Posts for Jigwally

1 2 3 4 5
Posted: 2/13/2019 4:34 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Couldn't you test this by writing an Lua script that alerts you to any memory addresses that are read prior to being written to?
Posted: 2/13/2019 4:05 PM
Post subject: Mass glitch hunting through Regex searches?
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Hi, I'm still very new to this kind of thing so I apologize for how amateurish this entire post probably looks but I wanted to run a general concept I had by you guys: I wanted to have a way to search for shared code (such as the functions I worked out while disassembling Little Mermaid), so I converted the entire NES/SNES libraries into txt files containing their equivalent hex strings & started looking for games with the same structures by searching the hex opcodes. Unsurprisingly I got several hits for other Capcom games from the same time frame. But then I was thinking, if you had a general idea of a glitch & how it happens in code, could you not do a mass search for other games with similar code to discover more games with the same glitch? At first this seemed kind of impossible to me because of how many different ways code can be written and how much you have to know about the game code already to know if a glitch can be performed, like the theorizing about making a TAS by brute forcing every input. But then I learned about regular expression searches which allowed me to search for templates of code rather than exact code, & I actually managed to get some successful hits lately. The specific glitch I tried to find first were games where simultaneous L+R/U+D causes odd behavior. I know this is usually because the game attempts to index a value from outside an intended table, like how the U+D climbing trick in SMB2 is due to the game using an opcode as a velocity value. I tried to examine multiple ways this could be written into code. I see that when games retrieve input they vary in whether the directional values appear in the high or low nybble of memory so I tested for both. My first "successful" hit was actually for Super Mario Bros 3, for a function that indexes an incorrect value on simultaneous L+R/U+D presses. But on closer inspection it was part of a leftover debug thing disconnected from the rest of the game. But then I tried a combination I hadn't before (29 C0 2A 2A): AND #$C0, ROL, ROL [or 29 30 2A 2A] I haven't tested every game in the list to figure out what the hit was for exactly & if it was meaningful, but several of the games I tested out had obvious effects: Back to the Future - Pressing U+D causes Marty to trip on nothing, pressing L+R+U causes him to shoot backward (I guess this was already used in the TAS but I didn't know until I got a hit for it) Shadow of the Ninja - Causes moonwalk animation (probably already known) Captain America and The Avengers - pressing U+D on the pause screen causes a graphical glitch Spelunker 2 - When pressed during gameplay you reset back to the title Championship Pool - This one is the most interesting. L+R/U+D (on either controller) seems to completely crash the game after 8 frames. Specifically this glitch causes stack addresses to be overwritten. This glitch is too chaotic for me to understand yet but through random testing I was able to perform a skip from the title screen to a menu you don't normally go to, so I think there's some kind of glitch TAS potential here. I haven't investigated every game on the list but the fact that I got so many hits for this specific glitch in a single search makes me think I'm on to something and that I'll find other instances of them doing something interesting if I dig deeper & because I know the Kirby Super Star ending skip TAS is built on this premise I tried to do a similar search through the SNES library. I got a hit for shared code in KDL3, but because that game has no ladders I'm not sure where, if at all, that code is executed. I'm very new to SNES disassembly & I don't understand SA1 tracing so I don't know how to approach that yet.
Posted: 1/25/2019 2:05 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Not sure. There are a lot of things you can potentially do with RNG manipulation, like successfully making unfair trades, having disasters happen in enemy cities, having enemy officers die of old age on the earliest possible year, getting officers to defect to your side, or baiting other cities into attacking you then capturing all their officers in the process. The main strat would be getting your AI commanders to do all the battles on their own so they're all won automatically without ever having to perform any hex battles. Scenario 3 would probably be the best to win with as well, because even though you start with slightly more cities in Scenario 4 the player gains control of Napoleon's relatives which just costs you more time when you'd rather be using them for AI attacking. England's total sea control is an issue but there's a tactic you can do where you let them capture your coastal city then immediately recapture it, which costs them a lot of ships. Basically, AI commanders will NEVER attack by sea unless they have sea control. So it's possible that you could work the RNG in your favor to sail to England, avoid Nelson, and capture one of their cities. And taking out England as soon as possible would be a great advantage. But you would have to be the one to initiate it and would have to manually go through the hex battle. It's very hard though, there are so many possible things to consider each turn and the RNG is very difficult to predict. I was trying to work out all the exact calculations pertaining to battle so that I could find the thresholds for certain events, like the most power your city can have and still get attacked. But there are a ton of functions and I've only worked out a portion of the code.
Posted: 1/24/2019 6:01 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
What kind of gamepad are you using?
Posted: 1/24/2019 5:58 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
I changed my strat slightly. Instead of pointing to France's gold, I point to $9C/$9D (Controller 1&2 input values) so by entering in the correct input I can manipulate any RAM value I want. First very unoptimized TAS: https://www.youtube.com/watch?v=2O8BoTzMsBg Didn't bother doing any RNG manip to avoid all the lengthy AI stuff + I spent more months than necessary getting the checksum just right.
