Debug symbols are normally a rare treasure sought by reverse engineers from prototypes and beta versions of games, however in the early years of the PS2 it was common for debug symbols to be left in the retail version of the games!
This is amazing for any PS2 reversers who want an easy project to start with as all the function names are in plain text and all that needs to be done is disassemble the executable!
This is a constantly updating list of the retail Playstation 2 games with debug symbols left behind by their developers, most of them are in the executables themselves, which are standard ELF format files!
Prototype games are even more likely to contain debug symbols as they are intended for either testing or journalistic usage, thus having the symbols available would help the developers fix bugs before the final retail release. The table below is an incomplete list of prototypes that have debug symbols, if you know any more please let us know!
Game Name | Map File | Notes |
---|---|---|
Resident Evil 4 (Review, Aug 27 2005) | SLPS_000.00 | .mdebug section includes functions/structures for the main executable. |
Silent Hill 2 (E3 prototype, May 1 2001) | SLPM_123.45 | .debug section includes functions/structures for both main executable & per-level overlays. |
Silent Hill 2 (0.10 prototype, Jul 13 2001) | SLUS_202.28 | .debug section includes functions/structures for both main executable & per-level overlays. |
Silent Hill 4 (E3 prototype, Apr 16 2004) | SLUS_208.73 | .debug section includes functions/structures for both main executable & per-level overlays. |
If your game is not listed in the retail game list above then fear not, there is still a chance that debug symbols are available for a demo of the game. We have a separate page listing all the PS2 Demos with Debug Symbols.
PS2 Demos with Debug Symbols
For the Demo games with debug symbols check out this post.
sp193
on Assembler Games mentions that the Sound module also has debug information in it 3:
The OSDSND module from the Protokernel boot ROM (SCPH-10000 and SCPH-15000) also has debugging information left over in it. This module is actually the tentative sound driver library (librspu2) that was mentioned within the SONY SDK, and was the predecessor to libsd. The funny thing is that the one in the expansion-bay boot ROMs is newer than the one that comes in the Sony PS2SDK (even in release v3.02).
l_oliveira on the same Assembler Games forum topic states that most of the games with debug symbols were compiled with the earlier 2.x.x SDK rather than the later 3.x.x SDK 3. He then goes on to mention an interesting tidbit about Arcade code still having debug symbols in it, even when they strip the Ps2 version of the same game (e.g Konami).
Also the IRX I/O processor modules rarely if ever have any debug symbols due to most games not developing their own IOP modules and the limit of the 2MB memory for the modules 3.
Piposaru 2001 contains two IOPRP*.IMG files (IOPRP205.IMG and IOPRP214.IMG) so presumably both 2.0.5 and 2.1.4 versions of the PS2SDK were used during development. In the MCMAN.IRX the string PsIImcman 2020
exists which suggests it was built using PS2SDK version 2.0.2. In the main binary elf file it also mentions PsIIlibkernl2050
again suggesting 2.0.5. I have marked the game as using 2.1.4 since that is the most recent version used.
This list is kind of odd, it is for games that do not contains debug symbols but may also be of interest to reverse engineers due to certain characteristics.
Game | Developer | Release Date | Ps2 SDK | Source |
---|---|---|---|---|
Ridge Racer V | Namco |
4th March 2000 | PS2SDK 1.5.0 | Uses very early SDK |
Bloody Roar 4 | Hudson Soft, Eighting |
11th November 2003 | PS2SDK 2.8.0 | Has Renderware SDK 3.5 in DUMMY folder |
Xenosaga Episode II - Jenseits von Gut und Boese (Europe) | Monolith Soft |
24th June 2004 | PS2SDK 2.7.1 | No symbols but we can compare to Episode I which does have symbols |
Unlike most other games consoles, the PS2 executables are standard ELF files without any sort of encryption or compression. This means the format is very well documented around the web and also most tool that support ELF executables should work.
The ELF file format contains a bunch of sections, most are common across different platforms.
Some PS2 executable files contain a .mdebug section, which is an extended symbol table intended for use with certain versions of gdb. It contains rich debugging information in the STABS format such as complete data type definitions, function information (parameters, local variables, the return type), global variables, and more.
The Chaos Compiler Collection can be used to extract this information, either as C++ code or as a JSON file that can then be imported into Ghidra using the provided extension.
Woah! This is awesome, anyone interested in #Playstation2 reversing should check this out https://t.co/W5WgaCbLgF
— RetroReversing.com - Reverse Retro Games (@RetroReversing) September 19, 2020