• Welcome to Smashboards, the world's largest Super Smash Brothers community! Over 250,000 Smash Bros. fans from around the world have come to discuss these great games in over 19 million posts!

    You are currently viewing our boards as a visitor. Click here to sign up right now and start on your path in the Smash community!

Melee Gecko Codes + Guide and Discussion

whims

Smash Apprentice
Joined
Mar 7, 2016
Messages
100
one last question: when linking to the rng function, i get this error in asm <> wiird:
Error: operand out of range (0x80380580 is not between 0xfe000000 and 0x01ffffff)
i've tried changing the values by removing the 80 (i remember dan saying something about that in his videos) but nothing has worked so far.

i did step through the code up until this branch, and it works. i appreciate the help
 

whims

Smash Apprentice
Joined
Mar 7, 2016
Messages
100
ok so i don't necessarily need any more questions answered, i'd just like to post my progress along this project. i have successfully made random menu music load, without crashing. however, there are still glitches.

1) when i go to tournament mode and return, the game crashes. this may be due to register availability, or really any number of things. i'll have to do some testing
2) when i go from the main menu to the css or the css to the sss, the music reloads as a different hps. i'm guessing that the game checks to see if the menu music is loaded, and doesn't reload if it's already playing. however, it isn't loaded, so it goes through the play music function, which steps my code, loading another random song.
3) i get some random fanfares, which is more than likely due to errors in hps labels or errors in my translation from hex to dec or something like that. i don't see fanfare labels on the ssbm data sheet, and the hps labels also seem incomplete (lacking menu music), so i may go through and add all those since it's open for editing.
4) the dolphin i have to use has sound loading issues, so i may need to port it to a newer dolphin and test it there.

in the future, i hope to make more practical/complicated codes, since there is a decent demand but only a few seasoned people working on them, which has gotta be a load, and inevitably, many requests get ignored.

but anyway, if anyone is interested, here's my code (both in asm and machine)
Code:
START:
cmpwi r3,52
bne- END
li r3,67
mflr r27
lis r0,0x8038
ori r0,0,0x0580
mtlr r0
bl 0x37DC9C
la r10,0(r3)
cmpwi r10,0
bne- 0x08
li r3,39
cmpwi r10,1
bne- 0x8
li r3,04
cmpwi r10,2
bne- 0x8
li r3,66
cmpwi r10,3
bne- 0x8
li r3,33
cmpwi r10,4
bne- 0x8
li r3,50
cmpwi r10,5
bne- 0x8
li r3,34
cmpwi r10,6
bne- 0x8
li r3,75
cmpwi r10,7
bne- 0x8
li r3,97
cmpwi r10,8
bne- 0x8
li r3,51
cmpwi r10,9
bne- 0x8
li r3,96
cmpwi r10,10
bne- 0x8
li r3,95
cmpwi r10,11
bne- 0x8
li r3,49
cmpwi r10,12
bne- 0x8
li r3,35
cmpwi r10,13
bne- 0x8
li r3,06
cmpwi r10,14
bne- 0x8
li r3,84
cmpwi r10,15
bne- 0x8
li r3,64
cmpwi r10,16
bne- 0x8
li r3,65
cmpwi r10,17
bne- 0x8
li r3,56
cmpwi r10,18
bne- 0x8
li r3,03
cmpwi r10,19
bne- 0x8
li r3,60
cmpwi r10,20
bne- 0x8
li r3,31
cmpwi r10,21
bne- 0x8
li r3,41
cmpwi r10,22
bne- 0x8
li r3,42
cmpwi r10,23
bne- 0x8
li r3,43
cmpwi r10,24
bne- 0x8
li r3,44
cmpwi r10,25
bne- 0x8
li r3,40
cmpwi r10,26
bne- 0x8
li r3,30
cmpwi r10,27
bne- 0x8
li r3,57
cmpwi r10,28
bne- 0x8
li r3,59
cmpwi r10,29
bne- 0x8
li r3,58
cmpwi r10,30
bne- 0x8
li r3,77
cmpwi r10,31
bne- 0x8
li r3,74
cmpwi r10,32
bne- 0x8
li r3,63
cmpwi r10,33
bne- 0x8
li r3,01
cmpwi r10,34
bne- 0x8
li r3,55
cmpwi r10,35
bne- 0x8
li r3,61
cmpwi r10,36
bne- 0x8
li r3,07
cmpwi r10,37
bne- 0x8
li r3,02
cmpwi r10,38
bne- 0x8
li r3,80
cmpwi r10,39
bne- 0x8
li r3,81
cmpwi r10,40
bne- 0x8
li r3,78
cmpwi r10,41
bne- 0x8
li r3,83
cmpwi r10,42
bne- 0x8
li r3,38
mtlr r27

