Posted: 9/8/2018 10:24 AM
Post subject: Finding helpful addresses
Quote
Lil_Gecko
He/Him
Player (94)
Joined: 4/7/2011
Posts: 520
I'm playing on Bizhawk 2.3 PSX. I have an address which update when I press a button. Depending on the frame I pressed it, you're supposed to have 8 differents outcomes possible with a 1/8 chance for each. However, no matter how many time I tried, I got all the 7 other outcomes except the one I want. I know it's possible since I had it on my first testrun in less than 10 tries, but I went back to modify things earlier and now I can't get it anymore. So I think there is another address at play that is different now and forbids me to get it. How can I find which addresses influence this result ? Reverse engineering or something ? What tools can I use ? Thanks.
Posted: 9/8/2018 6:46 PM
Quote
Lil_Gecko
He/Him
Player (94)
Joined: 4/7/2011
Posts: 520
I tried to use the debugger and set a breakpoint. The game paused when the value is written, but then what ? Can't seem to find any tutorial anywhere. But maybe I'm just not good at searching haha.
Posted: 9/8/2018 6:57 PM
Quote
Dacicus
Editor, Player (67)
Joined: 6/22/2005
Posts: 1041
You should use a trace logger to find out what code is executed before the value is written. That can point you to relevant addresses. What emulator are you using?
Current Projects: TAS: Wizards & Warriors III.
Posted: 9/8/2018 7:58 PM
Quote
Lil_Gecko
He/Him
Player (94)
Joined: 4/7/2011
Posts: 520
Bizhawk for the Playstation. I see the Trace Logger but don't understand how it works. EDIT : Should I go before the frame it changes. Press Logging and advance a frame ? EDIT 2 : Ok, when I do that, the address I'm investigating appears in the log, so that seems to be the way to do it. I found this part of the code that does include my relevant address (0x75E26) 
800BF318:  3C018007  lui       at, 0x8007           
800BF31C:  24215E24  addiu     at, at, 0x5e24       
800BF320:  00250821  addu      at, at, a1           
800BF324:  90300000  lbu       s0, 0x0000(at)       
800BF328:  1040001B  beq       v0, r0, 0x800bf398   
800BF32C:  02001021  addu      v0, s0, r0           
800BF398:  8FBF0014  lw        ra, 0x0014(sp)       
800BF39C:  8FB00010  lw        s0, 0x0010(sp)       
800BF3A0:  27BD0018  addiu     sp, sp, 0x0018       
800BF3A4:  03E00008  jr        ra                   
800BF3A8:  00000000  nop                            
800CBB94:  34040002  ori       a0, r0, 0x0002       
800CBB98:  34050003  ori       a1, r0, 0x0003       
800CBB9C:  0C02FB84  jal       0x800bee10           
800CBBA0:  00408021  addu      s0, v0, r0           
800BEE10:  27BDFFE8  addiu     sp, sp, 0xffffffe8   
800BEE14:  2484FFFF  addiu     a0, a0, 0xffffffff   
800BEE18:  00042400  sll       a0, a0, 16           
800BEE1C:  00042403  sra       a0, a0, 16           
800BEE20:  2C820006  sltiu     v0, a0, 0x0006       
800BEE24:  AFBF0014  sw        ra, 0x0014(sp)       
800BEE28:  10400063  beq       v0, r0, 0x800befb8   
800BEE2C:  AFB00010  sw        s0, 0x0010(sp)       
800BEE30:  00041080  sll       v0, a0, 2
Somebody who knows assembly could tell me if I'm looking at the right place, before I tried to make sense of that ?