There is a fixed difference between the save state offset and RAM address, for pSX at least (doesn't compress the save states). You can lean on the hex editor for searching the save state. If you are using a debugger then the bytes are right their ready to be fuzzed, you can save/reload state and the turn around time is instant. (Just be mindful that memory transfers will use word copies for byte arrays). You will see one of the following assembly instructions: You can use a debugger to verify the size of data once you know where it lives in RAM. However small data like a byte may just happen to be 4 byte aligned. The instruction set requires that 4 bytes words lie on a 4 byte boundary, likewise for halfs (2 bytes). The MIPS CPU strictly enforces alignment of data. Tune you eye to see 80 in the third column of a 4 byte word, it's and important signature for a pointer. Pointers which refer to cached memory are in the 2 MB range:Ġx80000000 (00 00 00 80) - 0x801FFFFF (FF FF 1F 80) The PS1 memory addresses usually end in 0x80 Quote from: weissvulf on February 15, 2018, 05:22:33 PM I would try to edit them, 1byte or 2bytes at a time and see what changes. There's an obvious pattern counting up by 1 for each new character (04 > 05 > 06 etc)- perhaps progressing through a table list of moves. They are probably 1 or 2 bytes long (not 4) but I have seen such tables use 1bit tags. They are likely NOT full memory addresses, but maybe 'relative' addresses to look up combat moves in a table. That verifies that the names are listed at the END of each structure. EDIT: I checked, and they are pointers to the character names.
The converter tool HERE should help you locate where these addresses are pointing to. The PS1 memory addresses usually end in 0x80 (aka have the highest bit set), so the first 4 bytes are a RAM address. If the variable length names are at the end of the structure (like Valendian says), the entries would look like this:į4210280 044A 0404 0404 020B. Keep in mind, the PS1 is little endian, meaning byte order is reversed. Other than the names and their fill, there are three 4byte chunks left. You can usually write over these 00s with more text, as long as you leave at least one 00 at the end. Like Valendian said, the 00s after the names are 'end-text' markers, filled to the next 32bit boundary. Because of that, if you use HxD hex editor, and set the view to 'byte group size=4', you'll be able to spot patterns easier. PS1 data is almost always aligned to 32bit chinks.
0 kommentar(er)
