Kargaroc actor mod

[Kargaroc]

I talked about this a little while ago in the shout box, that I said that I want to make a modification to the AI of the Kargaroc birds. Specifically, making them not attack you. This is something I wanted to do for a long time, but didn't have any way to do it. Now however, I think I do.

 

I found where Kargaroc's AI is (rels/d_a_bb.rel). It also has a .map file for it in the maps directory, which i used to look at it in Dolphin's disassembler. Problem is I'm awful at understanding raw PPC assembly. The .map helps, highlighting different parts of code, but I still don't understand everything.

 

My original idea was to find a "near Link" bit. But it doesn't exist. So the only way would be to find where the "notice Link" code is, look for a branch, and force it to always say "no, Link isn't here" instead of actually checking.

[Conker]

Well, you have my full support on getting this done. Though I still think, should you accomplish it, that they should fly around places like Windfall and Outset island, and they should still be killable. <:

[Kargaroc]

Well, you have my full support on getting this done. Though I still think, should you accomplish it, that they should fly around places like Windfall and Outset island, and they should still be killable. <:

 

I will do that I'm sure I like that idea. Especially now that I know you can uncompress maps and get them to load uncompressed, which means much easier editing

Will the game load non-yaz0'ed versions of rels? Kargaroc's rel is yaz0'ed, and to modify it you will need to uncompress it.

 

EDIT: I think that Dolphin's tools are kinda limited in that it doesn't let you turn batches of code into nops. To clear out code to see what happens, you have to select EVERY SINGLE INSTRUCTION and convert it to a nop by hand Dx

 

EDIT 2: I want to test if the game will load an uncompressed rel, but it seems there are no tools that allow you to replace one file with a bigger file. At least, no tools that I know of.

[Eli]

I think this is an awesome idea, I never really got why those bird got so angry with you just for walking

[Kargaroc]

Update 2:

I think I finally make Kargaroc's actor load from an uncompressed rel. It seems that the game will load uncompressed .rel's.

 

I still have yet to do a ISO with the rel completely gone, just to test if d_a_bb.rel really is Kargaroc's actor. GameCube Rebuilder chugs when it's making an ISO, and i'm incredibly lazy.

[Kargaroc]

well... the closest I am to making an AR code is finding the d_a_bb.map and loading it in Dolphin.

 

If anyone is curious as to what anything means, here it is.

 

 

