Messages

26

Gameplay / Re: Allow for growth beyond triple, alternative growth rates

« on: 2012-09-19 14:48:24 »

I know how it works, just saying that you changed the way the overflow is handled. You won't find a single battle in vanilla FF7 with more that 65k AP anyway.

Edit: The value seems to be stripped to 16bit before even calling the function, so the overflow would never be handled at that point - you could simplify it even more... Anywayz, digressed, sorry for disrupting your thread, please carry on with the productive actions.

27

Gameplay / Re: Allow for growth beyond triple, alternative growth rates

« on: 2012-09-19 10:58:26 »

These blocks are needlessly long and inefficient:

Code: [Select]

pseudo-code
if (multiplier = 0)
{
}
elseif (multiplier = 2)
{
   Materia_AP += (AP_Gained & FFFFh) * 2;
}
elseif (multiplier = 3)
{
   Materia_AP += (AP_Gained & FFFFh) * 3;
}
else
{
   Materia_AP += (AP_Gained & FFFFh) ;
}

What it SHOULD read is:

Code: [Select]

pseudo-code
if (multiplier > 3) ;upper bound here again too
{
   multiplier = 1
}
if (AP_Gained > 65535)
{
   AP_Gained = 65535
}
Materia_AP += AP_Gained * multiplier
Anyone disagree that this is a MUCH better idea?

Me! That would be changing the mechanics (limiting the AP_Gained thing different way)

28

Troubleshooting / Re: Mug materia glitch

« on: 2012-09-14 20:22:40 »

It's a bug in vanilla game, nothing to do with mods. Here a nice example of glitching Emerald this way - explanation in the clip description.

29

Gameplay / Re: BETA - 9999 Limit Breaking support thread

« on: 2012-09-13 07:24:28 »

Thx for your prompt response!

I have already tried, but it does not work as well, I rename the FF7_en.exe to ff7.exe, and run the install.bat, the problem shows: "patch done."  but but ff7.exe turns to 0 bytes(5,858 kb befroe patch), I can't run the game.

Here also followed the debug txt, please kindly check:

Debug data
 
Applying patch: 9999LimitBreaking
Program entry point. Size of patch: 0x9E8
 5: jmp 0x1A0 eip:1A5
61: search reg[0](0x0) 0x5
    nothing found
F1: errore
Error occured while patching the file.

ERROR: Patch couldn't be applied.

Sorry, but ff7_en.exe should be about ~14MB in size. Restore the original file and try again.

If you only have a cracked version, then sorry, but we don't actually support pirated copies.

30

Troubleshooting / Re: 9999 limit break for FF7 Remake 2012

« on: 2012-09-13 07:20:57 »

Hi, everyone, please do me a favour, please forgive me my bad English, thank you in advance!

I try to patch the 9999 limit break on FF7 Remake 2012(rld crack), I have modified the Install.bat(ff7.exe----ff7_en.exe), and also the problem told me "patch done". but ff7_en.exe turns to 0 bytes(5,858 kb befroe patch), I can't run the game.

Please help me. thanks again!

Sorry, but we don't support pirated copies. I can assure you that the YAMP version works with original ff7_en.exe (the one 14MB in size), as I'm using it with no problems at all. The only thing I had to do is change the name of the file.

dziugo

31

Scripting and Reverse Engineering / Re: [PC FF7 2012] FF7 ReRelease IPC (Inter-Process Communication)

« on: 2012-09-11 21:24:45 »

Hi Ombra. Haven't looked at it yet (and can't look at it right now), but IIRC lang.ini holds strings for SecuROM activation module, not the actual Launcher. Might be wrong, don't bet on it ;p

I know that strings.dat holds localized strings, but dunno if it's just for the game, or also for the launcher (that's on a TODO list).

Ok, so now i can confirm that strings.dat holds texts for both Launcher and FF7.

Might we be able to use this info to make our own achievements?

No, sorry, that would be not enough. First of all, the new-engine needs to be changed to include new achievements, and then the launcher to feed data for the new achievements. Not trivial task.

32

Gameplay / Re: BETA - 9999 Limit Breaking support thread

« on: 2012-09-11 14:28:09 »

Sometimes when i attack, i cant see the number becaus there is write "iM   ss" but i can see the monster die ... Is that because i'm doing HP damage more than 32767 ?

Is it Vincent attacking? What are your thresholds for HP/Damage?

Pls, if anyone could be so kind to tell me how to make it happen on FF7 Remake 2012. thx

Use YAMP and rename the ff7_en.exe file to ff7.exe when patching (then rename it back to ff7_en.exe). Should work.

33

Scripting and Reverse Engineering / Re: [PC FF7 2012] FF7 ReRelease IPC (Inter-Process Communication)

« on: 2012-09-11 14:06:55 »

Hi Ombra. Haven't looked at it yet (and can't look at it right now), but IIRC lang.ini holds strings for SecuROM activation module, not the actual Launcher. Might be wrong, don't bet on it ;p

I know that strings.dat holds localized strings, but dunno if it's just for the game, or also for the launcher (that's on a TODO list).

34

Scripting and Reverse Engineering / Re: [PC FF7 2012] FF7 ReRelease IPC (Inter-Process Communication)

« on: 2012-09-11 08:44:17 »

Excellent work, as always!

