News:

The forum has been updated to SMF (2.1.3)!
Please be patient as we work to polish up the place and update features as we can.

Main Menu

Tret OOB Weirdness

Started by Plexa, 22, January, 2015, 10:50:50 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Plexa

Using the retreat glitch you can get out of bounds in a number of locations in the game. Generally speaking, the game is reasonably well behaved aside from various junk data lying around. There is one particular out of bounds (OOB) area which does not behave well - you may guess from the topic title that it is tret. Unlike other dungeons, tret has certain areas which will soft lock the game if you walk to them and even a location which will crash the game if you walk there. We in the speedrunning community have no idea why the game is crashing or soft locking, and we strongly suspect there are some other things at play here. I was watching the memory as I moved through tret and it constantly seems like Isaac was running near doors because of how the memory was changing.

I'm including a goodie-pack so that you can mess around with this yourself and hopefully help us understand exactly what the hell is going on here.

1) Here are a bunch of save files while I am out of bounds in Tret: the save states work with VBA-RR v24, there is also a battery file if those fail: https://www.dropbox.com/s/07j7r0ju1z5r4pb/tret%20oob.rar?dl=0
2) Here is a nifty lua script to help explore out of bounds local AD1 = 0x0200053a --Isaac Cur PP
local AD1Value = 5
local AD2 = 0x0200047a -- Step Counter
local AD2Value = 1

while true do
memory.writeword(AD1, AD1Value)
memory.writebyte(AD2, AD2Value)

gui.text(0,00,"Area: " .. memory.readword(0x02000400))
gui.text(0,10,"Door: " .. memory.readword(0x02000402))


gui.text(40,00,"Actual: " .. memory.readword(0x02000408))
gui.text(40,10,"Actual: " .. memory.readword(0x0200040A))

gui.text(0,20,"X: " .. memory.readdword(0x02030ec4)/1000000)
gui.text(0,30,"Y: " .. memory.readdword(0x02030ecc)/1000000)
gui.text(0,40,"Z: " .. memory.readdword(0x02030ec8)/1000000)

    vba.frameadvance();
end

And here are some codes to lock the camera on isaac (but it's really not that useful)
02030DB8:00000000
02030DBC:00000000
02030DC0:7FFFFFFF
02030DC4:7FFFFFFF

(Incidentally, if you know how to make these codes lock when the X/Y coordinates underflow to 4298 that'd be fantastic!)
3) In tret here are some "bad" locations (X,Y):
- (4283,4241) = game crashes and reset
- (4292,4242) = game crashes, no reset (tries to access door 32 from that area)
4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?

Luna_blade

Highly interesting.

I'm no expert but does it matter that there are two cutscenes in trets room?
"Hear the sounds and melodies
Of rilets flowing down
They're the verlasting songs
Whispering all the time
As a warning that behind some rocks
There's a rigid grap even
Oreads fear the tread"

Plexa

Quote from: Luna_blade on 22, January, 2015, 11:30:47 AM
Highly interesting.

I'm no expert but does it matter that there are two cutscenes in trets room?
I'm not 100% sure, but I don't think so. Tret's "room" is connected to the entire interior, so you're able to trigger the tret fight by wandering out of bounds in the right direction. The second cutscene has no overworld/in dungeon trigger (as far as I'm aware) and that only plays after you defeat tret.

The doors I've been able to trigger (32 and 22 but I didn't record the coordinates for a 22 door, there's a few 32 doors) correspond to falling down certain breakable leaves.

Daddy Poi's Oily Gorillas

Quote4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?
Same stuff +0x20 on GS2.. so..

