Dairantou Smash Brothers X [RSBJ01]

Started by RupeeClock, August 03, 2008, 02:28:38 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6 ... 10
User actions

Cross1955

#45
September 05, 2008, 09:43:47 PM
P1 Always full charge/Down-B (Mario only)
48000000 80622E84
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 00000498
DE000000 80008180
32000000 0000005A
14000000 0000005A
E0000000 80008000

P2 Always full charge/Down-B (Mario only)
48000000 806230C8
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 00000498
DE000000 80008180
32000000 0000005A
14000000 0000005A
E0000000 80008000

P3 Always full charge/Down-B (Mario only)
48000000 8062330C
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 00000498
DE000000 80008180
32000000 0000005A
14000000 0000005A
E0000000 80008000

P4 Always full charge/Down-B (Mario only)
48000000 80623550
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 00000498
DE000000 80008180
32000000 0000005A
14000000 0000005A
E0000000 80008000

P1 Always full charge/B (Samus only)
48000000 80622E84
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 00000007
14000000 00000007
E0000000 80008000

P2 Always full charge/B (Samus only)
48000000 806230C8
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 00000007
14000000 00000007
E0000000 80008000

P3 Always full charge/B (Samus only)
48000000 8062330C
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 00000007
14000000 00000007
E0000000 80008000

P4 Always full charge/B (Samus only)
48000000 80623550
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 00000007
14000000 00000007
E0000000 80008000

P1 Always full charge/B (DK only)
48000000 80622E84
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 0000000A
14000000 0000000A
E0000000 80008000

P2 Always full charge/B (DK only)
48000000 806230C8
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 0000000A
14000000 0000000A
E0000000 80008000

P3 Always full charge/B (DK only)
48000000 8062330C
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 0000000A
14000000 0000000A
E0000000 80008000

P4 Always full charge/B (DK only)
48000000 80623550
DE000000 80008180
58010000 000007B0
DE000000 80008180
5A010000 0000049C
DE000000 80008180
32000000 0000000A
14000000 0000000A
E0000000 80008000

Enjoy! :)

Ovide

#46
September 06, 2008, 01:20:44 AM
Is there going to be a code that unlocks all the music in the game?

Cross1955

#47
September 06, 2008, 04:59:01 AM
Some codes were ported to JPN version.
Thank you for James0x57, Phantom Wings and Heinermann.


Disable HRC Timer: Press L+R+Z to Finish [Original by James0x57]
30958EA4 41820738
14958EA0 2C070001
14958EA4 40820738
385BA863 FF8F0070
14958EA0 2C1B0000
14958EA4 41820738
E0000000 80008000

Nearly Invincible HRC Force Field On/Off ( Y+Z: on / X+Z: off ) [Original by James0x57]
385BA862 F7EF0810
311587E8 D0440000
151587E8 60000000
385BA863 FBEF0410
311587E8 60000000
151587E8 D0440000
E0000000 80008000

Infinite Up-B: Type A [Original by Phantom Wings]
D277F2E0 00000004
2C030000 41820010
2C1C0010 40820008
3B80000F 60000000
939E0038 00000000

Infinite Up-B: Type B [Original by Phantom Wings]
3077F2E0 5789103A
1477F2E0 4B881720
4A000000 80000A00
14000000 5789103A
14000004 2C030000
14000008 41820010
1400000C 2C1C0010
14000010 40820008
14000014 3B80000F
14000018 60000000
1400001C 939E0038
14000020 4877E8C4
E0000000 80008000

Please use Type B, when a game freezes by Type A.