Thx :p If anyone has any additional info on the inner workings on the IPC, don't hesitate to post. There might also be a bug here, somewhere ;p

35

Scripting and Reverse Engineering / [PC FF7 2012] FF7 ReRelease IPC (Inter-Process Communication)

« on: 2012-09-10 21:17:55 »

IPC Description

Shared memory is used for sending data between Launcher and FF7 (CreateFileMapping -> MapViewOfFile):

Code: [Select]

ff7_sharedMemoryWithLauncher - name of the shared memory resource.Notes: The size of the shared block is 0x20000 bytes in length. First 0x10000 bytes are for Game->Launcher traffic (G2L), following 0x10000 bytes are for Launcher->Game traffic (L2G).

Semaphores are used for synchronizing traffic between Launcher and FF7 (CreateSemaphore/OpenSemaphore -> WaitForSingleObject/ReleaseSemaphore):

Code: [Select]

ff7_launcherCanReadMsgSem - Launcher waits on this semaphore, it's released by FF7 when the data is ready to be read by Launcher.
ff7_launcherDidReadMsgSem - FF7 waits on this semaphore, it's released by Launcher when data to be read by Launcher has been read.
ff7_gameCanReadMsgSem - FF7 waits on this semaphore, it's released by Launcher when data is ready to be read by FF7.
ff7_gameDidReadMsgSem - Launcher waits on this semaphore, it's released by FF7 when data to be read by FF7 has been read.
IPC Protocol

For starters, the [] (square brackets) will be used for denoting the unicode string:

Code: [Select]

[Unicode string] - Basically a unicode string with first 4 bytes (little endian) being the length of the string in wide chars.
If you need a complicated description, it's a structure built like this:
X1 X2 X3 X4 C0 D0 C1 D1 C2 D2 ...
X4X3X2X1 - string length in wide chars
D0C0 - unicode character no0
D1C1 - unicode character no1
D1C1 - unicode character no2
...

No null terminator since the length is specified. Example of string "Hi!":
03 00 00 00 48 00 69 00 21 00 | ....H.i.!.

Commands sent by the game:

CMD_G2L_01: Achievement unlocked

Code: [Select]

01 00 00 00 XX 00 00 00
XX - Achievement IdNotes: Sent by FF7 when new achievement has been unlocked.

CMD_G2L_02: Sync saved games

Code: [Select]

02 00 00 00Notes: Sent when FF7 thinks it need the saved games to be synced. It greys out the save slot choose menu until either CMD_L2G_07 or CMD_L2G_08 is received.

CMD_G2L_03: Game saved/loaded

Code: [Select]

03 00 00 00 03 00 00 00 XX 00 00 00 YY 00 00 00 ZZ 00 00 00
XX - 00 if saved, 01 if loaded
YY - Save data file Id (00 - 09)
ZZ - Saved game Id (00 - 0F)Notes: Sent by FF7 when game has been saved or loaded.

CMD_G2L_04: Ready for init data

Code: [Select]

04 00 00 00Notes: Sent by FF7 when it has inited the IPC module.

Commands sent by the launcher:

CMD_L2G_01: Set unlocked achievement

Code: [Select]

01 00 00 00 XX 00 00 00
XX - Achievement IdNotes: It is sent at startup for each achievement already unlocked.

CMD_L2G_07: Saved games synced successfully

Code: [Select]

07 00 00 00
CMD_L2G_08: Failed to sync saved games

Code: [Select]

08 00 00 00
CMD_L2G_09: Set save path

Code: [Select]

09 00 00 00 [Unicode string]Notes: Sent at startup.

CMD_L2G_0A: Set config dir

Code: [Select]

0A 00 00 00 [Unicode string]Notes: Sent at startup.

CMD_L2G_0B: Set game dir

Code: [Select]

0B 00 00 00 [Unicode string]Notes: Sent at startup.

CMD_L2G_0C: Set lang dir

Code: [Select]

0C 00 00 00 [Unicode string]Notes: Sent at startup.

CMD_L2G_0D: Set achievement data

Code: [Select]

0D 00 00 00
00 00 00 00 [Achievement  0 name] [Achievement  0 description] [Achievement  0 icon]
01 00 00 00 [Achievement  1 name] [Achievement  1 description] [Achievement  1 icon]
02 00 00 00 [Achievement  2 name] [Achievement  2 description] [Achievement  2 icon]
..                       ..                    ..                           ..
23 00 00 00 [Achievement 35 name] [Achievement 35 description] [Achievement 35 icon]Notes: Sent at startup - 36 entries total. Icons are in the data/xarch directory (*.fgt files being pngs). List of achievement Ids in the AppendixA.

CMD_L2G_0E: Set localization data

Code: [Select]

0E 00 00 00
00 00 00 00 [Text   0]
01 00 00 00 [Text   1]
02 00 00 00 [Text   2]
..                ...
A2 00 00 00 [Text 162]Notes: Sent at startup - 163 entries total. List of localization data in the AppendixB.

CMD_L2G_0F: Set keyboard data

Code: [Select]

0F 00 00 00 0E 00 00 00
X0 00 00 00
X1 00 00 00
X2 00 00 00
..
XD 00 00 00Notes: Sent at startup - 14 entries total being the keycodes. Note that this list only sends the data to be shown in the New game "Keyboard" screen, ff7input.cfg still holds the actual config. The order of the data is the same as in AppendixB list of Ids starting from 05, ending at 18.

CMD_L2G_10: Show message

Code: [Select]

10 00 00 00 [Message]Notes: Mostly used for "Downloading save files".

CMD_L2G_11: Set version info

Code: [Select]

11 00 00 00 [Version string]Notes: Sent at startup.

CMD_L2G_12: Pause game

Code: [Select]

12 00 00 00Notes: Freezes the whole game (no "PAUSE")

CMD_L2G_13: Unpause game

Code: [Select]

13 00 00 00Notes: Unfreezes the game.