.text section layout

Starting Virtual

address Size address

-----------------------

00000000 000110 00000000 1 .text executor.o

UNUSED 00004c ........ ModuleConstructors__Fv executor.o

UNUSED 00004c ........ ModuleDestructors__Fv executor.o

00000000 00002c 00000000 4 _prolog executor.o

0000002c 00002c 0000002c 4 _epilog executor.o

00000058 000020 00000058 4 _unresolved executor.o

00000078 000074 00000078 1 .text global_destructor_chain.o

00000078 00001c 00000078 4 __register_global_object global_destructor_chain.o

00000094 000058 00000094 4 __destroy_global_chain global_destructor_chain.o

000000ec 00931c 000000ec 1 .text d_a_bb.o

000000ec 0002dc 000000ec 4 nodeCallBack__FP7J3DNodei d_a_bb.o

000003c8 00003c 000003c8 4 __dt__4cXyzFv d_a_bb.o

00000404 0005a0 00000404 4 tail_control__FP8bb_class d_a_bb.o

000009a4 0000f0 000009a4 4 tail_draw__FP8bb_class d_a_bb.o

00000a94 0000fc 00000a94 4 tex_anm_set__FP8bb_classUs d_a_bb.o

00000b90 0000b0 00000b90 4 bb_eye_tex_anm__FP8bb_class d_a_bb.o

00000c40 000134 00000c40 4 anm_init__FP8bb_classifUcfi d_a_bb.o

00000d74 0002d4 00000d74 4 s_a_d_sub__FPvPv d_a_bb.o

00001048 00012c 00001048 4 __dt__11dBgS_LinChkFv d_a_bb.o

00001174 0000a0 00001174 4 __dt__8dBgS_ChkFv d_a_bb.o

00001214 00005c 00001214 4 __dt__15dBgS_GrpPassChkFv d_a_bb.o

00001270 000048 00001270 4 __dt__15cBgS_GrpPassChkFv d_a_bb.o

000012b8 00005c 000012b8 4 __dt__16dBgS_PolyPassChkFv d_a_bb.o

00001314 000048 00001314 4 __dt__16cBgS_PolyPassChkFv d_a_bb.o

0000135c 000094 0000135c 4 __dt__11cBgS_LinChkFv d_a_bb.o

000013f0 000048 000013f0 4 __dt__8cM3dGLinFv d_a_bb.o

00001438 000048 00001438 4 __dt__13cBgS_PolyInfoFv d_a_bb.o

00001480 000154 00001480 4 search_esa__FP8bb_class d_a_bb.o

000015d4 000020 000015d4 4 kuti_open__FP8bb_classsUl d_a_bb.o

000015f4 000334 000015f4 4 bb_player_bg_check__FP8bb_class d_a_bb.o

00001928 000328 00001928 4 bb_setpos_bg_check__FP8bb_class d_a_bb.o

00001c50 0001a8 00001c50 4 bb_player_view_check__FP8bb_class d_a_bb.o

00001df8 000458 00001df8 4 path_check__FP8bb_class d_a_bb.o

UNUSED 000008 ........ daBb_ToFore__FP8bb_class d_a_bb.o

UNUSED 000008 ........ daBb_ToBack__FP8bb_class d_a_bb.o

00002250 0000fc 00002250 4 daBb_shadowDraw__FP8bb_class d_a_bb.o

0000234c 0000f8 0000234c 4 daBb_Draw__FP8bb_class d_a_bb.o

00002444 0002c4 00002444 4 bb_pos_move__FP8bb_class d_a_bb.o

00002708 00014c 00002708 4 bb_ground_pos_move__FP8bb_class d_a_bb.o

00002854 0009d0 00002854 4 bb_path_move__FP8bb_class d_a_bb.o

00003224 000d64 00003224 4 bb_auto_move__FP8bb_class d_a_bb.o

00003f88 000078 00003f88 4 bb_water_check__FP8bb_class d_a_bb.o

00004000 00004c 00004000 4 pl_name_check__FPvPv d_a_bb.o

0000404c 0004a0 0000404c 4 bb_kamome_attack__FP8bb_class d_a_bb.o

000044ec 001048 000044ec 4 bb_atack_move__FP8bb_class d_a_bb.o

00005534 000680 00005534 4 bb_wait_move__FP8bb_class d_a_bb.o

00005bb4 000680 00005bb4 4 bb_su_wait_move__FP8bb_class d_a_bb.o

00006234 000044 00006234 4 bb_fail_move__FP8bb_class d_a_bb.o

00006278 0006f4 00006278 4 damage_check__FP8bb_class d_a_bb.o

UNUSED 00003c ........ __dt__8CcAtInfoFv d_a_bb.o

0000696c 00003c 0000696c 4 __dt__5csXyzFv d_a_bb.o

000069a8 000dd0 000069a8 4 daBb_Execute__FP8bb_class d_a_bb.o

00007778 000008 00007778 4 daBb_IsDelete__FP8bb_class d_a_bb.o

00007780 00006c 00007780 4 daBb_Delete__FP8bb_class d_a_bb.o