END:
mflr r0

C2023F28 00000047
2C030034 40820228
38600043 7F6802A6
3C008038 60000580
7C0803A6 4837DC9D
39430000 2C0A0000
40820008 38600027
2C0A0001 40820008
38600004 2C0A0002
40820008 38600042
2C0A0003 40820008
38600021 2C0A0004
40820008 38600032
2C0A0005 40820008
38600022 2C0A0006
40820008 3860004B
2C0A0007 40820008
38600061 2C0A0008
40820008 38600033
2C0A0009 40820008
38600060 2C0A000A
40820008 3860005F
2C0A000B 40820008
38600031 2C0A000C
40820008 38600023
2C0A000D 40820008
38600006 2C0A000E
40820008 38600054
2C0A000F 40820008
38600040 2C0A0010
40820008 38600041
2C0A0011 40820008
38600038 2C0A0012
40820008 38600003
2C0A0013 40820008
3860003C 2C0A0014
40820008 3860001F
2C0A0015 40820008
38600029 2C0A0016
40820008 3860002A
2C0A0017 40820008
3860002B 2C0A0018
40820008 3860002C
2C0A0019 40820008
38600028 2C0A001A
40820008 3860001E
2C0A001B 40820008
38600039 2C0A001C
40820008 3860003B
2C0A001D 40820008
3860003A 2C0A001E
40820008 3860004D
2C0A001F 40820008
3860004A 2C0A0020
40820008 3860003F
2C0A0021 40820008
38600001 2C0A0022
40820008 38600037
2C0A0023 40820008
3860003D 2C0A0024
40820008 38600007
2C0A0025 40820008
38600002 2C0A0026
40820008 38600050
2C0A0027 40820008
38600051 2C0A0028
40820008 3860004E
2C0A0029 40820008
38600053 2C0A002A
40820008 38600026
7F6803A6 7C0802A6
60000000 00000000
 

standardtoaster

Tubacabra
Joined
Nov 26, 2009
Messages
9,253
Location
Eau Claire, Wisconsin
What is the la command? Your line is "la r10,0(r3)". Is that loading the byte from r3's address into r10? I've never seen the "la" command before. I've only ever used lbz for that purpose
 

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
one last question: when linking to the rng function, i get this error in asm <> wiird:
Error: operand out of range (0x80380580 is not between 0xfe000000 and 0x01ffffff)
i've tried changing the values by removing the 80 (i remember dan saying something about that in his videos) but nothing has worked so far.

i did step through the code up until this branch, and it works. i appreciate the help
ok so i don't necessarily need any more questions answered, i'd just like to post my progress along this project. i have successfully made random menu music load, without crashing. however, there are still glitches.

1) when i go to tournament mode and return, the game crashes. this may be due to register availability, or really any number of things. i'll have to do some testing
2) when i go from the main menu to the css or the css to the sss, the music reloads as a different hps. i'm guessing that the game checks to see if the menu music is loaded, and doesn't reload if it's already playing. however, it isn't loaded, so it goes through the play music function, which steps my code, loading another random song.
3) i get some random fanfares, which is more than likely due to errors in hps labels or errors in my translation from hex to dec or something like that. i don't see fanfare labels on the ssbm data sheet, and the hps labels also seem incomplete (lacking menu music), so i may go through and add all those since it's open for editing.
4) the dolphin i have to use has sound loading issues, so i may need to port it to a newer dolphin and test it there.

in the future, i hope to make more practical/complicated codes, since there is a decent demand but only a few seasoned people working on them, which has gotta be a load, and inevitably, many requests get ignored.

but anyway, if anyone is interested, here's my code (both in asm and machine)
Code:
START:
cmpwi r3,52
bne- END
li r3,67
mflr r27
lis r0,0x8038
ori r0,0,0x0580
mtlr r0
bl 0x37DC9C
la r10,0(r3)
cmpwi r10,0
bne- 0x08
li r3,39
cmpwi r10,1
bne- 0x8
li r3,04
cmpwi r10,2
bne- 0x8
li r3,66
cmpwi r10,3
bne- 0x8
li r3,33
cmpwi r10,4
bne- 0x8
li r3,50
cmpwi r10,5
bne- 0x8
li r3,34
cmpwi r10,6
bne- 0x8
li r3,75
cmpwi r10,7
bne- 0x8
li r3,97
cmpwi r10,8
bne- 0x8
li r3,51
cmpwi r10,9
bne- 0x8
li r3,96
cmpwi r10,10
bne- 0x8
li r3,95
cmpwi r10,11
bne- 0x8
li r3,49
cmpwi r10,12
bne- 0x8
li r3,35
cmpwi r10,13
bne- 0x8
li r3,06
cmpwi r10,14
bne- 0x8
li r3,84
cmpwi r10,15
bne- 0x8
li r3,64
cmpwi r10,16
bne- 0x8
li r3,65
cmpwi r10,17
bne- 0x8
li r3,56
cmpwi r10,18
bne- 0x8
li r3,03
cmpwi r10,19
bne- 0x8
li r3,60
cmpwi r10,20
bne- 0x8
li r3,31
cmpwi r10,21
bne- 0x8
li r3,41
cmpwi r10,22
bne- 0x8
li r3,42
cmpwi r10,23
bne- 0x8
li r3,43
cmpwi r10,24
bne- 0x8
li r3,44
cmpwi r10,25
bne- 0x8
li r3,40
cmpwi r10,26
bne- 0x8
li r3,30
cmpwi r10,27
bne- 0x8
li r3,57
cmpwi r10,28
bne- 0x8
li r3,59
cmpwi r10,29
bne- 0x8
li r3,58
cmpwi r10,30
bne- 0x8
li r3,77
cmpwi r10,31
bne- 0x8
li r3,74
cmpwi r10,32
bne- 0x8
li r3,63
cmpwi r10,33
bne- 0x8
li r3,01
cmpwi r10,34
bne- 0x8
li r3,55
cmpwi r10,35
bne- 0x8
li r3,61
cmpwi r10,36
bne- 0x8
li r3,07
cmpwi r10,37
bne- 0x8
li r3,02
cmpwi r10,38
bne- 0x8
li r3,80
cmpwi r10,39
bne- 0x8
li r3,81
cmpwi r10,40
bne- 0x8
li r3,78
cmpwi r10,41
bne- 0x8
li r3,83
cmpwi r10,42
bne- 0x8
li r3,38
mtlr r27

END:
mflr r0

C2023F28 00000047
2C030034 40820228
38600043 7F6802A6
3C008038 60000580
7C0803A6 4837DC9D
39430000 2C0A0000
40820008 38600027
2C0A0001 40820008
38600004 2C0A0002
40820008 38600042
2C0A0003 40820008
38600021 2C0A0004
40820008 38600032
2C0A0005 40820008
38600022 2C0A0006
40820008 3860004B
2C0A0007 40820008
38600061 2C0A0008
40820008 38600033
2C0A0009 40820008
38600060 2C0A000A
40820008 3860005F
2C0A000B 40820008
38600031 2C0A000C
40820008 38600023
2C0A000D 40820008
38600006 2C0A000E
40820008 38600054
2C0A000F 40820008
38600040 2C0A0010
40820008 38600041
2C0A0011 40820008
38600038 2C0A0012
40820008 38600003
2C0A0013 40820008
3860003C 2C0A0014
40820008 3860001F
2C0A0015 40820008
38600029 2C0A0016
40820008 3860002A
2C0A0017 40820008
3860002B 2C0A0018
40820008 3860002C
2C0A0019 40820008
38600028 2C0A001A
40820008 3860001E
2C0A001B 40820008
38600039 2C0A001C
40820008 3860003B
2C0A001D 40820008
3860003A 2C0A001E
40820008 3860004D
2C0A001F 40820008
3860004A 2C0A0020
40820008 3860003F
2C0A0021 40820008
38600001 2C0A0022
40820008 38600037
2C0A0023 40820008
3860003D 2C0A0024
40820008 38600007
2C0A0025 40820008
38600002 2C0A0026
40820008 38600050
2C0A0027 40820008
38600051 2C0A0028
40820008 3860004E
2C0A0029 40820008
38600053 2C0A002A
40820008 38600026
7F6803A6 7C0802A6
60000000 00000000
The following lines aren't doing anything because of the branch link that comes immediately after them. Branch linking into another function with "bl" immediately overrides whatever was in the link register with the new return address. It doesn't read the link register at all before overwriting it.
Code:
lis r0,0x8038
ori r0,0,0x0580
mtlr r0

#-------
bl 0x37dc9c # because this line destroys whatever was in the link register
Second, NEVER use a line like "bl 0x37dc9c" in a Gecko code. That is a static branch link ahead 0x37dc9c bytes from wherever this instruction lies, and while this might work if it is the first code in your Gecko code list, it will not if it isn't first - and you can't expect it to always be first. And it will likely branch link into the middle of some unwanted function and freeze the game.

