I'm not sure if I understand you're first paragraph. I assume you want me to load the ROM, and not the savestate? If I load the savestate, IDA asks me to push "c" wherever a thread begins. That's why I needed a debugger, so that I could stop the ROM running everytime it went to osCreateThread and see what addresses were stored in the a2 register. Using those addresses, I could then find the threads that I needed to alter. However, without those addresses, I can't figure out how to read any of it.
I was going to load up IDA and the ROM. However it turns out that, since I got my new machine, I no longer have it installed on my computer. I finished installing it, but didn't have time to run it (I had to go to work, and am there now). Otherwise, I might have been able to provide a more inteligable question.
As for a compiler, I used to have one, years and years ago. But now, no I don't. For that matter, I know very very little C or C++ (though I did take a class on it in 11th grade (about 5 years ago)), so I forsee problems with me trying to compile my own debugger.
Thanks again for your help. Hopefully, I'll be able to make some progress this time around (if I read the first paragraph right, I might even be able to). Hope to hear from you soon. Mouser X over and out.
I'm not sure if my previous message was ever read. So I, finally, decided to give it a bump to the top. Hopefully, some help can be provided. Thanks in advance. Mouser X over.
Well, I applied your PJ64ss loader, and I've gotten the thing loaded. However, when I track down osCreateThread, and press, "x" it tells me there's no xref's to osCreateThread.
I found that odd, personaly. Anyway, the question I have this time is, it's loaded. However, I still can't see hardly any code, because it hasn't been anylized. I can see names of functions though, and that's a very very good thing. It's a start, at least. So, what next? I can see names of functions, but very little code (unless I push "c" whenever I select a function name). Is there something I'm supposed to be looking for? Am I supposed to push "c" on all of those function names? Am I supposed to just start hacking randomly (because currently, that's all I know how to do, especially since I can see little to no code)?
Thanks in advance of any help you have to offer. Perhaps, one day, I'll be able to rip something. That would be nice... Mouser X over and out.
Hacking randomly is just about all you can do... (and by that I don't mean you specifically, just that there's no systematic solution). There are no xrefs to osCreateThread because, as you noted, none of the code has been analyzed. You'd need to set a breakpoint at the address of osCreateThread in some emulator in order to determine what's in a2 at the time of calling. That'll give you thread addresses, which are a good place to start analysis (press "p" at those addresses in IDA to indicate "procedure").
Well then, that brings me back to a problem that I don't have an easy solution to. I need a way to breakpoint at the address of osCreateThread so that I can view what's in a2 at that time. I don't have any N64 emulators that can do that (successfully). What would you recommend? How can I get the info I need? Thanks in advance for your answers, and it would be appreciated if those answers are provided in a way that requires very, very, very little coding knowledge. I don't have a compiler, and even if I did, I wouldn't know what to change in the code, what to change it to, or where the change should be (ect. ect. ect.).
Hopefully, since I've been on the subject for quite some time, that can be seen as either determination, or desire, or something. I'd like to try and give back to the emulated audio community at least a little of what it's given to me. Again, thanks for the help. Mouser X over.
Really I think the best way to do these things is by editing an emulator's source code, but I'll see if I can compile a version of Project 64 with the debugger enabled that you can use.