News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Wanting to modify Chocobo Racing (PS1) - need some guidance  (Read 847 times)

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Hi all,
I want to modify the racer select in Chocobo Racing. The game has a total of 18 racers, but the game will only ever select from the first 10, as the others are "secret". Alongside this, 2 of the racers (Bahamut and Squall) are not able to be paired together. I wanted to modify the selection so that the game can pick from all 18 characters. I assume that the two things I would need to do are:
- modify the racers that can be selected for a race
- assign an ability to each of the secret characters, assuming they don't already have a default ability like the other racers.

I have been searching around and haven't found a hint of anyone hacking this game, aside from some people making an ability last a really long time or something irrelevant, and even then I can't find info on how they did that.

If anyone has had experience hacking this game, or knows where I should start I would be really appreciative.

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #1 on: June 17, 2019, 09:30:30 pm »
I don't know enough of the game to do more than the general approach here.

If a game will normally not select a character and you note they are hidden then I would start playing with character selection.
An assembly hacker would probably play with the "what happens when you press a button to start the race/finish selection" as it probably generates it as part of that or in the next things it does. It is the quicker way if you know but if you don't then there are others. Start by finding what your character value is in memory (same as finding infinite health in that you make the selection, do a equal/not equal search, make another, do a search... just takes longer when it is not a health value or item count you can easily change in half a second). Once you have your characters/combo found then the AI will probably be nearby (especially if it is a multiplayer game), or found as part of it all. You can try forcing them to be other things with cheats and seeing what goes but eventually you will need to go to assembly. Wander in with memory values found and some tests done on what things can be and you will get more help then "I know nothing, please do it for me".
Once it is found you might well be able to then simply force what is probably a random between 0 and 9 to random between 0 and 18.

The "assign an ability" thing might be thing that holds stuff up, though still worth trying the stuff above first and you will likely need it in the end anyway.


On racers not being able to be paired together then if this is for the PS1 be aware that memory issues can be a thing -- the people doing crash racing noted that forcing the player to have cortex or whatever the final boss was would see memory run out and crashes for some tracks. You might even be able to do something like the above and force the two selections to be made with a basic cheat.

Speaking of basic cheats that is probably what the other stuff you referenced is. If it is a health/life/stamina/magic bar or timer then such things are usually prime candidates for cheats ( https://doc.kodewerx.org/hacking_psx.html ).

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #2 on: June 17, 2019, 10:44:38 pm »
Response

Cheers for the response. I did forget to mention that I've only modified GBA and DS games before, with either provided tools or Hex editing. While I have little experience, I am more than willing to learn.
What would be a good Assembly Hacker? I did a search and saw people recommending IDA Free - is this sufficient for what I need to do?

I did actually find some Gameshark Codes which were meant to do exactly what I wanted; it allowed me to edit which CPU characters were chosen for each of the 5 available slots. I tried using the codes, but when the race started, it tried to load in both what the CPU would usually generate for that slot and the racer that I chose. On top of this, it completely randomised abilities for some reason. If there was a way to maybe tweak this cheat it might be the simplest way to achieve what I want?

Codes were found here: https://github.com/KMFDManic-Cores/retroarch_cheats_psx/blob/master/etc/libretro/.config/retroarch/cheats/Sony%20-%20PlayStation/Chocobo%20Racing%20(USA%2C%20Europe)%20(GameShark).cht

I agree that the ability assigning will be an issue most likely. Honestly I'd settle for just allowing the Bahamut and Squall to be matched together.

From what I can tell, the reason that they cannot race together is more for balance purposes. These 2 characters are the "Boss" characters, so I assume that they didn't want to force you to race both of them.

One other way i thought of addressing this is the Spectator Mode in-game. Spectator mode allows me to choose the 6 racers and their abilities and watch them race. I'm wondering if maybe it would be easiest to make the 1st player controllable by me rather than the AI. I'd assume that that would just be one part of the code that assigns the racer's AI?

