T
Terid__K
Guest
You know, a Load Game function in the menu would surely be useful. But I guess it would have been done by now if someone had the necessary knowledge.
- Status
N
nfitc1
Guest
This is actually the very thing I'm attempting. I'm getting closer to changing one of the menu functions to the load screen from the beginning of the game, but it's not working out very well. When I point it to the instruction set that will begin the menu process (I believe it's at 0x72225A or something) the game freezes. Well, I see the timer moving, but I don't have control at all. I can point it to a place where it will draw the save menu, but I still don't have a cursor. I'm thinking I'll have to use one of the unused menus in the PC version (apparently there's at least three that don't get called and there's a few duplicate menus too) to make an entire sequence of events to fire. I'm just not sure which ones do do after the 0x72225A. That's the one that should draw the menu, but there's more to it than that.
H
halkun
Guest
On the PSX those .MNU files are actually compiled executable overlays that are banked in. It's why they are "embedded" in the exe in the PC version. This code isn't so much "hidden" in so much that you are executing a code stub that's half loaded.
K
Kranmer
Guest
hey NFITC1 i was looking a little more at the code trying to find the overlay for load and save and i think i might have found somthing (it may be nothing but looked a little promising)
Load-
00722040 - mov [00dd7704],00000000 - Main Screen that displays 1-10
0x72214A - mov [00dd7704],00000001 -
0x721E9C - mov [00dd7704],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x72211E - mov [00dd7704],00000003 -
Save-
0x6FFCDF - mov [00dca028],00000000 - Main Screen that displays 1-10
0x6FFDE1 - mov [00dca028],00000001 -
0x6FFAF7 - mov [00dca028],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x6FFDB5 - mov [00dca028],00000003 -
(please note the save/load data screen is the first screen you come to and NOT the actual save slot screen)
Load-
00722040 - mov [00dd7704],00000000 - Main Screen that displays 1-10
0x72214A - mov [00dd7704],00000001 -
0x721E9C - mov [00dd7704],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x72211E - mov [00dd7704],00000003 -
Save-
0x6FFCDF - mov [00dca028],00000000 - Main Screen that displays 1-10
0x6FFDE1 - mov [00dca028],00000001 -
0x6FFAF7 - mov [00dca028],00000002 - All 3 are acessed when you click on any saved data 1-10 on main
0x6FFDB5 - mov [00dca028],00000003 -
(please note the save/load data screen is the first screen you come to and NOT the actual save slot screen)
N
nfitc1
Guest
I noticed things around these places and it seems that code is executed every frame. Like a "monitor input loop" or something. Still, I'll check it out.
O
obesebear
Guest
Necromancy, etc etc
Whatever came of this?
Whatever came of this?
K
Kranmer
Guest
I am also interested in how far you got, did you even get close ?
N
nfitc1
Guest
I didn't get very much farther with it. I couldn't change the menu very much because most of the functionality is hard-coded. There would be too many things to do to get one menu to do the function of another. I got distracted by other things. Feel free to pick it up though. There's lots of useful addresses in this thread.
K
Kranmer
Guest
its a shame you wasnt able to get very far, it would have been to have a load option on the start menu,
I may be adding a load option to my trainer using some of the work here, but it isnt the same as what you was trying to do. (the method i use allows the user to switch from the in-game menu to the NEW GAME and CONTINUE screen and from there they can load)
I may be adding a load option to my trainer using some of the work here, but it isnt the same as what you was trying to do. (the method i use allows the user to switch from the in-game menu to the NEW GAME and CONTINUE screen and from there they can load)
W
Wutai Clan
Guest
This topic is very interesting, especially the idea of adding a load game feature. (Very much needed.)
One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.
For instance, a post talking about how the menu slots array has only so many slots.. So what.
Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.
Basically, hook directx, overlay a new "Load Game" button(using DX), add in some mouse click detection for the location you are drawing it at, and when a click occurs, simply trigger the real load game screen. (I haven't played the game recently(so I forget), but the mouse may need to be enabled too if it's usually not visible, also fairly easy from the DX hook.. You just issue an enable command which toggles it's visible state.)
Easier said than done, but very doable.
Note: Most ppl use the custom graphic driver by Aali, so working with him\her is preferred, since they obviously already hooked the game to that. (Which also gives you a nice starting point to inject your code from.)
---
Here is an example of what can be done via hooking, if you have the knowledge.
OBSE
http://obse.silverlock.org/
Look at the documentation for OBSE,. (It adds arrays, strings, functions, etc, and more to Oblivions default scripting engine..)
Look at MGE (Morrowind Graphic Extender) for an example of a good visual directX hook in action. (It adds distant LOD, and all kinds of awesomeness to Morrowind.)
