Weapon Hacking

It's possible yep.
But it's very unlikely that you will find it.
Especially when you can't get anything of the FAQ.

 

It's possible yep.
But it's very unlikely that you will find it.
Especially when you can't get anything of the FAQ.

Would you be willing to upload it elsewhere, then?

 

Huh?
I don't even know how to do it.

 

I was talking about Weapon_Hack.txt, the FAQ. Filespace no longer works, so could you please put it up on another site?

(I know about using hex editors by the way, but I've no clue about finding the correct offests for what I want to do.)

 

Ctrl+G in a hex editor, then copy the address, 0xLMFAO

 

I'm very curious about the weapon hacking per assembly.
Runelancer...?

I was talking about Weapon_Hack.txt, the FAQ. Filespace no longer works, so could you please put it up on another site?

(I know about using hex editors by the way, but I've no clue about finding the correct offests for what I want to do.)

http://spgardebiter.sp.funpic.de/CaveStory/FAQ/Weapon Hack.txt

 

...I've already sent you my notes a long time ago. >"<; You have this information.

I'm surprised they still haven't been shared with everyone here by now too, for that matter, given the overall philosophy of the boards. (Unless that changed in the time I was gone )

 

I'm surprised they still haven't been shared with everyone here by now too, for that matter, given the overall philosophy of the boards. (Unless that changed in the time I was gone )

Hey I haven't shared all your information :/
You posted the sound hacking alone.
As well as the offsets for the NPC hacking.

We figured out the weapon hacking (the hardcode) at our own.
As well as the special effect list, editing title screen colours/misc colours, all the tileset blocks and their flags, npc tbl hacking, music importing and so on.
Mostly I with some of help of the other members (though on some things like the weapon hacking, it was the other way round).

The only thing I posted was the "ram" information for the weapon hacking.

~ Sticky ~

 

Okay, I've got your notes, but also questions D:

What's:
WeaponObj[0x00].NumImpacts?

Drawing is the same as the NPC's right?
Also the moving?

I need to add 1 to the WeaponObj[0x00].Distance every frame right?
And at the start I need to set the WeaponObj[0x00].MaxDistance and then set WeaponObj[0x00].WasSetup?

Do I need to set WeaponObj[0x00].Damage too?

Is there anything to pay attention at left? D:

 

How Edit/make Weapons?? please help!

 

WeaponObj[0x00].NumImpacts?

That's the amount of impacts the bullet can take before disappearing (on an NPC; scenary is a little different.) Most weapons set it to 1 (disappear as soon as you hit something) but others have a higher value (such as the missile's explosions) so multiple targets can be hit by it.

Drawing is the same as the NPC's right? Also the moving?

All structures in the ROM use the exact same mechanism. The API used to render things in CaveStory is DirectDraw, which works with RECTs rather than integers to describe positions. So whenever you want to render something, you'll have to define a RECT containing the current frame to render in the specific weapon/npc/effect/etc's handler.

Same goes with moving. Of course you'll have to write to the appropriate location in memory, but that goes without saying.

I need to add 1 to the WeaponObj[0x00].Distance every frame right?

Not necessarily. "Distance" means the weapon has moved. Once it has moved "MaxDistance" units, the code is responsible for removing the bullet.

This opens a lot of possibilities: you could, for instance, have a weapon that "leapfrogs" from target to target. Its max distance could increase with every hit so that it'd have to keep hitting targets to "survive." Or your weapon could sit in place and fly right at an enemy once it comes within range - only then would its Distance member change.

And at the start I need to set the WeaponObj[0x00].MaxDistance and then set WeaponObj[0x00].WasSetup?

Do I need to set WeaponObj[0x00].Damage too?

A lot of the members in the WeaponObj object don't have any use outside of the handler, so you can do whatever you want with them. WasSetup is one of those. This member is used internally by the programmer to keep track of when the setup phase is done. Your code should look like...

(frames go here)

if WasSetup then
(initialize everything)
else
(the bullet is now in motion - update it)

(render)

But you could use WasSetup for other things. Suppose you had a fireball that gets lobbed at the enemy, hits the ground, and burns for a while. You could store the burn duration in WasSetup for all CS cares - it can't tell the difference unless some OTHER bit of code uses it and expects it to behave that way.

Ideally, you shouldn't do that though. It's risky and you might find yourself chasing down bugs for a long time.

As for MaxDistance, it is automatically set through the weapon data in the ROM (I posted this in another thread but just in case, poke around 0048F048. Each structure is 0x2C bytes in length. The fifth byte is the distance.)

Is there anything to pay attention at left? D:

Your best bet, as always, is to have a look at the code that's already there.

 

How Edit/make Weapons?? please help!

There's very little you can do to edit weapons if you don't know assembly. Just about everything in the game that moves (and even some stuff that doesn't) has its own special bit of code which is run every frame and handles what happens with it. You need to code one of those.

