Starting out with WiiRD on Brawl... Final Smash Effects attempt....

[shadowofchaos]

Hello guys.... Since all the IB crap from High School is done with for 2 weeks, I now have the time to start out on attempting to hack Brawl.... Which I've wanted to do since I got my USBGecko, but never had the time to do this....

I'm assuming that the code I'm trying to do will be out of my reach, however it doesn't stop me from trying :P

Anyway, I have basic knowledge on how to start out with the USBGecko, thanks to Foxx's Video tutorial with Mario Galaxy...

I am attempting to start on a "double final smash effects" fix in which more than final smash can have their "effects"... not just the last person who got the "Final Smash Standby"...

I'm a loooooong way away from this... however, I tried starting out today just finding out the location from which the data is loaded....

Here's the situation on my code searches:

I do Ike and Marth on 5 stock, Final Destination, Smash Balls only on High....

Activated Codes from WiiRD Gui:

Taunt to do your character's Final Smash Animation (I apologize, I dunno who made the code, please someone tell me who did so I can give credit, I think this was from the action modifier):

4A000000 8077F780
D2000000 00000004
2C030000 41820010
2C1C010C 40820008
3B800116 60000000
939E0038 00000000

I was going to use this to test if anything changes whenever I poke an address....

I did an 16-Bit Unknown Value Search with "Equal to" Compare type as Ike glows with FS (Assuming that Final Smash effects are loaded)....

I did it many times as the Final Smash Progressed with a Hit on Marth....

After the final hit and stopped "glowing".... I did a "Not Equal" Compare type, following a few "Equal" comparison dumps while he wasn't glowing to reduce the amount of addresses I had to work with....

I did another "Not equal" compare type when I got the smash ball again.... NOT hit Marth this time and to make Ike not glow again, and did another "not equal" compare type.... and then a few "equal" comparison dumps...

I'm assuming by this point that you understand my method....

I narrowed it down to about 90 codes and started poking (don't ask me why, I dunno why I didn't narrow it down further...)

After I poked each time, I pressed the taunt button (without hitting Marth) to see if the Final Smash animation for Ike had its effects in contrast to the "Holy Aether" (His sword effects are "white" instead of Flames and the "energy waves" during each slash)

After a few times... the regular attacks didn't have their "effects".... I considered this "progress"....

After a few pokes, it froze when I tried to test it with the taunt.... it had a value of "0000" before....

Reset the Wii... started again...

And when I did the method... Different Addresses... so I assume I will need pointers or something.....

Did the same method.... This time, narrowed down to 21 codes Froze again....

Attempt #3

I notice that the ones that freeze me seem to have the same value of "0000" before Ike's Final Smash effects are loaded....

Same method.... narrowed down to 21 codes... seems strange that I ended up with the same number..... Hmm..... Saved the search....

I notice that there's a group of addresses near each other... also starting with a value of "0000" before Ike's FS data is loaded....

I use a breakpoint (never used it before).... and set it so that everytime it writes to one of them.... that it pauses....

Well whaddya know.... It pauses the game right as the smash ball is broken...

Progress...

I poke... and freeze....


Here's the picture of the saved search of the 21 addresses:

[spoiler]
[/spoiler]


You see what I mean by them being "next to each other"? I seriously think they're related to each other somehow when it comes to the "Effects" issue....

Now my question is... where do I go from here?

[hetoan2]

I don't think a code like that could be done with a simple RAM write.

maybe ASM but to me it just feels impossible.

gl tho

[shadowofchaos]

I don't think a code like that could be done with a simple RAM write.

maybe ASM but to me it just feels impossible.

gl tho

Somehow, I knew someone would say that ASM is needed here....

Well, time to get reading...

[shadowofchaos]

(Btw, sorry for double posting... but I didn't want to start a whole new thread on the same issue...)

Well, since I have another day to get studying on this stuff after Final Exams have been over and all the other stuff out of the way...

