• Welcome to Final Fantasy Hacktics. Please login or sign up.
 
March 28, 2024, 11:25:18 am

News:

Please use .png instead of .bmp when uploading unfinished sprites to the forum!


How to troubleshoot why this doesn't work on some emulators?

Started by Emmy, December 22, 2015, 03:05:55 pm

Emmy

Several people have told me there were issues with my mod on some emulators.  Is it due to any asm in particular and if so how to fix it?

These from Raven's Workbooks: http://pastebin.com/aXJJZ32M
Misc other ASM: http://pastebin.com/BjYKWTi1

Also the Game Progression workbook ones.  All ASM has been found somewhere on this site.
  • Modding version: PSX

Choto

Different emulators react differently to various "illegal procedures" in asm code. For example, when you load a value to a register, it usually doesn't appear there until 2 commands later for some emulators. If you tried to use the value 1 command after the load, it wouldnt be there yet and could cause problems. So if the asm hacks you used don't follow the safest procedures of how to code, they may fail on some emulators this way.

So really the only way to fix it is scan the asm hacks and see if you can find some of those illegal series of commands. Unfortunately people started writing hacks before we knew about those issues :/

Xifanie

You are using at least 5 faulty hacks with errors in them. I have a tool that reads xml data to auto-detect these issues, but it's not perfect, so that means there might be more.

<Patch name="Equip X and Gender Equips Edits">
<Location file="SCUS_942_21" offset="4CA7C">
ori r5,r0,0x0000
lbu r3,0x008F(r4)
nop
sllv r3,r3,r5
andi r2,r3,0x0080
beq r2,r0,0x8005C2B4
lui r3,0x8006
sll r2,r5,0x02
addu r3,r2,r3
lw r3,0xC2E8(r3)
lw r2,0x004A(r4)            //Invalid immediate value

nop
or r2,r2,r3
sw r2,0x004A(r4)            //Invalid immediate value

addiu r5,r5,0x0001
sltiu r3,r5,0x0008
bne r3,r0,0x8005C280
sltiu r2,r5,0x000A
beq r2,r0,0x8005C2E0
nop
lbu r3,0x0006(r4)
nop
sllv r3,r3,r5
j 0x0005C290
andi r2,r3,0x8000
jr r31
nop
sll r0,r25,0x00
unknown
mult r0,r0
and r0,r0,r0
sll r7,r0,0x00
sll r0,r0,0x04
srl r8,r0,0x10
lwc0 r4,0x0000(r0)
sll r0,r2,0x00
sll r0,r2,0x00
</Location>
</Patch>

<Patch name="Individual Weapon Crit Rate Edits">
<Location file="BATTLE_BIN" offset="F2150">
unknown
unknown
</Location>
<Location file="BATTLE_BIN" offset="11F500">
unknown
</Location>
<Location file="BATTLE_BIN" offset="F20DC">
lbu r5,0x38D8(r2)
lui r3,0x8016
addu r3,r3,r5
lw r2,0x2D94(r2)
lbu r5,0x9150(r3)
lbu r3,0x0003(r2)
nop
addi r3,r3,0xFFA2
bltz r3,0x80159110
nop
lui r5,0x8016
addu r5,r3,r5
lbu r5,0x91D0(r5)
lbu r3,0x005A(r2)
andi r3,r3,0x000F           //Cannot use r3 immediately after loading

beq r3,r0,0x8015912C
andi r3,r3,0x000E
beq r3,r0,0x8015912C
sll r5,r5,0x01
addu r5,r0,r0
lbu r2,0x001C(r2)
addi r3,r0,0x00F0
bne r2,r3,0x80159140
nop
sll r5,r5,0x01
jal 0x0018EED8
nop
j 0x0018650C
nop
</Location>
</Patch>


