Advanced Subroutine Tutorial

You will need ps2dis.exe for this.

Subroutines use the programing language called MIPS, MIPS consists of commands and registers. Here is some info on bytes, you will need to know what they are:
8bit byte: 0x00000000 0x00 The zero in red only changes to: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F
16bit byte: 0x00000000 0x0000 The zero in red only changes to: 0, 2, 4, 6, 8, A, and C
32bit byte: 0x00000000 0x00000000 The zero in red only changes to: 0, 4, 8, and C
When i say 16bit or 32bit that refers to the hex values size, if i say Lui loads the first 16bits that means that it's the first four numbers.

New Commands:

ORI {OR IMMIDAITE}
ADD {ADD}
SUB {SUBTRACT}
LW {LOAD WORD}

New Register:

ZERO {ZERO} Can Also Be Typed As "0", the number.

If you need a reminder on the Negitive Rule and Real Addressing:
Quote:
Negitive Rule:
The 'Negitive Rule' is used when using these commands:
LQ {Load Quarter Word}
SQ {Store Quarter Word}
LH {Load Half Word}
SH {Store Half Word}
LW {Load Word}
SW {Store Word}
ADDIU {Add Immiadiate Unasigned Word}
I Beleive theres more but i haven't learned them yet, I will add them in once i do. If i say something about the negitive ruel then that means you need to add one to the first half of something if the second half is negitive, Positive: 0000 --- 7F80 / Negitive: 7F80 --- FFFF.

Real Addressing:
If your using the code's address, controller address, or pointer you need to use the real form of them. To do this open you calculator on your computer, click on the View drop down and select Scientific, then check the Hex bubble, now copy and paste your address/pointer into your calculator and add 8800000, the result is your real address.
Lets Start With Writing a DMA Code Into a Subroutine:

1) Get your ram dump, launch the game you have a DMA code you want to sub, go into a playable area in the game, open NitePR and go to the [PRX] menu and click "Dump Ram in Slot 0?" Now exit to the home menu and connect your PSP to your computer.

2) Open ps2dis.exe, now click on the File drop down and select Open, select your ram dump, it will be in the root of your memory stick.

3) A "Unknown Format" box will pop up, change the "Address From" to 08800000.

4) Now you need to find a blank area in the game where no codes can be found using NitePR, the reson we do this is so the subroutine wont effect any other value in the game. To do this press the "G" key and type the address you want to start your subroutine at, the limits are:

08800610 - 08804000

There are many many more blank areas in games, but this one is in all games and other blank areas i wont list because they might not be in the game your using. But you will have plenty of space there

5) We need to use LUI {LOAD UPPER IMMIDAITE} to load the first 16bits of the pointer, we also need a register to load it to, we will use the tX register, the X is a variable, it ranges from 0-9. Lets make it simple and start with t0, so now we need to to change the nop of the line you chose to start at to "LUI t0 $" and then the first 16bits of the pointer, if my pointer was 12345678 in real form my first command line would be "LUI t0 $1234". Press ok.

6) Now you need to load the last 16bits of the pointer into t1, instead of LUI we are going to use LW {LOAD WORD} this requires the negitive rule and a (Register) at the end, so for those of you who need an example, if the last 16bits of my pointer was 5678 my commadn would be "LW t1 $5678(t0)" but the second half is lower than 7F80 so i dont need to exicute the negitive rule.

7) Now we need to load the first 16bits of the hex value, yes we are using LUI, you should know enuff to do this by yourself, just a hint, it loads into t2.

8] Now i am introducing a new command, ORI {OR IMMIDIATE} this is just like ADDIU but you NEVER need to use the negitiave rule! You still need two registers, if the last 16bits of my hex value was ABCD my command: "ORI t3 t2 $ABCD" I will tell you why we store the last 16bits into t3 in a second.

9) Now we still need the offset, so we are going to use SW, and store the 32bits into t3, we are also going to use (t0) to laod the hole 32bits of the pointer into t3, and the ORI brings it all together, look at the registers to know what i mean, the pointers are laoded into t0, no matter which (t0) you get both because one laods the other, the offset is stored into t3, the ori has the last 16bits of the hex value stores into t3, and it added into t2, so the hole 32bit hex value is in t2, the offset is in t3 and the ponter can be loaded from t3 though the offset because of (t0). Get it? Now everything can be loaded from /stored into echother one way or another.

