I mean is if you press the joker button value and the code will activate after 5 seconds, etc...

PSPAR:

Code:

_C0 Joker (Timer)
# Brian-1337-
_N 0xAZZZZZZZ 0xYYYYXXXX \\ 0xZZZZZZZ = Controller Address | 0xYYYY = Negative Button Value - 0x01 / 0xXXXX = Button Value
_N 0x1ZZZZZZZ 0x00000000 \\ 0xZZZZZZZ = nop Address(Timer)
_N 0xD2000000 0x00000000 \\ Terminate 0xA
_N 0x9ZZZZZZZ 0xYYYYXXXX \\ 0xZZZZZZZ = Controller Address | 0xYYYY = Negative Button Value - 0x01 / 0xXXXX = Button Value
_N 0xDA000000 0xZZZZZZZZ \\ 0xZZZZZZZ = nop Address(Timer)
_N 0xD4000000 0x00000001 \\ Time Adder
_N 0xD7000000 0xZZZZZZZZ \\ 0xZZZZZZZ = nop Address(Timer)
_N 0xD2000000 0x00000000 \\ Terminate 0x9
_N 0x8ZZZZZZZ 0x0000YYYY \\ 0xZZZZZZZ = nop Address(Timer) | 0xYYYY = Timer Value (Note: 0x44 is equivalent of 1 second)
_N \\ Code(s) to Activate
_N 0xD2000000 0x00000000 \\ Terminate = 0x4

MIPS Assembly:

Code:

Joker (Timer)
# Brian-1337-

lui t0, $ZZZZ \\ 0xZZZZ = First Half Controller Address
lh t0, $ZZZZ(t0) \\ 0xZZZZ = Second Half Controller Address
andi t0, t0, $YYYY \\ 0xYYYY = Button Value
ori t1, zero, $XXXX \\ 0xXXXX = Button Value
beq t1, t0, $ZZZZZZZZ \\ 0xZZZZZZZZ = Branch to (bne t1, t0, $ZZZZZZZZ) / Terminate
lui t2, $ZZZZ \\ 0xZZZZ = First Half nop Address(Timer)
sh zero, $ZZZZ(t2) \\ 0xZZZZ = Second Half nop Address
bne t1, t0, $ZZZZZZZZ \\ 0xZZZZZZZZ = Branch to (sltiu t3, t4, $YYYY) / Terminate
lh t4, $ZZZZ(t2) \\ 0xZZZZ = Second Half nop Address(Timer)
addiu t3, t4, $0001  \\ Time Adder
sh t3, $ZZZZ(t2) \\ 0xZZZZ = Second Half nop Address(Timer)
sltiu t3, t4, $YYYY \\ 0xYYYY = Timer Value (Note: 0x44 is equivalent of 1 second)
bne t3, zero, $ZZZZZZZZ \\ 0xZZZZZZZZ = Branch to (jr ra) / Terminate
nop
\\ Codes to Activate (Subroutine)
jr ra
nop

Example:

Controller Address
0x0143DDF0 - Fake Addressing
0x09C3DDF0 - Real Addressing

Button Value
0x0200(R) 0x4000(X) = 0x4200 - Button Value
-0x0200(R) - 0x4000(X) - 0x0001 = 0xBDFF - Negative Button Value

nop Address(Timer)
0x00003FFC - Fake Addressing
0x08803FFC - Real Addressing

Timer Value
0x0003(3 Seconds) x 0x0044 = 0x00CC(3 seconds)

Code

Code:

_C0 Suicide
_N 0x00632BF0 0x00000000

0x00632BF0 - Fake Addressing
0x08E32BF0 - Real Addressing

Example: PSPAR

Code:

_C0 Suicide (R+X - 3 Seconds)
# Brian-1337-
_N 0xA143DDF0 0xBDFF4200 \\ 0x143DDF0 = Controller Address | 0xBDFF = Negative Button Value - 0x01 / 0x4200 = Button Value
_N 0x10003FFC 0x00000000 \\ 0x0003FFC = nop Address(Timer)
_N 0xD2000000 0x00000000 \\ Terminate 0xA
_N 0x9143DDF0 0xBDFF4200 \\ 0x143DDF0 = Controller Address | 0xBDFF = Negative Button Value - 0x01 / 0x4200 = Button Value
_N 0xDA000000 0x00003FFC \\ 0x0003FFC = nop Address(Timer)
_N 0xD4000000 0x00000001 \\ Time Adder
_N 0xD7000000 0x00003FFC \\ 0x0003FFC = nop Address(Timer)
_N 0xD2000000 0x00000000 \\ Terminate 0x9
_N 0x80003FFC 0x000000CC \\ 0x0003FFC = nop Address(Timer) | 0x00CC = Timer Value (Note: 0x44 is equivalent of 1 second)
_N 0x00632BF0 0x00000000 \\ Code(s) to Activate
_N 0xD2000000 0x00000000 \\ Terminate = 0x4

Example: MIPS Assembly

Code:

Suicide (R+X - 3 Seconds)
# Brian-1337-

0x08801000 : lui t0, $09C4 \\ 0x09C4 = First Half Controller Address
0x08801004 : lh t0, $DDF0(t0) \\ 0xDDF0 = Second Half Controller Address
0x08801008 : andi t0, t0, $4200 \\ 0x4200 = Button Value
0x0880100C : ori t1, zero, $4200 \\ 0x4200 = Button Value
0x08801010 : beq t1, t0, $0880101C \\ 0x0880101C = Branch to (bne t1, t0, $0880102C) / Terminate
0x08801014 : lui t2, $0880 \\ 0x0880 = First Half nop Address(Timer)
0x08801018 : sh zero, $3FFC(t2) \\ 0x3FFC = Second Half nop Address
0x0880101C : bne t1, t0, $0880102C \\ 0x0880102C = Branch to (sltiu t3, t4, $00CC) / Terminate
0x08801020 : lh t4, $3FFC(t2) \\ 0x3FFC = Second Half nop Address(Timer)
0x08801024 : addiu t3, t4, $0001  \\ Time Adder
0x08801028 : sh t3, $3FFC(t2) \\ 0x3FFC = Second Half nop Address(Timer)
0x0880102C : sltiu t3, t4, $00CC \\ 0x00CC = Timer Value (Note: 0x44 is equivalent of 1 second)
0x08801030 : bne t3, zero, $08801040 \\ 0x08801040 = Branch to (jr ra) / Terminate
0x08801034 : nop
0x08801038 : lui t0, $08E3 \\ 0x08E3 = First Half Code Address / Code(s) to Activate
0x0880103C : sw zero, $2BF0(t0) \\ 0x2BF0 = Second Half Code Address / Code(s) to Activate
0x08801040 : jr ra
0x08801044 : nop

beast tutorial

wrote: beast tutorial

thanks

yes i love you!!! this could save me from having to find. all the sce kernel delay shit. thank you!
this is kinda what almost was showing the other day. awesome work, rep+ glad to see you still making tuts.

sdrawkcab wrote:yes i love you!!! this could save me from having to find. all the sce kernel delay shit. thank you!
this is kinda what almost was showing the other day. awesome work, rep+ glad to see you still making tuts.

you can find it by testing the start functions of the game and make a jump of the center of the function to the test subroutine, look if there is a delay.

or you could just use tempar, to find all the functions -.-", just saying.

Brian-1337- wrote:you can find it by testing the start functions of the game and make a jump of the center of the function to the test subroutine, look if there is a delay.

huh i thought you had to use like prx tool or something? yea delay is normally some where around the starting address's the in RR the address is like 8100 or something. also i thought you needed to jump and link to make the game delay?

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

netbeans wrote:

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

woah. who are you? hopefully it works again these pointers are very uncompetitive when being put in to a subroutine. thats why i was looking for scekerneldelay because you can only press the joker button for a split second with out freezing. haha select value is 1 2 is start. and the $ sign's are expose to come in after the registers.. any way thanks man! rep +

edit-
also nice name

hes passthepurp or whatever

sdrawkcab wrote:

netbeans wrote:

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

woah. who are you? hopefully it works again these pointers are very uncompetitive when being put in to a subroutine. thats why i was looking for scekerneldelay because you can only press the joker button for a split second with out freezing. haha select value is 1 2 is start. and the $ sign's are expose to come in after the registers.. any way thanks man! rep +

edit-
also nice name

first off the format is mars, not ps2dis, second if you are going to use the delaythread link me to sfls, and i will get it for you also you know who i am.. I willl show you how to call the delaythread, by passing 1 argument:

Code:


lui $a0, 0xf
jal sceKernelDelayThread
addiu $a0, $a0, 0x4240


if i remember clearly, you can use argument registers outside of any function, not 100% certain though.

just slap those lines in before you repeat the loop or if that fails put it after you store zero to the player.

netbeans wrote:

sdrawkcab wrote:

netbeans wrote:

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

woah. who are you? hopefully it works again these pointers are very uncompetitive when being put in to a subroutine. thats why i was looking for scekerneldelay because you can only press the joker button for a split second with out freezing. haha select value is 1 2 is start. and the $ sign's are expose to come in after the registers.. any way thanks man! rep +

edit-
also nice name

first off the format is mars, not ps2dis, second if you are going to use the delaythread link me to sfls, and i will get it for you also you know who i am.. I willl show you how to call the delaythread, by passing 1 argument:

Code:


lui $a0, 0xf
jal sceKernelDelayThread
addiu $a0, $a0, 0x4240


if i remember clearly, you can use argument registers outside of any function, not 100% certain though.

just slap those lines in before you repeat the loop or if that fails put it after you store zero to the player.

I go to the special feature but I can't find the sceKernelDelayThread only the sceKernelLibrary.

Brian-1337- wrote:

netbeans wrote:

sdrawkcab wrote:

netbeans wrote:

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

woah. who are you? hopefully it works again these pointers are very uncompetitive when being put in to a subroutine. thats why i was looking for scekerneldelay because you can only press the joker button for a split second with out freezing. haha select value is 1 2 is start. and the $ sign's are expose to come in after the registers.. any way thanks man! rep +

edit-
also nice name

first off the format is mars, not ps2dis, second if you are going to use the delaythread link me to sfls, and i will get it for you also you know who i am.. I willl show you how to call the delaythread, by passing 1 argument:

Code:


lui $a0, 0xf
jal sceKernelDelayThread
addiu $a0, $a0, 0x4240


if i remember clearly, you can use argument registers outside of any function, not 100% certain though.

just slap those lines in before you repeat the loop or if that fails put it after you store zero to the player.

I go to the special feature but I can't find the sceKernelDelayThread only the sceKernelLibrary.

oh boy that means we are gonna need prx tool to reverse a ram dump to find it the easiest way i know

netbeans wrote:

Brian-1337- wrote:

netbeans wrote:

sdrawkcab wrote:

netbeans wrote:

wrote:

netbeans wrote:or you could just use tempar, to find all the functions -.-", just saying.

where you come from

same place all babies came from...

oh and backwards try this routine, out for your suicide code... idk if it will work 100% but let me know! I also want to suggest you name this code:

#Tactical Nuke
;kills all players except you when press select
;sdrawkcab, netbeans

Code:


lui $t0, 0x????
lh $t0, 0x????($t0) #controller
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer
lui $t2, 0x08e6
ori $t2, $t2, 0xd8c0 #end pointer
ori $t3, $zero, 0x2 #button(s) preset to select, i think
bne $t0, $t3, end
nop
loop:
sw $zero, 0x3d0($t1) #store zero to current player
addiu $t1, $t1, 0xC #goto the next address
sltu $t4, $t1, $t2 #if(pointer < end pointer) $t4 = 1 (true), else $t4 = 0 (false)
bnez $t4, loop #repeat the loop
nop
lui $t1, 0x08e6
ori $t1, $t1, 0xd86c #pointer, reset loop to go through again
end:
jr $ra
nop


the thing with ???? just change them yourself and I think that the button for select is correct, if not fix it to your liking and add your own hook.

@Brian-1337
I would not mess with a function that controls the delay thread, could cause all sorts of problems. Instead what I would do is , is find the function using tempAR's special feature and then call the function, and pass a delay argument. Just to make things smoother.