<Patch name="Weapon Formula Edits">
<Location file="BATTLE_BIN" offset="11EA9C">
lui r3,0x8019
lbu r2,0x38D8(r3)
addiu r29,r29,0xFFE0
sw r7,0x000C(r29)
lbu r7,0x38FA(r3)
sw r31,0x0018(r29)
sw r17,0x0014(r29)
sll r3,r2,0x01
addu r3,r3,r2
sll r3,r3,0x02
lui r1,0x8006
addu r1,r1,r3
lbu r2,0x2EBD(r1)
lui r1,0x8018
sll r2,r2,0x02
addu r1,r1,r2
lw r2,0x5C48(r1)
lui r1,0x8019
lw r3,0x2D94(r1)
sw r16,0x0010(r29)
lbu r6,0x0024(r3)
lbu r5,0x0038(r3)
lbu r4,0x0036(r3)
addu r5,r5,r7
lbu r3,0x0037(r3)
addu r4,r4,r7
mult r4,r6
addu r3,r3,r7
mflo r17
lui r16,0x028F
ori r16,r16,0x5C28
multu r17,r16
mfhi r17
bne r17,r0,0x80185B2C
lbu r16,0x3902(r1)
ori r17,r0,0x0001
jr r2
nop
sh r4,0x38CE(r1)
j 0x00185C14
sh r17,0x38D0(r1)
j 0x00185C2C
sh r3,0x38CE(r1)
j 0x00185C2C
sh r4,0x38CE(r1)
addu r16,r16,r7
sh r16,0x38CE(r1)
j 0x00185C2C
subu r16,r16,r7
j 0x00185C2C
sh r17,0x38CE(r1)
j 0x00185C24
addu r4,r4,r5
j 0x00185C24
addu r4,r4,r3
jal 0x0018EEA0
nop
mult r4,r2
mflo r2
bltz r2,0x80185B94
lui r1,0x8019
addiu r2,r2,0x7FFF
sra r2,r2,0x0F
addiu r2,r2,0x0001
subu r4,r4,r7
srl r4,r4,0x01
j 0x00185C28
addu r4,r4,r2
lw r4,0x2D94(r1)
nop
lbu r4,0x0030(r4)
j 0x00185B34
nop
lw r3,0x2D94(r1)
nop
</Location>
<Location file="BATTLE_BIN" offset="11ebc8">
lbu r4,0x0036(r3)
</Location>
<Location file="BATTLE_BIN" offset="11ebcc">
lbu r16,0x0036(r3)
j 0x00185C28
addu r4,r4,r7
lw r3,0x2D94(r1)
</Location>
<Location file="BATTLE_BIN" offset="11ebdc">
addiu r16,r0,0x0009
j 0x00185C28
</Location>
<Location file="BATTLE_BIN" offset="11ebe4">
lbu r16,0x0036(r3)
lw r3,0x2D94(r1)
</Location>
<Location file="BATTLE_BIN" offset="11ebec">
addiu r5,r0,0x0064
</Location>
<Location file="BATTLE_BIN" offset="11ebF0">
lbu r4,0x0026(r3)
</Location>
<Location file="BATTLE_BIN" offset="11ebF4">
lbu r6,0x0037(r3)
mult r4,r6                  //Cannot use r6 immediately after loading

mflo r4
addu r6,r6,r7
</Location>
<Location file="BATTLE_BIN" offset="11eC04">
lbu r16,0x3902(r1)
div r4,r5
j 0x00185C28
mflo r4
subu r4,r4,r7
j 0x00185C30
sh r4,0x38CE(r1)
nop
srl r4,r4,0x01
sh r4,0x38CE(r1)
sh r16,0x38D0(r1)
lw r7,0x000C(r29)
lw r31,0x0018(r29)
lw r17,0x0014(r29)
lw r16,0x0010(r29)
jr r31
addiu r29,r29,0x0020
</Location>
<Location file="BATTLE_BIN" offset="11EC48">
lb r24,0x5BC0(r0)
lb r24,0x5B48(r0)
lb r24,0x5B48(r0)
lb r24,0x5B48(r0)
lb r24,0x5B48(r0)
lb r24,0x5B48(r0)
lb r24,0x5B78(r0)
lb r24,0x5B70(r0)
lb r24,0x5B40(r0)
lb r24,0x5B78(r0)
lb r24,0x5B50(r0)
lb r24,0x5B50(r0)
lb r24,0x5B48(r0)
lb r24,0x5B70(r0)
lb r24,0x5B70(r0)
lb r24,0x5B48(r0)
lb r24,0x5B40(r0)
lb r24,0x5B78(r0)
lb r24,0x5B70(r0)
</Location>
<Location file="BATTLE_BIN" offset="11F1CC">
nop
</Location>
<Location file="BATTLE_BIN" offset="12475c">
nop
nop
</Location>
<Location file="BATTLE_BIN" offset="122414">
jal 0x00185E04
</Location>
</Patch>


<Patch name="Silent Walk becomes Flee">
<Description>Add xx move when unit is in critical</Description>
<Location file="BATTLE_BIN" offset="10D860">
j 0x001583B4
</Location>
<Location file="BATTLE_BIN" offset="F13B4">
lbu r2,0x0095(r17)
andi r2,r2,0x0002           //Cannot use r2 immediately after loading

beq r0,r2,0x801583D8
lbu r16,0x003A(r17)
lbu r2,0x005A(r17)
andi r2,r2,0x0001           //Cannot use r2 immediately after loading

beq r0,r2,0x801583D8
nop
addiu r16,r16,0x0004
j 0x00174868
nop
</Location>
</Patch>


<Patch name="Oil">
<Description>Oil = 2x fire damage</Description>
<Location file="BATTLE_BIN" offset="11F464">
j 0x001536DC
</Location>
<Location file="BATTLE_BIN" offset="EC6DC">
lw r3,0x2D98(r2)
lbu r3,0x005A(r3)           //Cannot use r3 immediately after loading

andi r4,r3,0x0080           //Cannot use r3 immediately after loading

bne r4,r0,0x801536F8
nop
j 0x0015371C
nop
lbu r4,0x38F7(r2)
andi r4,r4,0x0080           //Cannot use r4 immediately after loading

bne r4,r0,0x80153710
nop
j 0x0015371C
nop
lh r3,0x38CE(r2)
sll r3,r3,0x01              //Cannot use r3 immediately after loading

sh r3,0x38CE(r2)
lw r2,0x2D98(r2)
j 0x0018646C
nop
nop
nop
nop
nop
nop
nop
nop
nop
</Location>
</Patch>
  • Modding version: PSX
Love what you're seeing? https://supportus.ffhacktics.com/ 💜 it's really appreciated

