-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAssembly Compendium.txt
2300 lines (1976 loc) · 70.8 KB
/
Assembly Compendium.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Noxid`s Assembly Compendium
A collection of the Assembly knowledge on the Miraigamer Forums
Foreword: This is just a straight-up copypaste of all the information I could dredge on Assembly Hacking. None of it is my own work.
Also, I'm aware there's some repeated information. I tried to group by section, and some things belonged in more than one section.
It helps if you just kinda know where most of the stuff in here is though (I made it, so, I do :])
Finally, 0x, $0, and 00 leading the offsets all mean the same thing, but since this is from multiple sources there are multiple representations.
Table of Contents!
Assembly Offsets Lists: [OFF]
Weapons: [OFFWEP]
NPC pointer list: [OFFNPC]
Note: To find a specific # NPC, search [NPC#] where the # is the NPC ID rounded down to the nearest 10s
Boss AI table: [OFFBOSS]
All Other Offsets: [OFFMISC]
ROM Offsets: [OFFROM]
General Offsets: [MISCGEN]
Random Offsets: [MISCRAN]
Functions: [MISCFUN]
No clue: [MISCMISC]
Weapon related: [MISCWEP]
Effects related: [MISCEFF]
Screen rects etc:[MISCSCRN]
No good classification: [MISCODD]
NPC related: [MISCNPC]
Assembly Hacking Information and Tutorials: [INF]
Commands list: [INFCOM]
Registers; General info and list: [INFREG]
Offsets; General info: [INFOFF]
Pointers; How and what: [INFPOI]
TSC Command Modding: [INFTSC]
Information on Functions: [FUN]
Special Effects Functions: [FUNFX]
NPC Hacking: [NPCHX]
Displaying Entities: [NPCDSP]
Animating Entities: [NPCGO]
A really big example from RuneLancer: [NPCEX1]
A simpler example from S. P. Gardebiter: [NPCEX2]
RuneLancer’s NPC Guide [NPCGUIDE]
Example NPC Pseudocode: [NPCPSU]
Creating your own NPC: [NPCNEW]
Handy Offsets for NPCs: [NPCOFF]
Handy Functions for NPCs: [NPCFUN]
Title Screen Hacking: [TITLE]
Assembly Offsets Lists [OFF] http://www.miraigamer.net/forums/showthread.php?t=942
Weapons: [OFFWEP]
0x047B0 - Polar Star (all levels)
0x04B30 - Fireball (all levels)
0x05120 - Machinegun (all levels)
0x055A0 - Missile Launcher (all levels)
0x05F30 - Bubbler level 1
0x06190 - Bubbler level 2
0x064D0 - Bubbler level 3
0x068B0 - Bubbler level 3 shot
0x075E0 - Blade level 3 slash
0x078A0 - [unused]
0x06BB0 - Blade level 1
0x06E60 - Blade level 2
0x07110 - Blade level 3
0x07910 - Super Missile Launcher (all levels)
0x08230 - Nemesis (all levels)
0x08710 - Charged spur (all levels)
0x08AE0 - Non moving spur (all levels)
Gun:
Snake - 41DBD0
Polar Star - 41DE60
Fireball - 41E110
Machine Gun - 41E3D0
Missle Launcher - 41E7B0 [regular and super??]
Bubbler - 41EFD0 & 41F280
Blade - 41F580
Nemesis - 41F710
Spur - 41FA10
937F4-98187 = free space (Old map data, use for RAM only)
NPCs [OFFNPC] http://spgardebiter.sp.funpic.de/CaveStory/FAQ/NPC.txt
0000-0009 [NPC0]
0x0026530 0x00265B0 0x0026AF0 0x0026FD0 0x0027040
0x0027480 0x0027820 0x0027C60 0x0027F00 0x0028260
0010-0019 [NPC10]
0x0028540 0x00289B0 0x0028B10 0x0029940 0x0029A30
0x0029BF0 0x0029E00 0x002A0B0 0x002A360 0x002A490
0020-0029 [NPC20]
0x002A830 0x002A940 0x002A9C0 0x002AA70 0x002ABD0
0x002B280 0x002B5E0 0x002BA90 0x002BAE0 0x002C1A0
0030-0039 [NPC30]
0x002C320 0x002C4C0 0x002CA10 0x002CAC0 0x002CC20
0x002CCB0 0x002D010 0x002D760 0x002D810 0x002D960
0040-0049 [NPC40]
0x002D9F0 0x002DE00 0x002DE70 0x002E9F0 0x002EAB0
0x002F060 0x002F320 0x002F3F0 0x002F780 0x002F9E0
0050-0059 [NPC50]
0x002FEC0 0x00301B0 0x0030780 0x00307D0 0x0030B00
0x0030EB0 0x00311D0 0x00315E0 0x0031C20 0x00321F0
0060-0069 [NPC60]
0x0032460 0x0032B50 0x00334C0 0x00336C0 0x0033C00
0x0033FC0 0x00342B0 0x00345E0 0x0034D10 0x00355F0
0070-0079 [NPC70]
0x0035AB0 0x0035BA0 0x0035DE0 0x0035FC0 0x0036180
0x0036540 0x0036650 0x0036690 0x00367E0 0x0036870
0080-0089 [NPC80]
0x0036AE0 0x00370F0 0x00375E0 0x0037D90 0x0038250
0x00383D0 0x0038590 0x0038850 0x0038B10 0x0039580
0090-0099 [NPC90]
0x0039B00 0x0039B50 0x0039BC0 0x0039DC0 0x003A220