You want to do this
Code:
lis r0,0x8038
ori r0,r0,0x0580
mtlr r0
blrl  # branch link to the address in the link register
Using the above, it will always bl to 80380580 and it doesn't matter where your code is placed.

As Standardtoaster said, I've never seen the 'la' instruction. If you are trying to move the contents of register 3 to register 10, use "mr r10,r3"
 

whims

Smash Apprentice
Joined
Mar 7, 2016
Messages
100
The following lines aren't doing anything because of the branch link that comes immediately after them. Branch linking into another function with "bl" immediately overrides whatever was in the link register with the new return address. It doesn't read the link register at all before overwriting it.
Code:
lis r0,0x8038
ori r0,0,0x0580
mtlr r0

#-------
bl 0x37dc9c # because this line destroys whatever was in the link register
Second, NEVER use a line like "bl 0x37dc9c" in a Gecko code. That is a static branch link ahead 0x37dc9c bytes from wherever this instruction lies, and while this might work if it is the first code in your Gecko code list, it will not if it isn't first - and you can't expect it to always be first. And it will likely branch link into the middle of some unwanted function and freeze the game.

You want to do this
Code:
lis r0,0x8038
ori r0,r0,0x0580
mtlr r0
blrl  # branch link to the address in the link register
Using the above, it will always bl to 80380580 and it doesn't matter where your code is placed.

As Standardtoaster said, I've never seen the 'la' instruction. If you are trying to move the contents of register 3 to register 10, use "mr r10,r3"
thanks a ton for that explanation, i looked everywhere and couldn't find a command that linked directly to the link register without giving me an error in asmwiird. i was never using any other gecko codes, but i could see how that could be an issue, thanks.

What is the la command? Your line is "la r10,0(r3)". Is that loading the byte from r3's address into r10? I've never seen the "la" command before. I've only ever used lbz for that purpose
la is "load address"; i found it in the assembler tutorial on wiibrew.org.

"LA - Load Address

Syntax: la rD,d(rA)

This is equivalent to addi rD,rA,d

Example: la 3,100(9)

Adds 100 to the address in GPR9 and loads the result in GPR3."

i put "la r0,0(r3)" through asmwiird and then back and it came out as "addi r0,r3,0." in the wiibrew page it was specified as a mnemonic for an ADD command, and as noted above, it's equivalent to the addi command that asmwiird produced.

but anyway, i'll keep that in mind to prevent confusion in the future
 

Dr. D

Smash Rookie
Joined
May 3, 2012
Messages
10
Location
Charlotte, NC
Hello,

I've been digging through the forums and I suppose this is the best place to ask this. I am trying to have a similar functionality to 20xx 4.05 where you can press L or R on the dpad to select SD Remix or Pal. I'm not trying to make it do just that, I have custom characters I'm trying to add and not overwrite the base character. Any help or push in the right direction is much appreciated!
 

RagnorokX

Smash Cadet
Joined
Jun 17, 2015
Messages
63
Would the random always selects certain character not work for 1.00, and if so, how hard would it be to convert?
 

whims

Smash Apprentice
Joined
Mar 7, 2016
Messages
100
ok, i have somewhat of a better knowledge of stuff. learning java, somewhat c/cpp, and i will have them down fairly soon (comp science major, so i better).

i'm investigating adding sfx. i think itaru has already done this (https://www.youtube.com/watch?v=Ur3-0GUktSs), so i've been looking into his posts and such, not really finding a ton. in theory, would i add them to the end of an ssm file that's loaded into memory already and add a pointer/identity? or would i need to create a new ssm file? is it even realistic to do that or am i on the wrong track here?

also, something has been stumping me for a while. i know how to write asm codes in dolphin and load them independently, and i know vaguely how to hex edit. i just don't understand how the game engine and the game itself interplay. if someone could give me a brief rundown of the basic idea or point me to a thread/article that explains it i'd really appreciate it. i've been looking around for a while and haven't really found much

i did find a c to asm encoder and am currently working with that. thanks in advance for any help/time u can offer
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
@zankyou recently helped me understand a few things about material/texture/bone flags, and I’ve since been really curious about how loaded DAT data gets instantiated for things like stages and players in RAM as a stage is loading.

Many structures in file data get copied into new instances that appear to represent the data for updates each frame at runtime. I’ve found this to be useful for live testing via memory edits and memory check breakpoints.

