 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
| 0 users currently in ROM Hacking. |
| Acmlm's Board - I3 Archive - ROM Hacking - Megaman Zero 3: Weapon Hacking |
New poll |  |  |
| Add to favorites | Next newer thread | Next older thread |
| User | Post | ||
Zeld Red Paragoomba                   Since: 11-05-06 Last post: 6281 days Last view: 6278 days |
| ||
| My friend wants me to hack weapon strength in Megaman Zero 3 for GBA. Now that I know that a debugger is a much better tool for finding this data than what I originally planned to do, I decided to set a breakpoint for everytime a value was written to a Boss's HP. So I go and hit the boss, and there's my breakpoint. I disassembled the instruction it returned and didn't see anything that appeared related to subtracting 4 HP from the boss.
I'm not sure what else to try. Or if I even read the instructions my debugger output correctly XD Having failed that attempt, I equipped an "elf" that supposedly increased the strength of my weapon by 1 damage. I tried to isolate a byte that was affected by this increase in the ram and was going to set a breakpoint on it, but I couldn't find such a byte because the thing I equipped to raise my attack power didn't raise it at all. I was still doing 4 damage. Stupid game...*grumble* Somewhere in all that screwing around I did I saw an address whose value was FC. "Oh, hey, that's the same as negative 4. Maybe this has something to do with it." Well, it doesn't. The only thing I found was the ram address that contains the value for which weapon you have equipped in your primary slot. The secondary weapon byte was immediately after. I don't recall tracing that byte, but I probably wouldn't have found what I was looking for anyway. I guess I should just do a generic instruction log from some time before attacking a boss to some time after and look for the arithmetic involved. If the reason I didn't notice any subtraction of 4 previously has to do with my incompetence with assembly then it won't help to do a log, so hopefully that wasn't the issue... If there's anyone who knows a bit about this game and things related to dealing damage or increasing weapon strength that could lead me to some relevant bytes, I'd appreciate it. |
|||
Skreename Giant Red Paratroopa   Since: 11-18-05 Last post: 6284 days Last view: 6277 days |
| ||
| Which weapon, just wondering? The fact that you're looking for changes of 4 suggests the Z-Saber, but I'm not sure.
(A quick cheat search for the original Zero fight led me to the RAM address 0203be44, which controls his life. Is that what you found?) (edited by Skreename on 11-07-06 05:11 PM) |
|||
|
Zeld Red Paragoomba Since: 11-05-06 Last post: 6281 days Last view: 6278 days |
| ||
| In that first paragraph in my first post I mentioned setting a break on write to the Boss's health address. That would be 203be44. I had already made my own gameshark code to fix the value at 1 in order to make one hit boss kills, but gameshark codes are too easy to make, and I wanted to do something challenging.
Yes, I'm starting with the Z Saber. Perhaps I should try a different weapon? Not that it should make a difference... Something weird happened; in my first post I mention that when I tried setting a break-on-write that I didn't find anything useful. I may still haven't found something useful, but I went back to the address my debugger turned up. 8007cbd, if I recall correctly. Here the value is 4. My debugger was giving me a logical shift left instruction of register 1 to register 1 (I don't know what logical shifts do exactly, but since the value was x0409 at the address 8007cbc and in binary 0409 is 000 00 10000 001 001, it moved some value to the left by 16 bits). Is shifting a value left 16 bits the same as multiplying by 65536? Anyhow, I changed the value from 0x0409 to 0x0509, which I calculated to be a change from shifting the data left 16 bits to shifting it 18 bits. Being in the incomprehensive stage that I am, I have no idea why what resulted from this occured, but for some reason the boss I was fighting, Omega, would die in one hit. Typing in 1009 killed ME in one hit when I took damage. Changing it to still other values had no effect at all, and there were a few other values I tested that also killed the boss in one hit. But why is shifting this data just a small amount more or less allowing the boss to die in one hit? It clearly has nothing to do with how much damage I do. If moving something left two bits is the same as multiplying by 4, and I do 4 damage, that would yield 16 damage and the boss was dying in one hit even with 64 HP. I doubt setting a break on read of 8007cbc will help, but like I said, I don't know what I'm doing much at all, so I just try stuff. Edit: Gross. I reported that stuff all wrong. Turns out that changing that byte to 05 was making it shift left 4 more bits instead of 2. That's multiplying by 16, and 16 times 4 is 64. So that could explain the boss's instant death, except setting the byte to 05 doesn't cause the boss to die instantly. Setting the byte to 0x10 causes both the player and the boss to die when damaged. I don't remember what other values I tried or what the results were. I should pay more attention... Edit 2: I was running out of ideas, but I decided to set a breakpoint on the boss's hitstun instead of his HP since HP wasn't getting me anywhere. I tried looking through the rom for values like 4 and fc near the address that the previous breaks kept giving me (8007cbc) and I found this one weird address that controls how many frames the game pauses when you hit the boss. Dunno if anyone who's played this game has noticed it, but when you hit enemies the game's processing pauses for a moment, I assume this is supposed to be a dramatic effect for emphasizing that you damaged the enemy. So, I can change how long that pause lasts. At least I could. I didn't care about it, so I just forgot the address. Anyway, I set a break on write to the boss's hitstun and it gave me an address. The following instructions didn't look fun, so I typed d 8007cd0 in order to disassemble about 16 instructions or so in front of that. At the very bottom of the instructions that were listed I noticed "mov r0, #0x5a". Well, having seen from typing "n" to continue instructions from the breakpoint that 0x5a is the value that goes into the hitstun byte before it decreases back to 0, I quickly discovered that changing the byte at the rom address 8007cf7 from 5a to 00 makes bosses not go into hitstun. At least, bosses that use 203be44 for their HP byte, which is most of them. So now, instead of using a gameshark code to fix boss hitstun to 00, I have this nifty little assembly hack that allows for infinite combos. You can damage the boss as fast as you can push the button. And...well, autofire  .
