It is currently Mon Jun 24, 2019 11:05 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sun Dec 09, 2018 4:59 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
Who doesn't like boss rushes? I decided to try hacking Journey to Silius into one but came flat:

Using FCEUX, I found that addresses $0170 and $0153 are used together to determine what stage/boss will load:

Code:
$0170 | 00    | 00    | 01     | 01    | 02     | 02    | 03     | 03    | 04     | 04    | 05   | 05
$0153 | 00    | 10    | 00     | 10    | 00     | 10    | 00     | 10    | 00     | 10    | 00   | 10
       Stage1 | Boss1 | Stage2 | Boss2 | Stage3 | Boss3 | Stage4 | Boss4 | Stage5 | Boss5 | Null | Boss6


The problem is, when the game starts up, $0153 is at 00, and putting in a write breakpoint, any values I change will crash the title screen.

Also when completing a boss, I changed the breakpoint to take you to the next boss instead of the next stage. It loads the boss stage fine, but in a few seconds the game takes you to next boss after that. It continues doing so until the ending credits load.

I've pretty much given up at this point, unless someone can figure this out? :(


Top
 Profile  
 
PostPosted: Mon Dec 10, 2018 12:16 am 
Offline
User avatar

Joined: Thu Sep 15, 2016 6:29 am
Posts: 896
Location: Denmark (PAL)
Just a wild guess, but could there be a flag in RAM that indicates that the game's attract mode is active?
You know, so it loads a stage and plays "normally" (with prerecorded inputs) but just terminates it after ten seconds?


Top
 Profile  
 
PostPosted: Mon Dec 10, 2018 10:15 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
This game doesn't have an attract mode. It has a static title screen with music that loops until the player presses START.


Top
 Profile  
 
PostPosted: Tue Dec 25, 2018 11:15 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
Done!

https://youtu.be/Z-882JZs3AQ

Thank you, Fiskbit.


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 1:45 am 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 2302
Location: Fukuoka, Japan
Good to see that it did work!

I guess it's intentional that you have to do it in one go with no energy refresh? That makes it even harder :lol:


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 9:17 am 
Offline
User avatar

Joined: Thu Sep 15, 2016 6:29 am
Posts: 896
Location: Denmark (PAL)
That's usually how bush rushes work, isn't it?


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 10:23 am 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21453
Location: NE Indiana, USA (NTSC)
"The Arena", the boss rush in Kirby Super Star, offers limited Maxim Tomato powerups, about one every three battles. The boss rush modes in some Super Smash Bros. games are similar.

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 10:39 am 
Offline

Joined: Tue Dec 04, 2018 2:28 pm
Posts: 44
Want to post the complete code by any chance?
If you want I can give you credit for this code on my channel as well.

Also, if it's impossible to load some healing item.. I'd say just have an extra code to start with extra health/lives if it's too hard.


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 6:54 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 2302
Location: Fukuoka, Japan
@Sumez

That's possible. It just that I'm not that knowledgeable about boss rush mode, except for the name ^^;;;

Would still be fun to try it someday. I finished the game a long time ago but I'm not sure I would be able to beat the bosses only in one shot.


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 8:30 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
gukingofheart wrote:
Want to post the complete code by any chance?
If you want I can give you credit for this code on my channel as well.

Also, if it's impossible to load some healing item.. I'd say just have an extra code to start with extra health/lives if it's too hard.


Here are my notes:

Quote:
Fiskbit:
try changing $1D1FB (headered address) from AD5301F005 to A9108D5301

This is what takes you straight to the boss rooms.

Quote:
00758E: 09->01
007592: 09->01 (can only select 00/01 continues)

Though I removed all extra lives and continues, you can still go into the options menu. But you can only add 1 continue.

Quote:
-prevent health/weapon from regenerating
01C6BF: B0 -> 00 (prevent health from regenerating)
01C6D4: 04 -> 00 (prevent weapon from regenerating)

01C6D6: 3F -> 00 (go to next stage without checking weapon)

01C6E1: B0 -> F0? (do not set health to '10')
01C6D9: A9 3F 85 -> FF FF FF (do not set weapon on next stage)

-prevent 'refill sound'
-01C6B4 [18 -> 17]

Okay, this is weird and I don't quite understand it. But everything here prevents the gauges from refilling after each boss fight. Simply preventing the gauges from going up (the first two addresses) won't solve the issue of the game checking to make sure they reach a certain point and going to the next 'stage.' Also, the gauges refilling is just aesthetic: regardless, they'll be reset via two other addresses. So your weapon check value is now at '00' and the code that resets the health is set to a different address, and the codes that reset the weapon gauge have been cleared out. (I'm not a programmer, so if anything here looks unsafe, please let me know! :shock:)

Quote:
-all weapons available:
01DCDA: 03 0B 0F -> 1F 1F 1F

JtS has a pretty interesting combination for your weapons that are never used: you can have just your handgun; your handgun and machinegun but no shotgun; handgun, shotgun, homing missile, but no machinegun; and pretty much any combination as long as you have a handgun. But I decided to have them all available.

