Driver Madness

Posted: **Mon Dec 14, 2015 9:32 am**

Hi guys, new member here,

I don’t know if this is known or if this has been already posted around here, but when I decided to take a look at the game files of Driver 2 CD1 spanish version v1.0 (SLES-02997, matching with a redump.org valid dump), I found one file that is not included in the english version, named SPANISH.SYM

The file seems to be a list of the symbols/function labels of the game binary executable. I used IDA PRO to open the SLES_029.97 executable to see if it had the symbols available but no luck, and I don’t know how to “merge” the .sym file with it (or even if it’s possible).

Here is a picture of the .sym file from the disc on a hex editor:

I didn’t upload the file because I’m not sure if it’s allowed to share the file here, but if it’s ok I will upload it along with the game binary.

I’ve been always a fan of the Driver series and even when I’m still a newbie with game hacking, I know that a game executable with symbols can be very useful with modding and to understand better the game engine.

I really hope this info is useful.

Posted: **Mon Dec 14, 2015 10:11 am**

Considering Reflections sold out and became Ubi-drones and the Driver IP is dead, you can upload it here.
Not to mention the game is only 5 years shy of being 2 decades old.

Posted: **Mon Dec 14, 2015 1:39 pm**

Ok, I have uploaded the files SLES_029.97 and SPANISH.SYM, here is the link:
http://www.mediafire.com/download/i3abw ... nFiles.rar

Posted: **Mon Dec 14, 2015 4:00 pm**

Nice! I think this symbols file could go with PSX MIPS debugger only, I didn't have enough information about that symbol files with MND header.
But I think it's possible to retrieve function addresses and structure types as well.

Posted: **Tue Dec 15, 2015 10:25 am**

interesting but that version is this game? as this could be some language file or something that is not used. of course this is a shot based on the file name ...
I could be wrong about this because I do not know about programming and related

Posted: **Tue Dec 15, 2015 2:27 pm**

Looks like I found something about enums, structs:

Code: Select all

enum PAUSEMODE
{
	PAUSEMODE_PAUSE		= 1,
	PAUSEMODE_PAUSEP1	= 2,
	PAUSEMODE_PAUSEP2	= 3,
	PAUSEMODE_GAMEOVER	= 4,
	PAUSEMODE_COMPLETE	= 5,
	PAUSEMODE_PADERROR	= 6,
};

struct PACKED_CELL_OBJECT
{
	USVECTOR_NOPAD	pos;
	ushort		value;
};

struct MODEL
{
	short shape_flags;
	short flags2;
	short instance_number;

	ubyte tri_verts;
	ubyte zBias;

	short bounding_sphere;
	short num_point_normals;

	short num_vertices;
	short num_polys;

	int vertices;
	int poly_block;
	int normals;
	int point_normals;
	int collision_block;
};

enum ExplosionType
{
     	BIG_BANG,     
	LITTLE_BANG,
     	HEY_MOMMA,
     	BANG_USED,
};

struct CAR_COSMETICS
{
	SVECTOR	headLight;
	SVECTOR frontInd;
	SVECTOR backInd;
	SVECTOR brakeLight;
	SVECTOR revLight;
	SVECTOR policeLight0;
	SVECTOR exhaust8;
	SVECTOR smoke;
	SVECTOR fireH;
	SVECTOR	wheelDisph;
	short extraInfoj; // probably shorts
	short powerRatiol;
	short cbYoffsetn;
	short susCoeffp;
	short tractionr;
	short wheelSizet;
	SVECTOR cPoints;
	SVECTOR colBox;
	SVECTOR cog;
	short twistRateX;
	short twistRateY;
	short twistRateZ;
	short mass;
};

struct Spool // in my code it is REGIONINFO
{
	short offset;
	short connected_areas;
	ubyte pvs_size;
	ubyte pad; // probably
	short cell_data_size;
	ubyte super_region;
	ubyte num_connected_areas;
	ubyte roadm_size;
	ubyte roadh_size;
};

It might help with some undiscovered parts of LEV decoding

UPD:
File looks like a COFF symbol table, better to read about it

Posted: **Tue Dec 15, 2015 6:31 pm**

D:\driver2\game\MEMCARD\DISPLAY.CPP%DrawSprite__7DISPMANP9TIMSTRUCTiiiiii.
[…]
C:\PS\LIB\LIBMATH.LIB(DBSHIFTU.obj)

Yes, this definitely is debug symbols. Awesome find!

I have no experience with PSX debugging, and the magic number 4D 4E 44 01 isn't well-known either, so my only idea is firing up PCSX or the like. They should come with debugging facilities for home-brew programs. Else, go to some PSX forum and ask the experts …

Every function's name could be incredibly helpful in analyzing the game, let alone names of local variables.

Edit: PPSSPP allows loading of symbol tables. When in doubt, just look at their parser, it's open source.

Btw, any guitars in Driver 2?

VECTOR GuitarPos obj\objanim.OBJ

Posted: **Tue Dec 22, 2015 7:24 pm**

Very nice find! I love finding leftover debug symbols!

Posted: **Tue Dec 22, 2015 9:38 pm**

SOAP wrote:Looks like I found something about enums, structs:
Code: Select all
SOURCE CODE
It might help with some undiscovered parts of LEV decoding

UPD:
File looks like a COFF symbol table, better to read about it

It's incredible how much information we can get from this. How did you extract this info from the sym file? did you use some script/utility to rebuild that section of code or did you do it manually?

I am interested in getting the original values for some variables in the game so I can easily identify them with a memory editor and make some changes while running the game with an emulator. I read the basics about this MIPS COFF symbol format but it's complex for me to fully understand it.

Initially, I was interested in unlocking the framerate of the game to 60 FPS as I have already done this to other games but I didn't manage to do it. You may think this is crazy because the original game could not even mantain a solid 30FPS, but I modded the PCSX-R emulator with an increased emulated CPU speed and thanks to that a lot of games are running at solid internal/fixed FPS, with the Driver series included.

Right now with some basic modding is enough for me, so can you please share your tool (if you used one) or post a link/document that was helpful for you to decode the source code you posted?

Thanks in advance.

Posted: **Tue Dec 22, 2015 10:12 pm**

Those of you who use IDA Pro can use this auto-generated script I made for applying all function names:

https://dl.dropboxusercontent.com/u/691 ... _names.idc

Simply load the SLES_029.97 file into IDA, then load this script file. Ignore any "already exists" errors, just click OK.

Posted: **Mon Jan 18, 2016 2:15 pm**

How did you get this?

Posted: **Mon Jan 18, 2016 2:18 pm**

Wheels wrote:How did you get this?

By having intelligence, something you lack apparently.
Read the OP.

Posted: **Mon Jan 18, 2016 2:24 pm**

PostalDude wrote:
Wheels wrote:How did you get this?
By having intelligence, something you lack apparently.
Read the OP.

Why do you have to be an asshole about everything? What the hell did I even do to you to get what you give me?

Posted: **Mon Jan 18, 2016 2:27 pm**

Wheels wrote:
PostalDude wrote:
Wheels wrote:How did you get this?
By having intelligence, something you lack apparently.
Read the OP.
Why do you have to be an asshole about everything? What the hell did I even do to you to get what you give me?

All that BS before Skylabh temp banned you.

Posted: **Mon Jan 18, 2016 2:29 pm**

PostalDude wrote: All that BS before Skylabh temp banned you.

I'm talking about before he banned me, and before all that "BS". I had actually just joined when you were being a dick to everyone.

Driver Madness

Driver 2 - game binary symbols discovered?

Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?

Re: Driver 2 - game binary symbols discovered?