Topics

1

Scripting and Reverse Engineering / What I'm working on

« on: 2008-01-21 18:17:40 »

Things that are already done:

• Boot loader that loads FF7 with my DLL added.  Patches aren't applied to files directly.
• Playing PSF files instead of the MIDI files.  Rather than have an external process monitoring the MIDI output, I take over the midi* API calls and translate them to a background thread with the Winamp plugin.  (I'd use the Foobar2000 version if I could figure out how.)  Since Windows never gets the MIDI data, there isn't an issue with it playing over the song.  I don't currently fake the consumption of data; if some part of FF7 relies upon reaching a particular point in MIDI playback I could have trouble.
• Implement "reverse speakers" with PSF playback.  This is a hack - when in_psf.dll calls Out_Module::Write, I flip the samples.  There's probably a way to do this within in_psf.dll itself.
• Complete registry indirection.  FF7's registry read requests are manipulated.
• plugin.ini reading is also taken over to allow setting "play indefinitely" in in_psf.dll.
• Fixing obvious bugs: Chocobo racing uninitialized pointer, redundant RegCloseKey, tm20dec.ax appcompat fix.

Things I'd like to do:

• File indirection.  The game would always be presented with "C:\FF7" as its directory, even if it is actually somewhere else.
• Translate DirectX 5 to DirectX 8.
• Detect when the hardware can't do P8 textures and translate accordingly.
• Replace video playback entirely with libavcodec.  This has many advantages, such as avoiding dependence upon the current system configuration, and the upside-down movie bug.

Much of this is probably redundant with some existing hacks out there.

2

Scripting and Reverse Engineering / FF7 missing PSFs

« on: 2008-01-21 17:52:44 »

I was making a new version of the list of .mid -> .psf mappings for what I was working on.  I noticed that four MIDI files don't map to any of the .psf files:

cintro.mid - Similar to 305 Those Chosen by the Planet
comical.mid - A song I've never heard before
mogu.mid - Truncated version of 403 Highwind Takes to the Skies
tb.mid - 201 FF VII Main Theme, but starts at a different point in the loop

Anyone have PSFs of these songs?  Similarly, does anyone know how to decompress .psf files?  It might be a matter of simple editing to have the .psf files load these songs.

mogu.mid and possibly tb.mid could be hacked out of the other files if absolutely necessary...

3

Completely Unrelated / The end of emulation?

« on: 2008-01-18 06:20:52 »

I'm beginning to think that we've reached the end of console emulation, entirely for technical reasons.

Computers are no longer getting faster; they are getting more parallel.  However, emulating a CPU must be done serially.  If ~4000 MHz is about as high as CPUs can possibly go, then how could we emulate the 3200 MHz G5 in the Xbox 360, when the emulating CPU must be several times faster?

The PS2 can be emulated thanks to dual-core machines, but that's because the system is parallel to begin with.  The 360 is 3-way parallel, but if you can't emulate one CPU of it at full speed, what's the point?

4

Scripting and Reverse Engineering / FF7: What is SSI_DEBUG?

« on: 2008-01-14 01:02:16 »

In my DLL, I replace the advapi32.dll Reg* functions with my own implementation.  I noticed that FF7 accesses some registry values that don't seem to exist in the default installation.  One of them is the value SSI_DEBUG.  What is it?

A Chinese forum post I found through Google has the string "FicedulaForceLog" assigned to the SSI_DEBUG registry value.

Thanks!

5

Scripting and Reverse Engineering / FF7 upside-down movie problem - found fix

« on: 2008-01-07 04:09:43 »

I figured out the application compatibility fix that Windows did to fix the upside-down movies.  This may help make a more permanent fix.  I don't know why the fix works, but I do know what it does.

The fix involves a codec DLL named tm20dec.ax.  Within it are two video fourcc's that Windows changes to be four dashes.  I'm not sure what the significance of four dashes is, however.

My tm20dec.ax has SHA-1 hash 06F37EEDB992E04F2D46C254079C1E439BF70B43.  Windows XP's AcLayers.dll patches these two fourcc's in memory with four dashes:

.text:1D0417C6 68 55 59 56 59                          push    'YVYU'

.text:1D04187D 68 59 55 59 32                          push    '2YUY'


I don't know what the significance of these values are, other than that they're associated with the TrueMotion codec.  Interestingly, AcLayers.dll does not patch other instances of those strings within the DLL.  Changing those four bytes above to dashes in memory is enough to make the videos play correctly.

This sounds like a bug in either tm20dec.ax or FF7's movie mastering process.  Either tm20dec.ax itself is broken, or FF7's movies are mastered incorrectly such that a bug is triggered.

