Post subject: Do we have any contact with ROM hackers / datacrystal.org?
Joined: 12/17/2004
Posts: 99
Location: Karlsruhe, Germany
The question why I ask this is datacrystal.org has several RAM maps of varying quality for some of the times we TAS here: http://datacrystal.org/wiki/Category:RAM_maps and I had never heard of them before. Seems they are even aware of fadeout timers for Secret of Mana ... http://datacrystal.org/wiki/Secret_of_Mana:RAM_map Maybe we could ask for help with the Super Mario World timeout lag issue? Or even general share our findings with them ... If memory watching is the next generation in TASing, maybe that could be fruitful ... cu Fabian
Post subject: Re: Do we have any contact with ROM hackers / datacrystal.or
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Another site with RAM maps: http://rabirion-web.hp.infoseek.co.jp/address/address-title-list.html#p_top EDIT: Oh, it's 404 now. A pity. I don't know its new address. :-/ Perhaps it's in waybackmachine at archive.org? EDIT2: New address is http://rabirion-web.hp.infoseek.co.jp/address.html
ventuz
He/Him
Player (125)
Joined: 10/4/2004
Posts: 940
I did search ROM / RAM for Hyper Loderunner for level structure and contributed to datacrystal site in hoping for someone to make level editor based on that. But apparently no programmer browse into GB section or something. I can help with searching ROM / RAM (I'm pretty better at that with GB), just ask which game (snes or gb) - or you can try ask Parasyte at gscentral.org, he's expert with hacking any console/handheld. (even NDS)
Active player (411)
Joined: 3/16/2004
Posts: 2623
Location: America, Québec
There was also this site: http://www.infinines.net/wikiram/index.php/ But I guess it has been hacked :(
Banned User
Joined: 12/23/2004
Posts: 1850
If you need ROM Hackers, I know a few... Acmlm, myself (though not very well), and a whole slew of people at http://board.acmlm.org/ ...
Perma-banned
Hoe
Joined: 7/31/2004
Posts: 183
Location: USA
Phil wrote:
There was also this site: http://www.infinines.net/wikiram/index.php/ But I guess it has been hacked :(
I was a sysop on that wiki as well as the main contributer. I have no problems with idle projects, and the creator told me he did not, either. But the end all says he did. I've salvaged most of my stuff aside from my notes on the prng on Tetris. http://red-stars.net/content/NES_misc. http://red-stars.net/content/GBA_misc. Not sure if much is useful in context of speed runs. Luke and my self also do rom hacking.
Joined: 12/17/2004
Posts: 99
Location: Karlsruhe, Germany
Ok, as some of you rom hackers are here. How do you locate the random number generator? I have located a variable, which changes each frame and looks kind of random, but using a "cheat" to set it to a fixed value does not make the game more deterministically in regards to certain events. So there must be something else. So, how in general do you find code (I know asm) or memory addresses, which are responsible for critical hits / bonus rewards / ... Any strategies? @Bisqwit: Have you recorded any information for making the bisqbot for Mega Man? Which strategies did you use? cu Fabian PS: I am "working" on analyzing Secret of Mana, but this applies to any game as well ...
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Fabianx wrote:
@Bisqwit: Have you recorded any information for making the bisqbot for Mega Man? Which strategies did you use?
I analyzed the disassembly like a puzzle. Using the programming expertise, I tried to guess what each memory address could be used for, based on the ways it was used in different parts of the code. Little by little more memory addresses found their meaning, and so did the code. One or two times I resorted to entering a cheat code in the emulator which forces the value of the address into certain value (such as 0) and then observed what happens and guessed what it could mean. There are still many mysteries though, but none that demand my solving. BisqBot utilizes both RAM addresses and the values of CPU registers, such as the PC register which tells which ROM address is being executed.
Player (87)
Joined: 2/10/2006
Posts: 113
Location: US
Fabianx wrote:
How do you locate the random number generator? I have located a variable, which changes each frame and looks kind of random, but using a "cheat" to set it to a fixed value does not make the game more deterministically in regards to certain events. So there must be something else.
First, the Cheat function (if I'm not mistaken) only updates the value at the beginning of every frame. So, the value can still change WITHIN the frame, which would explain the lack of non-randomness you experienced. FCEU has something called "read substitution" which is supposed to take care of this, but it slows down the emulation considerably. FCEU also has a disassembly window in the debugger, which can help you figure out exactly how the game works. Given that snes98xw doesn't have a debugger, the way to determine if you've found the random number generator would be to save a state, then try putting different values in the memory address, and compare results when you enter the same input. In general you can usually figure out what most memory addresses are for by comparing the game's behavior before and after you've changed the memory. If you're using an emulator with a debugger, there's lots of ways to figure out how the random numbers are used. First, you can set a breakpoint whenever the memory address is being written or read. This can give some insight into what it's being used for and how it changes. If you are trying to find the code for a certain event (say, how much damage you are going to do), first try to find a RAM address that changes when the event occurs. Then set a breakpoint when this RAM address is accessed. This will get you to the general spot in the code where the event happens.
Use the force
Joined: 12/17/2004
Posts: 99
Location: Karlsruhe, Germany
Luke wrote:
First, you can set a breakpoint whenever the memory address is being written or read. This can give some insight into what it's being used for and how it changes. If you are trying to find the code for a certain event (say, how much damage you are going to do), first try to find a RAM address that changes when the event occurs. Then set a breakpoint when this RAM address is accessed. This will get you to the general spot in the code where the event happens.
Great! Yeah, thats the usual reverse-engineering process ... :-D Are there any disassemblers for other consoles than NES. Like SNES? And also: When I know that it changes variable 7EE7CD for example, how can I find this address in the ROM. I mean, how is the address format? cu Fabian
ventuz
He/Him
Player (125)
Joined: 10/4/2004
Posts: 940
Using a breakpoint, of course, on that RAM address you have given. Emulator will stop at where it execute making a change to the RAM address, showing you where it stopped in the ROM area. *edit - I had quick and dirty website made about finding "game genie" code and hacking in "game genie" code into ROM, in hoping to increase GB hackers over on www.gscentral.org . It didn't anyway - It's over at http://ventuz.homestead.com/files/gb_gg/gb_gg.html - maybe look at it to give you idea how to do it on other debuggers too.
AnS
Emulator Coder, Experienced player (728)
Joined: 2/23/2006
Posts: 682
Fabianx wrote:
Are there any disassemblers for other consoles than NES. Like SNES?
You mean debuggers? There's good Snes9x mod: http://geigercount.net/crypt/
Fabianx wrote:
And also: When I know that it changes variable 7EE7CD for example, how can I find this address in the ROM. I mean, how is the address format?
It depends on whether it's HiROM or LoROM. And don't forget rom header size. SNES memory adressing is quite a puzzle. :) Read docs for details. http://www.google.ru/search?q=SNES+Memory+Mapping