News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Dragon Warrior 1, 2 & 3 Hacking Discussion  (Read 148955 times)

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #260 on: July 28, 2020, 07:57:57 pm »
(removed wrong advice)
« Last Edit: August 01, 2020, 08:29:40 am by storall »

scarlet

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #261 on: July 28, 2020, 10:08:57 pm »
Well, I'm not wiping your snots and showing respect while giving answers  >:D

Ask your questions about what you still don't understand if you want to get this thing done.

Or you can wait for abw to come here once a day, I don't really care.

One of the greatest growth points for a software engineer is when they learn both the value of being kind while giving feedback, and how to do it. 

Choppasmith

  • Full Member
  • ***
  • Posts: 190
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #262 on: July 29, 2020, 01:52:24 am »
@Chicken Knife
Found 'ERDRICK' without too much effort. Here's what I did as a cluebook:
- Turn on 'Code Data Logger'
- Enter 'ERDRICK' as name
- Put cursor on 'END'
- Turn on 'Trace Logger'
- Press enter
- 'INPUT YOUR NAME!'
- Turn off 'Trace Logger'


From the earlier clues in this thread, I know to look at $0009-000F for name. I searched for $000F since it's ERDRIC(K) and found 1 hit.

Your name check is in bank $06:Bxxx. And it's hard-coded asm.
I’m confused, is is it not at x00AA73 as mentioned on Data Crystal?
https://datacrystal.romhacking.net/wiki/Dragon_Warrior_III:ROM_map#Text

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #263 on: July 29, 2020, 07:37:56 am »
(removed wrong advice)
« Last Edit: August 01, 2020, 08:29:57 am by storall »

abw

  • Hero Member
  • *****
  • Posts: 554
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #264 on: July 29, 2020, 09:18:07 am »
Come on now, can't we all just get along here?

Chicken Knife, Cyneprepou4uk is trying to help, and freely offered assistance is not something to be tossed aside lightly. Cyneprepou4uk, Chicken Knife is making an effort to learn and grow, which is something worth encouraging, and has been making progress over a decent period of time while working on multiple fronts. I think I get where you're coming from, and I know it can be frustrating when other people have difficulty with things that come easily to you, but ask yourself whether belittling them really results in the outcome you wish to achieve. Conversely, Chicken Knife, you've got access to all the tools and information you need to figure out what an unfamiliar block of code does; spending a little more time getting familiar with the tools and absorbing the information will make you both more efficient and more effective at working with code.



As for tracking down this particular bit of code, another approach you could try is making one trace log with "Erdrick" and one trace log with some other name and then comparing the trace logs to find out where they differ; it's not an exact process since there could be unrelated differences (particularly due to timing), but if you can narrow down the range of what you log (e.g. by setting some useful breakpoints before and after the difference you're trying to detect), it can be quite useful.

I’m confused, is is it not at x00AA73 as mentioned on Data Crystal?
https://datacrystal.romhacking.net/wiki/Dragon_Warrior_III:ROM_map#Text
Yeah, that was my first guess too, but it turns out that the code for checking the player name does not rely on that string in any way, so we had to go searching for the code.

Darrman

  • Jr. Member
  • **
  • Posts: 17
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #265 on: July 29, 2020, 11:45:30 am »
I had actually removed the Erdrick restriction for myself a while ago.

http://www.romhacking.net/hacks/5162/

I left some notes in the download if anyone felt like modifying the check for themselves.

I've copied them here for convenience. They're inside the spoiler.