000077ec 00027c 000077ec 4 useHeapInit__FP10fopAc_ac_c d_a_bb.o

00007a68 0004f0 00007a68 4 daBb_Create__FP10fopAc_ac_c d_a_bb.o

00007f58 00043c 00007f58 4 __ct__8bb_classFv d_a_bb.o

UNUSED 00012c ........ __dt__9enemyfireFv d_a_bb.o

UNUSED 00003c ........ __dt__15LIGHT_INFLUENCEFv d_a_bb.o

UNUSED 0001ac ........ __dt__8enemyiceFv d_a_bb.o

00008394 0000cc 00008394 4 __dt__8dCcD_CylFv d_a_bb.o

UNUSED 00008c ........ __dt__12cCcD_CylAttrFv d_a_bb.o

00008460 000048 00008460 4 __dt__8cM3dGCylFv d_a_bb.o

UNUSED 00006c ........ __dt__19dPa_followEcallBackFv d_a_bb.o

000084a8 000004 000084a8 4 __ct__5csXyzFv d_a_bb.o

000084ac 000004 000084ac 4 __ct__4cXyzFv d_a_bb.o

000084b0 0000cc 000084b0 4 __dt__8dCcD_SphFv d_a_bb.o

UNUSED 00008c ........ __dt__12cCcD_SphAttrFv d_a_bb.o

0000857c 000048 0000857c 4 __dt__8cM3dGSphFv d_a_bb.o

000085c4 00005c 000085c4 4 __dt__14cCcD_ShapeAttrFv d_a_bb.o

00008620 000048 00008620 4 __dt__8cM3dGAabFv d_a_bb.o

UNUSED 000090 ........ __dt__9dCcD_SttsFv d_a_bb.o

00008668 00005c 00008668 4 __dt__10dCcD_GSttsFv d_a_bb.o

UNUSED 000048 ........ __dt__9cCcD_SttsFv d_a_bb.o

000086c4 000070 000086c4 4 __dt__12dBgS_ObjAcchFv d_a_bb.o

00008734 000088 00008734 4 __dt__12dBgS_AcchCirFv d_a_bb.o

000087bc 00005c 000087bc 4 __dt__13mDoExt_btpAnmFv d_a_bb.o

00008818 000048 00008818 4 __dt__14mDoExt_baseAnmFv d_a_bb.o

UNUSED 000054 ........ __dt__13fopEn_enemy_cFv d_a_bb.o

00008860 000004 00008860 4 draw__34JPACallBackBase<P14JPABaseEmitter>FP14JPABaseEmitter d_a_bb.o

00008864 000004 00008864 4 executeAfter__34JPACallBackBase<P14JPABaseEmitter>FP14JPABaseEmitter d_a_bb.o

00008868 000004 00008868 4 execute__34JPACallBackBase<P14JPABaseEmitter>FP14JPABaseEmitter d_a_bb.o

0000886c 000004 0000886c 4 init__34JPACallBackBase<P14JPABaseEmitter>FP14JPABaseEmitter d_a_bb.o

00008870 000048 00008870 4 __dt__34JPACallBackBase<P14JPABaseEmitter>Fv d_a_bb.o

000088b8 00005c 000088b8 4 __dt__18dPa_levelEcallBackFv d_a_bb.o

00008914 000048 00008914 4 __dt__8cM2dGCirFv d_a_bb.o

0000895c 00005c 0000895c 4 __dt__8cM3dGCirFv d_a_bb.o

000089b8 000048 000089b8 4 __dt__10cCcD_GSttsFv d_a_bb.o

00008a00 000010 00008a00 4 GetShapeAttr__8dCcD_CylFv d_a_bb.o

00008a10 000008 00008a10 4 GetCoCP__12cCcD_CylAttrFv d_a_bb.o

00008a18 000008 00008a18 4 GetCoCP__12cCcD_CylAttrCFv d_a_bb.o

00008a20 000008 00008a20 4 CrossAtTg__12cCcD_CylAttrCFRC12cCcD_AabAttrP4cXyz d_a_bb.o

00008a28 000008 00008a28 4 CrossAtTg__12cCcD_CylAttrCFRC12cCcD_PntAttrP4cXyz d_a_bb.o

00008a30 000038 00008a30 4 CrossAtTg__12cCcD_CylAttrCFRC14cCcD_ShapeAttrP4cXyz d_a_bb.o

00008a68 000008 00008a68 4 CrossCo__12cCcD_CylAttrCFRC12cCcD_AabAttrPf d_a_bb.o

00008a70 000008 00008a70 4 CrossCo__12cCcD_CylAttrCFRC12cCcD_TriAttrPf d_a_bb.o

00008a78 000008 00008a78 4 CrossCo__12cCcD_CylAttrCFRC12cCcD_PntAttrPf d_a_bb.o

00008a80 000038 00008a80 4 CrossCo__12cCcD_CylAttrCFRC14cCcD_ShapeAttrPf d_a_bb.o

00008ab8 000004 00008ab8 4 GetGObjInf__12cCcD_GObjInfCFv d_a_bb.o

00008abc 000008 00008abc 4 GetShapeAttr__8cCcD_ObjCFv d_a_bb.o

00008ac4 000010 00008ac4 4 GetShapeAttr__8dCcD_SphFv d_a_bb.o

00008ad4 000008 00008ad4 4 GetCoCP__12cCcD_SphAttrFv d_a_bb.o

00008adc 000008 00008adc 4 GetCoCP__12cCcD_SphAttrCFv d_a_bb.o

00008ae4 000008 00008ae4 4 CrossAtTg__12cCcD_SphAttrCFRC12cCcD_AabAttrP4cXyz d_a_bb.o

