Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Mon Jan 20, 2020 1:36 am

All times are UTC - 8 hours [ DST ]


Forum rules


Discussion of illegal hacking/cracking is prohibited. (No virus/trojans/cracks/warez/etc allowed.)



Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Sat Sep 20, 2008 7:51 am 
Offline
Kommunist
Kommunist

Joined: Fri Sep 12, 2008 5:00 pm
Posts: 2
Title: Undeadly
Already posted this in the code requests forums, but it quickly got spammed out the way by endless DS requests:

I've been trying to get this code(PAL/Europe): 81025E82 0000 into the GoldenEye ROM, so that I can skip the intro - all this so I can play GE on the Wii.

It seems that the Trainer / Patcher option in Renegade would be the easiest way to do this but I can't get it to do anything.

I enter a game name in the bottom left and click 'Add', then I enter the code and a name and click 'Set As New', tick the code and then click 'Activate Codes'. This gives a write failed error message when attached to Project64, but gives no error using other Emus.

Finally choosing Endian as Auto(N64) or any of the other options and then patching to a rom does nothing, the file's last modified date doesn't change, the hard drive does nothing and upon loading the ROM I can't skip the intro.

Am I doing something wrong or is it this not the purpose of the Trainer / Patcher?

If anyone knows a better way to patch codes into ROMs plz do tell, I've seen patched ROMs on doperoms.com, but they have no tutorial out.


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2008 12:17 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
There's no automated way to patch GS codes into ROMs. If the code modifies ASM, the best way is to note the 16 bytes surrounding the address, and find them in ROM. Usually there's only one instance; just make the same change there. You'll also have to fix or disable the header checksum in many cases.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Sun Oct 12, 2008 8:04 am 
Offline
Kommunist
Kommunist

Joined: Sun Oct 12, 2008 3:28 am
Posts: 1
I'm trying to do the same thing except for NTSC instead of PAL. I took HyperHacker's advice to search the ROM for similar values found in the memory, but was unsuccessful. I noticed that when the game first booted, 0x0002B530 was dumped into the "skip intro" block of memory, but after a few seconds, it changed to 00000000s and 00000001s. I couldn't find any matching patterns in the ROM that worked.

If I can’t find the value, I'll just try using ASM to change the value. Is anyone familiar enough with GoldenEye to know where to place some custom code?

Thanks.


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 16, 2010 11:54 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Fri Oct 27, 2006 8:58 am
Posts: 19
Location: The glorious fishbowl of souls
I got refered here, otherwise would never have noticed this.

In an NGEE ROM, memory from 80020D90 - 8005D2E0 is compressed in a file spanning 0x21990 - 0x331E0. This is simple z compression with a nonstandard header, called RareZip internally, and you can de/compress using either the RareWitchProject's standalone tools or the GoldenEye Setup Editor. You'll have to hex it yourself.

However, you don't understand the no-intro code. The code simply allowed you to trigger the "yes the intros have run so please allow me to press buttons to skip to the folder select" flag that does the same. You can not (on a stock ROM) get past the legal screen. This value is handled at runtime and is reset via code.

+_+

The problem is likely more intrinsic. If you can get me addresses of what dies and when, I could tell you precisely what's wrong.

Detecting what's wrong:
If it's TLB support, you won't make it far. The TLB is first established at 80000450. Your first TLB jump is at the end of it, to 70000510. The first jump to a 7F- address is 7F000BD0 at 70005D58, which may cause an issue with imperfect TLB support since this draws a ROM address, not mirrored rdram.
There's three TLB regions set, at least. 70000000-70400000 mirrors its 80- counterpart and is read/write capable (dirty). 7F- everything else in 0x2000 parts. ROM correspondance for the latter two are in the "TLB index NGEE.txt" document.

Otherwise, almost all N64 emulators, including Nintendo's official Wii/Gamecube ones (as far as I know) don't emulate the RCP hardware itself. They instead read and process the microcode at a high level. The up-side is that it runs, and at an appreciable rate. The downsides are accuracy, microcode detection, special per-game settings, and seperate processing types for each microcode version.
Problem is that GE and PD both use a hack of the Mario microcode, basically a new quad triangle draw, special indexing for vertices, and a different vertex index pointer type. PD adds in the rgb index type, a slight variation on the vertex index, and most notably a slightly different combiner.
If the microcode is the problem, you'll be able to boot as far as displaying something, which would be one of the jumps around 700063A0. 7F00A5E8 initializes the legal screen, called from 7F01A61C. Not sure if it draws anything prior to that.
If you can get some debug output or the address of where it finally gacks, I could tell you what's wrong. Most of the game loop and boot sequence, up to the menus and probably further, is all nicely annotated ;*)

+_+

An occationally-updated spattering of GE documentation can be found at:
http://two.xthost.info/zoinkity/GoldenEye/GoldenEye.7z

It may help a bit. I really suggest doing searches in the main directory for file contents. It's impossible to find anything otherwise. Still need to clean out old, useless documents.

+_+

As a side note, GE skies and fog do not run on most plugins because they are assembled with the low-level "generated" commands, C8-CF. I should say these are assembled one half-rdp at a time until complete. Reason being that development-wise they coded this crazy 5-sized triangle thing. Makes you wonder.
We's be working on a code rewrite to generate much smaller and managable skies/water using normal tri writes, R. Should be emu-compatible, maybe ;*)


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 17, 2010 5:15 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
While on the subject of GoldenEye's startup routines, MooglyGuy was [at one time] researching it for his work on MESS. Here are two commented reverse engineered pseudo-code implementations that I know of hosted on his site:

* http://moogle-tech.com/goldeneye.txt
* http://moogle-tech.com/goldeneye_7_15_2009.txt

The latter is the newest version that I am aware of.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 21, 2010 8:21 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Fri Oct 27, 2006 8:58 am
Posts: 19
Location: The glorious fishbowl of souls
Just scanning the second doc:

80000400: code after bootstrap. That sets up your first TLB entry, mirroring 80's as 70's.

80200000: more properly 70200000, never accessed otherwise. That's the rarezip decompressor. First call unzips the 21990 file, which includes some or all of the microcode as well as static declared values for most other routines.

Anything else?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group