If you can work your way through some hex, you can alter the weapon flags and properties. From my previous post,

As for MaxDistance, it is automatically set through the weapon data in the ROM (I posted this in another thread but just in case, poke around 0048F048. Each structure is 0x2C bytes in length. The fifth byte is the distance.)

Play around with that. Note that the first weapon is the one you have equipped before you get the first gun, so it's all blank. The first "real" weapon (the snake lv 1) is at 0048F074.

 

Thanks Rune.

Play around with that. Note that the first weapon is the one you have equipped before you get the first gun, so it's all blank. The first "real" weapon (the snake lv 1) is at 0048F074.

Old Information
I've got all that offsets in my weapon FAQ.
I meant real hacking, assembly hacking, that's the hardcode, I edited that already

Weapon Hacking FAQ by S. P. Gardebiter
Thanks to turska, ZTaimat, Runelancer and Wistil

0x00 - Damage
0x01 - Penetrating Power
0x04 - Range
0x08 - Flags [See below]
0x0C - Rect A1 (?)
0x10 - Rect A2 (?)
0x14 - Rect A3 (?)
0x18 - Rect A4 (?)
0x1C - Rect B1 (X Axis?)
0x20 - Rect B2 (Y Axis)
0x24 - Rect B3 (?)
0x28 - Rect B4 (?)

0x8F074 - Snake level 1
0x8F0A0 - Snake level 2
0x8F0CC - Snake level 3

0x8F0F8 - Polar Star level 1
0x8F124 - Polar Star level 2
0x8F150 - Polar Star level 3 (Spur level 1)

0x8F17C - Fireball level 1
0x8F1A8 - Fireball level 2
0x8F1D4 - Fireball level 3

0x8F200 - Machinegun level 1
0x8F22C - Machinegun level 2
0x8F258 - Machinegun level 3

0x8F284 - Missile Launcher level 1*
0x8F2B0 - Missile Launcher level 2
0x8F2DC - Missile Launcher level 3

0x8F308 - Missiles level 1
0x8F334 - Missiles level 2
0x8F360 - Missiles level 3

0x8F38C - Bubbler level 1
0x8F3B8 - Bubbler level 2
0x8F3E4 - Bubbler level 3

0x8F410 - [nothing] level 1
0x8F43C - [nothing] level 2
0x8F468 - [nothing] level 3

0x8F494 - Blade level 1
0x8F4C0 - Blade level 2
0x8F4EC - Blade level 3

0x8F518 - Super Missile Launcher level 1
0x8F544 - Super Missile Launcher level 2
0x8F570 - Super Missile Launcher level 3

0x8F59C - Super Missiles level 1
0x8F5C8 - Super Missiles level 2
0x8F5F4 - Super Missiles level 3

0x8F620 - Nemesis level 1
0x8F64C - Nemesis level 2
0x8F678 - Nemesis level 3

* NOTE: base damage is 0xA (or 0xF for lv2 and 0x5 for lv3), this value added to it, meaning if you define this 0x4, the damage will be 0xE.

Flags:

0x01 - [unused]
0x02 - [unused]
0x04 - Ignore solid
0x08 - No destroy on solid
0x10 - [unused]
0x20 - Destroy breakable blocks
0x40 - ?
0x80 - [unused]

Experience:

0x9366C - Snake level 1
0x93670 - Snake level 2
0x93674 - Snake level 3

0x93678 - Polar Star level 1
0x9367C - Polar Star level 2
0x93680 - Polar Star level 3

0x93684 - Fireball level 1
0x93688 - Fireball level 2
0x9368C - Fireball level 3

0x93690 - Machinegun level 1
0x93694 - Machinegun level 2
0x93698 - Machinegun level 3

0x9369C - Missile Launcher level 1
0x936A0 - Missile Launcher level 2
0x936A4 - Missile Launcher level 3

0x936A8 - Missiles level 1
0x936AC - Missiles level 2
0x936B0 - Missiles level 3

0x936B4 - Bubbler level 1
0x936B8 - Bubbler level 2
0x936BC - Bubbler level 3

0x936C0 - [nothing] level 1
0x936C4 - [nothing] level 2
0x936C8 - [nothing] level 3

0x936CA - Blade level 1
0x936D0 - Blade level 2
0x936D4 - Blade level 3

0x936D8 - Super Missile Launcher level 1
0x936DC - Super Missile Launcher level 2
0x936E0 - Super Missile Launcher level 3

0x936E4 - Super Missiles level 1
0x936E8 - Super Missiles level 2
0x936EC - Super Missiles level 3

0x936F0 - Nemesis level 1
0x936F4 - Nemesis level 2
0x936F8 - Nemesis level 3

0x936FC - Spur level 1
0x93700 - Spur level 2
0x93704 - Spur level 3

Note: The maximum experience value is somewhat near 0x64.