00008aec 000008 00008aec 4 CrossAtTg__12cCcD_SphAttrCFRC12cCcD_PntAttrP4cXyz d_a_bb.o

00008af4 000038 00008af4 4 CrossAtTg__12cCcD_SphAttrCFRC14cCcD_ShapeAttrP4cXyz d_a_bb.o

00008b2c 000008 00008b2c 4 CrossCo__12cCcD_SphAttrCFRC12cCcD_AabAttrPf d_a_bb.o

00008b34 000008 00008b34 4 CrossCo__12cCcD_SphAttrCFRC12cCcD_TriAttrPf d_a_bb.o

00008b3c 000008 00008b3c 4 CrossCo__12cCcD_SphAttrCFRC12cCcD_PntAttrPf d_a_bb.o

00008b44 000038 00008b44 4 CrossCo__12cCcD_SphAttrCFRC14cCcD_ShapeAttrPf d_a_bb.o

00008b7c 000008 00008b7c 4 CrossAtTg__14cCcD_ShapeAttrCFRC14cCcD_ShapeAttrP4cXyz d_a_bb.o

00008b84 000008 00008b84 4 CrossCo__14cCcD_ShapeAttrCFRC14cCcD_ShapeAttrPf d_a_bb.o

00008b8c 00000c 00008b8c 4 GetCoCP__14cCcD_ShapeAttrFv d_a_bb.o

00008b98 00000c 00008b98 4 GetCoCP__14cCcD_ShapeAttrCFv d_a_bb.o

00008ba4 000158 00008ba4 4 __sinit_d_a_bb_cpp d_a_bb.o

00008cfc 00005c 00008cfc 4 __dt__7bbHIO_cFv d_a_bb.o

00008d58 000048 00008d58 4 __dt__14mDoHIO_entry_cFv d_a_bb.o

00008da0 000008 00008da0 4 @20@__dt__11cBgS_LinChkFv d_a_bb.o

00008da8 000008 00008da8 4 @12@__dt__8dBgS_ChkFv d_a_bb.o

00008db0 000008 00008db0 4 @20@__dt__11dBgS_LinChkFv d_a_bb.o

00008db8 000008 00008db8 4 @100@__dt__11dBgS_LinChkFv d_a_bb.o

00008dc0 000008 00008dc0 4 @88@__dt__11dBgS_LinChkFv d_a_bb.o

00008dc8 000008 00008dc8 4 @32@__dt__12dBgS_ObjAcchFv d_a_bb.o

00008dd0 000008 00008dd0 4 @20@__dt__12dBgS_ObjAcchFv d_a_bb.o

00008dd8 000008 00008dd8 4 @280@__dt__8dCcD_SphFv d_a_bb.o

00008de0 000008 00008de0 4 @248@__dt__8dCcD_SphFv d_a_bb.o

00008de8 000008 00008de8 4 @280@__dt__8dCcD_CylFv d_a_bb.o

00008df0 000008 00008df0 4 @248@__dt__8dCcD_CylFv d_a_bb.o

00008df8 000008 00008df8 1 .text d_a_bb.o

UNUSED 000008 ........ checkPlayerGuard__9daPy_py_cCFv d_a_bb.o

 

 

.ctors section layout

Starting Virtual

address Size address

-----------------------

00000000 000004 00000000 1 .ctors d_a_bb.o

 

 

.dtors section layout

Starting Virtual

address Size address

-----------------------

00000000 000004 00000000 1 .dtors global_destructor_chain.o

00000000 000004 00000000 4 __destroy_global_chain_reference global_destructor_chain.o

 

 

