Some title screen hacks

Ok, well, it's been a couple of days since I've posted anything constructive, and being shoulder-deep in the title screen code I figured I'd share some easy findings.

I'll be using the file offsets, but the code offset will be used in code snippets because that's how I've laid it out in my master assembly dump. Just add/remove 0x00400000 as needed...

Title Screen Frames

40f9b0		frame[-0x0020] = { 0x00000000, 0x00000000, 0x00000090, 0x00000028 }		//	000 000  144 040: Title Screen		
40f9d5		frame[-0x0114] = { 0x00000000, 0x00000000, 0x000000a0, 0x00000010 }		//	000 000  160 016: Studio Pixel		
40f9fd		frame[-0x00f0] = { 0x00000090, 0x00000000, 0x000000c0, 0x00000010 }		//	144 000  192 016: New				
40fa25		frame[-0x0010] = { 0x00000090, 0x00000010, 0x000000c0, 0x00000020 }		//	144 016  192 032: Continue			
40fa41		frame[-0x0038] = { 0x00000098, 0x00000050, 0x000000d0, 0x00000058 }		//	152 080  208 088: Version			
40fa5d		frame[-0x0098] = { 0x00000098, 0x00000058, 0x000000d0, 0x00000060 }		//	152 088  208 076: Version Dots		
40fa85		frame[-0x01e8] = { 0x00000000, 0x00000010, 0x00000010, 0x00000020 }		//	000 016  016 032: Quote Frame A		
40faad		frame[-0x01d8] = { 0x00000010, 0x00000010, 0x00000020, 0x00000020 }		//	016 016  032 032: Quote Frame B		
40fad5		frame[-0x01c8] = { 0x00000000, 0x00000010, 0x00000010, 0x00000020 }		//	000 016  016 032: Quote Frame C		
40fafd		frame[-0x01b8] = { 0x00000020, 0x00000010, 0x00000030, 0x00000020 }		//	032 016  048 032: Quote Frame D		
40fb25		frame[-0x00e0] = { 0x00000000, 0x00000070, 0x00000010, 0x00000080 }		//	000 112  016 128: Curly Frame A		
40fb4d		frame[-0x00d0] = { 0x00000010, 0x00000070, 0x00000020, 0x00000080 }		//	016 112  032 128: Curly Frame B		
40fb75		frame[-0x00c0] = { 0x00000000, 0x00000070, 0x00000010, 0x00000080 }		//	000 112  016 128: Curly Frame C		
40fb9d		frame[-0x00b0] = { 0x00000020, 0x00000070, 0x00000030, 0x00000080 }		//	032 112  048 128: Curly Frame D		
40fbc5		frame[-0x0160] = { 0x00000040, 0x00000050, 0x00000050, 0x00000060 }		//	064 080  080 096: Toroko Frame A	
40fbed		frame[-0x0150] = { 0x00000050, 0x00000050, 0x00000060, 0x00000060 }		//	080 080  096 096: Toroko Frame B	
40fc15		frame[-0x0140] = { 0x00000040, 0x00000050, 0x00000050, 0x00000060 }		//	064 080  080 096: Toroko Frame C	
40fc3d		frame[-0x0130] = { 0x00000060, 0x00000050, 0x00000070, 0x00000060 }		//	096 080  112 096: Toroko Frame D	
40fc65		frame[-0x0088] = { 0x000000e0, 0x00000030, 0x000000f0, 0x00000040 }		//	224 048  240 064: King Frame A		
40fc87		frame[-0x0078] = { 0x00000120, 0x00000030, 0x00000130, 0x00000040 }		//	288 048  304 064: King Frame B		
40fca3		frame[-0x0068] = { 0x000000e0, 0x00000030, 0x000000f0, 0x00000040 }		//	224 048  240 064: King Frame C		
40fcbf		frame[-0x0058] = { 0x00000130, 0x00000030, 0x00000140, 0x00000040 }		//	304 048  320 064: King Frame D		
40fcdb		frame[-0x01a8] = { 0x00000000, 0x00000010, 0x00000010, 0x00000020 }		//	000 016  016 032: Sue Frame A		
40fd03		frame[-0x0198] = { 0x00000020, 0x00000010, 0x00000030, 0x00000020 }		//	032 016  048 032: Sue Frame B		
40fd2b		frame[-0x0188] = { 0x00000000, 0x00000010, 0x00000010, 0x00000020 }		//	000 016  016 032: Sue Frame C		
40fd53		frame[-0x0178] = { 0x00000030, 0x00000010, 0x00000040, 0x00000020 }		//	048 016  064 032: Sue Frame D

This is also the start of the title screen code.

Change the background color
Around 0000FDA8, the game PUSHes a number onto the stack: 0x202020 (20 20 20 00) Immediately afterwards, it calls a function which sets the background color. You can change this value to any other RGB number to have a different title screen background color.

Change the version number
This had me strumped for a bit. The game's version number seems quite well-hidden indeed. Well, you won't find it anywhere in the code. It's ridiculously simple, it turns out. Just right-click, go into properties, and under the version tab... well, you get the picture. Now go ahead and make that mod of yours version 1.0.0.0.

Change the hell times

			//	Determine which mode the title screen is in, based on the best hell time.									
40fdfa		if(L0164_HellBestTime != 0)
40fe03			if(L0164_HellBestTime <= 18000)
40fe0f				L011C_Mode = 1

40fe19		if(L0164_HellBestTime != 0)
40fe22			if(L0164_HellBestTime <= 15000)
40fe2e				L011C_Mode = 2

40fe38		if(L0164_HellBestTime != 0)
40fe41			if(L0164_HellBestTime <= 12000)
40fe4d				L011C_Mode = 3

40fe57		if(L0164_HellBestTime != 0)
40fe60			if(L0164_HellBestTime <=  9000)
40fe6c				L011C_Mode = 4

Here's what the code looks like (yes, it really tests to see if [ebp-0164] is not equal to 0 for every possible Hell time "group" - waste of code, considering a single all-encompassing "if" could cover the entire group.) This is the time in hundreths of seconds, I believe.

Change the title screen music

			//	Change the title screen music based on the title screen mode.												
			switch(L011C_Mode)
			{
40fe76			case 1:
				{
40fe7f				push 0x00000024													//	Music: Running Hell					
40fe81				call 420EE0::change_song
40fe89				break;
				}

40fe8b			case 2:
				{
40fe94				push 0x00000028													//	Music: Toroko's Theme				
40fe96				call 420EE0::change_song
40fe9e				break;
				}

40fea0			case 3:
				{
40fea9				push 0x00000029													//	Music: King's Theme					
40feab				call 420EE0::change_song
40feb3				break;
				}

40feb5			case 4:
				{
40febe				push 0x00000002													//	Music: Safety						
40fec0				call 420EE0::change_song
40fec8				break;
				}

				default:
				{
40feca				push 0x00000018													//	Music: Cave Story					
40fecc				call 420EE0::change_song
				}
			}

Just change the IDs.

Some sounds...
0000FF47: change the 12 00 00 00 being pushed into something else to change the selection sound.
0000FFB3: change the 01 00 00 00 being pushed into something else to change the movement sound.

Some keys
At 0000FF56, the game ANDs the key being held with 0x00008000 (the flag for escape.) Up and down are, regretfully, detected with a flag (was the "up key" flag set?) so changing them is a little trickier.

Rendering the version

				//	Render the version number.																				
410014			push 0x0000001A														//	Textbox.pbm							
410016			push &frame[-0x0038]												//	152 080  208 088: Version			
41001a			push 0x000000d8														//	Y: 216								
41001f			push 0x00000064														//	X: 100								
410021			push &FullscreenRect												//	000 000  320 240					
410026			call 0040c3c0::blt_from_image_res

41002e			push 0x0000001A														//	Textbox.pbm							
410030			push &frame[-0x0098]												//	152 088  208 076: Version Dots		
410037			push 0x000000d8														//	Y: 216								
41003c			push 0x0000009c														//	X: 156								
410041			push &FullscreenRect												//	000 000  320 240					
410046			call 0040c3c0::blt_from_image_res

41004e			push 0x00000000														//	No double digits.					
410050			push L0028_VersionD													//	Value.								
410054			push 0x000000d8														//	Y: 216								
410059			push 0x0000008c														//	X: 140								
41005e			call 0040F380::render_integer

410066			push 0x00000000														//	No double digits.					
410068			push L0048_VersionC													//	Value.								
41006c			push 0x000000d8														//	Y: 216								
410071			push 0x0000009c														//	X: 156								
410076			call 0040F380::render_integer

41007e			push 0x00000000														//	No double digits.					
410080			push L0024_VersionB													//	Value.								
410084			push 0x000000d8														//	Y: 216								
410089			push 0x000000ac														//	X: 172								
41008e			call 0040F380::render_integer

410096			push 0x00000000														//	No double digits.					
410098			push L0044_VersionA													//	Value.								
41009c			push 0x000000d8														//	Y: 216								
4100a1			push 0x000000bc														//	X: 188								
4100a6			call 0040F380::render_integer

Go wild.

Rendering more junk!

				//	Render the title.																						
4100ae			push 0x00000000														//	Title.pbm							
4100b0			push &frame[-0x0020]												//	000 000  144 040: Title Screen		
4100b4			push 0x00000028														//	Y: 40								
4100b6			push 0x00000058														//	X: 88								
4100b8			push &FullscreenRect												//	000 000  320 240					
4100bd			call 0040c3c0::blt_from_image_res

				//	Render "New".																							
4100c5			push 0x00000000														//	Title.pbm							
4100c7			push &frame[-0x00f0]												//	144 000  192 016: New				
4100ce			push 0x00000080														//	Y: 128								
4100d3			push 0x00000088														//	X: 136								
4100d8			push &FullscreenRect												//	000 000  320 240					
4100dd			call 0040c3c0::blt_from_image_res

				//	Render "Continue".																						
4100e5			push 0x00000000														//	Title.pbm							
4100e7			push &frame[-0x0010]												//	144 016  192 032: Continue			
4100eb			push 0x00000094														//	Y: 148								
4100f0			push 0x00000088														//	X: 136								
4100f5			push &FullscreenRect												//	000 000  320 240					
4100fa			call 0040c3c0::blt_from_image_res

				//	Render "Studio Pixel".																					
410102			push 0x00000001														//	Unknown								
410104			push &frame[-0x0114]												//	000 000  160 016: Studio Pixel		
41010b			push 0x000000c0														//	Y: 192								
410110			push 0x00000050														//	X: 80								
410112			push &FullscreenRect												//	000 000  320 240					
410117			call 0040c3c0::blt_from_image_res

Feel free to move some stuff around. You've just been given control over 4 graphical elements of your choice to put on your title screen. You have no excuse to keep the original CS title screen anymore. ;D

Title screen sprites
You can change the Quote/King/Sue/Toroko/Pixel the Cat/Curly on the title screen by messing with the frames in the first part of this post. However, this doesn't let you specify the image file they're from.

41018c	L003C_ImageFile = 0x00000010	// MyChar.pbm Quote
4101df	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Curly
410232	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Toroko
410285	L003C_ImageFile = 0x00000017	// NPCRegu.pbm King
4102d5	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Sue

Have fun.

 

D:

Kinda cool that you actually release this
It might come in handy. Especially the hell times.

Anyway, some info:

Change the background color
Around 0000FDA8, the game PUSHes a number onto the stack: 0x202020 (20 20 20 00) Immediately afterwards, it calls a function which sets the background color. You can change this value to any other RGB number to have a different title screen background color.

