RAM Stage Hacking - A Starting Point

[Achilles1515]

Use these notes to get a start on creating stage hacking codes.

Examples:
Disable Stage Transformations on Pokemon Stadium
Disable Tree Blow on Dreamland
Disable Rising Lava on Brinstar
Disable Rising Platforms and Water Jets on Fountain of Dreams
Disable Ship Spawn on Corneria
etc.




RAM Stage Hacking (SSBM v1.02)
- By Zauron, ported to 1.02 by Achilles

Smash Melee's code keeps a linked list of objects with update
functions, which it runs through and calls the update functions
every game frame. This list is constantly having objects added
to and deleted from it. Each stage adds several objects to the
list, and the easiest way to change the stage's behaviour is to
tell these functions to not do anything.

Each stage has an initialization function, and while it is
possible to find out what function is run for each stage by
following a series of several links in memory, the easist way is
to put a breakpoint at the address 0x801C0A4C, start the stage
you want to mess with, and then step once when the breakpoint is
hit. This will put you at the start of that stage's
initialization function.

During the initialization function several objects will be added
to the update list. To find where the update functions are,
starting from the initialization function you found, scroll down
the code to find the return code (blr) and put a breakpoint
there. Next, put a breakpoint at the address 0x8038FE04. This is
part of the function that adds new objects to the list.

Now let the code run until that breakpoint is reached. When it
is, look at the address in register #28. This is the address of
the update function for the object being added. Keep running the
code and jot down the addresses in register 28 until you hit the
breakpoint at the end of the stage's initialization function.
After that, more objects will be added all the time but they are
not related to the stage.

There are two global update functions you will see that should
be ignored - 0x801C1cd0 (which updates animations) and
0x801C1D38 (unknown purpose). The rest are likely specific to
that stage. Many of those will be nothing more than a return
(blr) though, as an "empty" update, so those can also be
ignored.

A quick change just to see what happens is to take those update
functions and tell them to just return immediately by using a
code like 04XXXXXX 4E800020, where XXXXXX is the last 6 digits
of the address of the update function. If that does more than
you intended, you may need to step through the update functions
and find things to change, often just telling it to skip a
branch or something using 60000000.

You can also try to mess with the stage's init function, though
I've rarely found this useful. One thing that has been useful to
know though is that many objects have init functions of their
own, where additional steps are taken. For example, I had to
edit the init function for the main stage platform of Green
Green's in order to get rid of the initial yellow blocks. You
can find these in a similar way to finding the update functions
- while in the stage's init function, put a breakpoint at
0x802135b0 (Conversion: I think...0x802122F8 is the 1.00 value)
and step once to get into the init function of initialized
objects for that stage.

[COLLAPSE="RAM Stage Hacking (SSBM v1.00)"]
By Zauron

Smash Melee's code keeps a linked list of objects with update functions, which it runs through and calls the update functions every game frame. This list is constantly having objects added to and deleted from it. Each stage adds several objects to the list, and the easiest way to change the stage's behaviour is to tell these functions to not do anything.

Each stage has an initialization function, and while it is possible to find out what function is run for each stage by following a series of several links in memory, the easist way is to put a breakpoint at the address 0x801BFA90, start the stage you want to mess with, and then step once when the breakpoint is hit. This will put you at the start of that stage's initialization function.

During the initialization function several objects will be added to the update list. To find where the update functions are, starting from the initialization function you found, scroll down the code to find the return code (blr) and put a breakpoint there. Next, put a breakpoint at the address 0x8038DF40. This is part of the function that adds new objects to the list.

Now let the code run until that breakpoint is reached. When it is, look at the address in register #28. This is the address of the update function for the object being added. Keep running the code and jot down the addresses in register 28 until you hit the breakpoint at the end of the stage's initialization function. After that, more objects will be added all the time but they are not related to the stage.

There are two global update functions you will see that should be ignored - 0x801C0D00 (which updates animations) and 0x801C0D68 (unknown purpose). The rest are likely specific to that stage. Many of those will be nothing more than a return (blr) though, as an "empty" update, so those can also be ignored.

A quick change just to see what happens is to take those update functions and tell them to just return immediately by using a code like 04XXXXXX 4E800020, where XXXXXX is the last 6 digits of the address of the update function. If that does more than you intended, you may need to step through the update functions and find things to change, often just telling it to skip a branch or something using 60000000.