I've got some work to do with this...

I've changed my method and I'm not using the code for forcing the Final Smash Animation to test a poke in the memory... From what I've seen in the many failed attempts and poking the memory dumps to a freeze... it might seem that the animations for the final smash might be contained in more than just a single address... I had a "Duh" moment there it seems...

As it is now, I don't have any hope of being able to do this...

As, beyond pointers and the codetypes, I don't have any experience with ASM... I've been reading up on it the last time I was doing the memory dumps...

I got some part of it down, however, I'm having a little direction trouble...

With the breakpoints, do the windows show the instructions that ran in that instant on the registers? And are those registers with zeroes ones not used in that situation? Could those be used in ASM to be able to store information if there's empty space on RAM... For example, like the effects that the game loads whenever the character starts to glow, and then when the "effects" are no longer needed?

Here's the screenshots of the breakpoints... I just need clarification on how to use this tool...

[spoiler]
[/spoiler]

Those are just a few screenshots just to get the "jist" of it enyway...

I will be reading up on ASM again before making any more moves... however, can anyone point me the way to understanding the Breakpoints screen and the purpose of the "Disassembler"? (I've been wondering for a while what that does...)

[Link]

With the breakpoints, do the windows show the instructions that ran in that instant on the registers?

Yes

And are those registers with zeroes ones not used in that situation? Could those be used in ASM to be able to store information if there's empty space on RAM...

Zeros are often empty/unused/free registers. However sometimes it might be wanted to store a 0 in memory. Like for counters.. those initialize with 0 and count up. Counters are most likely stored in registers too!

Here's the screenshots of the breakpoints... I just need clarification on how to use this tool...

The upper part shows you the registers (rXX = integer register, fXX = floating point) as you correctly guessed. The lower part shows you the assembly instruction which hit the breakpoint. Additionally it shows some of the following instructions!

[Almas]

I suppose this may not be the most appropriate place to ask this, but I figure it isn't worth a whole thread and it'll end up being relevant here anyways: Is there a completely comprehensive list of the ASM codetypes available? I know of http://class.ee.iastate.edu/cpre211/labs/quickrefPPC.html and http://www.pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/, but every now and then I'll stumble across an unknown thing that won't show up on them, and it's really quite vexing.

Also, does the Breakpoint viewer show a PO/BA? Are those run by Brawl or are they part of the Code Handler? If the latter, are they stored somewhere in memory?

[shadowofchaos]

From the way I was thinking about this... I really can't tell whether it's a 16 bit value for the effects, or 32-bit, or both... Breakpoints all break when it comes to the last 32-60 addresses that come up when I do the dumps...

I kind of don't know where to go from here...

As from the testing I've done, the effects seem to be for everyone as soon as it's loaded... to test, I did 1 Ike and 2 Links... I had one of the Links get the smash ball, while the other one do his final smash animation with the code in the first post... The Link that did the Final Smash had the effect...

From the breakpoints that I've been doing... I still believe that we can load at least two final smash animations at once... that is, if I get some help from an experienced hacker...

Anyway, moving on... I did the memory viewer with auto refresh on... and the values that all come up when someone gets the smash ball ONLY changes when someone does so... and the values are also different depending on who gets it...

The problem is... to find a pointer, the two different instances of the same thing, must have the same value yes? Well, it seems that in all the dumps I have, no two addresses from different dumps have any of the same value for the same character's loaded final smash...

Hmm.. maybe I should do an unknown value dump and find a value for when a final smash loads... and then do a specific value search for the second dump?

[Fred]

Problem is that when you narrow your searches down its most likely that all these addresses will cause a breakpoint anyway, i can tell you from my experience that these kind of effects on the characters ingame will most likely be within the 81 range.

These are two "special codes" for PAL that ive come across when searching for move addresses.

