Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
1 user currently in Rom Hacking: |
Acmlm's Board - I2 Archive - Rom Hacking - Mario 64 - Amazing Stuff | | | |
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
stag019 Snifit Level: 23 Posts: 263/299 EXP: 62259 For next: 5464 Since: 06-10-05 From: C:\Documents and Settings\stag019\Desktop Since last post: 9 days Last activity: 7 hours |
| ||
Why not try downloading Nemu64, That's what I use, and it hasn't failed me yet. For some weird reason though, I can only open a ROM on the dekstop. Anyways, go to Plugins, then Dubugger: Memory. The rest is self explainitory. And about the Mario thing, I don't know. I'll edit this post with some RAM addresses I found a coupla days ago, later. Edit: I wonder if we'll be able to hack the crap out of this game by September 29, 2006... Well Anyways, 8033B17C 8 digits, defines what mario is currently doing. 04001301, put that in when you're outside, and peach will start reading her letter! Put 0C400201, and Mario will stop moving completely! You can use this to exit the level at anytime! 20810446, that will put Mario on a shell! 380022C0 means Mario's in water. 08100340, hanging on a tree. 00100345, handstand. 03000888 long jump. 20001306, lakitu talking. 20001305, Bowser talking. What a coincidence. Try putting in the address at that address. Even more later. (edited by stag019 on 08-08-05 05:09 PM) (edited by stag019 on 08-08-05 05:10 PM) (edited by stag019 on 08-08-05 06:33 PM) |
|||
eNathan Goomba Level: 8 Posts: 8/33 EXP: 1773 For next: 414 Since: 08-07-05 From: United States, but does it matter? Since last post: 1 day Last activity: 8 days |
| ||
You have some nice addresses there. Your Mario 64 hacking ownage. I will definitely download Nemu64 and give it a go. I will have to check out the memory addreses you found too btw. By the way, I have been wanting to find the addreses to mario's velocity. I have searched for ints and floats with no luck. I can maybe try some reverse engeenering. I can opened up the ROM in a hex editor and look for the string "EXIT COURSE", the look for where its used, and then check out the asm code. I was thinking I could check there for mario's velocity but it might use a different address. Would you happen to know the addresss? In the mean time I will be looking for it too :> "04001301, put that" What value do you set to put it? I am assuming its a boolean Thx again for those addresses |
|||
VL-Tone Red Cheep-cheep Level: 23 Posts: 153/200 EXP: 64158 For next: 3565 Since: 06-06-04 From: In the Moon! Since last post: 5 days Last activity: 2 hours |
| ||
Hey sorry guys, I won't be able to post much today and tomorrow and in the next few days. (I hope the glue on the topic will hold!) The main reason is that Metroid Cubed, on my page, was featured on g4tv's "Attack of the show". Yeah, Metroid Cubed was seen on mainstream TV I got like 10,000 visitors in one day and it generated like a 100+ threads and blog entries everywhere on the Web. So now I have too many emails to reply to, and since I got a couple of offers for a domain name and hosting, I'm currently busy negotiating the details of it. |
|||
BGNG Snifit Level: 22 Posts: 231/276 EXP: 56579 For next: 1771 Since: 06-03-05 Since last post: 8 days Last activity: 3 hours |
| ||
And MIO0 didn't have anything to do with it... Oh well. I'll find some OTHER way to get people to worship me. Have fun. (-: | |||
MooglyGuy Newcomer Level: 4 Posts: 3/5 EXP: 152 For next: 127 Since: 05-01-05 Since last post: 81 days Last activity: 80 days |
| ||
Okay, honestly, the amount of misinformation in the past two pages has been utterly astounding: eNathan: You obviously have no idea what DMA means. DMA does not mean Dynamic Memory Allocation. Yes, for many modern games memory is allocated on-the-fly - however, early N64 games such as Super Mario 64 did not make use of this, and any address that you locate in RAM will always serve the same purpose for the same bit of code. This isn't to say that the same location doesn't serve different purposes, but when dealing with a given subroutine, the memory locations it accesses will be the same at all times. The real meaning of DMA is Direct Memory Access. It is a method of performing block transfers of data across the bus of a given system without it having to be CPU-driven. It is most often used for burst transfers between main RAM and a peripheral - block-copying data from the cartridge's address space into RAM, from main RAM into the RSP's IMEM and DMEM, from