Advanced Hacking FAQ

I'd like to make it so that enemies never leave behind missile ammo when they die, regardless of whether or not the player has a missile launcher

Hey that quetion sounds familiar!

I remember RuneLancer talking about monster drops somewhere...

Dam if only my mind wouldn't fail me so bad at times so convinient...

 

What program do you use for disassembly/debugging? Can it edit the running copy of the .exe in memory, to see changes in real-time? I've worked on NES games with FCEUXD SP a lot, I don't know if it's spoiled me with all its features that are only possibly with emulation, or if I just haven't figured out how to do the same things in Windows debuggers.

 

What program do you use for disassembly/debugging?

I think I heard S.P. or Cookie mention something about HT.

Possibly this?

 

And here I revive a thread to ask a question for which I am not quite sure what keywords I should use in the search function.

Is it possible to start an event when a weapon is shot or when you jump?
Hex or assembly, I don't mind learning =P

 

I think you need assembly to create a new command for that.

Though I could be entirely wrong. D:

 

I bet you could work around the jumping one with a very low vertical trigger (or a whole bunch of interlocking vertical and horizontal triggers, possibly a few flags too to ensure it doesn't trigger when falling).

 

I bet you could work around the jumping one with a very low vertical trigger (or a whole bunch of interlocking vertical and horizontal triggers, possibly a few flags too to ensure it doesn't trigger when falling).

Eh... what I'm really looking for is how you make something happen everytime you jump or shoot a weapon. Like... make it applicable throughout the whole game at any coordinate whatsoever. =/

 

Yeah, assembly is required.

 

Yeah, assembly is required.

Aw damn... i'm downright screwed >:

Thanks anyway. When I get the hang of assembly, I might ask how =P

 

Hex or assembly, I don't mind learning =P

Aw damn... i'm downright screwed >:

Hmm... I sense a contradiction here...

 

Spam for sam!

just cause he doesn't mind doesn't mean he can.
No work ethic. =P

 

I is teh new dimenoffffffffff!!

Laces assembly tutorial 101:

Okeeday, if you be reading this, you need help!
Some Basic Stuff.

COMMANDS:
mov x,y -- Equals sign, x = y

cmp x,y -- Compares x and y, useless unless you have one of the following after it.
- je x -- If x and y are equal, jump to x.
- jne x -- If x and y are not equal, jump to x
- jl x -- If x is smaller than y, jump to x
- jle x -- If x is smaller than or equal to y, go to x.
- jr x -- Same as jl, but larger than
- jre x -- same as jle but larger than or equal to.
- disclaimer: if you see one of these with a z in it, the evil warlords I trying to kill you, just pretend it's an e.

Which leads us to:
jmp x -- teleports the script to x.
call x -- calls the function at x
ret -- jumps back to where the function was called.

push x -- pushes x onto the stack
pop x -- pops x from the stack

add x,y -- adds x and y, saves to x
sub x,y -- subtracts x and y, saves to x
mul x,y -- multiplies x and y, saves to x
div x,y -- divides x and y, saves to x.

... ; -- equivalent of //, ends the line, and anything after it don't count, useful for comments or writing the original code in case you screw stuff up.

REGISTERS:
places where you can save stuff to without screwing up the code.
ax, bx, cx, dx, eax, ebx, ecx, edx. (variables)
the fine print: screwing with bx or ebx can do wacky things, as they are reserved for something, forget wut tho.

OFFSETS:
yeh, you can do all kinds of stuff now, but adding one to eax and setting edx equal to it really isn't that exciting. All the jazz is at offsets, some are codes, ie 419CB0 has ML+ at it, but other offsets, like 0049E6CC (current health) are just values which are accessed by the code to do cool things.

BRAKKETS:
so, pretend eax holds 49E6D0.
if you have a bit of code that sez:

mul eax,2

it will multiply eax (49E6D0) by two, doing nuthing in particular.
However, if you have:

mul [eax],2

with the brackets around eax, it doesn't multiply 49E6D0 by two, but rather whatever is at that offset, the max health.

Cheers!
Lace

 

First three posts of a new page!!!!!!

Ouch, triple post mayhem, I really shouldn't do this, especially within minutes of the last post, but, to get you started, here are some offsets.

at 414B20, you will find the code for the amount of memory set aside for maps.
49E6D0- Max Health value
49E6CC - Current Health Value
ML+ - 419CB0
CMU - 420EE0

and just a tip on TSC commands, there are two parts for each one, the first is a parser, checking if you wrote CMU or ML+, as well as some basic prep work, and the second is the actual code. To find a command, Look for the signature:

mov eax,[004A5AD8]
add eax,[004A5AE0]
movsx ecx,byte ptr [eax+0001]
cmp ecx,__ 	;Checks if the first letter is __
--------------
mov edx,[004A5AD8]
add edx,[004A5AE0]
movsx eax,byte ptr [edx+0002]
cmp eax,__	;Second Letter
--------------
mov ecx,[004A5AD8]
add ecx,[004A5AE0]
movsx edx,byte ptr [ecx+0003]
cmp edx,__ 	;Thoid

the dashes are lines of code that I think might be variable, so I destroyed them, and the __ are for the ascii values of the letter it checks for.

To find a TSC command look for that bit of code, but with the letters in ascii instead of blanks. To find the functional bit of code, look for the last call before you see that bit of code repeat. The call goes to the TSC command.

Have fun!

Edity: To go about your wait until shoot or jump, I would check out the WAS code, and there should be a loop(A ... cmp x,y jne a) check what the conditions for breaking it are, and instead of waiting until standing, wait until the x or y key is pressed.

yadda yadda yadda.
work!!!!

 

Oooh THANKS!!!!!!!!!!!!!! (how much time did youi spend searching >.>)

And I don't think triple posting when helping others breaks any rule... amirite? o.o

*reads*

 

No time searching, except for finding some offsets.
=D

 

I want to play around with assembly for a gameboy rom. How do I decompile it?

 

get a decompiler. =P
search disassembler on google or sp posted one a while back.
And for editing, get a debugger, assembler, or whatever the hack discrete was.

And then pray that the creator left optimization off.

Cheers!
Lace

 

What programs do you use to do all this? I'm using OllyDbg right now, but so far I've just poked around and haven't done any actual editing. (Heck I don't even know if its even capable of editing =/ )

 

gameshock is good for editing values in game, to see what they do, and for a general editor, I use discrete (don't bother googling, runelancer made it), which, although it is incomplete, is very easy to use. also, xvi32 for general editing, you don't always need assembly,and the assembly offsets are the code offsets, just take away the four.

um, that probably didn't make sense.
I hope it did.

=P

 

yeah that made sense. I searched the forums for discrete, but all the links are dead could you put it up somewhere please? (Or if you know of a working link.)