Apologies if my reply is a little all over the place; I've been wanting to attempt these edits since I was a kid so I'm a little excited to start learning  :)

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #3 on: June 18, 2019, 10:15:44 am »
IDA is a fine disassembly tool, possibly the best out there. IDA Free on the other hand I have not kept up with in some years but last I checked only did X86 rather than the PS1's MIPS thing as support for different processors was one of the big selling points of IDA. It would probably be overkill here though as the basic emulator disassembly will probably do most of what you will want for this. I similarly don't know what we are suggesting for a debug emulator these days -- PSX debugger was it at one time but some look at no$psx these days and since I last paid proper attention then epsxe has started to return so you might also have something there.

Those cheats are what that stuff above was supposed to get you to find. Useful here as well though as the cheat is quite literally where the info you care about is located and what should be there to do what (though it only has ?? in the link so you might need to fiddle a bit to see what each thing does).
What you would want to do is set a break on write to that area. Upon it attempting to write there the emulator would say hold up, and go on to tell you it is about to be written to and what did it. You would work backwards from there until you found the code that handled the selection (or more likely the random number generator part of that) -- the cheat has a somewhat easier time of it as it forces the outcome it wants, however if you are looking at code then while you can force a given outcome easily enough if you are going to want to get the game to do it then you might have a harder time for it. Again I would expect the game most likely does random number between say 0 and 9 (I don't know it will be that but most coders don't tend to do random numbers for a simple sequence of stuff) and you would want to increase that range -- you might even get lucky and it will do a if greater than A then do another random generation so it does it until you get 9 or below and goes with that.

As far as balance issues then could be, I just wanted to make you aware of memory stuff.

On boss characters both being in the same race then along with the random thing there might be the virtual equivalent of if boss1 is selected then don't allow boss 2 to be selected, we more commonly see this in fighting games that won't allow two of the same character but same deal here.

Subverting NPCs into player characters is a thing done in ROM hacking. I tend not to see it for racing games (more commonly co-op hacks for action RPGs with a party or something) but it is a valid thing to be doing. I would have to see it to say much more here -- sometimes spectator modes have a lot of extras like ghost cameras, course cameras and camera swapping that the conventional game will not. It would probably not be my first choice in this scenario, but I would have it in mind for looking at what it does as far as abilities.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #4 on: June 18, 2019, 10:30:07 am »
Thanks for recommendations - I'll have a look into them. Considering, as you said, what I want to do is relatively basic, which of those options is also relatively user friendly for someone with minimal experience such as myself?

I didn't realise that the link didn't have the reference values - I substituted numbers from 01 to 13 I believe it was and each gave me a different character. It's hard to know which characters are which reference values because the only thing that comes through not bugged is the engine noise.

As for Spectator Mode, it functions identically to playing with 2 players, except P1 and P2 are controlled by AI. This is why I assumed that it would be simple to modify this mode as it functions pretty much exactly as I want already aside from the fact that I can't race in it.

Upon it attempting to write there the emulator would say hold up, and go on to tell you it is about to be written to and what did it. You would work backwards from there until you found the code that handled the selection (or more likely the random number generator part of that) -- the cheat has a somewhat easier time of it as it forces the outcome it wants, however if you are looking at code then while you can force a given outcome easily enough if you are going to want to get the game to do it then you might have a harder time for it. Again I would expect the game most likely does random number between say 0 and 9 (I don't know it will be that but most coders don't tend to do random numbers for a simple sequence of stuff) and you would want to increase that range -- you might even get lucky and it will do a if greater than A then do another random generation so it does it until you get 9 or below and goes with that.

Regarding this, I am happy putting codes in to force NPCs to race against, but I'd want it to work properly of course. I think I understand all of what you mean regarding fixing the racer selection, but I'm still worried that making the abilities work too is going to be a pain going this route. Apologies if I've misunderstood anything.

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #5 on: June 18, 2019, 01:12:46 pm »
I don't know enough about the nature of abilities in this game to make a proper speculation.

