Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1.  
  2. \\This document lists .EXE addresses for editing//
  3.  
  4. Offsets
  5. Section Virtual Address Raw Address Delta
  6. .text 00401000 00000400 00400C00
  7. .rdata 007B6000 003B4C00 00401400
  8. .data 007BA000 003B8A00 00401600
  9. .rsrc 00F51000 0059BA00 009B5600
  10.  
  11. Add Resist to displayed Statuses
  12. 41C4C0 = 90 90 90 90 90 90
  13. 41C5B9 = 90 90 90 90 90
  14. 6E17FB = B9 20 00 00 00
  15. 6DD2A4 = B9 20 00 00 00
  16.  
  17.  
  18. Enemy Phys. Defence Doubled Here at Battle Start:
  19. 5D08CE
  20. and MDEF:
  21. 5D08DF
  22.  
  23.  
  24. Special Effects
  25.  
  26. Procedure MdefBug_6C51DE; stdcall; //fixed by NFITC1
  27. Begin
  28.  
  29. asm
  30. mov eax,[ebp-08]
  31. mov ecx,[eax*4+$919928]
  32. imul ecx,ecx,$84
  33. xor edx,edx
  34. mov dl,[ecx+$DBFDA9]
  35. imul edx,edx,$24
  36. xor eax,eax
  37. mov al,[edx+$DBCCE3]
  38. mov[ebp-04],eax
  39. end;
  40. Could use to rewire Spirit's value in MDEF and perhaps Vit as
  41. well if it's close by.
  42.  
  43. Multi-hit: 5DC913 (exact line where edx is set to multi-hit value)
  44.  
  45. 5dd415 - Dragon Force effect
  46. 5dd1a6 - Howling Moon effect
  47. 5dd183 - Lunatic High effect
  48. 5dd158 - Hero Drink effect
  49.  
  50.  
  51. However, the correct text will also need adding back if not present
  52. (Luksy's touphScript will need an update too if not adding back with hex)
  53.  
  54. For example, to add Resist back
  55.  
  56. 91E94A = 32 45 53 49 53 54 FF
  57.  
  58.  
  59. Where the text list is loaded for materia type
  60. 0070B3A6
  61.  
  62. 6F59FB Corrupts text
  63.  
  64. Check 99e350 to locate special wep formulas
  65.  
  66. 05DC901 = battle special formula jump
  67.  
  68. Missing Score
  69. 5DFD2E
  70.  
  71. 99e350 (99E308 + 48
  72.  
  73. Kills variance
  74. 005DE80E nop that for X1
  75.  
  76.  
  77. Divisor that affects the 'enemies killed = damage' formula
  78. This changes it from
  79. [((Enemies killed by Vincent)/128)+10]/16
  80.  
  81. to
  82.  
  83. [((Enemies killed by Vincent)/16)+10]/16
  84. 0x1DC929 07 -> 04
  85.  
  86.  
  87. savemap stuff done by a defunct earth harp script.
  88. Dips into cait and vince scripts. Could use these
  89. if comparing young cloud/seph to cait/vince for hacks.
  90. byte_DC00A5 = 1;
  91. byte_DC00A4 = 6;
  92. byte_DC00B2 = 1;
  93. byte_DC00B3 = -1;
  94. dword_DC00E0 = 0xFF FF FF;
  95. byte_DC0129 = 1;
  96. byte_DC0128 = 7;
  97. byte_DC0136 = 1;
  98. byte_DC0137 = -1;
  99. dword_DC0164 = 0xFF FF FF
  100.  
  101.  
  102. Potential Leads on Kernel Equip stat calcs
  103.  
  104. 704FD3
  105. 005ce8eb
  106. 005cb65c
  107.  
  108. Starts 6C51FC
  109.  
  110. Based on this, I need to somehow make it take the 3rd and 4th slot
  111. and deduct from it rather than add. As it stands, I can't deduct
  112. as this does it by stat rather than slot.
  113.  
  114. 6C5229: Affects Strength
  115.  
  116. 6C524F: Affects Vitality
  117.  
  118. 6C5275: Affects Magic
  119.  
  120. 6C5298: Affects Spirit
  121.  
  122. 6C52BB: Affects Dexterity
  123.  
  124. 6C52DE: Affects Luck
  125.  
  126.  
  127.  
  128. 006C5529 - accesses the chunk of enhance sword associated with stat boosts,
  129. maybe isolate this down to only the stat value itself?
  130.  
  131. 006C524F: First Weapon Stat Add
  132.  
  133. 6C56E3 - Armour: 2nd Stat
  134.  
  135.  
  136. Command Addresses
  137.  
  138. 5C8FB0:
  139.  
  140. 5C8FC6:
  141.  
  142. 5C8FDF:
  143.  
  144. 5C904D:
  145.  
  146. 5C9150:
  147.  
  148. 5C928E:
  149.  
  150. 5C92A7:
  151.  
  152. 5C930A:
  153.  
  154. 5C930F:
  155.  
  156. 5C93A1: Morph [false]
  157.  
  158.  
  159.  
  160.  
  161.  
  162. 5C9C67 (START) - SUBTRACT 8
  163. Copies memory from 99CE0C
  164. Copy 16
  165. Copies 99CE0C again
  166. compares dword ptr ecx for 3
  167. Jump to 5C9DB7 is not less (returned false)
  168. Copies 99CE0C
  169. Copies eax,[edx]
  170. Signed multiple by 18
  171. Adds 9A8E54 to eax
  172. Copies eax
  173. Copies ecx
  174. xor edx, edx
  175. Copy dl,ecx
  176. Copy 99CE0C
  177. Copy edx,eax
  178. [some stuff]
  179.  
  180. Push 05
  181. Call 5CA766
  182. Subtract 8 from esp
  183. Then eax gets a signed divide of 2, 6 times (12)
  184. No change when modified
  185. [Some memory copy stuff for 99CE0C]
  186.  
  187. Multiply by 2, 2 times
  188.  
  189. 5C80A7: seems to be a loop here for a divide once by 2
  190. Animation related (see below)
  191.  
  192. 5C80E5: Signed divide by 2, 8 times here
  193. Seems to affect animation; cloud hops forward and back
  194. but does nothing when changed to 2.
  195.  
  196.  
  197. 5C80F7: multiple by 2, once
  198.  
  199. 5D17E1: Signed divide by 2, 4 times
  200. Changing it lower reduces damage instead of increasing it.
  201. Changing it higher seems no effect. Something else?
  202.  
  203. 5D9DF9: Multiply by 2, CL times
  204.  
  205. 5DC1F5: dIVIDE BY 2, 3 times
  206. No
  207.  
  208. 433675: Divide by 2, 5 times
  209. No
  210.  
  211. 5CA76F: divide by 2, 3 times
  212. No
  213.  
  214. Potential lead on Flash (and other command addresses)
  215. [On making it so that statuses don't get added to Flash]:
  216. This can be done at 5CA65F. I just need to change it to make ecx = 1 regardless.
  217. So only death will be used with Flash. Nothing else.
  218.  
  219. Access Menu while in the Sub
  220. E045E4: Set to 2
  221.  
  222. Sadness Calculation
  223. 005DE970
  224. imul eax, eax, 03 (03 = 30%, change to desired value)
  225.  
  226.  
  227. Passive EXP Gain
  228. Use a hex editor on ff7.exe to change the values at 0x1C6301 from-
  229.  
  230. (need to examine this in-game to determine what's happening here,
  231. I suspect it's an offset? Gotta find out what these values represent)
  232.  
  233. Code: [Select]
  234. D1 F8
  235. to
  236. Code: [Select]
  237. 33 C0
  238. That will give 0 exp to every out of battle character.
  239.  
  240.  
  241. {New physical accuracy
  242. #Hit% = Accuracy_of_Attack- Target's_Evade
  243. 5DDD47 = 90 90
  244. 5DDD81 = 90 90 90
  245.  
  246.  
  247. Tifa's Reels
  248. Address 0x51D4D0
  249. 1, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
  250. 1, 0, 2, 2, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
  251. 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  252. 1, 1, 0, 2, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
  253. 1, 1, 1, 0, 2, 2, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1
  254. 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  255. 1, 1, 1, 0, 0, 2, 0, 2, 0, 1, 1, 1, 1, 1, 1, 1
  256. 1, 1, 1, 1, 0, 0, 2, 0, 2, 0, 0, 1, 1, 1, 1, 1
  257. 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
  258. 1, 1, 1, 1, 0, 0, 0, 2, 0, 0, 0, 0, 1, 1, 1, 1
  259.  
  260.  
  261. Enemy Defence Doubled Here (suspected to not matter as it is overwritten by formula)
  262. PDEF: 5D08CE
  263. MDEF: 5D08DF
  264.  
  265.  
  266.  
  267. [Status Colours] - 8FE150 (4FD500) or does it start earlier??
  268. In Order:
  269.  
  270. \\4FD550//
  271. BF D9 4C : Yellow
  272. E8 D9 4C : Yellow
  273. Guess: Peerless? Seems to be short.
  274. If longer then starts from:
  275.  
  276. \\4FD558//
  277. 11 DA 4C : Green
  278. 3A DA 4C : Green
  279. 63 DA 4C : Green
  280. 8C DA 4C : Green
  281. Guess: Poison
  282.  
  283.  
  284. \\4FD563//
  285. C0 CF 4C,
  286. E9 CF 4C,
  287. 00 12 DC
  288.  
  289.  
  290.  
  291. [Poison Hacks]
  292.  
  293. This one allows enemies to be damaged by Poison element even if they're
  294. immune to the Poison status = Tested
  295. 0x433765 (0x032B65) 74 -> EB
  296.  
  297. This one converts Poison 'tick' damage into other elements:
  298. 0x5C9FCB (0x1C93CB): It's traditionally set to 0010h.
  299. Set that to any element mask you want. 0000h would be non-elemental.
  300.  
  301.  
  302. [Materia Effects: Editing]
  303.  
  304. These values start here:
  305. 0x8FEEC8 (0x4FD8C8
  306. And apparently ends here: 0x8FF017 (this is where elements are stored)
  307.  
  308. Starts with: 00, then first number, each separated by 00 (+) or an FF (-)
  309.  
  310. The way it works is that it has the Positive/Negative modifier first, followed by
  311. the value. So Tier 11 looks like this:
  312.  
  313. F6 FF F6 FF F6 FF F6 FF 00 00 00 00 FB FF FB FF
  314.  
  315. If the number is unchanged (like Dex and Lck here) then 00 is used for the value
  316. and the modifier. Note that FF denotes negative AND -1; don't get confused!
  317.  
  318.  
  319. FF -1
  320. FE -2
  321. FD -3
  322. FC -4
  323. FB -5
  324. FA -6
  325. F9 -7
  326. F8 -8
  327. F7 -9
  328. F6 -10
  329. F5 -11
  330. F4 -12
  331. F3 -13
  332. F2 -14
  333. F1 -15
  334. F0 -16
  335. EF -17
  336. EE -18
  337. ED -19
  338. EC -20
  339. EB -21
  340. EA -22
  341. E9 -23
  342. E8 -24
  343. E7 -25
  344. E6 -26
  345. E5 -27
  346. E4 -28
  347. E3 -29
  348. E2 -30
  349. E1 -31
  350. E0 -32
  351. DF -33
  352. DE -34
  353. DD -35
  354. DC -36
  355. CE -50
  356. CD -51
  357. CC -52
  358. CB -53
  359. CA -54
  360. C9 -55
  361. C8 -56
  362. C7 -57
  363. C6 -58
  364. C5 -59
  365. C4 -60
  366. C3 -61
  367. C2 -62
  368. C1 -63
  369. C0 -64
  370.  
  371. A0 -96
  372. 9F -97
  373. 9E -98
  374. 9D -99
  375. 9C -100
  376.  
  377.  
  378. Can keep going, the memory leak 15 shows that it can go as high as 128; any higher
  379. and it might creep into the negative values; I guess they meet each other in the
  380. middle at an equal split of Hex's maximum value: 256 (128 each way in other words).
  381.  
  382.  
  383. [Truly Random Encounters]
  384.  
  385. CurrentRandEncLUT = (GameTimerFraction >> 2) AND 255
  386. //this manipulation is required to get the full range in a byte
  387. because the fraction is increased by 1092 each tic.
  388.  
  389.  
  390. [Vincent Mug Glitch Fix]
  391.  
  392. 1. Open the ff7/battle/battle.lgp file in a hex editor.
  393. 2. Search for the case-sensitive ascii string "SHAB" without quotes.
  394. 3. Search for the byte sequence 17h 1Ch from the point you found the SHAB.
  395. 4. The byte preceding the 17h should be 12h.
  396. My mostly-unaltered battle.lgp file has this at address 0x3A7D7F2.
  397. 5. Change this 12h to something less. I tried 0Ch and it looks nice.
  398.  
  399.  
  400. [Command Materia Editing]
  401.  
  402. So this hack is to have commands not replace each other when they're unlocked
  403. on Command Materia (for instance, having Sense and Morph on the same Materia).
  404. Commands will still appear as greyed out in the menu, but a fix for that is
  405. below this primary fix.
  406.  
  407. Segment starts at 0x5CEC0B (0x1CE00B)
  408.  
  409. Address for the Edit: 1CE023
  410. 0F 8C BB 00 00 00
  411. 8B 55 08
  412. 81 E2 FF 00 00 00
  413. 6B D2 14
  414. 8B 45 F8
  415. 33 C9
  416. 8A 8C 02 6E DF DB 00
  417. 81 F9 FF 00 00 00
  418. 74 1C
  419. 8B 55 08
  420. 81 E2 FF 00 00 00
  421. 6B D2 14
  422. 8B 45 F8
  423. 8A 8C 02 6E DF DB 00
  424. 51
  425. E8 84 00 00 00
  426. EB AF
  427. 90 90 90
  428.  
  429.  
  430. This fixes the palette, telling the game to display each
  431. command with Palette 1 (white)
  432.  
  433. Address at: 0x5CEC85 (0x1CE085)
  434.  
  435. Start edit at: 1CE08A
  436. 7D 52
  437. 8B 4D 08
  438. 81 E1 FF 00 00 00
  439. 6B C9 14
  440. 8B 55 F8
  441. 8B 45 F4
  442. 8B 75 F8
  443. 8A 8C 31 6E DF DB 00
  444. 88 4C 50 1A
  445. 33 D2
  446. 8B 55 F8
  447. 3B 55 FC
  448. 7D 0D
  449. 8B 55 F8
  450. 8B 45 F4
  451. C6 44 50 1B 01
  452. EB 0B
  453. 8B 55 F8
  454. 8B 45 F4
  455. C6 44 50 1B 00
  456. EB AD
  457. 90 90 90 90
  458. 90 90 90 90
  459. 90 90 90 90
  460. 90 90
  461.  
  462.  
  463. [Long Range enemy attacks]
  464.  
  465. Note: Short-Range flag required for short-range attacks if this enabled
  466.  
  467. It selectively blacklists the 20h command from receiving
  468. long-range consideration. Changing the command index checked to
  469. something out of range would be ideal:
  470.  
  471. [Subtract 400C00 for FF7.EXE address?]
  472. Address at 0x5DE704 (1DDB04):
  473.  
  474. 0x5DE704: 83 78 28 20 -> 83 78 28 50
  475.  
  476.  
  477. [Mega-All doesn't grant Slash-All]
  478.  
  479. Could be handy for using 2x-Cut with Mega-All.
  480.  
  481. Address at 0x5CD049 (0x1CC449): change 74 to E9
  482. [CAUSED CRASH WHEN LOADING SAVE]
  483. Update: Another source claims: it's EB not E9
  484.  
  485.  
  486. [Tent Adjustment - NFITC1]
  487.  
  488. Tents heal for 10,000HP and MP by default, capped by MaxHP/MP.
  489.  
  490. Function at 0x6CBA6A (2CAD76)
  491.  
  492. Code: [Select]
  493. 0x003164B5 : 68 10 27 00 00 --for HP
  494. 0x003164C6 : 68 10 27 00 00 --for MP
  495.  
  496. These translate into "PUSH 10000" which is in big-endian format.
  497. Changing it to, say:
  498.  
  499. Code: [Select]
  500. 0x003164B5 : 68 88 13 00 00 --for HP
  501. 0x003164C6 : 68 F4 01 00 00 --for MP
  502.  
  503. Would restrict tents to heal no more than 5000 HP and 500 MP.
  504. So the value you push will limit the healing it will do. I'm not
  505. going to go into how to do this. It requires a hex editor and an
  506. understanding of endianness.
  507.  
  508. That's the SIMPLE way to do it. If you wanted to get REALLY complicated
  509. you could re-write the whole tent function (or redirect it) to do
  510. something different. The function's range is between 0x717010 and
  511. 0x717123.
  512.  
  513.  
  514. [Slot 1 Commands like Slash-All get their own slot]
  515.  
  516. These edits will make them no longer override the top slot.
  517.  
  518. Slash-All: 0x1CE2FD: FD -> C1
  519. 2x-Cut: 0x1CE30A: F0 -> B4
  520. Flash: 0x1CE317: E3 -> A7
  521. 4x-Cut: 0x1CE324: D6 -> 9A
  522.  
  523. But they still override each other in their new slots, but at least
  524. Attack is left alone.
  525.  
  526.  
  527. [Materia Master Disabled]
  528.  
  529. 1. Disable the Weapon AP materia birth sub call:
  530. Change 0X005CAF12 (0x001CA312) from
  531. E8 68 12 10 00 83 C4 04
  532. to
  533. EB 06 90 90 90 90 90 90
  534.  
  535. 2. Disable the Armor AP materia birth sub call:
  536. Change 0x005CB0C5 (0x001CA4C5) from
  537. E8 B5 10 10 00 83 C4 04
  538. to
  539. EB 06 90 90 90 90 90 90
  540.  
  541.  
  542. [Item Menu Modification]
  543. [Values are slightly off]
  544. Power: 0x315F31; default 1
  545. Guard: 0x315F80; default 1
  546. Magic: 0x315FD0; default 1
  547. Mind: 0x31601F; default 1
  548. Speed: 0x31606E; default 1
  549. Luck: 0x3160BB; default 1
  550. [Correct values when game is running]
  551. 716B30 #str
  552. 716B7E #vit
  553. 716BCE #mag
  554. 716C1E #spr
  555. 716C6C #spd
  556. 716CB9 #lck
  557. Potion (amount of HP to restore): 0x316184 ; default 64h, limit FFh
  558. Hi-Potion (amount of HP to restore): 0x316212 ; default 1F4h, stored as word, limit 7FFFh (overflow could result otherwise)
  559. Ether (amount of MP to restore): 0x3162A3 ; default 64h, limit FFh
  560. Turbo Ether (amount of MP to restore): 0x316331 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  561. Phoenix Down (amount of HP to restore): 0x3163C8 ; default 2, power of two to divide MHP by (eg. MHP / 2^[X] ), technically a bit-shift right, more below
  562. Tent (amount of HP to restore): 0x3164B6 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  563. Tent (amount of MP to restore): 0x3164C7 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  564. X-Potion (amount of HP to restore): 0x316570 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  565. Elixir (amount of HP to restore): 0x316613 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  566. Elixir (amount of MP to restore): 0x316627 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  567. Megalixir (amount of HP to restore): 0x316715 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  568. Megalixir (amount of MP to restore): 0x316726 ; default 2710h, stored as word, limit 7FFFh (overflow could result otherwise)
  569.  
  570.  
  571. {Menu potion, hi-potion, x-potion, ether, turbo ether to 25, 100, 1000, 10, 100
  572. 00716D83 = 6A 19
  573. 00716E11 = 6A 64 90 90 90
  574. 0071716F = 68 E8 03 00 00
  575. 00716EA2 = 6A 0A
  576. 00716F30 = 6A 64
  577.  
  578. {menu HP, MP
  579. #6CBA6A
  580. #6cbbbf
  581.  
  582.  
  583. [Potential Sense Fix]
  584.  
  585. The HP requirement for Sense is at offset 0x1C9515. Easy to find in a hex-editor
  586. and with proper testing. I just searched for 75 30 (= 30000 ; and I know the
  587. bytes are reversed in a hex editor).
  588.  
  589. 65,535 is the max here through Hex.
  590.  
  591.  
  592. [Cait Sith & Vincent's Initial Data]
  593.  
  594. Cait Sith's is at offset 0x520c10 (120010, while Vincent's is at
  595. offset 0x520c94 (120094).
  596.  
  597. If you want to edit them (to alter their starting stats, equipment, materia, ...), you can use the Wiki Savemap, "Table 2 : Character Record" section.
  598.  
  599. Some addresses :
  600.  
  601. Cait Sith's Level : 0x520c11 (120011) (1 byte)
  602. Cait Sith's CurrentHP : 0x520c3c (12003C) (2 bytes)
  603. Cait Sith's Base HP : 0x520c3e (12003E) (2 bytes)
  604. Cait Sith's Current MP : 0x520c40 (120040) (2 bytes)
  605. Cait Sith's Base MP : 0x520c42 (120042) (2 bytes)
  606. Cait Sith's stats* : 0x520c12 (120012) (1 byte each)
  607. Cait Sith's weapon : 0x520c2c (12002C) (1 byte)
  608. Cait Sith's armor : 0x520c2d (12002D) (1 byte)
  609. Cait Sith's accessory : 0x520c2e (12002E) (1 byte)
  610. Materia on his weapon : 0x520c50 (120050) (4 bytes for each materia slot -
  611. first byte is the materia ID, and
  612. the next 3 bytes are its AP)
  613. Materia on his armor : 0x520c70 (120070)
  614.  
  615. Vincent's Level : 0x520c95 (120095) (1 byte)
  616. Vincent's CurrentHP : 0x520cc0 (1200C0) (2 bytes)
  617. Vincent's Base HP : 0x520cc2 (1200C2) (2 bytes)
  618. Vincent's Current MP : 0x520cc4 (1200C4) (2 bytes)
  619. Vincent's Base MP : 0x520cc6 1200C6) (2 bytes)
  620. Vincent's stats* : 0x520c96 (120096) (1 byte each)
  621. Vincent's weapon : 0x520cb0 (1200B0) (1 byte)
  622. Vincent's armor : 0x520cb1 (1200B1) (1 byte)
  623. Vincent's accessory : 0x520cb2 (1200B2) (1 byte)
  624. Materia on his weapon : 0x520cd4 (1200D4) (4 bytes for each materia slot -
  625. first byte is the materia ID, and
  626. the next 3 bytes are its AP)
  627. Materia on his armor : 0x520cf4 (120000)
  628.  
  629. * Stats are listed in this order : strength, vitality, magic, spirit, dexterity, luck.
  630.  
  631.  
  632. [Master Fist: Damage Modifier Locations]
  633.  
  634. At 0x5DFB93 (0x1DEF93 in the exe) there is the dword that contains statuses
  635. that will increase the multiplier by 1. The original value of this is 0400029Ah.
  636.  
  637. At 0x5DFBAE (0x1DEFAE in the exe) there is the dword that contains statuses
  638. that will increase the multiplier by 2. The original value of this is 00202000h
  639.  
  640. -) Additional: Damage Calcs/Modifiers in general, migrating effects:
  641. I am now 100% convinced (because I see the code now) that those "not used"
  642. special effects are used by the AX damage functions. I won't bother spelling
  643. the code out, but the "Special Effect" value gets set depending on what the
  644. Damage calculation value is:
  645.  
  646. calc effect
  647. A0 -> 0A
  648. A1 -> 0B
  649. A2 -> 0C
  650. A3 -> 0D
  651. A4 -> 1E
  652. A5 -> 1F
  653. A6 -> 20
  654. A7 -> 21
  655. A8 -> 22
  656. A9 -> 0
  657. AA -> 0
  658. AB -> 0
  659.  
  660. So this brings two exciting revelations.
  661. 1. Regular attacks can "safely" be given some of these multipliers so certain
  662. enemies can be more powerful with more MP or HP or so.
  663. (Already done through PC, I believe)
  664.  
  665. 2. A9 - AB can be assigned (via exe editing) one of the other special effects
  666. to add more variety to the attacks.
  667. (This is interesting, could create new damage formulas; needs the exe patch).
  668.  
  669. Guesses:
  670. 5DFB93: Master Fist
  671.  
  672. 5DFBEE: Powersoul Formula (can adjust modifiers at least for damage)
  673. Confirmed; triggers Breakpoint
  674.  
  675. 5DFC52: Does not trigger Breakpoint when Yoshiyuki is used
  676.  
  677. 5DFD5B: Does not trigger Breakpoint when Ultima Weapon is used
  678.  
  679. 5DFDC0:
  680.  
  681.  
  682. \\Menu Module Positions & SP Box//
  683.  
  684. Main Menu: 6A9EA (roughly)
  685.  
  686. SP String Code
  687. 6CAB19 = 6A 68 #push 68 (Y draw for gil/time box)
  688.  
  689. 6CA9C8 = C745F43A010000 #mov [ebp-0C],0000013A (Y coord for gil/time box)
  690.  
  691. 6CAB11 = E9 EA912400 #jmp 00913D00
  692.  
  693. 913D00 = E8 FE1DDEFF #call 006F5B03
  694. 68 CDCC4C3E #push 3E4CCCCD
  695. 6A 07 #push 07
  696. 68 00001509 #push 0915000 (Pointer for Text 'SP': 30 33 FF)
  697. 8D 4D F4 #mov ecx,[ebp-0C]
  698. 83 C1 46 #add ecx,46 (X coord)
  699. 51 #push ecx
  700. 8B 55 FC #mov edx,[ebp-04]
  701. 83 C2 06 #add edx,06 (Y coord)
  702. 52 #push edx
  703. E8 DF1DDEFF #call 006F5B03
  704. 83 C4 14 #add esp,14
  705. e9 EA6DDBFF #jmp 006CAB16
  706.  
  707. 915000 = 33 30 FF #Pointer address for string: 'SP'
  708.  
  709.  
  710.  
  711.  
  712.  
  713. Main Menu Avatar's X Axis
  714. 006CAC20
  715.  
  716. Main Menu Avatar's Y Axis
  717. 006CAC16
  718.  
  719. Main Menu The Word Limit Level X Axis
  720. 006CADF8
  721.  
  722. Main Menu The Word Limit Level Y Axis
  723. 006CADF1
  724.  
  725. Main Menu Limit Level Number X Axis
  726. 006CAE3A
  727.  
  728. Main Menu Limit Level Number Y Axis
  729. 006CAE33
  730.  
  731. Main Menu Limit Level Bar outside X Axis
  732. 006CADAE
  733.  
  734. Main Menu Limit Level Bar outside Y Axis
  735. 006CADA7
  736.  
  737. Main Menu Limit Level Bar inside X Axis
  738. 006CAD51
  739.  
  740. Main Menu Limit Level Bar inside Y Axis
  741. 006CAD4A
  742.  
  743. Main Menu The Word Next Level X Axis
  744. 006CADD3
  745.  
  746. Main Menu The Word Next Level Y Axis
  747. 006CADCC
  748.  
  749. Main Menu Next Level Bar outside X Axis
  750. 006CAD80
  751.  
  752. Main Menu Next Level Bar outside Y Axis
  753. 006CAD79
  754.  
  755. Main Menu Next Level Bar inside X Axis
  756. 006CAC60
  757.  
  758. Main Menu Next Level Bar inside Y Axis
  759. 006CAC59
  760.  
  761. Main Menu The Word HP X Axis Ish
  762. 006C64C4
  763.  
  764. Main Menu The Word HP Y Axis
  765. 006C64CF
  766.  
  767. Main Menu HP Bar X Axis
  768. 006C62C0
  769.  
  770. Main Menu = HP Bar Y Axis
  771. 006C62CA
  772.  
  773. Main Menu HP Bar Length
  774. 006C62D1
  775.  
  776. Main Menu HP Bar Width
  777. 006C62D7
  778.  
  779. Main Menu Max HP X Axis
  780. 006C6551
  781.  
  782. Main Menu Max HP Y Axis
  783. 006C654A
  784.  
  785. Main Menu Current HP X Axis
  786. 006C6516
  787.  
  788. Main Menu Current HP Y Axis
  789. 006C650F
  790.  
  791. Main Menu HP / Symbol X Axis
  792. 006C6646
  793.  
  794. Main Menu HP / Symbol Y Axis
  795. 006C663F
  796.  
  797. Main Menu The Word MP X Axis Ish
  798. 006C6563
  799.  
  800. Main Menu The Word MP Y Axis
  801. 006C656E
  802.  
  803. Main Menu MP Bar X Axis
  804. 006C6336/006C6339
  805.  
  806. Main Menu MP Bar Y Axis
  807. 006C6340/006C6343
  808.  
  809. Main Menu MP Bar Length
  810. 006C634A
  811.  
  812. Main Menu MP Bar Width
  813. 006C6350
  814.  
  815. Main Menu Max MP Y Axis
  816. 006C65E9
  817.  
  818. Main Menu Max MP X Axis
  819. 006C65F0
  820.  
  821. Main Menu Current MP Y Axis
  822. 006C65AE
  823.  
  824. Main Menu Current MP X Axis
  825. 006C65B5
  826.  
  827. Main Menu MP / Symbol X Axis
  828. 006C661B
  829.  
  830. Main Menu MP / Symbol Y Axis
  831. 006C6614
  832.  
  833. Main Menu Max MP Colour
  834. 006C65CF
  835.  
  836. Main Menu Word MP Colour
  837. 006C6561
  838.  
  839. Main Menu Level Number X Axis
  840. 006C64B2
  841.  
  842. Main Menu Level Number Y Axis
  843. 006C64AB
  844.  
  845. Main Menu The Word LV X Axis Ish
  846. 006C646B
  847.  
  848. Main Menu The Word LV Y Axis
  849. 006C6476
  850.  
  851. Main Menu LV/HP/MP Letter Spacing
  852. 006F6375
  853.  
  854. Main Menu character stats X
  855. 006CABFB
  856.  
  857. Main Menu Character Stats Y
  858. 006CABF4
  859.  
  860. !Affects Main Menu!
  861. Status Character 'LV' X/Y
  862. 6C6473
  863.  
  864. Status Character Level Value X/Y
  865. 6C64AB
  866.  
  867. Status Character 'HP'
  868. 6C64C2
  869.  
  870. Status Character 'MP'
  871. 6C6561
  872.  
  873. Status Character '/'
  874. 6C6614
  875.  
  876. (standalone, doesn't affect main)
  877. Status Character Avatar
  878. 7037E8
  879.  
  880. Status Character Command Box Snapshot
  881. 703B17
  882.  
  883. Status Character Materia Snapshot
  884. 703B29
  885.  
  886. Status Character Stats (whole thing)
  887. 703B3B
  888.  
  889. Status Character Gauges, EXP, etc.
  890. 7056C7, 705657 (around that area)
  891.  
  892. Status Menu
  893. 704E1D: Parameters of stats
  894.  
  895.  
  896. 007078BF is the Equip Window's stat list.
  897. What a pain in the ass.. those strings are written in like 15 places
  898. like the entire string table
  899.  
  900. 707903: Number of arrows drawn
  901. 707910: Symbol of arrow
  902. 707924: X of arrows
  903.  
  904.  
  905. Materia Menu Findings
  906. Starts 709EB6
  907. Savemap itself: DBFD34
  908. Materia starts from: DC04B4
  909. Member Slot: DD1638
  910. Party Member ID: DD163C
  911. 70E2CB is where Arrange functions..hm
  912. 70DC80 is where it equips materia.. that's a key point
  913. 70ADBC is definitely where it populates the materia list.. somewhere right after that.
  914.  
  915. 70ADBC: Offset that accesses the list, sticks a copy in DD12B0 ended with FF
  916. 709FBB: Calls 5CB2CC, bunch of savemap reads for party member 1 (DC0230)
  917.  
  918. Address Module Disassembly Hi Summary
  919. ------------------------------------------------------------------------------------------------------------------------------
  920. 0067DDC6 ff7.exe mov edx,dword ptr ss:[ebp-AC34] 15 Equipped Before This Point
  921. 006803DA ff7.exe add byte ptr ds:[eax],al 0 Entry to Menu 2 Pointer Storage
  922. 006C545B ff7.exe push ebp 3 Materia Equip
  923. 006C546E ff7.exe cmp ecx,FF 3 Equip Check
  924. 006C5622 ff7.exe cmp dword ptr ss:[ebp-20],4 4 Equip Check - When True, Jump to Equip
  925. 006CB8D5 ff7.exe ret 1 Equip Return 6CDBBD Two
  926. 006CC73A ff7.exe call <ff7.sub_6CC9D3> 1 Equip Call
  927. 006CC9D2 ff7.exe ret 0 Equip Return - 67DD90 Final
  928. 006CC9D3 ff7.exe push ebp 4 Equip Jump
  929. 006CDBC3 ff7.exe ret 4 Equip Return 6CC73A Three
  930. 006F5B03 ff7.exe push ebp 0 Menu Function
  931. 006F5B05 ff7.exe in al,dx 0 Access Violation
  932. 006F5B17 ff7.exe cmp dword ptr ss:[ebp+10],0 0 Equip String holder '%QUIPS"
  933. 00709EB6 ff7.exe push ebp 0 Build Materia List
  934. 00709F37 ff7.exe push A 0 Materia List Size
  935. 00709F38 ff7.exe or ch,byte ptr ds:[edx+1] 0 Materia Menu List
  936. 0070ADBC ff7.exe cmp dword ptr ds:[ecx*4+DC04B4],FFFFFFFF 0 Move Cursor to Materia List and Populate
  937. 0070AE09 ff7.exe mov eax,dword ptr ds:[DD1364] 0 Cursor
  938. 0070CC23 ff7.exe cmp dword ptr ds:[920FA0],8 0 Arrange Button
  939. 0070CFCC ff7.exe call <ff7.sub_70AC24> 0 Calls Materia List and mouse position
  940. 0070D1ED ff7.exe cmp dword ptr ds:[DD12BC],0 0 Check/Arrange (No Materia Selected)
  941. 0070DC80 ff7.exe mov eax,dword ptr ds:[eax*4+DC04B4] 0 Equipping Materia
  942. 0070DCAB ff7.exe jmp ff7.70DD1D 4 Jump to put on Materia
  943. 0070DD24 ff7.exe call <ff7.sub_6C545B> 0 Materia Equip Function Jump
  944. 0070E213 ff7.exe ret 1 Equip Return 6CB872 One
  945. 0070E2CB ff7.exe push ff7.DC04B4 0 Arrange
  946. 0076216F ff7.exe mov eax,dword ptr ds:[E3A7D0] 0 Entry point Menu
  947. 00DC04B3 ff7.exe push dword ptr ds:[ecx] 0 Materia List Start
  948. 00DC04B4 ff7.exe xor dword ptr ds:[edi+75310004],edx 0 Materia List Start
  949.  
  950.  
  951.  
  952. WIP Materia Restriction
  953.  
  954. 0070AE21 | 89 0D B0 12 DD 00 | mov dword ptr ds:[DD12B0],ecx |
  955. After this point, the Materia ID and the Character ID are known
  956.  
  957. DD12B0 - Pointer to Materia ID
  958. DD163C - Pointer to Character ID
  959. 400E1C - Debug flag 60
  960. 400E1F - Debug flag E0
  961. D14900 - Debug area
  962. D14901 - Color Enable/Disable
  963.  
  964. // Old Data
  965. 0070C7BA | 83 3C 95 B4 04 DC 00 FF | cmp dword ptr ds:[edx*4+DC04B4],FFFFFFF | Check Materia List Validity
  966. 0070C7C2 | 74 57 | je ff7.70C81B |
  967. 0070C7C4 | 68 CD CC 4C 3E | push 3E4CCCCD |
  968. 0070C7C9 | 6A 07 | push 7 | ***** Materia Text Color
  969.  
  970. // New Data
  971. 0070C7BA | E9 49 81 60 00 | jmp ff7.D14908 | Check Materia List Validity
  972. 0070C7BF | 90 | nop |
  973. 0070C7C0 | 90 | nop |
  974. 0070C7C1 | 90 | nop |
  975. 0070C7C2 | 90 | nop |
  976. 0070C7C3 | 90 | nop |
  977. 0070C7C4 | 90 | nop |
  978. 0070C7C5 | 90 | nop |
  979. 0070C7C6 | 90 | nop |
  980. 0070C7C7 | 90 | nop |
  981. 0070C7C8 | 90 | nop |
  982. 0070C7C9 | 90 | nop | ***** Materia Text Color
  983. 0070C7CA | 90 | nop |
  984.  
  985. // Debug Data
  986. 00D14900 | 90 | nop | Debug Area - Real
  987. 00D14901 | 90 | nop |
  988. 00D14902 | 90 | nop |
  989. 00D14903 | 90 | nop |
  990. 00D14904 | 90 | nop |
  991. 00D14905 | 90 | nop |
  992. 00D14906 | 90 | nop |
  993. 00D14907 | 90 | nop |
  994. 00D14908 | 81 3C 95 B4 04 DC 00 FF | cmp dword ptr ds:[edx*4+DC04B4],FFFFFFF |
  995. 00D14913 | 0F 84 02 7F 9F FF | je ff7.70C81B |
  996. 00D14919 | 68 CD CC 4C 3E | push 3E4CCCCD |
  997. 00D1491E | 80 3C 95 B4 04 DC 00 31 | cmp byte ptr ds:[edx*4+DC04B4],31 | Is it fire Materia? Disable
  998. 00D14926 | 75 07 | jne ff7.D1492F |
  999. 00D14928 | 6A 00 | push 0 |
  1000. 00D1492A | E9 90 7E 9F FF | jmp ff7.70C7BF |
  1001. 00D1492F | 6A 07 | push 7 |
  1002. 00D14931 | E9 89 7E 9F FF | jmp ff7.70C7BF |
  1003.  
  1004. // Old Data
  1005. 0070DC3B | 8B 15 3C 16 DD 00 | mov edx,dword ptr ds:[DD163C] |
  1006.  
  1007. // New Data
  1008. 0070DC2A | E9 D9 6C 60 00 | jmp ff7.D14908 |
  1009. 0070DC2F | 90 | nop |
  1010.  
  1011. // Debug Data
  1012. 00D14938 | 80 3D B0 12 DD 00 31 | cmp byte ptr ds:[DD12B0],31 | 31:'1'
  1013. 00D1493F | 0F 84 EB 92 9F FF | je ff7.70DC30 |
  1014. 00D14945 | 8B 15 3C 16 DD 00 | mov edx,dword ptr ds:[DD163C] |
  1015. 00D1494B | E9 F0 92 9F FF | jmp ff7.70DC40 |
  1016.  
  1017.  
  1018. [Rollercoaster Propellor super-points issue]
  1019.  
  1020. This is for the xbin.bin from coaster.lgp; dunno if the .exe editor can get it.
  1021. DLPB got this one.
  1022.  
  1023. 10b84c=00
  1024. 10b8ac=00
  1025.  
  1026.  
  1027. [Snowboard Times issue]
  1028.  
  1029. Apparently the times were changed from NTSC Versions, so this corrects it.
  1030. For the regular .exe, DLPB.
  1031.  
  1032. 00524E70=20
  1033. 00524E71=CB
  1034. 00524E72=00
  1035. 00524E73=00
  1036. 00524E74=F0
  1037. 00524E75=D2
  1038. 00524E76=00
  1039. 00524E77=00
  1040. 00524E78=C0
  1041. 00524E79=DA
  1042. 00524E7A=00
  1043. 00524E7B=00
  1044. 00524E7C=60
  1045. 00524E7D=EA
  1046. 00524E7E=00
  1047. 00524E7F=00
  1048. 00524E80=E8
  1049. 00524E81=FD
  1050. 00524E82=00
  1051. 00524E83=00
  1052. 00524E84=E0
  1053. 00524E85=28
  1054. 00524E86=01
  1055. 00524E87=00
  1056. 00524E88=90
  1057. 00524E89=5F
  1058. 00524E8A=01
  1059. 00524E8B=00
  1060. 00524E8C=FF
  1061. 00524E8D=FF
  1062. 00524E8E=FF
  1063. 00524E8F=FF
  1064. 00524E90=D0
  1065. 00524E91=01
  1066. 00524E92=01
  1067. 00524E93=00
  1068. 00524E94=70
  1069. 00524E95=11
  1070. 00524E96=01
  1071. 00524E97=00
  1072. 00524E98=28
  1073. 00524E99=1D
  1074. 00524E9A=01
  1075. 00524E9B=00
  1076. 00524E9C=E0
  1077. 00524E9D=28
  1078. 00524E9E=01
  1079. 00524E9F=00
  1080. 00524EA0=80
  1081. 00524EA1=38
  1082. 00524EA2=01
  1083. 00524EA3=00
  1084. 00524EA4=A0
  1085. 00524EA5=86
  1086. 00524EA6=01
  1087. 00524EA7=00
  1088. 00524EA8=C0
  1089. 00524EA9=D4
  1090. 00524EAA=01
  1091. 00524EAB=00
  1092. 00524EAC=FF
  1093. 00524EAD=FF
  1094. 00524EAE=FF
  1095. 00524EAF=FF
  1096. 00524EB0=70
  1097. 00524EB1=11
  1098. 00524EB2=01
  1099. 00524EB3=00
  1100. 00524EB4=F8
  1101. 00524EB5=24
  1102. 00524EB6=01
  1103. 00524EB7=00
  1104. 00524EB8=80
  1105. 00524EB9=38
  1106. 00524EBA=01
  1107. 00524EBB=00
  1108. 00524EBC=08
  1109. 00524EBD=4C
  1110. 00524EBE=01
  1111. 00524EBF=00
  1112. 00524EC0=18
  1113. 00524EC1=73
  1114. 00524EC2=01
  1115. 00524EC3=00
  1116. 00524EC4=B0
  1117. 00524EC5=AD
  1118. 00524EC6=01
  1119. 00524EC7=00
  1120. 00524EC8=D0
  1121. 00524EC9=FB
  1122. 00524ECA=01
  1123. 00524ECB=00
  1124. 00524ECC=FF
  1125. 00524ECD=FF
  1126. 00524ECE=FF
  1127. 00524ECF=FF
  1128.  
  1129.  
  1130. [Kranmer's Trainer Dump]
  1131.  
  1132. Most are like GS codes, but you never know.
  1133.  
  1134. Full In-Game menu
  1135. 00DC08F8 = FF FF
  1136.  
  1137. No Random Battles
  1138. 00DBCAD9 = 0
  1139.  
  1140. Constant Random Battles
  1141. 00DBCAD9 = FF
  1142.  
  1143. Inf/Max Gil
  1144. 00DC08B4 = FF B4 34 7F
  1145.  
  1146. Set Game Played Time To 0
  1147. 00DC08B8 = 00 00
  1148. ----------------------------------------------------
  1149. TELEPORT/INSTANT BATTLE/RENAME/PHS/SHOP/IN-GAME MENU/MINI-GAME anywhere
  1150. 00CC0D89 =
  1151. 00 = Normal Field
  1152. 01 = Fade to black (use this for teleport plus the next 2 bytes)
  1153. 02 = Battle swirl (use this for instant battle plus the next 2 bytes)
  1154. 03 = UNKNOWN
  1155. 04 = Makes screen flash but somtimes plays movies
  1156. 05 = Plays Ending Movie and Credits
  1157. 06 = Rename Screen
  1158. 07 = PHS
  1159. 08 = Weapon Shop
  1160. 09 = In-Game Menu (use this to get out of shop or phs or rename screen)
  1161. 0A = UNKNOWN
  1162. 0B = UNKNOWN
  1163. 0C = MiniGame
  1164.  
  1165.  
  1166. You can find a list of teleport locations and values inside the zip which can be downloaded here
  1167. http://forums.qhimm.com/index.php?topic=10556.msg147396#msg147396
  1168. ----------------------------------------------------
  1169. Character slot 1
  1170. 00DC0230 =
  1171. 00 = Cloud
  1172. 01 = Barrett
  1173. 02 = Tifa
  1174. 03 = Aeris
  1175. 04 = Red XIII
  1176. 05 = Yuffie
  1177. 06 = Cait Sith
  1178. 07 = Vincent
  1179. 08 = Cid
  1180. 09 = Young Cloud (only while activated or if used before Kalm Flashback)
  1181. 0A = Sephiroth (only while activated or if used before Kalm Flashback)
  1182. FF = Blank
  1183.  
  1184. Character slot 2
  1185. 00DC0231 = SAME AS ABOVE
  1186.  
  1187. Character slot 3
  1188. 00DC0232 = SAME AS ABOVE
  1189. ----------------------------------------------------
  1190. Activate character instead of the following character (use this to replace different characters with sephiroth or young cloud)
  1191. Cloud
  1192. 00DBFD8C =
  1193.  
  1194. Barrett
  1195. 00DBFE10 =
  1196.  
  1197. Tifa
  1198. 00DBFE94 =
  1199.  
  1200. Aries
  1201. 00DBFF18 =
  1202.  
  1203. Red XIII
  1204. 00DBFF9C =
  1205.  
  1206. Yuffie
  1207. 00DC0020 =
  1208.  
  1209. Cait Sith
  1210. 00DC00A4 =
  1211.  
  1212. Vincent
  1213. 00DC0128 =
  1214.  
  1215. Cid
  1216. 00DC01AC =
  1217.  
  1218. 09 = Young Cloud
  1219. 0A = Sepiroth
  1220. ----------------------------------------------------
  1221. Sephiroth Instead of Vincent Code
  1222. Sephiroth In Slot3
  1223. 00DC0232 = 0A
  1224.  
  1225. Activate Sephiroth Instead of Vincent
  1226. 00DC0128 = 0A
  1227.  
  1228. Sephiroth's Name
  1229. 00DC0136 = 01 41 33 45 50 48 49 52 4F 54 48 FF
  1230. ----------------------------------------------------
  1231.  
  1232.  
  1233. \\\Misc-Dump: Data that'll likely be unused///
  1234.  
  1235.  
  1236.  
  1237. Functions Found\Hooked
  1238.  
  1239. IncreaseHP = 0x006CBA6A [DWORD formationIndex, WORD amount]
  1240. DecreaseHP = 0x006CB9D2 [DWORD formationIndex, DWORD amount]
  1241. IncreaseMP = 0x006CBBBF [DWORD formationIndex, WORD amount]
  1242. DecreaseMP = 0x006CBB27 [DWORD formationIndex, DWORD amount]
  1243. RestoreHPMP = 0x0061F793 [] // Full Heal Party
  1244.  
  1245. AddItems = 0x006CBFFA [DWORD item:amount]
  1246. RemoveItems = 0x006CBE5F [DWORD item:amount]
  1247.  
  1248. IncreaseGil = 0x006CBCB9 [DWORD amount]
  1249. DecreaseGil = 0x006CBC7C [DWORD amount]
  1250. GetCurrentGil = 0x006CBCE9 []
  1251.  
  1252. GetCharacterData = 0x006CB98E [DWORD formationIndex]
  1253. DebugOutput = 0x00664E30 [char* string]
  1254.  
  1255. IsMenuOpen = 0x0063BC9D []
  1256. CurrentMenu = 0x006C6AEE [DWORD menu]
  1257.  
  1258.  
  1259. Found WIP\Untested
  1260.  
  1261. ShowMessage = 0x00631586 [WORD unk1, WORD unk2]
  1262.  
  1263. SaveGame = 00720F6E [DWORD unk1:slot? filename?]
  1264. LoadGame = 007210BC [DWORD unk1:slot? filename?]
  1265.  
  1266. GetCharacterBySlot [Derive from GetCharacterData?]
  1267.  
  1268. GetItemCount = 0x006CBF57 [DWORD index] - Needs adjusted to return counts.
  1269.  
  1270. GetRandomBattleRate = 0x00767C55 []
  1271.  
  1272. Misc Addresses
  1273.  
  1274. Battle Timer Variable = 0x009AE17C // Times how long each battle took.
  1275.  
  1276. Turn Timer Variable = 0x009AE180 // Measures how long each battle participants
  1277. turn took. (Enemies, and allies.. This only accounts for the time the animations,
  1278. etc, take to play out, it doesn't count time spent in the menu's, etc,.)
  1279.  
  1280. Battle IsTargeting Variable = 0x009A8B08 // This is equal to 0, if you aren't
  1281. targeting something, 1 if you are. ie, if you select a command, and a target
  1282. icon appears, this will be equal to 1.
  1283.  
  1284. Battle Escape Variable = 0x009AAD06 // This is the counter that determines when
  1285. you escape, the longer you try, the larger this number gets, after it hits a
  1286. certain value, you escape. (This value will slowly decrease after you stop
  1287. trying to escape.)
  1288.  
  1289. Pressed Key Variable = 0x009A85D4 // Works with keys the game actually uses,
  1290. doesn't seem to register other keys. (This also responds to gamepad input.)
  1291.  
  1292. Menu Open Variable = 0x00CFFB8C // Equals 1 while the menu is open.
  1293. (Triangle menu.)