Rob LED Always On (P1) [Fred]
0527231B 0000000C

Lucario Fake Blink (P1) [Fred]
0527E438 80F9F33C

These are regular moveset "effects" found from starting with a not equal search when a game starts and narrowing down with "greater than" and less than when doing the move (greater than untill it ends) and less than after its over. This should give you certain effects like those posted above and i would suggest to test this for easy effect with a easy RAM search and then try onto the final smashes.
Remember that doing the opposite kind of search might also reveal some hidden features.
ASM will truely let you go into more advanced type of codes for sure, but sometimes its as easy as a poke in a certain address.

These effects will can actually be as simple as a 8bit code to a 32bit code, even sometimes a 1(on) and 0(off) kind of thing.

[shadowofchaos]

Problem is that when you narrow your searches down its most likely that all these addresses will cause a breakpoint anyway, i can tell you from my experience that these kind of effects on the characters ingame will most likely be within the 81 range.

These are two "special codes" for PAL that ive come across when searching for move addresses.

Rob LED Always On (P1) [Fred]
0527231B 0000000C

Lucario Fake Blink (P1) [Fred]
0527E438 80F9F33C

These are regular moveset "effects" found from starting with a not equal search when a game starts and narrowing down with "greater than" and less than when doing the move (greater than untill it ends) and less than after its over. This should give you certain effects like those posted above and i would suggest to test this for easy effect with a easy RAM search and then try onto the final smashes.
Remember that doing the opposite kind of search might also reveal some hidden features.
ASM will truely let you go into more advanced type of codes for sure, but sometimes its as easy as a poke in a certain address.

These effects will can actually be as simple as a 8bit code to a 32bit code, even sometimes a 1(on) and 0(off) kind of thing.

Thank you very much for the advice.... (Btw, I dunno why, but you don't have a "Thank Post" button for me to thank you, or is it that these forums have a "one thank you per day" thing?)

Hmmm... so... I could be looking at the wrong place completely by doing the equal, not equal method I've been doing?

I don't understand the greater than, less than search though... as doesn't the Final Smash effects get loaded onto memory for that character once they get the smash ball or "get the final smash standby" mode when I taunt with Phantom Wing's code on?

I've been trying to look at this from another perspective ever since I saw that Link's Final Smash worked with effects without being on "standby" mode...

Edit: Question... if different characters overwrite each other's effects when another person gets a final smash, is it safe to assume that it won't be character specific effects?

Edit #2: I think I'm confident that it's a 16-bit value... I had Phantom Wing's Smash Ball Activator and the Taunt to get a final smash code on....

On the memory viewer, I had 3 addresses of particular interest... I looked at them with Auto Refresh on... and it seems that the addresses changed whenever someone started to glow... and even changed to different values as the final smash "effects" are supposedly loaded and "released".....

A more interesting thing... whenever someone else got the Final Smash while the first character was still glowing... Two of the addresses stayed the same (as if a "yes or no" value) while one changed depending on the character who got it... I took a screenshot of the three of particualr interest... however, when I poked at the last one that changed according to the character who's final smash effects are supposedly loaded... It's a freeze... goodness man.. the obstacles never cease... but that's why this is a challenge that I refuse to give up on!!! Another day will be ahead for me to attempt another hack!!!!

If there's any more advice someone can give me... I appreciate it!!! I'll continue this when I have the time again... I say "Thank you!!!" to the whole WiiRD community!!!

[Fred]

Thank you very much for the advice.... (Btw, I dunno why, but you don't have a "Thank Post" button for me to thank you, or is it that these forums have a "one thank you per day" thing?)

Hmmm... so... I could be looking at the wrong place completely by doing the equal, not equal method I've been doing?

I don't understand the greater than, less than search though... as doesn't the Final Smash effects get loaded onto memory for that character once they get the smash ball or "get the final smash standby" mode when I taunt with Phantom Wing's code on?

I've been trying to look at this from another perspective ever since I saw that Link's Final Smash worked with effects without being on "standby" mode...