Anything is possible as long as it is within the hardware's limits. (ie. disc space, RAM, Video RAM, processor, etc.)
<R999> My target market is not FFT mod players
<Raijinili> remember that? it was awful

Emmy

Thank you.  I guess something to figure out later if I ever figure out asm.
  • Modding version: PSX

Emmy

Posting this, both in case it helps someone else, and because a few questions came up.  This person's background isn't in FFT modding but other modding that requires asm knowledge.  (needed someone to explain extreme basics)

insaeno
OK, basically consider the CPU as a device that runs 'programs', which are a series of 'instructions'
Emmy
that much i know
insaeno
text representations for asm differ, but they usually follow the format of
insaeno
INSTR arg1, arg2, etc
Emmy
arg1?
insaeno
argument 1, argument 2
Emmy
?
insaeno
each instruction can have several arguments, refining the scope of the instruction
insaeno
like how sin is a mathematical function that takes one parameter?
Emmy
yeah
insaeno
so for example the ADD instruction takes three extra arguments/parameters
insaeno
oh, I should explain registers too
Emmy
registers, as in where theinfo is stored?
insaeno
Yep
Emmy
ok
insaeno
I guess you could imagine the CPU itself as a person sitting at a desk who has almost no memory, a list of instructions, and a few places on the desk to put sticky notes to store 'temporary information' so they don't have to leave the desk
insaeno
list of instructions =&gt; program
insaeno
sticky notes =&gt; registers
insaeno
a finite resource of temporary memory.
Emmy
=> = ?
Emmy
oh copy pasting it makes it a >
insaeno
"represents the"
insaeno
Oh wait what
Emmy
sorry the chat is fucked and that confused me
insaeno
how did you
insaeno
yeah, OK
insaeno
Since the CPU itself has no other memory, every operation has to use these sticky notes, and the table is only so big, so you can't have that many on the table at once.
insaeno
(the CPU has a finite number of registers, and operations have to utilise values stored in these registers)
insaeno
Bringing us back to assembly.
Emmy
ok
insaeno
The ADD instruction is not complete without three extra parameters
insaeno
ADD (name of the first register), (name of the second register), (name of the register in which to put the result)
Emmy
ok
insaeno
there are other operations which work with memory, which is referenced through an address
insaeno
do you understand how that works?
Emmy
uhh
Emmy
not sure what you mean
insaeno
ori r5,r0,0x0000
insaeno
that's the first instruction in your program
Emmy
ok
insaeno
That instruction is "OR Immediate"
insaeno
and its parameters are "destination register", "first OR argument (a register)", "second OR argument (an address in memory"
Emmy
ok
insaeno
Imagine in the CPU office, the CPU works best with values on the table (registers), but of course this isn't enough, and needs to be able to work with memory/RAM
insaeno
so think of the address as a reference code for a particular book on a bookshelf in said office
Emmy
ok
insaeno
"immediate" means "find this value in memory and use it"
Emmy
oh
insaeno
http://www.ece.umd.edu/~manoj/759M/MIPSALM.html
insaeno
I'm using this as my reference
Emmy
ah
Emmy
sorry i'm not very responsive
insaeno
Some more explanations for the jargon: "word" is basically "as much as you can fit onto a sticky note", and refers to the smallest size of information that the CPU can split things into
insaeno
You keeping up there?
Emmy
kinda
insaeno
OK then
insaeno
forging on
Emmy
ok now i think i know what you mean
Emmy
this bit confused me:
Emmy
insaeno
and its parameters are "destination register", "first OR argument (a register)", "second OR argument (an address in memory"
insaeno
ok, do you know the logical operations?
insaeno
and, or, not, xor, and their combinations?
Emmy
yeah
insaeno
you might have come across these when working with flags.
insaeno
So you need two pieces of information to meaningfully do an OR operation
insaeno
"""or Rdest, Rsrc1, Src2: OR
ori Rdest, Rsrc1, Src2: OR Immediate

Put the logic OR of the integers from register Rsrc1 and Src2 (or Imm) into register Rdest. """
insaeno
the 'or' instruction uses two registers as the inputs
insaeno
so it'd look like
insaeno
or r1, r5, r2
insaeno
the 'ori' instruction uses one register and one word from memory as input
Emmy
ok
insaeno
so now we have enough information to decode some of these errors
Emmy
yeah
insaeno
"cannot use r* immediately after loading" is because some emulators are, well, for lack of a better word, not good, and they can't see the updated value of a register (from a load instruction, such as lbu) until two instructions later
insaeno
so you need to pad it out with another instruction
Emmy
yeah
insaeno
the site I listed doesn't have it, but 'nop' is usually an instruction. nop = No Operation = do nothing
Emmy
wouldn't another instruction change what it does though?
insaeno
the CPU reads the instructions sequentially
Emmy
also not sure if it can be padded
Emmy
but i'll ask
insaeno
If you don't know if you can pad it, what you can almost certainly do is to move some of the NOPs at the end to pad it out
insaeno
actually no, that's dangerous lol
Emmy

