Monster Hunter Tri [RMHE08] [NO ONLINE CODES OR YOU WILL GET BANNED]

[dcx2]

Hey Stuff, you see how you couldn't put ??? without it making a smiley?  When you're posting (or modifying a post), you can click "Additional Options" and then check "Don't use smileys".  it's also useful when numbering things, because 8) is another smiley.

[Stuff]

WOOOOOO! That's some juicy info. It took me a while to understand what you were saying. I did a search for "Omen" while doing a los quest(why I didn't do this before is beyond me). Everything is there. In 2 locations... But I'm not too sure about the first one after looking at the quest id addresses I saved.
90204B60
9023F780 <--liking this one
there was one in the 80s, but it looks like it was an extreme coincidence.
amidoinitright? Just taking wild...uh..educated guesses but, if so, you should add "0028-0029 = Quest id" to your notes if it's not already there.(I can try to help, right? >.>) I think I can figure the rest out. I'll poke around and see what happens later. I give you many thanks. I didn't get the quest timer though. It didn't seem to be doing anything.
Right now I'm being distracted by weapon names. Weapon names are weird. They aren't consistent. They each start somewhere and have a space(00000000) in between. I couldn't make a funky formula for it. :/ I guess I could go through each weapon. Shouldn't be too hard. I stopped after shadowbinder(P) -14x(forgot how many 14s I subtracted) lead me to (Y) at that first address.

shadowbinder(P) name change
07668AEC 00000013
AAAAAAAA AAAAAAAA
AAAAAAAA AAAAAAAA
AAAAAA00 00000000

AAs are each characters you want to use for it's new name. For this one, you can't go past 19 characters. Otherwise you'll get thenameyouchoseShadowbinder (G). It's probably different if you mess with another weapon. Anyway, it seems that as long as you leave just one 00 in between each weapon, it's safe. None of that \/
http://geckocodes.org/index.php?arsenal=3# So you can convert ascii to hex. 19 ascii characters!
[spoiler][/spoiler]
See? It works. That was with 20 AAs.
That's all I have right now. I was gonna list all of the weapons eventually. Don't tell me you have weapon and armor names mapped out too. >.<
I mainly wanted it for the weapon modding codes. I made Wyvern Blade "Verde" but it still says "Fire" and that's just corny.


And thanks dcx2. I didn't know that '>.>. That's very useful. Sometimes it does get annoying when I see ????? in my post. You learn something new everyday.

[Skiller]

WOOOOOO! That's some juicy info. It took me a while to understand what you were saying. I did a search for "Omen" while doing a los quest(why I didn't do this before is beyond me). Everything is there. In 2 locations... But I'm not too sure about the first one after looking at the quest id addresses I saved.
90204B64
9023F784 <--liking this one
there was one in the 80s, but it looks like it was an extreme coincidence.
amidoinitright? Just taking wild...uh..educated guesses but, if so, you should add "0028-0029 = Quest id" to your notes if it's not already there.(I can try to help, right? >.>) I think I can figure the rest out. I'll poke around and see what happens later. I give you many thanks. I didn't get the quest timer though. It didn't seem to be doing anything.
Right now I'm being distracted by weapon names. Weapon names are weird. They aren't consistent. They each start somewhere and have a space(00000000) in between. I couldn't make a funky formula for it. :/ I guess I could go through each weapon. Shouldn't be too hard. I stopped after shadowbinder(P) -14x(forgot how many 14s I subtracted) lead me to (Y) at that first address.

shadowbinder(P) name change
07668AEC 00000013
AAAAAAAA AAAAAAAA
AAAAAAAA AAAAAAAA
AAAAAA00 00000000

AAs are each characters you want to use for it's new name. For this one, you can't go past 19 characters. Otherwise you'll get thenameyouchoseShadowbinder (G). It's probably different if you mess with another weapon. Anyway, it seems that as long as you leave just one 00 in between each weapon, it's safe. None of that \/
http://geckocodes.org/index.php?arsenal=3# So you can convert ascii to hex. 19 ascii characters!
[spoiler][/spoiler]
See? It works. That was with 20 AAs.
That's all I have right now. I was gonna list all of the weapons eventually. Don't tell me you have weapon and armor names mapped out too. >.<
I mainly wanted it for the weapon modding codes. I made Wyvern Blade "Verde" but it still says "Fire" and that's just corny.


And thanks dcx2. I didn't know that '>.>. That's very useful. Sometimes it does get annoying when I see ????? in my post. You learn something new everyday.

ya i have all the weapon names .. its how i riped them out of the game for the Digit mods .. :P
i cant remmeber how final alot of this info was that im posting .. its a bit messy on my end .. lol
here is a bit more QUest stuff ..