CMD_L2G_14: Run the game

Code: [Select]

14 00 00 00Notes: Sent when the launcher is done sending init data.

AppendixA: List of achievements with their Ids.

Code: [Select]

Achievement Id: 0
Name: End of Part I
Desc: Complete the first part of the game
File: 48464.fgt
Achievement Id: 1
Name: End of Part II
Desc: Complete the second part of the game
File: 86789746.fgt
Achievement Id: 2
Name: End of Game
Desc: Complete FINAL FANTASY VII
File: 788923.fgt
Achievement Id: 3
Name: Master Materia
Desc: Reach the maximum level of any Materia
File: 048748899.fgt
Achievement Id: 4
Name: Master of Gil
Desc: 99,999,999 Gil
File: 1248996.fgt
Achievement Id: 5
Name: Top Level
Desc: Reach level 99 with any character
File: 3124788.fgt
Achievement Id: 6
Name: Knights of the Round
Desc: Get materia Knights of the Round
File: 780075644896.fgt
Achievement Id: 7
Name: Omnislash
Desc: Get Cloud's last Limit Break
File: 6574897441.fgt
Achievement Id: 8
Name: Catastrophe
Desc: Get Barret's last Limit Break
File: 7411663323.fgt
Achievement Id: 9
Name: Chaos
Desc: Get Vincent's last Limit Break
File: 34577888.fgt
Achievement Id: 10
Name: Great Gospel
Desc: Get Aeris's last Limit Break
File: 9678414515.fgt
Achievement Id: 11
Name: Highwind
Desc: Get Cid's last Limit Break
File: 1548549646.fgt
Achievement Id: 12
Name: Final Heaven
Desc: Get Tifa's last Limit Break
File: 15896335.fgt
Achievement Id: 13
Name: All Creation
Desc: Get Yuffie's last Limit Break
File: 64848486.fgt
Achievement Id: 14
Name: Cosmo Memory
Desc: Get Red XIII's last Limit Break
File: 247889666.fgt
Achievement Id: 15
Name: Slots
Desc: Get Cait Sith's last Limit Break
File: 7478989663.fgt
Achievement Id: 16
Name: Bahamut Zero
Desc: Get materia Bahamut Zero
File: 48748955454.fgt
Achievement Id: 17
Name: Ultimate Weapon
Desc: Defeat the Ultimate Weapon
File: 97444543361.fgt
Achievement Id: 18
Name: Diamond Weapon
Desc: Defeat the Diamond Weapon
File: 347895142.fgt
Achievement Id: 19
Name: Ruby Weapon
Desc: Defeat the Ruby Weapon
File: 4154425789.fgt
Achievement Id: 20
Name: Emerald Weapon
Desc: Defeat the Emerald Weapon
File: 3377854.fgt
Achievement Id: 21
Name: Vincent
Desc: Get Vincent on your team
File: 1132477952.fgt
Achievement Id: 22
Name: Yuffie
Desc: Get Yuffie on your team
File: 47851852.fgt
Achievement Id: 23
Name: Materia Overlord
Desc: Master all Materias
File: 852963745.fgt
Achievement Id: 24
Name: Battle Square
Desc: Start a battle in the Battle Square
File: 1587462895.fgt
Achievement Id: 25
Name: Gold Chocobo
Desc: Get a Gold Chocobo
File: 358749685.fgt
Achievement Id: 26
Name: Won 1st battle
Desc: Win your first battle
File: 95856245.fgt
Achievement Id: 27
Name: Braver
Desc: Use Cloud's 1st limit
File: 184575825.fgt
Achievement Id: 28
Name: Big Shot
Desc: Use Barret's 1st limit
File: 6657748235.fgt
Achievement Id: 29
Name: Galian Beast
Desc: Use Vincent's 1st limit
File: 075841114.fgt
Achievement Id: 30
Name: Healing Wind
Desc: Use Aeris's 1st limit
File: 57484155.fgt
Achievement Id: 31
Name: Boost Jump
Desc: Use Cid's 1st limit
File: 36851458.fgt
Achievement Id: 32
Name: Beat Rush
Desc: Use Tifa's 1st limit
File: 6478254145.fgt
Achievement Id: 33
Name: Greased Lightning
Desc: Use Yuffie's 1st limit
File: 78564198.fgt
Achievement Id: 34
Name: Sled Fang
Desc: Use Red XIII's 1st limit
File: 25366999.fgt
Achievement Id: 35
Name: Dice
Desc: Use Cait Sith's 1st limit
File: 748574726.fgt
AppendixB: List of localization texts with their Ids.

Code: [Select]

