[FF8] Engine reverse engineering

[JWP]

Yes, all of the probabilities can be changed, they are currently in the form of something like:
Code: [Select]

...if (rand() % 3 == 0) {...

which means random number modulo 3 - this gives a random number between 0 and 2
and the test is == 0, which has a 1/3 chance of being triggered.

You can change both the numbers and the test: e.g.

Code: [Select]

...if (rand() % 4 < 3) {...

gives a 3/4 chance of the code being executed.
You could then combine it with other tests to make it more likely in certain circumstances.

Thinking about it, I could change the syntax to something like [0..2] to make it easier to understand.

you can test to see if you have a status too, so you can easily stop enemies from casting the same spell over and over.

I might put in boolean expressions at some point, the main problem being that decompiling boolean or statements back from the byte code seems like it'd be a pain.

 

[Callisto]

Hm, I think the current probability form is actually fine as it is. If improving readability causes too much pain, better save it for a later revision. For now, it would be great to just see an initial release soon

 

[JWP]

Changing the rand syntax is a 2 second job, boolean expressions I'd definitely leave until a later release.
I did realize that I could make it a lot easier by encoding metadata using useless/illegal opcodes though since the game pretty much ignores them.

 

[makipl]

Input cracked!/Input hack/Create your own key input algorithms!

4685E0 - get_key_state (If you can't find it search for xrefs to "INPUT PARAMETER ERROR - get_key_state")
This function returns whenever *(1CD02D8+arg_0) is bigger than 0
Example: To test if user press '1' on keyboard then: bool bpressed = get_key_state(1) (bool because function returns 32bit register)
Now the trick you can use it:
4A2CA0 is the function that is called on every update on field, battle and world. It checks for CTRL+R combination to reset the game, and CTRL+Q combination to exit the game. Now imagine this scenario:

You inject to this function and check for your own specific combination. If the combination passes your code/unknown code section is played (for reversing sake or whatever you want). You can create inside-working trainer. Maybe put changing music on Numpad3 and Numpad4? Super easy to do. This really helps reversing stuff as I can call any script just by clicking desired button in-game.

Bad part is it doesn't work on menu module. Worry not, just xref the call to 01CD02D8 struct and find it there.

If you get_key_state(arg_0) where arg_0 > 255, then the famous "WILLIAM PLEASE CHECK YOUR PARAMETER" will appear. 

Just tested it in-game via assembly injection:
Code: [Select]

push 00000004CALL ff8.exe+685e0 //get_key_state(4)ADD esp, 04 //stackTEST eax,eaxJNE passed //eax is positive

Turns out PUSH 00000004 means '3' instead of '4'
also I tried to write the music swap code, but it crashes after playing SdMusicPlay() function and it looks like the function is not loading desired AKAO or the module corrupts something. I'll do some more tests soon. Anyway, I can claim it working!

 

[makipl]

Okay, here's the video example of the hack:

and also assembler source for music player trainer:
http://pastebin.com/YXFhuBGG

The issues I had earlier were caused by not clearing stack (ADD ESP, 04 or POP to EAX) and also remember, that EAX and EBX - NEEDS TO BE ZERO before you proceed!
Not doing XOR EBX, EBX will crash the game.