Hacking Legend of Heroes Translation

[zero_g_monkey]

If anyone is interested in how we edit the images in the falcom games, I created a small write up for it.
LINK

 

[zero_g_monkey]

Small sample of what has been going on behind the scenes.

Can you notice what it is?

 

[GamerzHell9137]

View attachment 9781View attachment 9782
View attachment 9783View attachment 9784

Small sample of what has been going on behind the scenes.

Can you notice what it is?

Nice, ASM Hacking.
That's great!

 

[zero_g_monkey]

VWF.

I think there is one already implemented in the game. For whatever reason though, certain letters are always spaced weird when done by the companies who make the game. I am thinking about editing the tiles in the font map. Is that possible and how would I know what to edit or not? If possible try to provide a reasonably detailed answer in idiot terms since programming isn't my strong suit.

 

[zero_g_monkey]

How is it that a VWF works? I have been toying around with tile editor and hex editor to see how things look. How does the game know the font tile has ended and the new one starts? Is there something like a pointer table in the file that shows where they are? I suspect it is something like this but have no real experience on this side of the VWF routine. I have made a few fonts but never knew the details. Just what to create and such.

I would really like some information about this. Any at all because this problem is really holding me up right now.

 

[zero_g_monkey]

Anybody know if it is possible to use breakpoints to figure out how a particular bit of dialog is handled in a game. Namely, I am trying to track down how the game knows the location of parts of the eboot so that I can move them around to make room for lines that are longer than the available space.

 

[JamRules]

Anybody know if it is possible to use breakpoints to figure out how a particular bit of dialog is handled in a game. Namely, I am trying to track down how the game knows the location of parts of the eboot so that I can move them around to make room for lines that are longer than the available space.

Best thing I can think of is to search ram for a string you know is displayed and try to backtrace the read, that said ppsspp ram search seems broken

 

[zero_g_monkey]

I am new to the whole breakpoint thing. Is there a certain thing I should be looking for. I have it loaded up right this minute and have already triggered the break. But all the commands are like trying to learn latin to me.

 

[JamRules]

It can be pretty difficult sometimes depending on how much each value is used, might be a good idea to download a mips reference so you can learn the instructions

 

[zero_g_monkey]

Ok. Will try that.

If anybody wants to see if they can figure it out. Here is a little info about it.
Using the extras menu. Go to gamefaqs and get one of the save files for the game. It should have the extras menu unlocked.


(This is the hex for CHARACTER) the rest is more dialog after the 0000
Search for 826282678260827182608262827382648271000082758268827282748260826B00000000826C826E8275826882640000826482758264826D82730000826C8268826D826882668260826C826400000000.
It should be something like address 0x08A67AC8
Set breakpoint for this spot however you do it. It's all new to me and thankfully flame made a nice little video to help me out.
Go to the extras menu and click on POINT (it's right under RECORD and above CHARACTER).
This should trigger the break.

From this point I just wonder around aimlessly...

 

[neoxephon]

I am new to the whole breakpoint thing. Is there a certain thing I should be looking for. I have it loaded up right this minute and have already triggered the break. But all the commands are like trying to learn latin to me.

I use the following as references:
http://www.mrc.uidaho.edu/mrc/people/jff/digital/MIPSir.html
http://www.ece.umd.edu/~manoj/759M/MIPSALM.html
https://code.google.com/p/pops-gte/wiki/DisasmHints
https://github.com/uofw/uofw/wiki/MIPS

I usually just step through the instructions after the breakpoint has triggered. Pay attention to the values in the registers. Are you trying to figure out how the EBOOT pointers work?

And about searching for values in the memory, I strongly recommend right-clicking in the Memory Viewer and choosing Dump. You can then view it in your hex editor of choice. I personally dislike working with the Memory Viewer more than I absolutely have to. I find it much easier to use my hex editor.

If you find something in the memory dump, take the address in the dump and add 0x08800000. Very easy to do with the Windows calculator if you hate doing math in your head.

 

[JamRules]

I've attached the pdf I used.

I'm assuming what you're trying to do is rearrange the pointers so that you can have custom length text.

Normally I use a hex-editor for this but for debugging asm it means that your interested in not the value read but the register that pointed to it
e.g lw v0, 0x0(a0) - you'll want to read the asm and find where a0 is from

 

[zero_g_monkey]

lw a2,0x0(a1)
This is the first thing that shows when I get the break. Is that where I need to start from?



Bascially what I am trying to do is, some stuff does not have enough space but others in the same block have to much. I just wanna move the stuff in the block around to be able to give a good translation instead of a butchered one.

 

[JamRules]

lw a2,0x0(a1)
This is the first thing that shows when I get the break. Is that where I need to start from?