0x003A680 0x003AAF0 0x003AD10 0x003AF20 0x003B140
0100-0109 [NPC100]
0x003B350 0x003B410 0x003B4E0 0x003B5F0 0x003B7F0
0x003BD00 0x003BDB0 0x003BE00 0x003C4B0 0x003C610
0110-0119 [NPC110]
0x003C8E0 0x003CDE0 0x003D0A0 0x003D320 0x003D860
0x003DAE0 0x003E190 0x003E1E0 0x003E9B0 0x003F230
0120-0129 [NPC120]
0x003F280 0x003F310 0x003F4A0 0x003FC70 0x003FEF0
0x00400D0 0x00401F0 0x0040760 0x00408B0 0x0040CF0
0130-0139 [NPC130]
0x0041000 0x0041360 0x0041440 0x00419B0 0x0041B20
0x0041EC0 0x0042340 0x0042540 0x0042590 0x0042790
0140-0149 [NPC140]
0x0042BF0 0x0043AC0 0x0043EC0 0x0044190 0x0044230
0x0044620 0x0044780 0x0044930 0x0045050 0x0045170
0150-0159 [NPC150]
0x0045660 0x0045E30 0x0045FA0 0x0046020 0x0046500
0x0046710 0x0046B60 0x0046CA0 0x0047180 0x00474C0
0160-0169 [NPC160]
0x0047700 0x0047CB0 0x0047E90 0x00482A0 0x0048410
0x0048580 0x00486E0 0x00487F0 0x0048A10 0x0048BE0
0170-0179 [NPC170]
0x00495A0 0x00498C0 0x0049C10 0x0049D70 0x004A3C0
0x004A610 0x004A7D0 0x004ABB0 0x004AEE0 0x004B080
0180-0189 [NPC180]
0x004B210 0x004BE10 0x004C220 0x004C630 0x004C7A0
0x004CA60 0x004CBE0 0x004CDB0 0x004D070 0x004D3A0
0190-0199 [NPC190]
0x004D5E0 0x004D740 0x004DA00 0x004DE20 0x004DEA0
0x004DF10 0x004DF60 0x004E020 0x004E260 0x004E400
0200-0209 [NPC200]
0x004E5F0 0x004EC40 0x004ECE0 0x004EE40 0x004F1F0
0x004F3E0 0x004F6D0 0x004FB40 0x004FCB0 0x0050280
0210-0219 [NPC210]
0x0050400 0x0050760 0x0050810 0x0050BF0 0x00512A0
0x0051430 0x00517F0 0x0051840 0x0051CA0 0x0051DA0
0220-0229 [NPC220]
0x0051E90 0x0052000 0x0052470 0x00524E0 0x0052700
0x00528D0 0x0052A50 0x0052D10 0x0052D60 0x00530D0
0230-0239 [NPC230]
0x0053190 0x0053260 0x00536F0 0x00539B0 0x0053E60
0x0053F20 0x0054310 0x00548B0 0x0054A00 0x0054DF0
0240-0249 [NPC240]
0x0054F00 0x0055370 0x0055710 0x0055A10 0x0055AB0
0x0055C10 0x0055E00 0x0056110 0x0056F50 0x00570B0
0250-0259 [NPC250]
0x0057180 0x0057470 0x0057570 0x00579D0 0x0057B00
0x0057D70 0x0058010 0x0058360 0x00585A0 0x00585F0
0260-0269 [NPC260]
0x0058810 0x0058A70 0x0058C30 0x0058DF0 0x0059950
0x0059B30 0x0059C00 0x0059D80 0x005B3D0 0x005BCB0
0270-0279 [NPC270]
0x005BF10 0x005C230 0x005C500 0x005C5A0 0x005C750
0x005CC80 0x005CEA0 0x005D780 0x005D930 0x005DCF0
0280-0289 [NPC280]
0x005E110 0x005E360 0x005E4C0 0x005E950 0x005F910
0x0060910 0x0060AE0 0x0060BB0 0x0060D70 0x00610D0
0290-0299 [NPC290]
0x00614A0 0x0061800 0x00618B0 0x00618C0 0x00619E0
0x0061B90 0x0061E40 0x0061FD0 0x0062050 0x00623D0
0300-309 [NPC300]
0x00624E0 0x00625A0 0x0062890 0x0062AF0 0x0062C80
0x0062E00 0x0062F60 0x00630F0 0x00632B0 0x0063710
0310-0319 [NPC310]
0x0063AC0 0x0064090 0x0064740 0x0064BB0 0x0065CC0
0x0065F60 0x00664B0 0x0066790 0x0066B80 0x0066E50
0320-0329 [NPC320]
0x00670C0 0x00673F0 0x00676D0 0x0067C60 0x0067F40
0x0067FE0 0x0068230 0x0068830 0x0068990 0x00689E0
0330-0339 [NPC330]
0x0068A90 0x0068D70 0x0068F50 0x0069140 0x0069290
0x0069430 0x0069610 0x00696B0 0x0069800 0x0069AA0
0340-0349 [NPC340]
0x0069B40 0x006B240 0x006B340 0x006BD80 0x006BE10
0x006BF00 0x006C1D0 0x006C710 0x006C9B0 0x006CAC0
0350-0359 [NPC350]
0x006CB50 0x006D340 0x006D5D0 0x006DBE0 0x006E110
0x006E280 0x006E480 0x006E730 0x006E870 0x006E9E0
0360: 0x006EA90
Boss AI [OFFBOSS]
Boss 0 (no special boss): 0x0072FF0
Boss 1 (Omega): 0x007B6F0
Boss 2 (Balfrog): 0x0079030
Boss 3 (Monster X): 0x007E6F0
Boss 4 (Core): 0x0074400
Boss 5 (Ironhead): 0x007A8A0
Boss 6 (Dragon Sisters): 0x007D170
Boss 7 (Undead Core): 0x00753D0
Boss 8 (Heavy Press): 0x007C820
Boss 9 (Ballos [Ball]): 0x00772F0
The rest of the Offsets: [OFFMISC]
Rom: [MISCROM]
$000000 - Exe Header
$00DE78 - Background Colour: Fade
$00FDA9 - Title Screen Colour
$010409 - Background Colour: Null
$014B50 - Startup Info
$014BCF - Start Health (Current)
$014BD8 - Start Health (Max)
$01D599 - Start Map
$168FFF - End of Exe
General: Also some TSC Stuff. [MISCGEN]
004156D7 thru 00415750 -- Agility Code, How fast you move in water or on land
00414B20 thru 00414B39 -- Pushes reserved space onto the ram. used for maps, so the higher you set push 80, the more possible maps.
