Tales of Symphonia: Dawn of the New World [RT4PAF]

[Patedj]

Here I am thinking I should port this................... GOD BLESS dcx2! Where should I start dcx2? Anyone?

[dcx2]

haha...what in particular would you like to port?  There's a lot of codes...

I can send you a MEM1 dump of NTSC, and you could use the dump loading feature of Gecko.NET to try to port codes yourself.

[Patedj]

sounds like a start. I'm still unsure about which code though. I'm thinking the one that will make most pal players happiest. but which one would that be?

[hireplas]

a code in my opinion that made EVERYBODY happy, was the unlocking leveling up for richter and lloyds "team"

Unlock Lloyd & Co. for leveling [dcx2]
C209F828 00000003
2C030000 4082000C
38600001 7C7FF1AE
80010024 00000000

Changes to levels are permanent, but if you don't use the code they won't level anymore

[Patedj]

Awesome! Which one was next?

[dcx2]

I'm going to split the PAL porting discussion into the PAL thread...this thread is getting big enough as it is, heh.

[Patedj]

Code Porting
[spoiler]Unlock Lloyd etc for leveling v2 [dcx2]
C209FC0C 00000003
88040000 2C000000
4082000C 38000001
98040000 00000000[/spoiler]

Function NTSC
[spoiler]8009FB60:  9421FFE0   stwu   r1,-32(r1)
8009FB64:  7C0802A6   mflr   r0
8009FB68:  2C040000   cmpwi   r4,0
8009FB6C:  90010024   stw   r0,36(r1)
8009FB70:  BF61000C   stmw   r27,12(r1)
8009FB74:  7CBB2B78   mr   r27,r5
8009FB78:  7CDC3378   mr   r28,r6
8009FB7C:  7CFD3B78   mr   r29,r7
8009FB80:  7D1E4378   mr   r30,r8
8009FB84:  7D3F4B78   mr   r31,r9
8009FB88:  41820074   beq-   0x8009fbfc
8009FB8C:  4BFFD939   bl   0x8009d4c4
8009FB90:  2C030000   cmpwi   r3,0
8009FB94:  4182005C   beq-   0x8009fbf0
8009FB98:  8803005C   lbz   r0,92(r3)
8009FB9C:  901B0000   stw   r0,0(r27)
8009FBA0:  A8030074   lha   r0,116(r3)
8009FBA4:  901C0000   stw   r0,0(r28)
8009FBA8:  A8030076   lha   r0,118(r3)
8009FBAC:  901D0000   stw   r0,0(r29)
8009FBB0:  A8030078   lha   r0,120(r3)
8009FBB4:  901F0000   stw   r0,0(r31)
8009FBB8:  801B0000   lwz   r0,0(r27)
8009FBBC:  2C000000   cmpwi   r0,0
8009FBC0:  4180000C   blt-   0x8009fbcc
8009FBC4:  2C000006   cmpwi   r0,6
8009FBC8:  4180000C   blt-   0x8009fbd4
8009FBCC:  38600000   li   r3,0
8009FBD0:  48000014   b   0x8009fbe4
8009FBD4:  3C60802D   lis   r3,-32723
8009FBD8:  54002036   rlwinm   r0,r0,4,0,27
8009FBDC:  386360A8   addi   r3,r3,24744
8009FBE0:  7C630214   add   r3,r3,r0
8009FBE4:  A0030004   lhz   r0,4(r3)
8009FBE8:  901E0000   stw   r0,0(r30)
8009FBEC:  48000048   b   0x8009fc34
8009FBF0:  38000000   li   r0,0
8009FBF4:  901B0000   stw   r0,0(r27)
8009FBF8:  4800003C   b   0x8009fc34
8009FBFC:  1C03000C   mulli   r0,r3,12
8009FC00:  3C60802D   lis   r3,-32723
8009FC04:  38636108   addi   r3,r3,24840
8009FC08:  7C830214   add   r4,r3,r0
8009FC0C:  7C0300AE   lbzx   r0,r3,r0
8009FC10:  A0640002   lhz   r3,2(r4)
8009FC14:  90050000   stw   r0,0(r5)
8009FC18:  A0040004   lhz   r0,4(r4)
8009FC1C:  90660000   stw   r3,0(r6)
8009FC20:  A0640008   lhz   r3,8(r4)
8009FC24:  90070000   stw   r0,0(r7)
8009FC28:  A004000A   lhz   r0,10(r4)
8009FC2C:  90680000   stw   r3,0(r8)
8009FC30:  90090000   stw   r0,0(r9)
8009FC34:  BB61000C   lmw   r27,12(r1)
8009FC38:  80010024   lwz   r0,36(r1)
8009FC3C:  7C0803A6   mtlr   r0
8009FC40:  38210020   addi   r1,r1,32
8009FC44:  4E800020   blr   
[/spoiler]

