• Welcome to Smashboards, the world's largest Super Smash Brothers community! Over 250,000 Smash Bros. fans from around the world have come to discuss these great games in over 19 million posts!

    You are currently viewing our boards as a visitor. Click here to sign up right now and start on your path in the Smash community!

Melee Gecko Codes + Guide and Discussion

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
Would it be possible to make a code to make Fox/Falco a specific color (like the color overlays in 20XX) during their up B charging? It looks really weird to have them be yellow if the firefox flames are like blue or something lol
 
Last edited:

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
Whenever I run dolphin in debug mode, when I start a game it just gives me a black screen and says invalid callstack. Any ideas?
 

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
.....what did I just find....
I don't ever remember seeing red metal in the game.

RedMetal.PNG



Whenever I run dolphin in debug mode, when I start a game it just gives me a black screen and says invalid callstack. Any ideas?
Are you trying to run a regular Dolphin version or the DebugFast version? Try disabling codes.
 

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
.....what did I just find....
I don't ever remember seeing red metal in the game.

View attachment 41970



Are you trying to run a regular Dolphin version or the DebugFast version? Try disabling codes.
1. That looks amazing.

2. I tried 4.0.2, 4.0-652, 4.0-4069, the DebugFast version from your thread, and the 3.5 version you posted from that thread, all with just the default settings (which includes cheats being disabled). Same thing on all of them.
[collapse="Screenshot"]
[/collapse]
 

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
1. That looks amazing.

2. I tried 4.0.2, 4.0-652, 4.0-4069, the DebugFast version from your thread, and the 3.5 version you posted from that thread, all with just the default settings (which includes cheats being disabled). Same thing on all of them.
[collapse="Screenshot"]
[/collapse]
I think mine says that too. Make sure "Boot to Pause" is unchecked in the Options menu up top. Hmm. Also, you'll want to turn on Registers, Breakpoints, and Memory in the View menu at the top.
 
Last edited:

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
I think mine says that too. Make sure "Boot to Pause" is unchecked in the Options menu up top. Hmm. Also, you'll want to turn on Registers, Breakpoints, and Memory in the View menu at the top.
Wow I'm silly it was just pausing immediately. Well I turned that off and now it pulls up the yellow text with the information about my hardware like usual but never goes past that :/

Edit: Got it now. Don't know what was wrong.
 
Last edited:

Cyjorg

tiny.cc/19XXTE
Joined
Nov 18, 2013
Messages
686
Location
Purdue University
Is there a memory address that you can check during a match to find out which players (p1, p2...) are in the game?
Was going through my notes for my version of the Neutral Spawn code and found this.

Code:
Player Type Check (0 = human, 1 = cpu , 3 = none) // I guess 2 doesn't exist??

SETUP:
lis r18, 0x8048
ori r18, r18, 0x0821
li r20, 0

P1:
lbz r19, 0x0 (r18)
cmpwi r19, 0x3
beq P2
li r20, 0x1000

P2:
lbz r19, 0x24 (r18)
cmpwi r19, 0x3
beq P3
addi r20, r20, 0x100

P3:
lbz r19, 0x48 (r18)
cmpwi r19, 0x3
beq P4
addi r20, r20, 0x10

P4:
lbz r19, 0x6c (r18)
cmpwi r19, 0x3
beq SETUP2
addi r20, r20, 0x1

SETUP2:
nop
It makes me sick to look at but it works. So if I'm my own code isn't fooling me the base address for player 1 is 0x80480821 and player 2 type is 0x24 from that and so on.
 

Y-L

Smash Champion
Joined
Jan 16, 2014
Messages
2,436
Location
Ventura, CA
Hey @Dan Salvato , would there be any chance you could fix the widescreen hack so that the off screen bubbles are in the 16:9 region instead of the 4:3 region?

 
Last edited:

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
It makes me sick to look at but it works. So if I'm my own code isn't fooling me the base address for player 1 is 0x80480821 and player 2 type is 0x24 from that and so on.
wParam's notes should probably be recommended reading. He has this kind of stuff documented quite well.

Code:
Static player block
-------------------

They start at 80453080
static_player_block_t //0xE90 bytes long
{
    0x04: long, player type (external index)
    0x08: long, slot type (human, cpu, demo, none)
    0x10: float, X coordinate (horizontal)
    0x14: float, Y coordinate (vertical)
    0x18: float, Z coordinate?  (depth)
    0x44: byte, bool computer?
    0x45: byte, controller index
    0x60: short, currently /displayed/ health. (ALWAYS counts up)
    0x62: short, health start value.
    0x90: int, current coins
    0x94: int, total collected.
    0xAC: byte, flag 0x40 means "eligible for multi spawn"
    0xB0: void*, pointer to player_t
    0xB4: void*, pointer to player_t for nana, if applicable
}
That's the direct copy-paste from it, but since I'm not on my desktop, it lacks personal notes like stock counters and such.
 

Cyjorg

tiny.cc/19XXTE
Joined
Nov 18, 2013
Messages
686
Location
Purdue University
wParam's notes should probably be recommended reading. He has this kind of stuff documented quite well.

Code:
Static player block
-------------------

They start at 80453080
static_player_block_t //0xE90 bytes long
{
    0x04: long, player type (external index)
    0x08: long, slot type (human, cpu, demo, none)
    0x10: float, X coordinate (horizontal)
    0x14: float, Y coordinate (vertical)
    0x18: float, Z coordinate?  (depth)
    0x44: byte, bool computer?
    0x45: byte, controller index
    0x60: short, currently /displayed/ health. (ALWAYS counts up)
    0x62: short, health start value.
    0x90: int, current coins
    0x94: int, total collected.
    0xAC: byte, flag 0x40 means "eligible for multi spawn"
    0xB0: void*, pointer to player_t
    0xB4: void*, pointer to player_t for nana, if applicable
}
That's the direct copy-paste from it, but since I'm not on my desktop, it lacks personal notes like stock counters and such.
All of that is on the Google doc too I believe
 

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
All of that is on the Google doc too I believe
Not really. Well some of it. I’m assuming you’re thinking of the data offset stuff, which is different.

These static player blocks that wParam began mapping are VERY important. They are ALWAYS in the same place in the RAM. We were using some values in these blocks as well, but just never gave order to them.

I’ve been slowly adding notes/discovering the meaning of some more of these values. My most current mapped out player block variables are seen below. The most important thing about doing this is to put some sense into the regular game functions that pull these variables. Those functions use the exact same player block offsets listed below.

And sorry about all the question marks. I just don’t things down as facts until I’m 100% certain. I started putting "unknowns" in there as I was mapping out/investigating game functions, just to know whether addresses in these blocks were read as bytes, floats, or halfwords.
Code:
Static player block
-------------------

They start at 80453080
static_player_block_t //0xE90 bytes long

P1 - 80453080
P2 - 80453f10
P3 - 80454DA0
P4 - 80455C30
P5 - 80456AC0
P6 - 80457950

{
    0x00: long, Character ID again?
    0x04: long, character ID (external index)
    0x08: long, slot type (human, cpu, demo, none), modify this to change from CPU to human midmatch
    0x10: float, X coordinate (horizontal)
    0x14: float, Y coordinate (vertical)
    0x18: float, Z coordinate?  (depth)
    0x40: float, direction facing (1=right, -1=left)
    0x44: byte, bool computer?
    0x45: byte, controller index
    0x46: byte, unknown
    0x47: byte, cpu type, applied after death.
    0x48: byte, unknown
    0x49: byte, unknown. I was using this as vs mode (=1) flag? ****.
    0x4A: byte, unknown
    0x4B: byte, unknown
    0x4C: byte, unknown
    0x4D: byte, unknown
    0x4E: byte, unknown
    0x50: float, unknown
    0x54: float, attack ratio, changing take effect immediately
    0x58: float, damage (defense) ratio, changing take effect immediately
    0x5C: float, model scale (match was started with. modifying does nothing.)
    0x60: short, currently /displayed/ health. (ALWAYS counts up)
    0x62: short, health start value.
    0x64: stamina hp - check to confirm
    0x68: int, unknown (80034de8)
    0x70: int, unknown
    0x88: int, read when dying in stamina mode?
    0x8E: byte, stocks left
    0x90: int, current coins
    0x94: int, total collected.
    0xA0: int, joystick "smashes" (8003662c - load, add 1, store back)
    0xA8: int, name tag slot #
    0xAC: byte,
        - flag 0x90 means “regular character”(?)
        - flag 0x40 means "eligible for multi spawn" (?)
        - flag 0x30 means "eligible for nana spawn"
        - comparison for 0x80 is @ 800354c0 (?)
    0xAD: byte, unknown (8003468c). Set to 0x20,0x80 and see?
        0x10 = default?
        0x20 = use stamina hp instead of damage percent, changing take effect immediately
   
    0xAE: byte, unknown
    0xB0: void*, pointer to player_t (Data Offset Start!)
    0xB4: void*, pointer to player_t for nana, if applicable

[results stats]
    0xD24: int, Damage Recovered
    0xDDC: int, air time
    0xDE0: int, ground time
}
 
Last edited:

Ripple

ᗣᗣᗣᗣ ᗧ·····•·····
Joined
Sep 4, 2006
Messages
9,633
no version of dolphin debug works on my computer that has functional memory break points. can someone tell me if memory offset 4d64ec has something to do with player 2 being on fire
 

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
no version of dolphin debug works on my computer that has functional memory break points. can someone tell me if memory offset 4d64ec has something to do with player 2 being on fire
I thought we determined that it was working when we had our Skype session? Didn't the game pause when we were looking at hitstun from a Falcon move?

I use the exact same versions that are posted in this forum and they work for me (generally speaking, I have seen some excpetions where it doesn't break on things that I know are being read but it's not often). I really dont see a reason why they shouldn't work for everyone as long as Dolphin executable will boot up.
 

Ripple

ᗣᗣᗣᗣ ᗧ·····•·····
Joined
Sep 4, 2006
Messages
9,633
nothing breaks anymore for no reason.

no version of dolphin debugfast 4 works on my computer. I cant run 64bit, and 32 bit gives me the **Assertion: see log** error despite having cheats off.

so then I go back to using 3.0-865 debugfast and that doesn't break on anything unless I directly write over a memory address

I have done this with memory address 4d64ec because its always either 1 or 0 depending on if the opponent is on fire but never breaks when I cause a player to be on fire
 
Last edited:

Cyjorg

tiny.cc/19XXTE
Joined
Nov 18, 2013
Messages
686
Location
Purdue University
nothing breaks anymore for no reason.

no version of dolphin debugfast 4 works on my computer. I cant run 64bit, and 32 bit gives me the **Assertion: see log** error despite having cheats off.

so then I go back to using 3.0-865 debugfast and that doesn't break on anything unless I directly write over a memory address

I have done this with memory address 4d64ec because its always either 1 or 0 depending on if the opponent is on fire but never breaks when I cause a player to be on fire
Make sure you're setting memory check points at 0x804d64ec and not 0x004d64ec.

Not really. Well some of it. I’m assuming you’re thinking of the data offset stuff, which is different.

These static player blocks that wParam began mapping are VERY important. They are ALWAYS in the same place in the RAM. We were using some values in these blocks as well, but just never gave order to them.

I’ve been slowly adding notes/discovering the meaning of some more of these values. My most current mapped out player block variables are seen below. The most important thing about doing this is to put some sense into the regular game functions that pull these variables. Those functions use the exact same player block offsets listed below.

And sorry about all the question marks. I just don’t things down as facts until I’m 100% certain. I started putting "unknowns" in there as I was mapping out/investigating game functions, just to know whether addresses in these blocks were read as bytes, floats, or halfwords.
Code:
Static player block
-------------------

They start at 80453080
static_player_block_t //0xE90 bytes long

P1 - 80453080
P2 - 80453f10
P3 - 80454DA0
P4 - 80455C30
P5 - 80456AC0
P6 - 80457950

{
    0x00: long, Character ID again?
    0x04: long, character ID (external index)
    0x08: long, slot type (human, cpu, demo, none), modify this to change from CPU to human midmatch
    0x10: float, X coordinate (horizontal)
    0x14: float, Y coordinate (vertical)
    0x18: float, Z coordinate?  (depth)
    0x40: float, direction facing (1=right, -1=left)
    0x44: byte, bool computer?
    0x45: byte, controller index
    0x46: byte, unknown
    0x47: byte, cpu type, applied after death.
    0x48: byte, unknown
    0x49: byte, unknown. I was using this as vs mode (=1) flag? ****.
    0x4A: byte, unknown
    0x4B: byte, unknown
    0x4C: byte, unknown
    0x4D: byte, unknown
    0x4E: byte, unknown
    0x50: float, unknown
    0x54: float, attack ratio, changing take effect immediately
    0x58: float, damage (defense) ratio, changing take effect immediately
    0x5C: float, model scale (match was started with. modifying does nothing.)
    0x60: short, currently /displayed/ health. (ALWAYS counts up)
    0x62: short, health start value.
    0x64: stamina hp - check to confirm
    0x68: int, unknown (80034de8)
    0x70: int, unknown
    0x88: int, read when dying in stamina mode?
    0x8E: byte, stocks left
    0x90: int, current coins
    0x94: int, total collected.
    0xA0: int, joystick "smashes" (8003662c - load, add 1, store back)
    0xA8: int, name tag slot #
    0xAC: byte,
        - flag 0x90 means “regular character”(?)
        - flag 0x40 means "eligible for multi spawn" (?)
        - flag 0x30 means "eligible for nana spawn"
        - comparison for 0x80 is @ 800354c0 (?)
    0xAD: byte, unknown (8003468c). Set to 0x20,0x80 and see?
        0x10 = default?
        0x20 = use stamina hp instead of damage percent, changing take effect immediately
  
