News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Draskington

Pages: [1]
1
cheat engine targets the emulator, which runs on x86, which is why you see that x86 stuff there. i wouldn't do it that way. i'd use the debugger emulator to set breakpoints and stuff.

those addresses have nothing to do with the ps1 addresses.

Ahh okay I didn't realise that; I don't think PCSX has a debugger, but I can always DL no$PSX and use that I assume?

To start with I suggest looking just before and just after the location you find the data in to see if there is a fixed string or something you can search for -- it might be randomly placed in memory as far as you are concerned here but if it always is located 200 bytes on from a fixed and uncommon value then it is easy enough to get back when you want to. Eventually you will probably want to find the pointer that deals with it but for the time being something to search for and then move on or at least narrow the search massively will help. If push comes to shove then if you might be able to generate such a value set if you always have the same handful of characters and abilities.

Alright, I'll do my best to look around the data to see what I can find using a debugger.

2
consider most addresses as 80xxxxxx, so 8008C11D.

idk what you are using but no$psx is my main tool for ps1. armips for compiling asm to binary. cdmage b5 for extracting/inserting files from/to the cd image. hex editor for manually patching something minor in an extracted file.

Ah okay, I'll try looking for that instead.
I use PCSX-R to play and I haven't had issues thus far. I've been using Cheat Engine at the moment to play around and learn how to search and find things.

Will i also need to use a range of tools for the changes that I want, or would one be sufficient?

June 21, 2019, 11:28:12 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
Update: I found the code addresses finally! it turns out that the addresses change each time I boot up the game, though I don't know why this is. I assume this will make it harder to find the abilities seeing as their location seems to change each start-up. Given that it changes, how would I make a cheat to force an ability? I was looking at the codes in Cheat Engine, and I got this when modifying CPU 3,4 & 5, though I don't know if it helps me.

CPU 3:
Address: 009CA170

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000004
EBX=00000003
ECX=009CA150
EDX=3008C0BD
ESI=00000001
EDI=00000000
ESP=0073F99C
EBP=00000004
EIP=0044B739

CPU 4:
Address: 009CA178

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000005
EBX=00000003
ECX=009CA150
EDX=3008C08D
ESI=00000001
EDI=0008C0BD
ESP=0073F9AC
EBP=00000005
EIP=0044B739

CPU 5:
Address: 009CA180

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000006
EBX=00000003
ECX=009CA150
EDX=3008C05D
ESI=00000001
EDI=0008C08D
ESP=0073F99C
EBP=00000006
EIP=0044B739

The ones in red are the ones Cheat Engine point to as the Instruction. The ones I put in blue I noticed point to the value of the cheat code of the racer above them (CPU 5's EDI points to the value for CPU 4's EDX), yet if there is no code, the value is always 0 instead.
EAX and EBP are always equal to each other as well.

That's all I've noticed about the numbers, though I'll admit I don't know what EDX and all of those acronyms mean. Is any of this info helpful? Does it show where the abilities are selected?


3
Thanks for the detailed response.

I've been fiddling around in races as you said to do and i thought that I'd try finding the ability charge rate by allowing it to charge up mid-race and trying to find its value. The problem I've found is that when I've tried searching for Increasing, Decreasing or Changing values while the gauge charges, my searches are always in the thousands to tens of thousands, which I'm guessing is because there are a heap of different elements to a race. I managed to find the timer, but it's obviously something i'm not interested in.

I have searched for addresses at and near what the cheat codes say (given that 3008C11D+00? is the code, I've been searching around 3008000-3008D000), but I can't find any results. I've tried searching for pointers, addresses and offsets but I haven't found anything. I used Hex for most of my searches.

So is it possible for me to find either the Spectator Mode P1 Ai control OR the CPU character select using this method? Would I be loading up a race and looking for changing values around the addresses listed above? Maybe for Spectator mode I would be looking for changing values but instead looking when i pick a character as opposed to loading in a race?

The tutorial helped a lot; i also did some similar tutorials using Cheat Engine which helped me understand the cheat side of things a lot better.

Edit: I did a little playing around trying to figure some things out and I figured out that in a normal race, the 5 CPU racers are picked as soon as I choose my character. I don't know whether it would pick their abilities then too, or if they would pick their abilities when i pick mine, though. Considering there are 5 racers, could I be trying to find 5 addresses that are modified the instant I choose my character (maybe 6 including my own racer)? I assume that would at least give me the location of the data that chooses the racers correct?

4
I'm afraid I feel like a lot of this is going over my head unfortunately  :-\ I think I understand what you're wanting me to do, but I don't understand how to get there at all due to my inexperience.

I disassembled the game in 16 bit in IDA Free and searched for instances of the first CPU modifying code and a few others but I couldn't turn up any results.
Even in saying this, looking at the game disassembled I don't really understand what I'm looking at. I appreciate your patience but I'm struggling to understand.

If making cheats is easier then I'm fine with it but I wouldn't know how to do that either unfortunately.

5
I don't know enough about the nature of abilities in this game to make a proper speculation.

Regarding abilities, they're essentially a "Power Up" you can use mid race. You select a character, then select 1 of 10 abilities. The ability charges up over time during the race and is either activated automatically or is used upon a button press. Each of the non secret characters has their own ability that the AI will always choose for them (Chocobo will always have Dash, for example).