I’ve been trying to learn more about how it all gets organized. I thought I'd post some loose notes about it here in the code section.

---

I’ve been looking at this weird static structure in RAM (804318B8) that appears to keep track of the locations of loaded DAT files (and other files?) presumably as a part of loading them from DVD.

It’s an array of structures that look like this:
0x0 - points to another entry in this array
0x4 - length of allocation for loaded file?
0x8 - pointer to start of loaded data

Below this structure is another structure that seems to be involved in copying the data… @80432058 is a cool string that appears to display the name of the most recently loaded DAT file.

---

Many DAT files I’ve observed seem to keep a 0x60 byte header structure In RAM that looks something like this:
0x0 - 0x20 byte header
0x20 - pointer to loaded data + 0x20 (excludes header)
0x40 - pointer to loaded data (includes header)

I've noticed that these seem to be placed at the end of the loaded file data.

---

Some memory checks and cheat searches revealed that players organize an index of material/mesh object instances, and stores a pointer to the start of it at internal player data offset 0x5F0 (array has 1*4 alignment)

I’ve observed that the majority of the data in these instances is 1:1 with what I see in DTW, except for the fact that pointers to other structs in the file data are often replaced with pointers to corresponding instances instead. This only seems to be the case for some structs, where others will point to the actual data in the loaded file. In some cases (like with texture structs) the table is larger than the struct in the file data.

So here’s what I believe I’m able to reference (with code) from internal player data offset 0x5F0:

0x5F0 -> (ID*4) = specific [RAM] Object

[RAM] Object -> 0x8 = [RAM] Material
[RAM] Object -> 0xC = [RAM] Mesh

[RAM] Mesh -> 0x8 = [DAT] vertex attributes array
[RAM] Mesh -> 0x10 = [DAT] display list blocks
[RAM] Mesh -> 0x14 = [RAM] Influence matrix array

[RAM] Material -> 0x8 = [RAM] Texture
[RAM] Material -> 0xC = [RAM] Color struct

[RAM] Texture -> 0x5C = [DAT] Image header
[RAM] Texture -> 0xAC(?) = [RAM] Lance color struct

---

Here's a similar summary of how player bones are organized with 0x5E8
0x5E8
-> (ID*16) -> 0x0 = specific [RAM] player bone
0x5E8 -> (ID*16) -> 0x4 = specific [RAM] player bone (related to shapeAnim?)

[RAM] player bone -> 0x7C = [RAM] shapeAnim timer (?)
[RAM] player bone -> 0x80 = [RAM] unk
[RAM] player bone -> 0x84 = [DAT] player bone

[RAM] shapeAnim timer (?) -> 0x14 = [RAM] X parse

[RAM] X parse -> 0x0 = Y parse -> 0x0 = Z parse
[RAM] parse
-> 0x4 = [RAM] next byte to parse
[RAM] parse -> 0x8 = [RAM] start of data body to be parsed


I'm unsure if what I have labeled there as "shapeAnim" is truly what the game references as a shapeAnim. I'm not exactly sure how to check.

In addition, internal player data offset 0x5D4 appears to be related to the eyeblink animation in some characters (as observed in player subaction event A0, which animates such things.) The instance looks similar to a player bone, but the table size is a little different. There is a similar "shapeAnim timer" looking structure pointed to at offset 0x64. My guess is that this is related to matAnims, and only uses X and Y parses. Internal player data offset 0x5D8 contains similar-looking data.

Does anyone know how the game organizes instances of bones/mats/mesh for stages? Static address 8049EE10 appears to point to both the currently loaded stage gr___.dat and the map_head structure inside of it.
 
Last edited:

Sebson (IKEA)

Smash Rookie
Joined
Jul 1, 2014
Messages
9
I don't know why this code is not in the first post but I am posting it here so you can add it if you want to. This is a port of the "default color" version of the rumble code. All I had to do was change the second hex byte that represents how long to read code for in the PAL version of the code.
Code:
C22637F8 0000000B
8803000E 3DC08044
61CED188 3DE08045
61EFBF04 3A800000
860F000C 56110319
41820010 3A200001
9A2E0000 48000014
5611035B 4182000C
3A200000 9A2E0000
3A940001 39CE0001
2C140004 41A0FFCC
60000000 00000000
 
Last edited:

LLDL

Smash Hero
Joined
Apr 27, 2007
Messages
7,128
Forgive me if this has already been posted, having trouble locating the "Default Tournament Settings" code for PAL, if there is one already?
 

nickmac2002

Smash Rookie
Joined
May 8, 2014
Messages
3
Do any of you know if someone has made sword swing colors for Roy? I haven't looked through the thread very much, so I apologize if this has already been asked and answered.
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
Do any of you know if someone has made sword swing colors for Roy? I haven't looked through the thread very much, so I apologize if this has already been asked and answered.
I wrote an experimental code the other day that allowed me to define custom colors, pole dimensions, and the origin bone of a sword trail for ANY character (even ones that don't have swords.)

