Qhimm.com Forums
Miscellaneous Forums => Scripting and Reverse Engineering => Topic started by: nfitc1 on 2010-04-10 15:54:51
-
How difficult would it be to add a menu item to the in-game menu? The text probably isn't hard, but what about linking it to a function.
For now I'm thinking about the PC version.
-
How difficult would it be to add a menu item to the in-game menu? The text probably isn't hard, but what about linking it to a function.
For now I'm thinking about the PC version.
Well I can tell you that in the English version of ff7.exe, you can find the string array of the menu item names at 0x5192C0 ~ 0x51939B. (You can consistently find it by searching for "30 28 33" -- PHS). Each String is allocated 20 bytes of memory, and there's exactly enough room for the 11 strings, but they're part of a larger array of general strings used in the menu, so it might not be hard to extend the array by 1 element and cram some text into 0x51948C...
As for actually adding it in, AFAIK, there isn't room for another item in the menu context, so one would either have to figure out how to shove the texts closer together or extend the blue menu window further down the screen. I'm not exactly sure, but I think Aali might have some control over things like that with his driver:
I control what gets rendered where
Adding a function would be quite difficult. I don't see it being a possibility within the confines of hex editing as increasing the filesize throws off all sorts of flow control. I think that perhaps somebody in the QGears project might have a better idea than me, but if you can find out where those strings I mentioned earlier are referenced in the exe, that might be a start...
Just out of curiosity, what would you want the new menu item to do?
-
How difficult would it be to add a menu item to the in-game menu? The text probably isn't hard, but what about linking it to a function.
For now I'm thinking about the PC version.
Well I can tell you that in the English version of ff7.exe, you can find the string array of the menu item names at 0x5192C0 ~ 0x51939B. (You can consistently find it by searching for "30 28 33" -- PHS). Each String is allocated 20 bytes of memory, and there's exactly enough room for the 11 strings, but they're part of a larger array of general strings used in the menu, so it might not be hard to extend the array by 1 element and cram some text into 0x51948C...
I anticipated that. 20 chars is more than any of them need. I was going to reduce the size of the array to, perhaps, 16 characters per entry. That'd leave me 44 characters at the "end". Again, this is all theory.
As for actually adding it in, AFAIK, there isn't room for another item in the menu context, so one would either have to figure out how to shove the texts closer together or extend the blue menu window further down the screen. I'm not exactly sure, but I think Aali might have some control over things like that with his driver:
I control what gets rendered where
Adding a function would be quite difficult. I don't see it being a possibility within the confines of hex editing as increasing the filesize throws off all sorts of flow control. I think that perhaps somebody in the QGears project might have a better idea than me, but if you can find out where those strings I mentioned earlier are referenced in the exe, that might be a start...
Just out of curiosity, what would you want the new menu item to do?
It's not even a new function. It would be easy to just have it point to the already existing function (which I also have to find). I'm just tired of something not being accessible when I think it should be. I'll leave it to your imagination for the moment. ;)
-
....Why don't you just create new points in towns and whatnot?
EDIT: Or make the crystal usable wherever
-
nfitc1, there are visibility + lock mask bytes located in the save game file for the menu . save map (http://wiki.qhimm.com/FF7/Savemap) its in bank 1/2 offset 0xba4+ 28 (for visibility) and 0xba4 +30 (for locking mask) , its on my list to allow editing of these , just not a priority right now.
-
Pretty sure there's an unused menu item in at least the PSX version that can be accessed by GS. Then again, I've never actually confirmed it.
If so, it would make your life far simpler.
-
There's the USO code....
-
There's the USO code....
Does the USO code exist on the PC ? i remember when i was making a hack to unlock all menu's (materia+phs+save) i found the text but i couldnt find the actual menu (this doesnt mean it doesnt exist it just means i couldnt find it), The only hidden menu i remember seeing was a blank screen where the "Order" menu should be (its just blank, no text since the order is done from the main menu)
EDIT- here is the Order Menu i mentioned above
(http://img532.imageshack.us/img532/6489/order.jpg) (http://img532.imageshack.us/i/order.jpg/)
-
There's the USO code....
That's the one! Yes, there's some sort of unused menu. I don't know what it's supposed to do, though.
-
There's the USO code....
That's the one! Yes, there's some sort of unused menu. I don't know what it's supposed to do, though.
I hope it's not what I'm intending to do.... I doubt it though.
-
USO is a forced PHS system. You can switch ANYONE in and out of your party. You can have just Young Cloud, or Sephiroth and Cait Sith.. or 3 Cid's... whatever combination you can think up
-
USO is a forced PHS system. You can switch ANYONE in and out of your party. You can have just Young Cloud, or Sephiroth and Cait Sith.. or 3 Cid's... whatever combination you can think up
Speaking of which, I've always wanted to be able to switch cloud out of the party, and to be able to choose how many characters to have in your party. It'd be fun to solo it up every now and again, or come up with combinations other than Cloud plus 2.
-
Speaking of which, I've always wanted to be able to switch cloud out of the party, and to be able to choose how many characters to have in your party. It'd be fun to solo it up every now and again, or come up with combinations other than Cloud plus 2.
you can use black chocobo to unlock cloud from the party (check him off in the "allowed in phs" box found under the others tab), but i don't think ne thing i do to the save file will allow for partys of <3 when ever you want.
-
USO is a forced PHS system. You can switch ANYONE in and out of your party. You can have just Young Cloud, or Sephiroth and Cait Sith.. or 3 Cid's... whatever combination you can think up
Speaking of which, I've always wanted to be able to switch cloud out of the party, and to be able to choose how many characters to have in your party. It'd be fun to solo it up every now and again, or come up with combinations other than Cloud plus 2.
Though about that too.
I also would like that the model on the worldmap would be the first person on the party. I want to go around as Vincent T_T
-
Does anyone know where the code for the menu items is? When I click on one, where does the executable decide what to do next?
-
i think i remember seeing that on the wiki or at least some info on it
-
im not sure exactly on what your looking for but i do know that the address
0x6C6AF1 mov eax,[00dc12ec]
is the menu instruction and the value there is the menu your on.
(also note that is the memory address, The address in the EXE is 0x2C5EF1)
-
im not sure exactly on what your looking for but i do know that the address
0x6C6AF1 mov eax,[00dc12ec]
is the menu instruction and the value there is the menu your on.
(also note that is the memory address, The address in the EXE is 0x2C5EF1)
Thanks for this. It helped a lot! I got very close to getting it right on my first try. :)
-
USO is a forced PHS system. You can switch ANYONE in and out of your party. You can have just Young Cloud, or Sephiroth and Cait Sith.. or 3 Cid's... whatever combination you can think up
Speaking of which, I've always wanted to be able to switch cloud out of the party, and to be able to choose how many characters to have in your party. It'd be fun to solo it up every now and again, or come up with combinations other than Cloud plus 2.
Though about that too.
I also would like that the model on the worldmap would be the first person on the party. I want to go around as Vincent T_T
I experimented with this for a while using a german save editor a while back. See here for more details (http://forums.qhimm.com/index.php?topic=7643.msg93344#msg93344). It also allows you to have just one character, but isn't really the best solution because some models don't have paths in certain places. I.e. "I want to control Vincent instead of Cloud" - he'll only show up on screens that his model was programmed to appear on. It still works in certain places though, every character is just treated like they're Cloud.
-
Thanks for this. It helped a lot! I got very close to getting it right on my first try. :)
I am glad it helped, I wasn't sure if that was what you was looking for or not.
Also i am not sure on this but the menu's may have 2 parts of code for each screen,
I was experimenting and found that there is a value for the menu then another value for the controls and name for that menu (for example even if you manage to change the code to the materia page to the magic page the controls for where the cursor would still be set for the materia page and and would make them not work).
But i could be completely wrong so dont take my word for it, I am not really a coder i am just somone with alot of time on his hands.
And on a side note i found 2 entries for the USO code but both seem to be dead ends on the PC version (or maybe i am doing somthing wrong), and they are not in the same place as they are on the PSX (proberly because the PSX doesnt have a quit menu like the PC so the USO code went there)
-
You know, a Load Game function in the menu would surely be useful. But I guess it would have been done by now if someone had the necessary knowledge.
-
You know, a Load Game function in the menu would surely be useful. But I guess it would have been done by now if someone had the necessary knowledge.
This is actually the very thing I'm attempting. I'm getting closer to changing one of the menu functions to the load screen from the beginning of the game, but it's not working out very well. When I point it to the instruction set that will begin the menu process (I believe it's at 0x72225A or something) the game freezes. Well, I see the timer moving, but I don't have control at all. I can point it to a place where it will draw the save menu, but I still don't have a cursor. I'm thinking I'll have to use one of the unused menus in the PC version (apparently there's at least three that don't get called and there's a few duplicate menus too) to make an entire sequence of events to fire. I'm just not sure which ones do do after the 0x72225A. That's the one that should draw the menu, but there's more to it than that.
-
On the PSX those .MNU files are actually compiled executable overlays that are banked in. It's why they are "embedded" in the exe in the PC version. This code isn't so much "hidden" in so much that you are executing a code stub that's half loaded.
-
hey NFITC1 i was looking a little more at the code trying to find the overlay for load and save and i think i might have found somthing (it may be nothing but looked a little promising)
Load-
00722040 - mov [00dd7704],00000000 - Main Screen that displays 1-10
0x72214A - mov [00dd7704],00000001 -
0x721E9C - mov [00dd7704],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x72211E - mov [00dd7704],00000003 -
Save-
0x6FFCDF - mov [00dca028],00000000 - Main Screen that displays 1-10
0x6FFDE1 - mov [00dca028],00000001 -
0x6FFAF7 - mov [00dca028],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x6FFDB5 - mov [00dca028],00000003 -
(please note the save/load data screen is the first screen you come to and NOT the actual save slot screen)
-
hey NFITC1 i was looking a little more at the code trying to find the overlay for load and save and i think i might have found somthing (it may be nothing but looked a little promising)
Load-
00722040 - mov [00dd7704],00000000 - Main Screen that displays 1-10
0x72214A - mov [00dd7704],00000001 -
0x721E9C - mov [00dd7704],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x72211E - mov [00dd7704],00000003 -
I noticed things around these places and it seems that code is executed every frame. Like a "monitor input loop" or something. Still, I'll check it out.
-
Necromancy, etc etc
Whatever came of this?
-
I am also interested in how far you got, did you even get close ?
-
I didn't get very much farther with it. I couldn't change the menu very much because most of the functionality is hard-coded. There would be too many things to do to get one menu to do the function of another. I got distracted by other things. Feel free to pick it up though. There's lots of useful addresses in this thread.
-
its a shame you wasnt able to get very far, it would have been to have a load option on the start menu,
I may be adding a load option to my trainer using some of the work here, but it isnt the same as what you was trying to do. (the method i use allows the user to switch from the in-game menu to the NEW GAME and CONTINUE screen and from there they can load)
-
This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)
One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.
For instance, a post talking about how the menu slots array has only so many slots.. So what.
Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.
Basically, hook directx, overlay a new "Load Game" button(using DX), add in some mouse click detection for the location you are drawing it at, and when a click occurs, simply trigger the real load game screen. (I haven't played the game recently(so I forget), but the mouse may need to be enabled too if it's usually not visible, also fairly easy from the DX hook.. You just issue an enable command which toggles it's visible state.)
Easier said than done, but very doable.
Note: Most ppl use the custom graphic driver by Aali, so working with him\her is preferred, since they obviously already hooked the game to that. (Which also gives you a nice starting point to inject your code from.)
---
Here is an example of what can be done via hooking, if you have the knowledge.
OBSE
http://obse.silverlock.org/
Look at the documentation for OBSE,. (It adds arrays, strings, functions, etc, and more to Oblivions default scripting engine..)
Look at MGE (Morrowind Graphic Extender) for an example of a good visual directX hook in action. (It adds distant LOD, and all kinds of awesomeness to Morrowind.)
I believe the source code is available for both(it's included with OBSE, and MGE has it separate on SourceForge, so if you're interested in learning how to do these things for this game, take a look..)
----
Btw, I would love to help, but I'm still an amateur at actually doing these things, so far I can disassemble, and do minor hacks, basically what you might see with a trainer, but made permanent through .exe modifications. (Things like, infinite ammo, etc,.)
If anyone more skilled would like to help me learn about more advanced stuff, by pointing me in the right direction, that would be appreciated, PM me with any tutorials, tool recommends, etc,.. (I use IDAPro mainly, and MHS v6.1(very good tool)..)
Then I could be a bit more useful around here.. :)
-
This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)
One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.
For instance, a post talking about how the menu slots array has only so many slots.. So what.
Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.
To be honest, once you've haxxored the game into loading saves, I suspect that changing the text pointers to allow another menu entry would be (comparatively) simple. Comparatively.
More importantly, we want to work with both PC and PSOne versions of the game.
I do think it's a good idea, mind.
Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?
-
This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)
One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.
For instance, a post talking about how the menu slots array has only so many slots.. So what.
Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.
To be honest, once you've haxxored the game into loading saves, I suspect that changing the text pointers to allow another menu entry would be (comparatively) simple. Comparatively.
More importantly, we want to work with both PC and PSOne versions of the game.
I do think it's a good idea, mind.
Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?
Honestly, you seem to be at about the same level as me, and that's my issue as well.. Where to go next, there is so much data on the internet, but a lot of it is over my head(technically), and the rest is too simple.
There seems to be a serious lack of mid-level information on the subject. Or, I simply don't know what terminology to feed a Google search to find what I seek.
The best I can suggest, is to search..
Hooking & Subclassing
ASM Hacking Cracking
And hope for the best, if you find anything really clear and revealing, let me know.. :)
--
Edit: Here is something that helped me a bit with basic ASM stuff..
http://www.woodmann.com/krobar/beginner/p01.html
Search for IDAPro, and tutorials on using it, MHS v6.1 is a tool I highly recommend. (Most my successful hacks were done with it..)
MHS (Memory Hacking Software)
http://memoryhacking.com/
(Hex editor, memory scanning, disassembler, DLL Injector, etc, all in one tool.)
-
Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?
If you've done the AI editing and are comfortable with that then the next step is just to dive into the ASM code of the executable and google anything that doesn't make sense. There's lots more code in an executable that isn't in the AI so you'll be googling a lot at first. :)
Basically, get a good debugger program. I use IDA and I think it's fabulous. I can name references, memory addresses, jumps, run the program and do traces. It even works with the fourth and fifth buttons on a mouse like a browser (forward and back through the jump history list). I'm just using the freeware version and not even all its features there either and I find it exceptionally helpful. Get that, load the executable into it and just dig through it until you find something familiar. There are lots of addresses spread through out the forum on places to start. I'd say start with naming the savemap in memory (it's at a static location around the 0xDB0000s) and look for cross references to things you want to find. That's how I found the out-of-battle item functions. Just give it a shot.
It helps to be able to think in binary and hex. Also, it tries to auto anticipate data types (byte, word, dword) but doesn't always get them right. Like the materia equip effects I just found yesterday (equip effect 15h is pretty sweet :D).
-
...the next step is just to dive into the ASM code of the executable..
Yeah, that's basically what i was saying, with a lack of a clear direction, the next step seems to be just to mess around, and learn what you can. :)
For me, my goal is to be able to make tools like OBSE\MGE. I have an interest in expanding games, and adding new capabilities, etc,.
Btw, is anyone documenting all the stuff found? (I've seen it scattered around, but nothing compiled.)
It might be worthwhile to start a wiki page, with a commented IDA database file, that way coders could update the page as new discoveries are made, and we could all get a clearer picture of what's doing what in the code. (Without having to start from scratch, or comb the forums for hours compiling this data..)
-
Btw, is anyone documenting all the stuff found? (I've seen it scattered around, but nothing compiled.)
It might be worthwhile to start a wiki page, with a commented IDA database file, that way coders could update the page as new discoveries are made, and we could all get a clearer picture of what's doing what in the code. (Without having to start from scratch, or comb the forums for hours compiling this data..)
It's not a bad idea, but it might draw some unintended trouble to us. What this is is no less than reverse engineering. We're not doing it to steal its secrets or anything so it's not technically a violation of the EULA (don't reverse for the purpose of using its pieces), but it's possible and likely that if Squeenix knows about what we're doing we'd get a C&D from them.
I'm not opposed to this, but we need to be cautious about the way it's done. Could we just have a list of addresses and descriptions rather than whole code and still get away with it?
For me, my goal is to be able to make tools like OBSE\MGE. I have an interest in expanding games, and adding new capabilities, etc,.
The principle difference is that Bethesda encourages people to add mods to their games. ES games are one thing, but Squeenix (and practically all Japanese software companies) is very much against detailing the inner-workings of their labors.
-
The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.
-
The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.
i don't recall perhaps one of the files included w/ the game, maybe the readme or in the book. i don't have any paper work for my pc version anymore.also the psx version may be under a different agreement.
-
It's not a bad idea, but it might draw some unintended trouble to us.
Yeah, I have no idea where they would draw the line.. ?
Perhaps, just the data like you said..
0x00001234 = Player 1 MP
etc,.
Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides, it's not technically reversing the code, just, commenting it.) :D
--
Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.
In the ff7_OpenGl.cfg file, add this..
load_library = "FF7Hack.dll"
I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..
ie,..
load_library = "Hook1.dll"
load_library = "Hook2.dll"
-
It's not a bad idea, but it might draw some unintended trouble to us.
Yeah, I have no idea where they would draw the line.. ?
Perhaps, just the data like you said..
0x00001234 = Player 1 MP
etc,.
Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides, it's not technically reversing the code, just, commenting it.) :D
--
Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.
In the ff7_OpenGl.cfg file, add this..
load_library = "FF7Hack.dll"
I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..
ie,..
load_library = "Hook1.dll"
load_library = "Hook2.dll"
Yes the load library was implimented awhile a go by Aali to allow the loading of custom code (mainly for the speedhack.dll which before he implimented i had to attach to the EXE directly) but i believe it only allows you to load 1 DLL (as far as i am aware but to be 100% honest i havent tried it)
EDIT:-
i just gave it a quick go and it doesnt seem to allow the loading of 2 DLL's (it also doesnt allow you to have 2 of any line in the CFG, if you put 2 lines it just ignores the first so if you put 2 mod paths it will only read from the second one)
-
Yes the load library was implimented awhile a go by Aali to allow the loading of custom code (mainly for the speedhack.dll which before he implimented i had to attach to the EXE directly) but i believe it only allows you to load 1 DLL (as far as i am aware but to be 100% honest i havent tried it)
Well, from the conversation we had, Aali made it sound as if this functionality already existed in FF7.exe, this just exposed it, and that it was capable of loading multiple dll files.. (I haven't tested it either though.)
But it sounded that way.. (Hopefully that's the case.)
Over the next while I have two Oblivion mods I have to get finished, I've been promising these guys updates for about a week now, and I keep doing other stuff, after that, I should be free for awhile, I'll try to do some stuff around here.
Anyways, I gotta get some sleep..
--
(Btw, what's with the watching me, I saw that I got warned in that other topic, but if trying to help is bad, then maybe I'm in the wrong place. And it was useful information, if you have an imagination, use FF8's own mechanisms to draw the model, then dump it on the fly, it could similarly, be reinjected on the fly, it's a long shot, but let's face it, there isn't much progress on the FF8 front.. There is similar program that does just this for textures, called TexMod..)
-
The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.
IIRC, there is no EULA for FF7. I certainly don't recall being asked to accept anything when installing.
-
The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.
Square wouldn't. Eidos would.
And wouldn't you know it.....they don't support it anymore (http://www.eidos.com/?page=search&key=final+fantasy). We could probably consider this abandonware now....
IIRC, there is no EULA for FF7. I certainly don't recall being asked to accept anything when installing.
I could have sworn that there was one at one point. My install disc is put in some dusty game holder somewhere and I don't want to dig it out to look. If it's not there we could assume that there's not one.
-
Pretty sure there's some blurb on the PAL PSOne version that deals with disassembling.
Good for me I use the NTSC version instead ; )
-
maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?
-
Pretty sure there's some blurb on the PAL PSOne version that deals with disassembling.
Good for me I use the NTSC version instead ; )
Fun fact: if there's a EULA on the case, and it doesn't specifically forbid selling the discs without the case, the buyer of a caseless used copy isn't necessarily subject to the EULA.
-
maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?
I'm lead to believe that EULA's don't have as much legal authority as many people think they have (do correct me if I'm wrong). I'm sure that saying "no EULA" wouldn't stop Squeenix trolling people with C&Ds.
-
maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?
I'm lead to believe that EULA's don't have as much legal authority as many people think they have (do correct me if I'm wrong). I'm sure that saying "no EULA" wouldn't stop Squeenix trolling people with C&Ds.
It frequently depends on the form that the EULA takes. If you are unable to see the EULA before agreeing to it, for example (such as saying you agree by breaking a sticker on the packaging required to open it, but the agreement is on the disc itself), most judges will side with the consumer in a legal battle.
-
The problem is that if the C&D drops you're not going to court. I don't think anyone here would risk going up against Squeenix, especially not if the C&D is directed at qhimm.com itself.
-
Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?
If you've done the AI editing and are comfortable with that then the next step is just to dive into the ASM code of the executable and google anything that doesn't make sense. There's lots more code in an executable that isn't in the AI so you'll be googling a lot at first. :)
Basically, get a good debugger program. I use IDA and I think it's fabulous. I can name references, memory addresses, jumps, run the program and do traces. It even works with the fourth and fifth buttons on a mouse like a browser (forward and back through the jump history list). I'm just using the freeware version and not even all its features there either and I find it exceptionally helpful. Get that, load the executable into it and just dig through it until you find something familiar. There are lots of addresses spread through out the forum on places to start. I'd say start with naming the savemap in memory (it's at a static location around the 0xDB0000s) and look for cross references to things you want to find. That's how I found the out-of-battle item functions. Just give it a shot.
It helps to be able to think in binary and hex. Also, it tries to auto anticipate data types (byte, word, dword) but doesn't always get them right. Like the materia equip effects I just found yesterday (equip effect 15h is pretty sweet :D).
IDA, huh...
-
Yup, IDA. I use that too.
-
I've made some progress on this.
I have created a .dll hook, and injected it using Aali's driver.
I use multiple methods inside my .dll, for one, I'm using actual function hooks to grab a GameLoop function(ie, some game function that get's called constantly.), which means, I effectively have my own extension to the GameLoop where I can add any code I please. (And I can hook any existing function from the .exe, or any of it's libraries, user32.dll, etc,.)
The other method, is similar to that of a trainer, using Read\Write ProcessMemory, so I can manipulate values however I want..
So basically, I have full control over the .exe, and can do anything I want from here. :)
I have a number of goals.
1. Implement a toggle-able speedhack, basically like a fast forward button.. (ala, emu's, Chrono Cross, FFXII International, etc,.)
2. MP Regeneration. (Stat\Time based)
3. Load Menu In-Game.
4. Save anywhere.
5. Anything else I might think of.
If you can contribute the locations of values, or functions, that are relevant, that would be helpful, otherwise it's going to be awhile b4 I actually make it do this stuff. (PM me, or make a topic with values, or a wiki, etc,.. I'll find what I can on my own obviously.)
Here's what I'm thinking for the wiki format.
P1 MP Current (Non-Battle)
0x00DBA4AC | short 0-255
0x00DBFDBC | short 0-255
-
hey guys, new (aka please forgive) as per the discussion about the EULA i think this would fall more under the catagory of proprietary code? and about the very idea this post started out as (creating a "reload" function) what about trying to tie the new feature into the actual saved games location rather than the very first screen (new game, continue). from what i read it seemed that you were trying to put the continue button on the menu, when i would think that you only want the list of saved games there.
anyway i think im going around in circles.
-
and about the very idea this post started out as (creating a "reload" function) what about trying to tie the new feature into the actual saved games location rather than the very first screen (new game, continue). from what i read it seemed that you were trying to put the continue button on the menu, when i would think that you only want the list of saved games there.
anyway i think im going around in circles.
NFITC1 wanted to create another menu entry (comparatively easy) that linked to the load game module. That module would be responsible for reading the save headers and starting the load process etc.
The problem was that the menu could be called, but cursors and rendering didn't work. There is probably more than just the 'open a menu, taking the menu no. as an argument' operation, spotted earlier. The question is, what?
I'm wondering if the PSOne version might shed some light. Only a fragment of the menu executable is 'loaded' at any particular time. Watching what gets banked in when the load menu is called might help.
Or, of course, might not.