Jump to content

jstout

Members
  • Posts

    539
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by jstout

  1. It would be a ton faster and cleaner just to swap the full rosters and change the names and logos to match. All that is really simple.
  2. Nice work on the graphics. Its been almost 15 years since I messed with the game but I helped slim_jimmy7 with graphics in the past. I have no notes any longer but I can tell you the logo graphics are compressed in the game. Back then, I wrote a program that decompressed the logos and was able to learn many of the commands through a text output which allowed me to write the new logos by hand into the game with a hex editor. You'd have to ask slim_jimmy7 but possibly he still has a copy of my decompressor (if the code is still with it than it shouldn't be to hard to figure out from that).
  3. I appreciate the kind words from everyone. I actually stopped by to find out what happened to Gridiron Heroes and ran into this thread. I feel a bit bad about disappearing from here. A few years back, I had a hard drive crash where I lost countless notes. Then I basically ran out of ideas for fun hacks and slowly stopped popping by. I spent most of last year with a computer that would blue screen randomly a few times a day so doing anything became a massive headache. But I do stop by now and then but usually not signed in.
  4. What data are you looking for? I use to play Tecmo NBA Basketball as a kid but it was too easy vs the CPU and later moved on to playing NBA Live 95.
  5. Yeah, I'm doing fine. Bruddog is correct that its Games Played. The "Adjuster" part is if you had some scrub that say played 1 game and had a star performance then you could set this value higher to cut down the final value to a more logical score.
  6. You guys might be way over complicating the mini helmets. Detroit already uses the grey color so just remove the special byte that places the black facemask and instead use the standard grey facemask. Cleveland has Black for the dark brown so if you recolor the tiles it should be good. No need for changing pointers and such. I got the following in just minutes. base-2017-update.nes
  7. That is highly impressive Bruddog. The time it took for me to get the original disassembly was a huge pain by itself.
  8. I don't remember all the changes but finding them should be extremely simple. Set breakpoints for offense of reads to: Special Teams/Formation Pointers (11 Pointers): $A000-$A1E3 Play Pointers (11 Pointers): $A400-$ABE7 Extra Pointers (12 Pointers): $AE00-$AF7F Set breakpoints for defense of reads to: Play Pointers (11 Pointers): $A000-$B5E9 Extra Pointers (12 Pointers): $B600-$B77F After a fast check: (remember your extra pointers need 8 pointers for the 7 players like my CIFL rom had) The pointers needs the X index changed from x0B to x07 at x2573B and at x25810. Could be it or even a few more spots but you should be able to figure it out with breakpoints.
  9. Attached is a rom stripped down to only display the TSB Game Field with the source code. I'm only posting this since it might make it easier for someone to edit the game field. Controller: Pressing left and right will make the field scroll and pressing up and down will change the crowd animations. Animations are 0 = cheerleaders and no crowd movement, 1 = cheerleader celebration and crowd movement, 2 and 3 = cheerleaders and crowd movement then the next animation cycles back to 0. The game field data is located at x2010-x2B38 and needs to be pasted to x2C419-x2CF41 in an actual TSB rom. The graphics would need to be copied over as well. **Note the rom does absolutely nothing but display the game field using code from the actual game. GameField.zip
  10. I had an issue with the latest FCEUX 2.2.2 where when you loaded a rom that already had a .deb file then the emulator would crash. To fix the problem, I had to go into the debugger and deselect the .DEB files and then save the config. This may or not be your problem but if not then I'd try checking the emulator settings.
  11. Hopefully, I'll be able to get some new stuff up soon. Primis, for your questions. Yes, you can put a trap onto any specific object. Though it might be quite a hindrance to try and tackle a ballcarrier you can't see because you are watching a receiver downfield. For the NTSC/PAL, this is less a NES issue than a TV standards issue. NTSC, PAL, and SECAM are the Analog TV Standards where NTSC and PAL have different size standards. So the TVs produced in the PAL countries simply have a different display size to support the standard. The PAL standard however also has a slower refresh causing some flickering that doesn't exist on a NTSC display.
  12. I stumbled across a hidden debug option. During the Intro Screens, any screen before the Game Start Screen, if you press down exactly 7 times it activates a slow motion debug option. For those using a debugger, RAM $06F6 will need to be #$07. Once activated, to use you have to hold the Select+B buttons for slow motion and hold the Select+A buttons for a full stop. The game will still use the button presses on screens they are used. I'm not sure how useful this can be but I was entertained for a while playing around with this.
  13. Yes, the code would look nearly the same with just RAM locations changed and ability to use 16-bit numbers. I'll see about writing it up when I get the chance. BTW, I do have a ROM with the Radial code but need to find it on my hard drive (or recompile) and then I'll post it.
  14. Your FF wouldn't work here because the B8 32 needs to be reversed. The Address Lo Byte should be first and the Address Hi Byte second.
  15. That isn't true. You can do a simple copy and paste in translhextion. Select Block x2C590 to x2CF41 and it will highlight the block. Copy or Ctrl+C Open the Rom to Paste to Jump to x2C590 Paste or Ctrl+V and set to overwrite and 1 time and it will show the data being pasted in the new color Save the Rom Check the Field Tile Map above the field is the same as you can rearrange the field blocks with those.
  16. I'll see what I can do Buck with making some of the demos like TSB. I wanted to try to make the demos flowing so the entire code setup was vastly overhauled with each segment as TSB does a lot of advanced techniques with some that aren't even possible without the MMC3 mapper.
  17. I have a feeling your post is off-topic as editing only TSB isn't the main subject. From the image, its obvious that you know where things are located from yours/others findings and the notes attached. But what else do you know about that info that you understand?
  18. I'm hoping the links work as this would be cleaner than having a few dozen posts thrown all about. This is still a work in progress with more in the future and the below files are still subject to changes/improvements as I'm not happy with all of them. All demos should contain source files for the ca65 assembler and a working rom. For those that read these please let me know of things that are good, bad, and need much more clarification. Complete Folder 6502: Number Formats Registers Processor Status Flags Opcodes - Transfer Operations Opcodes - Other Operations Opcodes - Programming Model Addressing Modes Complete Opcodes Basic Math NES Programming: Memory Map NES Header PPU Registers Skeleton ROM Palettes Demo Sprites Demo Controllers Demo Backgrounds Demo Scrolling Demo Sprite 0 Hit Demo Animated Sprites Demo Camera Window Demo Collision Detection Demo MMC3 Demo
  19. Passing loft is just part of creating the arc you see in the game. The Arc needs to know other things like velocity to create a pass that will hit the mark. But if test or watch the video then you'll see the xFF loft is a straight line and the x01 has some upward movement but nothing that would be comical so all the x30 values will look fairly similar. >http://www.youtube.com/watch?v=KsFvQ8MwaNc
  20. I've learned more about the code since then. The original code is below: x2869E: LDY #$08 ; PLAYER ID INDEX LDA ($AE),Y ; PLAYER ID TAX LDA $70 AND #$1C CMP #$10 BCS @TACKLED CMP #$08 BCS @KR_PR ; KR/PR TXA EOR $70 BMI @QB_OL_PR TXA AND #$0F ; PLAYER # BEQ @QB_OL_PR ; QB CMP #$06 BCS @QB_OL_PR ; OL TXA JSR L_DD8D JMP @SKILL ; SKILL [email protected]_PR: CMP #$0A BCS @QB_OL_PR ; PR EXIT ORA #$10 ; GET KR ID STA $45 TXA AND #$80 ORA $45 JSR [email protected]: LDY #$86 ; GET PLAYER BALL CONTROL JSR L_DDAA TAY LDA $3D ; RANDOM CMP BALL_CONTROL_VALUES,Y ; BALL CONTROL SKILL BCS @TACKLED ; TACKLED? JMP @FUMBLED ; [email protected]_OL_PR: LDA $3D ; RANDOM CMP #$0C ; 44 SKILL BCS @TACKLED ; [email protected]: ; FUMBLE ROUTINE LDY #$01 LDA ($AE),Y AND #$DF STA ($AE),Y JSR L_21_BA47 JMP [email protected]: ; TACKLED ROUTINE LDA $71 ORA #$80 STA $71 JMP L_21_85A6BALL_CONTROL_VALUES:.BYTE $12,$11,$10,$0F,$0E,$0D,$0C,$0B,$0A,$09,$08,$07,$06,$05,$04,$03The hack posted here uses the first lines LDY #$08 as the PRs skill index (which was 56 skill) for the CMP BALL_CONTROL_VALUES,Y line. The QB kept the branch listed about for the skill value. Its quite possible to hack this using tables for a team's QB and PR ball control value. Or even to have the PR use their own ball control skill.
  21. Change x29FEC from x87 to x88 and change the x88 to x87 in the PC/PA hack to reverse the values. Or you can flip the ratings for all the QBs.
  22. I was intrigued as most wanted a hacking front to back example. The grappling hack was involved with only light complications. I spent much much much longer writing this all out then actually going through the steps this morning. This definitely needs some cleanup and only you guys can tell me if I need to dumb it down more or if I was babying you too much at times but this will give an idea of the steps I followed that you can replicate. Feedback will improve this too as I tried to get this done as fast as possible without detailing every last exact button name to press (just told to do it). The FCEUX Save State and the Code/Data logs I remembered to save are attached so you can see what I saw with them. I'm using FCEUX 2.2.1, http://www.fceux.com/web/home.html, and the original TSB rom. So here it goes hoping all this text fits and I already know my clean looking notepad format will be ripped to shreds in the post =) I'll probably created a new topic when all the other stuff is created or more ready to go than this so its easily found in one place. ManVsGrappleFiles.zip GOAL: Improve Man vs Com Grappling KNOW: Pressing buttons on controller helps determines grapple winner. High HP popcorns opponent. Com can't use a controller to press buttons. START: Find the Man Presses. HOW: A. Find the controller RAM storage then using the storage to count presses B. Find when it counts presses We'll attempt with Option B as it would be the quickest method if found. -------------------- GOAL: Find the press counter Step 1. Get a save state just before a grapple occurs so we can reload and test over and over again. Step 2. Open the Code/Data Logger and hit Start. Step 3. Run winning a grapple then pause the emulator and then run losing a grapple (no presses) then pause the emulator then pause the Code/Data Logger. Step 4. Pause the emulator during a grapple and open the Cheats... 1. In the Cheat Search hit Reset 2. Presses could be counted up (highest value) or down (first to a certain number). Logically we expect up. 3. Hit 00 Known Value = 639 Possibilities 4. Unpause grapple then repause during grapple. (If Grapple is done then reload save state to get back into grapple) 5. Hit 00 Known Value = 636 Possibilities 6. Unpause grapple, press A Button, then repause during grapple. (If Grapple is done then reload save state to get back into grapple then hit A Button) 7. Hit Greater Than = 51 Possibilites 8. Unpause grapple, press A Button, then repause during grapple. (If Grapple is done then reload save state to get back into grapple then hit A Button twice) 9. Hit Greater Than = 3 Possibilites (only $03BC == 02 so we expect this to be the location) Step 5. We are looking for press confirmaton. In the Debugger, Add Breakpoint with Address: 03BC and Write 1. Reload the Save State 2. Determine the breakpoints by writing down each location and hitting run to find the next until grapple finishes then pause 3. Repeat 1 and 2 hitting the A button during the grapple At Contact: x2826A 0A:825A:91 AE STA ($AE),Y @ $03BC [A = 00] This should be the press reset At Press: x28285 0A:8275:91 AE STA ($AE),Y @ $03BC [A = 01] This should be the press storage Step 6. Gather some information off these breakpoints. 1. Double-click on the 3BC breakpoint to disable 2. Add Breakpoint with Address: 825A and Execute 3. Add Breakpoint with Address: 8275 and Execute 4. Open the Trace Logger and have it start logging in the window 5. Reload the Save State and enter the grapple Trace Logger: $DAC1:A0 07 LDY #$07 A:00 X:00 Y:05 S:39 P:nvUBdiZC $DAC3:B1 AE LDA ($AE),Y @ $0606 = #$82 A:00 X:00 Y:07 S:39 P:nvUBdizC $DAC5:48 PHA A:82 X:00 Y:07 S:39 P:NvUBdizC $DAC6:88 DEY A:82 X:00 Y:07 S:38 P:NvUBdizC $DAC7:B1 AE LDA ($AE),Y @ $0605 = #$55 A:82 X:00 Y:06 S:38 P:nvUBdizC $DAC9:48 PHA A:55 X:00 Y:06 S:38 P:nvUBdizC $DACA:60 RTS (from $DACB) ----------------- A:55 X:00 Y:06 S:37 P:nvUBdizC $8256:A9 00 LDA #$00 A:55 X:00 Y:06 S:39 P:nvUBdizC ; RESET PRESS COUNTER $8258:A0 1D LDY #$1D A:00 X:00 Y:06 S:39 P:nvUBdiZC Breakpoint 1 Hit at $825A: $825A:EC--X- 6. Change 825A Breakpoint Addresss to 8256 7. Stop the Trace Logger 8. Copy Code from the Debugger using 8256 and 8275 and label the obvious 0A:8256:A9 00 LDA #$00 ; RESET PRESS VALUE 0A:8258:A0 1D LDY #$1D ; #$1D INDEX to PRESS COUNTER 0A:825A:91 AE STA ($AE),Y @ $03BC ; $AE = POINTER, $03BC = PRESS COUNTER 0A:825C:A0 01 LDY #$01 0A:825E:B1 AE LDA ($AE),Y @ $03A0 0A:8260:29 40 AND #$40 0A:8262:F0 16 BEQ $827A 0A:8264:A9 01 LDA #$01 0A:8266:20 CB DA JSR $DACB 0A:8269:20 08 A1 JSR $A108 ; COUNT? 0A:826C:10 F6 BPL $8264 0A:826E:A0 1D LDY #$1D ; INDEX TO PRESS COUNTER 0A:8270:B1 AE LDA ($AE),Y @ $03BC ; LOAD PRESS COUNTER 0A:8272:18 CLC 0A:8273:69 01 ADC #$01 ; ADD 1 TO PRESS COUNTER 0A:8275:91 AE STA ($AE),Y @ $03BC ; STORE PRESSES 0A:8277:4C 64 82 JMP $8264 ; REPEAT AT $8264 Step 7. Determine when the press counter is used (exluding the read to store the counter we found above) 1. Add Breakpoint with Address: 03BC and Read with Condition: P != #8270 2. Reload the Save State and enter the grapple At End: x284F6 0A:84E6:B1 AE LDA ($AE),Y @ $03BC This should be read for the press winner 3. Reset Code/Data Logger then hit Start. Win a grapple and Lose a Grapple as above. 4. Copy Code from Debugger (with help from Code/Data Logger spotting the entry point) and label the obvious *In the Hex Editor, using the View Menu set to ROM File (Code/Data Logger makes Data Blue, Code Gold, Code and Data Green, Unused Black) 0A:84DC:20 4C B1 JSR $B14C 0A:84DF:A9 40 LDA #$40 0A:84E1:20 CB DA JSR $DACB 0A:84E4:A0 1D LDY #$1D ; PRESS COUNTER INDEX 0A:84E6:B1 AE LDA ($AE),Y @ $03BC ; LOAD PRESS COUNTER 0A:84E8:C9 02 CMP #$02 0A:84EA:90 0D BCC $84F9 ; LESS THAN 2 PRESSES? ; GREATER THAN OR EQUAL TO 2 PRESSES 0A:84EC:20 90 B1 JSR $B190 0A:84EF:A0 81 LDY #$81 0A:84F1:A2 85 LDX #$85 0A:84F3:20 C9 B1 JSR $B1C9 0A:84F6:4C 23 87 JMP $8723 ; EXIT ; LESS THAN 2 PRESSES 0A:84F9:20 90 B1 JSR $B190 0A:84FC:A0 22 LDY #$22 0A:84FE:A2 87 LDX #$87 0A:8500:20 C9 B1 JSR $B1C9 0A:8503:A9 01 LDA #$01 0A:8505:20 CB DA JSR $DACB 0A:8508:4C 51 85 JMP $8551 ; EXIT 5. When we force to $84F9 by either NOP or JMP (refer to the 6502 opcodes for these values), quick testing shows Player 1 always loses the grapple 6. When we force to $84EC by NOP, quick testing shows Player 1 always wins the grapple We found our grapple section we need to edit but we are lacking all the info we what to use. -------------------- GOAL 2: We want to include HP so we need to find if its already loaded for our use KNOW: High HP popcorns opponent. Each Player has a section containing important game info. Its well documented and easy to find regardless so my Save State player QB Bills HP: x3011 2nd Nibble START: HP of our player Step 1. Add a Breakpoint for HP 1. Address: 9001 and Read with Condition: $9001 == #11 2. Address: B001 and Read with Condition: $B001 == #11 *We don't know if x3011 is in the $8000 or $A000 Bank so we set both. 3. Disable prior breakpoints 4. Determine the breakpoints by writing down each location and hitting run between the play call screen and game screen First Hit: x3DDEB >0F:DDDB:B1 3E LDA ($3E),Y @ $B001 = #$11 Second Hit: x3DDEB >0F:DDDB:B1 3E LDA ($3E),Y @ $B001 = #$11 5. Do it again but in the Debugger hit Step Into after hit to determine how its used First Step Into: >0F:DDDB:B1 3E LDA ($3E),Y @ $B001 0F:DDDD:B0 04 BCS $DDE3 0F:DDDF:4A LSR 0F:DDE0:4A LSR 0F:DDE1:4A LSR 0F:DDE2:4A LSR 0F:DDE3:29 0F AND #$0F 0F:DDE5:85 3E STA $003E ; FIRST NIBBLE Second Step Into: >0F:DDDB:B1 3E LDA ($3E),Y @ $B001 0F:DDDD:B0 04 BCS $DDE3 0F:DDE3:29 0F AND #$0F 0F:DDE5:85 3E STA $003E ; SECOND NIBBLE 6. Add Breakpoint with Address: 3E and Read and Write but disable it 7. Wait until second breakpoint and enable the 3E breakpoint then hit run x3DE0E 0F:DDFE:65 3E ADC $003E Adding our value to something x3DDC8 0F:DDB8:85 3E STA $003E Removes our number and quick inspection of debugger shows its creating a pointer 8. In the Debugger seek to DDFE and copy the code until the exit. 0F:DDE7:A5 45 LDA $0045 0F:DDE9:4A LSR 0F:DDEA:4A LSR 0F:DDEB:A8 TAY 0F:DDEC:28 PLP 0F:DDED:B0 06 BCS $DDF5 0F:DDEF:B9 03 65 LDA $6503,Y 0F:DDF2:4C F8 DD JMP $DDF8 0F:DDF5:B9 08 66 LDA $6608,Y 0F:DDF8:A6 45 LDX $0045 0F:DDFA:20 40 DE JSR $DE40 0F:DDFD:18 CLC 0F:DDFE:65 3E ADC $003E 0F:DE00:38 SEC 0F:DE01:E9 01 SBC #$01 0F:DE03:B0 02 BCS $DE07 0F:DE05:A9 00 LDA #$00 0F:DE07:C9 10 CMP #$10 0F:DE09:90 02 BCC $DE0D 0F:DE0B:A9 0F LDA #$0F 0F:DE0D:A8 TAY 0F:DE0E:A6 44 LDX $0044 0F:DE10:20 E3 D8 JSR $D8E3 0F:DE13:98 TYA 0F:DE14:60 RTS ------------------------------- ; EXIT 9. Add a Breakpoint at Address: DE14 and Execute but disable 10. Do 6 and 7 again but also enable the DE14 breakpoint. 11. At the DE14 breakpoint, use the debugger Step Into storing the code until values are gone then label the obvious 0F:DDE7:A5 45 LDA $0045 0F:DDE9:4A LSR 0F:DDEA:4A LSR 0F:DDEB:A8 TAY 0F:DDEC:28 PLP 0F:DDED:B0 06 BCS $DDF5 0F:DDEF:B9 03 65 LDA $6503,Y @ $6503 0F:DDF2:4C F8 DD JMP $DDF8 0F:DDF5:B9 08 66 LDA $6608,Y @ $6608 0F:DDF8:A6 45 LDX $0045 0F:DDFA:20 40 DE JSR $DE40 ; GET CONDITIONAL BOOSTS 0F:DDFD:18 CLC 0F:DDFE:65 3E ADC $003E ; ADD HP 0F:DE00:38 SEC 0F:DE01:E9 01 SBC #$01 ; SUBTRACT 1 0F:DE03:B0 02 BCS $DE07 ; NEGATIVE VALUE? 