Spoiler:
Code: [Select]
RAM 0x09 = first letter of name select, break on read here
see rhdn for table
offsets are at the start of the opcode, not necessarily where the exact number is
findings using fceux debugger
check if your name is "erdrick" and get mad if so:
letter 1:
1bc1a = compare $29; E
1bc1e = compare $0F; e
if true jump to ram $bc13 - letter 2
otherwise rts and proceed
letter 2:
increment x
load appropriate byte for current letter
compare with the listed byte below, continue on if true
this repeats for the remaining letters
1bc26 = $36; R
1bc2a = $1c; r
letter 3:
1bc32 = $28; D
1bc36 = $0e; d
letter 4:
1bc3e = $36; R
1bc42 = $1c; r
letter 5:
1bc4a = $2d; I
1bc4e = $13; i
letter 6:
1bc56 = $27; C
1bc5a = $0d; c
letter 7:
1bc62 = $2f; K
1bc66 = $15; k
if things are still true at this point,
jump to ram $bc5b
x is incremented and compared to 0x8
if it's not 8, branch to $bc61
if it is, return; hence "erdrick " is fine
load letter 8 into a, if it's zero, jump to ram $bc5b
this time x will equal 8, so it returns
by this time the game's determined you've tried to name erdrick "erdrick" and it gets annoyed and pops up a message shouting "INPUT YOUR NAME!" emphasis on "YOUR", presumably

there's probably a more elegant way to change this, but i just simply zeroed out all the comparisons
if you want to block a different name, leave any excess letters zeroed out
say you want to negate "loto" instead, then change the first four letters to correspond to that, and set the other three to zero
if you want to block an eight character name, you're out of luck without some actual modifications to the code

(Disclaimer: I know very little about ASM.)

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #266 on: July 29, 2020, 12:09:45 pm »
(removed wrong advice)
« Last Edit: August 01, 2020, 08:30:07 am by storall »

Chicken Knife

  • Sr. Member
  • ****
  • Posts: 456
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #267 on: July 30, 2020, 12:52:42 am »
From the earlier clues in this thread, I know to look at $0009-000F for name. I searched for $000F since it's ERDRIC(K) and found 1 hit.
storall, thank you for chiming in with help! Following along with your suggestions, I get lost at this part. What are you searching in for 000F, the trace log? I get zero hits when I search that in mine.

Chicken Knife, Cyneprepou4uk is trying to help, and freely offered assistance is not something to be tossed aside lightly.
abw, the weight of that was not lost on me. I was--and am--grateful for the Cyneprepou4uk's initiative to help. I am still open to that help, but between the stress coming from this challenge and life's other significant stressors at this time, a belittling tone is something I can't just brush off and live with. That parting ways comment was made because I thought Cyneprepou4uk made it pretty clear that he is not willing to try to improve his communication. I'd be delighted if that turns out to not be the case.

As for tracking down this particular bit of code, another approach you could try is making one trace log with "Erdrick" and one trace log with some other name and then comparing the trace logs to find out where they differ; it's not an exact process since there could be unrelated differences (particularly due to timing), but if you can narrow down the range of what you log (e.g. by setting some useful breakpoints before and after the difference you're trying to detect), it can be quite useful.
So I did exactly this, and invested time in comparing the two logs side by side, starting from the bottom. The bottom 25% or so of the 140k lines seemed to match beyond the minor variances you mention. The changes in indentation for the right columns make comparison pretty simple. I'm kind of curious what causes those changes. But in any case, once I got about 25% up the log, I found this section that varies, and it seemed to potentially deal with the same RAM address that storall mentioned above. Here's the section I'm referring to with the code from the ERDRICK input first, followed by the same section of code (matching beginning and end) from an ABC name input.

Code: [Select]
(From ERDRICK input)

