|  Time: Now - Date: Today - Weather: What can be seen outside. - Mood: How it feels. Answer to the universe: 42 | gamecrazzy:
What you're doing is essentially trying to explain in a confusing way what we already know since a long time, thinking it's a new discovery...
Sure we can insert a new 0x0C command with Level ID 01, 02 or 03 that will point to custom levels. We can easily create warps that will go there, simply by using the corresponding ID (0x01 for example). This is nothing we didn't know about.
But there's a few things that you forget or doesn't know.
Did you read the post I told you about in the Stuff inside the checksum protected area (Title Screen, etc.) thread? It's the first post.
Look at the table at 0xE8D98:
00 00 00 05 04 00 06 08 01 0A 0B 03 0D 0E 0F 00 10 16 11 18 12 07 09 02 19 00 13 14 15 10 17 00 11 12 00 0C
Interestingly, bytes 1, 2 and 3 of this table are set to 0x00. This is not a coincidence, except for the Castle Grounds, Inside Castle and Courtyard levels (which happens to have a value of 0x00), every 0x00 in this table corresponds to an unused level ID.
From the post you should've read:
00--01--Not in level selector
00--02--Not in level selector
00--03--Not in level selector
05--04--Haunted House
04--05--Cool Cool Mountain
00--06--Inside Castle
06--07--Hazy Maze Cave
08--08--Shifting Sand Land
01--09--Bob-Omb's Battlefield
0A--0A--Snow Man's land
0B--0B--Wet Dry World
03--0C--Jolly Roger Bay
0D--0D--Tiny Huge Island
0E--0E--Tick Tock Clock
0F--0F--Rainbow Ride
00--10--Castle Grounds
10--11--Bowser First Course
16--12--Vanish Cap
11--13--Bowser's Fire Sea
18--14--Secret Aquarium
12--15--Bowser Third Course
07--16--Lethal Lava Land
09--17--Dire Dire Docks
02--18--Whomp's Fortress
19--19--Picture at the end
00--1A--Castle Courtyard
13--1B--Peach's Secret Slide
14--1C--Metal Cap
15--1D--Wing Cap
10--1E--Bowser First Battle
17--1F--Rainbow Clouds
00--20--Not in level selector
11--21--Bowser Second Battle
12--22--Bowser Third Battle
00--23--Not in level selector
0C--24--Tall Tall Mountain
The second column is the level ID, and the first is the byte in the 0xE8D98 table that correspond to this level ID.
There's only 5 slots left in this table, which has a fixed length. ID 01, 02, 03, 20 and 23 are unused.
We can't put add more than 5 "new levels" because of that, unless we find how the ASM code use this table and extend it.
Also, we don't know yet where are the parameters referred by each bytes in the E8D98. They do correspond to the level names order you can find in the Text Wrangler. For example, the value in the table for Hazy Maze Cave is 0x06, and its name is sixth in the level name list. The blank level name is attributed to the Cake Picture level.
But there are other parameters that are selected by the table values other than the name.
Even if we did use the 5 empty slots for custom levels, there would be a lot that we wouldn't be able to control, like the names and many other parameters. If you keep the 0x00 values in that table, they'll simply behave like the outdoor castle levels, with no way to exit the level by pausing, and no way to set the level name.
Edit:
Ok so you edited your post and added this:
Originally posted by gamekrazzy
Ok... I did a little more research. Guess what you can replace the title, mario's face, and even the game over so that it will go to a different location. The last 2 bytes of 16 bytes hold the answer. A little while ago I did an expirament. After swapping those bytes with other levels. I went and activated that situation.
The order for those bytes via level normally go:
02 38
02 48
02 58
02 28
02 68
What I did is I changed it so that it went like this:
02 28
02 38
02 48
02 58
02 68
The results were as suspected.
So now, I believe if we simply find out what these bytes have to deal with the level, we will know how to change them to where we can add levels to the unused levels. That is if we know where the conditional jump is at.
Seriously gamekrazzy, we've been hacking SM64 for like 3 years now? Don't you think we know how the conditional jump table works? How do you think that TT64 decodes levels? Magic Ponies?
Maybe you should spend more time experimenting by yourself before posting about "mysterious" bytes that we already know about...
2ABE8C/01EC: 0C 0C 02 00 FF FF FF FF 15 00 02 38 --End Screen
The last four bytes are the jumping offset: 15 000238
0x15 is the bank number, 0x000238 is the offset in that bank. If you had read the Main Level Script document more carefully you would've known that these commands are already inside bank 0x015 so it's simply a matter of going down a few lines to find the destination:
2ABED8/0238: 01 10 00 0E 00 4A C4 B0 00 4A C5 70 0E 00 00 00
See that 0238? it means that this line is at offset 0x0238 inside the current bank, which happens to be 0x15...
The 0x01 command will load data from 004AC4B0 to 004AC570 into bank 0x0E then jump into offset 0x000000 of bank 0x0E. At 004AC4B0 you'll find the ending screen script...
If you look at the destination offsets for the normal levels, you'll find that they lead to 0x00 commands found just a few lines bellow.
For example:
2ABF58/02B8: 0C 0C 02 00 00 00 00 09 15 00 [b]04 58[/b] --Bob-Omb's Battlefield
Leads to:
2AC0F8/[b]0458[/b]: 00 10 00 0E 00 40 5A 60 00 40 5F B0 0E 00 02 64
The level script for Bob-Omb Battlefield is at 0x00405A60. Yes we can change these address so that they point to custom levels, and that's exactly how flatworld worked and how the importer will work. We could also insert new 0x0C and 0x00 commands to use other level ID while keeping the original levels, but I already explained that there are other problems with this.
Edit:
I could've spent the last hour or so working on TT64, but instead I just had to explain what is already known since 3 years or so...
____________________
|   |
|
|