@backwards
If that routine works I'll help you revise the routine to implement it.

sceKernelDelayThread(SceUInt delay)
//this sets how long the delay is in microseconds, which 1000000 microseconds = 1 second

woah. who are you? hopefully it works again these pointers are very uncompetitive when being put in to a subroutine. thats why i was looking for scekerneldelay because you can only press the joker button for a split second with out freezing. haha select value is 1 2 is start. and the $ sign's are expose to come in after the registers.. any way thanks man! rep +

edit-
also nice name

first off the format is mars, not ps2dis, second if you are going to use the delaythread link me to sfls, and i will get it for you also you know who i am.. I willl show you how to call the delaythread, by passing 1 argument:

Code:


lui $a0, 0xf
jal sceKernelDelayThread
addiu $a0, $a0, 0x4240


if i remember clearly, you can use argument registers outside of any function, not 100% certain though.

just slap those lines in before you repeat the loop or if that fails put it after you store zero to the player.

I go to the special feature but I can't find the sceKernelDelayThread only the sceKernelLibrary.

oh boy that means we are gonna need prx tool to reverse a ram dump to find it the easiest way i know

you will make prx?

god i hate prxtool. demon had to set it up for me for me thru team viewer :l
btw what special tool are you talking about?

sdrawkcab wrote:god i hate prxtool. demon had to set it up for me for me thru team viewer :l
btw what special tool are you talking about?

go to prx->system tools->module list & thread list , sadly brian says it doesn't contain the delay thread so we need to get the raw code for the asm of the game and manually find it, and if that doesn't go i have someone to ask how he finds it.

k thanks. had no idea tempAR could do that. one other thing do you know the hex value for bnez? i know its branch on not = to zero but when i enter it in ps2dis nothing comes up and i cant find the hex value for it in the decoder either :l

sdrawkcab wrote:k thanks. had no idea tempAR could do that. one other thing do you know the hex value for bnez? i know its branch on not = to zero but when i enter it in ps2dis nothing comes up and i cant find the hex value for it in the decoder either :l

(bnez $t4, loop) doesn't support ps2dis or PSP, he just used it to make smaller the (bne t4, zero, $loop).
so use this (bne t4, zero, $loop) instead of the "bnez".

Brian-1337- wrote:

sdrawkcab wrote:k thanks. had no idea tempAR could do that. one other thing do you know the hex value for bnez? i know its branch on not = to zero but when i enter it in ps2dis nothing comes up and i cant find the hex value for it in the decoder either :l

(bnez $t4, loop) doesn't support ps2dis or PSP, he just used it to make smaller the (bne t4, zero, $loop).
so use this (bne t4, zero, $loop) instead of the "bnez".

way ahead of you brian, solved that last night

ok here's the first code. im going to shorten it down a little but this should basically do the same thing. btw do you want your credit as net beans or pass tha purp?

#Tactical Nuke
;net beans + sdrawkcab
;kills all players
;press select
0x00001000 0x3c0808e6
0x00001004 0x85082bc4
0x00001008 0x3c0908e6
0x0000100c 0x3529d86c
0x00001010 0x3c0a08e6
0x00001014 0x354ad8c0
0x00001018 0x340b0001
0x0000101c 0x150b0008
0x00001020 0x00000000
0x00001024 0xad2003d0
0x00001028 0x2529000c
0x0000102c 0x012a602b
0x00001030 0x1580fffc
0x00001034 0x00000000
0x00001038 0x3c0908e6
0x0000103c 0x3529d86c
0x00001040 0x03e00008
0x00041188 0x0a200400

netbeans aka PTP, and congratz it works and there is no space in netbeans

#Tactical Nuke
;kills all players
;press select
;sdrawkcab for codes
;netbeans for routine
0x00001000 0x3c0808e6
0x00001004 0x85082bc4
0x00001008 0x3c0908e6
0x0000100c 0x3529d86c
0x00001010 0x3c0a08e6
0x00001014 0x354ad8c0
0x00001018 0x340b0001
0x0000101c 0x150b0008
0x00001024 0xad2003d0
0x00001028 0x2529000c
0x0000102c 0x012a602b
0x00001030 0x1580fffc
0x00001038 0x3c0908e6
0x0000103c 0x3529d86c
0x00001040 0x03e00008
0x00041188 0x0a200400

cool code
it will shoot nuke bullets from heaven to kill them? awesome

what game is it for again?

look i tried it and it failed, froze as soon as i turned it on