0F:DE05:A9 00 LDA #$00 ; SET TO 0 IF NEGATIVE 0F:DE07:C9 10 CMP #$10 0F:DE09:90 02 BCC $DE0D ; ABOVE MAX? 0F:DE0B:A9 0F LDA #$0F ; SET TO MAX IF TOO LARGE 0F:DE0D:A8 TAY ; FINAL HP TO Y 0F:DE0E:A6 44 LDX $0044 0F:DE10:20 E3 D8 JSR $D8E3 0F:DE13:98 TYA ; FINAL HP TO A 0F:DE14:60 RTS ------------------------------- 0D:86B4:AA TAX ; FINAL HP TO X (NOTE FINAL HP IS IN A, X, Y) 0D:86B5:60 RTS ------------------------------- 0D:8675:AA TAX ; SET HP AS INDEX FOR TABLE 0D:8676:BD EF DF LDA $DFEF,X @ $DFF0 ; GET HP VALUE FROM TABLE 0D:8679:A0 1C LDY #$1C ; HP VALUE INDEX 0D:867B:91 40 STA ($40),Y @ $03BB ; STORE HP VALUE ... CONTINUE ELIMINATES FINAL HP IN REGISTERS A,X,Y Step 2. Add a breakpoint for the new HP location we found 1. Delete the 9001, B001, 3E, DE14 breakpoints 2. Add a breakpoint for Address: 03BB and Read and Write 4. Enable the breakpoints at 8256 and 8275 (We know the HP has to be checked first) 5. Pause the emulator and reset the Code/Data Logger hit Run 6. Reload our save state just before the grapple and record the breakpoints for $03BB At Contact: x284D9 0A:84C9:B1 AE LDA ($AE),Y @ $03BB Read HP for Popcorn Check 7. Pause the Code/Data Logger 8. Reload before the grapple until breakpoint and copy Code from Debugger (with help from Code/Data Logger spotting the entry point) and label the obvious 0A:84C7:A0 1C LDY #$1C ; HP VALUE INDEX 0A:84C9:B1 AE LDA ($AE),Y @ $03BB ; MAN HP VALUE ($AE is MAN POINTER) 0A:84CB:38 SEC 0A:84CC:F1 3E SBC ($3E),Y @ $061B ; SUBTRACT COM HP VALUE ($3E is COM POINTER; $61B ADDRESS - #$1C INDEX = $05FF POINTER) 0A:84CE:90 04 BCC $84D4 ; MAN LESS THAN COM HP VALUE? ; MAN MORE THAN COM HP VALUE 0A:84D0:C9 20 CMP #$20 0A:84D2:B0 18 BCS $84EC ; MAN MORE THAN COM HP VALUE BY x20+ (THIS HEADS STRAIGHT TO WIN GRAPPLE) ; MAN LESS THAN COM HP VALUE 0A:84D4:20 36 B1 JSR $B136 0A:84D7:A9 01 LDA #$01 0A:84D9:20 CB DA JSR $DACB ; We know the following code here is the Man vs Com press check from above 0A:84DC:20 4C B1 JSR $B14C 0A:84DF:A9 40 LDA #$40 0A:84E1:20 CB DA JSR $DACB 0A:84E4:A0 1D LDY #$1D ; PRESS COUNTER INDEX 0A:84E6:B1 AE LDA ($AE),Y @ $03BC ; LOAD PRESS COUNTER 0A:84E8:C9 02 CMP #$02 0A:84EA:90 0D BCC $84F9 ; LESS THAN 2 PRESSES? ; GREATER THAN OR EQUAL TO 2 PRESSES 0A:84EC:20 90 B1 JSR $B190 0A:84EF:A0 81 LDY #$81 0A:84F1:A2 85 LDX #$85 0A:84F3:20 C9 B1 JSR $B1C9 0A:84F6:4C 23 87 JMP $8723 ; EXIT ; LESS THAN 2 PRESSES 0A:84F9:20 90 B1 JSR $B190 0A:84FC:A0 22 LDY #$22 0A:84FE:A2 87 LDX #$87 0A:8500:20 C9 B1 JSR $B1C9 0A:8503:A9 01 LDA #$01 0A:8505:20 CB DA JSR $DACB 0A:8508:4C 51 85 JMP $8551 ; EXIT Step 3. Find the Com Pointer creation 1. Add a breakpoint of Address: 3E to 3F and Write with Condition: A == #FF (From the Pointer calculation of $05FF above). We'll change A to X then Y if the most common A isn't correct. 