PS1/2 RAM Dumping a PS1 game [Help]

[ChampionLeake]

Hello, there's probably not a way to do this simply, but I'm currently working on MIPS exploitation, thus, the PS1 was my target to start with since there really hasn't been a savegame PS1 game that anyone tried to run unsigned code with but anyway, I've got a couple of PS1 games that was able to overwritten some registers (including the ra$/r31) for a jump address.

Which goes into question, how will I be able to do a RAM dump for a PS1 game? Is there a tool or an emulator that can do that simply from a press ofa button or manually put in some byte-lengths to have a current dump of the PS1 game's RAM so I can actually find an appropriate return address to execute code.

 

[FAST6191]

There are a few debug capable emulators but I have not kept up with them lately, others will choose to attach something like emuhaste to an emulator and as cheat searching necessarily involves memory dumps.... Alternatively you can kick it more oldschool then a savestate by definition means dumping the memory. http://problemkaputt.de/psx.htm is not quite as nice for games as PSX or epsxe but might be a nice start.

With that said I have not looked up what the tool assisted speedrun (TAS) crowd are doing for the PS1 these days. Their debuggers are not necessarily what I would make for ROM hacking and system exploitation type purposes but should get somewhere.

"so I can actually find an appropriate return address to execute code"
I have not played enough with PS1 games to truly make a claim here but should not C and so C memory handling are things that were readily used (things were more assembly optimised than assembly from the ground on up) so be prepared to have fun with pointers.

 

[ChampionLeake]

There are a few debug capable emulators but I have not kept up with them lately, others will choose to attach something like emuhaste to an emulator and as cheat searching necessarily involves memory dumps.... Alternatively you can kick it more oldschool then a savestate by definition means dumping the memory. http://problemkaputt.de/psx.htm is not quite as nice for games as PSX or epsxe but might be a nice start.

With that said I have not looked up what the tool assisted speedrun (TAS) crowd are doing for the PS1 these days. Their debuggers are not necessarily what I would make for ROM hacking and system exploitation type purposes but should get somewhere.

"so I can actually find an appropriate return address to execute code"
I have not played enough with PS1 games to truly make a claim here but should not C and so C memory handling are things that were readily used (things were more assembly optimised than assembly from the ground on up) so be prepared to have fun with pointers.

Much appreciated! Thanks. I'll keep that in mind. I did use no$psx for the whole exploitation process as I'm a bit more use to using that since it's great for debugging on my end. I'm just glad I can control ra/31 to jump to basically anywhere in code and I wanted to be able to get a small ps1 homebrew demo working. So once I can get a RAM dump of the whole game I should be set really.