Post subject: Memory mapping in mario64
Tgg12321
He/Him
Joined: 4/21/2018
Posts: 2
Hello all, first time posting here. I'm fairly interesting in TAS, and have been tinkering around in Mupen64 and MHS and have just been having a ball, but I really have no idea how to go from blindly tinkering to actually making productive content. My first question is in regards to mapping out the memory games such as super mario 64. If my terminology is incorrect, by all means correct me moving forward. What I am referring to is doing something like this: https://www.smwcentral.net/?p=nmap&m=sm64ram I am mostly wondering how exactly people go about extrapolating this information from the game. Are these values found by digging through the assembly code primarily? Or searching through the hex editor and manually piecing together information? Perhaps a concrete example is more appropriate. I loaded up a level of super mario 64 in mupen64. I then loaded up MHS, opened the process, then loaded an MHS save file I found online that had several of Mario's variables already mapped out. His speed, xyz positions, etc. That all worked perfectly. So my initial question is how did the original creator of this save file discover these variables? Continuing on, I wanted to see if I could map out all of a bomb-ombs variables myself, similar to Mario. I had no real idea how to go about this. I knew that I could find the bomb-ombs location via brute force by simply standing on the same plane as it, and searching the hex editor for all instances of the same number as marios Y-pos. At that point it was easy enough to figure out which of the results was the bomb-omb, after picking it up and throwing it around. From there, I at least knew where some of the bomb-ombs data was in memory, and could map out a handful of other variables in this way. But the whole time I was fairly certain I was doing this very wrong, not to mention that if I hadn't started with the foundation someone else had given me, I would have had actually no clue where to start. To clarify, I recognize reverse-engineering code is no easy task, and is a field of computer science in its own right. But I'm not necessarily trying to figure out what functions are associated with what variables, or trying to decipher how or why the bomb-ombs variables move yet. I just want a snapshot of all the bomb-ombs variables at any given time, similar to who that save file had for Mario. Sorry if that was a little over-blown for what might be a very simple question with a simple answer. I just wanted to make what I'm looking for very clear, because I'm not having the easiest time finding this kind of information online. Thanks yall
Editor, Experienced player (854)
Joined: 5/2/2015
Posts: 696
Location: France
This ties in mostly to reverse-engineering. There is a great page on this: http://tasvideos.org/ReverseEngineering.html and I have a small example of how it can work in practice: http://tasvideos.org/forum/viewtopic.php?t=19515. There are quite a few people more skilled as me as well who might post in this thread about this. Mostly, the idea is being able to work out how things work (usually with very little information). Usually it requires an intuitive understanding of how your specific target works, how games and programming work in general, as well as some knowledge of the platform. But you can already figure out things with more "primitive" tools without going full disassembly - RAM search is very useful for this. Reverse engineering is not very intuitive and pretty hard; much like looking in a dark room with yourself stumbling everywhere. But once you get a flicker of light, suddently the room becomes a little more clear; you can see the outline of things, and if you're clever figure out what they are right away. Eventually, the whole room is lit, and you move on to the next dark room.
Tgg12321
He/Him
Joined: 4/21/2018
Posts: 2
Thanks xy2_ for the response. I had actually seen both those links before posting, and I did find your example to be one of the more useful resources. I fully expected there to not be an easy answer, but I didn't want to waste my time fumbling around in a dark room if there was an easier solution I just didn't know existed.
MESHUGGAH
Other
Skilled player (1918)
Joined: 11/14/2009
Posts: 1353
Location: 𝔐𝔞𝔤𝑦𝔞𝔯
Question 1: My guess is that some people found a few variables using RAM Search and then used a debugger or trace logger to move on the structure of these variables. Question 2: So your method was: 1. You had mario's Y position 2. You moved mario to match his Y position with bobombs position 3. You found probably thousands of variables that were also useful I have two tips for this method: 1. You can also use cheat or poke the memory to make mario's Y position to a distinct number (a number that doesn't occurs that much, let's say 1499) 2. You can filter results also by discarding other addresses. For example, if you know bobomb didn't moved between 2 frames, you can search for "unchanged" values. The same way you could search "increased" value instead of simply "changed" value.
PhD in TASing 🎓 speedrun enthusiast ❤🚷🔥 white hat hacker ▓ black box tester ░ censorships and rules...