I believe the source code is available for both(it's included with OBSE, and MGE has it separate on SourceForge, so if you're interested in learning how to do these things for this game, take a look..)
----
Btw, I would love to help, but I'm still an amateur at actually doing these things, so far I can disassemble, and do minor hacks, basically what you might see with a trainer, but made permanent through .exe modifications. (Things like, infinite ammo, etc,.)
If anyone more skilled would like to help me learn about more advanced stuff, by pointing me in the right direction, that would be appreciated, PM me with any tutorials, tool recommends, etc,.. (I use IDAPro mainly, and MHS v6.1(very good tool)..)
Then I could be a bit more useful around here..
One thing I've noticed, is you are attempting to work with existing mechanics, and forcing yourselves into those constraints.
For instance, a post talking about how the menu slots array has only so many slots.. So what.
Via a directX hook, you can draw your own menu's, I would use mouse clicks for ease of coding(no worries about forcing it to work with the existing menus..), sure it's a hack, but it works.
Basically, hook directx, overlay a new "Load Game" button(using DX), add in some mouse click detection for the location you are drawing it at, and when a click occurs, simply trigger the real load game screen. (I haven't played the game recently(so I forget), but the mouse may need to be enabled too if it's usually not visible, also fairly easy from the DX hook.. You just issue an enable command which toggles it's visible state.)
Easier said than done, but very doable.
Note: Most ppl use the custom graphic driver by Aali, so working with him\her is preferred, since they obviously already hooked the game to that. (Which also gives you a nice starting point to inject your code from.)
---
Here is an example of what can be done via hooking, if you have the knowledge.
OBSE
http://obse.silverlock.org/
Look at the documentation for OBSE,. (It adds arrays, strings, functions, etc, and more to Oblivions default scripting engine..)
Look at MGE (Morrowind Graphic Extender) for an example of a good visual directX hook in action. (It adds distant LOD, and all kinds of awesomeness to Morrowind.)
I believe the source code is available for both(it's included with OBSE, and MGE has it separate on SourceForge, so if you're interested in learning how to do these things for this game, take a look..)
----
Btw, I would love to help, but I'm still an amateur at actually doing these things, so far I can disassemble, and do minor hacks, basically what you might see with a trainer, but made permanent through .exe modifications. (Things like, infinite ammo, etc,.)
If anyone more skilled would like to help me learn about more advanced stuff, by pointing me in the right direction, that would be appreciated, PM me with any tutorials, tool recommends, etc,.. (I use IDAPro mainly, and MHS v6.1(very good tool)..)
Then I could be a bit more useful around here..
Last edited:
B
Bosola
Guest
To be honest, once you've haxxored the game into loading saves, I suspect that changing the text pointers to allow another menu entry would be (comparatively) simple. Comparatively.
More importantly, we want to work with both PC and PSOne versions of the game.
I do think it's a good idea, mind.
Actually, I could do with some of your assistance in learning about ASM hacking. I've played with the AI engine's pseudo-assembler, and I'm fine with stacks, registers and pointers. Considering my current level, where do I go next? Learn about generic x-86 assembler before anything else?
W
Wutai Clan
Guest
Honestly, you seem to be at about the same level as me, and that's my issue as well.. Where to go next, there is so much data on the internet, but a lot of it is over my head(technically), and the rest is too simple.
There seems to be a serious lack of mid-level information on the subject. Or, I simply don't know what terminology to feed a Google search to find what I seek.
The best I can suggest, is to search..
Hooking & Subclassing
ASM Hacking Cracking
And hope for the best, if you find anything really clear and revealing, let me know..
--
Edit: Here is something that helped me a bit with basic ASM stuff..
http://www.woodmann.com/krobar/beginner/p01.html
Search for IDAPro, and tutorials on using it, MHS v6.1 is a tool I highly recommend. (Most my successful hacks were done with it..)
MHS (Memory Hacking Software)
http://memoryhacking.com/
(Hex editor, memory scanning, disassembler, DLL Injector, etc, all in one tool.)
Last edited:
N
nfitc1
Guest
If you've done the AI editing and are comfortable with that then the next step is just to dive into the ASM code of the executable and google anything that doesn't make sense. There's lots more code in an executable that isn't in the AI so you'll be googling a lot at first.