00415BF7 -- the jump function
00404D61 -- handles the angle of the fireball shot
0040F350 -- random number generator
00419CB0 -- ml+
004242DA -- cmu
0040DB70 -- xx1
00422510 -- tsc parser
00421900 -- ascii to # macro
0x422510 - Parser Offset
0x4225d5 - Galloping Triplets
0x425770 - End of Parser
0x421900 - ASCII to number
Command Ini:
0x4242dA - CMU
0x422666 - LI+
0x4227a3 - IT+
0x422821 - IT-
0x422893 - EQ+
0x422907 - EQ-
0x422c93 - UNI
0x42314f - KEY
0x4237e6 - YNJ
0x424e28 - FAC
0x424eaf - FAC(2)
0x4251fc - ESC
Command Subs:
0x420ee0 - CMU
0x419c60 - LI+
0x419cb0 - ML+
0x4012d0 - IT+
0x401330 - IT-
0x416c70 - EQ+
Random: Player data, and other stuff. [MISCRAN]
00499B40 - Inventory
00499bc8 WeaponData[0x00].ID +00 0x14 in size.
00499bcb WeaponData[0x00].ShotID +04
00499bcc WeaponData[0x00].Level +08
00499bd0 WeaponData[0x00].Energy +0c
00499bd4 WeaponData[0x00].MaxAmmo +10
00499bd8 WeaponData[0x00].Ammo +14
00499bc0 InventoryViewType [ Checking weapons 0x00 or items? 0x01 ]
00499c68 SelectedWeaponID
00499c6c SelectedItemID
0049DB34 IsScreenBlack
0049DDA0 EventFlags x 03E8, 1 bit each so 8000 flags.
0049E6C0 LvBarFlashesLeft [how many flashes before the bar stops flashing]
0049E6C4 ExpToGained [how much exp remains to be gained - reset to 0 after using]
0049E6C8 InvincTimer
0049E6CC CurrentHealth
0049E6CE NumWhimStars
0049E6D0 MaxHealth
0049E6D4 YellowHealthBar [health bar value - the yellow part]
0049E6D8 YellowHealthBarTimer [yellow health bar updated each 0x1E ticks]
0049E6DC Oxygen (x10)
0049E6E0 Flashing Arrow Timer (for Air Counter)
0049E6E8 JetpackEnergy
0049E6E6 Jetpack fuel delay(?)
0049E6F4 NikumaruTime
0049E638 PlayerFlags [0x01 Inspecting | 0x02 Removed | 0x04 Walking | 0x08 | 0x10 | 0x20 | 0x40 | 0x80 Visible | 0x100 Water]
0049E63C Player on which tile? [400 = spike]
0049E640 DirectionFaced
0049E644 IsFacingUp [0x01 Facing Up]
0049E648 IsFacingDown [0x01 Facing Down]
0049E64C InFishBattle [When 0x01, move around screen in bubble like in fish battle]
0049E650 EquippedItems
0049E654 PlayerXPosition [In 512ths of a pixel]
0049E658 PlayerYPosition [In 512ths of a pixel]
0049E65C QuoteCameraXPosition
0049E660 QuoteCameraYPosition
0049E664 QuoteCameraOffsetX
0049E668 QuoteCameraOffsetY
0049E66C VelocityX [how much current/wind is affecting the player. X axis.]
0049E670 VelocityY [how much current/wind is affecting the player. Y axis.]
0049E67C QuoteHitRect.L [used to determine quote's solidity]
0049E680 QuoteHitRect.U
0049E684 QuoteHitRect.R
0049E688 QuoteHitRect.D
0049E68C QuoteSizeRect.L [used to determine quote's size]
0049E690 QuoteSizeRect.U
0049E694 QuoteSizeRect.R
0049E698 QuoteSizeRect.D
0049E6AC WeaponSrcRect.L [used to render quote's weapon]
0049E6B0 WeaponSrcRect.U
0049E6B4 WeaponSrcRect.R
0049E6B8 WeaponSrcRect.D
0049E218 LastKeyHeld
0048f040 WeaponIconXOffset [icon and text; 0x10 is centered]
0048f914 GraphicScale [Part of the data which handles different resolutions.]
0048f91c FullscreenRect [Rect which covers the screen. Render onto this.]
0048f924 RenderWidth [Which X to stop rendering on.]
0048f928 RenderHeight [Which Y to stop rendering on.]
00493464 Timer1000Init [Set to 0x00 once init.]
0049E210 Key_Held See Key Table.
0049E214 Key_Pressed See Key Table.