    0xAE: byte, unknown
    0xB0: void*, pointer to player_t (Data Offset Start!)
    0xB4: void*, pointer to player_t for nana, if applicable

[results stats]
    0xD24: int, Damage Recovered
    0xDDC: int, air time
    0xDE0: int, ground time
}
Ah. I had some of that documented in my notes. Even on my phone I swear that 0xe90 apart seems familiar. Regardless, Have we tried contacting wParam? His email is on his site
 

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
Ah. I had some of that documented in my notes. Even on my phone I swear that 0xe90 apart seems familiar.
Your notes have the sub_player pointer (Which has 0xE90 apart listed) and stock information (which does not, and even this is only P1 and P2). So yeah, your notes have 2 things out of the entirety of that struct.

Given that it's hosted on a Google Doc, you should be able to just write a formula to calculate all of the offsets instead of manually putting in that kind of information.
 
Last edited:

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
Make sure you're setting memory check points at 0x804d64ec and not 0x004d64ec.



Ah. I had some of that documented in my notes. Even on my phone I swear that 0xe90 apart seems familiar. Regardless, Have we tried contacting wParam? His email is on his site
Yeah, it's familiar because you've used the player blocks before. I did contact wParam on his gmail, basically just telling him he is amazing blah blah blah did you know smash is still being played blah blah blah and I did get a response. This might sound heartless, but we recently found all his notes, which is what we all wanted from him and I don't think there's much else to obtain from contacting him. He hasn't done any Melee hacking since the Crazy Mod (9 years ago....) so he's just not going to remember the specifics of anything else we would love to ask him. Nonetheless, I would still love to chat with him about his actual methods for all this stuff and how they did it "in the old days". 9 years is a long time ago...
 

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
Yeah, it's familiar because you've used the player blocks before. I did contact wParam on his gmail, basically just telling him he is amazing blah blah blah did you know smash is still being played blah blah blah and I did get a response. This might sound heartless, but we recently found all his notes, which is what we all wanted from him and I don't think there's much else to obtain from contacting him. He hasn't done any Melee hacking since the Crazy Mod (9 years ago....) so he's just not going to remember the specifics of anything else we would love to ask him. Nonetheless, I would still love to chat with him about his actual methods for all this stuff and how they did it "in the old days". 9 years is a long time ago...
He would've just used the PSO Ethernet exploit (or given that a lot of his help came from the AR forums, maybe the Datel method), and GCNRD or whatever it was called. It's basically a debugger running off an actual Gamecube. From there, it wouldn't be really any different than how we find stuff, beyond the fact that he had the knowledge to recognize C functions in PPC ASM and to figure out the exploit itself.

Edit: Yeah, straight from his own page:

There are many people besides myself who deserve credit for these modifications. Parasyte and kenobi for the GCNCrypt and the Gamecube Remote Debugger, without which none of this would ever have been possible, along with everyone at the AR Central forums. Many codes from arcentral.net were used as a basis for knowing where to start looking in the debugger to make interesting changes, and of course everyone likes a little positive feedback now and again ;).
Honestly, if he was still doing it now, he'd probably have the entire game mapped at this point lol
 
Last edited:

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
I was trying to convert this into a dol mod and got at offset 0x168E8 -> 60000000, but that causes the game not to start at all in Dolphin (just goes to a black screen, doesn't even show the memory card prompts).
Well Cell, you done f***ed up.

If you follow that mini guide I wrote you really should have no problem finding the DOL offset.