2. Reset the Trace Logger and hit Start in the window 3. Reload before the grapple until we reach our beginning breakpoint of 84C7 then label the obvious $832E:20 90 B1 JSR $B190 A:2D X:07 Y:03 S:39 P:nvUBdizC ; GET COM POINTER $B190:A0 1E LDY #$1E A:2D X:07 Y:03 S:37 P:nvUBdizC ; INDEX $B192:B1 AE LDA ($AE),Y @ $03BD = #$FF A:2D X:07 Y:1E S:37 P:nvUBdizC ; FROM MAN PLAYER Breakpoint 5 Hit at $B194: $003E-003F:EC-W-- Condition:A == #FF $B194:85 3E STA $003E = #$4A A:FF X:07 Y:1E S:37 P:NvUBdizC ; COM POINTER LO $B196:C8 INY A:FF X:07 Y:1E S:37 P:NvUBdizC ; NEXT INDEX $B197:B1 AE LDA ($AE),Y @ $03BE = #$05 A:FF X:07 Y:1F S:37 P:nvUBdizC ; FROM MAN PLAYER $B199:85 3F STA $003F = #$B2 A:05 X:07 Y:1F S:37 P:nvUBdizC ; COM POINTER HI $B19B:60 RTS (from $B190) ----------------- A:05 X:07 Y:1F S:37 P:nvUBdizC ; EXIT $8331:A0 01 LDY #$01 A:05 X:07 Y:1F S:39 P:nvUBdizC $8333:B1 AE LDA ($AE),Y @ $03A0 = #$60 A:05 X:07 Y:01 S:39 P:nvUBdizC $8335:29 40 AND #$40 A:60 X:07 Y:01 S:39 P:nvUBdizC $8337:F0 0C BEQ $8345 A:40 X:07 Y:01 S:39 P:nvUBdizC $8339:B1 3E LDA ($3E),Y @ $0600 = #$80 A:40 X:07 Y:01 S:39 P:nvUBdizC $833B:29 40 AND #$40 A:80 X:07 Y:01 S:39 P:NvUBdizC $833D:F0 03 BEQ $8342 A:00 X:07 Y:01 S:39 P:nvUBdiZC $8342:4C C7 84 JMP $84C7 A:00 X:07 Y:01 S:39 P:nvUBdiZC ; JUMP TO GRAPPLE ROUTINE Breakpoint 4 Hit at $84C7: $84C7:EC--X- Now he have the Pointer for the Man and Com players with their HP values -------------------- GOAL: Write the Improvement Code with the knowledge we acquired KNOW: $3B-$3D are Random Values START: Write it in notepad Step 1. Write the code out 0A:84C7:A0 1C LDY #$1C ; HP VALUE INDEX 0A:84C9:B1 AE LDA ($AE),Y @ $03BB ; MAN HP VALUE ($AE is MAN POINTER) 0A:84CB:38 SEC 0A:84CC:F1 3E SBC ($3E),Y @ $061B ; SUBTRACT COM HP VALUE ($3E is COM POINTER; $61B ADDRESS - #$1C INDEX = $05FF POINTER) 0A:84CE:90 04 BCC $84D4 ; MAN LESS THAN COM HP VALUE? ; MAN MORE THAN COM HP VALUE 0A:84D0:C9 20 CMP #$20 0A:84D2:B0 18 BCS $84EC ; MAN MORE THAN COM HP VALUE BY x20+ (THIS HEADS STRAIGHT TO WIN GRAPPLE) ; MAN LESS THAN COM HP VALUE 0A:84D4:20 36 B1 JSR $B136 0A:84D7:A9 01 LDA #$01 0A:84D9:20 CB DA JSR $DACB 0A:84DC:20 4C B1 JSR $B14C 0A:84DF:A9 40 LDA #$40 0A:84E1:20 CB DA JSR $DACB A0 1C LDY #$1C ; HP INDEX B1 AE LDA ($AE),Y ; LOAD MAN HP 4A LSR 4A LSR 4A LSR C8 INY ; PRESS INDEX 18 CLC 71 AE ADC ($AE),Y ; HP/8 + PRESS 91 AE STA ($AE),Y ; STORE IN MAN PRESS COUNTER 20 90 B1 JSR $B190 ; LOAD COM POINTER A0 1C LDY #$1C ; HP INDEX B1 3E LDA ($3E),Y ; LOAD COM HP 4A LSR 4A LSR 4A LSR C8 INY 91 3E STA ($3E),Y ; STORE HP/8 IN COM PRESS COUNTER A5 3D LDA $003D ; RANDOM NUMBER 29 0F AND #$0F ; MAKE RANDOM x0-F 18 CLC 71 3E ADC ($3E),Y ; HP/8 + RANDOM 91 3E STA ($3E),Y ; STORE IN COM PRESS COUNTER B1 AE LDA ($AE),Y ; LOAD MAN PRESS COUNTER D1 3E CMP ($3E),Y ; COMPARE WITH COM PRESS COUNTER 0A:84EA:90 0D BCC $84F9 ; LESS THAN COM? ; GREATER THAN OR EQUAL TO COM PRESSES 0A:84EC:20 90 B1 JSR $B190 0A:84EF:A0 81 LDY #$81 0A:84F1:A2 85 LDX #$85 0A:84F3:20 C9 B1 JSR $B1C9 0A:84F6:4C 23 87 JMP $8723 ; EXIT ; LESS THAN COM PRESSES 0A:84F9:20 90 B1 JSR $B190 0A:84FC:A0 22 LDY #$22 0A:84FE:A2 87 LDX #$87 0A:8500:20 C9 B1 JSR $B1C9 0A:8503:A9 01 LDA #$01 0A:8505:20 CB DA JSR $DACB 0A:8508:4C 51 85 JMP $8551 ; EXIT Step 2. Insert the Code 1. Open the Hex Editor 2. Using the debugger, Add a breakpoint with Address: 84E4 and Execute and Disable the other breakpoints 3. Reload and run until breakpoint 4. In