.rodata section layout

Starting Virtual

address Size address

-----------------------

00000000 000173 00000000 1 .rodata d_a_bb.o

00000000 000000 00000000 ...rodata.0 (entry of .rodata) d_a_bb.o

00000000 000004 00000000 4 @4229 d_a_bb.o

00000004 000004 00000004 4 @4230 d_a_bb.o

00000008 000004 00000008 4 @4231 d_a_bb.o

0000000c 000004 0000000c 4 @4232 d_a_bb.o

00000010 000008 00000010 8 @4319 d_a_bb.o

00000018 000008 00000018 8 @4320 d_a_bb.o

00000020 000004 00000020 4 @4321 d_a_bb.o

00000024 000004 00000024 4 @4322 d_a_bb.o

00000028 000004 00000028 4 @4323 d_a_bb.o

0000002c 000004 0000002c 4 @4324 d_a_bb.o

00000030 000004 00000030 4 @4325 d_a_bb.o

00000034 000004 00000034 4 @4326 d_a_bb.o

00000038 000004 00000038 4 @4327 d_a_bb.o

00000040 000008 00000040 8 @4329 d_a_bb.o

00000048 000004 00000048 4 @4392 d_a_bb.o

0000004c 000004 0000004c 4 @4574 d_a_bb.o

00000050 000004 00000050 4 @4696 d_a_bb.o

00000058 000008 00000058 8 @4853 d_a_bb.o

00000060 000004 00000060 4 @5014 d_a_bb.o

00000064 000004 00000064 4 @5015 d_a_bb.o

00000068 000004 00000068 4 @5016 d_a_bb.o

0000006c 000004 0000006c 4 @5068 d_a_bb.o

00000070 000004 00000070 4 @5069 d_a_bb.o

00000074 000004 00000074 4 @5087 d_a_bb.o

00000078 000004 00000078 4 @5088 d_a_bb.o

0000007c 000004 0000007c 4 @5249 d_a_bb.o

00000080 000004 00000080 4 @5250 d_a_bb.o

00000084 000004 00000084 4 @5251 d_a_bb.o

00000088 000004 00000088 4 @5252 d_a_bb.o

0000008c 000004 0000008c 4 @5253 d_a_bb.o

00000090 000004 00000090 4 @5254 d_a_bb.o

00000094 000004 00000094 4 @5255 d_a_bb.o

00000098 000004 00000098 4 @5458 d_a_bb.o

0000009c 000004 0000009c 4 @5459 d_a_bb.o

000000a0 000004 000000a0 4 @5460 d_a_bb.o

000000a4 000004 000000a4 4 @5461 d_a_bb.o

000000a8 000004 000000a8 4 @5462 d_a_bb.o

000000ac 000004 000000ac 4 @5463 d_a_bb.o

000000b0 000004 000000b0 4 @5464 d_a_bb.o

000000b4 000004 000000b4 4 @5465 d_a_bb.o

000000b8 000004 000000b8 4 @5466 d_a_bb.o

000000bc 000004 000000bc 4 @5575 d_a_bb.o

000000c0 000004 000000c0 4 @5781 d_a_bb.o

000000c4 000004 000000c4 4 @5782 d_a_bb.o

000000c8 000004 000000c8 4 @5783 d_a_bb.o

000000cc 000004 000000cc 4 @5784 d_a_bb.o

000000d0 000004 000000d0 4 @5785 d_a_bb.o

000000d4 000004 000000d4 4 @5786 d_a_bb.o

000000d8 000004 000000d8 4 @5787 d_a_bb.o

000000dc 000004 000000dc 4 @5788 d_a_bb.o

000000e0 000004 000000e0 4 @5789 d_a_bb.o

000000e4 000004 000000e4 4 @5790 d_a_bb.o

000000e8 000004 000000e8 4 @5892 d_a_bb.o

000000ec 000004 000000ec 4 @5893 d_a_bb.o

000000f0 000004 000000f0 4 @6216 d_a_bb.o

000000f4 000004 000000f4 4 @6583 d_a_bb.o

000000f8 000004 000000f8 4 @6584 d_a_bb.o

000000fc 000004 000000fc 4 @6585 d_a_bb.o

00000100 000004 00000100 4 @6586 d_a_bb.o

00000104 000004 00000104 4 @6587 d_a_bb.o

00000108 000004 00000108 4 @6588 d_a_bb.o

0000010c 000004 0000010c 4 @6589 d_a_bb.o

00000110 000004 00000110 4 @6590 d_a_bb.o

00000114 000004 00000114 4 @6821 d_a_bb.o

00000118 000004 00000118 4 @6822 d_a_bb.o

0000011c 000004 0000011c 4 @7222 d_a_bb.o

00000120 000004 00000120 4 @7223 d_a_bb.o

00000124 000004 00000124 4 @7224 d_a_bb.o

00000128 000004 00000128 4 @7225 d_a_bb.o

0000012c 000004 0000012c 4 @7226 d_a_bb.o

00000130 000004 00000130 4 @7227 d_a_bb.o

00000134 000004 00000134 4 @7228 d_a_bb.o

00000138 000004 00000138 4 @7229 d_a_bb.o

0000013c 000037 0000013c 4 @stringBase0 d_a_bb.o

 