Posted: 1/19/2019 5:30 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
DUDE FRICK YES
Posted: 1/19/2019 5:20 PM
(Edited: 1/19/2019 8:06 PM)
Post subject: L'Empereur
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Hi, I've been trying to do thorough disassembly of this game and though I'd like to do a "normal" TAS at some point I think I've discovered the basis for a save corruption ending warp. I know that there isn't the capacity for mid-frame resets in NES TASes yet but I want to work it out now for when there is. The 2-byte checksum at the end of save data is the sum of every byte transferred to the save (this sums to more than 2 bytes so it rolls over multiple times). Then when it loads the game it sums all the bytes again and only loads the file if the value matches. So if you try to overwrite one save file with another and reset halfway through the file will be corrupt and won't load. However, if you were to reset at a moment where all the bytes in the half-overwritten save file add up to the saved checksum, you should be left with a file that loads properly. The usefulness of this is that I can potentially access vital game addresses and edit them directly in order to trigger the ending. I do this by creating a glitched officer. The first two bytes of every officer's data section is the address of the next officer in whatever list that officer is in. If there is an officer data stored there, and I overwrite a single byte of it with another officer's address, the end result will be that I get a new address. For example: If the officer next in the list is St.Cyr (22 61) and I reset right after I've overwritten the first bit with that of Victor (6E 60), I will get a new officer with base address 0x616E. Normally the addresses 0x616E and 0x616F are used for the high byte of Bessieres' next officer and the 1-byte ID for his nation. But when assembling a list of officers the game will take these two values as the address of the next officer in the list. So let's say these fields contain 0x61 and 0x00. The game will use the data from 0x61-0x6F to create a new officer. It will continue filling the list like this until it lands on a 2-byte value equal to zero (final officer in list) or crashes, sometimes because it's stuck in an infinite loop (if you get linked back to an officer already in the list for example) So somehow I have to use this capacity to create a glitch officer that, through this daisy-chaining, links to an address that is useful for me to modify. The stat I'm looking for specifically is 0x6FEB. When this is set to 3, the game advances to the ending. So how I might do it: 1) Create a saved game 2) Overwrite that saved game with another, creating a glitched officer address. 3) Overwrite that saved game with yet ANOTHER in order to fix the checksum (making sure that the next reset happens before your previous change is overwritten). 4) SOMEHOW from the above method & daisy-chaining address, create a link to an officer in Napoleon's city with base address 0x7070. This is the address for the gold in France's treasury. 5) Make sure that this amount is 28645 (0x6FE5). Now the next officer in the list will have base address 0x6FE5. 6) On your next city turn, choose "Rest" to end the turn, but use luck manipulation to have a Ball occur. This is a random event that boosts the Loyalty, Morale and Experience for each officer in your city by a random amount. Specifically, have the new officer gain the maximum of three experience. Each officer's experience address is an offset of 6 from their base address. So by increasing this by 3 you set address 0x6FEB to 3. 7) The game will now advance to the ending. Alternate: 5) Set amount to 28640 (0x6FE0). 6) Give glitched officer 3 cannons.
Posted: 1/16/2019 12:44 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Took a quick look at it, Found the section mentioned previously by Alyosha: FE85 INC $002A FE87 CLC FE88 LDA $002A FE8A ADC $0023 FE8C STA $002A FE8E JMP $FE85 It looks like all of the rest of the game's code is run during the frame interrupt and when the RTI opcode gets called the game returns to its prior position in this loop where it continues to do nothing but continually advance RNG value by 1 plus the global frame counter at $23 until the next interrupt. You are right though, I looked at consecutive RNG values while letting it run on the title screen and odd ones are favored more heavily (~2/3). I don't have an exact explanation why, it just seems like a quirk of how it gets added. But since the RNG value for consecutive frames is dependent on how long it spent in this loop, that would suggest to me that you could alter RNG by causing the game to run different code & go through a different # of CPU cycles during the frame interrupt. This could be why player input has an effect on it; you are causing different segments of code to run. This also appears to be the only function that directly changes $2A. I set a breakpoint for writes to $2A + a forbid for the segment $FE85-$FE8E, and it didn't trigger once during the entire TAS playback.
Posted: 1/1/2019 9:57 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
I can confirm from playing this previously that delaying the game start changes the random map pattern
Posted: 12/26/2018 4:44 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Thanks, added link
Posted: 12/17/2018 12:44 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
My first draft is 138 frames faster than the current TAS. I need to improve the Ursula fights, I lost 78 frames on them. Other than that I've improved every level. http://tasvideos.org/userfiles/info/51926926619766635
Posted: 8/28/2018 9:23 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Discovered something interesting with the Eel fight (& possibly other fights): The crab spawns usually take either 60 or 120 frames before they start walking & can be bubbled, which is determined by RNG. However the RAM value used for this is also used as a timer for bubbled enemies to determine how long they stay in place before they start floating upwards. This value freezes in place once the bubble is grabbed by Ariel. What this means is, if a crab is spawned in the slot previously occupied by a bubbled enemy, it will use the preexisting timer value instead of wiping it and randomly generating a new one. So if the bubble had 100 frames left on its timer when it was grabbed, if the bubble is popped and a crab spawns in the now "empty" slot it will take 100 frames for it to go to its walking phase. You can actually see this happening in the published TAS. In the third pair of crabs their timers ($46B and $46C) are preset at #$69 and #$B4 respectively because these were the previous timer positions of the bubbles previously occupying these spots.