Entry Id: 0     Text: Achievement Unlocked
Entry Id: 1     Text: Failed to sync save files, your progression will only be saved locally
Entry Id: 2     Text: Save files have been synced
Entry Id: 3     Text: Keyboard
Entry Id: 4     Text: SELECT "QUIT" IN THE GAME MENU TO EXIT THE GAME.
Entry Id: 5     Text: OK
Entry Id: 6     Text: Cancel
Entry Id: 7     Text: Menu
Entry Id: 8     Text: Up
Entry Id: 9     Text: Left
Entry Id: 10    Text: Right
Entry Id: 11    Text: Down
Entry Id: 12    Text: Start
Entry Id: 13    Text: Switch
Entry Id: 14    Text: Page up
Entry Id: 15    Text: Page down
Entry Id: 16    Text: Target
Entry Id: 17    Text: Assist
Entry Id: 18    Text: Camera
Entry Id: 19    Text: Esc
Entry Id: 20    Text: 1
Entry Id: 21    Text: 2
Entry Id: 22    Text: 3
Entry Id: 23    Text: 4
Entry Id: 24    Text: 5
Entry Id: 25    Text: 6
Entry Id: 26    Text: 7
Entry Id: 27    Text: 8
Entry Id: 28    Text: 9
Entry Id: 29    Text: 0
Entry Id: 30    Text: -
Entry Id: 31    Text: =
Entry Id: 32    Text: Backspace
Entry Id: 33    Text: Tab
Entry Id: 34    Text: Q
Entry Id: 35    Text: W
Entry Id: 36    Text: E
Entry Id: 37    Text: R
Entry Id: 38    Text: T
Entry Id: 39    Text: Y
Entry Id: 40    Text: U
Entry Id: 41    Text: I
Entry Id: 42    Text: O
Entry Id: 43    Text: P
Entry Id: 44    Text: [
Entry Id: 45    Text: ]
Entry Id: 46    Text: Enter
Entry Id: 47    Text: Ctrl
Entry Id: 48    Text: A
Entry Id: 49    Text: S
Entry Id: 50    Text: D
Entry Id: 51    Text: F
Entry Id: 52    Text: G
Entry Id: 53    Text: H
Entry Id: 54    Text: J
Entry Id: 55    Text: K
Entry Id: 56    Text: L
Entry Id: 57    Text: ;
Entry Id: 58    Text: '
Entry Id: 59    Text: `
Entry Id: 60    Text: Shift
Entry Id: 61    Text: \
Entry Id: 62    Text: Z
Entry Id: 63    Text: X
Entry Id: 64    Text: C
Entry Id: 65    Text: V
Entry Id: 66    Text: B
Entry Id: 67    Text: N
Entry Id: 68    Text: M
Entry Id: 69    Text: ,
Entry Id: 70    Text: .
Entry Id: 71    Text: /
Entry Id: 72    Text: Right Shift
Entry Id: 73    Text: *
Entry Id: 74    Text: Alt
Entry Id: 75    Text: Space
Entry Id: 76    Text: Caps Lock
Entry Id: 77    Text: F1
Entry Id: 78    Text: F2
Entry Id: 79    Text: F3
Entry Id: 80    Text: F4
Entry Id: 81    Text: F5
Entry Id: 82    Text: F6
Entry Id: 83    Text: F7
Entry Id: 84    Text: F8
Entry Id: 85    Text: F9
Entry Id: 86    Text: F10
Entry Id: 87    Text: Num Lock
Entry Id: 88    Text: Scroll Lock
Entry Id: 89    Text: Num 7
Entry Id: 90    Text: Num 8
Entry Id: 91    Text: Num 9
Entry Id: 92    Text: -
Entry Id: 93    Text: Num 4
Entry Id: 94    Text: Num 5
Entry Id: 95    Text: Num 6
Entry Id: 96    Text: +
Entry Id: 97    Text: Num 1
Entry Id: 98    Text: Num 2
Entry Id: 99    Text: Num 3
Entry Id: 100   Text: Num 0
Entry Id: 101   Text: Num Del
Entry Id: 102   Text: \
Entry Id: 103   Text: F11
Entry Id: 104   Text: F12
Entry Id: 105   Text:
Entry Id: 106   Text:
Entry Id: 107   Text:
Entry Id: 108   Text:
Entry Id: 109   Text:
Entry Id: 110   Text:
Entry Id: 111   Text:
Entry Id: 112   Text:
Entry Id: 113   Text: F15
Entry Id: 114   Text:
Entry Id: 115   Text:
Entry Id: 116   Text:
Entry Id: 117   Text:
Entry Id: 118   Text:
Entry Id: 119   Text:
Entry Id: 120   Text:
Entry Id: 121   Text:
Entry Id: 122   Text:
Entry Id: 123   Text:
Entry Id: 124   Text: Num Enter
Entry Id: 125   Text: Right Ctrl
Entry Id: 126   Text:
Entry Id: 127   Text:
Entry Id: 128   Text:
Entry Id: 129   Text:
Entry Id: 130   Text:
Entry Id: 131   Text:
Entry Id: 132   Text:
Entry Id: 133   Text:
Entry Id: 134   Text: Num /
Entry Id: 135   Text: Prnt Scrn
Entry Id: 136   Text: Right Alt
Entry Id: 137   Text: Pause
Entry Id: 138   Text: Home
Entry Id: 139   Text: Up
Entry Id: 140   Text: Page Up
Entry Id: 141   Text: Left
Entry Id: 142   Text: Right
Entry Id: 143   Text: End
Entry Id: 144   Text: Down
Entry Id: 145   Text: Page Down
Entry Id: 146   Text: Insert
Entry Id: 147   Text: Delete
Entry Id: 148   Text: Left Windows
Entry Id: 149   Text: Right Windows
Entry Id: 150   Text: Application
Entry Id: 151   Text:
Entry Id: 152   Text:
Entry Id: 153   Text:
Entry Id: 154   Text:
Entry Id: 155   Text:
Entry Id: 156   Text:
Entry Id: 157   Text:
Entry Id: 158   Text: Forward
Entry Id: 159   Text:
Entry Id: 160   Text:
Entry Id: 161   Text:
Entry Id: 162   Text:

36

Scripting and Reverse Engineering / Re: [PC FF7 2012] Tutorial: Manually mapping new graphics engine

« on: 2012-09-05 14:20:10 »

Don't understand all ..  but.. Whith this method, we could have better graphics than the 2012 ff7 converted to 98 and all modded with bottleg ?
It already looks fantastic like this 

Hmm... If I understood you correctly: With this method you can have all pros of the 2012 rerelease (the new gaphics engine + oggs + better FMVs) and still be able to apply patches that modify 1.02 ff7.exe. The patcher should still be aware of this modded copy being the rerelease (-> some files being in the lang folder) but if the main executable is concerned, it's just good to go (provided it doesn't check the file's checksum).