Later tonight I'll try to clean it up and post it.
 

kiw1

Smash Apprentice
Joined
Apr 14, 2013
Messages
106
Idea:

Hold L+R at the and of the match (like salty runback) to play with the same characters but on a different stage

Would be cool and some peeps would prolly like it, would be easier then endless friendlies
 

carnivore

Smash Cadet
Joined
Mar 27, 2006
Messages
55
anyone have an AR code or gecko code that forces your character color e.g. i want to play neutral falcon in teams
 

ssknight7

Smash Apprentice
Joined
Oct 8, 2014
Messages
136
Can I get code for KO stars = games won with ragequitting giving a star to the opponent?

I need just this code without the skips results screen code.
 

jra64

Smash Journeyman
Joined
Jan 30, 2004
Messages
372
Is it possible for someone to make a gecko code that when you salty runback or whenever the game ends, it salty runbacks to a random stage instead of having to go back to the character select screen every time? I think this would save a lot of people a lot of time in the long run.
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
Do any of you know if someone has made sword swing colors for Roy? I haven't looked through the thread very much, so I apologize if this has already been asked and answered.
I wrote an experimental code the other day that allowed me to define custom colors, pole dimensions, and the origin bone of a sword trail for ANY character (even ones that don't have swords.)

Later tonight I'll try to clean it up and post it.
Sorry, I’m still working on this. I keep learning stuff. Rabbit holes.
Here’s a neat gif though:


The 2 vertices that define a sword trail length seem to scale with the tweening data that's used to make things like Mario's hand bone instance change scale during his F-air and U-tilt.

I have to finish writing the next incarnation of a bundle of hooks I’ve rewritten 5 times now because I keep learning about new ways to control the trail render. I'll be sure to include notes with the thread.
 

Sebson (IKEA)

Smash Rookie
Joined
Jul 1, 2014
Messages
9
Anyone have a code to turn FoD off when the fighting mode is set to team battle and turn it on when team battle is turned off again?
 

jra64

Smash Journeyman
Joined
Jan 30, 2004
Messages
372
Punkline how long have you been messing around with hacking Melee? You seem so knowledgeable lol... Do you have a background in programming as well? Just wondering...
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
Punkline how long have you been messing around with hacking Melee? You seem so knowledgeable lol... Do you have a background in programming as well? Just wondering...
I started tinkering with Melee ~ a year ago after going through this tutorial. I grew up building cartridge towers with my Sega Genesis Game Genie, and as a kid thought it was literally magic--so watching that tutorial felt kinda like Dan was teaching me how to cast spells.

I went into it somewhat familiar with the basics of data types and high-level control schemes, which definitely helped get the ball rolling. Melee (and this community!) has taught me just about everything I know about low-level programming, though. It's a really fun way to learn about otherwise terribly abstract stuff~
 
Last edited:

jra64

Smash Journeyman
Joined
Jan 30, 2004
Messages
372
That really awesome man. Yeah I'm going through that tutorial as well, it's really cool. Dan is awesome for making that tutorial for everyone. I have a little programming knowledge, but it's pretty basic. I should probably expand that as well.

I was just wondering what your background was is all :). Thanks for sharing.
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
I was close to posting this in the form of a question because I didn't know what to search for, but YAGCD saved me.

Thought I'd share in case anyone else may have been confused by these hieroglyphics:



On the left is the tail end of the function that draws sword trails each frame. It appears to be writing to an unsafe area, and in a way that redundantly clobbers all of its own data; but it’s actually accessing the GX FIFO hardware register as a part of a pipeline (for creating primitives before they are rendered, if I understand correctly)

On the right are a bunch of not-very-ppc-looking lines that represent special instructions apparently unique to the Gekko processor. They are supposedly capable of doing floating point operations very quickly, and I've seen them pop up a lot when trying to look deep into the core mechanics of certain functions. Apparently they're also handy for casting.