00493610 KeyForJump
00493614 KeyForShoot
00493618 KeyForNextWeapon [which key is "next weapon"]
0049361C KeyForPrevWeapon [which key is "previous weapon"]
00493620 KeyForMenu [which key is "menu"]
00493624 KeyForMinimap [which key is "minimap"]
00493628 KeyForJump [which key is "jump"]
0049362C KeyForShoot [which key is "shoot"]
00493630 KeyForLeft [which key is "left"]
00493634 KeyForUp [which key is "up"]
00493638 KeyForRight [which key is "right"]
0049363C KeyForDown [which key is "down"]
00499b40 Inventory[0x00] 0x04 x 0x20 in size.
00499bc4 InventoryLabelPos [ Relative height of --Arms-- and --Item-- labels. ]
0x0048C4D8 0x01 x 0x08 b ROM_ImageTag The tag-text "(C)Pixel" used to protect images.
0x0048F048 0x?? x 0x2C b ROM_WeaponData Weapon info.
0x0048F048 0x00 Damage
0x0048F049 0x01 Num Impacts
0x0048F04C 0x04 MaxDistance
0x0048F050 0x08 Behavior Flags [01:??? 02:??? 04:Ignore_Wall 08:Climb_Slop 10:??? 20:??? 40:??? 80:???]
0x0048F054 0x0C Bullet size width
0x0048F058 0x10 Bullet size Height
0x0048F05C 0x14 Wall collision X
0x0048F060 0x18 Wall collision Y
0x0048F064 0x1C Pos Offset L
0x0048F068 0x20 Pos Offset U
0x0048F06C 0x24 Pos Offset R
0x0048F070 0x28 Pos Offset D
0x0048F8C0 0x?? x 0x04 b ROM_PEffects Pointer to the effects (puff, spark..)
0x0048F93C 0x01 x 0x04 b ROM_PImageTag Pointer to the tag-text.
0x0048F940 0x57 x 0x?? b ROM_SoundData Sounds 0x0001161A is the code which loads it. Function pushes the address and the sound ID.
0x00493640 0x01 x 0x04 b ROM_PClassName Pointer to class name. 0x00012331 is the code which loads it.
0x00493660 0x04 x ?? b ROM_WeaponExpTables Weapon exp tables. Weapon 0, Lv 1, 2, 3; Weapon 1, Lv 1, 2, 3... etc.
0x004937B0 0xC8 x ?? b ROM_MapHeaders Map headers.
0x004937B0 0x00 TilesetName
0x004937D0 0x20 MapFileName
0x004937F0 0x30 BGType
0x004937F4 0x44 BGImageFile
0x00493814 0x64 SpriteFileA
0x00493834 0x84 SpriteFileB
0x00493854 0xA4 BossID
0x00493855 0xA5 Name
0x004981E8 0x2A x 0x04 b Pointer to songs L00420F48 loads it. Seems to be names, but swapping them works? Weird.
0x00498548 0x0169 x 0x04 b ROM_PEnemyCode Pointer to enemy code.
0x00498AEC 0x0A x 0x04 b ROM_PBossCode Pointer to boss code.
0x004A5ADC byte TSC State [0 No TSC | 1 In TSC | 2 TSC paused | 4 <WAI | 5 FAI/FAO | 6 Yes/No decision | 7 <WAS | others ?????]
0x004A5B08 - Either 0 or 1, and determines the Yes/No cursor's x-pos (value * 0x29 + 0xD3)
0x004A5AFC - Yes/No box y-pos, -ve values are further down the screen, >= 2 sets at the final position.
???????: [MISCMISC]
00401FA0 dk_SubAmmoFromSelected(int AmmoAmount)
00402020 dk_AddAmmoToSelected(int AmmoAmount)
0040B800 dk_LoadImageFileA(A8, Ac)
0040BAC0 dk_LoadImageFileB(A8, Ac)
0040BFD0 dk_LoadImageFileC(A8, Ac)
00410D80 dk_FileLenght(char* FileName)
00410EE0 dk_CenterWindow(HWND hWindow)
00413570 dk_MessageQueue()
00416AA0 dk_GetPlayerXY(int *X, int *Y)
00419650 Touch XP chip
00419890 dk_ResetSelectedWeapon()
004198C0 dk_LevelDownFrom3()
00419C60 dk_GainHP(int HPAmount)
00480FFD dk_fopen(char* FileName, char* FileMode)
0040F350 Random Number Generator
0048b8be API_VerQueryValue
0048b8c4 API_GetFileVersionInfo
0048b8ca API_GetFileVersionInfoSize
0048c038 API_GetPixel
0048c03c API_SetPixel
0048c040 API_DeleteObject
0048c100 API_GetModuleFileName
0048c1b8 API_GetWindowRect
0048c1e0 API_PeekMessage
0048c1e4 API_GetMessage
0048c1e8 API_TranslateMessage
0048c1ec API_DispatchMessage
0048c1f0 API_DeleteMenu
00499c70 MenuRectFlash [Whether the rectangle is white or black, for the flash effect.]
00499c78 BackgroundSizeX
00499c7C BackgroundSizeY
00499C88 BackgroundMode
00499c90 GlobalWaterDepth [How deep the water is - think "core battle."]
004bd02c HeapHandle
004be044 PcommandLine
#Weapon stuff [MISCWEP]
0x00401FA0 Weapon Ammo reduction code.
(this is for bullets)
0499C98 WeaponObj[0x00].Collision +0x00 [01:WallL 02:WallR 04:WallT 08:WallB 10: 20: 40: 80: ] x 0x80
00499C9C WeaponObj[0x00].ShotID +0x04 [6=GunLv3, 8=FireballLv2... Hell, see table.]
00499CA0 WeaponObj[0x00].Flags +0x08 [01:??? 02:??? 04:Ignore_Wall 08:Climb_Slope 10:??? 20:??? 40:??? 80:???]
