Braaaaiiinns! Braaaaaiiinnns! I Need Braaiinns!

[Phantom Wings]

... No seriously folks, there's no way I'm analyzing all that with just my own. I mean c'mon look at that scroll bar - who do you think I look like? Hercules?​

</James Woods>

*Ahem*
Which is why I'm recruiting the Smash community to help speed up the process. With a little help I'm hoping we can make some headway in to finally cracking those module files. But enough with the chatter. Show, don't tell they always say - or something like that.

​

The first pic isn't really interesting, but I needed it to make my point (really, look at that scroll bar) that's the objects in module 1B (a.k.a. the Common2 module)

Interestingly enough, the modules seemed to make a lot more sense once I slapped labels onto everything. The initializer of the WWR stage module invokes a method from the stClassInfoImpl object. Examining that method leads to - surprise surprise - the function that you need to modify in order to use the module in the Stage Roster Expansion code (see pic 2). Incidentally, it seems that the soClassInfoImpl is what controls Brawl's access to the module itself. By changing that code to 00 it allows the Stage Roster Expansion code to use it.

Another interesting thing I found was that articles seem to be managed more or less by the modules. If you look at the number of soInstancePoolSub objects in the third picture and what arguments they get passed, you'll see that they correspond to the limit of that article that's allowed on screen (3 charged shots, 3 bombs, etc.).

Finally, there's the soStatusUniqueProcess objects which appear to handle anything abnormal that isn't possible with the .pac files. This was actually the basis for my whole analysis as I was just messing around by mapping the processes to other moves causing Lucario's side B to act like his up B - it was then that I realized that these processes were part of the modules. Anyways, it seems that the unique process for Lucario's Up B directly accesses his kinetic modules (pic 4) therefore bypassing anything that PSA is capable of.



I don't know if this will lead to anything, but I'm hoping that after gaining a bit of experience with everything we'll finally be able to make some sense of it all. I'll leave the module viewer here - the source code's been overhauled so there's going to be a bunch of things missing that were from the old version, but I'll get around to fixing that. You can't save anything yet, so understandably, there won't be much room for experimentation. However, the rebuild of the source code should allow me add that in just a few days.

I understand that this post has been a bit messy, and I would have liked to finish up the editor a bit more before releasing it - maybe do a bit more analysis to explain things better as well - but I've currently got to go and get a new power cord for my computer. So I figured I'd post it before things go down.

Module Editor 2

 

[dirtboy345]

awesome, i love how it seems like your gone and you just come out of nowhere =D

 

[Eternal Yoshi]

*Too Slow*

I can help and/or get help.

 

[hotdogturtle]

I have no idea what you just said, but it looks nice.

I'm glad to see that PW is back from the dead once again.

 

[Eternal Yoshi]

I can't shake the feeling that this is only temporary....

In that light,

we as a community need to learn to do things like this together and collaborate with the upper level deity hackers so that when they are away, we can learn to solve our own problems ourselves, like landing detection.

Back on topic, I got the file and after eating, I'll do my thing to help.

 

[JetAurion]

SWF should stop contributing hacks for a while and instead teach all members the inner workings and stuff.

 

[Dantarion]

I am going to raeep the **** out of this program for the next week.

EDIT: Can you make it open files readonly?
Also, can you put the source somewhere, like github, google code, etc, so we can work on this together?

EDIT:
Close File option doesnt allow reopening of the same file, says file with that ID is open already

 

[fortwaffles]

So with this, we may be able to get additional characters ADDED to the roster, and most codes replaced with patched modules? I think itd be great to be able to add characters, and not have to use a single code... just pop in the burnt disc and viola... or am i just fantasizing?

 

[Dantarion]

Patching modules is fairly unnecessary in most regaurds. This will be a good tool for finding out WHAT places in static loaded modules to patch, and for patching character modules to do awesome things.

 

[shanus]

Nice work PW!

SoraMelee has so many juicy looking controllers in them (GroundCheckerNull, SHieldCollisionReflect, etc lol). I definitely need to read up on some ASM lol

 

[standardtoaster]

Could you make it show you the offset in the file of where it is reading the data from? It would make it a lot easier to edit the file in a hex editor.