---------------------------
f8745   A:FF X:02 Y:04 S:D0 P:nvUbdIZc                $B722:BD 73 04  LDA $0473,X @ $0475 = #$A7
f8745   A:A7 X:02 Y:04 S:D0 P:NvUbdIzc                $B725:B0 02     BCS $B729
f8745   A:A7 X:02 Y:04 S:D0 P:NvUbdIzc                $B727:30 50     BMI $B779
f8745   A:A7 X:02 Y:04 S:D0 P:NvUbdIzc                $B779:60        RTS (from $B71F) ---------------------------
f8745   A:A7 X:02 Y:04 S:D2 P:NvUbdIzc              $B419:20 49 B4  JSR $B449
f8745   A:A7 X:02 Y:04 S:D0 P:NvUbdIzc                $B449:8E F1 06  STX $06F1 = #$00
f8745   A:A7 X:02 Y:04 S:D0 P:NvUbdIzc                $B44C:B5 F7     LDA $F7,X @ $00F9 = #$07
f8745   A:07 X:02 Y:04 S:D0 P:nvUbdIzc                $B44E:10 28     BPL $B478
f8745   A:07 X:02 Y:04 S:D0 P:nvUbdIzc                $B478:98        TYA
f8745   A:04 X:02 Y:04 S:D0 P:nvUbdIzc                $B479:48        PHA
f8745   A:04 X:02 Y:04 S:CF P:nvUbdIzc                 $B47A:B4 F6     LDY $F6,X @ $00F8 = #$44
f8745   A:04 X:02 Y:44 S:CF P:nvUbdIzc                 $B47C:B9 6B 81  LDA $816B,Y @ $81AF = #$4D
f8745   A:4D X:02 Y:44 S:CF P:nvUbdIzc                 $B47F:85 E0     STA $00E0 = #$09
f8745   A:4D X:02 Y:44 S:CF P:nvUbdIzc                 $B481:B9 6C 81  LDA $816C,Y @ $81B0 = #$84
f8745   A:84 X:02 Y:44 S:CF P:NvUbdIzc                 $B484:85 E1     STA $00E1 = #$00
f8745   A:84 X:02 Y:44 S:CF P:NvUbdIzc                 $B486:B4 F7     LDY $F7,X @ $00F9 = #$07
f8745   A:84 X:02 Y:07 S:CF P:nvUbdIzc                 $B488:B1 E0     LDA ($E0),Y @ $8454 = #$B9
f8745   A:B9 X:02 Y:07 S:CF P:NvUbdIzc                 $B48A:C9 30     CMP #$30
f8745   A:B9 X:02 Y:07 S:CF P:NvUbdIzC                 $B48C:B0 05     BCS $B493
f8745   A:B9 X:02 Y:07 S:CF P:NvUbdIzC                 $B493:F6 F7     INC $F7,X @ $00F9 = #$07
f8745   A:B9 X:02 Y:07 S:CF P:nvUbdIzC                 $B495:AA        TAX
f8745   A:B9 X:B9 Y:07 S:CF P:NvUbdIzC                 $B496:68        PLA
f8745   A:04 X:B9 Y:07 S:D0 P:nvUbdIzC                $B497:A8        TAY
f8745   A:04 X:B9 Y:04 S:D0 P:nvUbdIzC                $B498:B0 BE     BCS $B458
f8745   A:04 X:B9 Y:04 S:D0 P:nvUbdIzC                $B458:8A        TXA
f8745   A:B9 X:B9 Y:04 S:D0 P:NvUbdIzC                $B459:AE F1 06  LDX $06F1 = #$02
f8745   A:B9 X:02 Y:04 S:D0 P:nvUbdIzC                $B45C:E0 08     CPX #$08
f8745   A:B9 X:02 Y:04 S:D0 P:NvUbdIzc                $B45E:AA        TAX
f8745   A:B9 X:B9 Y:04 S:D0 P:NvUbdIzc                $B45F:B0 13     BCS $B474
f8745   A:B9 X:B9 Y:04 S:D0 P:NvUbdIzc                $B461:29 0F     AND #$0F
f8745   A:09 X:B9 Y:04 S:D0 P:nvUbdIzc                $B463:85 E1     STA $00E1 = #$84
f8745   A:09 X:B9 Y:04 S:D0 P:nvUbdIzc                $B465:AD 7F 04  LDA $047F = #$10
f8745   A:10 X:B9 Y:04 S:D0 P:nvUbdIzc                $B468:85 E0     STA $00E0 = #$4D
f8745   A:10 X:B9 Y:04 S:D0 P:nvUbdIzc                $B46A:20 54 B8  JSR $B854

(From ABC Input)

