SanguinettiMods' ASM Hacks / RAM Findings / Etc.

[SanguinettiMods]

So I joined the ASM Hacking part of this community a week or so ago, and now I'm comfortable sharing my work. The first custom hack I did, under the guidance of Sakura was making it possible to switch between Tunics on-the-fly with the D-Pad, which will be released eventually, but I'm saving that for something much greater. 

For right now, I have this to show you guys.

Switch bewtween Boots on-the-fly with D-Pad

Gameshark Code for PJ64 1.7

D-Pad to Change Boots

813E8854 0806
813E8856 8000
811A0000 3C08
811A0002 8016
811A0004 9508
811A0006 6AF0
811A0008 2401
811A000A 0200
811A000C 240C
811A000E 1000
811A0010 1028
811A0012 003B
811A0014 240F
811A0016 0000
811A0018 2401
811A001A 0400
811A001C 240C
811A001E 2000
811A0020 1028
811A0022 0037
811A0024 240F
811A0026 0001
811A0028 2401
811A002A 0100
811A002C 240C
811A002E 3000
811A0030 1028
811A0032 0033
811A0034 240F
811A0036 0002
811A0038 1000
811A003A 003A
811A0100 3C0A
811A0102 8016
811A0104 254A
811A0106 E6D0
811A0108 954B
811A010A 0000
811A010C 316B
811A010E 0FFF
811A0110 016C
811A0112 6825
811A0114 A54D
811A0116 0000
811A0118 3C0E
811A011A 8022
811A011C 25CE
811A011E 46FF
811A0120 A1CF
811A0122 0000
811A0124 2401
811A0126 0002
811A0128 080F
811A012A A216
811A012C 90AE
811A012E 0002

D-Left = Kokiri BootsD-Down = Iron BootsD-Right = Hover BootsThe effects work for Child Link, too!

And for Nemu 64

CheatName0=DBoots
CheatName0Count=56
CheatName0Code0=813E8854 0806
CheatName0Code1=813E8856 8000
CheatName0Code2=811A0000 3C08
CheatName0Code3=811A0002 8016
CheatName0Code4=811A0004 9508
CheatName0Code5=811A0006 6AF0
CheatName0Code6=811A0008 2401
CheatName0Code7=811A000A 0200
CheatName0Code8=811A000C 240C
CheatName0Code9=811A000E 1000
CheatName0Code10=811A0010 1028
CheatName0Code11=811A0012 003B
CheatName0Code12=811A0014 240F
CheatName0Code13=811A0016 0000
CheatName0Code14=811A0018 2401
CheatName0Code15=811A001A 0400
CheatName0Code16=811A001C 240C
CheatName0Code17=811A001E 2000
CheatName0Code18=811A0020 1028
CheatName0Code19=811A0022 0037
CheatName0Code20=811A0024 240F
CheatName0Code21=811A0026 0001
CheatName0Code22=811A0028 2401
CheatName0Code23=811A002A 0100
CheatName0Code24=811A002C 240C
CheatName0Code25=811A002E 3000
CheatName0Code26=811A0030 1028
CheatName0Code27=811A0032 0033
CheatName0Code28=811A0034 240F
CheatName0Code29=811A0036 0002
CheatName0Code30=811A0038 1000
CheatName0Code31=811A003A 003A
CheatName0Code32=811A0100 3C0A
CheatName0Code33=811A0102 8016
CheatName0Code34=811A0104 254A
CheatName0Code35=811A0106 E6D0
CheatName0Code36=811A0108 954B
CheatName0Code37=811A010A 0000
CheatName0Code38=811A010C 316B
CheatName0Code39=811A010E 0FFF
CheatName0Code40=811A0110 016C
CheatName0Code41=811A0112 6825
CheatName0Code42=811A0114 A54D
CheatName0Code43=811A0116 0000
CheatName0Code44=811A0118 3C0E
CheatName0Code45=811A011A 8022
CheatName0Code46=811A011C 25CE
CheatName0Code47=811A011E 46FF
CheatName0Code48=811A0120 A1CF
CheatName0Code49=811A0122 0000
CheatName0Code50=811A0124 2401
CheatName0Code51=811A0126 0002
CheatName0Code52=811A0128 080F
CheatName0Code53=811A012A A216
CheatName0Code54=811A012C 90AE
CheatName0Code55=811A012E 0002

Sauce (Source)

