Welcome, Guest!

Here are some links you may find helpful

PlayStation RE toolchain for Ghidra

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Last year, I worked with several folks in the prototype-collecting world to obtain early versions of a few of my favourite games.

It's been a long time coming, but here's a small thank-you in return:


The PSX-EXE => ELF converter should work with any PlayStation game. Ghidra doesn't support PSX-EXE, but it does support ELF, so that will get you going.

If you have a PsyQ .SYM file for the game, there's a good chance that the remaining three tools will let you generate enough data for Ghidra to recover a fairly accurate approximation of the original source code.

This is very much an alpha release, so feedback and bug reports are appreciated. I mostly tested it on builds of Soul Reaver, but it works on at least one beta version of Biohazard 2 as well.
 

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
DrMefistO make excelent loader

I'll definitely be taking a look at that. Thanks! I won't have time to do work on the code until after the weekend, but I've got a couple of things to look at in terms of additional features and support for unusual things in some games, plus I want to greatly improve the documentation.

In case it's unclear, one of the big benefits to my tool versus that one is that I don't think DrMefistO's code will import SYM file data currently, and I'd be very surprised if it generated the decompiled source code as individual files from Ghidra's one big .C file.

I originally looked into writing a direct PSX-EXE importer for Ghidra, but I figured if I wrote a PSX-EXE => ELF converter, then it would let people use PSX-EXEs in other tools that also only support ELFs, like RetDec. Both approaches have benefits and drawbacks, though.
 

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Just released version 0.3, which you can consider "alpha 2". There are some major improvements based on feedback from people testing it against some other prototypes. One of the most obvious is that static/extern/global variables should have their data type set correctly. I also added a walkthrough of using it with a Need For Speed 4 build that I think was released somewhat recently. That one would crash the 0.2 toolchain, but gets decent result now.

Still a long way to go before it's done, but hopefully it's helpful :).
 
  • Like
Reactions: Dedok179

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Just released 0.4 / "alpha 3", which works even better. Thanks to Gh0stBlade and everyone else who sent me bugs and other issues.

Look at what a great job Ghidra can do at decompiling a PSX game if it has the right data! This is without any manual work in Ghidra.

TDR03.PNG
 

VGKintsugi

Member
Registered
Jul 31, 2019
10
26
3
This is awesome. I've been working on a Sega Saturn loader, will look to see how you did some of the analyzer stuff.
 
Last edited:
  • Like
Reactions: blincoln

Dedok179

Member
Registered
Jul 9, 2019
12
1
3
Just released 0.4 / "alpha 3", which works even better. Thanks to Gh0stBlade and everyone else who sent me bugs and other issues.

Look at what a great job Ghidra can do at decompiling a PSX game if it has the right data! This is without any manual work in Ghidra.

View attachment 2594
Where can I download your loader for PS1?
 

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Where can I download your loader for PS1?

@Dedok179 , it's the link in the first post: https://www.beneaththewaves.net/Software/This_Dust_Remembers_What_It_Once_Was.html. The downloads are at the bottom of the page.

I've been working on a major update. Hoping to have it released by the end of the week if I can get the docs updated quickly enough. Feel free to try out the 0.7 release that's up there now, but the version I'm working on will be about fifty times better.
 
  • Like
Reactions: Dedok179

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
OMG this is great. Any chance this will work with PS2 games as well?

PS2 games are next on my list :). That should be much easier to get working correctly since they use DWARF symbols embedded in their ELF files, and Ghidra already parses DWARF data.
 
  • Like
Reactions: iOrange

Dedok179

Member
Registered
Jul 9, 2019
12
1
3
@Dedok179 , it's the link in the first post: https://www.beneaththewaves.net/Software/This_Dust_Remembers_What_It_Once_Was.html. The downloads are at the bottom of the page.

I've been working on a major update. Hoping to have it released by the end of the week if I can get the docs updated quickly enough. Feel free to try out the 0.7 release that's up there now, but the version I'm working on will be about fifty times better.
As I understand it, it normally decompiles only if me find the SYM file? That is, not all games in a row, but only prototypes and those versions where this file was forgotten to be deleted upon release.
 

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
As I understand it, it normally decompiles only if me find the SYM file? That is, not all games in a row, but only prototypes and those versions where this file was forgotten to be deleted upon release.

You can still use the ELF converter to import the binary into Ghidra without the SYM file, but you won't get the debugging information.
 

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Just released version 0.8, which as promised is a massive improvement over all previous versions.

See the list of changes at https://www.beneaththewaves.net/Software/This_Dust_Remembers_What_It_Once_Was.html#History

Some highlights:
  • Added a custom Ghidra script that exports global/static variables as C code.
  • Added another custom script that attempts to automatically detect arrays.
  • PsyQ memory overlays (e.g. for Diablo) are now handled.
  • Basically all aspects of the toolchain are greatly improved - no manual workarounds required for most of the example games now.
I also added a really detailed tutorial on the overlay functionality, but I recommend it as a general guide/example of the quality of results: I added a new tutorial that covers PsyQ memory overlays, but it's worth reading as a general guide as well: https://www.beneaththewaves.net/Software/TDR_Practice_Using_OVERLAYS.html
 
  • Like
Reactions: Serioli

blincoln

Donator
Original poster
Donator
Registered
Aug 6, 2019
Donations
£1,000.00
11
16
3
Version 0.9 is out. Same link as before. This one should automatically merge the "fake" structs and unions inline into the structs and unions where they actually belong, when using the new --inline-fakes flag for SymDumpTE.exe.
 

Dedok179

Member
Registered
Jul 9, 2019
12
1
3
Version 0.9 is out. Same link as before. This one should automatically merge the "fake" structs and unions inline into the structs and unions where they actually belong, when using the new --inline-fakes flag for SymDumpTE.exe.
Can you write an explanation of how to decompile without a SYM file?
 

Dedok179

Member
Registered
Jul 9, 2019
12
1
3
My goal is to decompile the game of Red Asphalt. It also has 2 overlays. After decompilation, I want to learn how it reads and loads all of its game data, and based on this, start writing utilities for editing. I am poorly versed in data structures, now having studied them in raw hex I will not see anything, but looking and studying the code will have a clearer picture.
 

Goamon

Member
Registered
Aug 16, 2019
10
0
1
AGName
Goamon
AG Join Date
Dec 28, 2013
Hi,

I try to use your tool with quake 2 ntsc sym file and I got this error on SymDumpTE step:

Code:
Exception non greÿ: System.Exception: Unknown type: 'void ((**)())()' - cannot set size
    symdump.symfile.StructMember.ToBLDSCStructMember() dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\symfile\StructMember.cs:ligne 421
    symdump.symfile.StructDef.ToBLDSCStruct(Int32 overlayID) dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\symfile\StructDef.cs:ligne 251
    symdump.symfile.SymFile.GetStructs(Dictionary`2 structCollection, List`1 structSequenceNumbers, Int32 overlayID, SymDumpProcessingConfiguration config) dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\symfile\SymFile.cs:ligne 707
    symdump.symfile.SymFile.ToBLDSSymDumpSymbolCollection(String defaultSourceFileNameBase, SymDumpProcessingConfiguration config) dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\symfile\SymFile.cs:ligne 659
    symdump.symfile.SymFile.DumpJSON(String defaultSourceFileNameBase, SymDumpProcessingConfiguration config) dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\symfile\SymFile.cs:ligne 839
    SymDumpTE.Program.Main(String[] args) dans C:\Users\blincoln\source\repos\SymDumpTE\SymDumpTE\Program.cs:ligne 180

I use 0.9 version.
 

Make a donation