Home-run bat Modifier (HRC) [Original by Phantom Wings]
D298D13C 00000003
2C1B0021 40820008
3B6000XX 60000000
937D091C 00000000

Code Select
[B]XX Value:[/B] [Full Credit to Heinermann]
00 Assist Trophy
01 Franklin Badge
02 Banana Peel
03 Barrel
04 Beam Sword
05 Bill (?)
06 Bob-Omb
07 Crate
08 Bumper
09 Capsule
0A Rolling Crate
0B CD
0C Sticky Bomb
0D Cracker Launcher
0E Cracker Launcher Shot
0F Coin
10 Superspicy Curry
11 Superspice Curry Shot
12 Deku Nut
13 Mr. Saturn
14 Dragoon Parts
15 Dragoon Set
16 Dragoon Sight
17 Trophy
18 Fire Flower
19 Fire Flower Shot
1A Freezie
1B Golden Hammer
1C Green Shell
1D Hammer
1E Hammer Head
1F Fan
20 Heart Container
21 Homerun Bat
22 Party Ball
23 Manaphy Heart
24 Maxim Tomato
25 Poison Mushroom
26 Super Mushroom
27 Metal Box
28 Hot Head
29 Pitfall
2A Pokeball
2B Explosive Box
2C Ray Gun
2D Ray Gun Shot
2E Lipstick
2F Lipstick Flower
30 Lipstick Shot (Dust/Powder)
31 Sandbag
32 Screw Attack
33 Sticker
34 Motion-Sensor Bomb
35 Timer
36 Smart Bomb
37 Smash Ball
38 Smoke Screen
39 Spring
3A Star Rod
3B Star Rod Shot
3C Soccer Ball
3D Superscope
3E Superscope shot
3F Star
40 Food
41 Team Healer
42 Lightning
43 Unira
44 Bunny Hood
45 Warpstar

PLASMAT

#48
September 06, 2008, 09:02:27 AM
GREAT!!
nice code!!

but how to use of "Infinite Up-B: Type A or B" is not understood.

RupeeClock

#49
September 07, 2008, 04:21:21 AM
This home run bat modifier doesn't work properly.

It replaces the home run bat, but it still acts like a bat, you pick it up, swing it, etc.

Although some things still kind of work, when thrown (like bombs)

Try throwing a Golden Hammer, that hurts.

Y.S.

#50
September 07, 2008, 09:24:28 AM
The offset list for "Partial Size Modifier" is almost complete.
I'll post the code and complete list very soon.
Here's some sample photos showing what can be done with the code.









More Screenshots are available here
http://smg.photobucket.com/albums/v406/modifier/

ZiT

#51
September 07, 2008, 10:04:55 AM
This is wonderful:eek:

It is the hacking that is not possible to me.

looks forward to the code:irule:

hetoan2

#52
September 07, 2008, 12:22:27 PM
Quote from: PLASMAT;10142GREAT!!
nice code!!

but how to use of "Infinite Up-B: Type A or B" is not understood.
type A is the original which just gets rid of the limit where B is an action Modifier that makes it somehow "better"

Cross1955

#54
September 07, 2008, 02:56:22 PM
Quote from: RupeeClock;10438This home run bat modifier doesn't work properly.

It replaces the home run bat, but it still acts like a bat, you pick it up, swing it, etc.

Although some things still kind of work, when thrown (like bombs)

Try throwing a Golden Hammer, that hurts.

Yes! It's a correct working of the Home-run bat modifier code.
Externals only modifier.

Cross1955

#55
September 07, 2008, 02:59:16 PM
Quote from: Y.S.;10466The offset list for "Partial Size Modifier" is almost complete.
I'll post the code and complete list very soon.
Here's some sample photos showing what can be done with the code.

Awesome!

Cross1955

#56
September 07, 2008, 06:38:45 PM
Level speed keeps increasing/decreasing while being pressing button.
And, the traveling direction reverses when L+R+Z is pressed.

[Original by Phantom Wings]
Press Y for level speed increasing ( P1-P4/any GC controller is possible control)
385BB126 F7FF0800
4A000000 90000000
3616A904 43000000
92210001 0016A904
80100001 00010000
94210001 0016A904
3416A904 420C0000
1416A904 420C0000
E0000000 80008000
385BB126 F7FF0800
4A000000 90000000
3416A904 44000000
92210002 0016A904
80100002 00010000
94210002 0016A904
3416A904 C20C0000
1416A904 C20C0000
E0000000 80008000

Press X for level speed decreasing ( P1-P4/any GC controller is possible control)
385BB126 FBFF0400
4A000000 90000000
3616A904 43000000
92210001 0016A904
80100001 FFFF0000
94210001 0016A904
3616A904 3A800000
1416A904 3A800000
E0000000 80008000
385BB126 FBFF0400
4A000000 90000000
3416A904 44000000
92210002 0016A904
80100002 FFFF0000
94210002 0016A904
3616A904 BA800000
1416A904 BA800000
E0000000 80008000

Press L+R+Z for level reverse scroll ( P1-P4/any GC controller is possible control)
385BB126 FF8F0070
4A000000 90000000
92210001 0016A904
80100001 80000000
94210001 0016A904
E0000000 80008000

:rockband

RupeeClock

#57
September 07, 2008, 11:46:13 PM
Do you even test your own codes? These are only freezing my game when used with a USB Gecko.

Y.S.

#58
September 08, 2008, 04:00:03 AM
Partial Size Modifier

Certain parts of characters, such as Wario's head, or Mario's hand, etc. change their size when performing certain moves.

The addresses for these parts' size are easily found by 32-bit unknown search.

In most cases, they are found in MEM2 area. But you cannot simply write value to those addresses to have their size changed, as the game's program is constantly writing default value on them (1.0).


Try setting a breakpoint on write and see what is happening;


Write default value:
801A8758:        beq- 0x801a8774
801A875C:  C002A058   lfs   f0,-24488(r2)   Load default size (1.0)
801A8760:  67A44000   oris   r4,r29,16384
801A8764:  D01B0008   stfs   f0,8(r27)   Write default value
801A8768:  D01B0004   stfs   f0,4(r27)   Write default value
801A876C:  D01B0000   stfs   f0,0(r27)   Write default value
801A8770:  48000020   b   0x801a8790


In JPN version of Brawl, r2 points the address 0x805A8EA0.
So, the default value is stored at 0x805A2EF8.

Writing 2.0 to 0x805A2EF8 makes almost everything good-sized.
But even the menu icons or items get bigger and you can hardly play the game.

And just skipping this routine also brings problem; Newly created objects won't get proper size!



To prevent this;


Address: 0x801A8760

Skip Overwritng:

lfs   f0,0(r27)   Load current size
lha   r3,2(r27)   Load lower 16bit of size data
cmpwi   r3,0x5953   compare it with 0x5953
beq-   _end      end if equal
lfs   f0,-24488(r2)   original instruction
oris   r4,r29,16384   original instruction
_end:

The value 0x5953 can be anything.
It's a kind of signature which prevents the size value you wrote from being overwritten by the game.

i.e. If you wrote 0x40005953, it remains 0x40005953.


Some characters such as Sonic etc. using another smilar routine and requires similar "Must be on" code.

---------------------------------------------------------------------------------------------------------------

The next thing to be done is to establish the way to access these address.


The "Write default value" routine is using r27 to write value.
Backtracing the ASM shows r27 is set at 0x80046C34.

80046C04:  48000008   b   0x80046c0c
80046C08:  38800000   li   r4,0
80046C0C:  80610088   lwz   r3,136(r1)
80046C10:  5720103A   rlwinm   r0,r25,2,0,29
80046C14:  2C150000   cmpwi   r21,0
80046C18:  7DE3812E   stwx   r15,r3,r16
80046C1C:  1C6F0030   mulli   r3,r15,48
80046C20:  3A100004   addi   r16,r16,4
80046C24:  7F12002E   lwzx   r24,r18,r0
80046C28:  1C1E000C   mulli   r0,r30,12
80046C2C:  7F911A14   add   r28,r17,r3
80046C30:  1C790030   mulli   r3,r25,48
80046C34:  7F770214   add   r27,r23,r0
80046C38:  1C04000C   mulli   r0,r4,12
80046C3C:  7F511A14   add   r26,r17,r3
80046C40:  7F370214   add   r25,r23,r0

It seems that r23 is the base address for parts' addresses.
The register dump at this time was;