37

Scripting and Reverse Engineering / [PC FF7 2012] Tutorial: Manually mapping new graphics engine

« on: 2012-09-05 09:09:41 »

Disclaimer: As there is no non-official launcher, the game is still protected with SecuROM, even with changes below applied. You have to own the game/needed files to be able to use it.

Note: This is a tutorial to change the FF7 ReRelease (2012) to work with the old 1.02 exe and retain the ability to make use of the new graphics engine. It doesn't convert the NEW version to OLD.

As you might know, the recent FF7 ReRelease includes the new DX-based graphics engine, and is protected with SecuROM so it doesn't get too easy to use it with the old exe. Here is a quick tutorial how to make it usable. Why? Because we then have a 1.02 exe (which can be modded with anything compatible with 1.02 exe) and use the cool graphics engine which came with the rerelease.

Changes in the new engine by dotemu feat. Aali: The DLL is protected with SecuROM SLL, and has corrupted Export table + rerouted Entry point (so when it's loaded with proper SecuROM-protected exe, it unprotects itself).

Restoring exports and the entry point of the AF3DN.P:

Code: [Select]

HEX Addresses for 1.06 AF3DN.P

Restoring entry point:
00000128: 65 C7
00000129: 84 E0
0000012A: 13 01

Restoring exports:

dotemuRegDeleteValueA:
00005FA0: 00 33
00005FA1: 00 C0
00005FA2: 00 C2
00005FA3: 00 08

dotemuRegCloseKey:
00006040: 00 33
00006041: 00 C0
00006042: 00 C2
00006043: 00 04

dotemuRegOpenKeyExA:
0001DB20: 00 E8
0001DB21: 00 9B
0001DB22: 00 40
0001DB23: 00 FF
0001DB24: 00 FF
0001DB25: 00 33
0001DB26: 00 C0
0001DB27: 00 C2
0001DB28: 00 14

dotemuRegQueryKeyExA:
0001DB30: 00 8B
0001DB31: 00 44
0001DB32: 00 24
0001DB33: 00 14
0001DB34: 00 56
0001DB35: 00 8B
0001DB36: 00 74
0001DB37: 00 24
0001DB38: 00 0C
0001DB39: 00 E8
0001DB3A: 00 F2
0001DB3B: 00 FA
0001DB3C: 00 FF
0001DB3D: 00 FF
0001DB3E: 00 5E
0001DB3F: 00 C2
0001DB40: 00 18

dotemuRegSetValueExA:
0001DB50: 00 56
0001DB51: 00 8B
0001DB52: 00 74
0001DB53: 00 24
0001DB54: 00 0C
0001DB55: 00 57
0001DB56: 00 8B
0001DB57: 00 7C
0001DB58: 00 24
0001DB59: 00 1C
0001DB5A: 00 E8
0001DB5B: 00 31
0001DB5C: 00 FF
0001DB5D: 00 FF
0001DB5E: 00 FF
0001DB5F: 00 5F
0001DB60: 00 5E
0001DB61: 00 C2
0001DB62: 00 18
Ok, now we'll mod an old 1.02 exe to be used with new engine. This is one way of doing it - we mimick what dotemu has done, but don't change the size of the exe. All we have to do is to reroute ADVAPI calls (registry related) to the functions within the new engine (RegOpenKeyExA becomes dotemuRegOpenKeyExA etc.).

Manually mapping AF3DN.P:

Code: [Select]

HEX Addresses for 1.02 ff7.exe (english)

New RVAs for imports:
003B4C00: 90 4B
003B4C04: 7C 62
003B4C08: 6C 7A
003B4C0C: 5A 8F
003B4C10: 4C 90
003B4C11: 8E 88

Correction of first/original thunk RVA (duplicating to free some space):
003B73F0: 90 00
003B73F1: 88 60

Correction of module name RVA:
003B73FC: A2 A6

Texts#1:
003B7490: 90 00
003B7491: 8E 00
003B7492: 3B 64
003B7493: 00 6F
003B7494: 7C 74
003B7495: 8E 65
003B7496: 3B 6D
003B7497: 00 75
003B7498: 6C 52
003B7499: 8E 65
003B749A: 3B 67
003B749B: 00 43
003B749C: 5A 6C
003B749D: 8E 6F
003B749E: 3B 73
003B749F: 00 65
003B74A0: 4C 4B
003B74A1: 8E 65
003B74A2: 3B 79

