API tools faq
paste
Mgamerz

Untitled

Mgamerz
Dec 29th, 2016
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.41 KB | None | 0 0
raw download clone embed print report
  1. BN3 Notes
  2.  
  3. Rockcube bx to 080F8D1D.
  4.  
  5. Timestop chips call a loop that is passed in that activates the action of the actual chip. The timestop is just a wrapper. On the first frame r0 that is passed into the entry loop is 0. It appears that chips are meant to increment this after the first loop. This is for areagrab only.
  6.  
  7. Flameman Updates:
  8. 1. [DONE] Extra Candle State. It should raise his stats to a higher level and raise his AI to beta mode. Will need to figure out a way to store the original level value byte in memory to a safe space.
  9. 2. [DONE]Flames should not be stopped by holes
  10. 3. [NO] Widening Flames could shoot out the back center so its like a combo of the original 2. unsure how feasible this is. Maybe change how it works to something more exciting... like a snek
  11. 4. [DONE] Move the candles to the front row.
  12. 5. [DONE] Maybe make a fireratn or blackbomb or something. Fireman could trigger it.
  13. 6. [DONE] Random candle states. No more knowing whats coming.
  14. 7. [DONE]Make yellow flames track the player better.
  15.  
  16. FlashmanBeta Number of Chips in White(In AI Data): 080AE652
  17. FlashmanBeta Number of remaining usable chips (in memory): 0x0A off self pointer (0203735E)
  18.  
  19.  
  20.  
  21. Your HP: 02037294
  22. 02037270
  23. Player Pending Damage: 020371FE
  24. Return to 080ad83e
  25.  
  26. 08000B08 - Writes to bottom left panel (bne)
  27.  
  28. 0200F48F = BOTTOM LEFT PANEL TYPE
  29.  
  30. 0200A818 = Current Time stop chip timer until start (when starting timestop)
  31.  
  32. Find coordinates through ram searching.
  33. See what is checking our coordinates. Manipulate AIs by moving into where the check would change results (in line of canodumb). This tells you tahts what is calling it.
  34. Edit whats reading. does it affect everything? where its in the rom? lower is more specific.
  35. Pop the r14 stack to go back to the bl routine and bne branch on result of that function.
  36. Remove the BNE and BL by manulaly just setting the register its going to read to always return what we want.
  37.  
  38. Spawn Loc 020389B0 it seems.
  39. Branches to 0801455A to a mov r2, #0x28
  40. 080B0B08(W) mov r0, #0x8 => change to 4 and you don't flinch
  41.  
  42. Y coordinate of megaman: 02037229
  43. Y coordinate of megaman (2): 02037283
  44.  
  45. Canodumb Tracker X value:
  46. 020371a8
  47. 020389b2
  48. Possible 02005C68 (countdown on projectile as well)
  49.  
  50.  
  51. 0x080013DC sub r0, r0, r1 is part of the "Check if in row" routine.
  52.  
  53.  
  54. Canodumb is writing the X value on spawn of tracker at 080D8EE0 (StoreByte).
  55.  
  56. Returns to 0800309E, POP.
  57.  
  58. 10010
  59. 100000
  60. Flashman Beta has 3 areagrabs he can use.
  61. The counter for a single one is stored at 0203735E(W)
  62. White version areagrab count routine subtract: 080B6734 sub r0, #0x1
  63.  
  64. When bulb finishes an addr checks your X coordinate, returns to 080B6755
  65.  
  66. Blinking bit stored at 080ADA7A
  67.  
  68. seesm to return to 080B6755
  69.  
  70. At start of the r5 block there is a bitmask bit.
  71. When metalman loads the initial bitmask is 0x19
  72. 00011001
  73. Then continues same frame to 0x11
  74. 00010001
  75. And then the next time is 0x13
  76. 00010011
  77. Then again to 0x11 (clear bit 2 at 080ADD2A)
  78. 00010001
  79.  
  80. nop at 080ADA66
  81.  
  82. 020371E5
  83.  
  84.  
  85. Flashman checks at 080B6754 for your current column number. If iti s 1, he will continue to see if he can use areagrab.
  86.  
  87. Comparison fix at 080B6762 set to 0x0.
  88.  
  89.  
  90. Flag that says if we are in time stop: 02006cb6
  91.  
  92. FLASHMAN CHIP INFO?
  93. 080B6726(W) (mov r0)
  94.  
  95. Patch at addr 080B672A
  96.  
  97. Vs Gutsman Beta
  98. Seems next attack data may be stored in 0203734D-E. Seems to change as he changes moves and this value appears read by his routines...
  99.  
  100. Byte 1 = Current Action
  101. Byte 2 = Movement Indicator ACtion
  102.  
  103. Gutsman: 18 =
  104. Gutsman: 1C = Dead
  105. Gutsman: 20 = Flinch
  106. Gutsman: 24 = ??? (Idle or Move)
  107. Gutsman: 28 = Moving Frame
  108. Gutsman: 2C = Shockwave
  109. Gutsman: 30 = Panel Slam
  110. Gutsman: 34 = 1sq punch
  111. Gutsman: 38 = Flying punch
  112. Gutsman: 3C = Use chip, become invis
  113. Gustman: 40 = Use Areagrab Chip
  114.  
  115. Flashman 04 = Move instantly
  116. Flashman 24 = Move
  117. Flashman 2A = Very Tiny teleporiting frame (1 pizel wide)
  118. Flashman 2C = TeleportingFrame
  119. Flashman 30 = Zapping - bit after = 8 means starting, C means... end?
  120. Flashman 34 = Pull shoulder bulb and do tracer
  121. Flashman 38 = Do AreaGrab
  122.  
  123. Flameman = 28 - 0C Idle
  124.  
  125.  
  126. When calling 3C, it seems that everything is offset from register 6 which passed through multiple subroutines.
  127. 020373B4
  128.  
  129. Top i checked is 080b7a4a
  130.  
  131.  
  132. HP of gutsman: [02037368]?
  133. Gutsman right shifts his max HP at 080B7DCE, which cuts it in half.
  134. If HP is > half, get random number and and it with 7 (111). Use the result as an offset from 080B7E10, which is 08 and 14's.
  135.  
  136. Gutsman checks for a value of 0xA to determine ifhe should do the jump around move. instruction is at 080b7de8
  137.  
  138. Gutsman, once reaching half HP, will track how many moves/attacks he has made. Once he hits 0xA moves, he will set his move count to 0xFF.
  139.  
  140. Current Y Coordinate
  141. 020371E8
  142. 02037356
  143.  
  144. Gutsmans right before areagrab loads 080B7A49 to the branch where he would call the chip
  145.  
  146. Gutsmans Chip Usage: 080B8588
  147.  
  148. Gutsman next action ASM: 080AD76Eish (above bx r7, off r5)
  149.  
  150. X Coordinate of WHERE WE ARE GOING:
  151. 02037358
  152. 020373B8
  153.  
  154. METALMANNNNN
  155. Reads gear speed at 080BD678
  156.  
  157. Remaining time for your extra panels:
  158. canidates
  159.  
  160. 020350a4
  161. 02038de4
  162.  
  163. It seems panel columns have their own expiration timer.
  164. 2 rows of interest: 0200F7a0/b0 - 03 means not counting down ti seems... 02 means counting down, not sure if 01 or 00 does anything.
  165.  
  166. Start of one set: 0200F7A4
  167. Start of second set: 0200F7B0
  168. 2 byte timer 1 byte counter state (should be updated automatically for us...) 1 byte seeminly unused (or part of counter state)
  169.  
  170. Flameman:
  171. r6 - 0x4 = NextPositionX
  172. r6 - 0x5 = NextPositionY
  173. r6 - 0x6 = NextMoveDelay
  174. r6 - 0x7 = Move Counter
  175. r6 - 0x8 = ???? (0'd on move)
  176. r6 - 0x9 = NextAction
  177. r6 - 0xA = ???? (0'd on move)
  178.  
  179. Flametower levels:
  180. 0 = Straight
  181.  
  182.  
  183. Candle Timer
  184. 020389C0 If forced to 1 candles always activate
  185.  
  186. Candle Routine
  187. 0x60 off r5 is tested for bits. It's a pointer to a memory address.
  188.  
  189. 020373A4 r5+60h - Pointer to some sort of memory.
  190. 020373A8 r5+64h - Pointer to some sort of memory.
  191.  
  192. Bitmasks
  193. 1 = Invincibility
  194. 2 = Healing
  195. 4 = Orange dudes
  196.  
  197. 080E310C
  198.  
  199. FLAMEMAN HOOK AT 080E2CDE (timer is being reset, so candle has gone out.)
  200. CurrentCandleEffect Set at 080E2CA6 (Activate)
  201. 080E2C12 (Deactivate?)
  202.  
  203. Flameman Flames:
  204. 32-Bit Attack Pattern somehow.
  205. 0: lowest bit is 0 = striaght flames, lowest bit is 1 = pattern flames(Lowest Bits)
  206. 1:
  207. 2:
  208. 3: (Highest Bits)
  209.  
  210. 0000 = 0 = Straight
  211. 0001 = 1 = WideFlame (both ways)
  212. 0010 = 2 = Wideflame (up only4)
  213. 0011 = 3 = Wideflame (down only)
  214. 0100 = 4 = Wideflame Down 2 only
  215.  
  216. AddHPRoutine: Less than 7 in r0
  217.  
  218. 080C1C72 PlantmanPostSpawnConstants
  219.  
  220. r5 in AI routines is typically "self"
  221. 0x0 - Bitmask containing multiple values, e.g. paused, flickering, invisible... Not sure what the bitmask values are yet.
  222. 0x2 - Some value (lower 4 bits dropped by flameman)
  223. 0x4 - AI Level (0 being normal, 3 being omega)
  224. 0x5 - Invincibility Bit (1 = invincible)?
  225. 0x6 - Seems to be some timer value (flameman), position value (plantman)...
  226. 0x7 - Plantman Vine Spawn Position Y (1 byte)... not sure for other navis
  227. 0x8 - Set to 0 to make 'fade in' animation [Byte]
  228. 0x9 - ???? [byte] (Sprite Appear/Disappear?)
  229. 0xA - Current Action (Used as an array index offset, so it will always be a multiple of 4)
  230. 0xB - Movement Animation... something. Always in values of 4 it seems...
  231. 0x10 - ???? (Byte)
  232. 0x12 - Current X Position (1=left)
  233. 0x13 - Current Y Position (1=top)
  234. 0x14 - ???? (Byte)
  235. 0x15 - ???? (Byte)
  236. 0x16 - ???? (Byte) (Read and then -1'd)
  237. 0x1E- ???? Byte
  238. 0x20 - Timer Value 1 (can be used by multiple things)
  239. 0x22 - ???? (2 bytes)
  240. 0x24 - Current HP (2 bytes)
  241. 0x26 - Max HP (2 bytes)
  242. 0x2C - Impact Damage? (2 bytes)
  243. 0x2E - Unknown (2 bytes) - Appears to possibly be a bitmask. Flameman tests if this value has any bits from 20A in it and other areas bic and orr on it (many as 0x20)
  244. 0x30 - Unknown (2 bytes) - Set by plantman AI in PostNeedleSpawn
  245. 0x50 - Unknown (4 bytes) (Pointer)
  246. 0x60 - Pointer to memory elsewhere. (4 bytes)
  247. 0x68 - Pointer to memory elsewhere. (4 bytes)
  248. 0x6C - Pointer to memory elsewhere. Seems to maybe be a pointer to an object owned by this AI
  249. 0x8C - Pointer to AI's hardcoded constants in ROM. See Hart-Hunt's list for what each offset does for each enemy.
  250.  
  251. Panel Info:
  252. 4 bytes
  253. 0x1000 bitmask = lava
  254.  
  255. Blank 80010032 10000000 00000001 00000000 00110010
  256. Cracked 00010073 00000000 00000001 00000000 01110011
  257. Sand 0001023A 00000000 00000001 00000010 00111010
  258. Metal 00030035 00000000 00000011 00000000 00110101
  259. Grass 00010436 00000000 00000001 00000100 00110110
  260.  
  261. LAVA 00000000 00000000 00010000 00000000
  262.  
  263.  
  264. 1 = 1
  265. 10 = 2
  266. 100 = 4
  267.  
  268. 2 1 = Broken Bitmask 10
  269. 4 2 = Normal
  270. 8 3 = Cracked
  271. 10 4 = Poison
  272. 20 5 = Metal
  273. 40 6 = Grass
  274. 80 7 = Ice
  275. 100 8 = Lava
  276. 200 9 = Holy
  277. 400 A = Sand
  278.  
  279. 0200f5a0
  280.  
  281. Lava = 1000h Bitmask
  282. Grass = 400h (Most Likey)
  283.  
  284. Flameman Yellow Guy Actions
  285. 0 = Not Exist
  286. 4 = Fading Out
  287. 8 = Preparing To Spawn
  288.  
  289. BN3 WHITE AI VALUES
  290.  
  291. Gutsman Beta:
  292. 080AE6A0 (to 0x7)
  293.  
  294. Metalman Beta:
  295. 080AE83E (to 0x6)
  296.  
  297. FlameMan
  298. 080E2F84
  299.  
  300. Mgamerz MMBN3 Hard Mode Patch
  301.  
  302. Mettaur:
  303. Damage 10 -> 15
  304. Movement Speed Increased
  305. Time until attack slightly nerfed (otherwise too many shockwaves could happen on screen at once)
  306.  
  307. Mettaur2:
  308. Damage 40 -> 55
  309. Movement speed increased
  310.  
  311. Canodumb Series: Constant scan rather than row lineup.
  312. Patched in blue at addr 080BADA2 - 080BADA4 (remove bl and branch, set r0 to 0 and then tst r0, r0 to force return true.)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!