 

.data section layout

Starting Virtual

address Size address

-----------------------

00000000 0006c0 00000000 1 .data d_a_bb.o

00000000 000000 00000000 ...data.0 (entry of .data) d_a_bb.o

00000000 00000c 00000000 4 @2100 d_a_bb.o

0000000c 00000c 0000000c 4 @2080 d_a_bb.o

00000018 000004 00000018 4 @1811 d_a_bb.o

00000030 00001f 00000030 4 callback_check_index d_a_bb.o

00000050 000024 00000050 4 tial_scale d_a_bb.o

00000074 00000c 00000074 4 bb_tex_anm_idx d_a_bb.o

00000080 00000c 00000080 4 bb_tex_max_frame d_a_bb.o

0000008c 00006c 0000008c 4 @5257 d_a_bb.o

000000f8 000068 000000f8 4 @5468 d_a_bb.o

00000160 000030 00000160 4 @5792 d_a_bb.o

00000190 000058 00000190 4 @5894 d_a_bb.o

000001e8 000058 000001e8 4 @5992 d_a_bb.o

00000240 000040 00000240 4 head_at_sph_src$6692 d_a_bb.o

00000280 000040 00000280 4 head_tg_sph_src$6693 d_a_bb.o

000002c0 000040 000002c0 4 body_tg_sph_src$6694 d_a_bb.o

00000300 000040 00000300 4 body_co_sph_src$6695 d_a_bb.o

00000340 00000a 00000340 4 fire_j$6696 d_a_bb.o

0000034c 000028 0000034c 4 fire_sc$6697 d_a_bb.o

00000374 000020 00000374 4 l_daBb_Method d_a_bb.o

00000394 000030 00000394 4 g_profile_BB d_a_bb.o

000003c4 00001c 000003c4 4 __vt__34JPACallBackBase<P14JPABaseEmitter> d_a_bb.o

000003e0 000020 000003e0 4 __vt__18dPa_levelEcallBack d_a_bb.o

00000400 00000c 00000400 4 __vt__8cM2dGCir d_a_bb.o

0000040c 00000c 0000040c 4 __vt__8cM3dGCir d_a_bb.o

00000418 00000c 00000418 4 __vt__12dBgS_AcchCir d_a_bb.o

00000424 00000c 00000424 4 __vt__10cCcD_GStts d_a_bb.o

00000430 00000c 00000430 4 __vt__10dCcD_GStts d_a_bb.o

0000043c 000088 0000043c 4 __vt__8dCcD_Cyl d_a_bb.o

000004c4 00000c 000004c4 4 __vt__8cM3dGCyl d_a_bb.o

000004d0 000088 000004d0 4 __vt__8dCcD_Sph d_a_bb.o

00000558 00000c 00000558 4 __vt__8cM3dGSph d_a_bb.o

00000564 00000c 00000564 4 __vt__8cM3dGAab d_a_bb.o

00000570 000054 00000570 4 __vt__14cCcD_ShapeAttr d_a_bb.o

000005c4 000024 000005c4 4 __vt__12dBgS_ObjAcch d_a_bb.o

000005e8 00000c 000005e8 4 __vt__13mDoExt_btpAnm d_a_bb.o

000005f4 00000c 000005f4 4 __vt__14mDoExt_baseAnm d_a_bb.o

00000600 000030 00000600 4 __vt__11dBgS_LinChk d_a_bb.o

00000630 000018 00000630 4 __vt__8dBgS_Chk d_a_bb.o

00000648 00000c 00000648 4 __vt__15dBgS_GrpPassChk d_a_bb.o

00000654 00000c 00000654 4 __vt__15cBgS_GrpPassChk d_a_bb.o

00000660 00000c 00000660 4 __vt__16dBgS_PolyPassChk d_a_bb.o

0000066c 00000c 0000066c 4 __vt__16cBgS_PolyPassChk d_a_bb.o

00000678 00000c 00000678 4 __vt__8cM3dGLin d_a_bb.o

00000684 000018 00000684 4 __vt__11cBgS_LinChk d_a_bb.o

0000069c 00000c 0000069c 4 __vt__13cBgS_PolyInfo d_a_bb.o

000006a8 00000c 000006a8 4 __vt__7bbHIO_c d_a_bb.o

000006b4 00000c 000006b4 4 __vt__14mDoHIO_entry_c d_a_bb.o

 