Texts#2:
003B7A4C: 17 00
003B7A4D: 01 64
003B7A4E: 52 6F
003B7A4F: 65 74
003B7A50: 67 65
003B7A51: 43 6D
003B7A52: 6C 75
003B7A53: 6F 52
003B7A54: 73 65
003B7A55: 65 67
003B7A56: 4B 44
003B7A58: 79 6C
003B7A59: 00 65
003B7A5A: 41 74
003B7A5B: 01 65
003B7A5C: 52 56
003B7A5D: 65 61
003B7A5E: 67 6C
003B7A5F: 53 75
003B7A61: 74 41
003B7A62: 56 00
003B7A63: 61 00
003B7A64: 6C 64
003B7A65: 75 6F
003B7A66: 65 74
003B7A67: 45 65
003B7A68: 78 6D
003B7A69: 41 75
003B7A6A: 00 52
003B7A6B: 00 65
003B7A6C: 2E 67
003B7A6D: 01 51
003B7A6E: 52 75
003B7A70: 67 72
003B7A71: 4F 79
003B7A72: 70 56
003B7A73: 65 61
003B7A74: 6E 6C
003B7A75: 4B 75
003B7A77: 79 45
003B7A78: 45 78
003B7A79: 78 41
003B7A7A: 41 00
003B7A7C: 36 64
003B7A7D: 01 6F
003B7A7E: 52 74
003B7A80: 67 6D
003B7A81: 51 75
003B7A82: 75 52
003B7A84: 72 67
003B7A85: 79 4F
003B7A86: 56 70
003B7A87: 61 65
003B7A88: 6C 6E
003B7A89: 75 4B
003B7A8B: 45 79
003B7A8C: 78 45
003B7A8D: 41 78
003B7A8E: 00 41
003B7A90: 20 00
003B7A91: 01 64
003B7A92: 52 6F
003B7A93: 65 74
003B7A94: 67 65
003B7A95: 44 6D
003B7A96: 65 75
003B7A97: 6C 52
003B7A99: 74 67
003B7A9A: 65 53
003B7A9B: 56 65
003B7A9C: 61 74
003B7A9D: 6C 56
003B7A9E: 75 61
003B7A9F: 65 6C
003B7AA0: 41 75
003B7AA1: 00 65
003B7AA2: 41 45
003B7AA3: 44 78
003B7AA4: 56 41
003B7AA5: 41 00
003B7AA6: 50 41
003B7AA7: 49 46
003B7AA9: 32 44
003B7AAA: 2E 4E
003B7AAB: 64 2E
003B7AAC: 6C 50
003B7AAD: 6C 00
The last step, is to rename ff7.exe with ff7_en.exe and place it in the rerelease directory along with the modified AF3DN.P. Then you can just use the launcher and it should work (at least, works for me).

Didn't have time to check this, but it might be possible to use the new engine the way the custom opengl driver is used (through registry entries). It would still have to go through the launcher (unless you replace the Launcher - FF7 IPC module) and use the launcher-made config files, so I'm not interested in doing that.

Coming soon this year: Non-official launcher allowing for off-line play and disabling the cloud saves feature! Yay!

38

General Discussion / Re: Final Fantasy VII Rerelease thread

« on: 2012-08-24 14:58:00 »

Too bad there's no way to force the game to NOT use cloud saves or at least remove the prompt.

One option

39

Scripting and Reverse Engineering / Re: [FF7PC 2012]MetaData.xml

« on: 2012-08-23 15:40:25 »

The problem is, the save syncing doesn't work for me since I digged into the problem yesterday. Not seeing any other comments about cloud saves not working, so I might have been blacklisted ;p Or everyone is busy modding and don't play anymore ;p

Edit:
But sure, send it!

40

Scripting and Reverse Engineering / Re: [FF7PC 2012]MetaData.xml

« on: 2012-08-23 07:44:58 »

Sorry, my point was not about whether or not it syncs. I was saying that my files might be the reason I don't have a proper userid. Since I got the first build that was a supposed pre-release according to SquareEnix's PR. and didn't update it.

Did you get the promised refund and a new version for free? Also, don't scrap that old prerelease version. It might contain precious info.

Files are signed for the release, what's the signing date of the ff7_en.exe and FF7_Launcher? Right click it -> Properties, and somewhere there should be a tab with that info.

dziugo

41

Scripting and Reverse Engineering / Re: [FF7PC 2012]MetaData.xml

« on: 2012-08-22 22:34:49 »

The metadata.xml is created by the FF7_Launcher, FF7 uses a mutex to synchronize the process. The crypto used is in fact MD5, but it doesn't consist of the saved game only (well, not in my version, and definitely not in squall8cloud7's version). As Erzfreund said, the salt is added to the mix (let's call it UserId, as that's what it most likely is).

The routine starts here:

Code: [Select]

00414540   6A FF            PUSH -1
The reason bloodygood worked it out so easily is because his FF7_Launcher for some reason doesn't append the said Id to the end of the data, thus resulting in clean MD5 of the saved game. Also, empty entries result in empty MD5 hash (d41d8cd98f00b204e9800998ecf8427e). Notice how empty entries from squall8cloud are different? That'd be MD5 of the Id itself (since no save data exists for that slot).

Where is the UserId? Look at the path of the saved game:
C:\Users\{user-name}\Documents\Square Enix\FINAL FANTASY VII\user_123456\save00.ff7
In that case, that would be 123456.

So, append the said UserId at the end of the saved game, and MD5-sum it. Voila!

That'd be impressive, considering the 2012 release doesn't even use CDs.

I probably shouldn't use the word i was about to use, and you're trolling ;p

dziugo

42

Scripting and Reverse Engineering / Re: [FF7PC 2012]MetaData.xml

« on: 2012-08-22 22:05:57 »

Incase anyone is still wondering. I have tested this a few times and have had no saves deleted.
First I opened one of the save files I already had unaltered in a hex editor and ran an MD5sum.

Code: [Select]

4FF3FAFCAC649E3DB00751545B4221BBthen I opened up the metadata.xml and looked for that save slot number

Code: [Select]

<signature>4ff3fafcac649e3db00751545b4221bb</signature>starting to look familiar? Apparently all they do is .tolower() the output md5sum of the .ff7 file per save slot. I did not have to adjust the <timestamp> at all when I modified my save file.
Original/Unmodified Files
http://www.mediafire.com/?hvd900ghthvack7
Modified files +gil +all items +1 of each maxed materia (bottom of the list) using Black_Chocobo of course.
http://www.mediafire.com/?6nev03g18ife9y9

Are you using some sort of... *No-CD* patch?