^on a tangent, I'd like to know if it'd be feasible to allow each weapon to have it's own 'gauge' Mega Man-style?


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 9:42 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 2302
Location: Fukuoka, Japan
I guess to have each weapon have its own energy would be an interesting idea for boss rush mode but it would be a more advanced rom hack though, since it requires a better understanding where the energy of the gun is used, update that code and allocate memory for each. Still, that would be interesting thing if done.


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 10:20 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
I think it would be an interesting stand alone hack, not necessarily for boss rush mode (in fact, I think it would make it too easy).


Top
 Profile  
 
PostPosted: Wed Dec 26, 2018 11:27 pm 
Offline

Joined: Sat Nov 18, 2017 9:15 pm
Posts: 72
The "A9 3F 85 -> FF FF FF" change caught my eye as being really sketchy because you're changing code to non-code, so I figured we could look at how you can maybe improve the changes here.

At 1C6B4, you try to prevent a sound by changing what value gets passed to a sound-related function. I don't know if there's a reason you chose #$17 or if it's just something you tried that worked, but instead of writing this value that we don't understand, I'd rather avoid writing a value altogether by removing the following call to code that I presume is writing to sound engine variables: 1C6B5 = EA EA EA. It might be that writing something here is necessary for some reason, but without a reason or more knowledge, skipping it entirely seems better.

At 1C6BF, you're changing INC $B0 to INC $00 probably to avoid modifying the value in $B0, but without knowledge of what $00 is at this point, you should be doing this by NOP'ing out the instruction (1C6BF = EA EA) or something equivalent. $00 is probably just a temporary that isn't currently in use, but without more knowledge of the game, you should be programming defensively. LDA #$B0 would probably be the most defensive change because it's equivalent here to a NOP and keeps the second byte the same so that jumping into the middle of the instruction would get the same behavior, but that's pretty atypical behavior.

The changes at 1C6D6 and 1C6D9 are a mess. By changing 1C6D6 to #$00, you're causing this comparison to always set carry (because A is always >= 0) so the following branch is never taken. This branch used to skip over the next two instructions, so those are now always executed, but you apparently don't want this, so you remove them. You do this by setting them to $FF, which is the invalid opcode ISC (see documentation here). This surely can't be what you intended and causes some really serious changes to control flow because it causes the 4 bytes of those two instructions to become 5 bytes, consuming the RTS instruction as an operand and flowing into the following routine. What used to be this:

Code:
 07:C6BA:A5 B1     LDA $00B1 = #$3F
 07:C6BC:C9 3F     CMP #$3F
 07:C6BE:F0 0D     BEQ $C6CD
 07:C6C0:A5 B1     LDA $00B1 = #$3F
 07:C6C2:18        CLC
 07:C6C3:69 04     ADC #$04
 07:C6C5:C9 3F     CMP #$3F
 07:C6C7:90 02     BCC $C6CB
 07:C6C9:A9 3F     LDA #$3F
 07:C6CB:85 B1     STA $00B1 = #$3F
 07:C6CD:60        RTS -----------------------------------------

becomes this:

Code:
C6BA  $A5 $B1        LDA $B1                 
C6BC  $C9 $3F        CMP #$3F                 
C6BE  $F0 $0D        BEQ $C6CD               
C6C0  $A5 $B1        LDA $B1                 
C6C2  $18            CLC                     
C6C3  $69 $04        ADC #$04                 
C6C5  $C9 $00        CMP #$00                 
C6C7  $90 $02        BCC $C6CB               
C6C9  $FF $FF $85    ISC* $85FF,X             
C6CC  $B1 $60        LDA ($60),Y  ; Used to RTS.
C6CE  $A9 $10        LDA #$10                 
C6D0  $85 $B0        STA $B0                 
C6D2  $A9 $FF        LDA #$FF                 
C6D4  $85 $DB        STA $DB                 
C6D6  $60            RTS                     


Assuming you don't want the behavior of the code you're now flowing into and your goal is to make sure this code isn't ever executing, were it me, I'd just replace this whole chunk (1C6CA-1C6DC) with RTS instructions, since it's the end of the function and only does behavior I don't want anymore. These are safe because anything reaching this chunk of code is going to return anyway, and RTS is a single-byte instruction, so you don't have to worry about anything jumping into the middle of it (relevant because you don't know if there are calls, jumps, or branches into this code).


Top
 Profile  
 
PostPosted: Thu Dec 27, 2018 9:55 pm 
Offline
User avatar

Joined: Thu Sep 07, 2006 1:08 pm
Posts: 589
Location: United States
Fiskbit wrote:
at this point, you should be doing this by NOP'ing out the instruction (1C6BF = EA EA) or something equivalent.

Whaaa... :? So EA does nothing? All this time I thought FF was that. :? I guess I should look at ASMCode.doc more often. :| THANKS! :D

I'll make the changes ASAP.


Top
 Profile  
 
PostPosted: Thu Dec 27, 2018 10:08 pm 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21453
Location: NE Indiana, USA (NTSC)
Jedi QuestMaster wrote:
So EA does nothing?

Except monopolize the video game rights to real world football leagues.

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group