CR  : 22004088  XER : 20000000  CTR : 80195430  DSIS: 00400000
DAR : 915B9FE0  SRR0: 801A873C  SRR1: 0000B032  LR  : 801A8664
r0  : 00000000  r1  : 805B3AE0  r2  : 805A8EA0  r3  : 915BBF50
r4  : 915BBF20  r5  : 915BBF20  r6  : 915BA100  r7  : 905B3B00
r8  : 805B3B74  r9  : 43300000  r10 : F0000000  r11 : 805B3B40
r12 : 80195430  r13 : 805A3FA0  r14 : 915BA360  r15 : 915BEC4C
r16 : 0000001C  r17 : 915BBBC0  r18 : 915BEC00  r19 : 915E26A9
r20 : 805B3C50  r21 : 8127D3A0  r22 : 805B3C58  r23 : 915B9FE0
r24 : 905B3B00  r25 : 915BA100  r26 : 915BBF50  r27 : 915BA10C
r28 : 915BBF20  r29 : 905B3B00  r30 : 805B3B74  r31 : 80000019

Performing 32-bit known value search shows r23 is stored in address 0x8127F494;

8127F494 915B9FE0

Setting breakpoint on read on 8127F494;

807140D8:  80FE00AC   lwz   r7,172(r30)
r30 : 8127F3E8

Performing 32-bit known value search;
8127EA54 8127F3E8

The address 0x8127EA54 is accessible by hooking the same routine I used in the "Infinite Jumps" code.

8083C5E0:  807900D8   lwz   r3,216(r25)

CR  : 22004088  XER : 00000000  CTR : 810DFE40  DSIS: 00400000
DAR : 8127F494  SRR0: 8083C5E0  SRR1: 0000B032  LR  : 8083C240
r0  : 8073FD28  r1  : 805B4830  r2  : 805A8EA0  r3  : 8127DEE0
r4  : 00000002  r5  : 00000000  r6  : 8127EA44  r7  : 00000008
r8  : 00000000  r9  : 8062F6A0  r10 : 80AE6D90  r11 : 805B4880
r12 : 810DFE40  r13 : 805A3FA0  r14 : 00000000  r15 : 00000000
r16 : 00000000  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000001  r21 : 43300000  r22 : 80000000  r23 : 8127DEE0
r24 : 00000002  r25 : 8127EA44  r26 : 00000002  r27 : 00000001
r28 : 8127E5BC  r29 : 00000004  r30 : 8127F9A4  r31 : 00000000


Address: 0x8083C5E4

Set Pointers:

lwz   r5,100(r3)
lwz   r5,32(r5)
lwz   r5,12(r5)
lha   r4,2(r5)      Load Character Number
lwz   r5,0x10(r25)
lwz   r5,0xAC(r5)   Load Pointer address
rlwinm   r4,r4,2,0,31
addi   r4,r4,0x40   Calculate the offset to store the pointer
stwx   r5,r2,r4,      store the pointer to unused address
lis   r5,0x1000   original instruction


The last thing to be done, is to make offset/part list.

I used special "Must be ON" code in order to make list somewhat easier.
But it didn't save me poking around over 4000 times :<
Body parts' name weren't familiar to me, so there might be inappropriate names or typos.





Anyway, here's the final codes;


Set Pointers
C283C5E4 00000006
80A30064 80A50020
80A5000C A8850002
80B90010 80A500AC
5484103E 38840040
7CA2212E 3CA01000
60000000 00000000

Skip overwritng
C21A8760 00000004
C01B0000 A89B0002
2C045953 4182000C
C002A058 67A44000
60000000 00000000

Skip overwritng for Sonic etc.
C21A9420 00000004
C01A0000 A89A0002
2C045953 4182000C
C002A064 67A44000
60000000 00000000


Character 1 Partial Size Modifier
287088A8 00FFXX00
48000000 805A8EE0
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 2 Partial Size Modifier
28708904 00FFXX00
48000000 805A8EE4
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 3 Partial Size Modifier
28708960 00FFXX00
48000000 805A8EE8
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 4 Partial Size Modifier
287089BC 00FFXX00
48000000 805A8EEC
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

XX   Character ID
YYYY   Offset
The list is available here (Offset List.zip)
http://briefcase.yahoo.co.jp/modifierjp

ZZZZ    Size

3D4C   0.05
3E80   0.25
3F00   0.5
3F80   1.0 (Normal Size)
3FC0   1.5
4000   2.0 (Double Size)
4020   2.5
4040   3.0 (Triple Size)
4060   3.5
4080   4.0 (Quadruple Size)
40A0   5.0
40C0   6.0
4100   8.0

The first line of each code checks the character.
Its address can be other similar address as long as it indicates the character you're playing.