0000DE78 - Background Colour: Fade
00010409 - Background Colour: Null

Change the hell times

			//	Determine which mode the title screen is in, based on the best hell time.									
40fdfa		if(L0164_HellBestTime != 0)
40fe03			if(L0164_HellBestTime <= 18000)
40fe0f				L011C_Mode = 1

40fe19		if(L0164_HellBestTime != 0)
40fe22			if(L0164_HellBestTime <= 15000)
40fe2e				L011C_Mode = 2

40fe38		if(L0164_HellBestTime != 0)
40fe41			if(L0164_HellBestTime <= 12000)
40fe4d				L011C_Mode = 3

40fe57		if(L0164_HellBestTime != 0)
40fe60			if(L0164_HellBestTime <=  9000)
40fe6c				L011C_Mode = 4

Here's what the code looks like (yes, it really tests to see if [ebp-0164] is not equal to 0 for every possible Hell time "group" - waste of code, considering a single all-encompassing "if" could cover the entire group.) This is the time in hundreths of seconds, I believe.

You need to divide trough 3000 D:

18000 / 3000 = 6 minutes
15000 / 3000 = 5 minutes
12000 / 3000 = 4 minutes
9000 / 3000 = 3 minutes

Some keys
At 0000FF56, the game ANDs the key being held with 0x00008000 (the flag for escape.) Up and down are, regretfully, detected with a flag (was the "up key" flag set?) so changing them is a little trickier.

Would be cool if you find Y/Z
Some germans (like me) have trouble with the settings (not me ), because in germany the keys Y and Z are exchanged.

Title screen sprites
You can change the Quote/King/Sue/Toroko/Pixel the Cat/Curly on the title screen by messing with the frames in the first part of this post. However, this doesn't let you specify the image file they're from.

41018c	L003C_ImageFile = 0x00000010	// MyChar.pbm Quote
4101df	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Curly
410232	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Toroko
410285	L003C_ImageFile = 0x00000017	// NPCRegu.pbm King
4102d5	L003C_ImageFile = 0x00000017	// NPCRegu.pbm Sue

That is not correct as my own NPC FAQ says D:

Tileset Value:

0x00 - 0x0F - Tilesets
0x10 - 0x1F - NPCsets

0x00 - Title
0x01 - ???
0x02 - Map Tileset
0x03 - ???
0x04 - ???
0x05 - ???
0x06 - Fade
0x07 - ???
0x08 - ItemImage
0x09 - ???
0x0A - ???
0x0B - ???
0x0C - ???
0x0D - ???
0x0E - ???
0x0F - ???

0x10 - MyChar
0x11 - Bullet
0x12 - ???
0x13 - Caret
0x14 - Sym
0x15 - Map NPCset 1
0x16 - Map NPCset 2
0x17 - NPCRegu
0x18 - ???
0x19 - ???
0x1A - ???
0x1B - ???
0x1C - ???
0x1D - ???
0x1E - ???
0x1F - ???

 

That is not correct as my own NPC FAQ says D:

...

0x10 - MyChar
0x11 - Bullet
0x12 - ???
0x13 - Caret
0x14 - Sym
0x15 - Map NPCset 1
0x16 - Map NPCset 2
0x17 - NPCRegu
0x18 - ???
0x19 - ???
0x1A - ???
0x1B - ???
0x1C - ???
0x1D - ???
0x1E - ???
0x1F - ???

Uh... what the fuck are you talking about?

0x10 - MyChar
0x17 - NPCRegu

41018c L003C_ImageFile = 0x00000010 // MyChar.pbm Quote
4101df L003C_ImageFile = 0x00000017 // NPCRegu.pbm Curly
410232 L003C_ImageFile = 0x00000017 // NPCRegu.pbm Toroko
410285 L003C_ImageFile = 0x00000017 // NPCRegu.pbm King
4102d5 L003C_ImageFile = 0x00000017 // NPCRegu.pbm Sue

That's EXACTLY what I posted.