10) Add JR RA to the next line and use my copy and paste method that i told you in my other subroutine guide, if you can find it or you are lazy here it is:
Quote:
Now make a new .txt file and type this: (The { } means it's editable to what your doing)
#{Code Name}
;Subroutine: {Your Coding Name}
;Code By: {Credit Of The Code You Used}
;{Info, if any}
0x
0x
0x
0x
0x
0x
This is a method of geting your sub on paper fast, now go back to ps2dis, click on the line for the first 16bits of your address, you might want to sue these shortcut keys:
'Ctrl' + 'C' = Copy The Highlighted Text
'Ctrl' + 'X' = Cut The Highlighted Text
'Ctrl' + 'V' = Paste the copied or cuted text
'Ctrl' + 'Z' = Undo last action
Duble click the address and copy it, paste it in the "Label" section, now enter a space and type 0x then copy and paste the data (hex value) into the label section right after the 0x, now highlight the enter lebel section and cut it to the first "0x" on notepad, do that with every line from the first 16bits of the address to the jr ra, once your done you should have one blank "0x" in your notepad. If i started my subroutine at 08800610 and i actualy used the values i was using as examples, once i got finished copying and pasting my address and datas to notepad my notepad should look like:
#Example
;Subroutine: FarBeyondDriven
;Code By: Bob The Builder. JK
;Use Online Only
0x08800610 0x3c081234
0x08800614 0x3c095679
0x08800618 0x2529abcd
0x0880061C 0xad091324
0x08800620 0x03e00008
0x

The final "0x" is for your hook, without a hook your subroutine wont work. You first need a hook address, i will post a guide on finding hooks soon for now use these hooks that work for every game:
08800098
08800024
0880004c
So to use these you need to go back to ps2dis and press "G" and go to one of them, now you need to use J {JUMP} or JAL {JUMP AND LINK} and enter the top address of you subroutine, sence we kept the address in real format we dont have to do any converting, but if for what ever reson your address is not in real format conver it before using it for your hook, heres what my hook would be sence i started at 610 "J $08800610" now i would coy and paste the address and dat to the last "0x" now my subroutine is:
#Example
;Subroutine: FarBeyondDriven
;Code By: Bob The Builder, JK
;Use Online Only
0x08800610 0x3c081234
0x08800614 0x3c095679
0x08800618 0x2529abcd
0x0880061C 0xad091324
0x08800620 0x03e00008
0x08800098 0x0a200026

Now we need to convert the addresse back to cheat format or your cheat devise wont be able to use it, but instead of using a calculator, we can just replace the 0880 with 0000 sence the 0880 part is visible and not 'Realy' part of the code, so press 'Ctrl" + 'H' and replace the 0880 with 0000, my final product is:
#Example
;Subroutine: FarBeyondDriven
;Code By: Bob The Builder, JK
;Use Online Only
0x00000610 0x3c081234
0x00000614 0x3c095679
0x00000618 0x2529abcd
0x0000061C 0xad091324
0x00000620 0x03e00008
0x00000098 0x0a200026
That wont work though because i just chose random number for the values.
Now your done with yur DMA subroutine! Letsmove on to Automatic Increase and Decrease subroutines!

1) Get your ram dump, launch the game you have a DMA code you want to sub, go into a playable area in the game, open NitePR and go to the [PRX] menu and click "Dump Ram in Slot 0?" Now exit to the home menu and connect your PSP to your computer.

2) Open ps2dis.exe, now click on the File drop down and select Open, select your ram dump, it will be in the root of your memory stick.

3) A "Unknown Format" box will pop up, change the "Address From" to 08800000.

4) Now you need to find a blank area in the game where no codes can be found using NitePR, the reson we do this is so the subroutine wont effect any other value in the game. To do this press the "G" key and type the address you want to start your subroutine at, the limits are:

08800610 - 08804000

There are many many more blank areas in games, but this one is in all games and other blank areas i wont list because they might not be in the game your using. But you will have plenty of space there

5) You first need to load the first 16bits of you address using LUI, you should know how to do that by now. Use t0

6) Now you need the last 16bits loaded by LW, use t1

7) Now you need to store the 'Speed To Inc By' into a register by using ORI, but you can't add to anything, what do you do? Use the register zero, here the command line: "ORI t2 zero $" then enter the 'Speed To inc By'

8] Now your going to be adding registers using ADD, add adds the last two registers and stores the result into the first register (It uses three registers) for this you need "Add t3 t1 t2" and thats all

9) Now you need to store the last 16bits of the address into t3 with SW, you also need to (Register) back to t0, for the address, so now you got your address in t0, last 16bits of it in t1, speed to inc by in t2, t1 and t2 are added and the result is added into t3, the last 16bits are agian stored into t3, and SW t3 uses (t0) to laod the first 16bits of the address. So now everything can store/laod echother in some way or another.

10) If you want a auto decrease, just use SUB {SUBTRACT} in place of ADD, it works the same way, subtracts the last two registers and stores the result into the first register.

11) Now add JR RA to the next line, copy and paste them by using the method above, it's wraped in 'Code' and your done.