I would check how many different places the memory is read (while it's value is still equal to the text you want), If there's only one you'll want to trace where a1 comes from. If there's more than one edit the register's value and see if it affects the render so you can determine which one is used.

If you have the file where the text is and it's stored plain (uncompressed, etc) then using a hex editor may be faster. You could always post the file

 

[zero_g_monkey]

OK... Scratch most of the location details I mentioned previously. I was at the wrong spot. Those have the pointers that I have already figured out (offset of C0 subtract or add depending on where you are coming from). Here is the new details.
What I suspect to be the pointer table of a different variety is located at 0x25A560 (looks like 64 DC)
The dialog in question is located at 0x264104 - 82628267826082718260826282738264827182AA0A8CA982EA82E982E682A482C982C882E982E681422563 CHARACTER+Japanese dialog till it ends with %c 0x00.
lb v1,0x0(fp) v1 00000000 fp 08a68044
li v0,0x25 v0 08a70000
beq v0,v1,pos_08A34E2C ; false v0 00000025 v1 FFFFFF82
move s0,fp s0 08a68044 fp 08a68044
beq zero,v1,pos_08A34E2C ; false v1 FFFFFF82
li a0,0x25 a0 0000000
addiu s0,s0,0x1 s0 08a68044
lb v0,0x0(s0) v0 00000025 s0 08a68045
beq a0,v0,pos_08A34DEC a0 00000000 v0 00000062
subu s1,s0,fp s1 8bd2e00 s0 8a68045 fp 08a68044
bnel zero,v0,pos_08A34DD4 ; true v0 00000062
addiu s0,s0,0x1 s0 08a68045

Then is just starts cycling through lb v0,0x0(s0) to addiu s0,s0,0x1 with the numbers changing sometimes.


You use the same method as mentioned a few posts back to trigger break.

 

[JamRules]

Can't believe they're actually loading immediates to point to text.

Simple example where I swapped the instructions so it loads character instead of visual

 

[zero_g_monkey]

Interesting. I kind of understand what you are saying. But honestly have very little clue how it is done. Very cool though.

 

[JamRules]

Eboot text offsets are set via immediates which indicate the position in RAM

e.g. For "CHARACTER will become viewable" in extras/points - li a1,0x08A68044
(it's an 8 byte instruction - e.g. 0xA708053C 4480A524)

positions are equal to position in eboot.bin + 0x08800000

There will be a call to "jal z_un_08a340e8" after setting the immediate.

Best way I can think of to find the correct instruction is to find the text position in RAM (0xnnnnnnnn) and use ctrl-f in disassembly to find li a1,0xnnnnnnnn, should be pretty unique and easy to find.


Basically it'll be a pain to change the positions but should be possible,
do you have someone who can do the asm on your team?

 

[flame1234]

li a1,0x08A68044
I know what that means. How do I translate that into ones and zeros (or hex or whatever)? Is there a program (MIPS compiler) that does this?
I mean, if I knew where that instruction was, I couldn't change it because I don't know how to rebuild the MIPS opcodes.

 

[neoxephon]

li a1,0x08A68044
I know what that means. How do I translate that into ones and zeros (or hex or whatever)? Is there a program (MIPS compiler) that does this?
I mean, if I knew where that instruction was, I couldn't change it because I don't know how to rebuild the MIPS opcodes.

If you're asking how to go about changing the opcode permanently, it isn't that difficult. Here is how I do it (there might be better ways, but this is how I do it):

1. Find the opcode in PPSSPP. Right click it and select "Go to in Memory View".
2. This is what the opcode looks like in hexadecimal format.
3. If you're not sure of the hexadecimal value for the opcode that you wish to change it to, you can right-click the opcode and click "Assemble Opcode".
4. Input the new opcode and it will change it. You can now see the hexadecimal value for that opcode. This will also allow you to test your changes before you make them permanent.
5. Take the hexadecimal value of the original opcode.
6. Take the hexadecimal value of the opcodes that come before and after the opcode that you want to change.
7. Open the decrypted EBOOT.BIN in your hex editor of choice.
8. Using the Find feature, search for hexadecimal values that you recorded. You would put the opcode before then the opcode you wish to change then finally the opcode that comes after it.
9. In most cases you will find 1 result. This is your opcode. Change it and re-insert the EBOOT.BIN to the ISO. Now it is changed permanently.
10. If you get more than 1 result, record the next opcode above that and the next opcode after that. It'll help to narrow down the search.

I highly recommend keeping a spreadsheet of all of the changes that you make. Makes it easier to keep track.

Beyond doing what I described above, the more advanced method would be to use armips. But that will be more complex.