Weapon Hacking

Aug 31, 2008 at 7:55 AM
Luls
"Bleep, Bloop, Bleep, Bloop"
Join Date: Oct 6, 2007
Location: I dunnos
Posts: 1584
cookie said:
diph.php


ZING!

It's at 1e176, a single byte that defines the number of fireballs plus one at the screen at once; hardcoded into the weapon function as a literal.
Giving it very high values is fruitless because the fireball "fades out" before you can produce the number.
Other weapons also have this test (I've experimented with a 2-shot machine gun... with a crash as sound, haha)

after some more hacking:

diph.php


This is after changing the number of bullets for the machine gun at 1e3d7 (like fireball) and rate of fire to one bullet per tick at 1e459, this defines how many ticks to wait before firing a bullet, also a single byte.

diph.php


It is very fun :p

Hey there.. Eh... Sorry for bumping this thread, although I actaully have something to ask...

Do you have the offsets for the number of shots produced every button press? I'd really like to know cause it would really help for future modding purposes... or maybe even present modding purposes xD

Also, does anyone know the offsets for the fade in animations for the weapons' bullets? I mean, since we know the fade out animations, I thought it'd make it complete by finding the fade IN animations, too.

And the answer to the thought you're currently thinking about right now is: Yes, i dunno how to find them out myself.
 
Sep 5, 2008 at 12:58 PM
Senior Member
"I, Ikachan. The Life and Documentary of the OrigiNAL SQuiD."
Join Date: Mar 14, 2008
Location:
Posts: 189
Dang, I can't do anything with this hex editor. I wanted to edit the Blade to be a melee weapon, but the weapon hacking FAQ doesn't seem to be there. I use XVI32, what should I search for blade level 1, 2, and 3, respectively?
 
Sep 5, 2008 at 1:08 PM
Justin-chan
"Heavy swords for sale. Suitable for most RPG Protagonists. Apply now!"
Join Date: Oct 15, 2007
Location: Nowhere
Posts: 1921
Age: 30
Yes. The weapon hacking FAQ doesn't seem to be there. :p

But it's posted on the previous page =.=
 
Sep 5, 2008 at 1:17 PM
Senior Member
"I, Ikachan. The Life and Documentary of the OrigiNAL SQuiD."
Join Date: Mar 14, 2008
Location:
Posts: 189
jcys810 said:
Yes. The weapon hacking FAQ doesn't seem to be there. :p

But it's posted on the previous page =.=

Yeah, I know, I just can't find the address of the Blades in the hex editor. I tried to put in $8F494 in both text and hex it gives me an invalid. I suck at this stuff
 
Sep 5, 2008 at 1:30 PM
Justin-chan
"Heavy swords for sale. Suitable for most RPG Protagonists. Apply now!"
Join Date: Oct 15, 2007
Location: Nowhere
Posts: 1921
Age: 30
You are supposed to use Ctrl+G, not Ctrl+F. If that's what you did.
 
Sep 5, 2008 at 5:53 PM
Luls
"Bleep, Bloop, Bleep, Bloop"
Join Date: Oct 6, 2007
Location: I dunnos
Posts: 1584
Metalogz said:
cookie said:
diph.php


ZING!

It's at 1e176, a single byte that defines the number of fireballs plus one at the screen at once; hardcoded into the weapon function as a literal.
Giving it very high values is fruitless because the fireball "fades out" before you can produce the number.
Other weapons also have this test (I've experimented with a 2-shot machine gun... with a crash as sound, haha)

after some more hacking:

diph.php


This is after changing the number of bullets for the machine gun at 1e3d7 (like fireball) and rate of fire to one bullet per tick at 1e459, this defines how many ticks to wait before firing a bullet, also a single byte.

diph.php


It is very fun :p

Hey there.. Eh... Sorry for bumping this thread, although I actaully have something to ask...

Do you have the offsets for the number of shots produced every button press? I'd really like to know cause it would really help for future modding purposes... or maybe even present modding purposes xD

Also, does anyone know the offsets for the fade in animations for the weapons' bullets? I mean, since we know the fade out animations, I thought it'd make it complete by finding the fade IN animations, too.

And the answer to the thought you're currently thinking about right now is: Yes, i dunno how to find them out myself.

!1!11!!11!1!!!!1!1!1!!11!1!

Does anyone have the friggin answers I need!?!?!
 
Sep 5, 2008 at 10:29 PM
Senior Member
"I, Ikachan. The Life and Documentary of the OrigiNAL SQuiD."
Join Date: Mar 14, 2008
Location:
Posts: 189
Woot, my close-range Blade works. Now where can I find the other Blade levels?
 
Sep 6, 2008 at 10:19 AM
Justin-chan
"Heavy swords for sale. Suitable for most RPG Protagonists. Apply now!"
Join Date: Oct 15, 2007
Location: Nowhere
Posts: 1921
Age: 30
!1!11!!11!1!!!!1!1!1!!11!1!

Does anyone have the friggin answers I need!?!?!
If they did they would have replied.
Woot, my close-range Blade works. Now where can I find the other Blade levels?
Isn't it in the FAQ =.=
 
Sep 6, 2008 at 11:26 AM
Luls
"Bleep, Bloop, Bleep, Bloop"
Join Date: Oct 6, 2007
Location: I dunnos
Posts: 1584
DimJim said:
Woot, my close-range Blade works. Now where can I find the other Blade levels?

Wut?!

How on aerth did you manage to find the resources you need to edit your close-range blade, and not be able to find the others?!

Aren't they all in the same FAQ?!

FDGSF.
 
Jan 5, 2009 at 2:10 AM
Senior Member
"Wahoo! Upgrade!"
Join Date: Jan 31, 2008
Location: Wood Zone
Posts: 59
Age: 31
Code:
Experience:

0x9366C - Snake level 1
0x93670 - Snake level 2
0x93674 - Snake level 3

0x93678 - Polar Star level 1
0x9367C - Polar Star level 2
0x93680 - Polar Star level 3

0x93684 - Fireball level 1
0x93688 - Fireball level 2
0x9368C - Fireball level 3

0x93690 - Machinegun level 1
0x93694 - Machinegun level 2
0x93698 - Machinegun level 3

0x9369C - Missile Launcher level 1
0x936A0 - Missile Launcher level 2
0x936A4 - Missile Launcher level 3

0x936A8 - Missiles level 1
0x936AC - Missiles level 2
0x936B0 - Missiles level 3

0x936B4 - Bubbler level 1
0x936B8 - Bubbler level 2
0x936BC - Bubbler level 3

0x936C0 - [nothing] level 1
0x936C4 - [nothing] level 2
0x936C8 - [nothing] level 3

0x936CA - Blade level 1
0x936D0 - Blade level 2
0x936D4 - Blade level 3

0x936D8 - Super Missile Launcher level 1
0x936DC - Super Missile Launcher level 2
0x936E0 - Super Missile Launcher level 3

0x936E4 - Super Missiles level 1
0x936E8 - Super Missiles level 2
0x936EC - Super Missiles level 3

0x936F0 - Nemesis level 1
0x936F4 - Nemesis level 2
0x936F8 - Nemesis level 3

0x936FC - Spur level 1
0x93700 - Spur level 2
0x93704 - Spur level 3
Since there's two extra tiles (16x16 pixels) for images after the Spur in ArmsImage.pbm, wouldn't 0x93708 be the Level 1 value of the first weapon, and 0x93714 be the Level 1 value of the second? Blank 1 and Blank 2, they could be called. Also, there's another tile that is semi blank, the very first one. That'd be coded at 0x93660. And, since ItemImage.pbm has extra spaces too, the Missile upgrade icons could be put in there, and we have coding space for six new weapons! There's space for them in Arms.pbm as well. All we have to do then is figure out where the weapon assembly coding is, and reverse-engineer it... :o

Sorry for the three/four month bump. :o

EDIT: Nevermind about finding anything. I've got it all right here for you, assuming the space between each weapon is the same.

Code:
Weapon Hacking FAQ by S. P. Gardebiter
Thanks to turska, ZTaimat, Runelancer and Wistil

0x00 - Damage
0x01 - Penetrating Power
0x04 - Range
0x08 - Flags [See below]
0x0C - Rect A1 (?)
0x10 - Rect A2 (?)
0x14 - Rect A3 (?)
0x18 - Rect A4 (?)
0x1C - Rect B1 (X Axis?)
0x20 - Rect B2 (Y Axis)
0x24 - Rect B3 (?)
0x28 - Rect B4 (?)