insaeno
uhhhh
insaeno
yeah... move the NOPs from the end backwards so that you get the same code size
insaeno
it seems that the code uses absolute jumps so you really can't afford to change the size of each code block
insaeno
j 0x0018650C
insaeno
^ that instruction means "Continue reading more instructions from (jump to) the address at 0xblah"
insaeno
You change the size of the code block, and you risk throwing these kinds of instructions out of alignment, thereby causing subtle (or maybe not-so-subtle) glitches
Emmy
how do i get something that looks like the code that i pasted in that topic (on pastebin) to the slightly more readable code like what xifanie posted?
insaeno
Ah, you need a disassembler
insaeno
ask Xilfanie about it, I'd say
Emmy
ok
insaeno
(what you've posted looks like machine code, pure bytes. Xilfanie's output is in [somewhat] human-readable "assembly code")
insaeno
As for the other errors
insaeno
w r2,0x004A(r4) //Invalid immediate value
Emmy
yeah, the program i know changes hex directly
insaeno
yikes
insaeno
so that's what you've been hex editing the entire time
insaeno
I hope you keep track of your patches in a clean way
Emmy
uhhh
Emmy
not sure if what you got is what i meant to say
insaeno
dw
insaeno
I'll trust you, you're the modder
insaeno
about "w r2,0x004A(r4) //Invalid immediate value"
Emmy
but it doesn't patch "assembly code" but hexes
insaeno
Oh, yeah, I getcha
Emmy
and i know to keep everything separate in case i need to change things
Emmy
if that's what you're worried about
insaeno
that operation is "write the memory in r2 to r4+0x4A"
insaeno
I don't imagine you'd have survived a year otherwise
Emmy
probably not
insaeno
But you see some terrifying things happen in computing
Emmy
(that was one of the first warnings i received - make multiple copies of everything in case you fuck up)
insaeno
I'm not sure _why_ the value is invalid, it might be an execution thing, or something else
Emmy
yeah no context there
insaeno
I mean, is 0x004A not a good place to store memory? Does the CPU not support offsets too low?
Emmy
hmm, maybe move onto one of the ones that doesn't have that error?
insaeno
That sounds pretty dangerous to me
Emmy
every other one of the hacks just has that "cannot use x immediately after loading"
insaeno
by changing the address, you change the meaning of the instruction
insaeno
oh, yeah
insaeno
so the solution there is to pad out the instruction with a nop before using it
Emmy
which from what you're saying sounds like it can be padded
insaeno
so lw stuff...
insaeno
nop
insaeno
do stuff with that info
insaeno
you have nops at the end of the code blocks which you can probably use to pad it out
Emmy
and that first one sounds like i probably have to just delete and make due without
insaeno
I'd ask what makes the thing invalid
insaeno
(and why it still works on epsxe)
Emmy
yeah...
insaeno
I assume that the nop lines at the end of each block are there for spacing / alignment
insaeno
shuffling them into the other code probably won't change the alignment of the other code.
Emmy
again, not 100% sure
insaeno
Yep, not 100% sure. There's probably a tool that can help you make these changes without worrying about stuffing something else up
Emmy
would you mind if i c/p this to see if i can get to the bottom of this?
insaeno
because working with asms is really fragile..
insaeno
Eh, I guess it's not sensitive
insaeno
Go for it
Emmy
ok cool


Anyway:

1.  how do i get something that looks like the code that i pasted in that topic (on pastebin) to the slightly more readable code like what xifanie posted?

2.  Can instructions be "padded out" or do the code blocks need to be of specific length?

3.  What is the context of "invalid immediate value" error? 
  • Modding version: PSX

Choto

just out of curiousity, who's that dude insaeno? they had some good analogies.

1. OK so... instructions (like the ones that appear in what Xifanie posted) are encoded into Hex numbers. so something like

addiu r2, r3, 0x0010

gets encoded into

10006224

the game reads those numbers and reacts accordingly, while humans generally like to see the other format.  Except SecondAdvent cause he's a RobotASMGuruGenius. Patch xmls for use in FFTOrgASM generally use the hex numbers. Glain wrote a program called MassHexASM which converts to and from either format. It can be found here: http://ffhacktics.com/smf/index.php?topic=7130.0

2. Instructions unfortunately cannot be padded out. The instructions are stored in memory and some instructions jump to specific addresses in memory. If everything gets moved down then all the jumps are off. However, there are ways of fixing load delays in a somewhat convenient way. Basically you can jump to free space, pad whatever you want or write whatever code you want, then jump back to the original routine, all of which does not affect the overall length of the original routine.

3. If I'm correct, I believe that when you load a value, you can only load from addresses which have a multiple of 4 for some emulators. so

lw r2, 0x0004 (r2)

would work while

lw r2, 0x0006 (r2)

would not. Keep in mind that it's a hexadecimal number system so the immediate would have to end in 0x0000, 0x0004, 0x0008, or 0x000C.

