This is a bad news/good news kind of post.
Bad news: I told you the wrong thing to look for.
Good news: (you're going to like this) The timings for different statuses are located at 0x7B74F0 (0x3B60F0), one byte each, and the statuses they affect are right below them.
Better news: There's room for FOUR MORE and the game WILL RUN THEM!!! It requires three edits for each stat you want to update. So let me give you some technical details on how this works:
First of all, we know there are 12 statuses that are timed in some way.
Stop, Paralyze, Death-Sentence, Slow-Numb, Barrier, MBarrier, Poison, Sleep, Regen, Dual Drain, Shield, and Peerless.
Most of these are temporary as in when they run out they just turn off. There are three exceptions to this: Death-Sentence, Slow-Numb, and Poison.
Death-Sentence:
When its time runs out it causes the omnipresent battle-driver (like an invisible referee from FFTA) to perform the previously-believed-to-be-unused magic 36h from the KERNEL.BIN on the character whose time is up. I used to think this was a debug attack used for testing death animations, but it's actually essential. It looks like "Death", but it can't miss. Since it's a queued action it will wait until the end of the current action/animation before killing the player. So if you're adding Death Force just as the timer reaches 0 then the character won't die.
Slow-Numb:
When the counter is 0 and if the Actor has Slow-Numb status, it removes S-N and adds Petrify. There's no actual action taking place here so it can happen any time even in the middle of an attack where the actor is targeted.
Poison:
This is treated differently than the others. Poison is never actually removed. Instead, its timer counts down and, upon reaching 0, queues the poison attack (built in to the exe) and refills the timer back to 10 (the byte at 0x434DD2/0x0341D2 sets the new timer value). This will continue until the character is either healed or dead.
All others:
Well, you know how they work. Their timers will slowly whittle down for each character before reaching 0 and the status will be removed. It can happen in the middle of an action. So things like Barrier or Regen may turn off at the moment before damage calculation or in the middle of a multi-hit attack.
Now the fun part:
First of all there are three parts to this: The handler, the timer, and the status bit. All three of these are connected to make these work.
As mentioned earlier, the timers are located at 0x7B74F0 (0x3B60F0). When inflicted with said status, they get put into memory for each actor at (0x9A8B10 + 0x10 + 44h * ActorID). These are order-specific and there are 16 bytes for durations, one per status. This might be signed.
The status bits are right below the times at 0x7B7500 (0x3B6100) and use the
index of the status they are going to affect. It is in the order I mentioned above. The order of these bytes also determine the order of the value of the timers listed above. Stop has a timer of 30, Paralyze has a timer of 20, and so on.
Now the handlers are located at 0x7C2A58 (0x3C1458) and are stored as DWords to the function that handles them. They're all the same except the ones specifically mentioned above. These are also in the same order as the status bits, but don't alter D.Sentence, SlowNumb, or Poison without moving their handlers around with them.
Now for the really exciting news that I've been building up to.
These statuses can be made permanent or more limited based on how you manipulate these three things! Also, there's room for four additional statuses that can be made limited! I agree with cloudiar that Haste and Slow are over-powered because they're permanent. Berserk is a little unfair for being permanent too. In any case, its up to your discretion on what you want to edit. I'll make a tl;dr chart below for easy access to what you need to edit to suit your needs:
Status: Timer Off: Bit Off: Handler Off:
Stop 0x7B74F0 0x7B7500 0x7C2A58
Paralyze 0x7B74F1 0x7B7501 0x7C2A5C
D.Sentence 0x7B74F2 0x7B7502 0x7C2A60
SlowNumb 0x7B74F3 0x7B7503 0x7C2A64
Barrier 0x7B74F4 0x7B7504 0x7C2A68
MBarrier 0x7B74F5 0x7B7505 0x7C2A6C
Poison 0x7B74F6 0x7B7506 0x7C2A70
Sleep 0x7B74F7 0x7B7507 0x7C2A74
Regen 0x7B74F8 0x7B7508 0x7C2A78
Drain 0x7B74F9 0x7B7509 0x7C2A7C
Shield 0x7B74FA 0x7B750A 0x7C2A80
Peerless 0x7B74FB 0x7B750B 0x7C2A84
Unused 0x7B74FC 0x7B750C 0x7C2A88
Unused 0x7B74FD 0x7B750D 0x7C2A8C
Unused 0x7B74FE 0x7B750E 0x7C2A90
Unused 0x7B74FF 0x7B750F 0x7C2A94The handler value for timed statuses is 00434D0A, but since this is in little-endian you'll need to store that backwards like
0A 4D 43 00.
Let's run a few examples:
We now want Haste and Berserk to be limited. So we'll take two of the unused ones and add timings to it as well as indicate which status it will change and the handler that will disable it when the timer runs out:
0x7B74FC 0 -> 40h 0x7B750C FFh -> 08 0x7C2A88 00434DE9h -> 00434D0Ah
0x7B74FD 0 -> 40h 0x7B750D FFh -> 17 0x7C2A8C 00434DE9h -> 00434D0AhAlso, let's make Stop NOT run out.
0x7B74F0 1Eh -> ?? 0x7B7500 0Ah -> ?? 0x7C2A58 00434D0Ah -> 00434DE9hChanging the timer or the status bit won't make a difference, but just to be safe, don't make the status bit higher than 1Fh. The important thing here is to remove the handler for when the timer runs out. There's also the problem that of all playable characters are Stopped that the battle is essentially lost. In FFIX this will end the battle if all are stopped without the enemies having to whittle their HP down to 0. In this case the player will have to wait.
Barrier and MBarrier last too long too:
0x7B74F4 7Fh -> 40h
0x7B74F5 7Fh -> 40hThat will halve the time they run.
Sorry the tables are all in virtual addresses, but you can convert them to disk addresses by subtracting 400C00h from each of them.
