ss ssst tttt iiii iiii iiii iiii
SB -- Store byte
Description: The least significant byte of $t is stored at the specified
address.
Operation: MEM[$s + offset] = (0xff & $t); advance_pc (4);
Syntax: sb $t, offset($s)
Encoding: 1010 00ss ssst tttt iiii iiii iiii iiii
SLL -- Shift left logical
Description: Shifts a register value left by the shift amount listed in
the instruction and places the result in a third register. Zeroes are
shifted in.
Operation: $d = $t << h; advance_pc (4);
Syntax: sll $d, $t, h
Encoding: 0000 00ss ssst tttt dddd dhhh hh00 0000
SLLV -- Shift left logical variable
Description: Shifts a register value left by the value in a second
register and places the result in a third register. Zeroes are shifted
in.
Operation: $d = $t << $s; advance_pc (4);
Syntax: sllv $d, $t, $s
Encoding: 0000 00ss ssst tttt dddd d--- --00 0100
SLT -- Set on less than (signed)
Description: If $s is less than $t, $d is set to one. It gets zero
otherwise.
Operation: if $s < $t $d = 1; advance_pc (4); else $d = 0; advance_pc
(4);
Syntax: slt $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 1010
SLTI -- Set on less than immediate (signed)
Description: If $s is less than immediate, $t is set to one. It gets
zero otherwise.
Operation: if $s < imm $t = 1; advance_pc (4); else $t = 0; advance_pc
(4);
Syntax: slti $t, $s, imm
Encoding: 0010 10ss ssst tttt iiii iiii iiii iiii
SLTIU -- Set on less than immediate unsigned
Description: If $s is less than the unsigned immediate, $t is set to
one. It gets zero otherwise.
Operation: if $s < imm $t = 1; advance_pc (4); else $t = 0; advance_pc
(4);
Syntax: sltiu $t, $s, imm
Encoding: 0010 11ss ssst tttt iiii iiii iiii iiii
SLTU -- Set on less than unsigned
Description: If $s is less than $t, $d is set to one. It gets zero
otherwise.
Operation: if $s < $t $d = 1; advance_pc (4); else $d = 0; advance_pc
(4);
Syntax: sltu $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 1011
SRA -- Shift right arithmetic
Description: Shifts a register value right by the shift amount (shamt)
and places the value in the destination register. The sign bit is
shifted in.
Operation: $d = $t >> h; advance_pc (4);
Syntax: sra $d, $t, h
Encoding: 0000 00-- ---t tttt dddd dhhh hh00 0011
SRL -- Shift right logical
Description: Shifts a register value right by the shift amount (shamt)
and places the value in the destination register. Zeroes are shifted
in.
Operation: $d = $t >> h; advance_pc (4);
Syntax: srl $d, $t, h
Encoding: 0000 00-- ---t tttt dddd dhhh hh00 0010
SRLV -- Shift right logical variable
Description: Shifts a register value right by the amount specified in $s
and places the value in the destination register. Zeroes are shifted
in.
Operation: $d = $t >> $s; advance_pc (4);
Syntax: srlv $d, $t, $s
Encoding: 0000 00ss ssst tttt dddd d000 0000 0110
SUB -- Subtract
Description: Subtracts two registers and stores the result in a
register
Operation: $d = $s - $t; advance_pc (4);
Syntax: sub $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0010
SUBU -- Subtract unsigned
Description: Subtracts two registers and stores the result in a
register
Operation: $d = $s - $t; advance_pc (4);
Syntax: subu $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d000 0010 0011
SW -- Store word
Description: The contents of $t is stored at the specified address.
Operation: MEM[$s + offset] = $t; advance_pc (4);
Syntax: sw $t, offset($s)
Encoding: 1010 11ss ssst tttt iiii iiii iiii iiii
SYSCALL -- System call
Description: Generates a software interrupt.
Operation: advance_pc (4);
Syntax: syscall
Encoding: 0000 00-- ---- ---- ---- ---- --00 1100
XOR -- Bitwise exclusive or
Description: Exclusive ors two registers and stores the result in a
register
Operation: $d = $s ^ $t; advance_pc (4);
Syntax: xor $d, $s, $t
Encoding: 0000 00ss ssst tttt dddd d--- --10 0110
XORI -- Bitwise exclusive or immediate
Description: Bitwise exclusive ors a register and an immediate value and
stores the result in a register
Operation: $t = $s ^ imm; advance_pc (4);
Syntax: xori $t, $s, imm
Encoding: 0011 10ss ssst tttt iiii iiii iiii iiii
I.ve overlooked the MIP.s, but how do I put this to use?
Using the Nop as an example, I.ll help make some sense of these MIPS
The type of MIP
NOP -- no operation
Brief description of what it does.
Description: Performs no operation.
The process that will take place.
Operation: advance_pc (4)
What to type as the command.
Syntax: nop
32bit Binary Reference
Encoding: 0000 0000 0000 0000 0000 0000 0000 0000
Screenshot:
The selected code, is a BEQ, if you wanted to NOP it, to make it have no
operation in game, you double click the line, and then go down to the
command, and type NOP, which is the syntax for NOP.
BEFORE
Screenshot:
AFTER
Screenshot:
*NOTE the changes of the data, the commands are what will give you your
data or the 2nd half of your line of code, its very key of getting this
correct.
Most common code making procedures
JR RA, this is the syntax for it
Screenshot:
Any time you use this, you will need to NOP the following line
Screenshot:
BEQ, this is the syntax for it, it will be followed by the variables
Before
Screenshot:
After
Screenshot:
*Note, I got my variables from another line of coding and entered them,
by putting beq and then the variables.
There is an easy way to do the opposite of beq, and bne, which ill
explain here.
If you come across a beq, and want it to do the opposite, simply double
click it, and delete the beq, and replace it with bne, it now does the
opposite.
If you come across a bne, and want it to do the opposite, simply double
click it, and delete the bne, and replace it with beq, it now does the
opposite.
More to come later