43

General Discussion / Re: FF7 overview - This game are sick

« on: 2012-08-22 14:06:08 »

Nice find!

44

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-21 17:55:52 »

Yeah, I did think that too when I first saw it. That even the name was the same.  So far I have found no real fixes that we don't already have.  Those differences there are, seem to be mostly concerned with how their driver changes the key config screen.

There are a few other driver jumps that aali doesn't jump with though.
So there we have it.  The new driver is really just aali's driver in large part   Heavily based on it (at the least), and the fixes used too.

This means there are unlikely to be any new fixes with this "new driver".  Which is a real shame because I had hoped there would be some stuff we could use from the new game.  But that's Enix for you these days.  Quick fix.  Quick buck. They can't even be bothered using their own work these days when it comes to FF7.

I suppose that also means they may have the source code, but just couldn't be arsed.

Yes, that woud be possible - they might still have it and just decided not to give it out to 3rd party.

45

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-21 16:00:24 »

Hmm... Considering that the Aali's work is not actually a driver (it's a rendering engine), they mindlessly ripped even that were surely inspired even by the name.

46

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-21 15:53:17 »

Ok, I've installed the Aali's driver. The new version is a rip-off.

Here is the dump of the destination jump of the MDef fix (from Aali's):

Code: [Select]

Address   Hex dump                  Command                                  Comments
1004A190    8B4424 04               MOV EAX,DWORD PTR SS:[ESP+4]
1004A194    8B0D 485A0910           MOV ECX,DWORD PTR DS:[10095A48]
1004A19A    0FB69401 F8040000       MOVZX EDX,BYTE PTR DS:[EAX+ECX+4F8]
1004A1A2    A1 B85B0910             MOV EAX,DWORD PTR DS:[10095BB8]
1004A1A7    8B0490                  MOV EAX,DWORD PTR DS:[EDX*4+EAX]
1004A1AA    8B5424 08               MOV EDX,DWORD PTR SS:[ESP+8]
1004A1AE    83FA 03                 CMP EDX,3
1004A1B1    77 5D                   JA SHORT 1004A210
1004A1B3    FF2495 14A20410         JMP DWORD PTR DS:[EDX*4+1004A214]
1004A1BA    8B15 485C0910           MOV EDX,DWORD PTR DS:[10095C48]
1004A1C0    69C0 84000000           IMUL EAX,EAX,84
1004A1C6    0FBE4C08 70             MOVSX ECX,BYTE PTR DS:[ECX+EAX+70]
1004A1CB    6BC9 2C                 IMUL ECX,ECX,2C
1004A1CE    0FB64411 04             MOVZX EAX,BYTE PTR DS:[EDX+ECX+4]
1004A1D3    C3                      RETN
1004A1D4    69C0 84000000           IMUL EAX,EAX,84
1004A1DA    0FBE4408 71             MOVSX EAX,BYTE PTR DS:[ECX+EAX+71]
1004A1DF    8B0D 4C5C0910           MOV ECX,DWORD PTR DS:[10095C4C]
1004A1E5    8D04C0                  LEA EAX,[EAX*8+EAX]
1004A1E8    0FB64481 02             MOVZX EAX,BYTE PTR DS:[EAX*4+ECX+2]
1004A1ED    C3                      RETN
1004A1EE    833D 14CA0810 00        CMP DWORD PTR DS:[1008CA14],0
1004A1F5    74 19                   JE SHORT 1004A210
1004A1F7    69C0 84000000           IMUL EAX,EAX,84
1004A1FD    0FBE4408 71             MOVSX EAX,BYTE PTR DS:[ECX+EAX+71]
1004A202    8D14C0                  LEA EDX,[EAX*8+EAX]
1004A205    A1 4C5C0910             MOV EAX,DWORD PTR DS:[10095C4C]
1004A20A    0FB64490 03             MOVZX EAX,BYTE PTR DS:[EDX*4+EAX+3]
1004A20F    C3                      RETN
1004A210    33C0                    XOR EAX,EAX
1004A212    C3                      RETN

From dOTEMU:

Code: [Select]

Address   Hex dump                  Command                                  Comments
1000EB20    8B4424 04               MOV EAX,DWORD PTR SS:[ESP+4]
1000EB24    8B0D A4B00210           MOV ECX,DWORD PTR DS:[1002B0A4]
1000EB2A    0FB69401 F8040000       MOVZX EDX,BYTE PTR DS:[EAX+ECX+4F8]
1000EB32    A1 68B10210             MOV EAX,DWORD PTR DS:[1002B168]
1000EB37    8B0490                  MOV EAX,DWORD PTR DS:[EDX*4+EAX]
1000EB3A    8B5424 08               MOV EDX,DWORD PTR SS:[ESP+8]
1000EB3E    83FA 03                 CMP EDX,3
1000EB41    77 5D                   JA SHORT 1000EBA0
1000EB43    FF2495 A4EB0010         JMP DWORD PTR DS:[EDX*4+1000EBA4]
1000EB4A    8B15 74B10210           MOV EDX,DWORD PTR DS:[1002B174]
1000EB50    69C0 84000000           IMUL EAX,EAX,84
1000EB56    0FBE4C08 70             MOVSX ECX,BYTE PTR DS:[ECX+EAX+70]
1000EB5B    6BC9 2C                 IMUL ECX,ECX,2C
1000EB5E    0FB64411 04             MOVZX EAX,BYTE PTR DS:[EDX+ECX+4]
1000EB63    C3                      RETN
1000EB64    69C0 84000000           IMUL EAX,EAX,84
1000EB6A    0FBE4408 71             MOVSX EAX,BYTE PTR DS:[ECX+EAX+71]
1000EB6F    8B0D 78B10210           MOV ECX,DWORD PTR DS:[1002B178]
1000EB75    8D04C0                  LEA EAX,[EAX*8+EAX]
1000EB78    0FB64481 02             MOVZX EAX,BYTE PTR DS:[EAX*4+ECX+2]
1000EB7D    C3                      RETN
1000EB7E    833D 706E0210 00        CMP DWORD PTR DS:[10026E70],0
1000EB85    74 19                   JE SHORT 1000EBA0
1000EB87    69C0 84000000           IMUL EAX,EAX,84
1000EB8D    0FBE4408 71             MOVSX EAX,BYTE PTR DS:[ECX+EAX+71]
1000EB92    8D14C0                  LEA EDX,[EAX*8+EAX]
1000EB95    A1 78B10210             MOV EAX,DWORD PTR DS:[1002B178]
1000EB9A    0FB64490 03             MOVZX EAX,BYTE PTR DS:[EDX*4+EAX+3]
1000EB9F    C3                      RETN
1000EBA0    33C0                    XOR EAX,EAX
1000EBA2    C3                      RETN