Enjoy!

Nuke

#59
September 08, 2008, 04:46:43 AM
once again. amazing work Y.S


Quote from: Y.S.;10649Partial Size Modifier

Certain parts of characters, such as Wario's head, or Mario's hand, etc. change their size when performing certain moves.

The addresses for these parts' size are easily found by 32-bit unknown search.

In most cases, they are found in MEM2 area. But you cannot simply write value to those addresses to have their size changed, as the game's program is constantly writing default value on them (1.0).


Try setting a breakpoint on write and see what is happening;


Write default value:
801A8758:        beq- 0x801a8774
801A875C:  C002A058   lfs   f0,-24488(r2)   Load default size (1.0)
801A8760:  67A44000   oris   r4,r29,16384
801A8764:  D01B0008   stfs   f0,8(r27)   Write default value
801A8768:  D01B0004   stfs   f0,4(r27)   Write default value
801A876C:  D01B0000   stfs   f0,0(r27)   Write default value
801A8770:  48000020   b   0x801a8790


In JPN version of Brawl, r2 points the address 0x805A8EA0.
So, the default value is stored at 0x805A2EF8.

Writing 2.0 to 0x805A2EF8 makes almost everything good-sized.
But even the menu icons or items get bigger and you can hardly play the game.

And just skipping this routine also brings problem; Newly created objects won't get proper size!



To prevent this;


Address: 0x801A8760

Skip Overwritng:

lfs   f0,0(r27)   Load current size
lha   r3,2(r27)   Load lower 16bit of size data
cmpwi   r3,0x5953   compare it with 0x5953
beq-   _end      end if equal
lfs   f0,-24488(r2)   original instruction
oris   r4,r29,16384   original instruction
_end:

The value 0x5953 can be anything.
It's a kind of signature which prevents the size value you wrote from being overwritten by the game.

i.e. If you wrote 0x40005953, it remains 0x40005953.


Some characters such as Sonic etc. using another smilar routine and requires similar "Must be on" code.

---------------------------------------------------------------------------------------------------------------

The next thing to be done is to establish the way to access these address.


The "Write default value" routine is using r27 to write value.
Backtracing the ASM shows r27 is set at 0x80046C34.

80046C04:  48000008   b   0x80046c0c
80046C08:  38800000   li   r4,0
80046C0C:  80610088   lwz   r3,136(r1)
80046C10:  5720103A   rlwinm   r0,r25,2,0,29
80046C14:  2C150000   cmpwi   r21,0
80046C18:  7DE3812E   stwx   r15,r3,r16
80046C1C:  1C6F0030   mulli   r3,r15,48
80046C20:  3A100004   addi   r16,r16,4
80046C24:  7F12002E   lwzx   r24,r18,r0
80046C28:  1C1E000C   mulli   r0,r30,12
80046C2C:  7F911A14   add   r28,r17,r3
80046C30:  1C790030   mulli   r3,r25,48
80046C34:  7F770214   add   r27,r23,r0
80046C38:  1C04000C   mulli   r0,r4,12
80046C3C:  7F511A14   add   r26,r17,r3
80046C40:  7F370214   add   r25,r23,r0

It seems that r23 is the base address for parts' addresses.
The register dump at this time was;

CR  : 22004088  XER : 20000000  CTR : 80195430  DSIS: 00400000
DAR : 915B9FE0  SRR0: 801A873C  SRR1: 0000B032  LR  : 801A8664
r0  : 00000000  r1  : 805B3AE0  r2  : 805A8EA0  r3  : 915BBF50
r4  : 915BBF20  r5  : 915BBF20  r6  : 915BA100  r7  : 905B3B00
r8  : 805B3B74  r9  : 43300000  r10 : F0000000  r11 : 805B3B40
r12 : 80195430  r13 : 805A3FA0  r14 : 915BA360  r15 : 915BEC4C
r16 : 0000001C  r17 : 915BBBC0  r18 : 915BEC00  r19 : 915E26A9
r20 : 805B3C50  r21 : 8127D3A0  r22 : 805B3C58  r23 : 915B9FE0
r24 : 905B3B00  r25 : 915BA100  r26 : 915BBF50  r27 : 915BA10C
r28 : 915BBF20  r29 : 905B3B00  r30 : 805B3B74  r31 : 80000019