main RAM into an audio buffer, and so on and so forth. This is advantageous in that the CPU does not have to halt all operations and manually copy the data byte-by-byte - the DMA hardware will typically steal clock cycles to transfer data when the CPU is not otherwise occupying the bus. Sukasa: Having been hacking N64 Gameshark codes for the past five years, I can tell you that the Gameshark's memory editor only has access to the first four megabytes of KSEG1 (0x80000000 through 0x803FFFFF). Despite the fact that you can conceivably enter in any address, it will simply not accept any address that is not in that range. Several years ago when I was conferring with Codemaster of GSCCC, he apparently found that Gameshark codes can, however, modify memory outside of that range, and using a one-shot FF-type code it is possible to force the Gameshark to allow you to enter any address. Unfortunately, the only user-visible range is the first eight megabytes of KSEG1 (0x80000000 through 0x807FFFFF). You can attempt to view the cartridge memory space in the 0xBnnnnnnn range, but as the Gameshark was not originally designed to do this, you won't get an accurate view, every other byte will be wrong. The Crimson Chin and Cellar Dweller: BZZZZT, wrong about the NOP after a branch instruction. It has nothing to do with a sub-optimal compiler. The reason is that the MIPS line of processors (for instance, the R3000A used in the Playstation and the R4300i used in the N64) make use of what is called a "delay slot". Due to their pipelined architecture, the MIPS line of processors will always (except for certain particularly arcane circumstances) execute the instruction that directly follows a branch instruction before the branch itself completes. Therefore, it behooves the compiler or code author to place a NOP (or, alternatively, the last non-branch instruction in a function) directly after the branch instructions so that the code does not go awry. For instance, the following code: ADDIU R3, R0, 0xAAAA BEQ R0, R0, 0x80000180 ADDIU R3, R0, 0x5555 Should, if you are not familiar with the MIPS architecture, branch to 0x80000180 with 0x0000AAAA contained in R3. However, due to the branch delay slot, it in fact branches to 0x80000180 with 0x00005555 contained in R3, as the instruction immediately following the branch is executed before the branch is completed. This has been today's installment of "The more you know..." |
|||
eNathan Goomba Level: 8 Posts: 21/33 EXP: 1773 For next: 414 Since: 08-07-05 From: United States, but does it matter? Since last post: 1 day Last activity: 8 days |
| ||
"You obviously have no idea what DMA means." You obviously have no idea what I was reffering too. First of all, the DMA I was talking about does stand for dynamic memory allocation. I can give you many links to game hacking sites which refer to it with that definition. Secondly, I was talking about DMA becuase when I use Project 64, and search it's memory, the variavles ARE dynamicly allocated. Every other time I load Project 64, the addresses have changed. This my freind is indeed, Dynamic Memory Allocation. Sorry for the misunderstanding, but I have no idea why you think I am wrong. We might be thinking of two totally differerent things here, as I am reffering to accesses the memory from another processes (using Read/WriteProcesesMemory). As I said before, I think we are talking about two accurate definitions of DMA. Hope this doesnt turn into some big unnecessary arguement btw it sounds like you know alot about the MIPS procesesor, I was woundering if any other systems (besides N64) use MPIS? |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 239/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by MooglyGuy I know about the delay slot, and I'm sure that HyperHacker(currently "The Crimson Chin") does too. If you had looked at the decompiled functions(which I admit contain errors) that I linked to you would have seen that I properly identified the loads following the JAL instructions as loading one of the arguments to the functions. What seems to be unoptimized are the branches with an offset of one instruction that are always taken. If they serve any useful function, we'd like to know what it is. |
|||
MooglyGuy Newcomer Level: 4 Posts: 4/5 EXP: 152 For next: 127 Since: 05-01-05 Since last post: 81 days Last activity: 80 days |
| ||