00499CA4 WeaponObj[0x00].InUse +0x0C [0x80: in use]
00499CA8 WeaponObj[0x00].X +0x10
00499CAC WeaponObj[0x00].Y +0x14
00499CB0 WeaponObj[0x00].MoveX +0x18
00499CB4 WeaponObj[0x00].MoveY +0x1C
00499CB8 WeaponObj[0x00].??? +0x20
00499CBC WeaponObj[0x00].??? +0x24
00499CC0 WeaponObj[0x00].WasSetup +0x28 [handles whether the setup phase is over or not.]
00499CC4 WeaponObj[0x00].??? +0x2C
00499CC8 WeaponObj[0x00].??? +0x30
00499CCC WeaponObj[0x00].FrameID +0x34
00499CD0 WeaponObj[0x00].Direction +0x38
00499CD4 WeaponObj[0x00].Display_L +0x3C
00499CD8 WeaponObj[0x00].Display_U +0x40
00499CDC WeaponObj[0x00].Display_R +0x44
00499CE0 WeaponObj[0x00].Display_D +0x48
00499CE4 WeaponObj[0x00].Distance +0x4C [how far it has travelled]
00499CE8 WeaponObj[0x00].??? +0x50
00499CEC WeaponObj[0x00].MaxDistance +0x54 [how long the "particle" lives]
00499CF0 WeaponObj[0x00].Damage +0x58
00499CF4 WeaponObj[0x00].NumImpacts +0x5C
00499CF8 WeaponObj[0x00].??? +0x60 hitRect.left
00499CFC WeaponObj[0x00].??? +0x64 hitRect.up
00499D00 WeaponObj[0x00].??? +0x68 hitRect.right
00499D04 WeaponObj[0x00].??? +0x6C hitRect.down
00499D08 WeaponObj[0x00].??? +0x70 (Pos Offset?)
00499D0C WeaponObj[0x00].??? +0x74 (Pos Offset?)
00499D10 WeaponObj[0x00].??? +0x78 (Pos Offset?)
00499D14 WeaponObj[0x00].??? +0x7C (Pos Offset?)
0049BC18 WeaponObj[0x3F]
# Effect Data [MISCEFF]
0049BCA8 EffectObj[0x00].InUse +0x00 0x44 in len
0049BCAC EffectObj[0x00].ID +0x04
0049BCB0 EffectObj[0x00].Mode +0x08
0049BCB4 EffectObj[0x00].X +0x0C
0049BCB8 EffectObj[0x00].Y +0x10
0049BCBC EffectObj[0x00].MoveX +0x14
0049BCC0 EffectObj[0x00].MoveY +0x18
0049BCC4 EffectObj[0x00].WasInit +0x1C
0049BCC8 EffectObj[0x00]. +0x20 ; Unused?
0049BCCC EffectObj[0x00].FrameID +0x24 ; This is the actual frame to display, from the rects.
0049BCD0 EffectObj[0x00].FrameTimer +0x28
0049BCD4 EffectObj[0x00].XOffset +0x2C
0049BCD8 EffectObj[0x00].YOffset +0x30
0049BCDC EffectObj[0x00].Display_L +0x34
0049BCE0 EffectObj[0x00].Display_U +0x38
0049BCE4 EffectObj[0x00].Display_R +0x3C
0049BCE8 EffectObj[0x00].Display_D +0x40
# Screen manipulation [MISCSCRN]
0049CDA8 ScreenOffsetX
0049CDAC ScreenOffsetY
0049CDB0 Rect_Fullscreen.L
0049CDB4 Rect_Fullscreen.U
0049CDB8 Rect_Fullscreen.R
0049CDBC Rect_Fullscreen.D
48f91c - left
48f920 - top
normally set to 0
also the 2 after, which i'd call bottom and right
seem to be at 320x240, but are still working
0049D368 HFontObject [Handle to the game's font.]
0049D374 Fullscreen_Width
0049D378 Fullscreen_Height
0049D37C DirectDrawObj [Instance of the Direct Draw object, once created.]
0049d380 DD7_SurfaceA [LPDIRECTDRAW7SURFACE* to the main display.]
0049d384 DD7_SurfaceB [LPDIRECTDRAW7SURFACE* to the main display.]
+00: QueryInterface(p,a,b)
+04: AddRef(p)
+08: Release(p)
+0C: AddAttachedSurface(p,a)
+10: AddOverlayDirtyRect(p,a)
+14: Blt(p,a,b,c,d,e)
+18: BltBatch(p,a,b,c)
+1C: BltFast(p,a,b,c,d,e)
+20: DeleteAttachedSurface(p,a,b)
+24: EnumAttachedSurfaces(p,a,b)
+28: EnumOverlayZOrders(p,a,b,c)
+2C: Flip(p,a,b)
+30: GetAttachedSurface(p,a,b)
+34: GetBltStatus(p,a)
+38: GetCaps(p,b)
+3C: GetClipper(p,a)
+40: GetColorKey(p,a,b)
+44: GetDC(p,a)
+48: GetFlipStatus(p,a)
+4C: GetOverlayPosition(p,a,b)
+50: GetPalette(p,a)
+54: GetPixelFormat(p,a)
+58: GetSurfaceDesc(p,a)
+5C: Initialize(p,a,b)
+60: IsLost(p)
+64: Lock(p,a,b,c,d)
+68: ReleaseDC(p,a)
+6C: Restore(p)
+70: SetClipper(p,a)
+74: SetColorKey(p,a,b)
+78: SetOverlayPosition(p,a,b)
+7C: SetPalette(p,a)
+80: Unlock(p,b)
+84: UpdateOverlay(p,a,b,c,d,e)
+88: UpdateOverlayDisplay(p,a)
+8C: UpdateOverlayZOrder(p,a,b)
0049D388 ImageResSurface [LPDIRECTDRAW7SURFACE* to image resources. 0x?? x 0x04]
0049D428 WinRect.L [window rect, used once only]
0049D42C WinRect.U
0049D430 WinRect.R
0049D434 WinRect.D
0049D438 LastTickCount
0049D43C CurrentTickCount
0049d440 RECT_ScreenCopy [RECT struct used to copy the screen.]