I STILL want to find weapon data though. Edit 3: WOW that was fast. My Z saber does up to 255 damage now.
I disassembled 16 instructions prior to the hitstun thing and saw "sub r1, r1, r0". Well, I had noticed that when the debugger broke on write-to-203be44 that register 0 had a value of 4, equal to how much damage I did, and register 1 had a value equal to the boss's HP. So I immediately recognized the subtraction as the damage and typed in 3908, for sub r1, x08. And I tested it and my Z Saber did 8 damage. So I added a 1 in front of the 8 and it did 24 damage. This is pretty sick, yeah. Oh, you probably want the address. 0x08007cb8. There you go. Have fun wit dat Edit #472: ARGH NO DON'T HAVE FUN WITH IT Yeah, um, those addresses are dangerous. Just like how that weird instruction I was messing with at 8007cbc, where both the boss AND Zero died in one hit, the hitstun and damage addresses are both tied to Zero and the boss. Setting the 5a to 00 at 8007cf7 makes megaman get infinite combo'd as well, and if you change the instruction at 8007cb8 from subtracting a variable to subtracting an immediate then both Zero and the boss will take that much damage when they are hit. And since there's no hitstun, and the beams omega shoots are uber slow, even just doing 9 damage to me kills me instantly even with my HP at 255 because the damage just stacks so fast...I should go and edit the instruction that loads my Z saber's strength into r0 instead of editing what is subtracted from r1. Stupid me. Another edit: My friend made a game written in C and gave me the script so I could look it over and see if I recognized what each script did. He told me that he programmed the damage calculation so that the player's ship (it was an asteroids type game) would take damage each frame that it was in a collision with a meteor. So, the damage is calculated by how long the player is caught in the collision. By changing the hitstun to 0 and the damage to 1, I've created a similar damage calculation for Megaman Zero 3. Unfortunately, omega's beams move slowly and are big enough to do around 7 damage per hit. And my HP caps at 16. This is not good XD I think I like this version of damage calculation better than the version with hitstun, although infinite hitstun codes are fun to make and games without hitstun take that away. 
Uber Edit: Ok, I took full advantage of the "last" option of VBA-H to track how much damage I do to the address 203a8ef. I wasn't finding anything storing to that address within a few previous instructions, so I set a break-on-write there. It turned up some nice results, but then I traced my damage to another ram address, 203a905. I was starting to get a bit pissed off, so I set another break on write at that address. This time, instead of disassembling a few instructions before my result to look for a store, I noticed a rom address in the registers and went to it. There was all my damage values right there. Of course, all the values were double the amount of damage you actually do in the game, because, as I noticed during my tracing, damage is halved during the calculation process. So unless you were to edit this part of the process to make damage not be halved, the most damage you can do by editing your weapon strength is 127. Here's the address I've logged so far: 835b89d - Z Saber Neutral Aerial Strength 835b898 - Z Saber Neutral Ground Strength In my Minish Cap weapon hack I included a log of part of the damage routine for those interested. Well, the parts of the damage routine for Megaman Zero 3 are so long and spaced apart that it'd be more of an annoyance than a cure for curiosity. (edited by Zeld on 11-08-06 07:06 PM) (edited by Zeld on 11-08-06 11:26 PM) (edited by Zeld on 11-08-06 11:28 PM) (edited by Zeld on 11-08-06 11:40 PM) (edited by Zeld on 11-08-06 11:53 PM) (edited by Zeld on 11-09-06 12:17 PM) (edited by Zeld on 11-09-06 12:31 PM) (edited by Zeld on 11-11-06 04:09 PM) |
| Add to favorites | Next newer thread | Next older thread |
| Acmlm's Board - I3 Archive - ROM Hacking - Megaman Zero 3: Weapon Hacking |
| |
