ZERO ~THUKIHAMI no KAMEN~ [R4ZJ01]

Started by ZiT, July 31, 2008, 02:38:35 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions

dcx2

#30
August 16, 2010, 01:40:23 AM
I'm trying to come up with a reliable ASM hook for changing the color of various things.  I traced the call stack to see where the pointers come from.  The pointers are contained in a linked list, and there's a few recursive function calls that are used to iterate through the list until it finds the pointers.


r5 is the pointer we want

80072788: lwz r5,24(r3)
80068328: mr r3,r31       
800680DC: mr r31,r4
8006B458: mr r4,r31
8006B2E0: mr r31,r4
8006C11C: mr r4,r30
8006C0B4: lwz r30,24(r31)  or 8006C304: lwz r30,20(r30)
8006BDD0: mr r31,r3
8006C2FC: mr r3,r30
8006C2F4: lwz r30,12(r31)  or 8006C304: lwz r30,20(r30)
8006BDD0: mr r31,r3
...the three below are recursively executed like five times...
8006C2FC: mr r3,r30
8006C2F4: lwz r30,12(r31) or 8006C304: lwz r30,20(r30) (<--- see the linked list?)
8006BDD0: mr r31,r3
80062DF0: mr r3,r24
80062DE8: lwz r24,28(r31)    #4
80062794: mr r31,r3
802112B8: r3 is cached, and then used as an argument
8009ACC8: addi r3,r28,336 #3
8009AB6C: mr r28,r3
80097718: mr r3,r31
800976F0: lwz r31,8(r3)    #2
800976E8: r3 = 803F00D8   #1

Starting from the bottom, this leads up to the pointer where the data for the hair color is written, which gets loaded into r5.  So I figured I'd follow it the other way, and see who reads this new data.  Lots of data is passed on the stack (oddly, most of the function calls have *huge* stacks, hundreds of bytes each), and then the data is pushed out to the CC memory range.  It's weird...all the data is written to the same address, CC008000, one after another.  You would think that is over-writing the values...but this does not appear to be the case.

In other words...it's hard to find a good ASM hook for this.  Harder than any other game I've tried to hack so far.  I'm actually quite surprised...but not deterred!  I will find a way to make an ASM hook.

dcx2

#31
October 10, 2010, 01:00:45 AM
ZiT

This game has major glitches!  You need 233 ghosts to get the last Function.  But 6 ghosts do not show because of bugs.

Solution 1 - Give them the 6 bugged ghosts for free.  Easy, just toggle a bit somewhere right?

Solution 2 - Fix the bugs that prevent you from getting the pictures.  Harder, but more satisfying.


This way you can actually complete the ghost list for real.  Good idea?

ZiT

#32
October 10, 2010, 07:51:52 AM Last Edit: October 10, 2010, 10:10:12 AM by ZiT
083EE600 FFFFFFFF
21F00004 00000000

There is a target address in the vicinity of 803EE600.
The above-mentioned code might destroy the save data ;)

ZiT

#33
October 10, 2010, 08:27:07 PM
Add Code
//Gallery Mode

ZiT

#34
October 11, 2010, 03:30:38 PM
Add Code
//Nude Mode
Print
Go Up Pages 1 2 3
User actions