How to inject Resident Evil +8 trainer into GCM/ISO ?

[iCEQB]

Hi,

I registered here because this place probably has to be the one with the most GC knowledge on the web
Recently I managed to dump my copy of Resident Evil for the GC and since I'm one of the old school peeps, I like trainers and cracktros before the game starts.

So I remembered a few years ago that there was a trainer for RE on the GC, but I couldn't find it anymore until yesterday (of course on this nice site ).
I looked at the nfo and saw that this trainer is a .dol file which launches the game from the disc after you made your choices.

My plan looked like this:

1) Look inside the ISO and find the filename for the main executable (let's say its "main.dol") and rename it to "game.dol"
2) Hex edit trainer .dol to look for "game.dol" on the disc
3) Rename trainer .dol to "main.dol" and inject it into the ISO
4) Execute the ISO on a GC (or Dophin) and profit ?

Now I already ran into the first problems. Where the hell is the main executable for each game stored?
I used GC-Tool from PARADOX to browse the image but for the love of god I can't find it anywhere even tho the tool has a .dol extraction function, but I honestly don't know where it fetches it from.

And another problem I have, is to test the trainer, I would like to try it with Dolphin, but the latest rev just outputs a blackscreen once I try to launch the .dol file.

So I hope that you guys can help me with my little project to have a trained disc out of the box, because I'm currently a bit lost here

Regards,
iCEQB

[tueidj]

The main executable isn't part of the ordinary filesystem, it's stored in a special part of the disc which can be found by reading the word at offset 0x420.

[iCEQB]

Hmmm damn, this makes the whole plan a lot more difficult.
Is there a way fiddle around with this "special area", apart from hex editing the whole image?

Another problem that would come up, is to hex edit the trainer, because by the looks of it, it just initiates a disc launch which would result in a loop according to my plan :/

Any other suggestions ?

Regards,
iCEQB

[emu_kidid]

There's no easy way to do this other than perhaps:

1. Find a spot in the ISO with some garbage data you can overwrite (as big a section as the original DOL), and place the original DOL there
2. Find in the trainer where it tries to read the DOL offset from 0x420 and change it to the spot found in step 1
3. Overwrite the original DOL at the offset specified at 0x420 with the trainer.
4. Profit

Alternatively if step 2 is too hard, write some super basic DOL to replace the original DOL that will either execute the trainer if it's the first boot, or the original DOL if it's a subsequent boot (you'd still need step 1)

[AC_Orange]

Wouldn't it be easier to use Action Replay and one of the codes recently posted by a new member here?

[iCEQB]

@AC_Orange: It would be ALOT easier....but that's not what I want

@tueidj: You probably mean DWORD right?
Afaik WORD == 2 Bytes, which results in 0x1 (00 01) at 0x420 and this gets me nowhere.
DWORD on the other hand (4 Bytes) at 0x420 gives me 0x1DA00 (00 01 DA 00) and this points to the beginning of the DOL, which is confirmed via DOL extraction from GC-Tool.

@emu_kidid: I'll probably need a little help with step 2 as I'm not sure if the trainer is pointing at an exact address, this might require some disasm fun.
But I'll first look if I can cramp the trainer in there ... the original DOL should fit somewhere else.

EDIT: The original DOL has a length of 2.173.696 Bytes (2,07 MB) and my first look at the ISO doesn't show room for 2 MB of space.
But the trainer on the other hand is pretty small (933.408 Bytes = 911 KB) which should fit somewhere.
Is it possible to change the value at 0x420 to point to the trainer DOL instead of the original DOL ? This would make it a bit easier (and cleaner) instead of moving a 2MB chunk around there.

Does the garbage data have a specific look ? FFs or something? Because I can find no chunk inside the ISO which looks unnecessary :/

[emu_kidid]

For me at least, DWORD on GameCube = 64bits since WORD is 32bit, HWORD is 16bit, etc.

Anyway, yeah just make the main DOL offset at 0x420 point to the new buffer space you've found for the trainer, then make the trainer point to the new buffer space instead of 0x420.

Garbage data doesn't have a particular "look", just parse the FST/TOC and find a bit of empty space, easiest would be to find the first entry, or the last and look before/after. IF you run the disc in Swiss, it should tell you the total size, or extract it all and see how big it is.

[iCEQB]

The ISO is 1.459.978.240 Bytes (1,35 GB) and extracted 1.384.663.420 Bytes (1,28 GB) that's enough space
How do I parse the TOC ? GC-Tool does create a TOC but I don't know how to work with it :/

EDIT: Do I even have to do it the hexery way? Aren't there tools which can modify the ISO and add user data to it? After that I could search for the trainer DOL within the ISO and just point to it.

[tueidj]

"word" just means the native cpu sized number, so for a 32-bit cpu it's 4 bytes.
WORD, DWORD etc. are windows specific things and now in the age of 64-bit machines they look stupid because a DWORD (double-word) sounds big but is actually smaller than a pointer...

[emu_kidid]

iCEQB, you could use a ISO rebuilder (check the ISO tools thread we have), but the game might not like it. I'd rebuild a vanilla ISO and see if that works, if it does, you're good to go with the rest of it.

Also, there might not be enough space if the FST has 1000's of files each padded onto a particular boundary (32k or what have you), but you'll find out.

[iCEQB]

Ok now I was able to rebuild the game into an ISO together with the trainer.
I also found the trainer inside my ISO and pointed at it at 0x420, but when I try to extract the "new" main DOL now (which is the trainer) with all the several tools available, it just extracts an empty file.
Is there something more I have to edit? Like a filesize or something? I looked for something like this, but I couldn't find anything in the ISO :/

[emu_kidid]

The trainer might be non-standard, try run it through dollzv3 first to compress it (check the homebrew/tools area for it if you don't have it).

I forgot to mention, if the trainer doesn't load itself in a sane area and have a sane entry point, the IPL will not boot it. Maybe just attach the trainer in question or try to boot the ISO with the trainer at 0x420 and see how you go?

[iCEQB]

Well, I think I now tried everything that I can (with my knowledge about the GC at least ) and I can't get it to work.
It would be nice if someone with better understanding of the console could take a quick look into it.