Used DeltaMaker  and got C20A1F00 + Did a search on mulli: 8009FBFC:  1C03000C   mulli   r0,r3,12

Function Pal
[spoiler]800A1E3C:  9421FFE0   stwu   r1,-32(r1)
800A1E40:  7C0802A6   mflr   r0
800A1E44:  2C040000   cmpwi   r4,0
800A1E48:  90010024   stw   r0,36(r1)
800A1E4C:  BF61000C   stmw   r27,12(r1)
800A1E50:  7CBB2B78   mr   r27,r5
800A1E54:  7CDC3378   mr   r28,r6
800A1E58:  7CFD3B78   mr   r29,r7
800A1E5C:  7D1E4378   mr   r30,r8
800A1E60:  7D3F4B78   mr   r31,r9
800A1E64:  41820068   beq-   0x800a1ecc
800A1E68:  4BFFCC6D   bl   0x8009ead4
800A1E6C:  2C030000   cmpwi   r3,0
800A1E70:  41820050   beq-   0x800a1ec0
800A1E74:  8803007C   lbz   r0,124(r3)
800A1E78:  38800000   li   r4,0
800A1E7C:  901B0000   stw   r0,0(r27)
800A1E80:  A8030094   lha   r0,148(r3)
800A1E84:  901C0000   stw   r0,0(r28)
800A1E88:  A8030096   lha   r0,150(r3)
800A1E8C:  901D0000   stw   r0,0(r29)
800A1E90:  A8030098   lha   r0,152(r3)
800A1E94:  901F0000   stw   r0,0(r31)
800A1E98:  801B0000   lwz   r0,0(r27)
800A1E9C:  28000005   cmplwi   r0,5
800A1EA0:  41810014   bgt-   0x800a1eb4
800A1EA4:  3C608045   lis   r3,-32699
800A1EA8:  54002036   rlwinm   r0,r0,4,0,27
800A1EAC:  38631838   addi   r3,r3,6200
800A1EB0:  7C830214   add   r4,r3,r0
800A1EB4:  A0040004   lhz   r0,4(r4)
800A1EB8:  901E0000   stw   r0,0(r30)
800A1EBC:  48000044   b   0x800a1f00
800A1EC0:  38000000   li   r0,0
800A1EC4:  901B0000   stw   r0,0(r27)
800A1EC8:  48000038   b   0x800a1f00
800A1ECC:  1C03000C   mulli   r0,r3,12 Search result
800A1ED0:  3C608045   lis   r3,-32699
800A1ED4:  38631898   addi   r3,r3,6296
800A1ED8:  7C0300EE   lbzux   r0,r3,r0 My thought on what it should be congruent with
800A1EDC:  90050000   stw   r0,0(r5)
800A1EE0:  A0030002   lhz   r0,2(r3)
800A1EE4:  90060000   stw   r0,0(r6)
800A1EE8:  A0030004   lhz   r0,4(r3)
800A1EEC:  90070000   stw   r0,0(r7)
800A1EF0:  A0030008   lhz   r0,8(r3)
800A1EF4:  90080000   stw   r0,0(r8)
800A1EF8:  A003000A   lhz   r0,10(r3)
800A1EFC:  90090000   stw   r0,0(r9)
800A1F00:  BB61000C   lmw   r27,12(r1) DM address
800A1F04:  80010024   lwz   r0,36(r1)
800A1F08:  7C0803A6   mtlr   r0
800A1F0C:  38210020   addi   r1,r1,32
800A1F10:  4E800020   blr   
[/spoiler]