More about GX FIFO - http://www.gc-forever.com/yagcd/chap5.html#sec5.11

More about paired singles instructions - http://www.gc-forever.com/yagcd/chap3.html#sec3.4
 
Last edited:

Krusteaz

Smash Apprentice
Joined
Dec 2, 2015
Messages
79
Location
Yoshi's Story
Just a thought but has anybody ever thought of doing costume dependent Falcon flame colors? Like what Marth has with his sword trails.

I know you can change the Faclon punch texture in EfCaData.dat so that might mean it's not possible but maybe a DOL code could work or something
 

DRGN

Technowizard
Moderator
Premium
Joined
Aug 20, 2005
Messages
2,175
Location
Sacramento, CA
Just a thought but has anybody ever thought of doing costume dependent Falcon flame colors? Like what Marth has with his sword trails.

I know you can change the Faclon punch texture in EfCaData.dat so that might mean it's not possible but maybe a DOL code could work or something
Well, I don't see why a code couldn't be written for the game to use a different EfCaData file for each costume ( EfCaNrData, EfCaGrData, etc.?). It could be done for other characters too. And if it were written for all characters, it'd only be around 7 MB of extra space to add to the disc (~1.4 * 5, not counting all of the extra Kirby costume effect files and EfCoData). Or 21 MB if done for all costumes in 20XX.

Edit: Well, assuming there's enough good usable space in RAM. 4 Falcons on the screen at once would mean ~477 KB more space required (of 24 MB of RAM total). That would be the extreme case, since Falcon's effects file is the largest. Though the fact that now each player needs to pull from different addresses for each of these files, rather than the same one, would have to be addressed too.
 
Last edited:

Krusteaz

Smash Apprentice
Joined
Dec 2, 2015
Messages
79
Location
Yoshi's Story
That's a fantastic idea! Costume dependant shines, lasers, Falcon effects... even things like turnips! Just curious, why didn't someone do this for Marth's sword colors? Was writing it into the DOL just more convenient?
 
Last edited:

Nmarf13

Smash Rookie
Joined
Jun 22, 2015
Messages
2
Sorry, I’m still working on this. I keep learning stuff. Rabbit holes.
Here’s a neat gif though:


The 2 vertices that define a sword trail length seem to scale with the tweening data that's used to make things like Mario's hand bone instance change scale during his F-air and U-tilt.

I have to finish writing the next incarnation of a bundle of hooks I’ve rewritten 5 times now because I keep learning about new ways to control the trail render. I'll be sure to include notes with the thread.
this looks like the infinite sword glitch from legend of zelda oot :p
 

Punkline

Dr. Frankenstack
Premium
Joined
May 15, 2015
Messages
423
Huh, I didn’t know this CPU decision visualization thingy was in developer mode... It can be toggled on the fly from any player entity.


I’ve been looking into the similarities between sword trails and the player display state options (like above.) I’ve found that they share some common coordinate/draw update functions.

@ 800805c8 : $!_playerDisplayState_drawLogic ( includes calls to draw functions, or flags for drawing)
@ 8006d1ec : $?_player_bodyArticle_update? ( includes calls to hurtbubble and swordtrail coord updates )

I have some ideas about how to easily filter and highlight the collision bubble display in various ways using hooks in these functions J jra64

The sword trail draw function (which I’ve been studying) is called at the end of this draw logic function; which seems to be in charge of handling all of the display states at internal player data offset 0x21FC.

---

I dunno how common this knowledge is, but you can use this 0x21FC offset to do more than just toggle collision bubble displays:


There are 8 display states in this offset, available to each player as bitflags. They may be toggled simultaneously by adding the following values together:

0x01 - Display character (setting this to 0 makes the player invisible)
0x02 - Collision Bubbles (4 hitbubbles @0x914, 15 hurtbubbles @0x11A0)
0x04 - Head Bubble + Ragdoll Lines ( orange bubble on head for some characters )
0x08 - Aerial TopN Trail ( trailing red line at TopN when in air state)
0x10 - CPU Player Decision Logic Display
0x20 - Item Grab Range Display (3 boxes defined by floats starting @0x294)
0x40 - “Pivot” Sphere at Waist (apparently used for spacing in some moves? )
0x80 - ?? unknown, toggleable in developer mode via R+dLeft. Anyone know what this is?