[b]0x8F000 - Unused weapon #1 level 1
0x8F02C - Unused weapon #1 level 2
0x8F048 - Unused weapon #1 level 3[/b]

0x8F074 - Snake level 1
0x8F0A0 - Snake level 2
0x8F0CC - Snake level 3

0x8F0F8 - Polar Star level 1
0x8F124 - Polar Star level 2
0x8F150 - Polar Star level 3 (Spur level 1)

0x8F17C - Fireball level 1
0x8F1A8 - Fireball level 2
0x8F1D4 - Fireball level 3

0x8F200 - Machinegun level 1
0x8F22C - Machinegun level 2
0x8F258 - Machinegun level 3

0x8F284 - Missile Launcher level 1*
0x8F2B0 - Missile Launcher level 2
0x8F2DC - Missile Launcher level 3

0x8F308 - Missiles level 1
0x8F334 - Missiles level 2
0x8F360 - Missiles level 3

0x8F38C - Bubbler level 1
0x8F3B8 - Bubbler level 2
0x8F3E4 - Bubbler level 3

0x8F410 - [nothing] level 1
0x8F43C - [nothing] level 2
0x8F468 - [nothing] level 3

0x8F494 - Blade level 1
0x8F4C0 - Blade level 2
0x8F4EC - Blade level 3

0x8F518 - Super Missile Launcher level 1
0x8F544 - Super Missile Launcher level 2
0x8F570 - Super Missile Launcher level 3

0x8F59C - Super Missiles level 1
0x8F5C8 - Super Missiles level 2
0x8F5F4 - Super Missiles level 3

0x8F620 - Nemesis level 1
0x8F64C - Nemesis level 2
0x8F678 - Nemesis level 3

[b]0x8F6A4 - Unused weapon #2 level 1
0x8F6D0 - Unused weapon #2 level 2
0x8F6FC - Unused weapon #2 level 3

0x8F728 - Unused weapon #3 level 1
0x8F754 - Unused weapon #3 level 2
0x8F780 - Unused weapon #3 level 3[/b]

* NOTE: base damage is 0xA (or 0xF for lv2 and 0x5 for lv3), this value added to it, meaning if you define this 0x4, the damage will be 0xE.

Flags:

0x01 - [unused]
0x02 - [unused]
0x04 - Ignore solid
0x08 - No destroy on solid
0x10 - [unused]
0x20 - Destroy breakable blocks
0x40 - ?
0x80 - [unused]

Experience:

[b]0x93660 - Unused weapon #1 level 1
0x93664 - Unused weapon #1 level 2
0x93668 - Unused weapon #1 level 3[/b]

0x9366C - Snake level 1
0x93670 - Snake level 2
0x93674 - Snake level 3

0x93678 - Polar Star level 1
0x9367C - Polar Star level 2
0x93680 - Polar Star level 3

0x93684 - Fireball level 1
0x93688 - Fireball level 2
0x9368C - Fireball level 3

0x93690 - Machinegun level 1
0x93694 - Machinegun level 2
0x93698 - Machinegun level 3

0x9369C - Missile Launcher level 1
0x936A0 - Missile Launcher level 2
0x936A4 - Missile Launcher level 3

0x936A8 - Missiles icon level 1
0x936AC - Missiles icon level 2
0x936B0 - Missiles icon level 3

0x936B4 - Bubbler level 1
0x936B8 - Bubbler level 2
0x936BC - Bubbler level 3

0x936C0 - [nothing] level 1
0x936C4 - [nothing] level 2
0x936C8 - [nothing] level 3

0x936CA - Blade level 1
0x936D0 - Blade level 2
0x936D4 - Blade level 3

0x936D8 - Super Missile Launcher level 1
0x936DC - Super Missile Launcher level 2
0x936E0 - Super Missile Launcher level 3

0x936E4 - Super Missiles Icon level 1
0x936E8 - Super Missiles Icon level 2
0x936EC - Super Missiles Icon level 3

0x936F0 - Nemesis level 1
0x936F4 - Nemesis level 2
0x936F8 - Nemesis level 3

0x936FC - Spur level 1
0x93700 - Spur level 2
0x93704 - Spur level 3

[b]0x93708 - Unused weapon #2 level 1
0x9370C - Unused weapon #2 level 2
0x93710 - Unused weapon #2 level 3

0x93714 - Unused weapon #3 level 1
0x93718 - Unused weapon #3 level 2
0x9371C - Unused weapon #3 level 3[/b]

Note: The maximum experience value is somewhat near 0x64. (100 in decimal)

Maximum Number of Shots:

0x????? - Unused weaponry (There isn't a specific number of bytes between each value)

0x1DC15 - Snake

0x1DEA5 - Polar Star + Spur Uncharged

0x1E13C - Fireball level 1
0x1E159 - Fireball level 2
0x1E176 - Fireball level 3

0x1E3E2 - Machinegun

0x????? - Missile Launcher level 1
0x1E90D - Missile Launcher level 2
0x1E937 - Missile Launcher level 3

0x1EFDF - Bubbler level 1
0x1F28F - Bubbler level 2
0x1F28F - Bubbler level 3*

0x????? - Blade level 1
0x????? - Blade level 2
0x????? - Blade level 3

0x????? - Super Missile Launcher level 1
0x????? - Super Missile Launcher level 2
0x????? - Super Missile Launcher level 3

0x1F755 - Nemesis

* NOTE: only affects maximum number of bubbles floating by your side.

Assembly: [b]All values other than Snake levels 1 and 2 are complete guesses on my part, using math[/b]

0x03990 - Unused weapon #1 level 1
0x03C30 - Unused weapon #1 level 2
0x03EC0 - Unused weapon #1 level 3

0x04160 - Snake level 1
0x043F0 - Snake level 2
0x04680 - Snake level 3

0x04910 - Polar Star level 1
0x04BA0 - Polar Star level 2
0x04E30 - Polar Star level 3

0x050C0 - Fireball level 1
0x05350 - Fireball level 2
0x055E0 - Fireball level 3

0x05870 - Machinegun level 1
0x05B00 - Machinegun level 2
0x05D90 - Machinegun level 3

0x06020 - Missile Launcher level 1
0x062B0 - Missile Launcher level 2
0x06540 - Missile Launcher level 3

0x067D0 - Bubbler level 1
0x06A60 - Bubbler level 2
0x06CF0 - Bubbler level 3

0x06F80 - Blade level 1
0x07210 - Blade level 2
0x074A0 - Blade level 3

0x07730 - Super Missile Launcher level 1
0x079C0 - Super Missile Launcher level 2
0x07C50 - Super Missile Launcher level 3

0x07EE0 - Nemesis level 1
0x08170 - Nemesis level 2
0x08400 - Nemesis level 3

0x08690 - Spur level 1
0x08920 - Spur level 2
0x08BB0 - Spur level 3

0x08E40 - Unused weapon #2 level 1
0x090D0 - Unused weapon #2 level 2
0x09360 - Unused weapon #2 level 3

0x095F0 - Unused weapon #3 level 1
0x09880 - Unused weapon #3 level 2
0x09B10 - Unused weapon #3 level 3

Energy crystal:

0x26A17 - Medium 
0x26A1D - Large

Note: These values are for how much a weapon energy crystal has to be worth in order to switch sizes.

0x267D7 - Sound
 
Jan 20, 2009 at 6:19 PM
Agent of the System
"All your forum are belong to us!"
Join Date: Jan 20, 2009
Location: Gotham City
Posts: 559
Age: 33
A quick question.

What kind of things can you do to a weapon in cave story???

Joker
 
Jan 21, 2009 at 12:52 PM
Been here way too long...
"Life begins and ends with Nu."
Join Date: Jan 4, 2008
Location: Lingerie, but also, like, fancy curtains
Posts: 3054
depends whether you are using assembly or not.
with assembly, you can do everything, without it, you can only change through walls, damage, max onscreen, and range.
 
Jan 21, 2009 at 1:04 PM
Agent of the System
"All your forum are belong to us!"
Join Date: Jan 20, 2009
Location: Gotham City
Posts: 559
Age: 33
Lace said:
depends whether you are using assembly or not.
with assembly, you can do everything, without it, you can only change through walls, damage, max onscreen, and range.
So I could make the blade twice as powerful, go through walls, and go farther?:)

How!?!:D
 
Jan 22, 2009 at 5:17 AM
Lvl 1
Forum Moderator
"Life begins and ends with Nu."
Join Date: May 28, 2008
Location: PMMM MMO
Posts: 3713
Age: 31
The Joker said:
So I could make the blade twice as powerful, go through walls, and go farther?:confused:

How!?!:D

On page 12 of this thread, you can find the offsets you need to edit to change damage, range, flags and such.

The offsets are stored in the .exe, and you'll have to edit the executable with a hexeditor to find the offsets.

Really, read this thread before posting questions, I'm sure this was said before....
 
Jan 22, 2009 at 3:45 PM
Hoxtilicious
"Life begins and ends with Nu."
Join Date: Dec 30, 2005
Location: Germany
Posts: 3218
Age: 32
Anyone ever bothered to read the first post on the very first page of this thread? -_-
 
Jan 25, 2009 at 12:52 AM
Lvl 1
Forum Moderator
"Life begins and ends with Nu."
Join Date: May 28, 2008
Location: PMMM MMO
Posts: 3713
Age: 31
S. P. Gardebiter said:
Anyone ever bothered to read the first post on the very first page of this thread? -_-

Yes, and as I'm sure your aware the link that is in the first post is long dead, or else I just really suck at connecting to it.
 
Feb 7, 2009 at 1:09 AM
Junior Member
"Wow! The more I drink of this magical beverage, the more games I can play! Wheee!"
Join Date: Jan 18, 2009
Location: USA
Posts: 28
It would help if it would load for me :/
 
Feb 7, 2009 at 8:28 AM
Hoxtilicious
"Life begins and ends with Nu."
Join Date: Dec 30, 2005
Location: Germany
Posts: 3218
Age: 32
Now, look at the FTP. There is a sticky out there.
Ever cared to read it? -_-"
You should read every sticky.
 
Mar 2, 2009 at 5:24 PM
Been here way too long...
"Life begins and ends with Nu."
Join Date: Jan 4, 2008
Location: Lingerie, but also, like, fancy curtains
Posts: 3054
brain-ache

HALP!
Okay, hacking the fireball to make half of its shots go down, and the other half go up. making its shots go up or down is really easy, it's controlled by a little snippit at 404d61:

Code:
add ecx,55

that controls the angle of the shot, make it sub, and the shot flies upwards. So to make it alternate, I just swapped that code with this one:

Code:
  push edx
mov edx,[004002AC]
add edx,0x01
cmp edx,0x01
jle A
xor edx,edx
A cmp edx,0x00
jne B
add ecx,0x55
jmp C
B sub ecx,0x55
C mov [004002AC],edx
pop edx

which does three things, first, it takes the value at 2ac, and adds one to it. if it exceeds one, it then sets it to zero. then, if 2ac is zero, it makes the shots fall, if it is one, it makes them rise. lastly, it saves the number back into 2ac for future reference, eg the next time the gun is fired.

of course, this doesn't all fit in that one tiny line of code, so I had a bit of jumping around to do.

I put in at 404d61:

Code:
jmp 0040004e
nop

which jumps to some free space ("Can't be run in Dos mode"), and then a no operation to hold the filesize. up at 40004e, I had:

Code:
  mov edx,[ebp+0008]
call 004002AD
jmp 00404D67

the first line is a bit of code I had to overwrite for the jump, so I needed to maintain that, then the call is down to more free space, and then it jumps back.

and here at 404d67, we have:

Code:
push edx
mov edx,[004002AC]
add edx,0x01
cmp edx,0x01
jle A
xor edx,edx
A cmp edx,0x00
jne B
add ecx,0x55
jmp C
B sub ecx,0x55
C mov [004002AC],edx
pop edx
ret

which is the alternating function I showed earlier.

okay, this doesn't work at all, meaning it displays an error message the instant the fireball is created, and, presumably, when it assigns the angle.

what am I doing wrong?

oh, at 2ac there is loads and loads of presumably "free" space, but that might be the flag space.
 
Top