.ORG      0x803E8854
J         0x801A0000 ; Jump to Hack
NOP

.ORG      0x801A0000
LUI       T0,0x8016
LHU       T0,0x6AF0(T0) ; Load Controller 1 Into T0
ADDIU     AT,R0,0x0200 ; Load D-Left into AT
ADDIU     T4,R0,0x1000 ; Kokiri Boots are Equipped
BEQ       T0,AT,0x801A0100 ; If D-Left is Pressed, Branch to 0x801A0100
ADDIU     T7,R0,0x0000 ; Load "Boots 0x0" for the model
ADDIU     AT,R0,0x0400 ; Load D-Down into AT
ADDIU     T4,R0,0x2000 ; Iron Boots are Equipped
BEQ       T0,AT,0x801A0100 ; If D-Down is pressed, Branch to 0x801A0100
ADDIU     T7,R0,0x0001 ; Load "Boots 0x1" for the model
ADDIU     AT,R0,0x0100 ; Load D-Right into AT
ADDIU     T4,R0,0x3000 ; Hover Boots are Equipped
BEQ       T0,AT,0x801A0100 ; If D-Right is pressed, Branch to 0x801A0100
ADDIU     T7,R0,0x0002 ; Load "Boots 0x2" for the model
BEQ       R0,R0,0x801A0124 ; Branch to End
NOP

.ORG      0x801A0100
LUI       T2,0x8016
ADDIU     T2,T2,0xE6D0 ; Load Current Equipment into T2
LHU       T3,0x0000(T2); Load half at 0x8015E6D0 into T3
ANDI      T3,T3,0x0FFF ; Mask off tunics, shields, and swords
OR        T5,T3,T4 ; 0x0FFF | Boot Selection
SH        T5,0x0000(T2); Store Boot Selection at 0x8015E6D0
LUI       T6,0x8022
ADDIU     T6,T6,0x46FF ; Load Current Boot Model
SB        T7,0x0000(T6); Store Current Boot Model (Selection made with D-Pad)
ADDIU     AT,R0,0x0002

J         0x803E8858
LBU       T6,0x0002(A1)

---

Misc RAM Findings

11/3/13

80211936: Red Compass Arrow Scale
80211940: X Position of Yellow Compass Arrow
80211942: Y Position of Yellow Compass Arrow
80211944: X Position of Compass
80211946: Y Position of Compass
8021198C: Red Compass Arrow Z Rotation
80210E4C: Link's X Position
803EA234 SH T4, 0x043C(80210A10)
80210E4E: Link's Y Position
803EA24C SH T7, 0x043E(80210A10)
80210E50: Link's Z Position
803EA264 SH, T0, 0x0440(80210A10)
80210E52: Link's Y Rotation
803EA270 SH, T2, 0x0442(80210A10)
80210AAC: Current Gravity

[Spire]

So legit. 100%

[sairugoth]

So how dose one join the "ASM Hacking part of this community" Because I'm willing to learn.

[Jason777]

Awesome. Are you willing to share the source?

[SanguinettiMods]

Awesome. Are you willing to share the source?

I updated the original post with the sauce. Commented and all.

[CloudMax]

I just skimmed through the source, but this hack doesn't actually check if you have the boots at all, does it? Same goes for being child link.

Also, there's a function available that updates links physics and model automatically to be equal to that of the boots flag. To use the function perform a JAL to 0x8008E750 with A1 set to 0x802245B0. (You hooked the code at a location where A1 is already properly set, so you don't need to set it)

This function uses the current boots flag located at 0x014F(A1), where Kokiri Boots is 0, Iron Boots 1, Hover Boots 2. (This is the flag used by the game to determine which boots you have equipped while not in the pause menu)

 

Just for the sake of it, I wrote my own Quick Swap Hack, and I tried to keep it as optimized as possible so that you can use it as reference and try to learn from it.

If you have any questions regarding this hack, feel free to ask and I'll try to explain it further.

 

 

What it does:
Equip/Unequip Iron Boots with D-Pad Right.
Equip/Unequip Hover Boots with D-Pad Left.
You must have be adult and have the boots in order to equip them.
You can always unequip the boots, even if you do not have the boots in question, or kokiri boots.
It'll also properly equip the boots in the pause menu and update Links physics instantly.

;Hook
.ORG	0x803E8854
J	start			;Jump to Hack
LUI	T7,0x8016		;Set T7 to 0x80160000 We'll keep it at this value throughout the ASM hack so that it can be re-used.

