Adding in new Techniques. Fighter PAC injection speculation?

[Slashy]

I was talking to the Brawl- team about deliberately adding new techniques to the game. Because of that project's goals, the effect on gameplay might not be as severe as it would be added to Brawl+.

Some of the things we are trying to see if it is possible to implement, fighter.pac editing most preferred due to it being impossible to implement this with several characters' moveset filesize limits.

Magnus Cancel-Additional landing lag reduction that eats up your shield power.
Things to do:
-Figure out how to modify shield power, and force dizziness if the shield power <= 0.


Air Dashing-A horizontal alternative to the double jump.
Things to do:
-Figure out how to implement a new technique with available subactions
-Map it to up taunt

 

[...:::VILE:::...]

I was actually looking at the fighter .pac the other day.

 

[masamunecyrus]

One of the coolest things about the Zero PSA hack is that his smash attacks are different when they're fully charged. For instance, smash attack forward and it's a sword. Charge your forward smash attack all the way and it turns into a lightning sword attack. In my opinion, this should have been a feature in Brawl. It's simply fantastic! Imagine if, for instance, Link's master sword would shoot a beam like in the old games if it was fully charged.... The possibilities are truly endless.

 

[Revven]

You wouldn't need fighter.pac to do that masa...

 

[Dantarion]

Fighter.pac editing has been around.

For ages, its just that the process is pretty complex(simple once you get it down, but hey, we are talking about Smashboards, where PSA is too complex for most people to use).

I used to edit Fighter.pac before I got my USBGecko

Injections are easy, but I think shanus, yeroc, and I may be the only 3 people who know how to do it.

 

[Alphatron]

^You say the process is complex but is actually simple. If you don't mind elaborating, I would like to understand how it is done.

 

[Nerd With An Afro]

^ You also say that you have a USBgecko. i understand basic stuff (poke, ram dump, make a simple code, ECT) and i don't want (or have the mental capacity) to go into advanced coding, anything else i should know about this device?

 

[Almas]

A fighter pac injection code works as follows:

Go through fighter.pac in OpenSA and find a piece of code that you want to modify.

Using the offset inside fighter.pac and knowing the location where it is loaded, write a code which does the following:

1 - At the place where you want to add code, change it to a "goto" command in the PSA script. The goto should be pointed at an unused portion of RAM.
2 - At this unused portion of RAM, insert your own script of additional things to do when the code executes. It is clearly recommended to include the line of code which you overwrote to put the branch in.
3 - End the injected code block with a command to go to the next command in the normal fighter.pac.

It's essentially the equivalent of an ASM insert which almost all of our modern codes use, except being done manually in the pseudo-script of PSA (for lack of a better language name).

The USB Gecko lets you view and modify the Wii's RAM in real time, as well as some other nifty features which allow you to identify when code is executed or data read. It's an essential for writing ASM codes, and very useful for debugging codes. It's far from necessary for porting or fighter.pac codes.

 

[tsunami70875]

A fighter pac injection code works as follows:

Go through fighter.pac in OpenSA and find a piece of code that you want to modify.

Using the offset inside fighter.pac and knowing the location where it is loaded, write a code which does the following:

1 - At the place where you want to add code, change it to a "goto" command in the PSA script. The goto should be pointed at an unused portion of RAM.
2 - At this unused portion of RAM, insert your own script of additional things to do when the code executes. It is clearly recommended to include the line of code which you overwrote to put the branch in.
3 - End the injected code block with a command to go to the next command in the normal fighter.pac.

It's essentially the equivalent of an ASM insert which almost all of our modern codes use, except being done manually in the pseudo-script of PSA (for lack of a better language name).

The USB Gecko lets you view and modify the Wii's RAM in real time, as well as some other nifty features which allow you to identify when code is executed or data read. It's an essential for writing ASM codes, and very useful for debugging codes. It's far from necessary for porting or fighter.pac codes.

Question: how do you reference the place were you want to add/change code in the first place, and how do you point to the RAM?

 

[Almas]

To find the place where you want to add code, you find it in fighter.pac by using OpenSA. Then you can use a RAM dump of Brawl's memory to find where it is located (find the hex string in fighter pac then search for it in the dump).

Then you find an unused area of RAM (typically we use the regions 0x80580000->80590000 iirc), and use the GeckoOS 06 codetype (you can find a list of codetypes on the forums at WiiRD.l0nk.org (not a competing site, is actively anti-piracy)). The codetype is inserted at two locations: Firstly at the place in fighter pac, to override the initial command with the goto. Secondly, with the unused ram location, to put in the desired branch.

 

[[TSON]]

Would you mind scripting up a quick code, adding a caption next to each line so that we have a visual?

 

[Almas]

Well, I don't 'speak' the code that PSA uses, so I don't know the specifics. But here's a pretty code from Dantarion:

065861A0 00000030
00070100 80FB3F0C
00070100 80FB3F1C
0D000200 80FB362C
00090100 805861C0
00000002 80FB3694
00000002 805861A0
06FB368C 00000008
00090100 805861C8

The code executes in this order:

065861A0 00000030 // Write 6 lines at 805861A0 (This is a geckoOS codetype). Note this address is in an unused memory region - we're storing things here

The lines written are:

00070100 80FB3F0C
00070100 80FB3F1C
0D000200 80FB362C
00090100 805861C0
00000002 80FB3694
00000002 805861A0

We'll get back to these later.

Next:

06FB368C 00000008 // Write 1 line at 80FB368C. This address is inside where fighter.pac is written - we're overwriting a command there.

In fact, we're writing:

00090100 805861C8

This is a go-to command that points to one of the lines of code we just wrote:

00000002 805861A0

This is a go-to command that points to another one of the lines of code we just wrote:

00070100 80FB3F0C
00070100 80FB3F1C
0D000200 80FB362C
00090100 805861C0

I'm told 00070100 is an "execute subroutine" command. Essentially, it does a few tricks, then comes back again. Presumably, we're running subroutines that we wouldn't usually run. Since this is the ledgeteching code, it's probably the commands that ask the game if teching is allowed, and this code intercepts when they hit the wall.

0D000200 80FB362C is, in this case, the line of code that we overwrote. I tell this (deductively) from the fact that Yeroc doesn't know what it does, and he knows more than I do, and one of the lines of code has to be re-writing whatever we overwrote.

00090100 805861C0 this is a go-to to the next line of code. Dantarion got lazy, maybe? It's a mystery to me what the difference between 00090100 and 00000002 is.

00000002 80FB3694 This points us back to where we started (e.g. the area of the RAM that we overwrote to create this branch).

I hope that helps. Actually, I don't really care. But now I look like a nice guy. BOW DOWN BEFORE ME, PLEBS.

 

[Nerd With An Afro]

*bows down to Almas, due to his epicness, awesomeness, and respect deserving post*

i cant believe i understood most of that. what i don't understand is how if we store something in an unused region, how would it be recognized by the game? wouldn't you also need to set a pointer somewhere else to lead to it so the code can be used? (what executes it?)

 

[Almas]

06FB368C 00000008 // Write 1 line at 80FB368C. This address is inside where fighter.pac is written - we're overwriting a command there.

This overwrites a command in fighter.pac, telling it to branch to our set of commands inside the unused ram location. So, for this code, it'd probably be part of fighter pac involving what happens when we hit a wall during SDI. Then we have the branch, and the branch executes all the subroutines which would usually occur if we hit a wall/floor/ceiling to allow us to tech it.

We then re-write the command we overwrote, 0D000200 80FB362C, and at the end, we tell the game to branch back to just after where we started: 00000002 80FB3694.

 

[Dantarion]

Almas, you are fairly incorrect.

Ill write something on my blog about this tomorrow, but lets think of it this way.

Every PSA Event is stored like this

MMIINNXX VVVVVVVV

MM = module/group similar commands have the same value
II = event type ID
NN = number of params
XX = unknown, labeled "(EXT)" in OpenSA2, only appears in Fighter.pac
VVVVVVVV = offset to parameter list (in the .pacs this is a relative offset, but in the games memory its converted to being an absolute one)

The parameter list is an array of params, like the fllowing

TTTTTTTT VVVVVVVV

T = the type of the param (I dont want to type out what equates to what type)
V = the data

The 00000002 -------- value Almas references is not a command, its the parameter for the Goto commands that are injected in the example code. The reason there are not injected parameters for the other commands in this example is because this example uses param arrays ALREADY in fighter.pac.

If you wanted to inject new commands with new param lists, you would have to write variable arrays in memory, and then make sure each commands param offset points to the right location in memory.

 

[Almas]

Ah, I see. That explains a lot. Useful to have someone who isn't just hypothesizing about things ;o.

 

[Alphatron]

You guys make us feel fairly useless. lol

Either way, thanks for posting up that information. I still lack a USBGecko but I'll see what I can learn.