Still it could be that the abilities are separate to the character selection in some way. In that case find a second set of codes that correspond to abilities. Whether it will be part of the racer codes, a separate section or something else like code lag*. Looking at the addresses of those codes then despite the jumbled nature of them the distances between memory locations is a bit more than I would expect for a simple variable for a handful of characters (there are a lot of characters, but even 8 bits gives you 256 combinations) and it makes sense for it to all be interspersed within it (character type is often just another stat as far as a given game is concerned). If you do have to go looking it should be another thing you can find with cheats as you can still search the same as you would have been doing for characters and instead aiming at finding where their abilities are noted.

So I downloaded IDA Free 7.0 and I've loaded the game in (I selected 64 bit, wasn't sure if I should have selected 16 or 32 instead though); I don't feel like I fully understand how to search for addresses and find what code does what. I can open the code in either Hex or "Ida View", which kind of looks like this, split into columns:

Seg000:0000000000026    byte 26    dd   0     ; DATA XREF: Seg000:000000000075377↓o

Going further down the DATA XREF onwards is replace by more number sequences.

I also have a functions tab on the left side, full of things such as: nullsub_55 and sub_122D1F7E

Looking at the Hex values I at least have a vague idea as I can at least translate numerical values but I face the same issue of not knowing how to find out what points to what.

When you say 0 to 13 is that including hex? 0 through 9, A through F and then 10 on up for however many there are. That said now you know the locations you can note whatever characters correspond to what in normal unaltered playthroughs of the game. I normally expect things to be in the same order they appear in the game's story, or the same order they appear in/on character selection but there is no particular requirement or great logical reason for devs to be bound to that compared to something like text encodings.

Yep, those included hex values; I think the exact range was 02 to 13.

As for Spectator mode, I feel like that would be the easiest to modify as there would be less chance of me ruining the rom given I'll hardly change anything? Like I said my problem is locating the Spectator mode data.

6
Thanks for recommendations - I'll have a look into them. Considering, as you said, what I want to do is relatively basic, which of those options is also relatively user friendly for someone with minimal experience such as myself?

I didn't realise that the link didn't have the reference values - I substituted numbers from 01 to 13 I believe it was and each gave me a different character. It's hard to know which characters are which reference values because the only thing that comes through not bugged is the engine noise.

As for Spectator Mode, it functions identically to playing with 2 players, except P1 and P2 are controlled by AI. This is why I assumed that it would be simple to modify this mode as it functions pretty much exactly as I want already aside from the fact that I can't race in it.

Upon it attempting to write there the emulator would say hold up, and go on to tell you it is about to be written to and what did it. You would work backwards from there until you found the code that handled the selection (or more likely the random number generator part of that) -- the cheat has a somewhat easier time of it as it forces the outcome it wants, however if you are looking at code then while you can force a given outcome easily enough if you are going to want to get the game to do it then you might have a harder time for it. Again I would expect the game most likely does random number between say 0 and 9 (I don't know it will be that but most coders don't tend to do random numbers for a simple sequence of stuff) and you would want to increase that range -- you might even get lucky and it will do a if greater than A then do another random generation so it does it until you get 9 or below and goes with that.

Regarding this, I am happy putting codes in to force NPCs to race against, but I'd want it to work properly of course. I think I understand all of what you mean regarding fixing the racer selection, but I'm still worried that making the abilities work too is going to be a pain going this route. Apologies if I've misunderstood anything.

7
Response

Cheers for the response. I did forget to mention that I've only modified GBA and DS games before, with either provided tools or Hex editing. While I have little experience, I am more than willing to learn.
What would be a good Assembly Hacker? I did a search and saw people recommending IDA Free - is this sufficient for what I need to do?

I did actually find some Gameshark Codes which were meant to do exactly what I wanted; it allowed me to edit which CPU characters were chosen for each of the 5 available slots. I tried using the codes, but when the race started, it tried to load in both what the CPU would usually generate for that slot and the racer that I chose. On top of this, it completely randomised abilities for some reason. If there was a way to maybe tweak this cheat it might be the simplest way to achieve what I want?

Codes were found here: https://github.com/KMFDManic-Cores/retroarch_cheats_psx/blob/master/etc/libretro/.config/retroarch/cheats/Sony%20-%20PlayStation/Chocobo%20Racing%20(USA%2C%20Europe)%20(GameShark).cht

I agree that the ability assigning will be an issue most likely. Honestly I'd settle for just allowing the Bahamut and Squall to be matched together.

From what I can tell, the reason that they cannot race together is more for balance purposes. These 2 characters are the "Boss" characters, so I assume that they didn't want to force you to race both of them.

One other way i thought of addressing this is the Spectator Mode in-game. Spectator mode allows me to choose the 6 racers and their abilities and watch them race. I'm wondering if maybe it would be easiest to make the 1st player controllable by me rather than the AI. I'd assume that that would just be one part of the code that assigns the racer's AI?

Apologies if my reply is a little all over the place; I've been wanting to attempt these edits since I was a kid so I'm a little excited to start learning  :)

8
Hi all,
I want to modify the racer select in Chocobo Racing. The game has a total of 18 racers, but the game will only ever select from the first 10, as the others are "secret". Alongside this, 2 of the racers (Bahamut and Squall) are not able to be paired together. I wanted to modify the selection so that the game can pick from all 18 characters. I assume that the two things I would need to do are:
- modify the racers that can be selected for a race
- assign an ability to each of the secret characters, assuming they don't already have a default ability like the other racers.

I have been searching around and haven't found a hint of anyone hacking this game, aside from some people making an ability last a really long time or something irrelevant, and even then I can't find info on how they did that.

If anyone has had experience hacking this game, or knows where I should start I would be really appreciative.

Pages: [1]