Register - Login
Views: 87449963
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies
11-24-17 03:35:11 AM

Jul - SM64 Hacking - Behaviour Scripts New poll - New thread - New reply
Pages: 1 2 3 4 5Next newer thread | Next older thread
Stevoisiak
Member
Level: 36


Posts: 75/283
EXP: 287794
For next: 20316

Since: 11-22-07
From: New York, Long Island

Since last post: 7.0 years
Last activity: 1.0 years

Posted on 05-13-08 05:04:08 PM Link | Quote
Originally posted by Fuzzyfreak
Originally posted by yoshiman
Modifing or adding new behaviours could only be done by those who know ASM so that would not be a good idea to integrate into TT64. Certainly choosing which 0x0c calls are used would allow for the custom behaviours using the existing coding.

Well I was thinking about some simpler things like adding new contents for the ! box. But yeah, why not learn ASM? I understand it's harder than SMW ASM, but it's definitely possible. And none of us are complete morons, are we?

1. Why not intrigrate ASM editing into Toad's Tool?
2. I've been trying to learn ASM for a while, but don't know where to start.
3. With all these complex features and things, a developers version of TT could be made. One that will add to the pollygon data if necesary, sacrifise user-friendliness for new features, an ability to desplay coding on behavior scripts, ect.
4. Watch what you say, there are some noobs who might be.
messiaen
Catgirl
Level: 64


Posts: 84/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-13-08 06:17:56 PM (last edited by messiaen at 05-13-08 08:56 PM) Link | Quote
Uhh, getting back to behaviors, the index "43" is very intriguing (just to remember, 0x88 + index[hex] x 4 = RAM offset).

It is surely related to drawing/disappear distance, and when set on maximum value (I'm guessing it is a float), objects will be viewed all the time. This is one example:

0E 43 7B FF

However, I absolutely don't get why it has effects also on collision. For my custom platforms behavior, which are basically a call to 803839CC and a 0x2A collision pointer, if I don't set this the Goomba's won't be able to walk on it. Also, for my Mushroom Platform, the collision actually doesn't work without it. And what is more surprising is that it won't give the drawing/disappear effect UNLESS I remove a 0x0D command whose use is yet unkown from the Mushroom Platform Geo Layout. Now that is a very random discovery, but it shows how much related things are.
yoshiman
Member
Level: 22


Posts: 59/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 05-13-08 08:08:01 PM Link | Quote
Thanks for reminding me that the extended ROM doesn't work in Nemu, that's gonna cause problems until a better version of Project64 is released that has hacking features.

The draw distance you talk of should affect collision since objects aren't updated until they are in view, though there might be exceptions.

James S.
messiaen
Catgirl
Level: 64


Posts: 85/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-14-08 10:23:55 AM (last edited by messiaen at 05-14-08 02:39 PM) Link | Quote
Thanks James, your point is absolutely relevant to this issue. So, I have a lot of tests to do concerning the interaction between geo layouts/distance settings/0x1E behavior command/collision.

For sure, I know now that if I want the solidity to work with ground moving enemies I have to make sure that the object is drawn all the time, using maximum (4BFF float) distance settings.

I'll try to find another emulator/plugin for RAM viewing which works with the extended ROM. Something I want to check is ROM Banks loaded with the 0x17 "load uncompressed data" command. If the ID of the ROM Bank determines a fixed place to begin storing data in the RAM, then loading custom assembly could be easy (especially in Flatworld), and executing it would be done by a behavior.


--

One small discovery: it seems that the "10 05 00 00" variable needs to be set for the 0x23 collision sphere to work. Remove that value from Mario and you won't be affected by enemies, won't grab coins, etc. Most objects which rely on this kind of collision use this.

Also, the behavior bank and probably other shared banks are just loaded once from the ROM. When you enter a level, the bank is read from the RAM, so if you change it in the Castle Grounds using NEMU or Gameshark, the changes will take effect when you die/change level. So, it is way easier to test behaviors parameters using a RAM viewer instead of ROM hacking.

In my Super Mario (U).z64 non-extended ROM, the behavior bank is loaded at 00EB180 in RAM.
yoshiman
Member
Level: 22


Posts: 61/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 05-17-08 07:39:30 PM Link | Quote
Sorry I got distracted but it was worth it, as can be seen in my latest video on YouTube (yoshielectron as I'm known there) I've found the variable that globally sets how many yellow coins a Goomba gives out after it's defeated. I found that thanks to my RAM hacking and converted it to a code and patched the NTSC expanded ROM also.

I was looking at the Goomba behaviour script to see if there was an instruction that wrote to variable offset 0x198 in a Goomba's object structure which determines the pay out. Nothing so I then had a loot at the 0x0C call from the behaviour script to the initialization ASM and found the instruction that loads the value from the RAM.

If you want to patch the ROM so that all Goombas pay out jackpots then go to address 0xED8C7 in your hex editor and alter the 0x01 to how many coins you want the Goombas to give. However, I had to use a program to fix the checksum since Project64 got stuck in a loop after changing the value.

Be warned, too high values will crash the game and be sure to collect all the coins or most of them before defeating the next Goomba.

James S.
messiaen
Catgirl
Level: 64


Posts: 93/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-17-08 09:57:53 PM Link | Quote
Great! So you changed the ASM code of the Goomba 0x0C calls? If so, what is the address of this particular JAL call? This may open an interesting possibility. If you NOP that from the code, and add instead a behavior variable that writes to offset 0x198
(this would be index 44, as 198 - 88 / 4 = 44), this could make it more flexible, so you could set the number of coins by a behaviour code. This is where the 0x04 behavior jump comes very handy, because you can make a very small behaviour which sets the variable and them jumps to the regular code. This is used in the Whomp King behavior.

Also, did you tried altering the behaviour bank loaded on ROM at 0xEB180 in RAM? This is interesting because it is possible to translate any behaviour ROM hack into a Gameshark code. This affects all levels/objects, not just the specific RAM object you are altering.

Besides, you may want this use trick for interesting videos: you can make most moving objects go at double speed if you run the 0x0C call inside the 0x08 loop two times. It is logical, since the instructions are doubled.

I really think you should start a ASM thread, it would be very instuctive if you could share a bit of what you already know.
yoshiman
Member
Level: 22


Posts: 63/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 05-17-08 10:25:34 PM Link | Quote
I'll put in more detail when I can but to make clear, in the Goomba's behaviour script their is a 0x0c call to ASM used for initialization. It is that coding that loads a value from the RAM and copies it to offset 0x198 the number of coins a Goomba gives out.

I will do an ASM thread but it's annoying because of the differences between PAL and NTSC. However, it would probably be best to gives NTSC examples especially as it's the NTSC expanded ROM that we use.

James S.
messiaen
Catgirl
Level: 64


Posts: 94/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-18-08 12:24:34 AM Link | Quote
I don't know the differences between PAL and NTSC version, but even though the adresses are different, the code is the same, no? To begin with, I think that you could even use the non-extended ROM, because of its compatibilty with Nemu. Importing the code later to the extended version shouldn't be a problem.

Anyway, now that you talked about "initialization":

(From Goomba behavior)
21E558/004758 0C 00 00 00 80 2F F4 08
21E560/004760 08 00 00 00
21E564/004764 0C 00 00 00 80 2F F9 6C
21E56C/00476C 09 00 00 00

The 802FF408 must be the one you talk about, right? I guess this is run once, when you load the level, while 802FF96C is the one that controls movements/collision detection.

On the coin subject, take a look at the Small Whomp behavior:

21BDF0/001FF0 10 44 00 05

Since 0x198 (number of coins) = index 44, that should be it, however I changed the last byte to another value but still got 5 coins when I killed it. Bowser has "10 44 00 32". There are a lot of enemies who use this index, so if anyone could experiment that, it could be helpful.
machead253
iFruit
Level: 17


Posts: 9/50
EXP: 20850
For next: 3893

Since: 05-17-08
From: U.S.A

Since last post: 9.0 years
Last activity: 8.0 years

Posted on 05-18-08 08:42:30 AM (last edited by machead253 at 05-18-08 08:43 AM) Link | Quote
Just wondering but could you give a toad behavior to something like bowser or king bomb-omb or would it crash the game.
Stevoisiak
Member
Level: 36


Posts: 79/283
EXP: 287794
For next: 20316

Since: 11-22-07
From: New York, Long Island

Since last post: 7.0 years
Last activity: 1.0 years

Posted on 05-18-08 05:21:27 PM Link | Quote
Originally posted by machead253
Just wondering but could you give a toad behavior to something like bowser or king bomb-omb or would it crash the game.


Actually, that might be a good video idea. Still, it's kind of obvious you could do it with king bomb omb and bowser. If you can play as bowser and race the bomb omb king, you can make them toads.
yoshiman
Member
Level: 22


Posts: 65/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 05-18-08 08:20:40 PM Link | Quote
Not only are the addresses different but the coding is also as there were likely bug fixes in the PAL version. What does stay the same is when segment/offset method is used since those values are used to calculate an actual address.

The part of the behaviour script used for init. the object is the start of the behaviour script. VL-TONE said that the behaviour script starts with zero but accrding to the pointers used by the RAM objects it's the next instruction. Then somewhere within the behaviour script is constantly called by the object while playing to update the object.

I had to change the coding to alter how many coins a Goomba gives out, there wasn't an instruction in the behaviour script at least not for Goombas. And in my latest videos I've modified the coding even more so that a Bob-omb comes out of a Goomba instead of a coin.

There are two main values used to spawn the coin:

0x0074 is the graphic ID for a yellow coin (with a shadow)
0x09A4 is the offset to the start of the behaviour script to create the coin

Change these values in the coding and you get a totaly different object from the Goombas. Perhas I could explain more about the coding in an ASM thread?

James S.
messiaen
Catgirl
Level: 64


Posts: 97/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-18-08 08:31:41 PM (last edited by messiaen at 05-18-08 08:54 PM) Link | Quote
Every behavior scripts start with "00 xx 00 00", xx values being 04, 05, 06, 08, 09, 0A, OB and 0C. This value affects some global properties of the object.

So, the behavior script at 0x09A4 is responsible fo spawning a coin? Makes sense, as it is very near the coin ones. I'll have to test this one later.

Also, the "Graphic ID" is the Model ID defined by the 0x22 Level Command Script. You can get a list of 0x22 commands and the Models ID in Toad's Tool 64 interface. Sometimes the same object (a Goomba for instance) can have a different ID in different levels.

This Model ID points to a "Geo Layout", a script that basically sets a few variables and which in turn points to the polygons (display lists).

Your Goomba into Bob-Omb video was really amazing. You can even set a infinite loop of objects (Goomba - Bob-omb - something - Goomba). Wait no further and create that ASM thread!
yoshiman
Member
Level: 22


Posts: 67/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 05-18-08 10:15:06 PM Link | Quote
I first noticed the graphic ID or model ID when I found the item box item table which lists what each item looks like and how it behaves that you can get from an item box. The table could be expanded whith the necessary changes to the coding to add new items or change the existing ones.

I'll do the ASM thread-please don't delete it!

James S.
messiaen
Catgirl
Level: 64


Posts: 101/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 05-20-08 01:16:48 PM Link | Quote
One old post from Cellar Dweller concerning behavior commands 0x08/0x09:

"I discovered/verified a few things about the behavior scripts. First, the commands between the 0x08 and 0x09 commands get execuited repeatedly during gameplay. The 0x08 command puts the current script position on a stack and the 0x09 command jumps back to the command after the 0x08 command without popping the stack. (Actually, the 0x09 command pops the address off the stack, but then pushes it right back on.) The 0x09 command also halts the interpeter until later, probably the next frame.

The 0x0c command just calls a function.

