I should be doing homework, but as it always is, I become more productive when I have something else to do...
I give you...
HALKUN'S PSX FIELDSCRIPT MEMORY HACKING DOCUMENT!!(da-da-da-daaa-da-da-daaaaaaa)
Ok, As I run Linux, my toolset is a little different for hacking, but I'll run down the list of required stuff you need.
1) A PSX FF7 disk.
2) epsxe
3) A save game for epsxe that drops you into the debug room. (The one with yuffie and Japanese characters in a circle)
3) A program that can ungzip a file. (gunzip in linux)
4) A hex editor (I use hexcurse for Linux, you need something that can search a file)
5) Lasyan3's script dumping utility. (I would recommend mine, but mine is designed for pretty printing, not hex dumping. Lasyan's can dump both PSX and PC files, plus give hex data for the commands.)
Now, collect these things up. Do you have them now? Good.
Now, you need to make some changes to lasyan's data files first. If you open "tableC.tbl", you need to go to line 0x28 and make the following change.
28 = KAWAI | 255
change this to
28 = KAWAI | 2
That will stop the dumper from crashing sometimes, with the side effect of giving somewhat bad data as output.
Now load up epsxe and load the save where you are in the debug room. Save this as a savestate. AFter doing this move the emulater window out of the way, but don't close it.
Now, go to the folder that epsxe is in. There you will find a subfolder called sstates. Go into here.
In sstates, you will find your save state. It have two files named SCUS_941.63.000 (The memory dump) and SCUS_941.63.pic (The VRAM dump) These might be a little different of you are playing a re-release of the game or a version from another country than the U.S.
The memory dump (SCUS_941.63.000) Is actually gzipped. Fear not! You can uncompress this and epsxe will accept both compress and uncompressed version if the save state. So the first thing you should do is uncompress the save state. In Linux, gunzip will refuse to run unless the last part of the filename ends in .gz do here's what I do. (Keep in mind, this is under linux)
$mv SCUS_941.63.000 SCUS_941.63.000.gz #<---- I renamed the file here and added .gz
$gunzip SCUS_941.63.000.gz # Here I gunziped the file. It creates a file called SCUS_941.63.000
$cp SCUS_941.63.000 SCUS_941.63.000.bak # <--- Now I make a backup of the uncompressed file
The name of the initial debug room is called "startmap" So now, you should use lasyan's program to get a dump of startmap's fieldscript.
After getting the dump, you need to open startmap_vnt.txt in a text editor. Get to the beginning of yuffie's first script. Here's what it looks like
****** Section n°4 (yufi) Script n° 1 ******
000 : [50 01 00 00 00 00 8A 00 A9 00] - window( id=01, X=0000, Y=0000, W=008A, H=00A9 )
00A : [48 05 01 00 00 09 00] - ask( 05, win=01, mes=00, 1st=00, nth=09, var=00 )
011 : [10 15] - gotoNext 27
013 : [50 01 00 00 00 00 81 00 59 00] - window( id=01, X=0000, Y=0000, W=0081, H=0059 )
01D : [48 05 01 01 00 04 00] - ask( 05, win=01, mes=01, 1st=00, nth=04, var=00 )
Script 0 is yuffie's initialization script. This script above is what happens when you go up to Yuffie and push the "O" button.
After you have this, open up the uncompressed savestate in a hex editor. Do a search for the first block of numbers that make up the window command. (50 01 00 00 00 00 8A 00 A9 00) My output looked like this.
00115380: 50 01 00 00 00 00 8A 00 A9 00 48 05 01 00 00 09
00115390: 00 10 15 50 01 00 00 00 00 81 00 59 00 48 05 01
001153A0: 01 00 04 00 11 9D 00 15 50 00 00 00 07 00 12 1B
001153B0: 11 90 00 15 50 00 01 00 0A 00 81 20 1E 00 00 11
001153C0: 81 00 15 50 00 02 00 08 00 0F FB 01 11 74 00 15
001153D0: 50 00 03 00 08 00 0F FB 00 11 67 00 15 50 00 04
There you go, yuffies script in memory. For fun Let's turn Yuffie into a store. The command for this is MENU(0,8,0) turning this into hex, the sequence is [49 00 08 00]. we need to add a return at the end, so after this put the code for return(00). The whole command becomes. [49 00 08 00 00]
Now insert this into the script that's currently running.
00115380: 50 01 00 00 00 00 8A 00 A9 00 48 05 01 00 00 09
becomes
00115380: 49 00 08 00 00 00 8A 00 A9 00 48 05 01 00 00 09
Ok, save the savestate, and then load the save in your currently running emulator.
Nothing seems to have changed, but walk over and talk to yuffie.
See she's a shop now ^_^
That's how you do it.
For another example. See this post I did a while ago...
http://forums.qhimm.com/index.php?topic=3253.0