Performing 32-bit known value search shows r23 is stored in address 0x8127F494;

8127F494 915B9FE0

Setting breakpoint on read on 8127F494;

807140D8:  80FE00AC   lwz   r7,172(r30)
r30 : 8127F3E8

Performing 32-bit known value search;
8127EA54 8127F3E8

The address 0x8127EA54 is accessible by hooking the same routine I used in the "Infinite Jumps" code.

8083C5E0:  807900D8   lwz   r3,216(r25)

CR  : 22004088  XER : 00000000  CTR : 810DFE40  DSIS: 00400000
DAR : 8127F494  SRR0: 8083C5E0  SRR1: 0000B032  LR  : 8083C240
r0  : 8073FD28  r1  : 805B4830  r2  : 805A8EA0  r3  : 8127DEE0
r4  : 00000002  r5  : 00000000  r6  : 8127EA44  r7  : 00000008
r8  : 00000000  r9  : 8062F6A0  r10 : 80AE6D90  r11 : 805B4880
r12 : 810DFE40  r13 : 805A3FA0  r14 : 00000000  r15 : 00000000
r16 : 00000000  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000001  r21 : 43300000  r22 : 80000000  r23 : 8127DEE0
r24 : 00000002  r25 : 8127EA44  r26 : 00000002  r27 : 00000001
r28 : 8127E5BC  r29 : 00000004  r30 : 8127F9A4  r31 : 00000000


Address: 0x8083C5E4

Set Pointers:

lwz   r5,100(r3)
lwz   r5,32(r5)
lwz   r5,12(r5)
lha   r4,2(r5)      Load Character Number
lwz   r5,0x10(r25)
lwz   r5,0xAC(r5)   Load Pointer address
rlwinm   r4,r4,2,0,31
addi   r4,r4,0x40   Calculate the offset to store the pointer
stwx   r5,r2,r4,      store the pointer to unused address
lis   r5,0x1000   original instruction


The last thing to be done, is to make offset/part list.

I used special "Must be ON" code in order to make list somewhat easier.
But it didn't save me poking around over 4000 times :<
Body parts' name weren't familiar to me, so there might be inappropriate names or typos.





Anyway, here's the final codes;


Set Pointers
C283C5E4 00000006
80A30064 80A50020
80A5000C A8850002
80B90010 80A500AC
5484103E 38840040
7CA2212E 3CA01000
60000000 00000000

Skip overwritng
C21A8760 00000004
C01B0000 A89B0002
2C045953 4182000C
C002A058 67A44000
60000000 00000000

Skip overwritng for Sonic etc.
C21A9420 00000004
C01A0000 A89A0002
2C045953 4182000C
C002A064 67A44000
60000000 00000000


Character 1 Partial Size Modifier
287088A8 00FFXX00
48000000 805A8EE0
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 2 Partial Size Modifier
28708904 00FFXX00
48000000 805A8EE4
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 3 Partial Size Modifier
28708960 00FFXX00
48000000 805A8EE8
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

Character 4 Partial Size Modifier
287089BC 00FFXX00
48000000 805A8EEC
DE000000 80009380
1400YYYY ZZZZ5953
E0000000 80008000

XX   Character ID
YYYY   Offset
The list is available here (Offset List.zip)
http://briefcase.yahoo.co.jp/modifierjp

ZZZZ    Size

3D4C   0.05
3E80   0.25
3F00   0.5
3F80   1.0 (Normal Size)
3FC0   1.5
4000   2.0 (Double Size)
4020   2.5
4040   3.0 (Triple Size)
4060   3.5
4080   4.0 (Quadruple Size)
40A0   5.0
40C0   6.0
4100   8.0

The first line of each code checks the character.
Its address can be other similar address as long as it indicates the character you're playing.


Enjoy!
0xFFFFFFuuuuuuu
Print
Go Up Pages 1 2 3 4 5 6 ... 10
User actions