Originally posted by eNathan Depends on what systems you mean. Most Silicon Graphics workstations made between 1988 and 2004 are based around MIPS processors, the notable exceptions being the Altix, Prism, 320, and 540 systems. As for game consoles, the Playstation 2 is based around a MIPS R5900 processor (and its IOP is an R3000A for Playstation compatibility) and the PSP is based around dual MIPS R4000-like processors. There have also been various noteworthy arcade game systems based around MIPS processors, the Atari/Midway Seattle board (Bio Freaks, CarnEvil, Hyperdrive, NFL Blitz, NFL Blitz '99, NFL Blitz 2000, California Speed, MACE: The Dark Age, and Vapor TRX) is based around a MIPS R5000 processor, Killer Instinct 1 and 2 run on an R4600 processor, the Atari/Midway Vegas board (Gauntlet Legends, Road Burners, War: Final Assault, CART Fury, Gauntlet: Dark Legacy, NBA Showtime, NBA Showtime Gold, NFL Blitz 2000 Gold, and Sportstation) is based around a MIPS RM7000 processor, the Atari Denver board (SF Rush 2049, SF Rush 2049 Special Edition, and SF Rush 2049 TE) is based around a MIPS R5000 processor, and the Atari Flagstaff board (SF Rush, SF Rush The Rock - Alcatraz Edition) is based around a MIPS R5000 processor. Also of note is Police Trainer (a generic light gun arcade game), which is based around a MIPS R3000A processor. As for DMA, perhaps in the game hacking industry (because we all know that they set the world's standards) it is known as "Dynamic Memory Allocation", but here in the real world of computer science it is known unequivocally as Direct Memory Access. Also, it's worth pointing out that while some N64 games do dynamically allocate memory, Super Mario 64 is not one of them. The same part of memory may be used differently at different points in time, mind you, but that is not the same thing (that's better known as a code overlay). Your assertion that it does, in fact, dynamically allocate memory when used in Project 64's debugger or whatever is duly noted. However, it should be duly noted that given the way N64 emulators behave, it is not a safe bet to assume that the game will operate the same way on actual hardware. Cellar Dweller: Ahh, now I see what you mean. That's typically a cheap way to flush the pipeline. |
|||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 1617/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
Mooglyguy: Wow, you know a lot. I'll let you take over the GS v3.3 part of this, since you seem to know a lot more about the GS than I do. Cya later guys. | |||
MooglyGuy Newcomer Level: 4 Posts: 5/5 EXP: 152 For next: 127 Since: 05-01-05 Since last post: 81 days Last activity: 80 days |
| ||
Actually, Sukasa, probably a better arrangement would be for me to answer technical questions but for you to do the GS legwork, since mine apparently did not survive the trip in the moving van down to Orlando. | |||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 1618/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
Which version was it? That sucks, though. Anyways, I haven't gotten much done with the GS codes, someone else has been on the Gamecube, so no go for the N64. |
|||
stag019 Snifit Level: 23 Posts: 272/299 EXP: 62259 For next: 5464 Since: 06-10-05 From: C:\Documents and Settings\stag019\Desktop Since last post: 9 days Last activity: 7 hours |
| ||
Originally posted by SukasaWhatever happened to me? And Sukasa, I really need you to try to make that second Mario in SM64 thing again. If you manage to do it, don't give only the bytes you changed (or think you changed), but give all bytes in a the area. |
|||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 1619/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
I hate to tell you this, but it would be almost impossible for me to do that. The one byte I gave you isn't enough, somewhere else I corrupted something, which is what mad the mario appear. Sorry, but I couldn't do it again if I tried. | |||
stag019 Snifit Level: 23 Posts: 273/299 EXP: 62259 For next: 5464 Since: 06-10-05 From: C:\Documents and Settings\stag019\Desktop Since last post: 9 days Last activity: 7 hours |
| ||
Sure you could, but the odds are very low. I dumped the RAM from they foyer, and from the mirror room, so hopefully this'll help. I'm working on a doc to show the differences. | |||
Kyoufu Kawa I'm not bad. I'm just drawn that way. Level: 70 Posts: 1957/2481 EXP: 3008456 For next: 7355 Since: 03-19-04 From: Catgirl Central Since last post: 14 hours Last activity: 13 hours |
| ||
Here's my two cents. It's a handy (if not incomplete) list of values for Mario's personal state machine. Don't know if this is useful now, but you never know.