Address in the ranges of 0x802461dc - 0x80328960 and 0x8037893c - 0x80384678 are functions. There are almost certainly some more functions outside these ranges as these are the bounds of the two main blocks of them recorded in my notes.

I canged the function pointer in the last 0x0c command in the "Collectable coin" behavior script to a stub function. The result was some coins not spinning and not being collectable. The stub function I used was 0x8028b704 which is actually the address of the return instruction of the preceding function in memory."
yoshiman
Member
Level: 22


Posts: 73/95
EXP: 55752
For next: 2598

Since: 12-21-07
From: London, England

Since last post: 8.0 years
Last activity: 8.0 years

Posted on 06-03-08 08:05:00 PM Link | Quote
While working on another hack I discovered exactly how Bullet Bill works. It is NOT spawned from the blaster but instead already exists and after it is 'destroyed' it resets its position, hidden by the blaster until it fires itself. As was suggested, the blaster behaviour just sets up its own collision or something like that.

What's strange is that the Bullet Bill behaviour-without even a graphic change-when used outside the castle crashed the game.
messiaen
Catgirl
Level: 64


Posts: 123/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 06-05-08 05:13:17 PM (last edited by messiaen at 06-06-08 10:59 AM) Link | Quote
I'm assuming that by Blaster you mean the "Bullet Bill Cannon" (Behav 0x600) behavior.
Looking at it, it is just a standard "solid" behavior. This one will crash in levels other than Whomp's Fortress because it uses a collision pointer:

21A408/000608 2A 00 00 00 07 01 02 60 - Points to Offset 0x10260 of current Bank 0x07.

On top of it, there is another object which uses behavior 0x179C (Bullet Bill) and actually spawns the object itself.

I tried using the 0x179C Behavior with the Bird model (ID 54) and I got a Bird shooter . I tried with other objects, and the effect is the same.

So probably you just chose the wrong behavior (0x0600 instead of 0x179C).

---

I'm almost sure this is one of the Bowser Key behaviors:

ROM Addr: 0021B92C Hex Behav: 13001B2C
>>>>>>>>>>Unused Behavior?
21B92C/001B2C 00 08 00 00
21B930/001B30 11 01 00 09
21B934/001B34 2D 00 00 00
21B938/001B38 27 26 00 00 03 01 C2 B0 -- turns the key animation
21B940/001B40 28 00 00 00
21B944/001B44 08 00 00 00
21B948/001B48 0C 00 00 00 80 2B 93 5C -- makes the key disappear after it is turned
21B950/001B50 09 00 00 00

This was easy to find, I just searched for pointers to Bank 0x03, which hold many shared objects.
Stevoisiak
Member
Level: 36


Posts: 88/283
EXP: 287794
For next: 20316

Since: 11-22-07
From: New York, Long Island

Since last post: 7.0 years
Last activity: 1.0 years

Posted on 06-07-08 02:26:20 PM Link | Quote
Originally posted by messiaen
I'm almost sure this is one of the Bowser Key behaviors:

ROM Addr: 0021B92C Hex Behav: 13001B2C
>>>>>>>>>>Unused Behavior?
21B92C/001B2C 00 08 00 00
21B930/001B30 11 01 00 09
21B934/001B34 2D 00 00 00
21B938/001B38 27 26 00 00 03 01 C2 B0 -- turns the key animation
21B940/001B40 28 00 00 00
21B944/001B44 08 00 00 00
21B948/001B48 0C 00 00 00 80 2B 93 5C -- makes the key disappear after it is turned
21B950/001B50 09 00 00 00

This was easy to find, I just searched for pointers to Bank 0x03, which hold many shared objects.


That means you may be able to make those bonus levels I suggested?? Id love top see a key activate the light to the flying level.
messiaen
Catgirl
Level: 64


Posts: 127/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 06-07-08 03:16:44 PM (last edited by messiaen at 06-07-08 05:16 PM) Link | Quote
No, if you use this behavior in the bowser key model it will just automatically rotate and disappear in a few seconds, exactly how it is used in the game.

