NFL Blitz Fans
Blitz Hacking and Development => NFL Blitz Hacking => Topic started by: blitzmaster5000 on May 15, 2016, 12:40:38 PM
-
Jake had mentioned making an external playbook editor a while back. Initially I thought this would be nearly impossible as Zoinkity had mentioned custom plays is quite difficult. However, I have been able to find out how the game (specifically Blitz 2000 Zoinkity hacked version) saves custom plays on the memory pak. I can also view how different player position, route, action (juking,blocking, etc) affects the block of code for each play. Therefore, I think it would most definitely be possible to create an external playbook editor, it's just a matter of mapping all of the addresses with their respective functions. I will be posting updates here.
Jake - I don't have the skills for doing a stand alone c# program like you have made for the other hacking tools, so maybe we could collaborate on this one. It would be awesome to create plays using mouse + keyboard versus the way in the game as is.
-
Below are some notes about how the editor works, and how each play holds the data. If you turn on the memory pak in either nemu or P64, it generates a *.mpk file. This file contains all of the code for your custom plays. My plays start around 0x31D0 and are added sequentially as I make more (up to 9 total for each playbook).
//notes
field size lateral x = 0x01 - 0x27 and vertical y = 0x01 - 0x2B //is a 26 X 42 matrix)
total play size is always 273 bits
plays added in-line, defensive plays come after offensive ones
all players - 3 linemen, qb and WRs have 8 total addresses, only WRs matter for their routes
//end notes
//RECIEVER CODE BELOW//
list of actions / hex values for recieves
juke 0x01
spin 0x02
block 0x88
turbo 0x10
wave 0x20
delay 0x40
delete 0x00
done 0x80
reciever x - y coordinates and actions - around 0x002CA704 in memory
reciever 1 - from 0xAC to 0xC8
0xAC AA BB CC DD //AA = starting X; BB = starting Y; CC = ?; DD =
0xB0 AA BB CC DD //AA = NODE 1 X; BB = NODE 1 Y; CC = ?; DD = NODE 1 ACTION
0xB4 AA BB CC DD //node 2
0xB8 AA BB CC DD //node 3
0xBC AA BB CC DD //NODE 4
0XC0 AA BB CC DD //NODE 5
0XC4 AA BB CC DD //NODE 6
0xC8 AA BB CC DD //NODE 7
reciever 2 - from 0xCC to 0xE8
reciever 3 - from 0xEC to 0x108
//end reciever code//
//QB CODE BELOW//
QB position 0x002CA680 and 0x002CA6E4
0x28 21 00 04 AA //AA = 01 regular; 03 shotgun
0x8C 14 AA 00 80 //AA = 07 regular; 05 shotgun
//end QB code//
// LINEMEN CODE BELOW //
linemen list of actions / hex values - CC values below
block 08
block left 10
block right 20
AA values 01 - 27 // player position; from farthest left to right. position constraints determined by neighboring players
BB values 08 // no changes - always on LOS
lineman 1 0x002CA684
0x2C AA BB 00 80 //AA = x; BB = y;
0x30 AA BB CC 00 //AA = x; BB = y; CC = ACTION
lineman 2 0x002CA6A4
0x4C AA BB 00 80 //AA = x; BB = y
0x50 AA BB CC 00 //AA = x; BB = y; CC = ACTION
lineman 3 0x002CA6C4
0x6C AA BB 00 80 //AA = x; BB = y
0x50 AA BB CC 00 //AA = x; BB = y; CC = ACTION
-
Hey Blitzmaster,
I'd for sure be interested in helping develop the GUI for this! I'll look more into this this week and start to scrap something together. I'll probably follow up a little more on it tomorrow also (heading to bed).
Super pumped!
-
Awesome! I also found where the game stores the custom playbook users can save. At the very end of the playbook (near address 0x4524) are values that correspond to the 3 pages of default plays that can be swapped around. This is also where the custom audibles are stored.
// CUSTOM PLAYBOOK play list and hex codes //
//PAGE 1
SWITCH UP 0x00
CRUISIN' 0x01
HURRICANE 0x02
ZIG ZAG 0x03
SPIDER LEGS 0x04
MONKEY 0x05
SLIP SLIDE 0x06
QB POST 0x07
QUICK DISH 0x08
//PAGE 2
UPPER CUT 0x09
DA BOMB 0x0A
HAIL MARY 0x0B
TURMOIL 0x0C
BACK SPLIT 0x0D
SUBZERO 0x0E
DAWG HOOK 0x0F
UTB DEEP 0x10
X SLANT 0x11
//PAGE 3
BLIZZARD 0x12
CRISS X 0x13
UP THE GUT 0x14
SCREEN RT 0x15
SUPER FLY 0x16
MIDDLE PICK 0x17
SWEEP RT 0x18
REVERSE ZIP 0x19
HB BLOCK 0x1A
//PAGE 4 - NON DEFAULTS
OPTION LT 0x1B
LEG BREAK 0x1C
DOG DAY 0x1D
SPLIT ENDS 0x1E
CRUEL DANCE 0x1F
COUNT IT 0x20
JUKE BOX 0x21
ZONE BANE 0x22
WHAT THE... 0x23
//PAGE 5 - NON DEFAULTS
2 REVERSE 0x24
MEAT HOOK 0x25
HOOK IT UP 0x26
CLUBBIN 0x27
DIPPIN 0x28
FROM BEHIND 0x29
STREAKER 0x2A
CAN OPENER 0x2B
PIN WHEEL 0x2C
//DEFENSIVE PLAYLIST
SAFE COVER 0x00
GOAL LINE 0x01
2 MAN BLTZ 0x02
MED. ZONE 0x03
SUICIDE 0x04
DEEP ZONE 0x05
1 MAN BLTZ 0x06
NEAR ZONE 0x07
ZONE BLTZ 0x08
G. STANCE 0x09
COVER 3 0x0A
SHORTSTOP 0x0B
DOG CATCHER 0x0C
ARROW 0x0D
COVER DEEP 0x0E
MANZONE 0x0F
DEEP RUSH 0x10
COVER FLAT 0x11
// AUDIBLES
last 6 values correspond to the 3 offensive and defensive audibles
from 0x454A - 0x454f
-
Next I'm going to see if I can find the actual data for the default plays (QB POST, DA BOMB, etc) in the rom. I'm interested to see if these plays have similar data to the custom plays. Then, I'm going to see if I can find the default plays in 2001 and extract the data, as a friend wanted some of those plays incorporated.
-
I also found out that the maximum upfield values can be increased beyond what it allows. I'm not sure what the max value is, but it looks like you could draw up plays going beyond the ~30 yard limit in the default play editor. We should be able to use a larger field in our custom editor.
-
For in game play locations you might be able to take a look at some of zoinkity's notes, I know that he did find the location for them. I'm at work so i can take a look at his notes in his patch .zip right now but here are some he shared with me a year or two back in a PM
0xDAB74 80336B24 pointers to offensive play data
0xDAC28 80336BD8 pointers to offensive play names
0xDACDC 80336C8C pointers
0xDAD00 80336CB0 pointers
0xDAE70 80336E20 team offensive playlists; 0x1B ea.
0xDB1BC 8033716C team defensive playlists; 9 ea.
0xDB2D0 80337280 table of "l_*" entries for playlist and other smaller cases
0xDB34C 803372FC
Also a few questions for you.
For the X,Y where is the line of scrimmage located?
Do you happen to know the X,Y coordinates that make up that red bounding box on the play editor?
Does the play editor snap to a grid or can the coordinates be essentially anything?
Can we include more then the defiend amount of jukes, spins, ect.. or are we limited to 3?
Working on the UI currently, hopefully can upload some screen shots in a few weeks.
-
Yea I saw that note that Zoinkity had left about the pointers to team plays and what not. I seem to remember this address:
0xDAE70 80336E20 team offensive playlists; 0x1B ea.
had some very odd looking code.. so I may have been unknowingly looking at the actual play data.
The line of scrimmage going across the y-axis is at 0A. No x-axis for it, as it goes straight across the whole field.
Here are the hex values for the red exclusion box.
(http://i.imgur.com/DqzmMFH.png)
I think the play editor does indeed snap to a grid, in the sense that each x,y interval is 01 apart from its nearest neighbor. I think we could create the field to have the same total amount of x,y values as the playbook editor. It's a 26 wide x 42 tall field, so as long as the editor has the same amount of intervals as this, we can easily correlate them to the hex values. Actually, if we wanted, we could have the y-axis longer if we wanted, as you can actually increase this value beyond what the in-game editor allows you to do. So if you wanted to make a "da bomb" or "hail mary" type play where the WRs keep going, you could do so.
Just checked if we can add multiple actions at the various nodes - yes you can! I edited my play so that WR1 and WR2 have about 6 spins each and tested the play. They did all the actions I specified! So it looks like we can remove that limit for the various actions if we want to. Here's a screen shot of the editor showing all the spins in a row.
(http://i.imgur.com/m21QCpn.png)
-
awesome work! I think that would be everything we really need to know... Yeah it looks to be on a grid system since the X,Y cords are spaced farther then a pixel apart.
-
Here are some more details about how the game saves the files.
It seems Nemu64 and Project64 save the .mpk files differently. Nemu64 has only 0x7ff0 addresses, while the P64 one has 0x40000. I think it has to do with the way each emulator generates the .MPK. Nemu only creates the addresses for 1 memory pak, even when I tried turning on a memory pak for the other controllers, but it kept only allowing me to save at the same addresses (thereby only allowing for 4 possible different playbooks). Project64 on the other hand allows you to have up to 4 different memory paks with 4 different playbooks in each, giving 16 total playbooks. I think this is all somewhat irrelevant beyond the development stage as most people probably only use Project64 - Nemu is just better for debugging and whatnot. Fortunately, you can generate a P64 .MPK - it is always in the save folder of the P64 directory with the same name as the header; for example, the header I use is blitz2k (most likely the same for anyone using Zoinkity's hacked version), so the file is blitz2k.mpk. On the other hand, Nemu will dump the mpk in whatever directory the ROM is in and the name of it is the name of the actual ROM file.
Also fortunate is the fact that both P64 and Nemu64 start the first playbook at the same address, 0x31D8. Each subsequent playbook (for memory pak 1) is located at the following:
1st playbook mempak1 at 0x31D8 ends at 0x454C
2nd playbook mempak1 at 0x4550 ends at 0x58c4
3rd playbook mempak1 at 0x58C8 ends at 0x6C3C
4th playbook mempak1 at 0x6C40 ends at 0x7FB4
They are all the same sized file too. So what I think we can do is generate a dummy *.mpk file with blank plays that one could import into the custom editor, edit plays, and then write back to this file. That way we know exactly the contents of the starting file (such as header data - a bit more about that below).
We could post a template .mpk file here for people to use. I will see how the other memory paks save into the .mpk file in P64 - I did make a second playbook and the header information is different from the 1st one, which is another reason why having the template file would be convenient as we can load up all these values into the .mpk and then only edit the play data.
-
I also realized something that will be an issue: Because all of the memory paks are located on the same .mpk file, if different people make plays on different .mpk files, we will have to make a "combine data/playbooks" tool that compiles multiple .mpk files into 1.
So for example, If I made a bunch of plays in the first memory pak and then a friend made a bunch of plays on the 2nd memory pak, we will have to have these two files combined in order for both players to be able to access their files. This also means if 2 people make their plays in the same memory pak, say memory pak 2, then one player won't be able to save theirs as it would save to the same addresses.
We could resolve this by having the program prompt the user saying there are multiple playbooks on the same memory pak, and allow the user to say "move xx playbook to memory pak 2" (or whatever memory pak doesn't have data curently stored) and then just dump the data into the second memory pak. It would just have to check the data prior to writing to make sure it doesn't overwrite the other plays.
-
So the bits Zoinkity found are pointers to plays for each teams playbook, not the actual data. I had the cheat "use team plays" and then changed all the plays for the first team (I assumed it was Arizona which I was right) to be the same. It resulted in the following:
(http://i.imgur.com/MopMpnp.png)
So I know what plays these correspond to (based on the table I posted above), just need to find where the actual data is.
-
Just to clarify, are the pointers for the entire playbook or is there a list of pointers per team which make up a playbook? So were you able to take a playbook and point each play to switch up?
-
There is a pointer for each play for each teams playbook. So each team probably has ~36 plays (3 offensive pages + 1 defensive page with 9 plays each), with each play having it's own pointer, giving 36 total points (and possibly 3 more for the audibles, assuming the same format as the custom playbooks you can make in the editor).
So in my example, I just wrote over the values that corresponded to all the Cardinals plays with 0x00, which corresponds to the play Switch Up. I'm still trying to figure out where the actual play data is for these default ones.
-
You have the coordinates of the QB, WRs, and linemen? pretty close to being able to publish some code to github.
Edit: Also the dimensions for the field you posted, 26 X 42 is that decimal or hex? the gird shows 40 squares for width?
-
Hi Jake,
So in the play editor when creating a new offensive play, it goes through two menus:
First menu: 1) normal 2) Fake Punt
If you choose normal, the second menu with preset offensive schemes:
Second menu:
- Side I
- Tightends
- 2 plus 1
- 1 plus 1 plus 1
- trips
- 1 WR 2 Backs
- 4 linemen
I assume you want the starting x,y for each position for these preset schemes? I will get them and post here (as well as the default fake punt positions).
I think I got the dimensions screwed up so I will list the max/min values for each direction in hex here:
The farthest left a player can go is 0x01, farthest right is 0x27 (39 decimal). The farthest to the bottom is 0x01, farthest to the top is 0x2B (43 decimal). In decimal for lateral dimensions: 39 - 01 = 38; vertical: 42.
So the field is actually 38 x 42 (40 x 44, but I assume the extra 2 on each dimension are the boundaries for out of bounds). Sorry for the confusion, I must have converted the vertical but not the lateral dimensions.
-
Here are all the addresses for the first playbook first play with the scheme "side I". All the coordinates for the players are listed.
Playbook 1 addresses - scheme is side I; values for players are for this scheme
0x31D8 //playbook name, 6 characters
0x31DE //pin number, 4 characters
0x31E2 //play 1 name line 1, 8 characters
0x31EA //0x00
0x31EB //play 1 name line 2, 8 characters
0x31F3 //0x00
0x31F4 //0x04
0x31F5 //0x03
play data
x y ? action
0x31f6 11 08 00 80 // left lineman
0x31FA 00 00 00 00 //
0x31FE 00 00 00 00 //
0x3202 00 00 00 00 //
0x3206 00 00 00 00 //
0x320A 00 00 00 00 //
0x320E 00 00 00 00 //
0x3212 00 00 00 00 //
0x3216 14 08 00 80 //center lineman
0x321A 00 00 00 00 //
0x321E 00 00 00 00 //
0x3222 00 00 00 00 //
0x3226 00 00 00 00 //
0x322A 00 00 00 00 //
0x322E 00 00 00 00 //
0x3232 00 00 00 00 //
0x3236 17 08 00 80 //right lineman
0x323A 00 00 00 00 //
0x323E 00 00 00 00 //
0x3242 00 00 00 00 //
0x3246 00 00 00 00 //
0x324A 00 00 00 00 //
0x324E 00 00 00 00 //
0x3252 00 00 00 00 //
0x3256 14 05 00 80 //QB
0x325A 00 00 00 00 //
0x325E 00 00 00 00 //
0x3262 00 00 00 00 //
0x3266 00 00 00 00 //
0x326A 00 00 00 00 //
0x326E 00 00 00 00 //
0x3272 00 00 00 00 //
0x3276 19 04 00 80 //WR1
0x327A 00 00 00 00 //
0x327E 00 00 00 00 //
0x3282 00 00 00 00 //
0x3286 00 00 00 00 //
0x328A 00 00 00 00 //
0x328E 00 00 00 00 //
0x3292 00 00 00 00 //
0x3296 1C 08 00 80 //WR2
0x329A 00 00 00 00 //
0x329E 00 00 00 00 //
0x32A2 00 00 00 00 //
0x32A6 00 00 00 00 //
0x32AA 00 00 00 00 //
0x32AE 00 00 00 00 //
0x32B2 00 00 00 00 //
0x32B6 1C 06 00 80 //WR3
0x32BA 00 00 00 00 //
0x32BE 00 00 00 00 //
0x32C2 00 00 00 00 //
0x32C6 00 00 00 00 //
0x32CA 00 00 00 00 //
0x32CE 00 00 00 00 //
0x32D2 00 00 00 00 //
0x32D6 00 00 00 00 //?? all plays have similar code at end
0x32DA 00 00 00 08 //??
0x32DE 01 14 00 02 //??
0x32E2 00 01 02 02 //??
0x32E6 02 04 06 06 //??
0x32EA 06 00 01 00 //??
0x32EE 02 03 03 03 //??
0x32F2 00 00 //??
-
Thanks! Pretty much just need to add a QB toggle for regular set, shotgun, and fake punt and the first phase of the play maker control should be complete.... Just will need to add reading, writing, and saving plays along with adding the preset plays... Also note the editor is currently only build out to handle offense plays. defense plays I'll have to refactor the code and probably wont get to it until offensive play making is fully built out...
Anyways here is a preview screen shot of whats in the works:
(http://s33.postimg.org/hddee71rj/playmaker.png)
Still hoping to get the code added to GitHub shortly, keep in mind the code isn't that clean looking ATM.
-
This looks fantastic!! I can get you the values for the QB sets too if you need them. Do you want the other starting positions for the various schemes as well? If so, I could just post those instead of the whole playbook.
How exactly do you have the program write hexidecimal to a file? I've never seen (or needed) to do this before and I'm curious about how you do it. Another thing that would be cool is if there is an "export play image" button that saves the play made in the editor. That way if you're playing with a friend and they want to know the play, you could have the images of the various plays in the playbook on a phone or something to look at the routes. Additionally, it would be awesome if we could actually get the image to show like the default ones, but thay maybe a bit tricky.
Great progress regardless!
-
Um, probably could hold off on the on the other starting positions for now. Yeah if you have time I could sue the 3 QB locations and I can add the toggle feature to it.
Here is an example of writing some text to a file, you'd just set the base to 16 for hex in the Convert.ToByte method.
using (var fs = new FileStream(filePath,
FileMode.Open,
FileAccess.ReadWrite))
{
fs.Position = offset;
foreach (char letter in toBeWritten)
{
fs.WriteByte(Convert.ToByte(letter));
}
The Blitz Play Maker Control I'm making is actually just a custom PictureBox control so exporting the image would be super easy. To get the image to show exactly like they do in Blitz would be pretty hard. I'm going to guess they were all drawn by a human since they are actual image files in the game. Exporting some kind of picture based off of the play drawn in the editor could be possible down the road, just would be scaling the grid down. First we need to figure out if its possible to add additional plays to the game. Have you had any luck finding the data in the game? I'd imagine Zoinkity would know since he moved the playbook pointers.
-
It looks like the y-coordinates for the QB are:
regular: 0x07
shotgun: 0x05
fake punt: 0x02
some of the other schemes such as trips actually have the QB position slightly different from the two regular or shotgun options. But really I think all that is necessary are the regular, fake punt, and shotgun. The preset schemes (trips, tight ends, etc) are really not necessary either, as the user can create all their own formations.
I am still looking at some of the other areas Zoinkity mentioned. Interestingly, so far the code I think maybe the plays looks entirely different than that made in the play editor. I guess they probably have more detailed routes, so the code looks different. Anyway, I will see what I can find out and let you know hopefully soon.
One other thing I thought about that would be pretty sweet: increase the playbook from 3 pages to 4 or maybe even 5. I think this would be especially useful for defense as I find the default plays not varied enough when playing against other people. If we could do that, we could not only include all of the default plays (including the ones not normally found unless "use team plays" cheat is used), but maybe figure out how to also include our own ones. That way we wouldn't have to load up a memory pak every time. But first things first - just finding the original plays!
-
Definitely figured out where the play data is... Zoinkity's pointers are all correct. I don't have a lot of experience with pointers (didn't realize you basically just look at the values stored at the pointer address). The reason I was confused is the "play data" is all more pointers to the actual routes and what not. I'll append this post with more things I find out.
So like Zoinkity said, the play data is definitely non-trivial. Each play has pointers to data that sets the various routes. But I'm not sure how exactly it choses them... It's not intuitive like the playmaker data is.
For instance, starting at 80290A68 is the code for WR1:
00000001
00000002
FFFFFFF80
00000004
0000000A
0000000E
Each of these are different pre-defined routes. I copied FFFFFF80 over 6 of the neibhoring addresses and he did the same route each time - go straight, wave, go left, run back, go up field.
If I copy any of the others, it will do different routes. Still trying to figure out what's going on with these various values.
-
Any updates on the team plays?
Also could you send me the memory pack file.
Will be uploading to github tomorrow.
Thanks!
-
Haven't been able to do much over the last few days. I'll send the mpk file tonight.
I figured out what some of the code near the end (addresses 0x32D6 - 0x32F2 for the first play in first playbook) of each play does - it has to do with what "position" each player is, in regards to their AI.
For instance, all receivers have a value of 0x06 while linemen are 0x02:
0x32E2 00 01 02 02 // 02 values = tells player to be lineman
0x32E6 02 04 06 06 // 06 values = tells player to be receiver
0x32EA 06 00 01 00 // 3 of each, for the 3 receivers and 3 linemen
So if you change any of the 0x06 to 0x02, it will change the respective receiver to behave like a lineman. I'm still working out what each value represents - I'll post what I find soon.
-
I've figured out a tiny bit of the data for the default plays.. it's definitely not the same format as the custom plays generated by the play editor. I think this means incorporating our plays as default ones is ruled out unfortunately as the code is so different. I have mapped out a bit of the default play data, but it's not intuitive - I haven't found any logical changes besides a few things.
Unfortunately I think editing the default plays will be too difficult. I think we could copy+paste some of the default plays from 2001 to 2000, but beyond that, I don't see being able to do much.
Nonetheless, here are some things I've found:
Any sort of value of FFFFFFXX where XX = 00 - FF dictates the angle of the route at that given time. So FFFFFF00 will make the route horizontal (90 degrees to the viewer), FFFFFFFF will make it vertical (180 degrees; upfield). Anything in between will be some angle between them.
An example:
switchup data for the first WR starts at 80290A68:
80290A68 00000001
80290A68 00000002
80290A68 FFFFFF80 <--- this sets the angle of the first leg of the route for WR1. closer to FFFFFFF0 is a vertical route; FFFFFF00 is a completely horizontal route
-
Thats the location in memory I take it? Could you explain it a bit more? if we just need to create some hex values that say the angle at X time of the route I feel like that wouldn't be that hard.
-
Yea this is the play data for 1 player in switchup in memory. You're right - editing this route angle would be easy, however the other addresses surrounding these seem totally nonsensical. The address before has a value of 00000002. Changing this to most other values makes the player not move at all - if I change it to certain other values (can't remember what they were), he would do a route, but it's completely different than what he's supposed to do. Changing other values near this address sometimes does nothing, othertimes does something.