Quests section 901DB4a0

Area List
01 - Moga Forest
02 - Desert
03 - Swamp
04 - Snow Mountain
05 - Volcano
06 - Great Desert (Shen-Moran Area, doesn't work! Why?)
07 - Ocean Arena (Naval Deus Area)
08 - shows land arena, but the real one is 09 so...?
09 - Land Arena
0A - Water Arena
0B - Shrine (albatorion area)
0C - shows water arena, but the real one is 0A so

-----------------------------------

some more unreleased info .

Armor

Spacing = 0x18
8088F780 - 80890398 = Vests    (81)
808903C8 - 80890F50 = Gloves   (7B)
80890F80 - 80891B20 = Belt      (7C)
80891B50 - 808926D8 = Pants   (7B)
8088EA48 - 8088F750 = Headgear (8B)
808926F0 - 808926F0 = Talismans (8)


Weaons

Spacing = 0x18
Swords  80897878 - 80898118   (5D)
Knifes  80898148 - 808989B8   (5B)
hammer  808989E8 - 808991C8   (55)
lsword  808991F8 - 808995E8   (2B)
axe     80899618 - 80899BB8   (3D)
lance   80899BE8 - 8089A4E8   (60)


Crafting 808927E0 - 8096F60

ahh hell i will just upload my Txt file . ;) note many ppl will have this much detail on this game ..


Edit .. here something etls i had mapped out

Code Select Expand


------ID ----Type ???????? ???????? PosX---- PosY---- PosZ---- RotX---- Roty---- RotZ----
00000022 00000001 FF010101 00000000 43776C00 440C179B C561DCD1 00000000 FFFFAC00 00000000 FF000000 00000000

803A8044
None
Rathian
Rathalos
Qurupeco
Gigginox
Barioth
Diablos
Deviljho
Barroth
Uragaan
Jaggi
Jaggia
Great Jaggi
Baggi
Great Baggi
Lagiacrus
Royal Ludroth
Ludroth
Gobul
Agnaktor
Ceadeus
Uroktor
Delex
Epioth
Alatreon
Jhen Mohran
Jellyfish
Aptonoth
Popo
Rhenoplos
Felyne
Melynx
Fish
Altaroth
Kelbi
Giggi Egg
Bnahabra (Blue Wing)
Bnahabra (Orange Wing)
Bnahabra (Green Wing)
Bnahabra (Red Wing)
Stones

[TheRealSneakers]

Yeah. There was that off code for both. I personally like to have a switch so I can't turn codes on/off with the same combo. And you can set those codes to the classic controller. Just go to the mod digits page. ex:

28?????? MMMMXXXX
code
CC000000 00000000 <--switch
code <--usually the off code.
E0000000 80008000

But in this case I don't know if a switch would be better. Up to you.

Yeah, I put those thee in, there you can custom the controller and which buttons used. I made the insta-kill ZL and reduce to 1HP ZR...in fact, I found if I press one effect, pressing the other turns off the one, and turns on itself...but I used that turnoff code and made it L, figure it would be the better placed button to have set for turning off either effect.

Thanks for the codes, they work nicely together. :)

No...if only I can find a code to ease of fish getting away on me on the One Piece Unlimited Adventure(NTSC) and both Unlimited Cruise(PAL) games... :D

[dcx2]

Right now I'm being distracted by weapon names. Weapon names are weird. They aren't consistent. They each start somewhere and have a space(00000000) in between. I couldn't make a funky formula for it. :/ I guess I could go through each weapon. Shouldn't be too hard. I stopped after shadowbinder(P) -14x(forgot how many 14s I subtracted) lead me to (Y) at that first address.

shadowbinder(P) name change
07668AEC 00000013
AAAAAAAA AAAAAAAA
AAAAAAAA AAAAAAAA
AAAAAA00 00000000

I have seen this in Tales of Symphonia, too.  The trick is that while all the individual strings for the weapon names are located somewhere (e.g. 81668AEC), somewhere else is a "weapon table".  For every weapon, it will have things like a pointer to the name string, maybe a pointer to a description string, stuff like that.  So if you do a search for any 81668AEC in memory, you might find this weapon table.

I actually exploited this to make lists.  I dumped the item table and all of MEM1, then I wrote a small app which would read each entry in the item table, go grab the strings from the MEM1 dump, and print it out in a nice pretty table.  http://wiird.l0nk.org/forum/index.php/topic,8455.0.html

The reason you see a lot of 00 is because it is a null terminator; it represents the end of the string.