For that code above, open up a ram.raw that you dumped from a vanilla 1.02 ISO with no codes enabled. Go to line 0x219d08 and copy like 10 lines of data. Then open your 1.02 DOL, search for that data you just copied and it should give you one match which is the offset. In general, RAM values are about 0x3000 more than the DOL offset. But that's just a rule of thumb. For the "free space" at the beginning of the DOL, all the equivalent RAM offsets are exactly +0x3000.
 

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
Well Cell, you done f***ed up.

If you follow that mini guide I wrote you really should have no problem finding the DOL offset.

For that code above, open up a ram.raw that you dumped from a vanilla 1.02 ISO with no codes enabled. Go to line 0x219d08 and copy like 10 lines of data. Then open your 1.02 DOL, search for that data you just copied and it should give you one match which is the offset. In general, RAM values are about 0x3000 more than the DOL offset. But that's just a rule of thumb. For the "free space" at the beginning of the DOL, all the equivalent RAM offsets are exactly +0x3000.
LMAO I didn't copy the 2. I went to 0x19d08 FailFish
 

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
So I'm trying to convert a C2 code to a dol mod but when I try to convert "b 0xFFECEC3B" to hex with ASM<>WiiRd I get "Error: ignoring least significant bits in branch offset." What is wrong?
 
Last edited:

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
Sorry I had the 0x I forgot to type it.
Branch works with an offset from the address it's executed from. So, unless it's pointing to a label within your own code, you have to manually create the branch.

So, 8045D930 to 80002300 would be b -4568624 (BA49D0).
 
Last edited:

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
To 0x8000514C in the RAM from 0x80136510 in the RAM. Just following Sham Rock's guide.
Then it's b -1250244, which is 0xECEC3C.

To figure it out, open Calculator in accessories, point view to Programmer, then click the radio button next to HEX. From there you can input 0x8000514C - 0x80136510 to get the value.
 
Last edited:

Cyjorg

tiny.cc/19XXTE
Joined
Nov 18, 2013
Messages
686
Location
Purdue University
Another useless code with an unnecessarily long name

Hold L+R+A+Start During Stage Load to Return to the CSS(1.02) [Jorgasms]
0425b8bc 38600002

This button combo used to bring you back to the Main Menu which annoyed me lol
 
Last edited:

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
Another useless code with an unnecessarily long name

Hold L+R+A+Start During Stage Load to Return to the CSS(1.02) [Jorgasms]
0480b8bc 36000002

This button combo used to bring you back to the Main Menu which annoyed me lol
Actually it's just L+R+Start. No A required.

Edit: And I just tried it in Dolphin and it didn't do anything :(

Edit: Now it works :) but it sends me to the sudden death CSS :(

Edit: Now it works well :)
 
Last edited:

CeLL

Smash Lord
Joined
Jan 26, 2014
Messages
1,026
Location
Washington
I'm trying to convert the gecko code to hold Z while selecting a character to get a lowercase version to a DOL mod, but I think I don't quite understand how to get the memory address of the line the C2 code is overwriting. Looking at C223C28C 0000000B I would think the address is 8023C28C, so I converted it and overwrote that line in the DOL, but it didn't do anything, so I set a break point in Dolphin for that line of code and it wasn't hit when I was entering a name.
 

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
I'm trying to convert the gecko code to hold Z while selecting a character to get a lowercase version to a DOL mod, but I think I don't quite understand how to get the memory address of the line the C2 code is overwriting. Looking at C223C28C 0000000B I would think the address is 8023C28C, so I converted it and overwrote that line in the DOL, but it didn't do anything, so I set a break point in Dolphin for that line of code and it wasn't hit when I was entering a name.
Check for a code that changes BA. It should be 40, if I remember right.
 

flieskiller

Smash Journeyman
Joined
Jan 3, 2013
Messages
426
NOT IMPORTANT REQUEST: in Develop mode, D-pad down toggles the c-stick controls between the Develop camera and the Multiplayer controls (with attacks)
 

Ripple

ᗣᗣᗣᗣ ᗧ·····•·····
Joined
Sep 4, 2006
Messages
9,633
I cannot, for the life of me, find where shield stun is located in memory. it seems to be dynamic
 
Last edited:

SinsOfApathy

Smash Journeyman
Joined
Feb 24, 2015
Messages
474
NNID
Psion312
I cannot, for the life of me, find where shield stun is located in memory. it seems to be dynamic
Float @ Offset 0x23A0 for remaining time according to the Google Doc. Haven't actually looked though (nor what struct it's part of, since the doc is kind of **** at organization.)
 
Top Bottom