NEORAINE修改教程(作者：Tux)

疾风之狼

console basics

+ n! O2 g; k" q) ^$ j$ D作者：Tux 文章来源：http://rainemu.swishparty.co.uk/msgboard/yabbse/index.php

/ y* _) Z% B/ F, }$ t  ?
- z1 i$ \5 _: L- `/ ^# `, I( e$ C
% j9 S5 y! w; m% f& D# vI know a command line is quite intimitading, but it will be much more powerfull for what I want, and also it will be much easier to add new features this way.

So here in mslug, I wanted to look for the number of lifes, so I started by search 3 just at the begining of the game and there were more than 39000 results.
So I lost a life, typed "search 2" and I was down to 4 results already !
3 r: B; N: \' h. d6 O9 [Lost another life, and this time "search 1" sent back only 1 result : 100397.

0 C6 m8 n: r4 X" @, R1 qThis is the very first beta for this, I want to add other functions like the ability to modify any address in ram (to test the result by puting any life number for example), to be able to explore the ram at any address to see if there are other interesting addresses nearby, and so on...
8 X9 O$ ^* L4 n( j6 H# |: @
As you see the syntax for the command line is extremely simple, and should remain as simple as possible...
% g$ |: [3 ?) H( \% h# RAnd this thing could probably be used as a debuger too (68000/z80 debuger).

( F/ H/ D' t# v) i- {' D[ 本帖最后由 疾风之狼 于 2009-3-31 20:36 编辑 ]

疾风之狼

console lessons level 2

/ ]0 x% r  D9 J! X2 |, |- h1 m9 N4 t作者：Tux 文章来源：http://rainemu.swishparty.co.uk/msgboard/yabbse/index.php
' V: @! G. W, {% c
0 }; f) p/ g; `; ]how to find the location of the weapon for metal slug in ram ?
Welcome to the relative searches we started to talk about in the other topic...

So just start the game as usual, and open the console just before picking the machine gun, and close it immediately. In doing so it takes a snapshot of the ram, and you'll be able to look for differences later. Now take the machine gun and type:
  E; L' c* }6 [% Lsearch !=
which will search all the bytes which are different.
Well there a few hundreds of differences, so it will take time.
The idea is to wait a little in game, then return to the console and type
search ==
to look for the areas which didn't change. Half of the results are gone, but you still have a lot of them. Play a little until the flame thrower and just before picking it up, type :
search ==
and after picking it up :
& W0 g4 ~- e6 S5 fsearch !=
normally when you pick the machine gun again and you type search !=, you'll get only 2 results which are both valid :



$ c' ?2 ~& Y/ h+ \# g, oAfter a few tests, the 2nd address is the one you want, puting 4 in it gives the machine gun and 2 is the flame thrower (I didn't test all the weapons !).

- v, u! g& P- Z7 Y; {( fThis is a lot harder than the simple life counter... !!!
But it works well. Todo : mouse support in the console (too tiresome to type all these addresses), history for the console to access the previous commands, and the scripts I talked about in the other topic to be able to save what we find.
3 @. A9 ]: ~7 l# N: J/ h: v) R
Now with the old cheat system, you would have to add 1 cheat/weapon, which is not very convinient. Here you can add a single cheat using the alert function. First here are the weapons you can get :
- 00 : Normal Gun
6 g, A$ k4 E( b" Z6 f: @$ P3 d" { - 01 : Shotgun
- 02 : Flamer
; `; f8 L; c/ R& P- I" ]/ C - 03 : Rocket Launcher
- 04 : Machine Gun
8 }7 d/ @4 @7 h6 ?- Mthe alert function works like this :
alert("message|button1|button2...")
and returns the number of the button you selected starting at 1, or 0 if you pressed ESC or used the 2nd button of your mouse.
So you can type :
4 {; B) @: F+ v* E9 x: |8 ]7 o
: e% x7 ^/ S6 T8 W: H4 M) Z  Y4 \Code:
2 o0 L. I' `+ [. `9 ^; ?. z# O  poke $1004d1 alert("select weapon (ESC for normal gun)|Shotgun|Flamer|Rocket l
auncher|Machine gun")
  dpoke $1004e2 999


1 L0 }  y# E! |; ~$ aThe 2nd line gives 999 munitions at the same time, it's more convinient. Once you have tested, you can add it to your scripts using the script command, and it will appear in the cheats dialog (which you can now call directly using a key from the game).

