Achilles1515
Smash Master
Use these notes to get a start on creating stage hacking codes.
Examples:
Disable Stage Transformations on Pokemon Stadium
Disable Tree Blow on Dreamland
Disable Rising Lava on Brinstar
Disable Rising Platforms and Water Jets on Fountain of Dreams
Disable Ship Spawn on Corneria
etc.
RAM Stage Hacking (SSBM v1.02)
- By Zauron, ported to 1.02 by Achilles
[COLLAPSE="RAM Stage Hacking (SSBM v1.00)"]
By Zauron
Smash Melee's code keeps a linked list of objects with update functions, which it runs through and calls the update functions every game frame. This list is constantly having objects added to and deleted from it. Each stage adds several objects to the list, and the easiest way to change the stage's behaviour is to tell these functions to not do anything.
Each stage has an initialization function, and while it is possible to find out what function is run for each stage by following a series of several links in memory, the easist way is to put a breakpoint at the address 0x801BFA90, start the stage you want to mess with, and then step once when the breakpoint is hit. This will put you at the start of that stage's initialization function.
During the initialization function several objects will be added to the update list. To find where the update functions are, starting from the initialization function you found, scroll down the code to find the return code (blr) and put a breakpoint there. Next, put a breakpoint at the address 0x8038DF40. This is part of the function that adds new objects to the list.
Now let the code run until that breakpoint is reached. When it is, look at the address in register #28. This is the address of the update function for the object being added. Keep running the code and jot down the addresses in register 28 until you hit the breakpoint at the end of the stage's initialization function. After that, more objects will be added all the time but they are not related to the stage.
There are two global update functions you will see that should be ignored - 0x801C0D00 (which updates animations) and 0x801C0D68 (unknown purpose). The rest are likely specific to that stage. Many of those will be nothing more than a return (blr) though, as an "empty" update, so those can also be ignored.
A quick change just to see what happens is to take those update functions and tell them to just return immediately by using a code like 04XXXXXX 4E800020, where XXXXXX is the last 6 digits of the address of the update function. If that does more than you intended, you may need to step through the update functions and find things to change, often just telling it to skip a branch or something using 60000000.
You can also try to mess with the stage's init function, though I've rarely found this useful. One thing that has been useful to know though is that many objects have init functions of their own, where additional steps are taken. For example, I had to edit the init function for the main stage platform of Green Green's in order to get rid of the initial yellow blocks. You can find these in a similar way to finding the update functions - while in the stage's init function, put a breakpoint at 0x802122F8 and step once to get into the init function of initialized objects for that stage.[/COLLAPSE]
Zauron's Lair
Examples:
Disable Stage Transformations on Pokemon Stadium
Disable Tree Blow on Dreamland
Disable Rising Lava on Brinstar
Disable Rising Platforms and Water Jets on Fountain of Dreams
Disable Ship Spawn on Corneria
etc.
RAM Stage Hacking (SSBM v1.02)
- By Zauron, ported to 1.02 by Achilles
Code:
Smash Melee's code keeps a linked list of objects with update
functions, which it runs through and calls the update functions
every game frame. This list is constantly having objects added
to and deleted from it. Each stage adds several objects to the
list, and the easiest way to change the stage's behaviour is to
tell these functions to not do anything.
Each stage has an initialization function, and while it is
possible to find out what function is run for each stage by
following a series of several links in memory, the easist way is
to put a breakpoint at the address 0x801C0A4C, start the stage
you want to mess with, and then step once when the breakpoint is
hit. This will put you at the start of that stage's
initialization function.
During the initialization function several objects will be added
to the update list. To find where the update functions are,
starting from the initialization function you found, scroll down
the code to find the return code (blr) and put a breakpoint
there. Next, put a breakpoint at the address 0x8038FE04. This is
part of the function that adds new objects to the list.
Now let the code run until that breakpoint is reached. When it
is, look at the address in register #28. This is the address of
the update function for the object being added. Keep running the
code and jot down the addresses in register 28 until you hit the
breakpoint at the end of the stage's initialization function.
After that, more objects will be added all the time but they are
not related to the stage.
There are two global update functions you will see that should
be ignored - 0x801C1cd0 (which updates animations) and
0x801C1D38 (unknown purpose). The rest are likely specific to
that stage. Many of those will be nothing more than a return
(blr) though, as an "empty" update, so those can also be
ignored.
A quick change just to see what happens is to take those update
functions and tell them to just return immediately by using a
code like 04XXXXXX 4E800020, where XXXXXX is the last 6 digits
of the address of the update function. If that does more than
you intended, you may need to step through the update functions
and find things to change, often just telling it to skip a
branch or something using 60000000.
You can also try to mess with the stage's init function, though
I've rarely found this useful. One thing that has been useful to
know though is that many objects have init functions of their
own, where additional steps are taken. For example, I had to
edit the init function for the main stage platform of Green
Green's in order to get rid of the initial yellow blocks. You
can find these in a similar way to finding the update functions
- while in the stage's init function, put a breakpoint at
0x802135b0 (Conversion: I think...0x802122F8 is the 1.00 value)
and step once to get into the init function of initialized
objects for that stage.
By Zauron
Smash Melee's code keeps a linked list of objects with update functions, which it runs through and calls the update functions every game frame. This list is constantly having objects added to and deleted from it. Each stage adds several objects to the list, and the easiest way to change the stage's behaviour is to tell these functions to not do anything.
Each stage has an initialization function, and while it is possible to find out what function is run for each stage by following a series of several links in memory, the easist way is to put a breakpoint at the address 0x801BFA90, start the stage you want to mess with, and then step once when the breakpoint is hit. This will put you at the start of that stage's initialization function.
During the initialization function several objects will be added to the update list. To find where the update functions are, starting from the initialization function you found, scroll down the code to find the return code (blr) and put a breakpoint there. Next, put a breakpoint at the address 0x8038DF40. This is part of the function that adds new objects to the list.
Now let the code run until that breakpoint is reached. When it is, look at the address in register #28. This is the address of the update function for the object being added. Keep running the code and jot down the addresses in register 28 until you hit the breakpoint at the end of the stage's initialization function. After that, more objects will be added all the time but they are not related to the stage.
There are two global update functions you will see that should be ignored - 0x801C0D00 (which updates animations) and 0x801C0D68 (unknown purpose). The rest are likely specific to that stage. Many of those will be nothing more than a return (blr) though, as an "empty" update, so those can also be ignored.
A quick change just to see what happens is to take those update functions and tell them to just return immediately by using a code like 04XXXXXX 4E800020, where XXXXXX is the last 6 digits of the address of the update function. If that does more than you intended, you may need to step through the update functions and find things to change, often just telling it to skip a branch or something using 60000000.
You can also try to mess with the stage's init function, though I've rarely found this useful. One thing that has been useful to know though is that many objects have init functions of their own, where additional steps are taken. For example, I had to edit the init function for the main stage platform of Green Green's in order to get rid of the initial yellow blocks. You can find these in a similar way to finding the update functions - while in the stage's init function, put a breakpoint at 0x802122F8 and step once to get into the init function of initialized objects for that stage.[/COLLAPSE]
Zauron's Lair
Last edited: