Golden Sun Hacking Community
July 22, 2018, 08:48:01 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Tret OOB Weirdness  (Read 8571 times)
0 Members and 1 Guest are viewing this topic.

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« on: January 22, 2015, 03:50:50 PM »

Using the retreat glitch you can get out of bounds in a number of locations in the game. Generally speaking, the game is reasonably well behaved aside from various junk data lying around. There is one particular out of bounds (OOB) area which does not behave well - you may guess from the topic title that it is tret. Unlike other dungeons, tret has certain areas which will soft lock the game if you walk to them and even a location which will crash the game if you walk there. We in the speedrunning community have no idea why the game is crashing or soft locking, and we strongly suspect there are some other things at play here. I was watching the memory as I moved through tret and it constantly seems like Isaac was running near doors because of how the memory was changing.

I'm including a goodie-pack so that you can mess around with this yourself and hopefully help us understand exactly what the hell is going on here.

1) Here are a bunch of save files while I am out of bounds in Tret: the save states work with VBA-RR v24, there is also a battery file if those fail: https://www.dropbox.com/s/07j7r0ju1z5r4pb/tret%20oob.rar?dl=0
2) Here is a nifty lua script to help explore out of bounds
Code:
local AD1 = 0x0200053a --Isaac Cur PP
local AD1Value = 5
local AD2 = 0x0200047a -- Step Counter
local AD2Value = 1

while true do
memory.writeword(AD1, AD1Value)
memory.writebyte(AD2, AD2Value)

gui.text(0,00,"Area: " .. memory.readword(0x02000400))
gui.text(0,10,"Door: " .. memory.readword(0x02000402))


gui.text(40,00,"Actual: " .. memory.readword(0x02000408))
gui.text(40,10,"Actual: " .. memory.readword(0x0200040A))

gui.text(0,20,"X: " .. memory.readdword(0x02030ec4)/1000000)
gui.text(0,30,"Y: " .. memory.readdword(0x02030ecc)/1000000)
gui.text(0,40,"Z: " .. memory.readdword(0x02030ec8)/1000000)

    vba.frameadvance();
end
And here are some codes to lock the camera on isaac (but it's really not that useful)
Code:
02030DB8:00000000
02030DBC:00000000
02030DC0:7FFFFFFF
02030DC4:7FFFFFFF
(Incidentally, if you know how to make these codes lock when the X/Y coordinates underflow to 4298 that'd be fantastic!)
3) In tret here are some "bad" locations (X,Y):
- (4283,4241) = game crashes and reset
- (4292,4242) = game crashes, no reset (tries to access door 32 from that area)
4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?
Logged
View Profile
Luna_blade
The last member of the Luna clan
Luna Clan

Great Member
*

Coins: 0
Offline Offline

I am: Timeless. As in, i don't have much free time.
Posts: 533

« Reply #1 on: January 22, 2015, 04:30:47 PM »

Highly interesting.

I'm no expert but does it matter that there are two cutscenes in trets room?
Logged

++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.>.
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #2 on: January 22, 2015, 04:57:57 PM »

Highly interesting.

I'm no expert but does it matter that there are two cutscenes in trets room?
I'm not 100% sure, but I don't think so. Tret's "room" is connected to the entire interior, so you're able to trigger the tret fight by wandering out of bounds in the right direction. The second cutscene has no overworld/in dungeon trigger (as far as I'm aware) and that only plays after you defeat tret.

The doors I've been able to trigger (32 and 22 but I didn't record the coordinates for a 22 door, there's a few 32 doors) correspond to falling down certain breakable leaves.
Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #3 on: January 23, 2015, 12:19:11 AM »

Quote
4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?
Same stuff +0x20 on GS2.. so..

Quote from: From my page: http://gsdata.wikia.com/wiki/RAM_Map
02000420 = Map and door number (Different in battle)
02000424 = Sanctum map and door number
02000428 = Current map and door number
0200042C = Area?
0200042E = Map and door number when you win or flee a battle. FFFF to use current map and door number instead.
02000432 = Map and door number when you lose a battle. FFFF to use sanctum map and door number instead.
02000436 = Battle Background
0200043A = Graphic Map Index. (For file index table on map/pal/tilesets; see 0802F380)
0200043C = X
02000440 = Z
02000444 = Y
02000448 = Direction

I wonder if this helps any?
Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #4 on: January 23, 2015, 04:15:20 AM »

Quote
4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?
Same stuff +0x20 on GS2.. so..

Quote from: From my page: http://gsdata.wikia.com/wiki/RAM_Map
02000420 = Map and door number (Different in battle)
02000424 = Sanctum map and door number
02000428 = Current map and door number
0200042C = Area?
0200042E = Map and door number when you win or flee a battle. FFFF to use current map and door number instead.
02000432 = Map and door number when you lose a battle. FFFF to use sanctum map and door number instead.
02000436 = Battle Background
0200043A = Graphic Map Index. (For file index table on map/pal/tilesets; see 0802F380)
0200043C = X
02000440 = Z
02000444 = Y
02000448 = Direction

I wonder if this helps any?
Not quite, theres no XZY coordinate that I can see for GS1 in this range and those addresses that you list would correspond to the mystery area. I'll post some images to help illustrate what is going on.