the debugger, Seek To 9FFF and scroll up searching for empty space (not enough there) 5. In the debugger, Seek To BFFF and scroll up searching for empty space (we have room where these FFs are) *Its usually a good idea to leave the first FF unless you know its not used but in this case I'm starting at the start of a fresh line 6. Type in our code so it fits. At x284F4: 20 40 BF JSR $BF40 ; NEW MAN VS CPU GRAPPLING CODE At x2BF50: MAN VS CPU GRAPPLING: A0 1C LDY #$1C ; HP INDEX B1 AE LDA ($AE),Y ; LOAD MAN HP 4A LSR 4A LSR 4A LSR C8 INY ; PRESS INDEX 18 CLC 71 AE ADC ($AE),Y ; HP/8 + PRESS 91 AE STA ($AE),Y ; STORE IN MAN PRESS COUNTER 20 90 B1 JSR $B190 ; LOAD COM POINTER A0 1C LDY #$1C ; HP INDEX B1 3E LDA ($3E),Y ; LOAD COM HP 4A LSR 4A LSR 4A LSR C8 INY 91 3E STA ($3E),Y ; STORE HP/8 IN COM PRESS COUNTER A5 3D LDA $003D ; RANDOM NUMBER 29 0F AND #$0F ; MAKE RANDOM x0-F 18 CLC 71 3E ADC ($3E),Y ; HP/8 + RANDOM 91 3E STA ($3E),Y ; STORE IN COM PRESS COUNTER ; RETURN TO NORMAL B1 AE LDA ($AE),Y ; LOAD MAN PRESS COUNTER AS BEFORE 60 RTS At x284E5 ; RETURN HERE EA NOP D1 3E CMP ($3E),Y ; REPLACE CMP #$02 with COM PRESS COUNTER Step 3. Test the game to make sure everything works and the inserted code never gets swapped out when its needed -------------------- Repeat with a Man vs Man grapple to determine if the same code or new code but I'll leave that to you to work on your skills =)
  23. I thought about all the common topics/issues with the NES and created the list below with the | being related and/or advanced topics. The 6502 section is general assembly knowledge allowing people to read and write code. The NES Programming section is a how and why things are done (could create a game, low-level hacking is limited but might explain how things are stored, high-level hacking will understand reasoning and allow practical applications outside of code snippets) and likely contain code examples. The FCEUX Hacking section would describe how to use the various features in the emulator and likely contain simple examples (the problem here is sometimes things just aren't simple to find or change). Did I miss anything people want to know about? Is this overkill of what people want to know about? And more importantly are there more than 2-3 people even interested in this? 6502: NUMBER FORMATS REGISTERS ADDRESSING MODES PROCESSOR STATUS FLAGS OPCODES BASIC MATH | 16-BIT OPERATIONS, FIXED POINT NES PROGRAMMING: MEMORY MAPS PPU REGISTERS SKELETON ROM GAME LOOP | GAME STATES, MULTITASK PALETTE | FADE SPRITES | METASPRITES, ANIMATION, COLLISION DETECTION CONTROLLER BACKGROUND | METATILES, COMPRESSION SCROLL | CAMERA SPRITE 0 HIT MMC3 MEMORY MAPPER SOUND | DMC, SOUND ENGINE FCEUX HACKING: HEX EDITOR | CORRUPTION, FONT TABLES, CODE INSERTION PPU VIEWER NAME TABLE VIEWER CODE/DATA LOGGER | FILE COMPARE CHEAT SEARCH DEBUGGER | CONDITIONS TRACE LOGGER SAVE STATES
  24. Generally the sorting was being created before 20F995 but sometimes calculations get thrown off like the QB Rating. There likely is some type of workaround to such issues but I only really looked for what was needed earlier.
×
×
  • Create New...