---------------------------
f10077  A:FF X:02 Y:04 S:D0 P:nvUbdIZc                $B722:BD 73 04  LDA $0473,X @ $0475 = #$A5
f10077  A:A5 X:02 Y:04 S:D0 P:NvUbdIzc                $B725:B0 02     BCS $B729
f10077  A:A5 X:02 Y:04 S:D0 P:NvUbdIzc                $B727:30 50     BMI $B779
f10077  A:A5 X:02 Y:04 S:D0 P:NvUbdIzc                $B779:60        RTS (from $B71F) ---------------------------
f10077  A:A5 X:02 Y:04 S:D2 P:NvUbdIzc              $B419:20 49 B4  JSR $B449
f10077  A:A5 X:02 Y:04 S:D0 P:NvUbdIzc                $B449:8E F1 06  STX $06F1 = #$00
f10077  A:A5 X:02 Y:04 S:D0 P:NvUbdIzc                $B44C:B5 F7     LDA $F7,X @ $00F9 = #$FE
f10077  A:FE X:02 Y:04 S:D0 P:NvUbdIzc                $B44E:10 28     BPL $B478
f10077  A:FE X:02 Y:04 S:D0 P:NvUbdIzc                $B450:A2 30     LDX #$30
f10077  A:FE X:30 Y:04 S:D0 P:nvUbdIzc                $B452:C9 FF     CMP #$FF
f10077  A:FE X:30 Y:04 S:D0 P:NvUbdIzc                $B454:F0 02     BEQ $B458
f10077  A:FE X:30 Y:04 S:D0 P:NvUbdIzc                $B456:A2 32     LDX #$32
f10077  A:FE X:32 Y:04 S:D0 P:nvUbdIzc                $B458:8A        TXA
f10077  A:32 X:32 Y:04 S:D0 P:nvUbdIzc                $B459:AE F1 06  LDX $06F1 = #$02
f10077  A:32 X:02 Y:04 S:D0 P:nvUbdIzc                $B45C:E0 08     CPX #$08
f10077  A:32 X:02 Y:04 S:D0 P:NvUbdIzc                $B45E:AA        TAX
f10077  A:32 X:32 Y:04 S:D0 P:nvUbdIzc                $B45F:B0 13     BCS $B474
f10077  A:32 X:32 Y:04 S:D0 P:nvUbdIzc                $B461:29 0F     AND #$0F
f10077  A:02 X:32 Y:04 S:D0 P:nvUbdIzc                $B463:85 E1     STA $00E1 = #$00
f10077  A:02 X:32 Y:04 S:D0 P:nvUbdIzc                $B465:AD 7F 04  LDA $047F = #$90
f10077  A:90 X:32 Y:04 S:D0 P:NvUbdIzc                $B468:85 E0     STA $00E0 = #$02
f10077  A:90 X:32 Y:04 S:D0 P:NvUbdIzc                $B46A:20 54 B8  JSR $B854
Is this an example of what I'm looking for? Hopefully I'm not a million miles away this time. My temptation would be to find that code in the rom and start playing around with it. Any other suggestions for what I can meaningfully do next other than just randomly playing around with the data in that section of the ram/rom? Random experimentation has served me well so far, but I'd like to learn the more efficient methods.

Conversely, Chicken Knife, you've got access to all the tools and information you need to figure out what an unfamiliar block of code does; spending a little more time getting familiar with the tools and absorbing the information will make you both more efficient and more effective at working with code.
Always looking for more of this stuff. I've found some youtube videos infinitely helpful in the past. The combination of hearing an explanation and seeing things done visually has worked wonders for me. I haven't found much in that format (or any other format, tbh) for Trace Logger activity specifically. I'm curious if you or others have any suggestions that would help me learn to look at the flow of code in the trace log and glean a sense of what it pertains to. I can read through the individual operations, looking up the ones I'm foggy on, but I seem to have an almost impossible time seeing the forest through the trees. I'm not sure what would help me with that, and I'm very much open to suggestions.

I had actually removed the Erdrick restriction for myself a while ago.

http://www.romhacking.net/hacks/5162/

I left some notes in the download if anyone felt like modifying the check for themselves.