1) http://i.imgur.com/Fp9oMX1.png Just moving straight up from where the battery file puts you gives you a change in these two addresses only
2) http://i.imgur.com/8Xh99qd.png moving around a bit you start to see changes in these addresses
3) http://i.imgur.com/Jb6wbWu.png more changes in the same addresses!
4) http://i.imgur.com/1nIpcCM.jpg If you try to enter a door anywhere, the same addresses change (interestingly, I only ever see C and 4 walking towards/away from doors in that last changing byte from my limited testing I just did)
5) If you walk around tret a lot more you can actually get this to happen


At this place the 11 has cropped up in the 02000448 range
Logged
View Profile
Fox
Fox McCloud, the Hacking Doctor
Mercury Clan

Prodigy
*

Coins: 28
Offline Offline

I am: certainly not a Gallant!
Clan Position: Head Gallant
Posts: 2412

« Reply #5 on: January 23, 2015, 04:30:05 AM »

Quote
theres no XZY coordinate that I can see for GS1 in this range and those addresses that you list would correspond to the mystery area. I'll post some images to help illustrate what is going on.
I think it's the player coordinates, and that it ocasionally gets placed here.... (Like the "Return coords"? I guess?)
-Editing it during battle will have your camera be at another location when you get out of battle... I tested this on the world map, got the snowy tileset, and the camera moved toward Isaac.
-Perhaps it is also read when you continue from a save file, but I haven't checked this. (Only 02000000-02002FEF get saved, which doesn't include the addresses at 02030ec4+...)
So yeah, your images still make it look like the player position/direction. @4: C000 is for facing north. (Since 0000 is facing east.) ; The X, Z, and Y is 32-bit; and direction is 16-bit.

Anyway, that isn't the only thing copied to this save game area... as GS2 copies NPC data to 02001004+ as well.... (But during saving, if I remember correctly?) Which makes it obvious that there is support for 32 sprite objects. (And maybe more for unsaveable ones?)
« Last Edit: January 23, 2015, 05:47:43 AM by Fox » Logged

Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Remember kids! Before you go on that interview, remember to wash your hands in teawater! *Coughs on hand* (Excuse me, I just coughed up a little teawater, so they're still clean!) You wouldn't want that hiring manager to be unimpressed.

May the force be with you!
Shoo! Why does it smell in here?
Maybe that's the wrong kind of force. *smirk*
View Profile

Regular Member
**

Coins: 2
Offline Offline

Posts: 135

« Reply #6 on: January 23, 2015, 05:58:59 AM »

Ah yes, the 4000/C000 thing is definitely Isaac's direction. Looks like if you're approaching a transition screen the game records Isaac's direction when transitioning to maintain that after the transition. Although, some transitions fix Isaac's direction (e.g. world map doors) and that data gets overwritten.

Looks like other highlighted areas are related to the position of the camera. I tested it in a dungeon (because sometimes world map/dungeons behave differently) and got the camera to lock somewhere else. I'm guessing that near transition zones like doors there is an area around them which takes control of the camera as you move through the area, as opposed to locking the camera on Isaac. That way you can control the camera movement as Isaac goes through a door (which is slightly irregular).

I bet that camera lock in tret is to do with the number of breakable leaves in the dungeon.
Logged
View Profile
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Yesterday at 09:19:06 PM
Salanewt: Time to upload that "EXP gain when KO'd" patch I made a month ago.
Yesterday at 09:18:48 PM
Salanewt: Oh hey, the site's back up!
July 18, 2018, 10:49:52 PM
roger: I can post but it goes to an error page when I submit.
July 18, 2018, 05:24:12 PM
zman9000: Site is back WOO!
May 09, 2018, 12:35:37 AM
KyleRunner: The "Start In" field is not editable... I'll try making new shortcuts
May 08, 2018, 09:51:08 PM
Fox: If all else fails, you canmake new Shortcuts to do the same thing.
May 08, 2018, 09:49:53 PM
Fox: Export Properties > Shortcut (Tab) > Target / Start In ; Target (for Export) should be: (filename) 0 , and for Import: (filename) 1
May 08, 2018, 08:52:00 PM
KyleRunner: I can't change the path in properties menu...
May 08, 2018, 01:27:19 AM
Fox: You may need to edit something in properties, though... so it uses the exe file in the same directory.
May 08, 2018, 01:24:59 AM
Fox: It is suppose to be a shortcut, yes.
May 03, 2018, 11:48:05 PM
KyleRunner: Fox, the "export" function in your text editor is just a shortcut... Could you please fix it?
May 02, 2018, 09:53:45 PM
KyleRunner: I come here everyday. I'm working on a Portuguese translation, and the people here help me a lot.
May 02, 2018, 08:56:07 AM
Drake baku: My feel as well, I posted a little as well since my return, but silence was all that followed... At least the forum is a great source for data when hacking GS/ GS2, currently looking for something I have read a long time ago cause my PP recovery psy is not working
May 01, 2018, 09:58:04 AM
Fox: I am thinking a lot of this might be because of Discord?
May 01, 2018, 09:56:08 AM
Fox: Yeah, this forum is more dead than ever before.  February and April have 0 new topics. (All other months prior have more.) And March has lowest number of new posts. (It'd be dumb to count the very first month this site was created.)
April 25, 2018, 09:02:13 PM
Fox: Yes. The best tool is a hex editor. Well.... VBA, VBA-SDL-H, no$gba Debugger, GBATEK, and my documentation.... to use these to learn how the code/data works. Best method because it maximizes your editing ability... and then there is my program gsmagic that I was working on. Still in its early stages, though. (Even after year(s).)
April 25, 2018, 04:21:58 PM
Xendrox D: *exept tla editor.
April 25, 2018, 04:21:29 PM
Xendrox D: is there any other tool for hacking gs?
April 23, 2018, 09:26:27 PM
Atrius: Rarely, but not never.
April 23, 2018, 08:01:48 AM
Drake baku: Can it be, the god who created the editor, atrius. I heard you never came back online here anymore

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.058 seconds with 22 queries.