Maximum Number of Shots:

0x1DC15 - Snake level 1
0x1DC15 - Snake level 2
0x1DC15 - Snake level 3

0x1DEA5 - Polar Star level 1
0x1DEA5 - Polar Star level 2
0x1DEA5 - Polar Star level 3

0x1E13C - Fireball level 1
0x1E159 - Fireball level 2
0x1E176 - Fireball level 3

0x1E3E2 - Machinegun level 1
0x1E3E2 - Machinegun level 2
0x1E3E2 - Machinegun level 3

0x????? - Missile Launcher level 1
0x1E90D - Missile Launcher level 2
0x1E937 - Missile Launcher level 3

0x1EFDF - Bubbler level 1
0x1F28F - Bubbler level 2
0x1F28F - Bubbler level 3*

0x????? - Blade level 1
0x????? - Blade level 2
0x????? - Blade level 3

0x????? - Super Missile Launcher level 1
0x????? - Super Missile Launcher level 2
0x????? - Super Missile Launcher level 3

0x1F755 - Nemesis level 2
0x1F755 - Nemesis level 2
0x1F755 - Nemesis level 3

* NOTE: only affects maximum number of bubbles floating by your side.

Assembly:

0x04160 - Snake level 1
0x043F0 - Snake level 2
0x????? - Snake level 3

0x????? - Polar Star level 1
0x????? - Polar Star level 2
0x????? - Polar Star level 3

0x????? - Fireball level 1
0x????? - Fireball level 2
0x????? - Fireball level 3

0x????? - Machinegun level 1
0x????? - Machinegun level 2
0x????? - Machinegun level 3

0x????? - Missile Launcher level 1
0x????? - Missile Launcher level 2
0x????? - Missile Launcher level 3

0x????? - Bubbler level 1
0x????? - Bubbler level 2
0x????? - Bubbler level 3

0x????? - Blade level 1
0x????? - Blade level 2
0x????? - Blade level 3

0x????? - Super Missile Launcher level 1
0x????? - Super Missile Launcher level 2
0x????? - Super Missile Launcher level 3

0x????? - Nemesis level 1
0x????? - Nemesis level 2
0x????? - Nemesis level 3

0x????? - Spur level 1
0x????? - Spur level 2
0x????? - Spur level 3

Energy crystal:

0x26A17 - Medium 
0x26A1D - Large

Note: These values are for how much a weapon energy crystal has to be worth in order to switch sizes.

0x267D7 - Sound

 

How to tell the weapon to destroy a bullet when max distance is reached?
And how to let it spawn more than one bullet at a time? D:

 

How to tell the weapon to destroy a bullet when max distance is reached?
And how to let it spawn more than one bullet at a time? D:

Just check the max distance against the current distance. Use cmp to do that - it'll set various processor flags that can then be used by conditional jumps (ex, jg, jlt, jne...) to control code flow. For instance, in this case...

mov eax, [ebp+08]
mov ecx, [eax+54] ; get the max distance
mov edx, [eax+4C] ; get the current distance
cmp ecx, edx
jne A
; do your bullet-removal code here, or whatever happens when it reaches the max distance
A ... ; the rest of the code.

I'm off to go grab lunch with my cousin, but I,ll check which function you're supposed to call to spawn more bullets. I don't have the offset on hand at the moment.

 

Thanks.

I'm already checking the max distance against the current one, but I don't know the code to tell the game to remove the bullet

 

Just set the InUse flag to 0. When this thing is set to 1, the bullet is active. When it's set to 0, it's inactive and doesn't get rendered/updated anymore and can be overwritten by other new bullets when looking for a free slot to put them in.

I believe 403f80 is where a bullet is created, but I haven't had much of a look at it yet.

 

Ahh, thank you Runelancer.

 

I tried to make a new weapon
Allthough I have some problems...
I have to set the MaxDistance myself :/
Also the directions don't work. I have to set them myself as well, so I loaded 0049E640 into eax (PlayerDirection), but it doesn't work when I try to save it into edp+0038 <_< FIXED!

So what about MaxDistance?

Anyway:

403F80 - ???
[04] - ??? (00403F80)
[08] - Y
[0C] - X
[10] - ???

It seems.

edit: I can't get up and down to work... I think I just don't have the RAM offset.

Anyway, I've got a nice little Buffer Overflow, just before one sec

edit edit: I have some questions...
What's "test" and what does "movzx edx,byte ptr [ecx+0038]"?
Also "cmp dword ptr [ebp-0034],00", what does that "ptr" thing mean?

 

I'm not sure I understand your first question. You want to change the max distance?

"test" is like "cmp" only it performs a bitwise AND on the parameters. You can use it to test for flags or, by ANDing a value with itself, see if it's been set to a non-zero value.

movzx edx,byte ptr [ecx+0038]
movzx: move instruction for signed operations (ie, 0xFF is -1 instead of 255)
edx: the register this is being moved into
byte ptr: just a little processor hint to tell it what follows is a pointer to a byte (8 bits), not an integer (32 bits.)
[ecx+0038]: Take what's in ecx, add 0x38, then go see what's in RAM at that offset.

So in other words, this copies a signed byte into edx.

Dunno how much sense this made. I am, admittedly, drunk at the moment. Among other things.