I've copied them here for convenience. They're inside the spoiler.
Darrman, I thank you for your eagerness to help. As storall says, I do want to go through the steps of finding this, arduous as they may be, so I am opting not to look closely at what you shared for now. I figure that a relatively small item to fix like this provides a better learning opportunity than some of the more complex things I want to mess with soon after, so I want to stick to the processes that others have recommended.
« Last Edit: July 30, 2020, 01:06:24 am by Chicken Knife »

Cyneprepou4uk

  • Hero Member
  • *****
  • Posts: 504
  • I am the baldest romhacker
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #268 on: July 30, 2020, 06:13:24 am »
This code that you posted doesn't look like name checking either. Code you are looking for has to load/compare values from 0009-000F. At least post code that does it.

Searching for 000F in log is a good approach. You couldn't find it because your log probably wasn't correct, but I can't tell what it is exactly. Try searching for other addresses from the range.

Log comparsion is also a good approach, but logs should be as equal as possible to make it easier for you. Write Erdrick and move cursor to End or something, pause emulator and make a savestate. Then manually change the last character in ram to a different byte and save to another savestate while still paused. Don't unpause, disable breakpoints, load save, launch log, hold confirm button, press frame advance hotkey several times for tracer to do his stuff. Save log, and do the same with another savestate, then compare 2 logs. Search for where instructions begin to differ.

You can mix it up with code/data logger. Clear it and run it before hitting End, hold turbo hotkey to speed up, wait until it stops finding new data, pause cdlogger but don't close it, and enable "only log new code" checkmark in tracer. Log will be much lighter.

And you still have my way of doing things.
Quote
While entering a name, set read breakpoint to 0009, and forbid every location where it triggers. Then confirm entered name, and one of the new breakpoint hits is gonna be what you are looking for.
Post screenshots from debugger of these new hits, and I can tell which one is correct.
« Last Edit: July 30, 2020, 06:47:33 am by Cyneprepou4uk »
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #269 on: July 30, 2020, 09:08:10 am »
(removed wrong advice)
« Last Edit: August 01, 2020, 08:30:21 am by storall »

Cyneprepou4uk

  • Hero Member
  • *****
  • Posts: 504
  • I am the baldest romhacker
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #270 on: July 31, 2020, 05:39:57 am »
I tried to find this code myself, and the very first hit of 000F breakpoint when I clicked End hits the spot. So I don't know what all the fuss is about.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #271 on: July 31, 2020, 08:33:28 am »
(low-quality post; content removed)
« Last Edit: August 01, 2020, 11:29:14 am by storall »

Chicken Knife

  • Sr. Member
  • ****
  • Posts: 456
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #272 on: August 01, 2020, 12:06:08 am »
Guys, sorry I can take a couple days to get back. Full time job, full time dad, other obligations, etc. With something I find really unfamiliar and challenging like this, I need at least a couple hours to totally focus on what I'm doing, along with being in the right mental state. It's not like script and graphics stuff that I can work on in much smaller chunks of time or in a less than ideal condition.

But I have some great news to report.

Quote
Log comparsion is also a good approach, but logs should be as equal as possible to make it easier for you. Write Erdrick and move cursor to End or something, pause emulator and make a savestate. Then manually change the last character in ram to a different byte and save to another savestate while still paused. Don't unpause, disable breakpoints, load save, launch log, hold confirm button, press frame advance hotkey several times for tracer to do his stuff. Save log, and do the same with another savestate, then compare 2 logs. Search for where instructions begin to differ.
This advice from Cyneprepou4uk was extremely helpful. Thank you! I was able to use it to create logs that exactly matched other than the points of divergence. And voila, I found the code:

Code: [Select]
f15769  A:B7 X:00 Y:70 S:EC P:NvUBdIzC                    $BB26:20 FB BB  JSR $BBFB
f15769  A:B7 X:00 Y:70 S:EA P:NvUBdIzC                      $BBFB:A2 00     LDX #$00
f15769  A:B7 X:00 Y:70 S:EA P:nvUBdIZC                      $BBFD:B5 09     LDA $09,X @ $0009 = #$29
f15769  A:29 X:00 Y:70 S:EA P:nvUBdIzC                      $BBFF:C9 00     CMP #$00
f15769  A:29 X:00 Y:70 S:EA P:nvUBdIzC                      $BC01:D0 07     BNE $BC0A
f15769  A:29 X:00 Y:70 S:EA P:nvUBdIzC                      $BC0A:C9 29     CMP #$29
f15769  A:29 X:00 Y:70 S:EA P:nvUBdIZC                      $BC0C:F0 05     BEQ $BC13
f15769  A:29 X:00 Y:70 S:EA P:nvUBdIZC                      $BC13:E8        INX
f15769  A:29 X:01 Y:70 S:EA P:nvUBdIzC                      $BC14:B5 09     LDA $09,X @ $000A = #$36
f15769  A:36 X:01 Y:70 S:EA P:nvUBdIzC                      $BC16:C9 36     CMP #$36
f15769  A:36 X:01 Y:70 S:EA P:nvUBdIZC                      $BC18:F0 05     BEQ $BC1F
f15769  A:36 X:01 Y:70 S:EA P:nvUBdIZC                      $BC1F:E8        INX
f15769  A:36 X:02 Y:70 S:EA P:nvUBdIzC                      $BC20:B5 09     LDA $09,X @ $000B = #$28
f15769  A:28 X:02 Y:70 S:EA P:nvUBdIzC                      $BC22:C9 28     CMP #$28
f15769  A:28 X:02 Y:70 S:EA P:nvUBdIZC                      $BC24:F0 05     BEQ $BC2B
f15769  A:28 X:02 Y:70 S:EA P:nvUBdIZC                      $BC2B:E8        INX
f15769  A:28 X:03 Y:70 S:EA P:nvUBdIzC                      $BC2C:B5 09     LDA $09,X @ $000C = #$36
f15769  A:36 X:03 Y:70 S:EA P:nvUBdIzC                      $BC2E:C9 36     CMP #$36
f15769  A:36 X:03 Y:70 S:EA P:nvUBdIZC                      $BC30:F0 05     BEQ $BC37
f15769  A:36 X:03 Y:70 S:EA P:nvUBdIZC                      $BC37:E8        INX
f15769  A:36 X:04 Y:70 S:EA P:nvUBdIzC                      $BC38:B5 09     LDA $09,X @ $000D = #$2D
f15769  A:2D X:04 Y:70 S:EA P:nvUBdIzC                      $BC3A:C9 2D     CMP #$2D
f15769  A:2D X:04 Y:70 S:EA P:nvUBdIZC                      $BC3C:F0 05     BEQ $BC43
f15769  A:2D X:04 Y:70 S:EA P:nvUBdIZC                      $BC43:E8        INX
f15769  A:2D X:05 Y:70 S:EA P:nvUBdIzC                      $BC44:B5 09     LDA $09,X @ $000E = #$27
f15769  A:27 X:05 Y:70 S:EA P:nvUBdIzC                      $BC46:C9 27     CMP #$27
f15769  A:27 X:05 Y:70 S:EA P:nvUBdIZC                      $BC48:F0 05     BEQ $BC4F
f15769  A:27 X:05 Y:70 S:EA P:nvUBdIZC                      $BC4F:E8        INX
Breakpoint 0 Hit at $BC50: $000F:ECR---
This time I don't have to ask if this is the right stuff because I used it to replace the ERDRICK/erdrick comparison with ROTO/roto[00][00][00].

And it works, hallelujah!

But the best part wasn't the result, it was the feeling as if scales had fallen from my eyes when I analyzed the flow of code and actually understood what it was doing with the CMP and BEQ commands.

I'm sure i'll be drowning in confusion a thousand times over with this stuff as time goes on, but that epiphany feeling was huge. I really appreciate everyone's support through this process of discovery.

Quote
While entering a name, set read breakpoint to 0009, and forbid every location where it triggers. Then confirm entered name, and one of the new breakpoint hits is gonna be what you are looking for.
Cyneprepou4uk, I'm still very foggy on the forbid concept. I don't really understand what I would have plugged in as forbid breakpoints according to your method. What exactly is being forbidden? You say to forbid every location where it triggers? I really don't understand that at all, and a longer explanation would be appreciated so that I can use this technique in the future.