47

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-21 15:36:30 »

Yeah, it could well be that they just ended at the same conclusions... but I am a little suspicious

I will carry on documenting the new exe today.  Can you tell me which addresses are to do with the mdef fix?

The one made by NFITC1 (YAMP based) is around 006C51DE - Aali's driver supposedly patches it differently, never cared to look how (I see 006C5154 address in your list, maybe there?).

48

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-21 06:59:38 »

It seems the new driver has GYPT???  Is this an oversight from you Dziugo? or whoever uploaded this change log?
[also likely that the 9999 patch is here too in this list which it shouldnt be]

Starting memory address 006767D9 for example. until 00676833

Oops Yes, it contained most of the YAMP patches, sorry as it was not intended

If so I need a comparison with a clean 1.02 and from memory (without aalis driver) with new ff7.
That will narrow down precisely what "fixes" this new game has made.

edit

it also seems that this is a comparison between the exes?  I need the comparison with memory since all these values have gotten in the way....  I have tons of aali driver changes here which are injected at runtime and are not visible in 1.02 exe(unless they are in same place as aalis with new driver?)

It was a comparison between ff7_en.exe (the original one - dump was taken ?two days ago? when I haven't yet tried the YAMP patches) and the ff7_en.exe running with most of the YAMP patches applied. Like it was said before, it was supposed to be a list of the changes done at runtime - not a list of changes between 1.02 and 1.05/1.06.

edit 2:

I have dumped original 1.02 memory.  Now awaiting Covarr and to do ff7_en.

edit 3:

I have dumped the original 1.02 memory with the new ff7 memory, and compared the .text area.  There are 879 bytes of difference.  The reason your list is larger is because you compared memory with aali's driver active and your own code (like gypt) active.

You mean the updated Aali's driver for the new release? Yeah, of course I used that Didn't use Aali's driver (ever), so there were only YAMP changes.

edit 4:

253 of the 879 bytes I have checked so far are jumps to the new driver and pointers to new code in new exe.  I will post excel when I am ready

Yeah, that's why I moved to other stuff when I started checking what've changed 879 bytes changed still sounds like much.

edit 5:

The following is WIP of new addresses and use in code.  I will do as much as I can.
It is already looking like working out what is fixed from this is not likely...
depends how it has all been implemented.  We will see.

https://docs.google.com/spreadsheet/ccc?key=0AlJH_wU1qqN4dEFDeUtFMWtiZkF3WVB3OUZSd3dGdEE#gid=1

edit 6: Note.  They haven't used Qhimm's chocobo fix.  No.  They've used Aali's.  Aali's driver nops the same ones as this "new" game.  Other areas have also been blatantly stolen 1:1 or used to work out their own problems.  They have definitely looked at Aali's driver when making their own.  No doubt.  You only need to look at the changes in the database above and compare the memory to a 1.02 using aali's driver.

If I were to make a chocobo fix, I'd have done it the same way (NOP the whole block), as that would be just common sense.

Other than that: OMG
And: Great job!

Edit:
Let's do some more digging before making any conclusions. Others are welcome to make their input too, I'll try not to troll anyone with fake changes from this point (sorry again)

49

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-20 18:40:23 »

So it is. I will get on it.

edit: another thing. What is the point of them nopping the unused functions in chocobo races?  That won't do anything will it?  No speed up or anything?

It might speed up, yes, but not much (noone would notice). NOP is actually an "xchg eax, eax" command (exchanges values of the same registry, thus resulting in no changes), so it doesn't require memory access. The NOPed instructions did use memory access, so they were slower. The memory would already be in processor's cache though. Academic problem I guess.

Most likely it was just being safe - why introducing entropia when you can choose not to? ;p Jedwin's patch NOPed the instruction, but still saved *something* as a result - a value from the previous block. I've tried to establish what was missing there, why the address would be unaccessible now, and it most likely was a source-code comment made - leaving out the unneeded part, forgetting about this little fragment that still tried to access it.

50

Scripting and Reverse Engineering / Re: [PC FF7 2012] Files that changed in the recent FF7 ReRelease

« on: 2012-08-20 18:26:30 »

excellent.  Now can you do me one more thing?  Change those into ff7.exe addresses also?  I have a good documentation here so I can at least get clsoe to where some of these are being used.

Info is in the file. It's a simple math.

Edit:
I'll copy it here for convenience:
For virtual addresses add 0x401000
For ff7_en.exe addresses add 0x1000