Symbols - sepalani/MHTrIDA GitHub Wiki

There are no known symbol maps for the game but we can recover some symbols via other ways. Most of them involve using Dolphin debugger.

Signature database

Dolphin emulator can generate DSY signature and apply DSY/MEGA signature database to existing symbols. If they match, it will rename it. However, keep in mind that it can produce tons of false-positive!

DSY signature

This is Dolphin's signature format for its signature database. To find symbols matching its signature database:

  • In Dolphin's menu: Symbols > Generate Symbols From > Signature Database
  • If you want to use another DSY file: Symbols > Apply Signature File...

MEGA signature

Megazig's WiiTools can generate MEGA signature. These MEGA files can also be loaded in Dolphin:

  • Symbols > Apply Signature File... and select WiiTools Signature MEGA File in the file format dropdown

Known functions

Common functions like system calls or dynamically linked functions can be retrieved as well.

RSO modules

RSO modules are shared objects like DLL files on Windows and SO files on Linux. Dolphin can detect them and load the whole chain as long as it finds one active RSO module:

  • Symbols > Generate Symbols From > RSO Modules
    • If there is a match, pick the module you want (it will retrieve the whole chain from it)
    • In most cases, it shouldn't matter which one you pick

IOS calls

Syscalls are done via IOS. Interesting IOS functions can help us identify functions.

Example (SO module):

  • IOS_Open opens /dev/net/ip/top
  • Its file descriptor is passed to IOS_Ioctl/IOS_Ioctlv with a request number
  • Based on the device and the request number, you can retrieve socket functions

Logs

Dolphin can produce helpful logs from the game including when the game logs debug messages.

  • Logs can be configured under the Log Configurations widget.
    • This widget can be displayed/hidden via the menu View > Show Log Configurations.
    • I usually set the verbosity level to Info
  • Then, the log messages themselves are displayed under the Log widget.
  • The log types I often use are:
    • FILEMON, monitor files access by the game
    • IOS_NET/IOS_SSL/IOS_WC24, network related syscalls
    • MI, for breakpoint logs
    • OSHLE/SYMBOLS, for symbols and HLE patching
    • OSREPORT/OSREPORT_HLE, for debug messages

Breakpoint logs

When creating a breakpoint from the Breakpoints widget with Write to Log enabled, it generates a log for the Memory Interface & Memory Map (MI) log type.

OSReport/HLE logs

Debug messages can be sent by the game via the OSReport function if logging wasn't disabled by the game developers. If these debug messages are still there but sent to a function that's stripped (i.e. to remove OSReport call), Dolphin can still log them using HLE. If specific symbols are detected: printf, ___blank, OSReport, and others, Dolphin uses some heuristic to retrieve the debug message when possible. The side-effect of this method is that it might log the same debug messages multiple times.

Strings

The game uses SHIFT-JS and UTF-8 encoded strings. Debug messages might be printed by logging functions but that's not always the case. Some strings have error messages with the function name where they come from. Some tools like Ghidra/IDA can discover some of these strings with a simple analysis. There are some cases where this analysis method won't work reliably, especially for SHIFT-JS strings in Ghidra, for instance. A hex editor with these encodings support (ex: MadEdit) can be used instead.

Samples of these strings can be found in these pages:

  • DEBUG.MD, some were auto-detected and aren't 100% accurate
  • PAT.MD, they are from the games' packet table (some are regional-exclusive variants).