Pal Code VA ->VB -> VC
[spoiler]lbz r0,0(r4) --> lbz r0,0(r3)
cmpwi r0,0
bne- 0x0C
li r0,1
stb r0,0(r4) --> stb r0,0(r3)

Correction
lbzx r12,r3,r0
cmpwi r12,0
bne- _END
li r12,1
stbx r12,r3,r0
_END:
lbzux r0,r3,r0


C20A1ED8 00000003
88040000 2C000000
4082000C 38000001
98040000 00000000

To

C20A1ED8 00000003
88030000 2C000000
4082000C 38000001
98030000 00000000

To Correction

C20A1ED8 00000004
7D8300AE 2C0C0000
4082000C 39800001
7D8301AE 7C0300EE
60000000 00000000


[/spoiler]
Freezes --> Successful (most likely bugged) ---> Successful

[Patedj]

Code Porting
[spoiler]Everyone can reach level 255 [dcx2]
082D60BC 00FF0000
20040010 00000000
082D60C4 802D5788
20040010 00000000
082D5AAC 0099967E
20370004 0000FFFF
082D60C0 00D09647
20040010 00000000
0409F8FC 3C6000D0
0409F900 60609647[/spoiler]

NTSC Functions x6 [spoiler]or 7? 802D5788[/spoiler]
Too big to dump them all completely
[spoiler]082D60BC: .word 0x00c80000    802D60C0:.word 0x0098967f    802D60C4: lwz r1,22408(r13)
[spoiler]802D5788: .word 0x00000000[/spoiler]
082D5AAC: .word 0x008f9bc1    082D60C0 :.word 0x0098967f    0409F8FC:lis r3,153  0409F900 :subi r0,r3,27009  [/spoiler]
Pal Functions


Pal Code[spoiler]
VA
0845184C 00FF0000
20040010 00000000
08451854 802D5788
20040010 00000000
0845123C 0099967E
20370004 0000FFFF
08451850 00D09647
20040010 00000000
040A1BF0 3C6000D0
040A1BF4 60609647

VB
0845184C 00FF0000
20040010 00000000
08451854 80450F18
20040010 00000000
0845123C 0099967E
20370004 0000FFFF
08451850 00D09647
20040010 00000000
040A1BF0 3C6000D0
040A1BF4 60609647[/spoiler]

VA unsuccessful?[spoiler]Triggered the code when Everyone is at 200. Exp Next 1,804,918,247 and stays the same after a battle.[/spoiler] VB-> Successful  

[Patedj]

Code Porting
[spoiler]Encounter Roller v3.1 [dcx2]
Part1
0401C888 80031B5C
0401CC14 41820020
284D755A DFFF2000
0401C888 38000001
0401CC14 60000000
E0000000 80008000
Part 2
C201C088 00000018
A0841C1C 48000009
00000000 7D2802A6
3D80804D A14C755A
A10C755E A0E900C2
3CA0802E 60A5DCF8
71402000 4182008C
7C8700D0 71001310
4082000C 71404000
41820058 280A2200
4182004C 28078000
40800050 280A2010
4182000C 280A6010
40820014 38E70001
2C0704EA 40810008
38E00001 280A3000
4182000C 280A7000
40820010 34E7FFFF
41810008 38E004EA
7CE43B78 B08900C2
28078000 41800014
808D89A8 34E40000
40800008 38E00000
1C07001A 7C050214
90090000 00000000
Part 3
C20BB9B4 00000003
3800FFFF 2C000000
41800008 90030000
80030000 00000000
Part 4
C201CC7C 00000003
3734FFFD 4181000D
7F2802A6 8339FF18
2C14000F 00000000
Part 5
C201CC94 00000002
3F208031 63390528
38600000 00000000
Part 6
C201C8D8 00000003
A0631B62 28190064
4180000C 1C140002
7C79022E 00000000
Part 7
C201C944 00000003
8872001C 28190064
4180000C 38140008
7C7900AE 00000000
Part 8
C201CC24 00000003
7CA02850 28190064
4180000C 1C140002
7CB9022E 00000000
Part 9
C201CB58 00000003
A8B20024 28190064
4180000C 38140010
7CB900AE 00000000
Part 10
C201CBA0 00000003
A8B2002A 28190064
4180000C 38140014
7CB900AE 00000000[/spoiler]