 

.bss section layout

Starting Virtual

address Size address

-----------------------

00000000 000004 00000000 1 .bss global_destructor_chain.o

00000000 000004 00000000 4 __global_destructor_chain global_destructor_chain.o

00000008 00036b 00000008 1 .bss d_a_bb.o

UNUSED 00000c ........ @3569 d_a_bb.o

UNUSED 000001 ........ @1036 d_a_bb.o

UNUSED 000001 ........ @1034 d_a_bb.o

UNUSED 000001 ........ @1032 d_a_bb.o

UNUSED 000001 ........ @1031 d_a_bb.o

UNUSED 000001 ........ @1026 d_a_bb.o

UNUSED 000001 ........ @1024 d_a_bb.o

UNUSED 000001 ........ @1022 d_a_bb.o

UNUSED 000001 ........ @1021 d_a_bb.o

UNUSED 000001 ........ @984 d_a_bb.o

UNUSED 000001 ........ @982 d_a_bb.o

UNUSED 000001 ........ @980 d_a_bb.o

UNUSED 000001 ........ @979 d_a_bb.o

UNUSED 000001 ........ @941 d_a_bb.o

UNUSED 000001 ........ @939 d_a_bb.o

UNUSED 000001 ........ @937 d_a_bb.o

UNUSED 000001 ........ @936 d_a_bb.o

00000008 00000c 00000008 4 @4163 d_a_bb.o

00000014 000080 00000014 4 l_bbHIO d_a_bb.o

00000094 000190 00000094 4 esa_info d_a_bb.o

00000224 000004 00000224 4 esa_check_count d_a_bb.o

00000228 0000ff 00000228 4 check_index$4859 d_a_bb.o

 

 

Memory map:

Starting Size File

address Offset

.text 00000000 00008df8 00000040

.ctors 00000000 00000008 00008e38

.dtors 00000000 00000008 00008e40

.rodata 00000000 00000173 00008e48

.data 00000000 000006c0 00008fc0

.bss 00000000 00000327 00009680

.debug_srcinfo 000000 00000000

.debug_sfnames 000000 00000000

.debug 0b55f0 0000d444

.line 003dc4 00009680

 

 

 

 

I think that the routines that make Kargaroc notice Link have something to do with either bb_player_view_check__FP8bb_class

 

or bb_auto_move__FP8bb_class (which is a vast monstrosity)

 

I checked this based on the names, and checking what segments are dissasembled in Dolphin's debugger.

 

I really really want to make this mod...

[xdaniel]

Can you modify those functions using Dolphin's debugger? If so, you could try to systematically "nop" them, make them return prematurely (a return right at the function's start) or somesuch, and see if that has any visible result in-game. Like, make "player_view_check" return right away, before it actually performs whatever check it does (hopefully the one for Link's proximity), and hope for the best. Although, depending on what registers or memory locations those functions write to, and if other functions rely on those, the game might not behave the way you'd want it to. Not necessarily crash outright, but who knows what.

 

No idea if this helps, but it's something...?

[Kargaroc]

Can you modify those functions using Dolphin's debugger? If so, you could try to systematically "nop" them, make them return prematurely (a return right at the function's start) or somesuch, and see if that has any visible result in-game. Like, make "player_view_check" return right away, before it actually performs whatever check it does (hopefully the one for Link's proximity), and hope for the best. Although, depending on what registers or memory locations those functions write to, and if other functions rely on those, the game might not behave the way you'd want it to. Not necessarily crash outright, but who knows what.

 

No idea if this helps, but it's something...?

 

That was what I was thinking the whole time. The problem is that Dolphin's debugger doesn't allow you to insert jumps. Just arbitrary instructions.

 

In kinda-sorta unrelated news, I'm playing Wind Waker in Dolphin right now. Not to hack or anything, but to complete this 5 year old save that I never completed. So I am in one of the gauntlet minidungeons, and I went into a room with wizzrobes. The first thing they spawned were two Kargarocs. Now, as I vowed to not kill any Kargarocs in this, I killed everything else first. So, now I have one of those boes (from the mothulas) on me, and the two Kargarocs won't attack me. The enemy music plays and they're flying like they would attack me, but they're not. They never try to.

 

I wonder if the boes have anything to do with it...