(the CPU Decision Logic requires that bit 0x08 from internal player data offset 0x221F is flagged, otherwise it displays nothing. This extra flag overrides the player control with a CPU player)

Together, the flags are used to create logic for visualizing various types of information through display/draw functions, including:

@ 80009f54 : ac_CollisionBubbles_DisplayHitboxes
@ 8000a244 : ac_CollisionBubbles_DisplayHurtboxes
@ 8000a584 : ac_CollisionBubbles_DisplayInvincIntang
@ 8000a78c : $!_CollisionBubbles_DisplayReflect/Shield
@ 8000a460 : $!_CollisionBubbles_DisplayHead?
@ 800117f4 : $!_RagdollLines_Draw
@ 80014770 : $!_AerialTopNTrail_Draw (excellent demonstration of simple GX FIFO usage)
@ 800b395c : $!_playerCPU_LogicVisualization_Draw
@ 8001e2f8 : $!_ItemPickupRange_Draw
@ 8000a044 : $!_PivotBubble_Draw

---

In the case of hurtbubbles, the structure starting at internal player data offset 0x11A0 contains 15 allocations for hurtbubble coordinate data (similar to how offset 0x914 contains 4 allocations of hitbubble data.)

Hurtbubbles are a lot simpler than Hitbubbles, and are structured like so from what I can tell:

0x119E - 8-bit Number of hurtbubbles to update (15 max)

0x11A0 + ((hurtbubble ID) * 0x4C)
+
0x00 - hurtbubble state; 0=normal, 1=invulnerable, 2=intangible
0x04 - X origin A (floats)
0x08 - Y origin A
0x0C - Z origin A
0x10 - X origin B (A and B make a capsule shape)
0x14 - Y origin B
0x18 - Z origin B
0x1c - XYZ Scale
0x20 - bone attachment (pointer)
0x24 - 8-bit flag field (confirmed that remaining 24-bits are garbage from allocation)
0x28 - X pos
0x2c - Y pos
0x30 - Z pos
0x34 - X interpolation pos
0x38 - Y interpolation pos
0x3c - Z interpolation pos
0x40 - ?
0x44 - ?
0x48 - ?

@ 8007b0c0 : $!_playerHurtboxes_Initialize
@ 800a0da4 : $!_playerHurtboxes_Update

A few extra notes:
The number of hurtbubbles in use by a type of character is kept in byte 0x119E, and setting it to a number lower than default will eliminate the indexed hurtbox usage accordingly. Setting it higher will likely crash the game.

This can be more closely observed from the update loop (@800a0da4,) which seems to use the data to define hurtbubble shapes, positions, and interpolations on the stage for the current frame.

Bit 0x80 in the flag field appears to control whether or not the hurtbox gets updated in the update function; meaning that if you flag it just before the update--it will stay in the last frame position. It will snap into it’s normal place on the next update it catches, presumably directly inherited from the bone in 0x20 by the same article spawn function responsible for sword trail keyframe placement.

Other flags I’ve seen used include 0x40 and 0x01, but I don’t know of their uses.

---

It’s worth noting that only some characters (Bowser, from all I’ve seen) use all 15 hurtbubbles. In characters that don’t use them--the allocation still remains as unused space. It may be possible to exploit this in character-specific mods as free entity space (0x4C bytes per unused hurtbubble)

On a similar note, the flags at 0x24 of a hurtbubble appear to be a single byte allocated in 32-bits of space. This leaves 3 bytes of free space starting at 0x25 of each hurtbubble. This is also true of the 8-bit field at 0x21FC.

This free space would be the premise of a code I have in mind for creating easy-to-access handles for masking and filtering the collision bubble display.
 
Last edited:

Achilles1515

Smash Master
Joined
Jun 18, 2007
Messages
3,211
Location
Cincinnati / Columbus OH
Punkline Punkline Nice.

This is what I previously had for the hurtbubble stuff.
Code:
    0x119E  byte   # of hurtboxes on character, modifiable to remove hurtboxes
    0x11A0  Start of hurtbox info table (hurtboxes are 0x4c apart)
        0x00    hurtbox body state (normal, invincible, intangible)
        0x04    hurtbox 1 something start
        0x10    hurtbox 2, z-axis offset
        0x14    distance between hurtbox centers, I think
        0x1C    hurtbox radii
        0x20    bone structure pointer
        0x24    byte, (80) = don't update positioning?
        0x28    hurtbox point 1, x-coord
        0x2C    hurtbox point 1, y-coord
        0x30    hurtbox point 1, z-coord
        0x34    hurtbox point 2, x-coord
        0x38    hurtbox point 2, y-coord
        0x3C    hurtbox    point 2, z-coord
 

The Cape

Smash Master
Joined
May 16, 2004
Messages
4,478
Location
Carlisle, PA
I have been trying to find where I can remove hurt bubbles. I would like to remove DK's Tie Hurtbox and Mewtwo's tail, but so far I can only find textures.

Please help.
 
Top Bottom