Still it could be that the abilities are separate to the character selection in some way. In that case find a second set of codes that correspond to abilities. Whether it will be part of the racer codes, a separate section or something else like code lag*. Looking at the addresses of those codes then despite the jumbled nature of them the distances between memory locations is a bit more than I would expect for a simple variable for a handful of characters (there are a lot of characters, but even 8 bits gives you 256 combinations) and it makes sense for it to all be interspersed within it (character type is often just another stat as far as a given game is concerned). If you do have to go looking it should be another thing you can find with cheats as you can still search the same as you would have been doing for characters and instead aiming at finding where their abilities are noted.

*I often bring up goldeneye on the N64 in examples here. If you use gameshark infinite life then a big enough explosion will still kill you. If you use the in game cheat it won't. The reason being that the check for life and damage routines happen before the gameshark's stuff will get in there and set the health back full. Something similar may be happening here, though I would expect emulator cheat routines to be better (been surprised before though).

When you say 0 to 13 is that including hex? 0 through 9, A through F and then 10 on up for however many there are. That said now you know the locations you can note whatever characters correspond to what in normal unaltered playthroughs of the game. I normally expect things to be in the same order they appear in the game's story, or the same order they appear in/on character selection but there is no particular requirement or great logical reason for devs to be bound to that compared to something like text encodings.

Debugger wise. Most debugging emulators won't have some of the utterly crazy stuff in them, compared to IDA which often will (said stuff makes it seriously powerful and able to do things in seconds that those lumped with emulators would take hours or a lot of luck to sort). Try any you like really.

On the ease of modding spectator mode. If it is essentially the same then yes it sounds like you are doing changes that already exist within the game and well within hardware capabilities, and I could even see the resulting changes being a handful of bytes (maybe even something you could enter as a cheat). I absolutely can not guarantee for someone new to assembly to get there relatively easily though. Best I would hope for is you can force some kind variable there to be controlled by players again and the game just sets up the mode and does not care beyond that, though the lack of any restrictions on AI players like you are trying to remove in this whole thread is somewhat odd if that is to be the case. Worst case scenario you end up having to write your own joypad control routines back into the game like many of those co-op hacks I mentioned earlier.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #6 on: June 18, 2019, 09:28:01 pm »
I don't know enough about the nature of abilities in this game to make a proper speculation.

Regarding abilities, they're essentially a "Power Up" you can use mid race. You select a character, then select 1 of 10 abilities. The ability charges up over time during the race and is either activated automatically or is used upon a button press. Each of the non secret characters has their own ability that the AI will always choose for them (Chocobo will always have Dash, for example).

Still it could be that the abilities are separate to the character selection in some way. In that case find a second set of codes that correspond to abilities. Whether it will be part of the racer codes, a separate section or something else like code lag*. Looking at the addresses of those codes then despite the jumbled nature of them the distances between memory locations is a bit more than I would expect for a simple variable for a handful of characters (there are a lot of characters, but even 8 bits gives you 256 combinations) and it makes sense for it to all be interspersed within it (character type is often just another stat as far as a given game is concerned). If you do have to go looking it should be another thing you can find with cheats as you can still search the same as you would have been doing for characters and instead aiming at finding where their abilities are noted.

So I downloaded IDA Free 7.0 and I've loaded the game in (I selected 64 bit, wasn't sure if I should have selected 16 or 32 instead though); I don't feel like I fully understand how to search for addresses and find what code does what. I can open the code in either Hex or "Ida View", which kind of looks like this, split into columns:

Seg000:0000000000026    byte 26    dd   0     ; DATA XREF: Seg000:000000000075377↓o

Going further down the DATA XREF onwards is replace by more number sequences.

I also have a functions tab on the left side, full of things such as: nullsub_55 and sub_122D1F7E

Looking at the Hex values I at least have a vague idea as I can at least translate numerical values but I face the same issue of not knowing how to find out what points to what.

When you say 0 to 13 is that including hex? 0 through 9, A through F and then 10 on up for however many there are. That said now you know the locations you can note whatever characters correspond to what in normal unaltered playthroughs of the game. I normally expect things to be in the same order they appear in the game's story, or the same order they appear in/on character selection but there is no particular requirement or great logical reason for devs to be bound to that compared to something like text encodings.