0049D450 DDBLTFX_ScreenCopy [DDBLTFX struct used to copy the screen.]
0049D4B4 BlitRect4B4.L [Used at one place only.]
0049D4B8 BlitRect4B4.U
0049D4BC BlitRect4B4.R
0049D4C0 BlitRect4B4.D
0049D4C4 BlitRect4C4.L [Used at one place only.]
0049D4C8 BlitRect4C4.U
0049D4CC BlitRect4C4.R
0049D4D0 BlitRect4C4.D
0049D4D4 BlitRect4D4.L [Used at one place once.]
0049D4D8 BlitRect4D4.U
0049D4DC BlitRect4D4.R
0049D4E0 BlitRect4D4.D
0049D4E4 BlitRect4E4.L [Used at one place once.]
0049D4E8 BlitRect4E4.U
0049D4EC BlitRect4E4.R
0049D4F0 BlitRect4E4.D
0049d514 RECT_Clear [RECT struct used to clear the screen.]
0049D528 DDBLTFX_Clear [DDBLTFX struct used to clear the screen.]
0049D610 ???, x 0x0018
0049D628 ???, x 0x0500
0049DB30 ???, x 0x0268
0049DD98 ???, x 0x0008
0049DDA0 - Start of Flag Data
# More interesting stuff [MISCODD]
004937A8 - Pointer to Profile.dat string
0049DB34 - IsFadeOut
0049E190 OccasionalFlash If set to true, the screen flashes occasionally.
0049E1C4 FlashColor [Color of the flash, RGB]
0049E1C8 CameraPosX {shf9}
0049E1CC CameraPosY {shf9}
0049E1D0 FocusX
0049E1D4 FocusY
0049E1D8 Focus Speed
0049E1DC SoftQuakeDuration [How long the screen shakes for. Soft shake.]
0049E1E0 HardQuakeDuration [How long the screen shakes for. Hard shake.]
0049E1E4 CursorPosition [Cursor position ID, maybe just for the title screen...]
0049E1E8 GameState [0: title, 3: normal play, 4 game over/black fade, 5 event, 7 status screen; &2=accepts input]
0049E1EC GameTime
0049E1F0 DirectInputObj [Instance of the Direct Input object, once created.]
0049E328 FullExePath [Full path to the executable.]
0049E37C (last possible flag...)
0049E44C AppInstance
0049E458 AppWinHandle
0049e464 ShowFPS [Set to non-zero to have an FPS counter.]
0049E468 CanAcceptInput [Set to 0 when focus is lost. Locks keyboard when unset.]
0049e46C Timer1000Time [Final Time the 1000 timer took to complete.]
0049e470 Timer1000Elapsed [Time elapsed during the 1000 tick counter's countdown.]
0049e474 Timer1000Ticks [Timer updated every 1000 ticks.]
0049E480 Pointer to heap memory for PXM file
0049E586 Width of current map
0049E588 Height of current map
0049E5B8 ???, x 0x0080 MPJ array, indexed by map ID...
0049E6E4 Is in water
0049E6EC EnvironmentSound (0 = none, 1 = StreamSound, 2 = PropellerSound)
004A4DA8 TimerHandle [Handle to a timeSetEvent timer.]
004A4DAC IsTimerActive [Set to 0x01 if the timeSetEvent timer is active.]
004A5500 ???, x 0x0040
004a5568 SoundBufferArray [Series of 4 byte pointers to IDirectSoundBuffer objects, one per sound ID.]
004A57E8 DirectSoundObj [Instance of the Direct Sound object, once created.]
004a57f0 CurrentMapID
004a57f4 CurrentSongID
004a57fc PreviousSongID [backup to revert to the last song played]
004A5800 WhimsicalStar [3 elements [68 bytes]: 004A5800 - 004A58CB]
+0C XPosition
+10 YPosition
+14 XVelocity
+18 YVelocity
004a58cc CurrentStarID [which whimsical star is being updated currently]
004A58D0 Message Box RAM Buffer [0x100 in len]
004A59D0 Current Map TSC file location
004a5ad8 PCurrentScript [Where the current script is loaded]
004a5ae0 ScriptPosition [Which position into the current script file we're at]
004a5ae4 TextColumn [which column text is written at]
004a5ae8 TextRow [Which row text is written at]
004A5B10 Face Slide Timer
004a5B1C TextBox Rect
004A5B00 <WAI time
004A5B0C FaceID [which face is being displayed]
004A4B00 ECurrent beat of the song
004A57F8 EPrevious song beat
# NPC Stuff [MISCNPC]
004A6220/4a5F98 0xAC, 0x0200
+0x00: Event.InUse (N) ; is the event active? 0 kills.
+0x04: Event.Collision (N) ; flag to show what it's colliding w/
+0x08: Event.X (N) ; Position [x]
+0x0C: Event.Y (N) ; Poxition [y]
+0x10: Event.MoveX ; xvel, add to event.x each step
+0x14: Event.MoveY ; yvel
+0x18: Event.AltVel ;
+0x1C: Event.AltVel ;
+0x20: Event.Unknown1 ; For entities such as curly that use
+0x24: Event.Unknown2 ; the targeting macro.