Quote from: From my page: http://gsdata.wikia.com/wiki/RAM_Map02000420 = Map and door number (Different in battle)
02000424 = Sanctum map and door number
02000428 = Current map and door number
0200042C = Area?
0200042E = Map and door number when you win or flee a battle. FFFF to use current map and door number instead.
02000432 = Map and door number when you lose a battle. FFFF to use sanctum map and door number instead.
02000436 = Battle Background
0200043A = Graphic Map Index. (For file index table on map/pal/tilesets; see 0802F380)
0200043C = X
02000440 = Z
02000444 = Y
02000448 = Direction

I wonder if this helps any?
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Plexa

Quote from: Fox on 22, January, 2015, 07:19:11 PM
Quote4) In the 0x02000410-0x02000420 range of the memory you'll notice that there are some changes as you wander around. e.g. load up the battery file and just hold up and see how it changes. This reminds me of what happens when Isaac walks past a door .. what is going on here?
Same stuff +0x20 on GS2.. so..

Quote from: From my page: http://gsdata.wikia.com/wiki/RAM_Map02000420 = Map and door number (Different in battle)
02000424 = Sanctum map and door number
02000428 = Current map and door number
0200042C = Area?
0200042E = Map and door number when you win or flee a battle. FFFF to use current map and door number instead.
02000432 = Map and door number when you lose a battle. FFFF to use sanctum map and door number instead.
02000436 = Battle Background
0200043A = Graphic Map Index. (For file index table on map/pal/tilesets; see 0802F380)
0200043C = X
02000440 = Z
02000444 = Y
02000448 = Direction

I wonder if this helps any?
Not quite, theres no XZY coordinate that I can see for GS1 in this range and those addresses that you list would correspond to the mystery area. I'll post some images to help illustrate what is going on.

1) http://i.imgur.com/Fp9oMX1.png Just moving straight up from where the battery file puts you gives you a change in these two addresses only
2) http://i.imgur.com/8Xh99qd.png moving around a bit you start to see changes in these addresses
3) http://i.imgur.com/Jb6wbWu.png more changes in the same addresses!
4) http://i.imgur.com/1nIpcCM.jpg If you try to enter a door anywhere, the same addresses change (interestingly, I only ever see C and 4 walking towards/away from doors in that last changing byte from my limited testing I just did)
5) If you walk around tret a lot more you can actually get this to happen


At this place the 11 has cropped up in the 02000448 range

Daddy Poi's Oily Gorillas

#5
Quotetheres no XZY coordinate that I can see for GS1 in this range and those addresses that you list would correspond to the mystery area. I'll post some images to help illustrate what is going on.
I think it's the player coordinates, and that it ocasionally gets placed here.... (Like the "Return coords"? I guess?)
-Editing it during battle will have your camera be at another location when you get out of battle... I tested this on the world map, got the snowy tileset, and the camera moved toward Isaac.
-Perhaps it is also read when you continue from a save file, but I haven't checked this. (Only 02000000-02002FEF get saved, which doesn't include the addresses at 02030ec4+...)
So yeah, your images still make it look like the player position/direction. @4: C000 is for facing north. (Since 0000 is facing east.) ; The X, Z, and Y is 32-bit; and direction is 16-bit.

Anyway, that isn't the only thing copied to this save game area... as GS2 copies NPC data to 02001004+ as well.... (But during saving, if I remember correctly?) Which makes it obvious that there is support for 32 sprite objects. (And maybe more for unsaveable ones?)
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Plexa

Ah yes, the 4000/C000 thing is definitely Isaac's direction. Looks like if you're approaching a transition screen the game records Isaac's direction when transitioning to maintain that after the transition. Although, some transitions fix Isaac's direction (e.g. world map doors) and that data gets overwritten.

Looks like other highlighted areas are related to the position of the camera. I tested it in a dungeon (because sometimes world map/dungeons behave differently) and got the camera to lock somewhere else. I'm guessing that near transition zones like doors there is an area around them which takes control of the camera as you move through the area, as opposed to locking the camera on Isaac. That way you can control the camera movement as Isaac goes through a door (which is slightly irregular).

I bet that camera lock in tret is to do with the number of breakable leaves in the dungeon.