Needs dis-ciphering
Processing...
[spoiler]Part 1 Done
0401C888 = 04061670
80031B5C = 800343B0
0401CC14 = 04061650
Remote [spoiler]284D755A[/spoiler] = Remote[spoiler] 286D28E2 [/spoiler]
[/spoiler]
[spoiler]Part 2
C201C888 = C2061670
...... [/spoiler]
[spoiler]Part 3
C20BB9B4  = 801814D8[/spoiler]
[spoiler]Part 4
C201D0E8 00000003
3731FFFD 4181000D
7F2802A6 8339FF18
2C11000F 00000000
[/spoiler]

[spoiler]Part 5
8001CC94 = .... [/spoiler]

[dcx2]

Regarding the first code...that's weird how it changed.  But there's something important that you missed which might cause some bugs.  The original ASM is an lbzux.  The u means update.  In this case, the u means that r0 will be added to r3, in addition to lbzx.  But you don't add r0 to r3, which means you could have some problems.  You should do this instead.  Use the same hook address.

lbzx r12,r3,r0
cmpwi r12,0
bne- _END
li r12,1
stbx r12,r3,r0
_END:
lbzux r0,r3,r0

---

Regarding the second code...yikes!  The "everyone can get to level 255" code patches *data*, not ASM.  08 codes are almost always data codes.  The last two 04 codes are ASM patches, though.

Look at the NTSC dump for this address.  802D60BC  I think you should find a 0xC8 there.  0xC8 = 200 = the max level for Emil and Marta.  Underneath you'll see the values for the various monster's max levels.  What I do is write 0xFF over the level value, which allows you to level up to 255.  The 08 code then proceeds to write 0xFF over the other levels.

You can probably find this data in your dump by looking for the 00C80000 which has the other levels in the same vicinity.

The next 08 points to the level table.  You'll need to find the EXP level table for your game; just use the one that corresponds to Emil and Marta, so that everyone uses their table.

The next 08 extends the existing EXP level table by another 55 levels, each level requiring 65535 more EXP.

I believe the next 08 code specifies the max EXP possible.

I'm not sure what the 04 codes are patching.  I seem to have left that out of my notes.   :(

---

Regarding the third code...lol, good luck, that code is insanely complex with a *lot* of ways to screw it up, and there are a ton of addresses to port.  There are an incredible amount of tricks to the code's ASM, and it must be compiled with PyiiASMH in Raw mode.  You'll just have to read my notes and the corresponding comments.  For the latest revs I have a different source, see attached.

Really, you should try to port an easier roller first.  Try the Strategy Roller or Party Roller instead.

[Patedj]

Like you said, the encounter one is simply difficult.
If anyone is interested in trying it out. here's the NTSC's Bin [spoiler]http://www.mediafire.com/?jpj6321ph3x3r43[/spoiler] And here is the Pal's [spoiler]http://www.mediafire.com/?6577b7xc7tj56y4[/spoiler].
I cannot seem to find the appropriate places for now to port them to. There's too many changes for me to do it on the fly. This code demands time and appropriate cognition.