 

[Almas]

What? Having a USBGecko won't help with fighter.pac changes very much at all - except for being able to change it in real-time. Without it you can write codes just as easily (albeit more tediously).

 

[Alphatron]

Well, for someone who does not have stable acess to a computer (like myself), it would help a lot. In the past, screwing up with codes or replacement would keep me from playing brawl for nearly two weeks. Posting from the wii now too.

 

[Dantarion]

The thing that WILL help you is using OpenSA, and opening up Fighter.pac in a hex editor, and looking at how PSA events and params look in hex

 

[Alphatron]

Unfortunately, niether OpenSA nor brawlwall will work on my computer. The setup freezes at trying to install Net framework (which I already have since before getting Smashbox). Then it closes without doing anything else.

 

[Nerd With An Afro]

@ Almas and Dantarion
What did you guys have to learn to become such great code developers? i know its completely irrelevant to the fighter.pac or the injecting into to it but i still want to know.

 

[Dantarion]

Well....

I started programming in BASIC when i was in the 3rd grade, then gradually learned C/C++/PHP/Python/Ruby/Scheme/Java over th eyears.

The only thing you need in order to become good at this kinda stuff is time. Theres no resources for doing this kind of stuff, no one can teach you, so you really have to teach yourself almost everything...

 

[Almas]

My dad tried to teach me QBasic when I was young but he sucked at teaching.

I tried learning other languages over the years and tended to get bored.

ASM I'm okay at because in the context of Brawl there are clear observable results that I could enjoy. The limited toolset is fun because it makes problem solving more difficult.

Right now I'm mainly playing around with "mathematical programming languages" if they can be called that - the main thing I'm toying with is processor-efficient graphing codes. I'm sure they exist on the internet, but the self learning is fun.

Not to sound arrogant, but part of the thing that makes me good at any of this is that I'm fairly smart. I'm studying maths at one of the best universities in the world now - which I take to mean that I am decently good at logical reasoning. The dabbling that I have done in many languages means that I can tend to interpret and learn other things fairly quickly. Understanding the jargon is a major hurdle.

The main thing to require to learn a language, I think, is to have an interest in the problem solving or learning itself, rather than any desired results. If you try and learn a language straight away because you want to achieve something, it will often backfire as there is a learning curve. Doing maths makes a lot of this stuff okay for me, because complex problems can be solved with simple but intelligent code. It also helps get a great familiarity with the basic concepts of the languages I use - which means if I ever desire to go into "real" programming, I'll have a strong foundation.

 

[Nerd With An Afro]

alright, the times of your posts are confusing my brain, but i do understand what you are saying. i gotta say, thanks a lot for telling me, and personally, i would spend my entire summer learning those things, but ive gotten myself dragged into some things that even though would be easy to get out, i simply don't want to put this ahead of my life what little of a life i have. with time being the most important part of that, and inconveniently being the one thing i don't have, after my next two projects (actually going to get these 2 done...) im going to instead of continuing the creation of brawl hacks, im going to teach myself the things that Dantarion had mentioned within his post, and i will eventually accomplish something that no one else has. not sure what it will be, but i hope it will be useful! Well, thanks again Dantarion and Almas, this im sure will help me a lot.

 

[GP&B]

The main thing to require to learn a language, I think, is to have an interest in the problem solving or learning itself, rather than any desired results. If you try and learn a language straight away because you want to achieve something, it will often backfire as there is a learning curve. Doing maths makes a lot of this stuff okay for me, because complex problems can be solved with simple but intelligent code. It also helps get a great familiarity with the basic concepts of the languages I use - which means if I ever desire to go into "real" programming, I'll have a strong foundation.

God, this. I can't tell you how long ago I would've quit programming my game if it weren't already for my decent affinity in the same base Almas stated. It's also the reason that I really desire to learn hex editing.

 

[rPSIvysaur]

How do you figure out where the empty space of RAM is?

 

[shanus]

I'll type up a detailed how to with open memory blocks at some point. However, people need to be conscious where they write to which might be used by certain codes for future projects.

 

[Almas]

How do you figure out where the empty space of RAM is?

1) Acquire a memory dump of Brawl's RAM from someone with a USB Gecko
2) Open said dump in a hex editor
3) Look for empty space

Of course there's a little more to it than that, but it's about it.

 

[shanus]

This thread doesn't need to exist anymore:

http://www.smashboards.com/showthread.php?t=266053

 

[Isatis]

Right, locked!