Is this possible?

**Masaki Anton** · 09-15-2004,12:55 AM

I wonder if there is a way to insert / active the cheat code in a ELF file.
I found the title Devil May Cry is very difficult to beat, so I decide to use cheat code.
The code is here(for JAP Ver SLPM_650.38):
Master Code : 9010c1dc 0c045504
Never Die : 105b9c56 00000bb8

Actually, I don?t want to active the code use PAR soft like Code Breaker ever time I play this game.
Now I have an idea. Is this possible to hack the ELF and insert / active the code, then update the same file in the ISO and burn the ISO to a DVD.
So every time I play with this disc, I don?t need to boot the PAR soft and my character will have eternal life.
Is anyone know how to do this?

**Szalay** · 09-15-2004,09:06 AM

Hehe , Yeah cool idea , Yes work any breakpoint address when You changed this value , but not all !

You can try .. EG: with infinite ammo !

**Pyriel** · 09-15-2004,01:00 PM

I don't see why you couldn't do something like that.

I think what Lajos is trying to say is that modifying the ELF that way for certain things will work, but you'd just be wasting a disc if you did it for others. Based on what I remember about the Devil May Cry NTSC ELF and judging from the code you've posted, changing the ELF at whatever address that translates to in the file would indeed be a waste.

Whatever data you modify in the ELF could only be something that never changes once the ELF is loaded, such as machine code or possibly constant data. That infinite health code looks like it writes to the memory where the health variable is stored and that will be ever-changing once the game loads. Now if you can find a code that prevents damage from being applied by the executable, then you've got a good candidate.

**Szalay** · 09-15-2004,05:31 PM

Thx Pyriel this Help ! , but I tried with PSX1 and PS2 use CD,DVD-RW. with sw,sh, etc break point address, not a floating.....

Vampmaster · 09-16-2004,04:24 PM

What you'd have to do is find an empty space in the elf where you could write your own custom subroutine. Then at the end of it, instead of using jr ra you just jump to memcpy. Then you find the address that you'd use to make an Action replay M code and replace that jal to your custom subroutine. I could show you how to do it.

**Pyriel** · 09-16-2004,09:37 PM

Erm...If you already know this, disregard, but I think doing something like that is a bit more complicated than you think. I would imagine there are ELF patchers somewhere around that can be used for this, but PS2Dis can't do it as far as I know. It doesn't save anything in ELF format, just .pis, text disassembly dumps and binary dumps of selected addresses.

If you're going to add something to the file, most likely at the beginning or end of the .text segment, you need to make sure it's inserted in the right place and that the ELF header, segment headers and program headers (if they exist) are all updated to reflect their new lengths (if applicable) and positions in the file. At that rate, you could wind up wasting quite a few discs if you screw up any values, or you might find yourself torturing the hell out of some poor DVD-RW anyway.

**Liquidvlade** · 09-16-2004,11:19 PM

ever heard of trainers?

- Hardvlade

Vampmaster · 09-17-2004,06:47 AM

No, I already made a version of the Defiance Menu code using only 32 bit write once commands. It worked just as well as the one that used jokers if not better. Because the function I wrote gets called right near the one that checks whether to display the menu. (The same address I gave you for that M code, Pyriel) GMO said it's safe to stick custom subroutines in the blank area before the entrypoint and I havn't had any problems with that. I've been doing a lot of research in to custom subroutines such as where to put them and what types of jump to call them and return with. I could easily write a similar subroutine to constantly update some addresses in Devil May Cry.

I've also figured out some handy stuff like the stack pointer and making use of the C library functions in custom subroutines.

EDIT: Don't trainers need mod chips to work? And what's Paradox?

**Liquidvlade** · 09-17-2004,07:13 AM

Trainers inject the changed addresses to to cheat on the games, for example if I burn Mortal Kombat Deadly Alliance with a Infinite Health Trainer on it and burn it, everytime I play it it with infinite health ect, there are few trainers out there I remember ace, GMO and I made the first codes for Enter the Matrix and I think it was Paradox that made a trainer with our codes.

For trainers you need to find a way to boot the game, either via Mod chip, shittop, ect.

Paradox = it's a internet app release group, they make PC, PS2 and XBOX releases, possibly Cube as well (releases = games, programs, trainers, patches, cracks ect)

- Hardvlade

**Pyriel** · 09-17-2004,08:11 AM

Vamp: I can't really tell from the language in your posts, but you do realize his goal is to modify the ELF and burn the game with the changes so that the codes are on perpetually, right? Using an AR to write a subroutine to 0xC0000 - 0xC0080 and making an ELF that contains that routine are two different things.

Hardvlade: Yeah, I've heard of trainers. I haven't used them because I don't have a modchip, but that would (sort of) fall under "ELF patchers that can do this", even though I didn't have them in mind when I was writing that. I didn't say it was impossible; I just got the impression that Vamp wasn't aware that adding a subroutine somewhere above the entrypoint in PS2Dis and saving it as a .pis is different from what you'd have to do to modify an ELF to make it load with an extra subroutine.

User Tag List

Thread: Is this possible?

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!