| Home | Forums | What's new | Resources | |
| Finding and manipulating Pointer Tables |
| Malenko - Sep 29, 2024 |
 |
Malenko | Sep 29, 2024 | ||
|
Last update for the guide was 09/29/2024 First off, MASSSSSSIVE thanks to @bbayles... for holding my hand through this. This is basically his guide but written by me, showing you the steps I followed to get results. Here is his Saturn Blog: Rings of Saturn | Bo | Substack... Prerequisites: Basic computing skills Understand hexadecimal Knowing this isnt as hard as you think it is. Lastly Mednafen Ghidra and JDK installed A hex editor and byte_search This tutorial will deal with the Japanese game “Gensou Suikoden” by Konami. It won't cover setting up or installing Mednafen, Mednaffe, or Ghidra. Honestly if getting those up is a struggle, the rest of this will likely be a bit much. To follow this tutorial you must have *some* data to look for. Finding the data is not covered by this tutorial. I am just going to give a brief overview of what the data is, so the rest of this tutorial makes sense. For this game I found Theo’s name. You can see his name in this screenshot.  in terms of the games data , this is A8 9A 0F ; I found the data (A8 9A) and the control for for end of read (0F) here, in the 0 file  0x05AFC4 With the prefix out of the way here's the tutorial! Download and install Mednafen, Mednaffe, and Ghidra make sure you have a hex editor and byte_search as well (it just makes finding stuff go so much faster) Mednaffe is kinda optional but convenient to not have to type commands or run bat files to use Mednafen.  once you have the game running, pause the emulation (Alt+P) and take a save state (F5)  Open the debugger (Alt+D), change to RAM mode (Alt+3) and page over to High Work RAM (> key)  (Alt+D gets you this, the debugger) on that screen hit Alt+3 to get to the memory screen:  Then hit > until you are on high work RAM (other games may use Low Work RAM but for this game we use high)  Pressing D on this screen will prompt you to dump the memory, enter 0 fffff NameOfFile  I named it HiRAMDump.bin Dumping from LowRAM is exactly the same but you do it from the LowRAM screen. Open Ghidra and start a new project, it does not matter what you name it.  Next, import the file through the file drop down menu, or hit I  The file you saved from RAM will be in the root of your Mednafen folder  Import the file into Ghidra with language set to SH-2 and base address set to 06000000 (set the base address to 02000000 for LowRAM)     After you hit ok, a file import screen will come up that should look similar to this:  Open the file in Ghidra by double clicking it (in Ghidra 11.2 a weird dragon animation plays)  Select No to the analyze pop up:  Open the Python/Jython console (Window > Python or Jython )  11.1 calls it Python and it was changed to Jython in 11.2 but they are functionally the same AFAIK Paste in BoBayles's script from here: Mark pointers in Low & High Work RAM for Saturn in...  I hit enter twice then close Jython. | ||||
|
Malenko | Sep 29, 2024 | ||
Next chose "Auto Analyze" from the Analyze drop down menu or hit A Check the top box for aggressive Instruction Finder:  When that has finished press S to search, and search for the values from 0 file that make up Theo's name (A8 9A 0F 00)  The location is 0x05EFC4 , which is 4000h more than the offset in the 0 file If we search for 05EFC4 in all the files, we see it at 0x5B205 in the 0 file.  I’ve highlighted here, but when you see data that looks like this, it's a pretty good indicator that it is a pointer table.  "pretty good indicator" isnt good enough, we need to test by altering some data. Once again, here is Theo's name  We need 4 bytes for THEO in English, and we totally lucked out there there are 2 extra bytes to the left. Let’s take them.  The values for the English letters were discovered via brute force and are posted in this thread: Genso Suikoden Translation help?... Since we took 2 more byte than before, we need to change the offset of the pointer table to be 2 lower than before, this is the before:  And this is the after:  This effectively uses up 2 unused bytes and gives up 4 letters for Theo instead of two. Now we need to test this in game. Inject the changed 0 bin file through whatever method is best for you and you should get a result like below:  Please post any questions, the hope is to flesh this out to be a good starting point for finding and manipulating pointer tables | ||||