Basically, get a good debugger program. I use IDA and I think it's fabulous. I can name references, memory addresses, jumps, run the program and do traces. It even works with the fourth and fifth buttons on a mouse like a browser (forward and back through the jump history list). I'm just using the freeware version and not even all its features there either and I find it exceptionally helpful. Get that, load the executable into it and just dig through it until you find something familiar. There are lots of addresses spread through out the forum on places to start. I'd say start with naming the savemap in memory (it's at a static location around the 0xDB0000s) and look for cross references to things you want to find. That's how I found the out-of-battle item functions. Just give it a shot.
It helps to be able to think in binary and hex. Also, it tries to auto anticipate data types (byte, word, dword) but doesn't always get them right. Like the materia equip effects I just found yesterday (equip effect 15h is pretty sweet
).
W
Wutai Clan
Guest
Yeah, that's basically what i was saying, with a lack of a clear direction, the next step seems to be just to mess around, and learn what you can.
For me, my goal is to be able to make tools like OBSE\MGE. I have an interest in expanding games, and adding new capabilities, etc,.
Btw, is anyone documenting all the stuff found? (I've seen it scattered around, but nothing compiled.)
It might be worthwhile to start a wiki page, with a commented IDA database file, that way coders could update the page as new discoveries are made, and we could all get a clearer picture of what's doing what in the code. (Without having to start from scratch, or comb the forums for hours compiling this data..)
N
nfitc1
Guest
It's not a bad idea, but it might draw some unintended trouble to us. What this is is no less than reverse engineering. We're not doing it to steal its secrets or anything so it's not technically a violation of the EULA (don't reverse for the purpose of using its pieces), but it's possible and likely that if Squeenix knows about what we're doing we'd get a C&D from them.
I'm not opposed to this, but we need to be cautious about the way it's done. Could we just have a list of addresses and descriptions rather than whole code and still get away with it?
The principle difference is that Bethesda encourages people to add mods to their games. ES games are one thing, but Squeenix (and practically all Japanese software companies) is very much against detailing the inner-workings of their labors.
S
sl1982
Guest
The question is, did Square/Eidos even have a EULA for FF7? I don't ever remember seeing it.
S
sithlord48
Guest
i don't recall perhaps one of the files included w/ the game, maybe the readme or in the book. i don't have any paper work for my pc version anymore.also the psx version may be under a different agreement.
W
Wutai Clan
Guest
Yeah, I have no idea where they would draw the line.. ?
Perhaps, just the data like you said..
0x00001234 = Player 1 MP
etc,.
Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides, it's not technically reversing the code, just, commenting it.)
--
Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.
In the ff7_OpenGl.cfg file, add this..
load_library = "FF7Hack.dll"
I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..
ie,..
load_library = "Hook1.dll"
load_library = "Hook2.dll"
Last edited:
K
Kranmer
Guest
Yes the load library was implimented awhile a go by Aali to allow the loading of custom code (mainly for the speedhack.dll which before he implimented i had to attach to the EXE directly) but i believe it only allows you to load 1 DLL (as far as i am aware but to be 100% honest i havent tried it)Yeah, I have no idea where they would draw the line.. ?
Perhaps, just the data like you said..
0x00001234 = Player 1 MP
etc,.
Then again, that's pretty much what you see in IDAPro, so it's really the same difference. (Besides, it's not technically reversing the code, just, commenting it.)
--
Edit: Btw, I asked Aali about the possibility of a plugin system, apparently one already exist.
In the ff7_OpenGl.cfg file, add this..
load_library = "FF7Hack.dll"
I tested it earlier, and it works, I had a simple hook running. Not sure how many of those you can have though,..
ie,..
load_library = "Hook1.dll"
load_library = "Hook2.dll"
EDIT:-
i just gave it a quick go and it doesnt seem to allow the loading of 2 DLL's (it also doesnt allow you to have 2 of any line in the CFG, if you put 2 lines it just ignores the first so if you put 2 mod paths it will only read from the second one)
Last edited:
W
Wutai Clan
Guest
Well, from the conversation we had, Aali made it sound as if this functionality already existed in FF7.exe, this just exposed it, and that it was capable of loading multiple dll files.. (I haven't tested it either though.)
But it sounded that way.. (Hopefully that's the case.)
Over the next while I have two Oblivion mods I have to get finished, I've been promising these guys updates for about a week now, and I keep doing other stuff, after that, I should be free for awhile, I'll try to do some stuff around here.
Anyways, I gotta get some sleep..
--
(Btw, what's with the watching me, I saw that I got warned in that other topic, but if trying to help is bad, then maybe I'm in the wrong place. And it was useful information, if you have an imagination, use FF8's own mechanisms to draw the model, then dump it on the fly, it could similarly, be reinjected on the fly, it's a long shot, but let's face it, there isn't much progress on the FF8 front.. There is similar program that does just this for textures, called TexMod..)
Last edited:
- Status