You can also try to mess with the stage's init function, though I've rarely found this useful. One thing that has been useful to know though is that many objects have init functions of their own, where additional steps are taken. For example, I had to edit the init function for the main stage platform of Green Green's in order to get rid of the initial yellow blocks. You can find these in a similar way to finding the update functions - while in the stage's init function, put a breakpoint at 0x802122F8 and step once to get into the init function of initialized objects for that stage.[/COLLAPSE]

Zauron's Lair

 

[flieskiller]

Some stages disabling through the DOL file, I'll list them while exploring the stages that aren't put in the OP. I'll add more over time.

Mushroom Kingdom 2 (MKII)
Disable Pidgit, Wood Logs, Birdo in MKII(1.02) [flieskiller]
041fcd84 60000000

The 3 below can be applied individually, so you can make that only Pidgit appears by disabling the other 2.
Disable Pidgit (1.02) [flieskiller]
041fcff0 60000000
Disable Birdo (1.02) [flieskiller]
041fcfe8 60000000
Disable Wood Logs (1.02) [flieskiller]
041fcfe0 60000000

Kongo Jungle 64 (past stage)
Remove Barrel (1.02) [flieskiller]
0420f4c0 60000000

Yoshi Story 64 (past stage)
Clouds disappear on touch (visual stays there, but physically never come back) (1.02) [flieskiller]
0420e7a8 60000000

Green Greens
Zauron's initial code for disabling falling blocks was false, he was just deactivating the falling, they were still spawning in the sky, so players could bump their head on them. Mine completely disables them from falling.

Disable blocks, falling from the sky [flieskiller]
04216ABC 60000000
Blocks initially in the stage can't have bombs [flieskiller]

Spoiler

04214c0c 60000000
04214c40 60000000
04214c74 60000000
04214ca8 60000000
04214cdc 60000000
04214d10 60000000
04214d44 60000000
04214d78 60000000
04214dac 60000000
04214de0 60000000
04214e14 60000000
04214e48 60000000
04214e7c 60000000
04214eb0 60000000
04214ee4 60000000
04214f18 60000000
04214f4c 60000000
04214f80 60000000

'Turn off initial bricks appearing in Green Greens.[Zauron]
042146EC 60000000
'Disable update for tree (wind and apples) in Green Greens.[Zauron]
04213C10 4E800020


Mushroom Kingdom 1 (MKI)
Remove levers (1.02) [flieskiller]
041fa918 60000000
Blocks no longer respawn (1.02) [flieskiller]
041fab7c 60000000

Jungle Japes
Disable background (in case it lags in 2v2?)
04202bbc 60000000

Disable water and Klap Traps (1.02)[flieskiller]
04202b7c 60000000

With the code above, if you land on the biggest platform, it makes a water splash on the water below. If it bothers you, try the code below:

SEEMS TO CRASH ON CONSOLE
Everything is disabled and immobile (water, doodads, Klap Traps)(1.02)[flieskiller]
04202c98 60000000


Onett
Disable cars (1.02)[flieskiller]
041e379c 60000000
Remove Drug Store platforms (1.02)[flieskiller]
041e3794 60000000

Kongo Jungle (Melee)
Disable barrel (1.02)[flieskiller]
041d5290 60000000

Yoshi Story
Shy Guys drop food even if items are at off (1.02)[flieskiller]
0428fb1c 4800000c

Mute City
Disable cars (1.02)[flieskiller]
041f0188 60000000

 

[flieskiller]

Updated my post with the stage Green Greens, because of Zauron's error about the falling blocks. I also added my own "Blocks initially in the stage can't have bombs".

 

[_glook]

Updated my post with the stage Green Greens, because of Zauron's error about the falling blocks. I also added my own "Blocks initially in the stage can't have bombs".

I really like that code. I think that and removing falling blocks is a good Omega for that stage.

 

[flieskiller]

I really like that code. I think that and removing falling blocks is a good Omega for that stage.

Yeah, and the apples too. I tried it today and it's not bad at all. Difficult to play Falco in that stage though, you just dair in the hole

 

[Doq]

SEEMS TO CRASH ON CONSOLE
Everything is disabled and immobile (water, doodads, Klap Traps)(1.02)[flieskiller]
80202c98 60000000

04202c98 60000000

Fixed that for you.

 

[flieskiller]

04202c98 60000000

Fixed that for you.

By crashing on console, I mean on a Gamecube it crashes the game, not as a gecko code on Wii. But thanks anyway.

 

[Doq]

By crashing on console, I mean on a Gamecube it crashes the game, not as a gecko code on Wii. But thanks anyway.

O

DOL mod?

 

[flieskiller]

O

DOL mod?

ya, with custom memory exploit, works on Dolphin not crashes on gamecube.

 

[Doq]

ya, with custom memory exploit, works on Dolphin not crashes on gamecube.

I mean an old-fashioned raw DOL mod. Would it then work on console?