What is the lowest point in the mips memory for socom that you think a hook will get accessed online?

you mean the scan range? i thought it was like somewhere between 2000-3999. anything beyond that is okay i think. the only codes that have these adresses though are usually like e-tags and scores. its been awhile so i could be wrong

__________________

Actually ,i meant for socom 3,to activate a subroutine you need a hook,and the scan range goes as low as 20100000 cuz i got banned with a code in that area,but 20c00000 is safe,was just looking for a safe hook...

oh, well its been a while. my bad

__________________

You could hook within kernal memory...

If you're using codemajic find codemajic's routine which is in kernal memory around 0x0008 and hook within there. I would probably take one of the jals in the codemajic routine, jal it to my subroutine, then j it to where the original jal was going to that way you keep the ra register the same

__________________

you lost me here....


yeah from the first word

__________________

omg,the great robby23 is still around?!LOve your work lol.Thank you I'll try that.
Hmm,well tryed a jal in 0008 area, didnt jump,to find the codemajic sub wouldnt i have to disassemble the program?

Yes sir...you need the codemajic sub first before you can jal anywhere. Kernal memory starts at 0x0008. All cheat devices at one point are loaded into kernal memory and they usually have a couple jumps in the middle if not right at the end. Make sure you know what you are doing otherwise you will most likely freeze.

Also little tip if you do figure it out make the hook the last line in your code because if the hook is written first it will freeze

__________________

so instead of using a jr ra, use a j or jal, back to the hook? nice advice. how would i get the cm sub? do i have to look at the codemajic express file?

You dont j back to the hook. Say the hook address initially was a jal $00000000 (which it wouldnt obviously) you would change it to jal $xxxxxxxx where x's is the start of your sub. Then at the end of your sub make it j $00000000 that way when you jal ra register isnt changed in any way making no disturbance.

As for your second question you would need to create a dump after codemajic was loaded. Beware though as Idot has put in some security measures to make sure you dont dump the kernal memory with cm loaded so you need to figure out how to get around that ;). If you get how a cheat device works basically you would understand about what is stored in the kernal and how a cheat device is loaded even to keep a constant write.

__________________