Posted: 8/12/2018 4:27 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Sometimes I've seen people make "humanly possible" TASes under the name of "Human Theory TASes" They don't get published here but they can be useful for speedrunners as a realistic lower bound for RTA times I think sometimes even new routes and glitches can be found when restricting yourself in this way
Posted: 8/12/2018 4:24 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
How did they make that video then? I thought that lsnes was the only emulator that could do subframe stuff right now
Posted: 8/12/2018 3:14 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Possible small improvement: Your x and y subpixel values carry over from the end of the boss fight to the start of the next level. So you could possibly shave some frames by maximizing/minimizing these in advance
Posted: 8/6/2018 7:04 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
http://tasvideos.org/userfiles/info/48979630092480048 19 frames cut to start
Posted: 8/6/2018 4:39 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Thanks for putting this in the original thread, I tried to find it earlier but couldn't I've learned some things looking through Randil's notes that will help me out
Posted: 8/6/2018 3:33 AM
Post subject: Disney's The Little Mermaid
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Hi, I'm looking at the current TAS and I noticed that two of the boss fights (Shark and Walrus) have fairly trivial improvements that are already used in RTA runs. For the shark you wait on throwing the 3rd fish at him until he reappears at the other side, & hit him on the same frame that the 2nd set of fish is spawned. For the walrus you have to save the 2nd shell he gives you from the first cycle and hit him with it on the same frame that he spawns the 3rd shell. Otherwise you are just delaying them from these spawns. I think McBobX might have done this for mid-fight RNG manip but I have been doing disassembly of this game and I'm confident enough in my understanding of how the RNG advances that I can prevent this from being necessary. The RNG is 4 bytes ($E4-$E7) which are automatically advanced each frame, but are also altered a certain way each time they are pulled by something requiring an RNG check. So to alter RNG you can either simply wait a certain number of frames before entering the boss screen, or you can vary which frame you pass by an enemy that uses an RNG check to cause the RNG to diverge differently. I also suspect that the RNG for most of the other bosses could be manipulated to be faster. For example, at the Seahorse boss the diagonal velocity that the enemies are shot at is an RNG check. In Ursula 1 the arc that the enemies are thrown at (the initial direction/velocity + the height they reach before falling) are also their own RNG calculation. One more consideration, if you are within 20 pixels vertically of the Shark there is a 50% chance he will not spawn the fish that cycle. I've only just recently begun to learn how to do game disassembly but this is a game I'm very passionate about so I'm really hoping I can make some practical use of what I've decoded so far.
Posted: 7/31/2018 6:08 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Yeah ty
Posted: 7/30/2018 6:07 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Thanks I found I could work around it by looking at the # of frames waited for the RNG according to the Lua output window and just redo it manually
Posted: 7/29/2018 1:45 PM
Post subject: Having desync issues on TAS attempt
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Hi, I've suddenly been having new desync issues while trying to work on a TAS of L'Empereur. I am trying to manipulate some very rare (1% chance) events to happen and am using Bobo the King's brute force script. It eventually finds the successful frame but when I stop & save the movie and replay it it keeps desyncing at the spot where it originally had success. There are a couple things I thought might be affecting it: 1) There was a save game file I had from earlier testing that was still there when I started the TAS. I deleted it and started from scratch. 2) I thought maybe there was some kind of error being introduced from the fact that I had been reloading savestates from breakpoints. I was using breakpoints to double-check the % chance of the events happening midframe & then loading back to the previous savestate. I completely closed out of FCEUX and the debugger, & played it back to that spot to make sure my inputs were consistent up to that point. Neither of these seem to have fixed it.
Posted: 6/13/2018 9:41 PM
Post subject: Which emulators have mid-frame reset support?
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Hi, I've been teaching myself Assembly code lately and I'm finally beginning to understand how the Chrono Trigger and FF6 TASes on the site that use mid-frame resets work. Now that I have the gist of it there were some NES games I wanted to test out the same concept on, but the only emulator I know for sure that can actually do this is lsnes. Which other emulators/platforms is this capable on? Even if they're emulators not capable of TASing. Thanks
Posted: 5/10/2018 8:54 PM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
93% of the time saved was from shorter boss fights.
Posted: 5/10/2018 4:29 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
http://tasvideos.org/userfiles/info/47012088798054166 20 more frames cut off, from better hits on the Stage 4 boss and a new Wall Up route that maneuvers around the boulders. Sorry, I probably should have worked on this a little more before I submitted it. This will be the last update I submit for now.
Posted: 5/9/2018 6:46 AM
Quote
Jigwally
He/Him
Experienced Forum User, Published Author, Active player (418)
Joined: 3/11/2012
Posts: 119
Oops, I saved an extra 4 frames http://tasvideos.org/userfiles/info/46991990155642219 5 frames saved on Omahog, but then I had to wait a frame to adjust for desync on the Numb boss. For some reason this caused the final penguin to disappear too.
1 2 3 4 5