+0x28: Event.NPCID (N) ; sprite #
+0x2C: Event.EntityID (N) ; Entity ID, as seen in CE
+0x30: Event.EventNum (N) ; Event #, as seen in CE
+0x34: Event.Tileset (N) ; The tileset # as seen in a NPC.tbl editor
+0x38: Event.HurtSound (N) ;
+0x3C: Event.DeathSound (N) ;
+0x40: Event.Health (N) ; health/damagetaken
+0x44: Event.EXP (N) ; EXP dropped
+0x48: Event.Size (N) ;
+0x4C: Event.Direction (N) ;
+0x50: Event.Flags (N) ; Entity flags
+0x54: Event.Frame_L (N) ; left side of the frame rect
+0x58: Event.Frame_U (N) ; top side of the frame rect
+0x5C: Event.Frame_R (N) ; right side of the frame rect
+0x60: Event.Frame_D (N) ; bottom side of the frame rect
+0x64: Event.FrameTimer ;
+0x68: Event.FrameNum ;
+0x6C: Event.ObjectTimer ;
+0x70: Event.Directive ; Usually something from the parent.
+0x74: Event.ScriptState ;
+0x78: Event.ScriptTimer ;
+0x7C: Event.HitRect_L (N) ;
+0x80: Event.HitRect_U (N) ;
+0x84: Event.HitRect_R (N) ;
+0x88: Event.HitRect_D (N) ;
+0x8C: Event.Display_L (N) ; Used to calc. how far left/right to offset the sprite when displaying
+0x90: Event.Display_U (N) ; Used to calc. how far up/down to offset the sprite when displaying
+0x94: Event.Display_R (N) ; Sometimes used as the radius of the entity for making smoke appear from it
+0x98: Event.Display_D (N) ; no known use
+0x9c: Event.HitTrue [N] ; Has the entity been Hit?
+0xA0: Event.DamageTaken(N) ; Damage displayed by damage numbers
+0xA4: Event.Damage (N) ; Damage done to Player
+0xA8: Event.Parent [N] ; It's like the ebp+8 of the parent entity.
(N): NOT conventions - Don't turn them into temporary storage locations.
004bba34 NPCStruct[0x00].Flags +0x00 x 0x18
004bba36 NPCStruct[0x00].Health +0x02
004bba38 NPCStruct[0x00].Tileset +0x04
004bba39 NPCStruct[0x00].DeathSnd +0x05
004bba3A NPCStruct[0x00].HurtSnd +0x06
004bba3B NPCStruct[0x00].DeathAnim +0x07
004bba3C NPCStruct[0x00].Exp +0x08
004bba40 NPCStruct[0x00].Damage +0x0C
004bba44 NPCStruct[0x00].HitBox[4] +0x10
004bba48 NPCStruct[0x00].DisplayBox[4] +0x14
004BBA58 ???, x 0x0D70 boss data?
Hacking Reference Info [INF]
http://www.miraigamer.net/forums/showthread.php?t=2590
COMMANDS: [INFCOM]
mov x,y -- Equals sign, x = y
cmp x,y -- Compares x and y, useless unless you have one of the following after it.
- je x -- If x and y are equal, jump to x.
- jne x -- If x and y are not equal, jump to x
- jl x -- If x is smaller than y, jump to x
- jle x -- If x is smaller than or equal to y, go to x.
- jr x -- Same as jl, but larger than
- jre x -- same as jle but larger than or equal to.
- disclaimer: if you see one of these with a z in it, the evil warlords are trying to kill you, just pretend it's an e.
Which leads us to:
jmp x -- teleports the script to x.
call x -- calls the function at x
ret -- jumps back to where the function was called.
push x -- pushes x onto the stack (not sure what a stack is? Look here!)
pop x -- pops x from the stack
add x,y -- adds y to x, saves to x
sub x,y -- subtracts y from x, saves to x
shl x,y -- multiples x by 2^y, a lot faster than mul.
shr x,y -- divides x by 2^y, rounding down. similar to shl
... ; -- equivalent of //, ends the line, and anything after it don't count, useful for comments or writing the original code in case you screw stuff up.
REGISTERS: [INFREG]
places where you can store stuff while you use it. There are nine, but you can only use 3 of them
EAX - you can use this one
EBX - reserved for something or other
ECX - you can use this one
EDX - you can use this one
ESP - reserved, points to the top of the stack
EBP - reserved, points to the base of the stack
ESI - reserved for something or other
EDI - reserved for something or other
EIP - reserved, points to the next instruction to be run
if you ever see AX, BX, CX, etc, that just means its only using half of EAX, EBX, ECX. And AL, BL, CL is only using half of AX, BX, CX
OFFSETS: [INFOFF]
yeh, you can do all kinds of stuff now, but adding one to eax and setting edx equal to it really isn't that exciting.
All the jazz is at offsets, some are codes, ie 419CB0 has ML+ at it, but other offsets, like 0049E6CC (current health) are just values
which are accessed by the code to do cool things.
BRACKETS/POINTERS: [INFPOI]
so, pretend eax holds 49E6D0.
if you have a bit of code that says:
mov eax,49E6D0
add eax,2
it will add two to eax (49E6D0), which is kinda useless since eax is now an offset to something random
However, if you have:
add [eax],2
with the brackets around eax, it doesn't add two to 49E6D0, but rather whatever is at that offset, the max health.
What some of this means; AKA an example
MOV EAX,[EBP+8] ; this line is created for a process called pipelining that make the code run faster.