|
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 6383/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
I presume you got that from the debug readout?Originally posted by VL-Tone Wait... So common objects like coins and trees are defined in the MIO0 file, while object-set-specific objects such as Goombas and Bob-ombs are defined in the uncompressed object data? That would explain why some are in the MIO0 file and some aren't. Originally posted by Sukasa F1791E02 0000 F1791E06 807F F1791E36 0000 F1791E3A 807F Will allow viewing of all addresses from 80000000-807FFFFF, which AFAIK is all you can accurately view with the GS. (If not, look around those addresses in memory; you'll see some 8000s which define the high part of the lowest address; the 807Fs in those codes define the high part of the highest address.) |
|||
Kyoufu Kawa I'm not bad. I'm just drawn that way. Level: 70 Posts: 1982/2481 EXP: 3008456 For next: 7355 Since: 03-19-04 From: Catgirl Central Since last post: 14 hours Last activity: 13 hours |
| ||
Originally posted by The Crimson ChinYes sir, yes I did. And I might even go out and fill the gaps. |
|||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 1690/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
That's pretty good Kawa, but how do we use that in-game? @HH: I'll try those codes. |
|||
Kyoufu Kawa I'm not bad. I'm just drawn that way. Level: 70 Posts: 1989/2481 EXP: 3008456 For next: 7355 Since: 03-19-04 From: Catgirl Central Since last post: 14 hours Last activity: 13 hours |
| ||
Originally posted by SukasaNot at all. I just had time to waste and decided to throw in something that was NOT a request to look into the DS version. Speaking of which, I'm too damn lazy to look for a MIO0 address for the Battlefield's geo data as to compare it myself. Hype? |
|||
VL-Tone Red Cheep-cheep Level: 23 Posts: 155/200 EXP: 64158 For next: 3565 Since: 06-06-04 From: In the Moon! Since last post: 5 days Last activity: 2 hours |
| ||
Hi there! I'm back from the moon! I'm still a little busy on other things, but here is a quick cool hack I did: Here is the IPS patch, to be used on a normal order (ABCD) US Mario 64 ROM http://pages.infinit.net/voxel/Mario64PeachHead.ips Yeah, it's Mario with Peach's head She even blinks The only big limitation here is that it only works outside the castle... If you go inside the castle or levels with this patch, very weird things can happen to Mario's head, so be warned! I'll try to answer questions before they are asked (as usual). Q: Can you make Peach's head bigger? A: No, I don't know how to do this (yet). Q: Can you change Mario's head to, let's say a Goomba? A: Yes I can change the head to a Goomba, but only in a level that has them. In theory, outside of the Castle, I could make Mario's head into Yoshi's head, if it's not stuck to his body. But I don't know where Yoshi's geometry is. Q: Could you change Mario's body to Peach's body? A: I don't know if Peach even has legs in Mario 64, and that could be a problem Q: What does the IPS patch changes? A: At 127CBC in ROM, it replaces:
with:
Q: How can I change it myself to other things? A: It's complicated, for now, and you cannot change it to objects not used in a level and this is a limitation of the game. Some other problems include that some objects will appear sideways as Mario's head. I'll try to explain how it was done soon. Kawa-oneechan: Really neat data you got there about Mario's moves It will be useful for sure! Wouldn't that be fun if one day the motion capture data from SM64 is cracked and that some people start to record new moves for Mario? Sure it requires a motion capture device, but ping pong balls and a few cheap cameras can do the trick! By the way Bob-Omb's Battlefield geometry is in the MIO0 file at 003FC2B0. The level (1) layout starts at 405A60. Command 3908 loads the "other" object layout data that is inside the MIO0 file (coins etc.) This is the one that has two sets of 256 objects that are mostly documented. Each one of these objects is 10 bytes, the first two bytes being for horizontal rotation and type, then X Y Z in 16-bits signed integers, and the last two bytes are some parameter. Since you guys documented types for these objects using a sign as a basis, which used a specific parameter, it broke some objects that crashed when this parameter was used. The [!] boxes of a single type can have a different content and color depending on which value is used as a parameter. I've began integrating these objects into my editor. Back in the main layout data for Level 1 that starts at 405A60: The 180C command will load the different MIO0 files for the level, and the 170C command points to the "geometry layout" data for this particular MIO0 file. The geometry layout data is using yet another set of commands and is also uncompressed in ROM. "15" commands like those pointing to Mario's head, point to an address inside a specific MIO0 file in RAM that is the starting point for the geometry data itself for a particular part or animation frame. That's all for now Have Fun! |
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Rom Hacking - Mario 64 - Amazing Stuff | | | |