Quote
Which is why I'm not understanding what part of the process is there some miscommunication. Thinking we must be overlooking some basic part of the debugging procedure that Chicken Knife is getting tripped up on (and we take for granted).
And to answer this question, storall, the biggest problem for me was simply being confronted by appx 150,000 lines of almost completely unfamiliar code in trace logs with only the vaguest idea of what I was looking for. The comparison process where all the timing stuff matches was really helpful, but after finding what I wanted (essentially right before and after the first breakpoint trigger) the location of it seemed kind of obvious. It was a million miles away from obvious before I found it, so what can I say? Like most of the other things I've learned so far in romhacking, before you understand it, it seems impossible. And after you understand it, it seems kind of easy and you can't believe you found it so difficult.

Anyway, I think I want to take a look at the next thing: disabling the code that causes you to earn an extra 25% gold and experience from defeating monsters in the English version. To approach this, I imagine I would initiate the trace log recording exactly after defeating enemies and earning the reward, but more specificity there would probably help. I could probably set up matching trace logs between the Japanese and English versions for comparison purposes, although I wouldn't have the luxury of doing the save state thing for a perfect syncing of trace logs. Next, I'm not sure what the code would look like that does this, but I imagine some kind of arithmetic is involved. Any advice or tips would be helpful. If everyone remains feeling generous, I'd love a similar kind of support that helps me along with the investigative process without handing me the answer.

Thank you all again!
« Last Edit: August 01, 2020, 12:47:00 am by Chicken Knife »

Cyneprepou4uk

  • Hero Member
  • *****
  • Posts: 504
  • I am the baldest romhacker
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #273 on: August 01, 2020, 04:17:53 am »
Quote
The part that wasn't so easy was getting 10,000 hits on that breakpoint and not being able to make heads or tails of which one was relevant.

I assumed that you got a bunch of unrelevant hits during name input, so forbidding them would disable those hits while still having read breakpoint enabled, which would reveal a proper hit after clicking End since code for checking name must be in a different location.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Chicken Knife

  • Sr. Member
  • ****
  • Posts: 456
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #274 on: August 01, 2020, 09:09:08 am »
I assumed that you got a bunch of unrelevant hits during name input, so forbidding them would disable those hits while still having read breakpoint enabled, which would reveal a proper hit after clicking End since code for checking name must be in a different location.
Two questions.

What bytes would I potentially key in for the forbids? Is it the code address in ram that's doing the reading resulting in the bad hit?

Also, I assume that the only way I would know they are bad hits is if I am able to sift through the code and come to that conclusion. So forbid entries are only valuable if I am able to conclusively determine that. It's just a way of skipping past the stuff that you know is wrong in order to more quickly arrive at the right one, correct?
« Last Edit: August 01, 2020, 09:14:29 am by Chicken Knife »

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #275 on: August 01, 2020, 10:12:30 am »
I feel like a bad educator; one more chance.

(low-quality post; content removed)
« Last Edit: August 01, 2020, 11:28:50 am by storall »

Chicken Knife

  • Sr. Member
  • ****
  • Posts: 456
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #276 on: August 01, 2020, 10:35:35 am »
I feel like a bad educator; one more chance.

---------------

How to make 150% exp

1. Find ram address (wiki, cheats, search)
2. Save game before killing monster
3. Put 'Write' breakpoint on addr
4. Play game. Trigger.
5. Add code (lda - lsr - ... - sta)


You likely know this already and this portion will wipe in few days.

----------------

How to make forbid breakpoint

1. Enter DW3 name screen
2. Add breakpoint 1 ($09 - read)
3. Trigger.
4. $06:BA39 = no. Discard.
5. Edit breakpoint 1 (forbid = yes, condition: K==#6&&P==$BA39)
6. Repeat until debugger quiet

----------------

If post self-rated low quality, will wipe later.

----------------

Yes.
storall, don't sweat imperfection! Any help is good help. It's very hard for me to perfectly convey and for you guys to perfectly understand every nuance of what I grasp and what I don't grasp at any given point. I think this is more of a throw it to the wall and see what sticks situation.

For the gold/xp calculation, i'm not looking to increase the reward to 150%. I'm looking to remove the 25% boost already present in the English localization of the game that was not present in the Japanese version. If you look up monster gold and xp values in the game, they reflect the Japanese values, but the game is applying an algorithm to increase them. For my delocalized project, I'll include an optional patch to revert the earning rates back to that of the standard English versions, but I want the base patch to have the Japanese earning rates and therefore be a little grindier. Since it seems like I'll be removing code here, your last step wouldn't seem to apply: 5. Add code (lda - lsr - ... - sta). But if it did apply, I would assume that there may not be space for adding code. That would require me to make use of an assembler, no? If I'm removing code, I could potentially replace the removed code with NOP instructions, right?

And thank you for the forbid steps. I'll have to play with that and see if I can get it working.

Cyneprepou4uk

  • Hero Member
  • *****
  • Posts: 504
  • I am the baldest romhacker
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #277 on: August 01, 2020, 10:51:01 am »
Two questions.

What bytes would I potentially key in for the forbids? Is it the code address in ram that's doing the reading resulting in the bad hit?

Also, I assume that the only way I would know they are bad hits is if I am able to sift through the code and come to that conclusion. So forbid entries are only valuable if I am able to conclusively determine that. It's just a way of skipping past the stuff that you know is wrong in order to more quickly arrive at the right one, correct?

Not sure I understand the first question. Rephrase it.



Yes, usually you need to look at the code to decide that. But sometimes you need to be guided by logic. Some ingame checks, like name checking for example, is very unlikely executed every single frame, it has to do so only after pressing End. Which means that all other breakpoint hits that you could encounter before pressing End are unrelevant by default.

Forbidding doesn't always work. In worst cases you don't encounter new hits after forbidding everything when you perform some action in the game. Which means that one of those forbidden locations was actually correct. Then you need to unforbid them one by one and test them by changing code, byte in ram, etc.



Quote
5. Edit breakpoint 1 (forbid = yes
Forbid checkmark disables RWX condition, so creating such a breakpoint is useless. Not to mention that forbid only works for code execution location, and not for reading/writing.
« Last Edit: August 01, 2020, 10:59:23 am by Cyneprepou4uk »
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

storall

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #278 on: August 01, 2020, 11:19:14 am »
Quote
Forbid checkmark disables RWX condition, so creating such a breakpoint is useless. Not to mention that forbid only works for code execution location, and not for reading/writing.

Right, I'm being a moron. I'll redo the guide.


How to make forbid breakpoint

1. Enter DW3 name screen

2. Add breakpoint ($09 - read)
3. Trigger.
4. $06:BA39 = no I don't want this. discard.
5. Edit breakpoint
- forbid = yes
- address = BA39
- condition = K==#6
6. Add new breakpoint ($09 - read)

x. Repeat steps 2-6 as needed.

-------------------

Quote
For the gold/xp calculation, i'm not looking to increase the reward to 150%. I'm looking to remove the 25% boost already present in the English localization of the game that was not present in the Japanese version.

It was my sad, indirect attempt to to be smart. Knowing that the steps to remove the 125% gain are nearly the same procedure, I was hoping that maybe you'd go through the steps anyway, see how they're similar, and figure out the correct nop(s) to reverse the 125% math to 100%.

But again, another teaching failure.

-------------------

Quote
What bytes would I potentially key in for the forbids? Is it the code address in ram that's doing the reading resulting in the bad hit?

I think he means "how do I prevent debugger from breakpoint at this spot again in future?"

Clearly I shouldn't be explaining anything in future.
« Last Edit: August 01, 2020, 11:30:25 am by storall »

Cyneprepou4uk

  • Hero Member
  • *****
  • Posts: 504
  • I am the baldest romhacker
    • View Profile
Re: Dragon Warrior 1, 2 & 3 Hacking Discussion
« Reply #279 on: August 01, 2020, 11:38:42 am »
4 clicks for 1 forbid breakpoint
https://i.imgur.com/tQokfqt.gif
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension