A theory about menus I'd like some help with

[obesebear]

Necromancy, etc etc

Whatever came of this?

[Kranmer]

I am also interested in how far you got, did you even get close ?

[nfitc1]

I didn't get very much farther with it. I couldn't change the menu very much because most of the functionality is hard-coded. There would be too many things to do to get one menu to do the function of another. I got distracted by other things. Feel free to pick it up though. There's lots of useful addresses in this thread.

[Kranmer]

its a shame you wasnt able to get very far, it would have been to have a load option on the start menu,
I may be adding a load option to my trainer using some of the work here, but it isnt the same as what you was trying to do. (the method i use allows the user to switch from the in-game menu to the NEW GAME and CONTINUE screen and from there they can load)

[Wutai Clan]

This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)

One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.

For instance, a post talking about how the menu slots array has only so many slots.. So what.

Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.

Basically, hook directx, overlay a new "Load Game" button(using DX), add in some mouse click detection for the location you are drawing it at, and when a click occurs, simply trigger the real load game screen. (I haven't played the game recently(so I forget), but the mouse may need to be enabled too if it's usually not visible, also fairly easy from the DX hook.. You just issue an enable command which toggles it's visible state.)

Easier said than done, but very doable.

Note: Most ppl use the custom graphic driver by Aali, so working with him\her is preferred, since they obviously already hooked the game to that. (Which also gives you a nice starting point to inject your code from.)

---

Here is an example of what can be done via hooking, if you have the knowledge. 

OBSE
http://obse.silverlock.org/

Look at the documentation for OBSE,. (It adds arrays, strings, functions, etc, and more to Oblivions default scripting engine..)

Look at MGE (Morrowind Graphic Extender) for an example of a good visual directX hook in action. (It adds distant LOD, and all kinds of awesomeness to Morrowind.)

I believe the source code is available for both(it's included with OBSE, and MGE has it separate on SourceForge, so if you're interested in learning how to do these things for this game, take a look..)

----

Btw, I would love to help, but I'm still an amateur at actually doing these things, so far I can disassemble, and do minor hacks, basically what you might see with a trainer, but made permanent through .exe modifications. (Things like, infinite ammo, etc,.)

If anyone more skilled would like to help me learn about more advanced stuff, by pointing me in the right direction, that would be appreciated, PM me with any tutorials, tool recommends, etc,.. (I use IDAPro mainly, and MHS v6.1(very good tool)..)

Then I could be a bit more useful around here..

[Bosola]

This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)

One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.

For instance, a post talking about how the menu slots array has only so many slots.. So what.

Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.

To be honest, once you've haxxored the game into loading saves, I suspect that changing the text pointers to allow another menu entry would be (comparatively) simple. Comparatively.

More importantly, we want to work with both PC and PSOne versions of the game.

I do think it's a good idea, mind.

Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?

[Wutai Clan]

This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)

One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.

For instance, a post talking about how the menu slots array has only so many slots.. So what.

Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.

To be honest, once you've haxxored the game into loading saves, I suspect that changing the text pointers to allow another menu entry would be (comparatively) simple. Comparatively.

More importantly, we want to work with both PC and PSOne versions of the game.

I do think it's a good idea, mind.

Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?

Honestly, you seem to be at about the same level as me, and that's my issue as well.. Where to go next, there is so much data on the internet, but a lot of it is over my head(technically), and the rest is too simple.

There seems to be a serious lack of mid-level information on the subject. Or, I simply don't know what terminology to feed a Google search to find what I seek.

The best I can suggest, is to search..

Hooking & Subclassing
ASM Hacking Cracking

And hope for the best, if you find anything really clear and revealing, let me know..

--

Edit: Here is something that helped me a bit with basic ASM stuff..

http://www.woodmann.com/krobar/beginner/p01.html

Search for IDAPro, and tutorials on using it, MHS v6.1 is a tool I highly recommend. (Most my successful hacks were done with it..)

MHS (Memory Hacking Software)
http://memoryhacking.com/

(Hex editor, memory scanning, disassembler, DLL Injector, etc, all in one tool.)

[nfitc1]

Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?

If you've done the AI editing and are comfortable with that then the next step is just to dive into the ASM code of the executable and google anything that doesn't make sense. There's lots more code in an executable that isn't in the AI so you'll be googling a lot at first.

Basically, get a good debugger program. I use IDA and I think it's fabulous. I can name references, memory addresses, jumps, run the program and do traces. It even works with the fourth and fifth buttons on a mouse like a browser (forward and back through the jump history list). I'm just using the freeware version and not even all its features there either and I find it exceptionally helpful. Get that, load the executable into it and just dig through it until you find something familiar. There are lots of addresses spread through out the forum on places to start. I'd say start with naming the savemap in memory (it's at a static location around the 0xDB0000s) and look for cross references to things you want to find. That's how I found the out-of-battle item functions. Just give it a shot.
It helps to be able to think in binary and hex. Also, it tries to auto anticipate data types (byte, word, dword) but doesn't always get them right. Like the materia equip effects I just found yesterday (equip effect 15h is pretty sweet ).

[Wutai Clan]

...the next step is just to dive into the ASM code of the executable..

Yeah, that's basically what i was saying, with a lack of a clear direction, the next step seems to be just to mess around, and learn what you can.

For me, my goal is to be able to make tools like OBSE\MGE. I have an interest in expanding games, and adding new capabilities, etc,.

Btw, is anyone documenting all the stuff found? (I've seen it scattered around, but nothing compiled.)

It might be worthwhile to start a wiki page, with a commented IDA database file, that way coders could update the page as new discoveries are made, and we could all get a clearer picture of what's doing what in the code. (Without having to start from scratch, or comb the forums for hours compiling this data..)

[nfitc1]

Btw, is anyone documenting all the stuff found? (I've seen it scattered around, but nothing compiled.)

It might be worthwhile to start a wiki page, with a commented IDA database file, that way coders could update the page as new discoveries are made, and we could all get a clearer picture of what's doing what in the code. (Without having to start from scratch, or comb the forums for hours compiling this data..)

It's not a bad idea, but it might draw some unintended trouble to us. What this is is no less than reverse engineering. We're not doing it to steal its secrets or anything so it's not technically a violation of the EULA (don't reverse for the purpose of using its pieces), but it's possible and likely that if Squeenix knows about what we're doing we'd get a C&D from them.

I'm not opposed to this, but we need to be cautious about the way it's done. Could we just have a list of addresses and descriptions rather than whole code and still get away with it?

For me, my goal is to be able to make tools like OBSE\MGE. I have an interest in expanding games, and adding new capabilities, etc,.

The principle difference is that Bethesda encourages people to add mods to their games. ES games are one thing, but Squeenix (and practically all Japanese software companies) is very much against detailing the inner-workings of their labors.

[sl1982]

The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.

[sithlord48]

The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.

i don't recall perhaps one of the files included w/ the game, maybe the readme or in the book. i don't have any paper work for my pc version anymore.also the psx version may be under a different agreement.

[Wutai Clan]

It's not a bad idea, but it might draw some unintended trouble to us.

Yeah, I have no idea where they would draw the line.. ?

Perhaps, just the data like you said..

0x00001234 = Player 1 MP
etc,.

Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides,  it's not technically reversing the code, just, commenting it.)

--

Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.

In the ff7_OpenGl.cfg file, add this..

load_library = "FF7Hack.dll"

I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..

ie,..

load_library = "Hook1.dll"
load_library = "Hook2.dll"

[Kranmer]

It's not a bad idea, but it might draw some unintended trouble to us.

Yeah, I have no idea where they would draw the line.. ?

Perhaps, just the data like you said..

0x00001234 = Player 1 MP
etc,.

Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides,  it's not technically reversing the code, just, commenting it.)

--

Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.

In the ff7_OpenGl.cfg file, add this..

load_library = "FF7Hack.dll"

I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..

ie,..

load_library = "Hook1.dll"
load_library = "Hook2.dll"

Yes the load library was implimented awhile a go by Aali to allow the loading of custom code (mainly for the speedhack.dll which before he implimented i had to attach to the EXE directly) but i believe it only allows you to load 1 DLL (as far as i am aware but to be 100% honest i havent tried it)
EDIT:-
i just gave it a quick go and it doesnt seem to allow the loading of 2 DLL's (it also doesnt allow you to have 2 of any line in the CFG, if you put 2 lines it just ignores the first so if you put 2 mod paths it will only read from the second one)

[Wutai Clan]

Yes the load library was implimented awhile a go by Aali to allow the loading of custom code (mainly for the speedhack.dll which before he implimented i had to attach to the EXE directly) but i believe it only allows you to load 1 DLL (as far as i am aware but to be 100% honest i havent tried it)

Well, from the conversation we had, Aali made it sound as if this functionality already existed in FF7.exe, this just exposed it, and that it was capable of loading multiple dll files.. (I haven't tested it either though.)

But it sounded that way.. (Hopefully that's the case.)

Over the next while I have two Oblivion mods I have to get finished, I've been promising these guys updates for about a week now, and I keep doing other stuff, after that, I should be free for awhile, I'll try to do some stuff around here.

Anyways, I gotta get some sleep..

--

(Btw, what's with the watching me, I saw that I got warned in that other topic, but if trying to help is bad, then maybe I'm in the wrong place. And it was useful information, if you have an imagination, use FF8's own mechanisms to draw the model, then dump it on the fly, it could similarly, be reinjected on the fly, it's a long shot, but let's face it, there isn't much progress on the FF8 front.. There is similar program that does just this for textures, called TexMod..)

[Kudistos Megistos]

The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.

IIRC, there is no EULA for FF7. I certainly don't recall being asked to accept anything when installing.

[nfitc1]

The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.

Square wouldn't. Eidos would.

And wouldn't you know it.....they don't support it anymore. We could probably consider this abandonware now....

IIRC, there is no EULA for FF7. I certainly don't recall being asked to accept anything when installing.

I could have sworn that there was one at one point. My install disc is put in some dusty game holder somewhere and I don't want to dig it out to look. If it's not there we could assume that there's not one.

[Bosola]

Pretty sure there's some blurb on the PAL PSOne version that deals with disassembling.

Good for me I use the NTSC version instead ; )

[pyrozen]

maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?

[Covarr]

Pretty sure there's some blurb on the PAL PSOne version that deals with disassembling.

Good for me I use the NTSC version instead ; )

Fun fact: if there's a EULA on the case, and it doesn't specifically forbid selling the discs without the case, the buyer of a caseless used copy isn't necessarily subject to the EULA.

[Kudistos Megistos]

maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?

I'm lead to believe that EULA's don't have as much legal authority as many people think they have (do correct me if I'm wrong). I'm sure that saying "no EULA" wouldn't stop Squeenix trolling people with C&Ds.

[Covarr]

maybe I'm horrible under-informed, but if FF7 lacks a EULA what exactly would that mean? Free-reign in editing the EXE and no worry of potential repercussions from the publisher?

I'm lead to believe that EULA's don't have as much legal authority as many people think they have (do correct me if I'm wrong). I'm sure that saying "no EULA" wouldn't stop Squeenix trolling people with C&Ds.

It frequently depends on the form that the EULA takes. If you are unable to see the EULA before agreeing to it, for example (such as saying you agree by breaking a sticker on the packaging required to open it, but the agreement is on the disc itself), most judges will side with the consumer in a legal battle.

[Aali]

The problem is that if the C&D drops you're not going to court. I don't think anyone here would risk going up against Squeenix, especially not if the C&D is directed at qhimm.com itself.

[Bosola]

Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?

If you've done the AI editing and are comfortable with that then the next step is just to dive into the ASM code of the executable and google anything that doesn't make sense. There's lots more code in an executable that isn't in the AI so you'll be googling a lot at first.

Basically, get a good debugger program. I use IDA and I think it's fabulous. I can name references, memory addresses, jumps, run the program and do traces. It even works with the fourth and fifth buttons on a mouse like a browser (forward and back through the jump history list). I'm just using the freeware version and not even all its features there either and I find it exceptionally helpful. Get that, load the executable into it and just dig through it until you find something familiar. There are lots of addresses spread through out the forum on places to start. I'd say start with naming the savemap in memory (it's at a static location around the 0xDB0000s) and look for cross references to things you want to find. That's how I found the out-of-battle item functions. Just give it a shot.
It helps to be able to think in binary and hex. Also, it tries to auto anticipate data types (byte, word, dword) but doesn't always get them right. Like the materia equip effects I just found yesterday (equip effect 15h is pretty sweet ).

IDA, huh...

[Gemini]

Yup, IDA. I use that too.