Yep, those included hex values; I think the exact range was 02 to 13.

As for Spectator mode, I feel like that would be the easiest to modify as there would be less chance of me ruining the rom given I'll hardly change anything? Like I said my problem is locating the Spectator mode data.
« Last Edit: June 18, 2019, 09:37:27 pm by Draskington »

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #7 on: June 19, 2019, 06:54:08 am »
On IDA free then that is likely X86 -- it seems MIPS is only in the professional edition (not the starter version and definitely not the freeware version) by default. 16 bit then being for old DOS programs (or installers of many windows 95-98 era stuff), 32bit being the standard X86 stuff and 64 bit being for the newer X64 stuff.

"as there would be less chance of me ruining the rom"
This is why we back up things. By all means select a mode of attack that is either going to be easiest to do, or an area most amenable to change for the end result you want but.
As for finding things then again while it is likely a viable route to add, or hopefully just unlock, things in spectator mode I can't promise an easy time of things where the other stuff should just be a matter of plugging at it. I don't know if it will be an entirely different mode to the other ones (easy enough to do on the PS1 compared to older systems) but I would still look at the locations the cheats mention in memory to see what is located there.

As for abilities then thanks for the explanation (I probably should have just read a FAQ but eh). If it is a user selectable secondary thing then I would definitely look for a secondary location in memory housing the ability. First thing I would look at is the locations mentioned by the cheats. If they are not right next to the given character selection then I would look for another big list (if you can set all the AI racers to a single ability, then all to the next ability for an otherwise identical race, next ability for the next.... then it will hopefully be fairly obvious where it is housed rather than looking for a random number set somewhere in what will usually look an awful lot like random numbers) probably right after or before where all this character selection stuff is stashed.
If you are OK with cheats for this hack then you will then just have to make up a set of cheats for the abilities using the locations you just found.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #8 on: June 19, 2019, 10:02:57 am »
I'm afraid I feel like a lot of this is going over my head unfortunately  :-\ I think I understand what you're wanting me to do, but I don't understand how to get there at all due to my inexperience.

I disassembled the game in 16 bit in IDA Free and searched for instances of the first CPU modifying code and a few others but I couldn't turn up any results.
Even in saying this, looking at the game disassembled I don't really understand what I'm looking at. I appreciate your patience but I'm struggling to understand.

If making cheats is easier then I'm fine with it but I wouldn't know how to do that either unfortunately.

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #9 on: June 20, 2019, 06:52:22 am »
IDA first then.
There are many families of processor. Most PCs you will likely ever have used will be in the x86 family.

You say you are familiar with the GBA. That would be the ARM7TDMI. The DS also uses an ARM7 but the main processor it uses for commercial games is an ARM9. It gets a bit more confusing if you want to consider the name/version of the ARM instruction set each processor runs but we will skip that for now.

NES is 6502.

Master system is Z80, and the GB/GBC kind of is as well.

Megadrive/genesis is 68000 aka 68K, though for the sound system it also has a Z80 which can do code in its own right.

Many consoles have used some flavour of powerpc over the years. Older apple stuff also went in for them.

Rounding it out though we have the MIPS family, of which the PS1 is an example of users of it.

All these families, and indeed revisions within them, have separate ways of interpreting 1s and 0s to make instructions. This means each disassembler will have to be coded with it in mind. IDA has many of these already in there, and some excellent means of defining more and the option to handle quirks and memory layouts for specific systems. The free version however is limited to X86 it seems, which is fine as prior to this explosion of mobile phones and tablets it was the main thing anybody would have cared about. No MIPS in sight and I don't know if you can even add it.