--

Index 3D = Transparency (Offset 0x17C). Used with 0x10 command, for instance:

Description: Fwoosh Blowing Wind
21E798/004998 10 3D 00 F0

Common values = F0, FE, FF
Stevoisiak
Member
Level: 36


Posts: 89/283
EXP: 287794
For next: 20316

Since: 11-22-07
From: New York, Long Island

Since last post: 7.0 years
Last activity: 1.0 years

Posted on 06-12-08 03:54:39 PM Link | Quote
Originally posted by messiaen
No, if you use this behavior in the bowser key model it will just automatically rotate and disappear in a few seconds, exactly how it is used in the game.

--

Index 3D = Transparency (Offset 0x17C). Used with 0x10 command, for instance:

Description: Fwoosh Blowing Wind
21E798/004998 10 3D 00 F0

Common values = F0, FE, FF

Yes, but I mean that like the stars trigger a light, maybea different trigger can be used. Plus, having bonus areas in locked doors isnice. Maybe yu can have secret routes in the game that lead to the key.
messiaen
Catgirl
Level: 64


Posts: 158/1085
EXP: 2161134
For next: 52963

Since: 11-20-07


Since last post: 3.0 years
Last activity: 2.0 years

Posted on 07-07-08 04:28:20 PM (last edited by messiaen at 07-08-08 01:03 PM) Link | Quote
This one was Yoshiman's find, as seen in his latest video, I just searched for the behaviour pointer. This is the de facto "Koopa Shell" Power-up behavior:

ROM Addr: 0021BD3C Hex Behav: 13001F3C
>>>>>>>>>>Unused Behavior?
21BD3C/001F3C 00 06 00 00
21BD40/001F40 11 01 00 01
21BD44/001F44 30 00 00 00 00 1E FE 70 FF CE 03 E8 03 E8 00 C8 00 00 00 00
21BD58/001F58 08 00 00 00
21BD5C/001F5C 0C 00 00 00 80 2B D6 80
21BD64/001F64 09 00 00 00

Assign it to a Koopa Shell object and it will have the appropiate spinning/ridable behavior, unlike Behavior 0x0708 (labeled Koopa Shell Power-Up), which seemingly doesn't do nothing.

Edit: Yet another interesting video by Yoshiman (Yoshielectron at YouTube): a Koopa which gives you a Red Wing Cap. Looking at the code, the behavior for the Red Wing Cap is "3DB8". The Model ID for the Red Wing Cap is 87. Thanks Yoshiman!

---

Also, here is the "Running Star" Behavior I showed in an earlier video.

0005 0000 <-- Start
1101 2041 <-- From the Koopa behavior
2726 0000 0601 1364 <-- Animation Pointer (Koopa)
2809 0000
2D00 0000
0E45 4BFF [\
0E43 4BFF [ \-> Drawing/disappear distances, so you can see it from very var.
3200 0096 <-- Scaling
0C00 0000 802F 24F4 <-- "Collect Star" (Model is hardcoded)
0800 0000
0C00 0000 802F 31BC <-- "Collectable" call, otherwise when you get the star it will keep running. Use this when you want the object to disappear when touched.
0C00 0000 802F D7F8 <-- Main Koopa Behavior 0x0C call
0C00 0000 802F D7F8 <-- Repeated for 2x speed
0900 0000 <-- End

For this hybrid behavior, parameter 2 will be interpreted the same way as the Collect Star behavior. I removed the first 0x0C call from the original Koopa Behavior, because it could lead to crashes in "Flatworld". Apparently, it is responsible for interpreting Parameter 1 (type of Koopa). If you try this behavior in Bob-omb, you may want to try insert it back so that the Koopa follow its path to the top of the mountain.
Pages: 1 2 3 4 5Next newer thread | Next older thread
Jul - SM64 Hacking - Behaviour Scripts New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 2f1bc75 [2017-08-27]
©2000-2017 Acmlm, Xkeeper, Inuyasha, et al.

28 database queries, 16 query cache hits.
Query execution time: 0.163142 seconds
Script execution time: 0.017558 seconds
Total render time: 0.180700 seconds