[Stuff]

Oh man, Skiller. I must thank you again. That's more than enough info for me. Until I find something else interesting.

dcx2, that was some really great advice. I made a typo when I searched for 81668AEC so I was having trouble finding it at first, but then I saw what I was searching for. The pointers are listed really nicely one after the other. You don't even want to know what I was thinking of doing before I saw your post. >.< And the descriptions are listed right after the weapon names table. I don't have an app like the one you made, though. I guess I could get back into C++ and try to make something real fast. But it won't be real fast. But I wanna do it! lol.

null terminator makes more sense. I was actually thinking it was space, but space is 20.

@TheRealSneakers: You can use more than 1 button for your activator, you know. I'm sure it'll get annoying when your swimming that the codes activate and deactivate while you scroll through items.

[dcx2]

You could use a pointer to indirectly refer to the weapon names by their number.  Q = weapon number, R = size of each element in the weapon table array in bytes, S = the address of the first element in the weapon table, T = the weapon name string.

80000001 00000QQQ
86100001 00000RRR
4A001001 SSSSSSSS
18000000 00000013
TTTTTTTT TTTTTTTT
TTTTTTTT TTTTTTTT
TTTTTT00 00000000
E0000000 80008000

Also, if you're interested, I can give you my C# app that I use.  It's a bit messy, because every time I need to make a new table I just make another copy of main().

[Stuff]

I do like gecko registers, but the weapon names aren't evenly spaced. The spoiler below shows what I mean. So R*Q+S isn't going to give me the Qth weapon. Also, you used a slider. That's not gonna do a 13 byte string write. :p
[spoiler][/spoiler]

Well I wanted to make the app for the learning experience. I already had a somewhat psuedocode ready. And I was gonna try to make it just use the one MEM dump since for the most part, everything would be in the 80s. I think. But I wouldn't mind using your app for now. I wouldn't have been done anytime soon. I never did anything with hex. Shouldn't be a big deal, but I also have to do a little bit of reviewing.

I saw this in a folder and I'm gonna ask cuz this has been bugging me forever.

[spoiler][/spoiler]
00 is his current hp, 04 is his max hp, and then there's 0C. >.> It's always the same as the max hp no matter what I'm fighting.(unless I modify it) Anyone know what it is?

Also, I found out what the weird numbers were next to the quest ID in 9023F7AC. I noticed it wasn't just 0E-0F. I put it in Ascii view and it said Hunt a Rathalos. Guess that's that.

[dcx2]

oops, I used 18 instead of 16.

Anyway, it will in fact work.  What you're doing is using R*Q+S to select the right pointer, and then use 16 to write to the address from that pointer.  I was off one level of indirection; this one uses a 48 instead of 4A..  And not all weapons will have that many letters, so that really sucks.

80000001 00000QQQ
86100001 00000004
48001001 SSSSSSSS
16000000 00000010
TTTTTTTT TTTTTTTT
TTTTTTTT TTTTTT00
E0000000 80008000

[Stuff]

Oh ok. That's pretty neat. So 48 takes the value in SSSSSSSS(+gr1 in this case) and uses that as the pointer? I guess that would work. I guess if you know how long the weapon's default name is, you could add about 3 more characters to the name. Assuming they all have 00000000 directly after the string. Now the problem is finding out what weapon is what. The table lists everything and I think it skips N/A weapons. So it would be ok to use the sword mod digits, I think up to the 1st N/A. I could've divide the table up for each type, but N/A might mess that up. It's not a big deal though.

With the Gecko registers, I can't use the same one for more than one code, can I?

you should add "0028-0029 = Quest id" to your notes if it's not already there.

A correction to that statement. I started from the wrong address, so it's actually 2C-2D. But 2C-2D is the quest id. 2E is where the  main objective text starts.

[dcx2]

With the Gecko registers, I can't use the same one for more than one code, can I?

The codes are executed sequentially by the code handler.  So two codes in a row can use the same gecko register, as long as they don't expect the value to remain unchanged between calls to the code handler.  These codes only temporarily use gr1 so it's safe to re-use it.

Check this out.  We can patch the weapon table pointers to point at entirely new names which are living in the code handler, instead of over-writing where the name currently lives.  Then it doesn't matter how big it used to be, your names can now be arbitrary length.  T = Weapon name, S = address of the pointer to over-write in the pointer table.  For example, S might be 81666B20

68200003 00000001
TTTTTTTT TTTTTTTT
TTTTTTTT TTTTTTTT
TTTTTT00 00000000
82200002 80001850
84200002 SSSSSSSS

This code uses a gosub code type to do two things: 1) put a pointer to the new string into block 1, and 2) Skip over the text so that it's not executed as codes (skips 3 lines, in this case).  Then, it reads block 1's pointer (which is [80001850]) into gr2.  Finally, it writes gr2 to the address S.