You mentioned ruining the ROM. This should be a non issue. You should be working from a backup of it, and back up work you are doing at stages so you can revert back to an older version. I know you were probably trying to say you can edit this with the least unexpected fallout but I am going to highly discourage such thinking.
On the face of it then spectator mode might seem like something you can "just" (just is a swear word for most of computing as it usually involves an assumption on how much work needs to be done and said assumption is usually rather off the mark) add to, or if the game is coded in a way that it could well be then simply "unlock" the option to have players*

*it could well be that something as simple as the cheats for forcing a character could well have the game cede control in spectator mode to a player, and it gets more likely if there are not weird and wonderful abilities given in spectator modes as far as cameras. If however it is a whole new mode (the PS1 having hundreds of megs of space thanks to the whole CD things means it is able to store a few hundred KB of standalone program that is spectator mode if it wanted to) then that gets more tricky. Adding controls in is not a monstrous task but it is similarly not something I would chuck someone new to all this into and expect them to do well at it, especially not when other things are likely easier -- cheats are simple (more on them in a minute), and fiddling with a random generator such that it selects a number slightly outside its normal parameters is also nothing drastic (don't know what it will be here but you are either fiddling with something it already does, or telling it to do nothing at a point when it would have done something. NOP is a good term you will want to read up on for the latter).

On abilities then if it is a thing you select and not inherent to the selection of racer or something then such a selection will have to be noted in memory somewhere. If it is not bundled with the character selection itself (given the distances apart each of those cheats are for each character I would definitely have a look -- if said memory locations were just to note the individual character selection then that is a lot of wasted memory, memory most PS1 coders would not waste like that) then chances are it will be with another big list of such things. Either way as you can control abilities selected then you should be able to find easily enough with a cheat search if you note what you are doing for each race and search accordingly, though first I would take the memory addresses those cheats have and look there to see if the abilities are there as well.

Cheats then. These are pretty similar for all systems. They work by having a menu in the emulator, or in some occasions a program like emuhaste, artmoney or such attached to it. Here you will start the cheat search. Then in the game do something. Depending upon what was done you do another search. For instance if you want infinite potions you would buy 99 of the things, start the search, chug one, do a search for things less than they were at the first search, chug one, do a search... eventually things will narrow down such that you can try things manually or just have one left. You might try searching for specific numbers as well to narrow it down even quicker.
For abilities then it would take longer than opening a menu to chug a potion but it is still the same plan.

Things greater than, things less than, things that changed, things that remained the same, things within a range and things outside a range are the default things pretty much every emulator/cheat search will have. Some will have some more exotic options.
https://web.archive.org/web/20080309104350/http://etk.scener.org/?op=tutorial is a guide to making cheats, it is aimed at the GBA but again it will be the same for just about everything out there. It will also cover the basics of anti cheat methods that some developers employ, or code in such a way that they effectively employ.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #10 on: June 20, 2019, 11:58:42 pm »
Thanks for the detailed response.

I've been fiddling around in races as you said to do and i thought that I'd try finding the ability charge rate by allowing it to charge up mid-race and trying to find its value. The problem I've found is that when I've tried searching for Increasing, Decreasing or Changing values while the gauge charges, my searches are always in the thousands to tens of thousands, which I'm guessing is because there are a heap of different elements to a race. I managed to find the timer, but it's obviously something i'm not interested in.

I have searched for addresses at and near what the cheat codes say (given that 3008C11D+00? is the code, I've been searching around 3008000-3008D000), but I can't find any results. I've tried searching for pointers, addresses and offsets but I haven't found anything. I used Hex for most of my searches.

So is it possible for me to find either the Spectator Mode P1 Ai control OR the CPU character select using this method? Would I be loading up a race and looking for changing values around the addresses listed above? Maybe for Spectator mode I would be looking for changing values but instead looking when i pick a character as opposed to loading in a race?

The tutorial helped a lot; i also did some similar tutorials using Cheat Engine which helped me understand the cheat side of things a lot better.