Edit: Question... if different characters overwrite each other's effects when another person gets a final smash, is it safe to assume that it won't be character specific effects?

Edit #2: I think I'm confident that it's a 16-bit value... I had Phantom Wing's Smash Ball Activator and the Taunt to get a final smash code on....

On the memory viewer, I had 3 addresses of particular interest... I looked at them with Auto Refresh on... and it seems that the addresses changed whenever someone started to glow... and even changed to different values as the final smash "effects" are supposedly loaded and "released".....

A more interesting thing... whenever someone else got the Final Smash while the first character was still glowing... Two of the addresses stayed the same (as if a "yes or no" value) while one changed depending on the character who got it... I took a screenshot of the three of particualr interest... however, when I poked at the last one that changed according to the character who's final smash effects are supposedly loaded... It's a freeze... goodness man.. the obstacles never cease... but that's why this is a challenge that I refuse to give up on!!! Another day will be ahead for me to attempt another hack!!!!

If there's any more advice someone can give me... I appreciate it!!! I'll continue this when I have the time again... I say "Thank you!!!" to the whole WiiRD community!!!

As for greater than and less than its as simple as thinking about the value going up, lets say that either you start from zero and go up, lets say 0A this would be a value to search "greater than" for. And when these things has been used up most codes would return to zero "0" or less than.

As for question "edit" one... so far in my RAM hacking experience with brawl these codes have their own memory for each character or a memory that addresses all at once (same with Players, some can work for all and others must be addressed for each one), but this varies final smash glowing could be within the same memory range or not for each characters. Popo and Nana must have some kind of other memory range as far as i am concerned. Can't really tell you more, i am not familiar with hacking the final smashes.

As for edit 2, you shouldnt always be confident that its a 16bit code, sure it can be one but those you mentioned is following in a trend of activators.

If the address changes constantly it might be the colour fs glow thats being changed, wild guess.

If you are starting off with this hack i would advice to search for other codes and try to understand how some codes follows up the same "trend", hack with different methodes and maybe you'll find some codes you didnt even expect to find!

[shadowofchaos]

As for greater than and less than its as simple as thinking about the value going up, lets say that either you start from zero and go up, lets say 0A this would be a value to search "greater than" for. And when these things has been used up most codes would return to zero "0" or less than.

As for question "edit" one... so far in my RAM hacking experience with brawl these codes have their own memory for each character or a memory that addresses all at once (same with Players, some can work for all and others must be addressed for each one), but this varies final smash glowing could be within the same memory range or not for each characters. Popo and Nana must have some kind of other memory range as far as i am concerned. Can't really tell you more, i am not familiar with hacking the final smashes.

As for edit 2, you shouldnt always be confident that its a 16bit code, sure it can be one but those you mentioned is following in a trend of activators.

If the address changes constantly it might be the colour fs glow thats being changed, wild guess.

If you are starting off with this hack i would advice to search for other codes and try to understand how some codes follows up the same "trend", hack with different methodes and maybe you'll find some codes you didnt even expect to find!

Hmm... Thank you again for helping me with this... I don't really have the time to attempt to hack again today... but you're advice is very helpful and I appreciate it!!!

Edit: I still can't see a "Thank you" Button on your post... DX

[Romaap]

I still can't see a "Thank you" Button on your post... DX

Thats because you can only thank once per thread

[hetoan2]

or it's because of his theme. Babylon doesn't have it :|

[matt123337]

or it's because of his theme. Babylon doesn't have it :|

that because most packs are made for SMF default only :(

[Almas]

The data regarding who has a FS could be stored in a couple of locations (for example, once in the character's field saying "I have a final smash", and another elsewhere saying "X has a final smash). Creating an inconsistency by poking only one value could possibly cause a freeze.

I would suggest using Breakpoints of 'write' on the locations of interest to see if you can find the ASM code that prompts the change. That said it may well update every single cycle through memory even if it doesn't change.