Also because of this, [EAX+14], [ECX+14], and [EDX+14] will always be the same thing, as long as [EBP+8] is in EAX, ECX, or EDX.
Any line that puts [EBP+8] in a register is doing this, and you can condense these to gain space if you need to (this is more advanced)
MOV ECX,[EAX+14] ; this line takes the number that is in [EAX+14] and puts it in ECX so that we can do stuff with it.
In a higher level language, [EAX+14] would be called a variable.
MOV EDX,[EBP+8] ; pipelining
ADD ECX,[EDX+1C] ; this line adds whatever is in [EDX+1C] to ECX (which currently contains [EAX+14] from before)
MOV EAX,[EBP+8] ; pipelining
MOV [EAX+14],ECX ; this takes whatever is in ECX and moves it back to [EAX+14]
TSC COMMAND MINI GUIDE: By Lace [INFTSC]
To make a new command, find a command that you're not going to use -
The most obvious choice for this would be a duplicate FAC command (at 424eaf), but if you want a larger command, you can cannibalize a command such as xx1.
to find xx1, you would covert it's letters into ascii (so 58,58,51),
and then search for a "mov e_x,[004A5AD8]". and then a cmp [e_x+1],58. What this is doing is comparing the first char of the read-in data with 58 (x).
If it's not x, it jumps to the next command, and if it is x, it does another check, etcetera. What this code ends up looking like is:
mov e_x,[004A5AD8]
add e_x,[004A5AE0]
movsx e_x,byte ptr [eax+0001]
cmp e_x,__ ;Checks if the first letter is __
jne next_command
mov e_x,[004A5AD8]
add e_x,[004A5AE0]
movsx e_x,byte ptr [e_x+0002]
cmp e_x,__ ;Second Letter
jne next_command
mov e_x,[004A5AD8]
add e_x,[004A5AE0]
movsx e_x,byte ptr [ecx+0003]
cmp e_x,__ ;Thoid
jne next_command
So you'd look for something like this that cmps 58, then 58, then 3D.
To make the command something else, you would just relace the ascii with other values, such as 4D, 4C, 3D (for ML=)
(Code for xx1 isat 00425149 btw)
To change the command itself, you simply need to look at the code after the intro check up until a jmp away.
Here you just need general hax knowledge to make you're own command. Don't exceed the length given, but that's an obvious.
the big-fart tsc commands are in two parts, the normal bit, which is in the parser, and then a subroutine, which is generally the last call in the tsc.
you can go into the subroutine of a tsc event to write you're own code, too.
probably the most important thing your tsc command needs is this ikkle bit of tagalong code that's either near the start or the end that looks like this:
mov e_x,dword ptr ds:[4A5AE0]
add e_x,(chars used up by your tsc command, one with no arguments would take up 4)
mov dword ptr ds:[4A5AE0],e_x
and this allows the parser to move on, and doesn't break the game.
and a little bonus for you all, if you do this:
425244: jmp 4252ac
what this does is makes it so that if a tsc command doesn't exist, it treats it as text, instead of crashing.
cool, right?
Various Functions: [FUN]
http://www.miraigamer.net/forums/showpost.php?p=54346&postcount=39
LOADING:
Sound Loader:
push soundid ; what is going to be the sound id
push channels
push offset ; offset of the sound
call 004207E0
add esp,0C
Music Loader:
Push Offset of song name to load. Regular songs start at 4981E8 and are 16 bytes long.
call 0041CF60
add esp, 4
Graphics Loader:
push graphicid ; what is going to be the graphics id
push offset ; this offset holds the name of the graphic, not the graphic itself
call 0040B800
add esp,08
EFFECTS:
Play Sound:
push channelnum
push soundid
call 00420640
add esp,8
Play Music:
push musicid
call 00420EE0
add esp,4
RMU
420F50
Render Graphics:
push graphicsid
push rects ; lea [ebp-xx]
push y
push x
push FullScreenRect [48F91c]
call 0040C3C0
add esp,14
WEAPONS:
Weapon Ammo Add:
push Amt. of Ammo (always uses selected gun)
call 402020
add esp,4
Weapon Ammo Subtract:
push Amt. of Ammo
call 401FA0
add esp,4
Weapon Bullet Counter:
push weaponid
call 00403C40 ; returns into eax
add esp,4
create bullet:
push dir
push y
push x
push bulletid
call 403f80
add esp,10
EXP Add:
push xptogain
call 4196f0
add esp,4
OTHER:
RAM Reserve A:
push amount
push ? (0 works)
push offset to reserve
call 00480D30
add esp,0C
RAM Reserve B:
push amount
call 004813A3 ; Not sure about what this does. Used in conjunction with above
add esp,4 ; for tsc reserves, and is used by itself other places.
Check Flag:
PUSH flag #
Call 0040E930 ; Returns 1 or 0
ADD ESP, 4
Call TSC Event:
push eventnum
call 421990 ; note that with an unhacked parser, this will destroy invincibility
add esp,4
ASCII To Number:
push ascii
call 00421900 ; returns into eax
add esp,4
Random Num Generator:
push max
push min
call 40f350 ; returns into eax
add esp,8
Create Animated Effect
push mode
push ID
push Y
push X
call 40AC90
add esp, 10
Take Damage:
push damage
call 00419910 ; this will also hurt your exp, not seperate functions.
add esp,4
NPC Create:
push init slot (0x200 entity slots, starts checking from # pushed.)
push Parent ; This is to push [ebp+8] in ASM to relate entities to one another, with +A8
push Direction
push yvel
push xvel
push y
push x
push num
call 46efd0
add esp,20
Underwater Timer:
push y
push x
call 41a350
add esp,8
Get Hell Time:
call 41a7c0