 

[pokelover980]

How did I not notice this yesterday?

Whatever. I'll take a look and mess around. And I agree with Dant, make it opensource. I want to take a look at the source and see how much it's changed from the first version (and mess around a bit and blah blah blah other stuff). Oh source is there cool :D

 

[shanus]

The InstancePool themselves directly keep track of the current number of articles out there. However, locating what sets the limit is seemingly difficult. For example, if you look at olimar:

r0 current # of pikmin
r4 is previous number of pikmin

However, I cannot for the life of me find where in the ASM it sets 6 as the max, despite seeing 6 listed on multiple occurrences of the instancepool or the articlemediator


edit:
Source available here:

I've confirmed your car function Tinkerman inside the 117th method of the grDXOnettAttack object.

Hold up Dant, I need to update the link - I reuploaded the file for a small bugfix.

edit: done here's a link to it

Hmm... it seems that all functions are called with some sort of utility belt pointer stored in r3. If I could trace that... .

Double edit:

Anybody look at the constants in SoraMelee.rel?

It seems to have definitions of model nodes, in particular, it seems to define TopN which may define the stage collision data (a la landing detection)? There are also some really strange patterns in there.


Triple Edit:

SoraMelee.rel Initializers:

0: Ground Shape detection
1: Ground detection of edges
2: Ground (platform) detection (AirPassable?)
3: Cliff detection
4: Sound Manager
5: Link Connection Server (Wifi?)
6: Unknown
7: Unknown
8: Tons of stuff (Event manager, catch collisions, etc)
9: unknown
10: Unknown
11: Unknown
12: Unknown
13: Unknown
14: ItemSearch
15: ItemPick
16: Unknown
17: Event/Instance/Array Manager
18: Event/Logs
19: Unknown
20: Unknown

21-37 haven't looked at yet 

From 38 onwards appears to directly match actionIDs from fighter.pac. This makes things *really interesting*

38: Walk
39: Walkbrake
...
60 nontumble hitstun
61 unknown
62 tumble hitstun

 

[Deleted member]

ooh this is nice stuff.

question about the objects, when are they created? the multiple listing of the same object got me kinda confused (eg. one soInstancePoolSub for each pikmin slot). Also, is method[0] the constructor method?

 

[Phantom Wings]

Shaunus, my guess would be that the limit is defined by how many InstancePoolSub objects there are. I speculate that the pikmin creation routine would return a null pointer if there isn't one available - resulting in the code changing Olimar's action to the No Pikmin action.

From the looks of things, objects are created in the 6th memory block of the file. That block doesn't actually exist inside the module, but instead is created on the heap when the file initializes. The file initializers seem to be what actually creates the objects as there are various cross references between the object declarations/function tables and different points in memory inside the 6th block.

I'm going to see about getting the source code up onto Google Code to better manage it, but I have never used a source repository before so it may be a little while until I get it working.

 

[Dantarion]

Just an update.
Heres what I want to do with this.

http://code.google.com/p/brawlmoduleeditor/

PW gave me the source and asked me to set this up. Here is what I want you "non-coders to do"

Google Code has a wiki availible for each project. Lets try to make a wiki page for each module file we look at and put the notes there. That way we can have a base for info about the modules.

Let me know if u want to help, and ill add you to the project

 

[shanus]

Shaunus, my guess would be that the limit is defined by how many InstancePoolSub objects there are. I speculate that the pikmin creation routine would return a null pointer if there isn't one available - resulting in the code changing Olimar's action to the No Pikmin action.

From the looks of things, objects are created in the 6th memory block of the file. That block doesn't actually exist inside the module, but instead is created on the heap when the file initializes. The file initializers seem to be what actually creates the objects as there are various cross references between the object declarations/function tables and different points in memory inside the 6th block.