6

Scripting and Reverse Engineering / Upside down movie question

« on: 2008-01-04 05:43:14 »

What is the technical reason behind the upside-down movie problem?  It happens on my machine, but only when I load FF7 in a nonstandard way with debug hooks installed.  Running FF7 1.02 the normal way works with correctly oriented movies.  (This is in this forum since it's not a technical support issue; I can play the game fine.)

I'm thinking that the movie fix might be an application compatibility (appcompat) fix Microsoft added, since appcompat wouldn't recognize FF7 the way I'm loading it.

7

Scripting and Reverse Engineering / Japanese PSX FF7 - Kanji font?

« on: 2008-01-04 04:02:14 »

Does the Japanese FF7 have its own kanji font, or does it use the Shift-JIS font built into the system ROM?  I would think it uses the system font due to the amount of RAM consumed by having its own.  The system font can be queried character by character.

8

Scripting and Reverse Engineering / Minor registry bug in ff7.exe

« on: 2008-01-02 08:38:41 »

There's a double-close of a registry handle in ff7.exe:

Code: [Select]

.text:00407625 8B 55 E4                                mov     edx, [ebp+hKey]
.text:00407628 52                                      push    edx             ; hKey
.text:00407629 FF 15 10 60 7B 00                       call    ds:RegCloseKey
.text:0040762F 89 45 F0                                mov     [ebp+var_10], eax
.text:00407632 EB 07                                   jmp     short loc_40763B
...
.text:0040763B                         loc_40763B:                             ; CODE XREF: sub_4075B0+82j
.text:0040763B 8B 45 E4                                mov     eax, [ebp+hKey]
.text:0040763E 50                                      push    eax             ; hKey
.text:0040763F FF 15 10 60 7B 00                       call    ds:RegCloseKey

This sets off the debugger.  The patch is simple: EB 07 -> EB 11 to skip that code when doing that jump.

9

General Discussion / Square translation mistakes

« on: 2008-01-02 03:17:32 »

These are just the ones I could remember easily...  I'm sure there are many more.  I've never played the remaining Woolsey game, Legend of the Holy Sword 2 / Secret of Mana.

Final Fantasy 4

• Gilbert -> Edward
• Fusuya -> Fusoya
• Lydia -> Rydia
• Cain -> Kain
• Golbeza -> Golbez
• Gil Turtle -> Gilgamesh (GBA)

Final Fantasy 5 - willing to ignore PSX version =)

• Butz -> Bartz

Final Fantasy 6 - Woolsey

• Tina -> Terra
• Cayenne -> Cyan
• Mash -> Sabin ("Matthew" is another possible interpretation)
• Stragos -> Strago
• Mog* moogles -> Ku*
• Biggs (Darklighter) -> Vicks (fixed GBA, PSX)
• Ultima Weapon -> Atma Weapon (fixed GBA)
• Midgarsorm -> Terrato
• Cait Sith -> Stray
• Melton -> Merton
• Jeff -> Gerad
• Rest in Peace -> The World is Square

Final Fantasy 7

• Aerith -> Aeris (indistinguishable in Japanese, but pre-existing documents have "Aerith" in Roman letters)
• Midgarsorm -> Midgar Zolom
• Cockatrice -> Kokatolis

Final Fantasy 9

• Enkidu -> Enkido (Excalibur II dialog)

Breath of Fire - Woolsey

• Myria -> Tyr
• Dank -> Karn
• Giliam -> Bo
• Builder -> Ox
• Manillo -> Gobi
• Deece -> Bleu (3's Deis was itself a mistake, probably misreading ディース as デイース)
• Judas -> Jade (censorship?)
• Zorgon -> Zog
• Windia -> Winlan
• Dragnier -> Drogen

Chrono Trigger - Woolsey

• Evil king -> Magus (not Woolsey's fault)
• Vinegar -> Ozzie
• Soy Sauce -> Slash
• Mayonnaise -> Flea
• Biggs (Darklighter) -> Vicks (fixed PSX)

Super Mario RPG - Woolsey

• Koopa Shell -> Noknok Shell (nokonoko = "Koopa Troopa")
• Crystaller -> Culex

10

Troubleshooting / Chocobo patch bug?

« on: 2008-01-01 02:37:14 »

The Chocobo racing fix nop's this first instruction:

Code: [Select]

.text:0076EC32 0F BF 94 01 B8 86 01 00         movsx   edx, word ptr [ecx+eax+186B8h]
.text:0076EC3A 83 C2 03                        add     edx, 3
I don't think nop'ing it is the correct thing to do.  edx's value is left over from a previous array lookup (low word) and a multiply (high word).  If anything it should be "xor edx, edx".

I wonder what this code does on the R3000.  On the PSX, 0 was a valid memory address, so it would not have crashed here either.  I wouldn't know whether this code actually exists, since ~100k seems like an absurdly large memory structure in a 2 meg environment.