The trick would be mapping out what all these individual values mean. I'm still going to play around with it and see if I can figure it out, but so far it's been pretty tough.
-
I've been figuring out how the game reads the playlist to be loaded into the playbook for default, team plays, and custom plays. They all appear to be loaded and written to by the same function. We should be able to modify the default playlist in the ROM if we wanted to without loading a custom playbook. But really what I want to try and do is see if we can increase the number of pages in the playbook.. If we could do that, we wouldn't have to chose which plays to have, as we would have all of them at all times. I will post more details tomorrow hopefully.
-
Found how to increase the number of pages in a playbook! It was way easier than I thought. Basically just had to find the register that was being compared to to see if it needs to go back to page 1.
8032E540 ADDIU V0,R0,0x0008 <--- the last value sets the # of pages. As is with a value of 8, it will have 8 pages.
Here's an example where I just dumped some random play values:
(http://i.imgur.com/yGyz6Ha.png)
The nice thing about this change is that it looks like we will be able to add the values for each play right after the previous ones that are loaded in. The play data is located at 802AF270, and has each play in-line. so the default playlist is just
00010203 04050607 etc..
This is the first step, next step if actually writing the values to this area. As I mentioned previously, I know the function that sets the playlist whether for a custom playbook, team plays, or just default. I think it would be just a matter of writing all the bits for the other plays in-line after the data there for the first 3 pages.
I did notice that for some reason the 4th page (which is actually trying to pull data from where the defensive and/or audible values are) was identical to the 3rd, however the 5th and on were all exactly how I would expect if I input some custom values. I think what will need to happen is once the register hits 3, have the function reading in the plays jump down to a new area that we can put our code. That way we aren't messing with where the defensive/audibles are.
The last thing is I didn't mess with this while using a custom playbook (or on defense), so I'm not sure how that will work. Nonetheless, this should be pretty awesome once we get it all worked out, along with the external playbook editor! I think it means we maybe able to increase the amount of pages of custom plays as well!
Edit: Found the address to change to allow more pages when using a custom playbook:
8032E580 SLTI V0,S3,0x0004 //sets the number of playbook pages when having custom plays;default 4
-
Great news!
As for myself, I haven't been doing much work lately on this. Been pretty busy. hope to dive back into it some more next week after I get a home remodel project done..
-
No problem at all. I've been keeping busy trying to get this hack done without having glitches. Currently I have gotten it so that I can have the 5 offensive pages when using default plays, but now there is an issue when using the custom playbook. I don't think it should be too hard to fix though. I also want to find out how to increase the number of pages for the defensive side. I'll post a patch for the ROM when it's finished.
-
Almost have the extended playbook hack done! It works perfectly with the default plays, just need to work out a few kinks with the custom playbook.
Basically the issue is when the custom playbook is loaded in, it loads all the data from the MPK file, which includes the "custom playbook". However, with the hack I'm doing, this custom playbook is unnecessary as we will already have all those plays in the game. I'm still trying to find out how to fix it so it will load all the same plays as it would normally.
-
only got about an hour or so worth of work in this week on the projects.
But finally got it out on github:
https://github.com/thompjake/NFL-Blitz-Play-Maker
I was thinking the other day... would it be possible to store custom plays in the rom and change the function to pull them from the rom versus the memory pack?
-
only got about an hour or so worth of work in this week on the projects.
But finally got it out on github:
https://github.com/thompjake/NFL-Blitz-Play-Maker
I was thinking the other day... would it be possible to store custom plays in the rom and change the function to pull them from the rom versus the memory pack?
This definitely crossed my mind as well! I found where the MPK data is loaded into the game (or at least where the first playbook is stored). I think we should be able to do this actually. We would just to write the exact data of the custom plays to the area in the ROM.
What I'm thinking we could possibly do is have the program you're working on dump the data directly into the ROM. I think we maybe able to modify the function that loads the custom plays to trigger even when there is no memory pak (to avoid having to load up the custom playbook everytime).
I can post some of the assembly here to help explain how the data is read/written. I'm still working on the playbook when a custom playbook is loaded. Should be done soon.
-
I played a bit with some friends using the extended playbook. It was awesome! One of them mentioned that it seemed like the timer was shorter, but it was really just having the extra plays makes it seem like it's shorter as there's more to go through, so I increased the play select timer from 9 to 20 seconds.
I was thinking more about what you said for the custom playbook, dumping it right onto the ROM. I now know where it is all loaded into memory and how to increase the size of the custom playbook. Because the game just has all these plays in line, we maybe able to just add more and more sequentially and then tell the game that there are 2 or 3 (or however many) custom pages there are. If it works, we could have essentially an infinite amount of custom plays.
-
Thats awesome! Was going to suggest changing the play select clock, by the time you flip to page 5 half the time was gone haha. Make Any headway on inserting custom plays in the ROM? I hope to get loading plays from the save files done this week.
-
Not quite yet. I've been first trying to increase the number of pages on defense before anything. Those plays are loaded slightly differently than the offensive ones because in the default case there is only 1 page, so I haven't found a register that acts as a page "counter". I may have to just add in some code to act as this, to allow for more defensive pages.
-
Got the defensive playbook size increased. It only goes from 1 to 2 pages, but it's better than just the 1. It's still buggy with custom plays though.
I also noticed a bug with the offensive extended playbook when using custom plays - if you press B (flip play button) on page 2, it will switch to the custom play page with them flipped. It still works, it's just not supposed to happen.
I'm thinking about how exactly we can load the custom play data into the RAM where it needs to go (starts at address 802ADF20). An issue I foresee is that there are many addresses for the custom plays, so I don't know if there's anywhere in the ROM that has enough empty space to stick this data. The alternative is to try and make the game write the memory pak file into the RAM immediately instead of waiting. If multiple people made the own plays on different memory paks, we would still need to combine them into 1 mpk file which could then be loaded into the RAM. I guess it's not the end of the world if we can't get the mpk data directly in the ROM, but it would be nice as we wouldn't have to load the custom playbook each time.
I really want to see if the play data is the same for 2001 now... I may try and import a few of those plays to see. If so, we maybe able to get in enough default plays to make a 6th offensive page and 3rd defensive one.
Here is the code for the extended playbook/timer in case you're curious how it was done.
=======================
changes to Version 2.2
=======================
Fixed defensive play issues
0xD2980 8032E930 XORI V0, S3, 0x0002 //moves actual custom custom play data to last page
=======================
changes to Version 2.1
=======================
//fixing default play flipping issue w/ play 5
8032E7E0 SW T1, 0x002C (SP) //stores into 800C2C84; flip play - boolean 0 or 1; each is for normal or flipped
0xD7298 8032E748 XORI V0,S3, 0x0005 //Fixes flip page issues for custom plays, must be == to number of pages; originally 0x0002
0xD27AC 8032E75C SLTI V0,S3, 0x0006 //Fixes flip page w/ default plays; must be > # of pages; originally 0x0004
==========================================
changes to ROM blitzXL_V20.z64
==========================================
//extending playbook - default and custom
0xD2590 8032E540 ADDIU V0,R0,0x0005 //sets 5 pages for default playbook
0xD25D0 8032E580 SLTI V0,S3,0x0006 //sets 6 pages for custom playbook
0x34130 8024D410 ADDIU V0,A1,0x1399 //original 1369; moves defensive play data back to make room for new plays
0x34150 8024D430 SLTI V0,A3, 0x0023 //original 0009; allows all play table data to be written
//fixing playbook to read/write correct plays
0xd1924 J 0x80070C28 //ORIGINALLY addu a0,v0,v1 ; 71828 IN ROM; jump to new area to make playbook pages correct
0xd1928 addu a0,v0,v1 //ORIGINALLY LW V0, $0000 (A0)
0x71828 LW V0, 0x0000 (A0) //line needed from original function
0x7182C ADDU S4,S5,R0 //sets correct page number; may not work w/ custom plays
0x81730 ADDU A1,S5,R0 //sets correct page number; may not work w/ custom plays
0x71830 j 0x8032D8DC //jump back; D192C IN ROM; this is address from NEMU; calculated one didn't work
//move custom pages around - puts custom plays last - still need to fix page #
0x37B44 80250E24 ADDIU T0, A2, 0x1350 //original 0x1370; writes the entire first playbook; truncate may damage last play; make sure to only truncate play data
0xd2558 8032E508 XORI V0,S3, 0x0005 //original 0x2; sets playbook on the last page (versus 3rd)
0xd2a20 8032E9D0 ADDIU T1, R0, 0x0005 //original 0x2; sets playbook on last page; not changing this freezes game
//fix how to load in data for multiple playbooks for p2,p3,p4
80250E00 BEQL V0,R0, $XXXX // originally SUBU V0,V0,A0; jump to 80250E10 if first playbook
80250E04 NOP // originally SLL V0,V0, 0x4; delete for branch
80250E08 SUBU V0,V0,V0 // originally SUBU V0,V0,A0; set V0 = 0
80250E0C ORI V0,V0, 0x13C0 // originally SLL V0,V0, 0x3; set size of playbook to be larger
//fixing page 4 custom - above fixes the graphics and text, but this will fix actually loading correct play data
0xd1750 8032D700 J $00070C3C //originally lui v1, 0x8037; is 7183C in ROM
0xd1754 8032D704 lui v1, 0x8037 //originally addu v1,v1,v0
0x7183C addu v1,v1,v0 //entry point at jump
0x71840 addu a1,s3,r0 //copy s3 value (correct page #) to a1
0x71844 J $8032D708 //jump back to RAM address; is d1754 in ROM
//DEFENSE - add more pages (currently 2, default 1)
0xD26B8 BEQ R0, V1, 0x000D26B8 //branch if custom play or not; same as original code
0xD2698 SLTI V0,S3, 0x0003 //puts custom play page last; originally 0x0002
0xD26A4 ADDIU T1, R0, 0X0002 //increases to 3 pages for custom playbook; originally 1
0xD26B8 J $80070C70 //jumps to same page change code as offensive, just with page total = 2; 0x71870 IN ROM
0x71870 **page change code** //same code as that for offensive play select (found at 0x8032e5a4)
0x71890 SLTI V0,S3, 0X0002 //set playbook size to 2 pages (for defense); ORIGINALLY 1
0x7189C ADDIU T1, R0, 0X0002 //set playbook size to 2 (no custom plays)
0x7199C **end of page change code**
0xD2980 XORI V0, S3, 0x0002 //moves actual custom custom play data to last page
//Increasing playbook timer //
//Time stored in 800BCB68
//800BCB98 similar to timer
0xd7710 LW S0, 0x0000(A0)
0xd7714 J 0X80070C4C //originally LWC1, F2, 0x0004(A0); 7184C IN ROM
0xd7718 LWC1, F2, 0x0004(A0) //originally CVT.S.W F2, F2
0x7184C CVT.S.W F2, F2
0x71850 SUB S0,S0,S0 //SET S0 = 0
0x71854 ORI S0,R0, 0X0014 //INCREASE TIMER TO 20 SECONDS
0x71858 J 0x800D6B1C //JUMP BACK TO D771C IN ROM
Edit: got pretty much all the bugs figured out! Fixed the flipping play issue and got custom plays working perfectly for defense. I changed how the extra plays were added on the defensive side too and changed the code to represent it.
I think the only thing left is making the custom playbook work for players 2,3,4.
-
Hey BlitzMaster,
Whats the Rom location for the playbook information?
Also started on the memory pack saving/editing functionality. might take a bit longer, but nothing difficult.
-
Jake,
Do you mean the default playbook or custom one? If you mean the actual play data for the default plays, it's all over the place being referenced by the table info Zoinkity mentioned (I think this table starts around 80291398). It's not easy to follow - it seems each play has ~7 addresses it jumps to for what I assume to be the routes/actions for each player. This is the data that I had previously mentioned is really hard to understand. I haven't played around with it much since then as I've been focusing on getting the extended playbook going.
However, based on where the play table data sends you, I think the beginning of the actual default play data is around 0x72D00 (RAM = 8028BFE8) and ends around 0x73AB0 (RAM = 8028CD98).
If you mean where the game stores all of the custom playbook data, it isn't actually on the ROM (obviously) as the data is pulled from the memory pak and then stored in memory starting at address 802ADF20. This is also where the list of plays for the default playbook is at as well (starting at address 802AF26E, which is right after the very last defensive custom play). All the game does is fill in the blank spots w/ the player made data when you load custom plays.
The game automatically loads a list of plays (the function that writes these is at 8024D3EC if you're interested in how it writes the data) when the game starts. In the normal version (no extended playbook), it will load up
802AF26C 00010203
802AF270 04050607
802AF274 08090A0B
etc up to 27 plays (9 plays per page x 3 pages), and do the same sort of thing for defensive plays.
I have modified it to go up to 35 plays though, so there is a bit more data in that part. This mean's I'm needing to offset all of the playbooks after the 1st one, as each has slightly more data now for the extra plays than before.
I will post an in depth explanation of how the game loads/stores everything tomorrow for clarification. It will be helpful as it will show what I'm changing as well to allow the extended playbook + custom plays.
-
Alright I got everything working perfectly I think! I tested out 4 custom playbooks simultaneously and I didn't have any issues. It had both the extended default playbook as well as the extra offensive and defensive custom play pages. So now that that's done, I could probably help a bit more on the external playbook editor. Let me know how it's going and if there's anything in particular I can help with.
I will also start digging around Blitz 2001 to see if I can find that play data and possibly import it into this version.
edit: Found the play data and tables linking them in 2001. The data looks almost identical, so I'm thinking we maybe able to import them without too many changes. There are few things we would need to figure out/do first though:
1. The current play data in 2000 has the tables linking the raw data. I'm not sure how the playbook looks up the table, so I need to figure this out. Each play has a hex value associated with it that the playbook references that is then pulling in the data using the tables at 80291398.
2. Once we figure out how it pulls the data in, we maybe able to stick the new table and data from 2001 in there somewhere and simply update the pointers.
I'm sure it will be more complicated than that, but would be pretty awesome if this works. We would have probably ~7 default offensive and ~3-4 default defensive plays. Then once the external playbook editor is done, we will have more plays than we will probably ever need!
-
Sounds legit Blitzmaster! Do you happen to know if there is any index on the MPK files that state how many plays are in a book? Or if there is a delimiter that dictates the end of a playbook?
-
Jake,
There is no index on the MPK saying how many plays there are as far as I know. Each playbook has a set amount of space that will be filled in with each play. When you generate a new play, it replaces all the 0's with the play data. So it just fills in the blanks essentially.
As far as the end of the playbook is concerned - Yes, there is common data at the end which corresponds to the default playlist you can load up - it looks like 00010203 04050607 08090A0B.... However this data will be obselete with the expanded playbook as we will have all plays loaded at all times.
The way the game works is it sets aside RAM for the whole MPK file, from about 802ADF20 ~ 802B2CD6. These are all blank except for the parts related to the default plays.
The spacing between playbooks is exactly like it is in the MPK. So when you load a playbook, it will load up all the values into the empty space here. So if you're playing as P1, it will fill the data starting at 802ADF20. If you play as P2, it will load the data into 802AF298. P4, will be 802B1988.
Here's an image of the RAM of the default playlist for P1, before and after I loaded the P2 custom playbook, which shows up right after the end of the first playbook's playlist (you can move these around actually which I will talk about more below).
before:
(http://i.imgur.com/pd5Dz7o.png)
after:
(http://i.imgur.com/v6m24ov.png)
You can see that just after the first custom playbook play list (from 802AF62C to 802AF28C), some new data was loaded. It's literally the exact same data being loaded from the MPK file.
What I found is that you can specify where to put each playbook. This means we could potentially expand each playbook in the MPK, that will then be imported into the game. Assuming can then reference the extra plays, we should be able to import more than 1 page of offense and defense.
-
Looks like that 3rd byte is blocking for linemen.
Here are all the addresses for the first playbook first play with the scheme "side I". All the coordinates for the players are listed.
Playbook 1 addresses - scheme is side I; values for players are for this scheme
0x31D8 //playbook name, 6 characters
0x31DE //pin number, 4 characters
0x31E2 //play 1 name line 1, 8 characters
0x31EA //0x00
0x31EB //play 1 name line 2, 8 characters
0x31F3 //0x00
0x31F4 //0x04
0x31F5 //0x03
play data
x y ? action
0x31f6 11 08 00 80 // left lineman
0x31FA 00 00 00 00 //
0x31FE 00 00 00 00 //
0x3202 00 00 00 00 //
0x3206 00 00 00 00 //
0x320A 00 00 00 00 //
0x320E 00 00 00 00 //
0x3212 00 00 00 00 //
0x3216 14 08 00 80 //center lineman
0x321A 00 00 00 00 //
0x321E 00 00 00 00 //
0x3222 00 00 00 00 //
0x3226 00 00 00 00 //
0x322A 00 00 00 00 //
0x322E 00 00 00 00 //
0x3232 00 00 00 00 //
0x3236 17 08 00 80 //right lineman
0x323A 00 00 00 00 //
0x323E 00 00 00 00 //
0x3242 00 00 00 00 //
0x3246 00 00 00 00 //
0x324A 00 00 00 00 //
0x324E 00 00 00 00 //
0x3252 00 00 00 00 //
0x3256 14 05 00 80 //QB
0x325A 00 00 00 00 //
0x325E 00 00 00 00 //
0x3262 00 00 00 00 //
0x3266 00 00 00 00 //
0x326A 00 00 00 00 //
0x326E 00 00 00 00 //
0x3272 00 00 00 00 //
0x3276 19 04 00 80 //WR1
0x327A 00 00 00 00 //
0x327E 00 00 00 00 //
0x3282 00 00 00 00 //
0x3286 00 00 00 00 //
0x328A 00 00 00 00 //
0x328E 00 00 00 00 //
0x3292 00 00 00 00 //
0x3296 1C 08 00 80 //WR2
0x329A 00 00 00 00 //
0x329E 00 00 00 00 //
0x32A2 00 00 00 00 //
0x32A6 00 00 00 00 //
0x32AA 00 00 00 00 //
0x32AE 00 00 00 00 //
0x32B2 00 00 00 00 //
0x32B6 1C 06 00 80 //WR3
0x32BA 00 00 00 00 //
0x32BE 00 00 00 00 //
0x32C2 00 00 00 00 //
0x32C6 00 00 00 00 //
0x32CA 00 00 00 00 //
0x32CE 00 00 00 00 //
0x32D2 00 00 00 00 //
0x32D6 00 00 00 00 //?? all plays have similar code at end
0x32DA 00 00 00 08 //??
0x32DE 01 14 00 02 //??
0x32E2 00 01 02 02 //??
0x32E6 02 04 06 06 //??
0x32EA 06 00 01 00 //??
0x32EE 02 03 03 03 //??
0x32F2 00 00 //??
-
Been looking more into importing some of the 2001 plays into the hacked 2000 version. Based on everything I see, it seems like it should be possible, just need to copy+paste in that data and then update the tables.
If we could get these in there, I was hoping to also add the images for the plays. How exactly would we be able to import the image back into the ROM? I think there's a pointer for each playbook play image, so I'm wondering if we could stick the new images somewhere and just point to them. I'm just not sure how to add new image files into the ROM.
-
Inserting the images would be super easy, would be able to use the file export/import tool made for blitz. I should be able to add support for blitz 2001 also. Else we could for sure export the files using zoinkity's midwaydec and my NFL blitz image tool.
Also. Update on the playbook editor. It now can read blitz plays from memory pack files. I should be able to add saving pretty soon.
Been looking more into importing some of the 2001 plays into the hacked 2000 version. Based on everything I see, it seems like it should be possible, just need to copy+paste in that data and then update the tables.
If we could get these in there, I was hoping to also add the images for the plays. How exactly would we be able to import the image back into the ROM? I think there's a pointer for each playbook play image, so I'm wondering if we could stick the new images somewhere and just point to them. I'm just not sure how to add new image files into the ROM.
-
Sounds awesome, Jake! Can't wait to try it out!
I have some good news on getting the 2001 plays into 2000. I found the function that pulls in the pointers for the offensive/defensive play data. The way the data looks right now (where Zoinkity pointed out) is it has 45 addresses starting at 80336B24 that have pointers that correspond to the 45 default plays (which are all being accessed now with the extended playbook hack).
After these 45 addresses starting at 80336BD8 are pointers that look like they point to the offensive play names that are used when a play is flipped - not sure why they need a whole different set of play names, as the normal play is pulled from a different location. I'm thinking we can delete these to make room for extra pointers for new plays. Next at 80336C8C are pointers for the first defensive page of plays, and then 80336CB0 are the second page of defensive plays.
The next part is where things get somewhat confusing - 80336CD4 has some values that look like previous pointers to offensive play data. Deleting these seems to screw some stuff up, so I don't know if messing with them is smart.
I'm thinking of putting in new pointers for the new 2001 play data either a) after the first 45 offensive play pointers (where the play names are), or b) after all of these pointers where the "use team plays" data used to be (I cleared it out as the extended playbook has all the plays at all time accessible so it's no longer needed) at address 80336E20.
The nice thing is I think I just have to change the offset that the function pulling in the pointer tables to match where I move around these various things.
Probably the hardest part is getting all the actual play data in the game. Once that's done, I will have to go in line-by-line and update all the pointers.
-
Great news - I got "Short Jet", one of the default plays from 2001 not found in 2000, working in Zoinkity's hacked version! Based on this, I think it should be quite easy (albeit time consuming) to import the remaining plays on the first page from 2001. None of these plays are found in 2000, so that will give us an entirely new page of plays to work with.
A few questions:
1. If we import new graphics altogether rather than simply replacing them, where will you put these?
2. Do you know the function that displays the graphics (or at least the playbook graphics)? I think I have an idea but wasn't sure if you already did.
3. Do you know how these graphics are called? I assume there's probably a table sort of like the play data tables, where it references some address where the graphic is.
4. If this is the case, how would I know where the graphical file starts and ends within the rom? I see images with the ".wms" extension near the end of the ROM, but don't know how to read the hex.
edit: Also got Stack it in there as well. Only issue I forsee going forward is finding room in the ROM to stick all this extra data. Each play has at least ~0x200 bytes, so it's not a small amount. I did find where Zoinkity cleared out area in the ROM for the extra teams, however when I tried sticking code there, it didn't work. It looks like that area is not loaded into memory during the actual game, which means we can't use it which is unfortunate because that is the largest amount of free space and I was hoping to dump all the new play data in the same spot.
-
Okay got the first 3 plays in there from the 2001 playbook. I also got the pointers updated and names of the plays as well. I just need to finish adding in the rest of the play data for the remaining 6 plays and then add in the play images for the playbook and it should be good!
Only thing is I deleted the default values for the "records" and other things that show up on the screen related to the season mode. I never play this mode so I'm not too worried about it, and I needed to make some extra space for all the extra code necessary for all the plays.
Here is a screen shot of page 6 with the correct play names (but obviously incorrect routes as we still need to update the figures).
(http://i.imgur.com/ot7uffU.png)
-
Well, I got all the plays from 2001 in... only that they're fudged. I couldn't find enough free space in the ROM to add all the data so I had to use some of the pointers from other plays for some of the WR routes. I tried to find similar routes to put in, but they aren't exactly the same.
Nonetheless, the best part about this is that I think I know how we could use the default data to create new "default" plays with the game data. Each play has the following data: 1) sets the offensive scheme - trips, tight ends, etc. 2)data for the WRs to follow.
Both of these are set by pointers. Therefore, one could create a whole mixture of pointers making new plays! The external playbook editor will probably make this obsolete, but nonetheless, it's good to know how the default plays work.
The only bottleneck as far as getting all the true data in from 2001 into 2000 is space - There just isn't enough free space to put in the data for all the routes.
A few notes about this like I mentioned before: I deleted the data related to the "top scorers" and "best record" etc. to stick data. So when you hit "b" multiple times and records show, it shows gibberish. It doesn't crash, but it isn't useful anyway.
Another thing is that I apparently slightly modified the game so that it thinks I "won" the superbowl... So when I boot up it shows a crazy ass image of a football player conquering a mountain. It's not an issue as far as gameplay goes, but funny nonetheless.
The last thing to do is incorporate the new images into the game for the 2001 plays. Not gonna lie - I'm surprised we got this far! I never thought we would be able to do all this.
-
Hey sorry for taking awhile to reply,
I hurt my back a few days back and haven't been able to sit at my computer much.
1. it's very easy to extend the table. The header for the resource block is listed as "ROMIndex.off" in the filelist; should be located at 0x150C40. The word at 0x8 is the offset to from this address to the start of the filelist. The word at 0xC is the number of entries. So when inserting a new file you add it to the end of all the other files, increment the # of files at 0XC and update 0x8 with the new table location (since we added a new file we had to move the table down). The filetable is the last thing in the ROM so you don't need to worry about overwriting anything else.
2. Not sure on this one.
3. See 4, table contains everything needed. Not sure which function uses the table though.
4. Each file table entry has an offset from the start of the file list and a file size associated with it.
Great news - I got "Short Jet", one of the default plays from 2001 not found in 2000, working in Zoinkity's hacked version! Based on this, I think it should be quite easy (albeit time consuming) to import the remaining plays on the first page from 2001. None of these plays are found in 2000, so that will give us an entirely new page of plays to work with.
A few questions:
1. If we import new graphics altogether rather than simply replacing them, where will you put these?
2. Do you know the function that displays the graphics (or at least the playbook graphics)? I think I have an idea but wasn't sure if you already did.
3. Do you know how these graphics are called? I assume there's probably a table sort of like the play data tables, where it references some address where the graphic is.
4. If this is the case, how would I know where the graphical file starts and ends within the rom? I see images with the ".wms" extension near the end of the ROM, but don't know how to read the hex.
edit: Also got Stack it in there as well. Only issue I forsee going forward is finding room in the ROM to stick all this extra data. Each play has at least ~0x200 bytes, so it's not a small amount. I did find where Zoinkity cleared out area in the ROM for the extra teams, however when I tried sticking code there, it didn't work. It looks like that area is not loaded into memory during the actual game, which means we can't use it which is unfortunate because that is the largest amount of free space and I was hoping to dump all the new play data in the same spot.
-
A few questions about getting the images into the ROM:
1. At the end of the ROM, i see a bunch of "xx.wms"" values with what look to be addresses related to the location in the ROM - this is the filelist, correct? So I should be able to add in the data at the end for new images?
2. the address at 150c48, the offset to the start of the filelist, should be going to the first "xx.wms" line, correct?
3. If I were to dump the image data from 2001 into 2000 for these plays, can I just copy+paste the data right before the filelist (and update the pointers? I assume that the data just before the start of the file list is image data that I can just append the new data to.
I found the function that reads in the "pointer" to the image files... What is odd is the pointers don't actually seem to go anywhere. It must be calling the images somehow using this strange notation. They all are of the format "0x0A000XXX" where xxx is some value. Once I can get the filetable updated and images in there, it should be pretty easy to figure out how this function actually works.
-
Honestly, I would suggest just using the NFL Blitz Graphic/File Editor tool. It will create the appropriate entries, move the table and update everything for you. I'll even see if I can add a batch import to make it super quick to import all the 2001 pay images.
EDIT: What if we put the custom plays into the file table? It should get loaded in memory then I think?
EDIT 2: Working on some code for the blitz file editor, forgot that Zoinktiy had also compressed the file table format. Here is some notes from him I found in my old messages:
File entries are at the same location but have been shrunk to 0x20 each. A compression flag is no longer used. If a file is uncompressed the compressed size will be 0. Also, filenames can be 20 chars long not counting the NULL. The first byte of the decompressed size must always be 00, so that doubles as a NULL in case you need it.
0x0 0x14 name
0x14 4 decompressed size
0x18 4 pos
0x1C 4 compressed size
This is the original file table format (so whats used in unhacked versions of blitz):
0x0 0x18 filename
0x18 0x4 decompressed size
0x1C 0x4 offset (from start of header)
0x20 0x4 flags
04 file
01 uncompressed
0x24 0x4 compressed size
So I'll just have to add a toggle for hacked versus unhacked so the code knows which filetable entry format to use.
EDIT 3: Also the file tables are in alphabetical order, so not all the play images are grouped together. Do you know where in ROM the references to the images are? I could add a tab for play images. Also, just re-read your other post. you deleted the default values? does the record screen still work? Any thoughts on putting plays into the file table?
EDIT 4: Exported blitz 2001 image
(https://s32.postimg.org/4xo8gj7d1/decodeexample.png)
So the exporting works for 2001 ATM now... I'll have to clean some things up with it but hopefully will be able to publish a newer version of the application soon. I've added the code to github also, its super dirty but feel free to check it out:
https://github.com/thompjake/NFL-Blitz-File-Editor
-
I cleared out all the data for the "records" screens that show up if you let the game go idle. Below is one with the default values that I cleared out. So now in the ROM this area has play data. It still shows the screens as seen in the second image, but the values don't really mean anything any more as it's just play data in there. Ideally I wouldn't have done this, but I couldn't find anywhere else to put it. But I like your idea of possibly moving all the custom data to the end. I will see if that could work.
default values for records:
(http://i.imgur.com/oHVPP6n.png)
values after writing over this area w/ play data:
(http://i.imgur.com/g2RTraN.png)
I used Zoinkity's midwaydec tool to extract out the 9 play *.wms files from the 2001 ROM. I tried using your graphical tool editor to insert the new files, but it just crashed. Would I have to edit the actual *.wms files first? I wasn't sure if these files needed to be modified to fit Zoinkity's changes to the file table.
Your question about where in the ROM the references to the play images are - I'm not really sure about this. Wouldn't it be the 0x18 bit that dictates the position (in zoinkity's modified table)?
-
hmmm, send me the 9 plays you extracted and I'll try it on my end.
-
I just added a ton of new lines with FFFFFFFF like all the last ones in the ROM and it still worked.. I wonder if we can just increase the size of the ROM like that?? If so, we should very easily be able to just stick all the play data from 2001 there, as well as the custom data - assuming we can access those addresses in game. I would much prefer this as I didn't like having to delete all that other stuff and overwrite areas of previous data. Plus it will make book keeping much easier as far as where everything is in the ROM.
-
Got the 2001 play images into the game! Here's a screen shot with all the correct routes displayed:
(http://i.imgur.com/wIwXhOL.png)
I sort of figured out how the strange pointers work and was able to update them to point to the correct play images that I imported using your tool. All I need to do now is move the table to allow for these extra pointers.
I will then try and move some play data to the end of the rom to see if we can load it from there. That will be basically the last thing needed for this hack.
-
awesome! so how do those pointers work? Are you going to put it directly at the end? I'm wondering if its possible to add it directly to the file table so it doesn't get in the way when we add new files to the game.
-
Actually, I didn't have to move the pointers to a completely new place. I had cleared out 9 lines of code just before this that weren't being used and was able to move the pointers up the perfect amount for 9 plays. Again I'm not sure how the pointers actually work (they aren't just addresses like most other pointer tables), but I found the pointer to the last image in the ROM. It was some image related to the texans stuff. I was able to just add pointers sequentially that referenced each play image. Here they are in the ROM I have:
pointer target in rom play
0A0007BF FDFB36 short jet
0A0007C0 FDFB56 STACKIT
0A0007C1 FDFB76 SMACKYOU
0A0007C2 FDFB96 POSTDRAG
0A0007C3 FDFBA6 FLOODSLIT
0A0007C4 FDFBB6 DEEP ATTACK
0A0007C5 FDFBC6 TASTY TREET
0A0007C6 FDFBD6 BLACKRAIN
0A0007C7 FDFBE6 KOMBAT
I'm not sure we can add the code at the end of the ROM unfortunately. I played around with it a bit, but when I load the game, I see that data is loaded up immediately after the image table in RAM. I will try adding some stuff here to see if it's overwritten or anything, but it doesn't look that promising unfortunately.
edit: talked to some guys over at origami64.net. They mentioned this could possibly work by a) expanding the ROM (sounds difficult as you would need to make space for stuff and then update every pointer that's changed), or b) try and fix the code that loads the table data so that it also loads the data after it into memory. Both sound rather difficult, but if they would work, this would be awesome as we would be able to have plenty of empty space for extra stuff.
-
Hold up.... I still don't get whats stopping us from exporting the play data you need, save it in a .bin file, and insert it (don't compress it) into the file table. This way it would be loaded into memory along with the rest of the file table (graphic, sound, ect...). Is the whole table not loaded into RAM?
Actually, I didn't have to move the pointers to a completely new place. I had cleared out 9 lines of code just before this that weren't being used and was able to move the pointers up the perfect amount for 9 plays. Again I'm not sure how the pointers actually work (they aren't just addresses like most other pointer tables), but I found the pointer to the last image in the ROM. It was some image related to the texans stuff. I was able to just add pointers sequentially that referenced each play image. Here they are in the ROM I have:
pointer target in rom play
0A0007BF FDFB36 short jet
0A0007C0 FDFB56 STACKIT
0A0007C1 FDFB76 SMACKYOU
0A0007C2 FDFB96 POSTDRAG
0A0007C3 FDFBA6 FLOODSLIT
0A0007C4 FDFBB6 DEEP ATTACK
0A0007C5 FDFBC6 TASTY TREET
0A0007C6 FDFBD6 BLACKRAIN
0A0007C7 FDFBE6 KOMBAT
I'm not sure we can add the code at the end of the ROM unfortunately. I played around with it a bit, but when I load the game, I see that data is loaded up immediately after the image table in RAM. I will try adding some stuff here to see if it's overwritten or anything, but it doesn't look that promising unfortunately.
edit: talked to some guys over at origami64.net. They mentioned this could possibly work by a) expanding the ROM (sounds difficult as you would need to make space for stuff and then update every pointer that's changed), or b) try and fix the code that loads the table data so that it also loads the data after it into memory. Both sound rather difficult, but if they would work, this would be awesome as we would be able to have plenty of empty space for extra stuff.
-
You could very well be right. I'm just not sure as of now if it will work or not - the main thing I'm worried about is not having pointers go to the correct offsets if we start moving things around.
Is the table at the very end with all the *.wms values only for images? Or does it include sound and other things?
edit: Well just found a quick and dirty way to get the game to load data that is past the image table - i.e., any sort of play data that may come after all the image table stuff.
All I did was increase the number of plays in 0xC @ 150c40. what happens is it will load in however many lines of code there are even after the *wms table. Therefore, one could presumably just stick code in here - both for the 2001 plays as well as the play data for custom plays made with the play editor.
Only major issue I foresee doing things this way is that it will probably affect the way the your graphic editor tool works, as there will be lots of data in here now that will need to be "moved down" when you import new images into the ROM.
-
Jake,
I'm working on a new ROM that has all the play data consolidated so that I'm not over-writing existing parts. My plan is to stick it after the table at the end of the ROM like you said and use the modification I mentioned above where I change the 0xC value to be larger to migrate all the code into memory.
Before I do this, I was thinking that it would be best to leave some empty space right after the end of the current table so that if one wants to import more graphics, there will still be space between the end of the table and the new play code. Is this the way to do it? I was going to leave about 0x1000 empty lines for future graphics. Let me know if you think this is best.
-
Hmm, if we inserted it into the actual table then we wouldn't need to worry about additional graphics (they'd be inserted after). We could even look into inserting it as the first entry in the table. That way a user could just update the play file whenever they want additional plays.
-
But isn't the table at the very end (the part w/ all the *.wms lines)? Where does the table you're referring to start? I think I maybe thinking of a different thing than what you're suggesting.
-
Hey Blitzmaster,
Yeah the table starts at around FCE7D0. This table essentially index's the files. prior to this table is where all the files are stored. I was wondering if it would be possible to just insert the plays into the table so when additional files are inserted they are aware of the play data and would just be inserted afterwards. So you would insert the play data just like you would insert a graphic file.
-
This could work depending on if when we add the data and subsequently moves the table down, any sort of pointer does not get messed up.
Also, unfortunately adding the default play data (not custom plays from the editor) is not simple. There are many places that need pointers updated/inserted that then need to read the correct address from RAM. I was planning on only adding the first page of 2001 (like I said previously I've already done this, I'm just grouping it all together now at the end once we determine the best place to put it), as it's really tedious to find all the exact play data for every player. There are about 4 levels of pointers/data for every player, so you can imagine it gets messy very quickly, not to mention that the play data does not indicate when it terminates for a given route, which makes finding the necessary data annoyingly difficult.
On the other hand, your idea of adding the custom playbook data to the ROM should now work. I will have to modify the function that reads in the memory pak as we will now be reading the ROM instead now, but I don't think that should be too difficult. I can add a custom cheat that can be triggered to "use custom plays", allowing one to use their own plays straight from the ROM. Additinally, if multiple people are trying to use their own custom plays, we can make the cheat look at which player it is and load that specific data. So here's the work-flow:
1. Create custom plays using your custom editor
2. Save files to ROM (once we determine the best place for the data)
3. Create custom cheat hack to turn on the custom playbook
4. Depending on the controller number, load in that custom data for that player
The main thing I see that could be problematic is (3): anyone could technically load in anyone else's custom playbook. We could have up to 4 custom cheats, one for each player though. Or the alternative is (4), where it's all based on one cheat, but depending on which controller you are, it will load that playbook from the ROM.
Let me know what you think is the best way. I'm wondering if we could somehow have the custom editor actually generate a "custom cheat", where the owner of the playbook puts in his own button combination, sort of like a PIN number.
-
The external playbook editor now loads all playbooks and plays correctly. (for offensive plays) all thats left is saving. I'm traveling to Nashville this week for the packers game but hope to find time to add this functionality soon. Just wanted to keep everyone updated to let you know the project is not dead.
-
Hi Jake,
That's awesome news! I think with the latest patch I released, the next big thing is putting the 2001 plays and the custom plays into the ROM. Like I said before, I think we could possibly put the custom playbook data somewhere earlier into the ROM, but if not, we can still put it at the end (which is where I'm putting the 2001 play data anyway). We just need to update the function that loads in the data to look at the correct addresses depending on where we decide to put it which will be super easy.
I'm still erring on the side of putting it at the end of the ROM as it will be much easier to find and we know for sure that all that code can be loaded during an actual match. If you get a beta working of the external editor, feel free to send it over so I could try giving it a test.
Also, as i'm sure you know, I think think a bot is spamming one of the other blitz 2015 hack post.
-
still chugging along with the play editor, added the ability to add new plays and new playbooks. Going to try and make a quick and dirty save to memory pack function hopefully sooner then later to try it out...
-
Sounds good! I was thinking I could actually go ahead and try and make a few stock plays in the editor, copy the data off the memory pak file, and stick it in the end of the ROM. I could then try and modify the function that loads in all the play data for the custom plays to read from there instead of the memory pak. That way, once you have the external editor ready, it will be ready to go immediately. It would just be a matter of figuring out how to make the game determine when to read the plays (i.e. - I'm not sure if we would still need to "load custom playbook" and put in the pin/name of playbook).
-
sounds good. For sure would be nice to remove the need for a pin and user.
-
Alright I got the game to read plays from the ROM instead of the memory pak. It still uses the PIN/plabook name to load it though.
The question now is developing a new way to be able to load all the plays instead of using the PIN. I will see if I can use a custom cheat to load up the plays next.
-
okay I think I have an idea for how we can easily load custom playbooks:
Instead of just deleting the "use team plays" cheat like I have it right now, we could have it activate a certain playbook. If that's not the correct one, then if the player puts in the cheat again, it reads the next playbook, and so on (up to 4 custom books in a ROM, although I guess we could techinically store more). We can have the cheat display "XX's book" where XX = playbook name in the playbook (we can easily read this value from the stored book) that way the player knows which book is loaded. So if they want to play with their own book but theirs is the 4th one in the ROM, they would enter the cheat 4 times and it would load that specific one. We can add a counter that will then reset and go back to the first book, and then repeat.
I thought about having multiple players have their own codes, but this is tricky - i would mean we would have to add a bit of code to each cheat (all 30 or so) that checks to see if a playbook is activated by it. That's just too much work, so I think the above will work better. I'll see if I can get a prototype version working soon.
-
awesome update! what is the address your using in the rom? Have a patch? I could start working on saving/reading it to the rom.
-
Sure I could post the patch for testing, but there are a few things we really need to figure out before getting all the code in there:
1. Where we will be injecting the custom play data - enough room for up to 4 players (we can calculate how much space this is to figure out). I currently have it pasted just after the last line of code in the ROM (the image table).
2. How these addresses will change if we add more images to the ROM - we need to make sure that we have permenant RAM addresses to read/write from. We don't want the game to be able to add more images and then change the RAM addresses we need to call from. This will screw up all the new code that will actually bring in the play data for each player.
So I guess one question I have is should leave like 0x1000 bits of empty space between the end of the image table and the custom data so that if you import new images, it will not shift the custom play data? We need those addresses to stay constant. Also, I noticed that increasing the amount of RAM by a large amount loaded in after the image table (by increasing that value at 154140), it can drastically affect game performance, so we need to be sure where the custom data is stored isn't too far down into the empty area of the ROM.
-
awesome! Just wanted to let you know I did get your email, I might not be able to check it out for a few days though due to the holidays. Thanks for sending me it!
-
No problem at all. It is probably going to take a while to figure out how to get the hack to turn on custom playbooks w/out the pin.
-
Made some good progress over the last few days! I was able to get the "use team plays" to load up whatever the first playbook is in the ROM perfectly. As soon as you input the cheat, it loads the first book with no issues. However, the logic to check to see if another playbook is in rom is not quite right, so it doesn't try and load up the other playbooks data. Unfortunately the addresses where I'm sticking all this new code is run dry... and that's only for the first player's code (Which means in total it will need 4 times the space). It is a pretty brute force way of checking and loading data though, so I maybe able to shorten it so that all the code can fit in one area. Below are the notes for the code as is. Some of the logic is still not right, but figured I would post it here if you were interested anyway.
//loading play notes //
//80250DEC ---> BEGINNING OFLOADING CUSTOM PLAY
//A0 --> keeps track of which plaer it is entering pin (0x0 - 0x3)
//custom cheat notes -- replacing use team plays with custom play toggle
in ROM version D_4books.z64 -- book1 @ fddfa0 "AAAAA"|||| book2 @ fdf320 "YAXETY"|||| book3 @ fe06a0 "SEXONT"|||| fe1a20 "WEATHE" // INCREASED 150C40 TO A32 --> INCLUDES ALL BOOKS
/* registers of interest
S3 - what cheat (0x22 for use team plays)
A3 - tracks what player inputted cheat (0x0 - 0x03)
T1 - INCEASE + 1 FOR FINDING CORRECT PLAYER
T2 - INCREASE + 1 WHEN LOADING IN PLAYBOOKS
T3 - CURRENT PLAYBOOK NUMBER
V0 - location of playbook to be loaded IN rom
S8 - location of player data to be written - P1 = 0x802ADF20; p2 = 0x802AF298; p3 = 0x802B0610; p4 = 0x802B1988
V1 - end of playbook to be loaded
T6 - first bit of playbook loaded
T7 - second bit of playbook loaded
S7 - 3rd bit
T8 - 4th bit
EMPTY REGS YOU CAN USE: V0,V1, T1,T2,T3,T6,T7,S4,S7,T8,S8
psedocode
1. start in use team plays
2. watch for it to be triggered
3. figure out which player it was that triggered it
4. load in playbook based on a variable X1
5. increase X1 + 1
6. if X1 = 3, reset X1 = 0
7. clear all regs back to orginal for custom cheats
8. jump back to original team plays cheat J $0024BBA4
*/
// LIST OF ADDRESSES AND WHAT THEY WILL BE USED FOR --between image table and custom play data//
0x800AE330 //boolean for if custom plays are loaded or not - 0 == no custom plays; 1 = custom plays ; 00071ae8 in branches
0x800AE334 //variable for P1 monitoring which playbook is loaded; 0 = no playbook loaded; 1 = playbook 1; 2 = plabook 2; 3 = playbook 4
0x800AE338 //variable for P2 monitoring which playbook is loaded; 0 = no playbook loaded; 1 = playbook 1; 2 = plabook 2; 3 = playbook 4
0x800AE33c //variable for P3 monitoring which playbook is loaded; 0 = no playbook loaded; 1 = playbook 1; 2 = plabook 2; 3 = playbook 4
0x800AE340 //variable for P4 monitoring which playbook is loaded; 0 = no playbook loaded; 1 = playbook 1; 2 = plabook 2; 3 = playbook 4
//part 0 - skip all this if it's a different cheat
0x71988 addiu s4,s4,$0022 //load 22 into s4 (22 = use team plays reg value)
0x7198C bne s4,s3, $00071ae8 //check to see if it's the "use team plays" cheat; branch to jump out (0x71AE8) if not
0x71990 SW R0, $0014(sp) //from original code
0x71994 SUB s4,s4,s4 //clear s4
0x71998 SW V1, $0000(T0) //store 0 into UTP address to turn it off
0x7199C SUB v0,v0,v0 //clear V0
// part 1 - check to see if custom playbooks are even in the ROM
0x719a0 LUI S4, $800B //this part looks to see if custom plays are even in the ROM. Branch to custom code if not; 800BE000 IS ACTUALLY 800AE000
ADDIU s4, s4, $E330 //load address to monitor which playbook is loaded here /// 0xfddf90 IN ROM
LW T2, 0X0000(s4) //load value at 800BE300 into T2
BGTZ T2, $00071ae8 //Is there a custom play loaded? If so, T2 should be > 0 and it won't branch. If == 0, it will branch
nop
sub s4,s4,s4
sub t2,t2,t2
// part 2 - check to see what player is trying to load custom playbook
0x719bc BNE A3, T1 $00071XXX //are you P1? if not, branch
nop
// part 2.1 - load player 1 custom playbook 1
LUI S4, $800B
ADDIU s4, s4, $E334 //load address to monitor which playbook is loaded here
LW T2, $0000(s4) //load value at 800BF000 into T2
0x719d0 BNE T2, T3 $YY1 //has playbook 1 already loaded? branch if not; will load first playbook if not
NOP
SUB V0, V0, V0 //START OF LOADING FIRST PLAYBOOK FOR PLAYER 1
LUI v0, $800B
ADDIU V0, V0, $E370 //location of 1st playbook
SUB V1,V1,V1
lui V1, $800B
addiu v1,v1, $F6F0 //end of first playbook
addiu t2,T2, $0001 //increase t2 (playbook #) + 1
J YY5
nop
// part 2.2 - load player 1 custom playbook 2
719fc addiu T3,T3, $0001 //increase T3 (playbook #) + 1
YY1 BNE T2, T3 $YY2 //has playbook 2 already loaded? branch if not; will load first playbook if not
NOP
SUB V0, V0, V0 //START OF LOADING FIRST PLAYBOOK FOR PLAYER 1
LUI v0, 0X800B
ADDIU V0, V0, 0xF6F0 //location of 1st playbook
SUB V1,V1,V1
lui V1, $800C
addiu v1,v1, $0A70 //end of first playbook
addiu t2,t2, $0001 //increase S4 (playbook #) + 1
J YY5
nop
// part 2.3 - load player 1 custom playbook 3
addiu T3,T3, $0001 //increase T3 (playbook #) + 1
YY1 BNE T2, T3 $YY2 //has playbook 2 already loaded? branch if not; will load first playbook if not
NOP
SUB V0, V0, V0 //START OF LOADING FIRST PLAYBOOK FOR PLAYER 1
LUI v0, $800C
ADDIU V0, V0, $0A70 ` //location of 3rd playbook
SUB V1,V1,V1
lui V1, 0x800C
addiu v1,v1, $1DF0 //end of first playbook
addiu t2,t2, $0001 //increase S4 (playbook #) + 1
J YY5
nop
// part 2.4 - load player 1 custom playbook 4
addiu T3,T3, $0001 //increase T3 (playbook #) + 1
YY1 BNE T2, T3 $YY2 //has playbook 2 already loaded? branch if not; will load first playbook if not
NOP
SUB V0, V0, V0 //START OF LOADING FIRST PLAYBOOK FOR PLAYER 1
LUI v0, $800C
ADDIU V0, V0, $1DF0 //location of 4th playbook
SUB V1,V1,V1
lui V1, 0x800C
addiu v1,v1, $3170 //end of first playbook
sub t2,t2,t2 //reset t2 counter to 0
sub t3,t3,t3 //reset T3
J 71a88
nop
YY5
LW T6, 0x0000(V0) //load in data from first playbook in ROM
LW T7, 0x0004(V0)
LW S7, 0x0008(V0)
LW T8, 0x000C(V0)
SW T6, 0x0000(s8) //store data from first playbook into P1 data
SW T7, 0x0004(s8)
SW S7, 0x0008(s8)
SW T8, 0x000C(s8)
addiu V0,V0, 0x0010
BNE V0, S8, 0xXXX4 // when V0 = S8, branch back to original cheat code
ADDIU S8,S8 0x0010 //increase book size
0xXXX4
sub v1,v1,v1 //clear registers back to orginal values
sub v0,v0,v0
sub t6,t6,t6
sub t7,t7,t7
sub S7,S7,S7
sub T8,T8,T8
sub T1,T1,T1
sub T2,T2,T2
sub s4,s4,s4
sub t3,t3,t3
J $8024BBA4 //END OF LOOP; go back to "use team plays" function
sub s4,s4,s4 //set s4 back to nothing
-
Got the code more efficient and working so that player 1 can import any of the 4 custom playbooks! The issue now is that apparently the variable that tracks which player is loading the data is actually not related to the player controller, but which slot they are when you start a game (i.e. if controller 3 is the only person playing and moves to the top left slot when starting a game, the variable will be as if it's player 1, not 3). This is an issue because it needs to know the correct controller because the area where it fills in the data always pulls from the same spot. So player 3, even if he's loaded in as player 1, still pulls the custom plays from the 3rd slot. It should work once I figure out how to find the correct player number though. Here's the updated code:
//part 0 - skip all this if it's a different cheat
0x71988 addiu s4,s4,$0022 //load 22 into s4
0x7198C bne s4,s3, $00071ae8 //check to see if it's the "use team plays" cheat; branch to jump out (0x71AE8) if not
0x71990 SW R0, $0014(sp) //from original code
0x71994 SUB S4,S4,S4 //clear s4
0x71998 SW S4, $0000(T0) //store 0 into UTP address to turn it off
0x7199C SUB v0,v0,v0 //clear V0
// part 1 - check to see if custom playbooks are even in the ROM
0x719a0 LUI S4, $800B //this part looks to see if custom plays are even in the ROM. Branch to custom code if not; 800BE000 IS ACTUALLY 800AE000
ADDIU s4, s4, $E330 //load address to monitor which playbook is loaded here /// 0xfddf90 IN ROM
LW T2, 0X0000(s4) //load value at 800BE300 into T2
BGTZ T2, $00071AE8 //Is there a custom play loaded? If so, T2 should be > 0 and it won't branch. If == 0, it will branch
nop
////////////////////////////
0x719B8 SUB V0, V0, V0
SUB V1, V1, V1
SUB T1, T1, T1
SUB T2,T2,T2
SUB T6,T6,T6
SUB T7,T7,T7
SUB T8,T8,T8
SUB S4,S4,S4
//load in correct player
0x719D8 ADDIU T1, T1, $1380 //playbook size increaser
MULT T2, A3, T1 //use this as the offset to bring in the correct plabook
MFLO T2
LUI v0, $802B
ADDIU V0, v0, $DF20 //location of playbook1
addiu v0, T2,v0 //set correct offset for which player
//load in correct playbook
ADDIU T6,T6, $4 //load up x4 multipler into T6
MULT T6,T6,A3 //multiply player # * 4 to pull up correct address to monitor (should be 800AE334, 800AE338, 800AE33C, 800AE340)
MFLO T6
0x71A04 LUI S4, $800B
ADDIU S4, S4, $E334 //finds the correct address to monitor which players playbooks are needed
ADD S4,T6,S4
LW T7, $0000(S4)
MULT T7,T1
MFLO T7
0x71A1C LUI S8, $800B
ADDIU S8,T7,$E370 //goto the correct playbook to load for any player
ADD S8,T7,S8
DIV T7,T7,T1
MFLO T7
ADDIU T7,T7, $1 //increase S4 + 1
0x71A34 SW T7,$0000(S4)
ADDIU T8,T8, $5
BEQ T8,T7, $80071A58
NOP
J $00070E70
NOP
0x71A58 SUB T7,T7,T7
SW T7, $0000(S4)
J $00070E70
0x71A70 sub t6,t6,t6
sub t7,t7,t7
sub S7,S7,S7
sub T8,T8,T8
ADD V1,S8,T1
0x71A88 LW T6, 0x0000(S8) //load in data from first playbook in ROM
LW T7, 0x0004(S8)
LW S7, 0x0008(S8)
LW T8, 0x000C(S8)
SW T6, 0x0000(V0) //store data from first playbook into P1 data
SW T7, 0x0004(V0)
SW S7, 0x0008(V0)
SW T8, 0x000C(V0)
addiu S8,S8, 0x0010
BNE S8, V1, 0x00071A88 // when V0 = S8, branch back to original cheat code
ADDIU V0,V0 0x0010 //increase book size
SUB S8,S8,S8
sub v1,v1,v1 //clear registers back to orginal values
sub v0,v0,v0
sub t6,t6,t6
sub t7,t7,t7
sub S7,S7,S7
sub T8,T8,T8
sub T1,T1,T1
sub T2,T2,T2
sub s4,s4,s4
sub t3,t3,t3
J $8024BBA4 //END OF LOOP; go back to "use team plays" function
sub s4,s4,s4 //set s4 back to nothing
-
awesome work! hope to check out the rom this weekend and get reading/writing to the rom worked on.
-
I slightly changed the ROM since I last sent you (just moved the custom plays down a bit so I had some free addresses to store variables). I will send an updated one soon.
-
I almost have this working... The issue I have right now is I need to save the register values prior to modifying them for the hack to the stack and then recall them after our hack is finished. I haven't had to use the stack at all yet, so I'm still trying to figure out exactly how it works. From what I gather I need to just make room on the stack, push the reg values onto it, do our new code, and then pop the reg values off the stack. However if for whatever reason this won't work (because maybe the stack has some values it's already using that get written over or something), I will have to store them all in addresses and then load them back which is more time consuming. I'll try and have it ready in the next few days.
-
Honestly that sounds beyond me, thanks for putting so much time towards this project! Not sure we would have that much new content with out you haha. I'm starting to get some time for coding projects now that the holidays have past and the NFL season is about done. You able to send the updated ROM? if not I can continue with the one you sent.
-
No problem. I'm really eager to see if we can get the external playbook editor working with this hack soon! It should be awesome!
I have almost gotten the hack completely worked out - just a few additions I want to add. I ended up not trying to use the stack to save the register values that I needed to - I just saved them in some empty RAM I found and it worked great.
The last thing I want to try and work out is displaying the name of the playbook instead of the default "use team plays" when you enter the cheat. This maybe tough because it will require using the function that prints text and I'm not sure how it does it. Regardless, we should have a release ready soon that will work with the external playbook editor.
-
I figured out that the way the game calls the various cheat names to display when they are entered are simply in a table. I think I will be able to modify the code slightly to use the addresses of the names of the various playbooks. The hack should be just about ready by that point!
-
Alright I think the hack is good to go. Just need the external editor to edit the plays now. Here is the code with a few notes on how it works. I may add more notes later to remind me how it all works...
8024BB9C: J 0x80070D88 //jump out of function that loads cheats to inject our new code
8024BBA0: SW S3, $0x0010 (SP)
//func_loaddata
80070D88: NOP
80070D8C: ADDIU S7, S7, 0x0022 //set s7 to 22
80070D90: BNE S7, S3, 0x800713AC//is s7 != s3? If so, its another cheat; jump out
80070D94: SW R0, 0x0014 (SP)
80070D98: NOP
80070D9C: J 0x80071298 //jump to other part of function that saves registers
80070DA0: SW R0, 0x0000 (T0) //make sure use team plays cheat always resets to 0 so you can activate it again
//func_regs
80071298: SUB S3, S3, S3
8007129C: ADDIU S3, S3, 0x002C
800712A0: MULT S4, S3
800712A4: MFLO S3
800712A8: LUI S7, 0x8025
800712AC: ADDIU S7, S7, 0x0DEC
800712B0: ADD S7, S3, S7
800712B4: NOP
800712B8: SUB S3, S3, S3
800712BC: ADDIU S3, S3, 0x0022
800712C0: NOP
800712C4: NOP
800712C8: NOP
800712CC: NOP
800712D0: SW S4, 0x0000 (S7)
800712D4: SW K0, 0x0028 (S7)
800712D8: ADD K0, S4, R0
800712DC: SW S8, 0x0004 (S7)
800712E0: SW V0, 0x0008 (S7)
800712E4: SW V1, 0x000C (S7)
800712E8: SW T1, 0x0010 (S7)
800712EC: SW T2, 0x0014 (S7)
800712F0: SW T3, 0x0018 (S7)
800712F4: SW T6, 0x001C (S7)
800712F8: SW T7, 0x0020 (S7)
800712FC: SW T8, 0x0024 (S7)
80071300: SUB S7, S7, S7
80071304: SUB S8, S8, S8
80071308: SUB V0, V0, V0
8007130C: SUB V1, V1, V1
80071310: SUB T1, T1, T1
80071314: SUB T2, T2, T2
80071318: SUB T3, T3, T3
8007131C: SUB T6, T6, T6
80071320: SUB T7, T7, T7
80071324: SUB T8, T8, T8
80071328: ADDIU T6, T6, 0x0004
8007132C: MULT T6, A3
80071330: MFLO A3
80071334: LUI S4, 0x8029
80071338: ADDIU S4, S4, 0x42A0
8007133C: ADD S4, A3, S4
80071340: LW A3, 0x0000 (S4)
80071344: LUI S7, 0x800B
80071348: ADDIU S7, S7, 0xE330
8007134C: J 0x80070DA4 //jump back to previous // break
80071350: NOP
//func_loaddata
80070DA4: LUI S4, 0x800B
80070DA8: ADDIU S4, S4, 0xE330
80070DAC: LW T2, 0x0000 (S4)
80070DB0: BEQ T2, R0, 0x80071358
80070DB4: NOP
80070DB8: SUB V0, V0, V0
80070DBC: SUB V1, V1, V1
80070DC0: SUB T1, T1, T1
80070DC4: SUB T2, T2, T2
80070DC8: SUB T6, T6, T6
80070DCC: SUB T7, T7, T7
80070DD0: SUB T8, T8, T8
80070DD4: SUB S4, S4, S4
80070DD8: ADDIU T1, T1, 0x1378
80070DDC: MULT A3, T1
80070DE0: MFLO T2
80070DE4: ADDIU T8, T8, 0x1380
80070DE8: LUI V0, 0x802B
80070DEC: ADDIU V0, V0, 0xDF20
80070DF0: ADD V0, T2, V0
80070DF4: NOP
80070DF8: ADDIU T6, T6, 0x0004
80070DFC: MULT T6, A3
80070E00: MFLO T6
80070E04: LUI S4, 0x800B
80070E08: ADDIU S4, S4, 0xE334
80070E0C: ADD S4, T6, S4
80070E10: LW T7, 0x0000 (S4)
80070E14: MULT T7, T8
80070E18: MFLO T7
80070E1C: LUI S8, 0x800B
80070E20: ADDIU S8, S8, 0xE370
80070E24: ADD S8, T7, S8
80070E28: DIV T7, T8
80070E2C: MFLO T7
80070E30: ADDIU T7, T7, 0x0001
80070E34: NOP
80070E38: SUB T8, T8, T8
80070E3C: NOP
80070E40: NOP
80070E44: ADDIU T8, T8, 0x0004
80070E48: BEQ T8, T7, 0x80070E58
80070E4C: SUB T8, T8, T8
80070E50: J 0x80070E70
80070E54: SUB T6, T6, T6
80070E58: SUB T7, T7, T7
80070E5C: NOP
80070E60: J 0x80070E70
80070E64: SUB T8, T8, T8
80070E68: J 0x800E5B68
80070E6C: NOP
80070E70: SUB T6, T6, T6
80070E74: SUB T7, T7, T7
80070E78: ADDIU T8, T8, 0x1350
80070E7C: SUB S7, S7, S7
80070E80: ADD V1, T8, S8
80070E84: NOP
80070E88: LW T6, 0x0000 (S8)
80070E8C: LW T7, 0x0004 (S8)
80070E90: LW S7, 0x0008 (S8)
80070E94: LW T8, 0x000C (S8)
80070E98: SW T6, 0x0000 (V0)
80070E9C: SW T7, 0x0004 (V0)
80070EA0: SW S7, 0x0008 (V0)
80070EA4: SW T8, 0x000C (V0)
80070EA8: ADDIU S8, S8, 0x0010
80070EAC: BNE S8, V1, 0x80070E88
80070EB0: ADDIU V0, V0, 0x0010
80070EB4: SUB S8, S8, S8
80070EB8: NOP
80070EBC: NOP
80070EC0: NOP
80070EC4: SUB S7, S7, S7
80070EC8: SUB T8, T8, T8
80070ECC: SUB T1, T1, T1
80070ED0: SUB T2, T2, T2
80070ED4: SUB S4, S4, S4
80070ED8: SUB T3, T3, T3
80070EDC: SUB T6, T6, T6
80070EE0: SUB V0, V0, V0
80070EE4: SUB V1, V1, V1
80070EE8: J 0x80071354 //jump to other func_regs to load back registers
80070EEC: SUB S4, S4, S4
//func_regs
80071354: SUB S3, S3, S3
80071358: ADDIU S3, S3, 0x002C
8007135C: MULT K0, S3
80071360: MFLO S3
80071364: LUI S7, 0x8025
80071368: ADDIU S7, S7, 0x0DEC
8007136C: ADD S7, S3, S7
80071370: SUB S3, S3, S3
80071374: ADDIU S3, S3, 0x0022
80071378: LW S8, 0x0004 (S7)
8007137C: LW V0, 0x0008 (S7)
80071380: LW V1, 0x000C (S7)
80071384: LW T1, 0x0010 (S7)
80071388: LW T2, 0x0014 (S7)
8007138C: LW T3, 0x0018 (S7)
80071390: LW T6, 0x001C (S7)
80071394: LW T7, 0x0020 (S7)
80071398: LW T8, 0x0024 (S7)
8007139C: LW S4, 0x0000 (S7)
800713A0: LW K0, 0x0028 (S7)
800713A4: NOP
800713A8: NOP
800713AC: J 0x8024BBA4 //return to original code for cheats
800713B0: SUB S7, S7, S7
//func_writeText
8024BCF4: J 0x800068F7C //jump out of func that writes text to make it read from playbook titles
8024BB9C: LUI A2, 0xFF00
//func_writeCustomBookText //this part fixes the text to show the book names and for the correct
players
80068F7C: ADDIU S7, S7, 0x0022
80068F80: BNE S3, S7, 0x80069080//is it the right cheat? Branch if not out of this part
80068F84: SUB S7, S7, S7
80068F88: SUB S2, S2, S2
80068F8C: ADDIU S2, S2, 0x0004
80068F90: MULT S2, S4
80068F94: MFLO S4
80068F98: LUI S7, 0x8029
80068F9C: ADDIU S7, S7, 0x42A0 //address where game tracks which player is in each slot
80068FA0: ADD S7, S7, S4
80068FA4: LW S7, 0x0000 (S7)
80068FA8: LUI A3, 0x800B
80068FAC: ADDIU A3, A3, 0xE334
80068FB0: MULT S7, S2
80068FB4: MFLO S7
80068FB8: ADD A3, S7, A3
80068FBC: LW S7, 0x0000 (A3) //loads correct address from book tracker
80068FC0: NOP
80068FC4: NOP
80068FC8: NOP
80068FCC: NOP
80068FD0: LUI A3, 0x800B
80068FD4: ADDIU A3, A3, 0xE370 //location of beginning of book 1
80068FD8: SUB S2, S2, S2
80068FDC: ADDIU S2, S2, 0x1380 //offset of entire book to skip to different books in multiples of 1380
80068FE0: MULT S7, S2
80068FE4: MFLO S2
80068FE8: ADD A3, S2, A3
80068FEC: SUB S3, S3, S3
80068FF0: ADDIU S3, S3, 0x0004
80068FF4: ADDIU S7, S7, 0x0001 //increase value of book number tracker
80068FF8: BEQ S3, S7, 0x8006905C//is the book tracker == 4? if so, branch to reset it to the first book
80068FFC: SUB S2, S2, S2
80069000: NOP
80069004: LUI S2, 0x8029
80069008: ADDIU S2, S2, 0x42A0
8006900C: ADD S2, S4, S2
80069010: LW S2, 0x0000 (S2)
80069014: MULT S2, S3
80069018: MFLO S2
8006901C: SUB S3, S3, S3
80069020: LUI S3, 0x800B
80069024: ADDIU S3, S3, 0xE334
80069028: ADD S3, S3, S2
8006902C: SW S7, 0x0000 (S3)
80069030: SUB S7, S7, S7
80069034: ADDIU S7, S7, 0x0004
80069038: DIV S4, S7
8006903C: MFLO S4
80069040: SUB S7, S7, S7
80069044: SUB S3, S3, S3
80069048: ADDIU S3, S3, 0x0022
8006904C: SUB S2, S2, S2
80069050: ADDIU S2, S2, 0x0008
80069054: J 0x8024BCFC
80069058: NOP
8006905C: SUB S7, S7, S7
80069060: NOP
80069064: NOP
80069068: NOP
8006906C: J 0x80069000
80069070: NOP
80069074: NOP
80069078: J 0x8024BCFC
8006907C: NOP
80069080: J 0x8024BCFC
80069084: LW A3, 0x2F84 (A3)
80069088: NOP
8006908C: SUB R0, R0, R0
80069090: ADDU R0, R0, R0
-
Tested the hack a bit today. It seems like everything is pretty much working, although in Project64 I got a fatal error twice at random points. I'm not sure why this is (the error message had no good information about it), but I changed the setting in the ROM config from "physical lookup table" to "virtual lookup table" and I never had it appear again. Hopefully this fixes it.
-
Jake: with folks putting in some new graphics, I was thinking about the hack where we have the external playbooks loaded onto the ROM. I was worried that if people import new images into the ROM (such as the Texans away uniforms), that it will automatically write over that data as it comes right after the image table. Is this the case? Either way, even if it automatically shifted down the code for the external playbooks, this will mess up all the custom code for loading the books as the way I have it written right now will still pull from the same addresses, but there will of course be image table info there instead.
We could remedy the situation by having the graphics editor also modify the code I have for loading the custom books to shift accordingly. It should only be a few lines here or there. Let me know what you think.
-
Jake: with folks putting in some new graphics, I was thinking about the hack where we have the external playbooks loaded onto the ROM. I was worried that if people import new images into the ROM (such as the Texans away uniforms), that it will automatically write over that data as it comes right after the image table. Is this the case? Either way, even if it automatically shifted down the code for the external playbooks, this will mess up all the custom code for loading the books as the way I have it written right now will still pull from the same addresses, but there will of course be image table info there instead.
We could remedy the situation by having the graphics editor also modify the code I have for loading the custom books to shift accordingly. It should only be a few lines here or there. Let me know what you think.
Yeah we for sure can get it to work. I could probably add code to the play editor also to read and edit the hack to move the plays down farther.
-
I think I figured out some more details about how the game pulls in the custom plays. I noticed the play data in RAM for the first custom play is actually the exact same as before I imported some new graphics. I think this will make things much easier - i.e. I don't think the absolute address matters for the custom plays as long as they don't move relative to where they are in the file table. On the other hand, it seems that the 2,3,4 playbooks aren't looking correctly. I'm wondering if something got moved slightly when I used the editor as I had left some space between plays. I think that this could possibly shift all of the addresses if so. I'll look into it and let you know. I think that we may actually get away with not even having to edit the code based on what I've seen so far.
-
Great news! All other files in the fletable are mapped based on the position they are in the table and not actual address so I guess that would make sense with the play data.
-
It turns out that the only problem with the custom plays was the first book had 2 bytes missing from somewhere... Not sure where though. I added two bytes of 00 00 and it made all the custom plays load properly. Only thing is it offset the new files I imported in and corrupted them, but I think I should be able to delete them, import them in again for it to work (as long as it doesn't change the first book again like it did last time).
edit: So I think the issue was actually from before I added plays. It may have been when I tried using the beta play editor. Anyway, it looks like it works perfectly with an older version that didn't have the bytes missing.