[Deathwolf]

no the instructions are the same. you just need the original value of this address and search for it on PAL.

7C0300AEA064000290050000 are your porting values.

[dcx2]

It is not merely "simply difficult".  I did a lot of crazy stuff.  The whole code through all its versions probably took over 20 hours.  Many of these tricks come from brkirch and Y.S.  Some of them are my own.

I have multiple C2 codes which reference data in other C2 codes using a few bl tricks and labels to calculate offsets automatically despite using multiple different hooks.  Multiple C2 codes require building the codes Raw in PyiiASMH.  This also means using some other tricks to get the C2 line and count the number of code lines and make sure that we leave a 00000000 for the code handler's back-branch.

I also manually added a few WiiRD codes at the beginning with the .int directives; a classic anti-code + button activator.  These were some instructions that need patched to make sure the data is displayed properly; for instance, I use Next EXP to show the number for an enemy, but if you are at your max level then Next EXP is -----, so one of these codes patches the ASM to force showing the value anyway.

There are three different functions being hooked; one which displays the number of encounters, and it does the rolling.  One which loads the encounter at the start of a fight.  The last displays information at the menu screen, such as your level and HP/TP etc, and this one function is hooked seven times.

The value for encounters can be seen when you press Z.  It serves two purposes: 1) if it is positive, the "forcing" is disabled, you will enter encounters normally, and the encounter represents the number for the last battle you were in.  2) if negative, the "forcing" is enabled and the encounter represents the number for the battle you will force.

This code is also self-modifying, over-writing one of its own instructions (in a different C2 code!) as part of the rolling.

I also dynamically calculate a pointer to the correct encounter and store it to one of the C2 codes, and then the other code loads the pointer and hijacks the display to show what's in the encounter.  The roller can also scroll and wrap.  I used a few tricks to shorten it, such as combining a bl with a bgt- to get a data pointer.  I used an addic. as a combined "mr and cmpwi".  I also needed to make sure encounter data only showed for slots 1-4.  And the @h and @ha and @l for loading variables.

You would need to port more than just C2 addresses, too.  Fortunately, most of them are .set at the start of each C2.  The button address would need ported, so would the base pointer for the encounter table, and the encounter value itself (for me, it was located at -30296(r13), for you it will be located somewhere else but still relative to r13).  Also the original value of r25, and this is assuming that the assembly didn't change significantly.

It's also written in a certain order, so that I can make v1 (just the roller, no display) and v2 (roller + display monster types, no count/levels), just by removing C2 codes from the end.

[Deathwolf]

your mean "loading into addresses" with lis and ori (lwz), rlwinm and bl's which are branching to a new address? Why you don't write 06 ASM string codes? would be much easier for porting...

[[C201C088]] 00000018 8001C088
A0841C1C 48000009
00000000 7D2802A6
3D80[[804D]] A14C755A 804D
A10C755E A0E900C2
3CA0[[802E]] 60A5[[DCF8]] 802EDCF8
71402000 4182008C
7C8700D0 71001310
4082000C 71404000
41820058 280A2200
4182004C 28078000
40800050 280A2010
4182000C 280A6010
40820014 38E70001
2C0704EA 40810008
38E00001 280A3000
4182000C 280A7000
40820010 34E7FFFF
41810008 38E004EA
7CE43B78 B08900C2
28078000 41800014
[[808D89A8]] 34E40000 808D89A8
40800008 38E00000
1C07001A 7C050214
90090000 00000000

[dcx2]

The only way to make this code is by using the source code I posted.  Don't try to take the C2 code through a disassembler and look at the results.  There is so much meaning that is lost when you do that.

Just use the source code, seriously.  And BTW, I should mention again since I guess you didn't read it; this code has multiple C2 codes in it, hooking three different functions, one of them seven times.  If you don't build it from source you will screw it up.

EDIT:

btw Patedj, your first code (unlock Lloyd etc v2), I think you missed my note in my first post in this thread, about how it might have a bug.