疾风之狼

Console lessons level 3 : invulnerability and timers

+ p) s: n9 G0 h作者：Tux 文章来源：http://rainemu.swishparty.co.uk/msgboard/yabbse/index.php
- s  |9 k1 U* w
9 Q2 d; Z6 W* V$ o$ d) qThis one is possible mainly because of the explanations from Stephh about how it works.

You probably noticed by now that almost every arcade game makes your character to blink when it first appears, and while it blinks it is invulnerable... This is the secret of invulnerability : while it works, there is a counter in ram which goes down to 0, and once it reaches 0 you are vulnerable again, so the idea is to use a script which will be called for each frame to prevent the counter from reaching 0.

It's a lilttle tricky in mslug because of the little animation when the player 1st appears in the level. For the 1st level, it starts to blink while it is still in the air, then stops blinking for a short time (it is vulnerable at this point), and then starts blinking again when reaching the floor. In fact the counter is set to a high value 3 times during this animation if I am not mistaken !
It's easier to loose a life and then start the search for the 2nd life because the counter is initialised only once then...
( y* L5 U1 {; O" SSo : as soon as you see the player is starting to appear, go in pause mode (p key). Then call the console to take a first snapshot of the ram (using its key, default is tilde), and then exit immediately from the console. Press the space bar while still in pause mode, and the game will run exactly 1 frame. Do that until you see the player character has changed its color. It shows the invulnerability counter just changed. You can then type :
8 R4 J9 |; x* m, zsearch <
It will give you a lot of results of course, there are a lot of things which change at every frame in mslug. So you can repeat the same process a few times, calling the console every time the character changes on screen and type "search <", until the results shrink.
Then once it has stopped to blink, you can type :
search 0
, a6 Q0 B% P2 k* tbecause then the counter should be at 0.
, S# r' m. r: c' H" V7 I8 i8 {
In the end, you should have only 2 or 3 results if you made enough searches.
To test this, just poke a big value inside. Since the value goes down by 1 for every frame, if you put 180 inside you will be invincible for 3s (60 frames/s). You should find quite quickly that $1004a5 works great for that.
Notice that you have a different invulnerability when you are in the tank. In this case, $1005e5 is the address you want.
Of course all these cheats will be installed in the next release... !
5 R+ Q5 s! V+ _; j

疾风之狼

Cheat Searching
# x. S' k, R7 M1 e4 v9 AIn this window you can find new cheat data. To start a search, click new search, then choose a search mode. When you are ready to continue the search, click continue search. There are four search modes:
, I  P9 F0 @2 M# L" ]; Z4 }5 l
$ U, }) @/ D* e# V6 t! D% w& `5 iAbsolute search:


5 Y$ \: C  S) c; T) p% h1 cSearches for absolute byte values.
/ z" x6 }. p% e+ \. v0 G. JMost useful for lives and other data.
Relative search:
& C& c- w5 X, s% d/ d6 Y

Searches for the difference between byte values.
Useful when absolute search fails, like if the game stores lives starting with ascii 0x30 or stores lives +/- 1 from the value shown ingame. Remember that if the difference is positive you should enter something like 0x01 (+1), if it is negative, then you should be searching for 0xFF (-1).
4 R0 i4 v1 H7 \6 @+ B& BSingle Bit search:


" Q1 x' f' z7 JSearches for single bit values.
Useful for status flags, and stuff like 'extend' in bubble symphony, which is stored in 6 bits of one byte.
! l- H1 |$ z# P% b8 M: `! VSlow deep search:

. y/ v& ]/ W& n5 M; V# z
% s: Y, I- @7 n2 r- n% w' U) a/ nSearches for the following changes in byte values:
) u& G! a7 e4 Bnew byte == old byte, new byte != old byte,
new byte >  old byte, new byte >= old byte,
new byte <  old byte, new byte <= old byte
Useful for timers and anything not found with the other modes. A nice cheat to have is invulnerability, use this mode to find the invulnerability timer.
The search results are shown in a listbox, when there are more than 512 results, only the first 512 will be in the listbox. You can double click on the search results to open a scrollable hex/ascii view of the memory area where the result lies. Any bytes that are in the search results will have *..* around them, so you can easily spot them.
( \4 `& Q0 y1 ^! |, w' q
console简化指令
' l: y; Y; ^  J- c0 A) Z
  - h = help
3 ^4 e2 l. G. I7 a  - x = exit
, B* y- [( H7 @) A# k  - s = search (could also be good to have "si" to initialise search)
3 v' [& k% S% N, B  - d = dump / ds = dasm
8 G. U' B$ Y( p2 F* c  - r = registers
/ }* N( h) ]/ ?" X9 g. [  - w = watchpoint
  - p = poke (put value in memory once)