If you haven't already, I'd suggest looking at the tutorials that various users have posted on the forums. They all cover different stuff and the more collective knowledge you have, the more things start to make sense.http://ffhacktics.com/smf/index.php?topic=9204.0

this may also be useful: http://ffhacktics.com/smf/index.php?topic=9608.0

Emmy

To answer your question, insaeno is someone from another website who helped with Project M.  Different game so obviously different code/probably a different language altogether, but with no tools available you kinda need to know your stuff to be helpful there.

Progress!  Managed to rewrite Critical Hit hack successfully.  Oil seems to be faulty so trying different Oil hack (as far as I can tell no issue, but could be wrong).  **Edit** Not sure wtf is up with flee now.  It seems to be interpreting characters that don't have Flee as having +4 move always.

Hacks placed here for future reference:


<Patch name="Individual Weapon Crit Rate Edits">
<Location file="BATTLE_BIN" offset="F2150">
04040404040404040404040404040404040404040404040404040404040404040404040404040808080808080808080804040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404
040404040404040404040404040404040404041616163232320404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040804040404040404040404040404
</Location>
<Location file="BATTLE_BIN" offset="11F500">
64000434376405081980023C
</Location>
<Location file="BATTLE_BIN" offset="F20D8">
d8384590
1680033c
21186500
942d428c
50916590
03004390
00000000
a2ff6320
04006004
00000000
1680053c
21286500
d091a590
5a004390
00000000
0f006330
04006010
0e006330
02006010
40280500
21280000
1C004290
F0000320
02004314
00000000
40280500
b63b060c
00000000
43190608
00000000
</Location>
</Patch>


  <Patch name="Silent Walk becomes Flee FIXED">
    <Description>Add 4 move when unit is in critical. FIXED</Description>
    <Location file="BATTLE_BIN" offset="10D860">
      ED600508
    </Location>
    <Location file="BATTLE_BIN" offset="F13B4">
      95002292
      00000000
      02004230
      06000210
      3A003092
      5A002292
      00000000
      01004230
      02000210
      00000000
      04001026
      1AD20508
      00000000
    </Location>
  </Patch>


  <Patch name="Oil ">
    <Description>Oil = 2x fire, overrides absorb/half/null</Description>
    <Location file="BATTLE_BIN" offset="11DE98">
      1980023C
      982D428C
      E8FFBD27
      5A004590
      1000BFAF
      8000A130
      6D004590
      02002010
      9C014194
      7F00A530
      24188500
      02006010
      00042334
      9C0143A4
      5A004190
      6E004590
      80002130
      02002010
      00000000
      7F00A530
      24188500
      05006010
      00000000
      9013060C
      00000000
      D6130608
      00000000
      6F004590
      02002010
      90014194
      0300A530
      24188500
      02006010
      43080100
      900141A4
      5A004190
      70004590
      80002130
      02002010
      90014194
      8000A534
      24188500
      05006010
      40080100
      9C014394
      900141A4
      00086334
      9C0143A4
      1000BF8F
      1800BD27
      0800E003
      00000000
    </Location>
  </Patch>



Not sure how to fix the Weapon XA rewrite though.  Offending code is in the middle of something that looks important, so can't be lengthened. :p
  • Modding version: PSX

Emmy

Potentially helpful information:

Emmy   anyone good with asm + bored right now?
23:52   rodil   I'm bad!
23:53   Emmy   http://ffhacktics.com/smf/index.php?topic=11191.0
23:53   slavebot   >>> How to troubleshoot why this doesn't work on some emulators?
23:53   Emmy   read the last post here, having trouble figuring out wtf i did wrong
23:56      *** Chimp-M quit (Ping timeout: 183 seconds)
23:58   rodil   what emulator did you write for and what emulator(s) is it not working on?
23:59   Emmy   the old version works on espxe, and to my knowledge only that
23:59   Emmy   xif had said i had 5 faulty hacks
00:00   Raijinili   did you understand what xif's errors meant?
00:01   rodil   did you make sure you don't have any conflicts as described in http://ffhacktics.com/smf/index.php?topic=7346.0
00:01   slavebot   >>> Coding Standards Sticky
00:01   Emmy   for the ones that "can't use x immediately after loading" i needed a command after
00:02   Raijinili   do you know what a pipeline is? and a delay slot?
00:02   Emmy   that particular sticky describes why the code didn't work
00:02   Raijinili   basically a load instruction takes two cycles to get the value into the thing
00:02   Raijinili   and you tried to use it in only one cycle
00:03   Raijinili   instead of just sticking in a nop, you can try to reorder your code so that it alternates working with r2 and a different register
00:03   Emmy   hmm...
00:03   Emmy   how do you do that?
00:04   Raijinili   lbu r2,0x0095(r17)
00:04   Raijinili       andi r2,r2,0x0002           //Cannot use r2 immediately after loading
00:04   Raijinili       beq r0,r2,0x801583D8
00:04   Raijinili       lbu r16,0x003A(r17)
00:04   Raijinili   you can move the lbu up two slots
00:04   Raijinili   i mean the last lbu
00:04   Raijinili   lbu r2,0x0095(r17)
00:04   Raijinili       lbu r16,0x003A(r17)    andi r2,r2,0x0002           //Cannot use r2 immediately after loading
00:04   Raijinili       beq r0,r2,0x801583D8
00:05   Raijinili   dammit
00:05   Raijinili   like so:
00:05   Raijinili       lbu r2,0x0095(r17)
00:05   Raijinili       lbu r16,0x003A(r17)
00:05   Raijinili       andi r2,r2,0x0002           //Cannot use r2 immediately after loading
00:05   Raijinili       beq r0,r2,0x801583D8
00:05   Raijinili   this way you never read from r2 right after you load into it
00:05   rodil   yeah, the coding standards sticky has more examples of this
00:05   Emmy   ok
00:05   Emmy   yeah sorry (very new at this)
00:06   Raijinili   ideally someone would just write a compiler to fix this kind of error
00:06   Raijinili   compile from a restricted set of Python or something
00:06   rodil   me too, I've just done more reading than actual coding so I've read about more problems than I've actually had yet.
00:07   Raijinili   the following instructions have delay slots: loads, saves, branches, and jumps. possibly system calls and other esoteric things
00:07   Raijinili   think of it as, "the effect of this instruction won't happen until an extra cycle later"
00:08   Raijinili   so a branch won't actually happen until the instruction after it is run
00:08   Raijinili   did you understand the problem with `lw r2,0x004A(r4)`?
00:10   Emmy   cannot use r2 immediately after loading
00:10   Raijinili   oh yeah mult and div also have delays
00:10   Raijinili   no the problem with that is something called alignment
00:11   Raijinili   you can't load a word (4 bytes) from an address that isn't a multiple of 4
00:11   Emmy   oh that hack
00:11   Raijinili   you can't load a half (2 bytes) from an address that isn't a multiple of 2
00:11   Emmy   i'm looking at flee right now
00:12   Emmy   because what happened when i tried to fix it, it interpreted the code as everything not having that ability always having +4 move
00:12   Emmy   and i can't figure out why
00:12   Raijinili   i can't read it
00:13   Emmy   ot
00:13   Emmy   it's in my last post
00:13   Emmy   behind the spoiler
00:13   Emmy   incoming wall:
00:13   Emmy     <Patch name="Silent Walk becomes Flee FIXED">     <Description>Add 4 move when unit is in critical. FIXED</Description>     <Location file="BATTLE_BIN" offset="10D860">       ED600508     </Location>     <Location file="BATTLE_BIN" offset="F13B4">       95002292       00000000       02004230       06000210       3A003092       5A002292       00000000       
00:14   Emmy   i tried fixing by adding the nop
00:14   Raijinili   no i can't read hex
00:14   Emmy   oh
00:14   Emmy   
00:14   Raijinili   i haven't made a decoder yet
00:15   Emmy   i just use this: http://ffhacktics.com/smf/index.php?topic=7130.0
00:15   Raijinili   i would try to make it now but
00:15   slavebot   >>> (App) MassHexASM: Encode directly to little endian (v12 Update: 7/4)
00:15   Raijinili   i have been sitting at home for so long that my butt hurts
00:15   Raijinili   i am kneeling in the chair right now
00:16   Raijinili   eh can't you do it for me and pastebin it?
00:16   Emmy   ok hold on
00:17   Emmy   http://pastebin.com/q2AFcpjS
00:17   slavebot   >>> ??? - Pastebin.com
00:19   Raijinili   what's the issue?
00:19   Emmy   it interprets everything that doesn't have the ability as having +4 move always
00:21   Raijinili   ugh this is littleendian
00:21   Raijinili   what is 0x0095(r17)?
00:22   Emmy   no clue
00:22   Emmy   oh i think because it's tied to silent walk
00:23   Emmy   http://ffhacktics.com/smf/index.php?topic=5658.msg131514#msg131514
00:23   slavebot   >>> FFMaster's small ASM hacks{Another Oil hack made}
00:23   Emmy   this is where it's originally from
00:27   Raijinili   translation of the asm http://pastebin.com/5RqPLHk3
00:27   slavebot   >>> [C] ubyte r2 = ub[r17 + 0095] & 0002 #1th bit  r16 = ub[r17 + 3a]  if (r2 != 0) {    - Pastebin.com
00:27   Emmy   sorry i have no idea what that means
00:27   Raijinili   what programming langauges to do youknow
00:28   Emmy   none (as i said, very new to this)
00:29   Emmy   as in, just started to figure out what i can by reading/asking around a week ago... <_<
00:30   Raijinili   i think i see the issue
00:30   Raijinili   branches are relative
00:31   Raijinili   that means that their "immediate" argument says, "how many instructions away from this instruction should i go"
00:31   Emmy   oh
00:31   Raijinili   you added some nops between the branch and the target
00:31   Raijinili   increasing the distance
00:31   Emmy   would reordering the first one like you mentioned work here?
00:32   Raijinili   reordering has to not move something trhough a branch target
00:32   Raijinili   this is the branch: 06000210
00:33   Emmy   hmm, is there a way to increase it to include the nop?
00:33   Raijinili   the first two bytes, 06 and 00, make the number 0006
00:33   Raijinili   that means, "on truth, jump six instructions down"
00:33   Raijinili   you just figure out where that USED to be
00:33   Raijinili   and count the distance to where it becomes
00:34   Raijinili   ytf do you people use the wrong endianness for your tools
00:34   Raijinili   ot
00:35   Raijinili   it's 06 00 02 10 or 10020006
00:35   Raijinili   who the hell decided to write 06000210
00:35      *** Ram joined #ffh
00:36   Raijinili   THINGS THAT SHOULD BE NEXT TO EACH OTHER ARE NOT NEXT TO EACH OTHER
00:37   Raijinili   in this case you use r2 so many times in a row you have to stick in nops somewhere
00:38   Emmy   ok, so it looks like it's 7 instructions down instead of 6
00:38   Raijinili   once you fix FFM's code ask xif to review it and edit it in for posterity
00:38   Emmy   does that mean i change that line to say 07 instead of 06 to start?
00:39   Raijinili   i also count 7 and yes
00:39   Emmy   ok
00:39   Raijinili   there's a second branch but there aren't any additional instructions inserted so it will be fine
00:40      *** Ram quit (Ping timeout: 181 seconds)
00:40   Emmy   now to test if it works properly
00:41   Raijinili   running and testing: the worst part of programming
00:41   Emmy   it isn't understanding all this stuff?
00:42   Raijinili   hey you chose to work in assembly
00:43   rodil   Rai, thanks for teaching how branching actually works in the code instead of how it reads in the debugger, I learned something!
00:43   Raijinili   that just means that it should've been written down somewhere in the wiki with links to that place
00:44   Raijinili   i blame myself personally
00:44   Raijinili   why do we have so many newbie asm hackers now
00:44   Emmy   yay works perfectly now
00:45   Emmy   well for me it's because my mod had issues with using old hacks
00:45   rodil   personal answer: because it's fun to puzzle out.
00:45   Raijinili   don't blame me, blame yourself or mod
00:45   Emmy   more or less
00:45      Raijinili saw the chance, and ATE IT!
00:46   Emmy   but also i want to hopefully figure more stuff out
00:46   rodil   I've successfully made 3 hacks so far, it's been a lot of fun
00:46   Emmy   there's a lot of stuff i want but i feel bad always asking for stuff
00:47   Raijinili   someone write down all we discussed today in an organized way
00:47   Raijinili   that can be your payment
00:48   Raijinili   also ask xif if she would edit ffm's post with a corrected version of the hack so it won't happen again