;Code
.ORG	0x801A0000
start:
LBU	T0, 0xE667(T7)		;Set T0 to current age
BNE	T0, R0, end		;If you're child, branch to end
LBU	T0,0x6AF0(T7) 		;Load Controller Byte containing D-Pad Buttons Into T0
LBU	T4,0x6AEF(T7) 		;Load Previously Pressed Buttons Into T4
SB	T0,0x6AEF(T7) 		;Save T0 to 0x80166AEF
NOR	T4, R0, T4		;Reverse T4 to use it as a filter
AND	T0, T0, T4		;Use the filter on T0 to only include buttons that wasn't pressed already.
ANDI	T0, T0, 0x03		;T0 now only contain the D-Pad Right and Left state.
BEQ	T0, R0, end		;None of them are pressed, branch to end
SLTI	T4, T0, 0x03		;Set T4 to 0 if both D-Pad buttons are pressed.
BEQ	T4, R0, end		;Both of them are pressed, branch to end
LBU	T4, 0x014F(A1)		;T4 = Currently Equipped Boots
BEQL	T4, T0, have		;If the boots you currently have equipped are the ones you're attempting to equip, perform the command below
ADDIU	T0, R0, 0x00		;T0 = 0x0 (This makes it so that you equip Kokiri Boots instead)
have:
SLL	AT, T0, 0x05		;AT is now 0x00, 0x20 or 0x40, we'll use this to check if you have the boots that you're equipping.
LBU	T4, 0xE6FC(T7)		;Load Boots & Tunic to T4
AND	T4, T4, AT		;T4 will now be equal to AT if you have the boots
BNE	T4, AT, end		;If you do not have the boots you're attempting to equip, branch to end
ADDIU	AT, T0, 0x01		;AT will now be set to 0x1 (Kokiri Boots) if you're unequipping your boots, 0x2 (Iron Boots) if you're equipping D-Pad Right, and 0x3 (Hover Boots) if you're equipping D-Pad Left.
SLL	AT, AT, 0x04		;Shift AT 4 steps to the right so that the values will be either 0x10, 0x20 or 0x30.
SB	T0, 0x014F(A1)		;Set currently equipped boots
LBU	T3, 0xE6D0(T7)		;Load equipped Boots & Tunic to T3
ANDI	T3, T3, 0x0F		;Remove Equipped Boots from T3
OR	T3, T3, AT		;Add AT (The new boots value) to T3
JAL	0x8008E750		;Jump to boots update function
SB	T3, 0xE6D0(T7)		;Store the new Boots & Tunic byte
end:
ADDIU	AT, R0, 0x02		;This was overwritten at the hook
J	0x803E885C		;Jump back
LBU	T6,0x0002(A1)		;This was overwritten at the hook

 

 

I'd say that you're making good progress! You should be able to catch up with me relatively fast. If you ever get stuck, or need help improving, feel free to send me a message.

[SanguinettiMods]

As I didn't intend this hack for any conventional uses just yet, since I already knew it was incomplete and there were some errors with it. I'm grateful to you, though, for that source, as I can definitely learn from it, so thanks a lot.

[SanguinettiMods]

Updated the original post with Miscellaneous RAM Findings, which I will slowly be adding to as time goes on.

[petrie911]

I've had a quick boot change hack for quite some time, actually.

I didn't share the code for reasons I don't exactly remember. I was kind of estranged from the hacking community at the time, I guess.

Anyways,

 

 

0x00018FD8    LB K1, 0xE667 (A0)    809BE667    ; Load adult/child bit

0x00018FDC    BNEZ K1, 0x8001CE48    1760000E    ; If child Link, jump to end

0x00018FE0    LB K1, 0x6AF0 (A0)    809B6AF0    ; Load Input

0x00018FE4    ANDI K1, K1, 0x000F    337B000F    ; Consider only the D-pad

0x00018FE8    BEQ K1, R0, 0x8001CE48    1360000B    ; If no D-pad input, jump to end

0x00018FEC    LB V0, 0xE6FC (A0)    8082E6FC    ; Load boots and tunics

0x00018FF0    SRL A0, V0, 0x05    00022142    ; Remove all but the hover/iron bytes

0x00018FF4    SRL K1, K1, 0x02    001BD882    ; Remove all but the D up/down bytes

0x00018FF8    AND K1, A0, K1        009BD824    ; K1=0 without the relevant boots

0x00018FFc    ANDI A0, K1, 0x0001    33640001    ; A0 is 1 if K1 is odd, 0 if K1 is even

0x00019000    BNEL A0, R0, 0x8001CE38    54800001    ; Check if A0 is 0

0x00019004    ORI K1, R0, 0x0001    341B0001    ; if so, K1=1; K1=3 crashes the game

0x00019008    OR A0, RA, R0        001F2025    ; Save RA before jumping

0x0001900C    JAL 0x8008E750        0C0239D4    ; Call physics fixing routine

0x00019010    SB K1, 0x014F (S2)    A25B014F    ; Assign K1 to current boots

0x00019014    OR RA, A0, R0        0004F825    ; Restore RA

 

 

 

The offsets are based on the way I insert ASM into the ROM. I sneak it in through the main file table. It's good for short snippets of code, which is probably all I'll ever write.

 

The way it works is that pressing Up on the Dpad puts on Hovers, down puts on Irons, and left or right puts on Kokiri. The above code doesn't change which boots are listed as equipped in the start menu. This means that pausing and unpausing resets your boots. This is pretty trivial to fix, but I haven't gotten around to it.