EDIT:

switched to gr2, to minimize ambiguity in where each number is coming from.  Before, I used gr1, but there may have been confusion because I was also using block 1.

[Stuff]

Alright then. Here's another codetype I haven't used yet. That's pretty awesome. But I don't understand how 68 works. I think it's 68. When did 800028C8 get written to 80001850? I copied the code and it worked fine. \/

[spoiler="I don getit"][/spoiler]

[spoiler]80001800   524D4845   30380000   80002774   00000000
80001810   8000282C   00000000   00000000   00000000



800028C0   68200004   00000001   53747566   6620646F
800028D0   65736E27   74206765   74206974   2074686F
800028E0   75676820   3E2E3E00   82200002   80001850
800028F0   84200002   81666B24   286593DC   FF6F0090[/spoiler]
It's just that 800028C8. The code never mentioned that address ever. And it's just there. There's stuff after the text too. Is it safe to assume that it's ok to put stuff there?

Stuff doesn't get it though >.> (Iron Sword)
68200004 00000001
53747566 6620646F
65736E27 74206765
74206974 2074686F
75676820 3E2E3E00
82200002 80001850
84200002 81666B24

I'll do the R*Q+S after I understand this.

[dcx2]

Haha, to be honest, I never used a 68 code type either.  >.>  Y.S. showed me the 60 code type (return) to chain code lists together.  That was the first time I ever used the blocks.  Then I saw your complaint about text length limitations and it just kinda hit me.  At first I was going to use a 4E and a 66 (Goto), but when I saw 68 (Gosub) I remembered the 60 return trick.

When you send codes, the data that you send is stored in the Wii's memory as the code list.  The 68 code can be used to get a pointer to the next code line (i.e. a pointer to your string).  The codes live very low in memory hence the low address for the pointer (80002XXX).  Also, the 68 code writes it to a given block.  Blocks are 64-bit chunks of memory that are used for the Gosub/Return/Repeat code types.  Block 1 lives at 80001850 (EDIT: for typical code handlers, 1.9.3.x)

So, the 68 code is what wrote 800028C8 (pointer to your string) to 80001850 (block 1).  EDIT: the 68 code type also told the code handler how many lines to skip.  This prevents your string from being executed as a code.  Without it, the code handler would try to do a "53" code, a "65" code, etc.

The 82 code then loads the pointer from block 1 and the 84 code writes it to the weapon table address.

To R*Q+S this, you'll probably need to put the R*Q into gr1, and then you can do po = gr1 + S.  Then you can use 94 to write gr2 to the po.

EDIT:

Oh yeah, in case you didn't know, the database has an arsenal for doing ASCII<->Hex conversions.  It's on the right side.  http://www.geckocodes.org/index.php?arsenal=3

EDIT2:

Oh yeah, do you see [80001810] = 800028C8?  That's where gr2 is.

[Stuff]

Ah ok. 68 makes some more sense now. It's still weird, but I'll fully understand it eventually.

I thought gecko registers were before blocks. Like grF was in 8000184C or something. Well whatever. I guess it's safe to use that space.

I've been using that convertor all along. I can't do ascii<->hex conversions in my head. :p

I don't think I would need to use a different register to do R*Q+S. Cuz if I change the ba/po before loading the pointer from b1 it should just work, no?

Stuff doesn't get it though >.> (Iron Sword)
68200004 00000001
53747566 6620646F
65736E27 74206765
74206974 2074686F
75676820 3E2E3E00
80000002 00000QQQ
86100002 00000004
4A001002 81666B24
82200002 80001850
94210002 00000000

That should work. I'll try it out in a little bit. I'm still using gr2 to avoid confusion, but I understand that gr1 and b1 are different and which lines use them.

EDIT: Well that didn't work. :/ it never wrote to the table. So I guess 2 registers then.

[dcx2]

Yes, you can re-use gr2 to "copy and paste" the pointer after it has been used to R*Q+S.  Your code looks pretty good.

Close.  gr0 = 80001808.  gr1 = 8000180C.  Each gr is 4 bytes.  grF = 80001844.

b0 = 80001848.  b1 = 80001850.  Each block is 8 bytes.  The first 4 bytes are the pointer, the second 4 bytes are...uh...something about repeat.

The code handler owns everything between 80001800 and 80003000 so all of that memory is safe.  The gr and blocks are at the beginning; then the code handler's ASM; and at the end is the code list.