New Flee hack:

  <Patch name="Silent Walk becomes Flee - FIXED for branching/load issue">
    <Description>Add 4 move when unit is in critical. FIXED thanks to Raijinili!!</Description>
    <Location file="BATTLE_BIN" offset="10D860">
      ED600508
    </Location>
    <Location file="BATTLE_BIN" offset="F13B4">
      95002292
      00000000
      02004230
      07000210
      3A003092
      5A002292
      00000000
      01004230
      02000210
      00000000
      04001026
      1AD20508
      00000000
    </Location>
  </Patch>
  • Modding version: PSX

Emmy

Final hack (Weapon Formulas edit) fixed, as long as there's nothing wrong with this code:

<Patch name="Weapon Formula Edits">
<Location file="BATTLE_BIN" offset="11EA9C">
1980033C
D8386290
E0FFBD27
0C00A7AF
FA386790
1800BFAF
1400B1AF
40180200
21186200
80180300
0680013C
21082300
BD2E2290
1880013C
80100200
21082200
485C228C
1980013C
942D238C
1000B0AF
24006690
38006590
36006490
2128A700
37006390
21208700
18008600
21186700
12880000
8F02103C
285C1036
19003002
10880000
02002016
02393090
01001134
08004000
00000000
CE3824A4
05170608
D03831A4
0B170608
CE3823A4
0B170608
CE3824A4
21800702
CE3830A4
0B170608
23800702
0B170608
CE3831A4
09170608
21208500
09170608
21208300
A83B060C
00000000
18008200
12100000
02004104
1980013C
FF7F4224
C3130200
01004224
23208700
42200400
0A170608
21208200
942D248C
00000000
30008490
CD160608
00000000
942D238C
00000000
</Location>
    <Location file="BATTLE_BIN" offset="11ebc8">
36006490
</Location>
    <Location file="BATTLE_BIN" offset="11ebcc">
36007090
0A170608
21208700
942D238C
</Location>
    <Location file="BATTLE_BIN" offset="11ebdc">
09001024
0A170608
</Location>
    <Location file="BATTLE_BIN" offset="11ebe4">
36007090
942D238C
</Location>
    <Location file="BATTLE_BIN" offset="11ebec">
64000524
</Location>
    <Location file="BATTLE_BIN" offset="11ebF0">
26006490
</Location>
    <Location file="BATTLE_BIN" offset="11ebF4">
70540208
00000000
12200000
2130C700
</Location>
    <Location file="BATTLE_BIN" offset="11eC04">
02393090
1A008500
0A170608
12200000
23208700
0C170608
CE3824A4
00000000
42200400
CE3824A4
D03830A4
0C00A78F
1800BF8F
1400B18F
1000B08F
0800E003
2000BD27
    </Location>
    <Location file="BATTLE_BIN" offset="11EC48">
C05B1880
485B1880
485B1880
485B1880
485B1880
485B1880
785B1880
705B1880
405B1880
785B1880
505B1880
505B1880
485B1880
705B1880
705B1880
485B1880
405B1880
785B1880
705B1880
    </Location>
<Location file="BATTLE_BIN" offset="11F1CC">
00000000
    </Location>
<Location file="BATTLE_BIN" offset="12475c">
00000000
00000000
    </Location>
<Location file="BATTLE_BIN" offset="122414">
8117060C
    </Location>
<Location file="BATTLE_BIN" offset="02e1c0">
37006690
00000000
18008600
FD160608
00000000
</Location>
   </Patch>


Since everything has been either fixed or removed, topic solved. :)
  • Modding version: PSX

Choto

you have some problems with your hack. The location you're jumping to in the weapon formula thing is 0x951c0... that's not in free space. Free space starts at like 0xE92ac and goes to somewhere around 0xf7000. So your hack should be jumping in there somewhere. Other places that have 00's may (and probably are) used by the game for dynamically loaded stuff.

Also, you're jumping back to 0x185bf4. Which is where you jumped from. which means you will endlessly jump back and forth and effectively freeze the game. you gotta jump back to 2 locations after the original jump - 0x185bfc

Emmy

Thanks. :)

<Patch name="Weapon Formula Edits">
<Location file="BATTLE_BIN" offset="11EA9C">
1980033C
D8386290
E0FFBD27
0C00A7AF
FA386790
1800BFAF
1400B1AF
40180200
21186200
80180300
0680013C
21082300
BD2E2290
1880013C
80100200
21082200
485C228C
1980013C
942D238C
1000B0AF
24006690
38006590
36006490
2128A700
37006390
21208700
18008600
21186700
12880000
8F02103C
285C1036
19003002
10880000
02002016
02393090
01001134
08004000
00000000
CE3824A4
05170608
D03831A4
0B170608
CE3823A4
0B170608
CE3824A4
21800702
CE3830A4
0B170608
23800702
0B170608
CE3831A4
09170608
21208500
09170608
21208300
A83B060C
00000000
18008200
12100000
02004104
1980013C
FF7F4224
C3130200
01004224
23208700
42200400
0A170608
21208200
942D248C
00000000
30008490
CD160608
00000000
942D238C
00000000
</Location>
    <Location file="BATTLE_BIN" offset="11ebc8">
36006490
</Location>
    <Location file="BATTLE_BIN" offset="11ebcc">
36007090
0A170608
21208700
942D238C
</Location>
    <Location file="BATTLE_BIN" offset="11ebdc">
09001024
0A170608
</Location>
    <Location file="BATTLE_BIN" offset="11ebe4">
36007090
942D238C
</Location>
    <Location file="BATTLE_BIN" offset="11ebec">
64000524
</Location>
    <Location file="BATTLE_BIN" offset="11ebF0">
26006490
</Location>
    <Location file="BATTLE_BIN" offset="11ebF4">
0C420508
00000000
12200000
2130C700
</Location>
    <Location file="BATTLE_BIN" offset="11eC04">
02393090
1A008500
0A170608
12200000
23208700
0C170608
CE3824A4
00000000
42200400
CE3824A4
D03830A4
0C00A78F
1800BF8F
1400B18F
1000B08F
0800E003
2000BD27
    </Location>
    <Location file="BATTLE_BIN" offset="11EC48">
C05B1880
485B1880
485B1880
485B1880
485B1880
485B1880
785B1880
705B1880
405B1880
785B1880
505B1880
505B1880
485B1880
705B1880
705B1880
485B1880
405B1880
785B1880
705B1880
    </Location>
<Location file="BATTLE_BIN" offset="11F1CC">
00000000
    </Location>
<Location file="BATTLE_BIN" offset="12475c">
00000000
00000000
    </Location>
<Location file="BATTLE_BIN" offset="122414">
8117060C
    </Location>
<Location file="BATTLE_BIN" offset="0e9830">
37006690
00000000
18008600
FF160608
00000000
</Location>
   </Patch>


What exactly are those large chunks of 00's that exist in a few odd spaces?  For example, the one that's between 0x2f200 - 0x7fabc? Is the chunk from 0xe8334 onwards the only safe one to use?
  • Modding version: PSX

Choto

Well... hex numbers can represent a whole crapload of things. It could be assembly code. It could be visual graphics. It could be sound effect information. It could be music. It could be straight up data. So honestly, who knows what it could be.

different files on the ISO are loaded into different places in RAM. So even though it may be 00's right now, the game may load some data in their later, erasing your hack.

The only reason what we call free space is safe, is because we know that it was just filled with japanese characters that were never used in the US version, and nothing is ever loaded there.