GoldenEye 007 Nintendo 64 Community, GoldenEye X, Nintendo 64 Games Discussion

[zoinkity]

Sorry if this is rambling; it was sort of compiled notes. Tried to explain as much of what's going on as possible, concidering nobody ever hacks this system.

Pertinent file is http://www.mediafire.com/?7j70gavpeitd9

+_+

First off, this fixes the issue with locking on the start menu if you don't press B:
8106137C 0004
8106137E 1025

or in ROM:
8006137C 0x3C77C
00041025 OR V0,A0,R0

It's a self-calling redirect otherwise. Everything seems to work fine if it simply returns V0 equal to A0. Keep in mind you'll have to recalc the checksum if you patch that into the ROM.

[]_[]

Peeking at the Debug Parser
Debug in here isn't a menu, but a series of command options which can be fed through an interpretter. Normally this would have been used via a development device, like an Indy board. They'd type commands into a buffer, execute them, then read the resultant debug data from rdram onto their PC. Rare's games used a similiar scheme.
80041DF4 parses formatted debug message strings, usually sending them through 800C3310, the strtok() subroutine. In order, here's how it goes:
1) A0 is the command string you'll parse. First thing, it breaks up your command with these delimiters: " ,\t\n".
2) Once a list is orgainized, it checks a keyword list using a pointer table from 800C8D10-800C8DA8. That's a table of 38 strings, which you can peek through at 800D6370.
3) On the chance one of the keywords is a hit, the appropriate handler is pulled out of the pointer table at 800D6A30-800D6AC8. Some of these expect additional data as noted below; others merely perform their function.
4) Most commands will print a certain amount of debug information or error text into a buffer at 80134470. This isn't printed to the screen, but you can view it in the buffer.

The correspondance is such:
80042764 MICROCODE (int)
Accepts an optional int between 0-9, set to or retrieved from 800C89C8.
8004286C SCREENDUMP
Probably a gutted routine, since 80041A44 is now an unconditional return.
800428B4 RDPBUFFER (long)
Accepts an optional int between 0-0x2000, set to or retrieved from 800C89D0. Sets or displays the display list buffer size.
8004292C ZBUFFER (int)
Accepts an optional int, TRUE or FALSE (1-0), set or retrieved from 800C89F4. Simply toggles or displays the mode of the zbuffer.
800429A4 ALIASMODE (int)
Accepts an optional int between 0-2, set or retrieved from 800C89F0. Probably should trace the code before making wild claims, but likely alternates between antialias/dither and their interpretations.
80042A1C FARPLANE (int)
Accepts an optional int between 0-30000, set or retrieved from 801249D0. The far plane is the maximum visible range before culling occurs.
80042ACC NEARPLANE (int)
Accepts an optional int between 0-35557, set or retrieved from 801249CC. The near plane is the closest point visible. Anything closer is culled.
800432C8 WORLDLIGHTDIR int (int int int int)
First argument is an int from 0-3, setting the light number. Failure to provide one prompts usage text. If the x or speed are NULL, retrieves the current light position shorts from 80122974, 80122978, and 8012297C. Otherwise, sets global light values to the given xyz position and speed values.
8004317C WORLDLIGHTCOLOR int (int int int int)
First argument is an int from 0-3, setting the light number. Failure to provide one prompts usage text. If the red or speed are NULL, retrieves the current light shorts from 80122980, 80122984, and 80122988. Otherwise, sets global light values to the given rgb and speed values.
80043418 KAGELIGHTCOLOR int (int int int int)
First argument is an int from 0-3, setting the light number. Failure to provide one prompts usage text. If the red or speed are NULL, retrieves the current light shorts from 80145AD0, 80145AD4, and 80145AD8. Otherwise, sets effect light values to the given rgb and speed values.
800435CC KAGELIGHTDIR int (int int int int)
First argument is an int from 0-3, setting the light number. Failure to provide one prompts usage text. If the x or speed are NULL, retrieves the current light position shorts from 80145AC4, 80145AC8, and 80145ACC. Otherwise, sets effect light values to the given xyz position and speed values.
80042C94 KAGEEFFECT (int)
Accepts an optional int between 0-255, set or retrieved from 801291E8. Value is an index, offsetting by increments of 0x17C8 from 80145CF9.
80042D5C KAGELIGHT (int)
Accepts an optional int between 0-255, set or retrieved from 801291E8. Value is an index, offsetting by increments of 0x17C8 from 80145AB4.
80042B4C FOGMIN (short)
Accepts an optional int between 0-65535, set or retrieved from 800C97B4. This is the closest distance at which fog appears, applied in a gradient-like fashion to the far fog point.
80042BF0 FOGMAX (short)
Accepts an optional int between 0-65535, set or retrieved from 800C97B6. This is the far extreme at which fog appears densest.
80042C44 FOGMODE (int)
Accepts an optional int, set or retrieved from 800C97B3.
80043070 FOGCOLOR (int int int)
Optionally accepts three int values between 0-255, set or retrieved from 800C97B0. Sets the fog color to the given rgb values, or prints current fog color.
80042FAC DRAGONLIGHT (int)
Accepts an optional int between 0-255, set or retrieved from 801291E8. Value is an index, offsetting by increments of 0x17C8 from 80145AB4.
80042EE4 DRAGONEFFECT (int)
Accepts an optional int between 0-255, set or retrieved from 801291E8. Value is an index, offsetting by increments of 0x17C8 from 80145CF9.
80042E20 KAGEWEAPONEFFECT (int)
Accepts an optional int between 0-255, set or retrieved from 801291E8. Value is an index, offsetting by increments of 0x17C8 from 80145D28.
80042BA0 SOUND (int)
Accepts an optional int, although failing to provide one is meaningless. Sets and plays the given sound.
800427F8 SAVERECORD
Probably a gutted routine, since 80041A44 is now an unconditional return.
800427DC LOADRECORD
Gutted. Simply copies the debug message to buffer.
80043784 SHOWMEM
Calls 80049B98: A0=1.
80042744 SETREPLYMODE int
Expects one int, saved to 800C8DA8.
80042718 GETRENDERTIME
Prints delay in cycles between start and end of display list generation and parsing to buffer at 80134470.
800426C4 MUSIC long long
Expects two long values, saved to 801249B0. The first probably is the track number or other small value, the other more likely a timer or pointer. Functionally, after each value is stored the originals replace them, so this function may have no actual usefulness.
80042634 DEBUG (int)
Accepts an optional int from 0-2, set to or retrieved from 800D01E0. If set, changes level of debug information to the given value. Otherwise, prints debug level at 80134470.
80042700 STOPSOUND
Stops playing sound. Calls 800AA8D8: A0=1, A1=NULL.
80042588 BOUNDARYDEBUG int
Expects one int value between 0-3, saved to 800D27E9. Changes degree of boundry debug info.
800425C4 CAMERADEBUG int
Expects one int value between 0-3, saved to 800D27EA. Changes degree of camera debug info.
800425FC ENEMYDEBUG int
Expects one int value between 0-3, saved to 800D27EA. Changes degree of actor debug info.
800424D8 MEM
Displays current allocated memory, in MBs. Broad scoped for a memory debugger...
8004236C SCREENSIZE long long
Expects two long values, saved to 800C8A18. Should, within reason, set the screen size. Keep in mind memory requirements, etc.
80041EEC AMBIENTLIGHT int int int
Expects three int values between 0-255, saved to 800CAC44. Sets the ambient light to the given rgb value using 8005D8C0.
80042040 LIGHTDIR short short short
Expects three short values, saved to 800CAC4A. Sets the position of the light using 8005D9CC.
80042194 DIRLIGHT int int int
Expects three int values, saved to 800CAC47. Sets the position of the light using 8005D8C0.
800422E8 RIPPLECOLOUR int int int int
Expects four int values. The entry number is retrieved from 801249B0 and saved in the corresponding rgba entry of the table at 800CE76C.
80043798 Default for out-of-range hits
Calls 80041A44: A0=0. This routine is now an unconditional return and has no effect.

+_+

80041DF4 0C01077D debug handler

Obviously, the debug interpretter isn't linked into any existing code. Also, for our sake, it is easier to deal with a fixed buffer for text than clearing and setting stuff all the time. So, this hack is designed to simply use the end of their own debug text buffer as the command buffer, allow you to type commands into there using either a gameshark (assuming console use) or a ram editor hooked onto an emulator. I suppose you could also toggle on GS code entries to tack in preconstructed commands as well, if you were psycho and had a lot of time on your hands.

Now, to hook the interpretter into some periodic event, like this one: 80029264
80029264 0x4664
3C048013 *LUI A0,8013
0C01077D *JAL 80041DF4
24844700 *ADDIU A0,A0,4700
3C053F80 *LUI A1,3F80

Here's the GS code equivelant:
81029264 3C04
81029266 8013
81029268 0C01
8102926A 077D
8102926C 2484
8102926E 4700
81029270 3C05
81029272 3F80
It will now read and use any commands you set at 80134700.
If you happen to use a ROM patch or you activate the codes at startup, it might appreciate having data to parse. This two-line GS code can solve that:
81134700 4D45
81134702 4D00
That really just means this was a rush job and I didn't choose a very good injection point. Point being, if you can't get it to start up right, use that.


The best sort of setup for playing around with this would be a backup device + GS/AR or other ram editor combo. Since that's out of the reach of the general population at the moment, next best would be an emulator with a ram editor, such as Nemu64. Pending that, you can probably get away with other emulators using an external ram editor, such as Renegade.
The patch provided may not play on all emulators without sending some data to parse. Since this is an ASM hack, GS codes will not immediately replace the assembly code. Some emulators (Nemu for instance) will, but others need to either set the RSP core to interpretter or save and reload a savestate with the altered data. Sort of a hassle.
This whole scheme was tested on console using direct memory overwrite via GS memory editor. Can't really say for certain if it will work as well on emulators, on account of being unable to run most of them.

+_+

If you did want to write your own injection point, have at it. Set a JAL to 80041DF4 (0C01077D), A0=p->text to be parsed. You can use any buffer you'd like, really, but an initialized one is always easiest.
Keep in mind, the operative code to create a fixed buffer for reading can be hooked into the debug menu itself. The buffer in this case: 80134700.
81041E24 8CC2
81041E28 3C04
81041E2A 8013
81041E2C 2484
81041E2E 4700
81041E32 6550
81041E34 AFA2
81041E38 0000
81041E3A 0000
However, you don't need that unless there isn't enough room at the hook point.

-_-

Patcho:
The patch is designed to be applied to an unbyteswapped Dragon Storm ROM image. It injects the debug parser, bugfixes the main menu crash issue, and changes the versioon number to allow identification of patched ROMs. The checksum is precalculated, so any additional editting will require you to revise the checksum again.
If for some reason the game appears to hang with a black screen at boot, it is likley waiting for some debug data to parse. You can type "MEM" followed by a NULL (00) at 80134700 or use these two codes to do it automatically:
81134700 4D45
81134702 4D00
Do keep in mind you'll have to deactivate those before typing in something else or they will overwrite your data.

Basically, the patch is just there so you can muck about with it in Nemu. No serious bug testing went into this one, so expect problems.

=_=

Lastly, if somebody knows the original dumper, I'm curious if someone had altered the first byte of the 5-byte ID code or set the code themselves by any chance.
More importantly, I'd like to confirm that the dump size was correct. 0x902D80 is something of a peculiar size after all, and the only reasons I can think for it would be either this wasn't dumped from a cartridge (as in a build on PC) or the dump was cleaned up. It is worth asking about, at any rate.

-Zoinkity
_________________
(\_/) Beware
(O.o) ze
(> <) Hoppentruppen!

[radorn]

are you talking about this game?
http://www.unseen64.net/2008/04/04/dragon-sword-64-cancelled/

[SubDrag]

I did like that game, tried the version leaked.

[radorn]

I loaded it on hardware.
took a while to figure out what to do, and I stopped playing after it froze on a dragon-like boss.
Will probably explore it a bit more in the future