I'm going to see about getting the source code up onto Google Code to better manage it, but I have never used a source repository before so it may be a little while until I get it working.

we can get you on the project m svn if you want to use that with dantarion

 

[MK26]

why do all of you have purple names?????

i dont feel special any more

with that said, this looks cool but way out of my league

 

[Dantarion]

shanus, this needs to be public and not connected to me so when i fall off the earth it doesnt just die.

 

[Eternal Yoshi]

I am willing help to you with this.... tomorrow.
I can't turn on my Wii as of tonight on account of a basketball game going on now.
I'm also getting sleepy.

 

[shanus]

dant, add me of course

 

[shanus]

Shaunus, my guess would be that the limit is defined by how many InstancePoolSub objects there are. I speculate that the pikmin creation routine would return a null pointer if there isn't one available - resulting in the code changing Olimar's action to the No Pikmin action.

From the looks of things, objects are created in the 6th memory block of the file. That block doesn't actually exist inside the module, but instead is created on the heap when the file initializes. The file initializers seem to be what actually creates the objects as there are various cross references between the object declarations/function tables and different points in memory inside the 6th block.

I'm going to see about getting the source code up onto Google Code to better manage it, but I have never used a source repository before so it may be a little while until I get it working.

i think your right. Examining multiple files:

InstancePoolSubs -
Pikmin - 6
Snake - Grenades - 2, Mines - 1
Zelda - Dins - 3
Samus - Bombs - 3

etcetc

 

[Eternal Yoshi]

I find it odd that MetaKnight has so many things for his Mantle.
While it IS an article, it does not have any actions or subactions in it.

It even has soInstancePoolSub objects for the Mantle and it's shadow, which happens to be an article itself..........

ft3dSoundGeneratorAccesserImpl...
does it have a hand in deciding which sound bank is loaded? All characters have this object.

The stages I checked(Battlefield and 75m) do not have this object.

 

[Dantarion]

Sound bank is already found, its on the Clone Engine thing on the wiki

Feature Request #1
I use a memory dump and IDA to mess around and read ASM

There are certain modules that are loaded into the same offsets every single time.
If we could link all of the sora_melee.rel function locations into memory locations, it would let me load those names into an IDA dump.

Phantom Wings, if you arent using IDA to do your ASM research, ZOMG IDA IS AMAZING.

Ill see if I can do a proof of concept thing for this.
If so, ill publish the resulting IDA files for others to use, along with a clean memory dump.

I am not sure how the module files are loaded into memory, but if you could make it so that each Method object has a FileOffset Property, I could use that to batch generate a list of memory locarions for a staticly loaded module.

Until this is done I dont even wanna boot up the game, thats how awesome this is gonna be.

 

[Phantom Wings]

Nice! I've been looking for something along the lines of what IDA is. I just needed someone to tell me what it was and where to look for it.

As far as recording the file offset in each method, it shouldn't be too much of a problem. It does mean though that I need to parent each block to the file - which might or might not start to get messy depending on how I go about doing it (not that things aren't already messy enough!).

Right now I'm focusing Anarchy which I hope to get out this month - though I still haven't really figured out how I want to layout the interface... .


Edit:
Oh yeah, on the topic of the clone engine. You may want to check out the ftClassInfoImpl<CharId, ftChar> and the soArticleMediatorImpl objects. The ftClassInfoImpl is responsible for which character Id can access the module and the soArticleMediatorImpl appears to be whats responsible for articles freezing.

 

[ds22]

I see what you mean.
Basically, all the article data have the same ID as the parent character it's in.
So in that case, you should find out what regulates those ID's in order to patch them and make them working, right?

 

[[TSON]]

Nice! I've been looking for something along the lines of what IDA is. I just needed someone to tell me what it was and where to look for it.

http://www.hex-rays.com/idapro/

Necessary bump because hype

 

[Msingh0]

nvm I just realized how old this thread is lol

 

[[TSON]]

it's still valid. whatdya need?

 

[Msingh0]

ehh, I was gonna say, I could help, and to put me on the list, but I have a feeling its not needed, seeing as I'm months late, and this has probably progressed to where someone like me doesn't need to help :/