 

Save state (for NTSC ISO, Dolphin 3.0) comming soon here

[Kargaroc]

I've gotten nowhere in terms of hacking the rel, which is what I will have to do. The final AR code would theoretically patch the rel file. The rel is yaz'ed though. The game can load uncompressed rels, but that's beyond the capabilities of an AR. What we would have to do is uncompress the rel, change it, recompress it, and see what the differences are in the new yaz'ed rel.

 

The rel, btw, is a vast monstrosity of hexadecimal codes that I don't understand. And, like I said, Dolphin's debugger can't insert jumps, at least not any that's pointed to anywhere. You can't even select a block of code and nop it. You have to nop all of them, one by one, which is EXTREMELY tedious.

 

 

In other news, I don't know, but the Kargaroc seems to have a strange reaction to the Command Melody. It seems that Kargaroc glitches through the water alot after I play it. Perhaps it prevents water_check from running... :shrug:

 

BTW... I hope to have the final AR code... or atleast a proof of concept... by November 20th...

[Conker]

I wish you luck.

 

This was sent from Tapatalk. Jelly?

[Kargaroc]

I'm having trouble finding the routine that checks for Link's proximity and makes it start flying towards you and attacking...

 

I hate to say but I think I need help with this. Dolphin's debugger doesn't seem to be able to nop out functions so I can't even use trial and error In order to have any effect you would have to modify the rel directly, which I don't think I want to do.

[The Tjalian]

Hey Kargaroc, any progress with this?

[Kargaroc]

Hey Kargaroc, any progress with this?

 

Well, if I understood PPC assembly, then I would be done. But I don't. The thing is, I need help with this. Otherwise I can't do it, cause I just don't know how.

 

And all the programmers on these forums, are perpetually busy. And I understand that.

I will say that if no one can help me, then I am cancelling this project because I can't do it alone.

[The Tjalian]

Well, if I understood PPC assembly, then I would be done. But I don't. The thing is, I need help with this. Otherwise I can't do it, cause I just don't know how.

 

And all the programmers on these forums, are perpetually busy. And I understand that.

I will say that if no one can help me, then I am cancelling this project because I can't do it alone.

 

That sucks I'd help out myself but PPC assembly is way past my realms of knowledge

 

Hope you find someone soon

[Sage of Mirrors]

bb_player_view_check__FP8bb_class

 

I'm pretty sure that this entry in the Kargaroc's .rel (found with the .map) is what checks if the Kargaroc can see Link. Perhaps I can do something with this.

[Kargaroc]

bb_player_view_check__FP8bb_class

 

I'm pretty sure that this entry in the Kargaroc's .rel (found with the .map) is what checks if the Kargaroc can see Link. Perhaps I can do something with this.

 

Thanks!

I looked at the code loop in the Dolphin debugger and I'm not actually sure that's run. I could be wrong though.

[Kargaroc]

Okay, update on this project. I've decided to turn to modifying the rel directly with a hex editor and using the .map to see where stuff is. For instance, the .text section is where assembly code is and .data is where things like variables and stuff (I presume) are. I focused on one part of the .data section - around the area of "g_profile_BB".

 

After a few attempts at blindly modifying stuff around there to no avail, I changed a few random bytes that were below 10h to 99h (just a random number), and saved it.

 

I rebuilt the ISO and I discovered that, while they still notice and attack you, when they attack you, you don't take any damage! Link doesn't even play the animation for when he gets hurt!

 

I still have to figure out what byte actually does that though...

 

MAJOR EDIT:

 

He's ignoring me!!!

 

Okay, how I did this. I used IDA Pro along with a Gekko plugin to dissasemble the rel. I used the map file to look for a function called "bb_player_bg_check__FP8bb_class".

 

With IDA Pro I set everything as code and it showed me the structure. I was able to find a branch if equal instruction before similar large chunks of code. So I looked up the PPC Nop opcode on the internet and replaced the bytes at 0x189c in the rel with 60000000 (the nop opcode).

 

I saved it as a copy, copied it to the disk, and renamed it. I rebuilt the ISO and to my surprise, Kargaroc ignored Link, even after minutes of standing right next to it!

 

Now... theoretically, could this be made into a AR code?

[Jason777]

That's awesome! You could try making a patch... but I don't think that's what you want to do for a change so minimal and small

[Sage of Mirrors]

Cool! You'll have to give links to the stuff you used. I think editing AI will be a large part of hacking for, say, items (which I think I have a couple ideas for...)