Edit: I did a little playing around trying to figure some things out and I figured out that in a normal race, the 5 CPU racers are picked as soon as I choose my character. I don't know whether it would pick their abilities then too, or if they would pick their abilities when i pick mine, though. Considering there are 5 racers, could I be trying to find 5 addresses that are modified the instant I choose my character (maybe 6 including my own racer)? I assume that would at least give me the location of the data that chooses the racers correct?
« Last Edit: June 21, 2019, 01:56:01 am by Draskington »

STARWIN

  • Sr. Member
  • ****
  • Posts: 449
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #11 on: June 21, 2019, 05:05:55 am »
3008C11D

consider most addresses as 80xxxxxx, so 8008C11D.

idk what you are using but no$psx is my main tool for ps1. armips for compiling asm to binary. cdmage b5 for extracting/inserting files from/to the cd image. hex editor for manually patching something minor in an extracted file.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #12 on: June 21, 2019, 06:46:45 am »
consider most addresses as 80xxxxxx, so 8008C11D.

idk what you are using but no$psx is my main tool for ps1. armips for compiling asm to binary. cdmage b5 for extracting/inserting files from/to the cd image. hex editor for manually patching something minor in an extracted file.

Ah okay, I'll try looking for that instead.
I use PCSX-R to play and I haven't had issues thus far. I've been using Cheat Engine at the moment to play around and learn how to search and find things.

Will i also need to use a range of tools for the changes that I want, or would one be sufficient?

June 21, 2019, 11:28:12 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
Update: I found the code addresses finally! it turns out that the addresses change each time I boot up the game, though I don't know why this is. I assume this will make it harder to find the abilities seeing as their location seems to change each start-up. Given that it changes, how would I make a cheat to force an ability? I was looking at the codes in Cheat Engine, and I got this when modifying CPU 3,4 & 5, though I don't know if it helps me.

CPU 3:
Address: 009CA170

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000004
EBX=00000003
ECX=009CA150
EDX=3008C0BD
ESI=00000001
EDI=00000000
ESP=0073F99C
EBP=00000004
EIP=0044B739

CPU 4:
Address: 009CA178

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000005
EBX=00000003
ECX=009CA150
EDX=3008C08D
ESI=00000001
EDI=0008C0BD
ESP=0073F9AC
EBP=00000005
EIP=0044B739

CPU 5:
Address: 009CA180

0044B72C - 8D 74 26 00  - lea esi,[esi+00]
0044B730 - 8B 0D E0424900  - mov ecx,[pcsx.exe+942E0]
0044B736 - 8B 14 E9   - mov edx,[ecx+ebp*8] <<
0044B739 - 0FB7 5C E9 04  - movzx ebx,word ptr [ecx+ebp*8+04]
0044B73E - 89 D0  - mov eax,edx

EAX=00000006
EBX=00000003
ECX=009CA150
EDX=3008C05D
ESI=00000001
EDI=0008C08D
ESP=0073F99C
EBP=00000006
EIP=0044B739

The ones in red are the ones Cheat Engine point to as the Instruction. The ones I put in blue I noticed point to the value of the cheat code of the racer above them (CPU 5's EDI points to the value for CPU 4's EDX), yet if there is no code, the value is always 0 instead.
EAX and EBP are always equal to each other as well.

That's all I've noticed about the numbers, though I'll admit I don't know what EDX and all of those acronyms mean. Is any of this info helpful? Does it show where the abilities are selected?

« Last Edit: June 21, 2019, 11:28:12 pm by Draskington »

FAST6191

  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #13 on: June 22, 2019, 06:56:03 am »
3 main reasons for something to change address.

1) The C programming language family allows people to allocate and release memory sections as necessary (the failure to release it when done being the classic memory leak). If something else happens before the part of the game you care about has happened then it might not have released memory and thus the data you care about lands somewhere different.
2) Something before it needs more memory for something. Should not happen here (it tending to be say for an RPG where a given character might have a larger list of stats/abilities than say a follower NPC and thus when stashing them end to end in memory you need less/more and change the following stuff) but I have been surprised before.
3) An anti cheat method. Sometimes it is just like 1) but sometimes the devs get a bit more creative and purposely cycle it around to prevent the "small change, search, small change, search..." cheat finding routine you just learned about). I don't imagine it is the case here given all the other cheats we have seen be simple things. Again though I have been surprised in the past and you never know what a bored intern or eager to please new hire did one day.

To start with I suggest looking just before and just after the location you find the data in to see if there is a fixed string or something you can search for -- it might be randomly placed in memory as far as you are concerned here but if it always is located 200 bytes on from a fixed and uncommon value then it is easy enough to get back when you want to. Eventually you will probably want to find the pointer that deals with it but for the time being something to search for and then move on or at least narrow the search massively will help. If push comes to shove then if you might be able to generate such a value set if you always have the same handful of characters and abilities.
You might also want to work from a savestate taken at a suitable point in the game as you are working things up. If it is simple memory management then hopefully the unique cases that see it land somewhere else in memory will have already happened by then and you can focus on playing with the code instead.

Pointers then. Somewhere in the code will be a value that holds the location that the data you are concerned with this boot/run. This is called a pointer as it points the way to the data. Yes you can have a pointer to a pointer, and in annoying cases it can go on many more times than that -- it is actually a fairly classic C exam question to get a nest of some 20 pointers and mixed in a few addresses and get the person to decode it by hand (it is trivial, if tedious, if you get it and near impossible if you are hazy on the idea of pointers).
There are tools that will use savestates to search for pointer locations (you feed it a few savestates and the location of the data you care about for each of those savestates and it will try to determine where the pointer is at) and if you have an idea where the data starts then you might be able to find the pointer too. Alternatively if you know the location for that run/boot then if you set a breakpoint on that location then you should be able to work backwards to find where it got the idea to look at that location.

"EDX and all of those acronyms mean"
They are registers. CPUS will have a bunch of very fast pieces of memory in them. These pieces of memory are used to do operations at speed with. They are however usually very small -- whatever the main ones used in the processor are then determines the "bit" of a machine (in this case 4 bits per hex character x 8 because there are 8 of them = 32 bits), unless you are a marketing wonk looking to trick people but that is a different matter.
Being very small they usually have their data cycled in and out regularly as the machine does whatever it needs to do.

That said the names used there are more those I would expect from a PC/X86 processor. Various things will have alternative names for the PS1 registers ( https://problemkaputt.de/psx-spx.htm#cpuregisters ) but EAX is something I see on X86 discussions and can't think of a reason someone would call a PS1 register that (on the PC it is the Extended version of register AX - when people tell you X86 has been added to for years then this is one such example of it moving to 32 bit from 16 but keeping some semblance of normality between them). Similarly movzx is an X86 instruction that scanning through the link I just gave and stuff from https://hwdocs.webs.com/ps1 it has no equivalent on the PS1, though might be a pseudo instruction somewhere.

STARWIN

  • Sr. Member
  • ****
  • Posts: 449
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #14 on: June 22, 2019, 01:36:20 pm »
cheat engine targets the emulator, which runs on x86, which is why you see that x86 stuff there. i wouldn't do it that way. i'd use the debugger emulator to set breakpoints and stuff.

those addresses have nothing to do with the ps1 addresses.

Draskington

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Wanting to modify Chocobo Racing (PS1) - need some guidance
« Reply #15 on: June 22, 2019, 10:39:25 pm »
cheat engine targets the emulator, which runs on x86, which is why you see that x86 stuff there. i wouldn't do it that way. i'd use the debugger emulator to set breakpoints and stuff.

those addresses have nothing to do with the ps1 addresses.

Ahh okay I didn't realise that; I don't think PCSX has a debugger, but I can always DL no$PSX and use that I assume?

To start with I suggest looking just before and just after the location you find the data in to see if there is a fixed string or something you can search for -- it might be randomly placed in memory as far as you are concerned here but if it always is located 200 bytes on from a fixed and uncommon value then it is easy enough to get back when you want to. Eventually you will probably want to find the pointer that deals with it but for the time being something to search for and then move on or at least narrow the search massively will help. If push comes to shove then if you might be able to generate such a value set if you always have the same handful of characters and abilities.

Alright, I'll do my best to look around the data to see what I can find using a debugger.