Pay attention.

 

I'm sorry, but you said:

However, this doesn't let you specify the image file they're from.

Which is not true D:
You can actually set the NPCSet 1 or 2 to a file and then just change the code.

 

I'm sorry, but you said:
Which is not true D:
You can actually set the NPCSet 1 or 2 to a file and then just change the code.

You can change the Quote/King/Sue/Toroko/Pixel the Cat/Curly on the title screen by messing with the frames in the first part (important! first != last) of this post. However (hinting that there's a catch to what I've previously said), this (making a reference to editing the frame RECTs in the previous sentence) doesn't let you specify the image file they're from.

So... what did you figure? "Runey is telling us it can't be done, then immediately afterwards posting the offsets where to do it?" :/

 

Huh?
I guess my english sucks.
What do you mean exactly? D:

This was from my NPC FAQ, everyone has access to it, it was posted a long time ago.

 

This is ridiculously unimportant and it's getting dumb - read that line as "Although I did post the list of RECTs earlier, that list (the list of RECTs, just so we're clear) only lets you change positions, not which file the images come from. Now I'm going to post a new list of offsets which, as I'm implying, sets up which image IDs to use.", and if you still feel there's something vitally important worth over 3 posts of debating left in there, deal with it.

 

Eh, it wasn't a debate

That's all.

 

Em Rune...

When I go into the Doukutsu.exe Property menu, I only see 4 tabs, namely the "General", "Compatibility", "Security" and "Details" tabs.

Where's the "Version" tab you mentioned in the part where you explained how you can change/remove the version? =/

Yes I'm a nub.

 

Hmm, on further verfication, it seems read-only in that menu anyway. Your version of windows may be different from mine (I'm assuming Windows XP, but Vista may have a different tab layout; and you need to upgrade now if you're still on 98 or 95 )


You want this screen, or an equivalent screen at least.

Open Doukutsu with a resource editor to modify this information (that screen is read-only; my bad) You want the "Version" resource type; there's only one resource so it's easy to find.

 

Vista for me. Proving to be really sucky so far. Only the graphics for Windows applications itself are impressive. But when you play games that have great graphics, you might consider trashing your comp.

 

Sorry for bumping the thread but I've made a little picture that'll be a help to people who plan on changing the title screen. The quality is a little bit crap cause photobucket wouldn't work and I ended up needing to upload it as a gif. The points should be the same.

So The yellow is the position where the Title is placed, The green, "New", Red "Continue". The purple point is where the Studio Pixel and year sign goes and the blue, the version. This will come in handy if you intend to change the size of the title itself, for example, and make it cover the entire screen (Like in Original Sin) you'd end up with the Title in a really wierd position. To make it work, you'd have to change the position to 0,0 (Basically moving the yellow point to the top left corner). If you're new to hacking, remember to change normal numbers to Hex, other wise it won't work the way you want it to. I thought I'd post this cause I was trying to work out how I'd do a hack. It didn't go quite the way I wanted it to so I had a look around runelancers posts that might have display rect' editing. I found this and relised how simple it would actually be to make a new title screen. The first time I looked, I had no idea about changing the title, apart from the music and the positions of objects.

 

You know guys... I'm new at hacking and now understand how assembler hard.
In my mod i move title and new/load game buttons, but Quote still in the middle. How to move him?

 

4102E5 ; y of start arrow 
4102F1 ; y of continue arrow

 

Thank you Lace!(I find Y and where can i found X now?)
And... Somebody can make new buttons(like training area button)?
I think this gonna be cool!

 

I think there's already 2 extra options on the title menu that get deleted as the game loads up. Maybe stop that happening, then change what happens when those buttons are selected?

 

Ok...
Now i need to know the X of Quote for load and new game buttons.

 

they're in the same function...
it pushes y first, and then x, I believe.

 

If you think so try it.

 

you're welcome