nesdev.org

Good evening gentlemen

I premise that i've started nes hacking couple months ago, like two or three.

Graphics cool, palette editing too etc.
I've started trying to figure out what would/could change glitching and bending strings in hex editor in FCEUX. Had nice time.

Then i understood that PPU memory viewing [still in FCEUX] rappresent disposition of tiles in every page.

Then i paused the emulation and changed hex codes into tiles to match the disposition i had in mind. Now i now that PPU ''paging'' is something ''aleatory'' so i already knew that when i would saved nothing would be changed. In fact it was.

Now, after this long briefing [sorry for that] my question is, how to code/change/control and makes that changes remain permanently on saved ROM file? I hope i've been clear, i'll post a screenshot now.

The name tables are RAM, and they're populated by the game program. What you did was change that RAM after the program had already written to it. But RAM is volatile, and what you made will vanish as soon as the program writes something else to the name tables or the console is turned off.

To change this kind of thing for good, you have to reverse engineer the game and patch the code/data that draws the screens you want to change. Each game does it differently, so there's no step by step guide that will work for all cases, unfortunately.

To reverse engineer the program you have to set breakpoints on writes to the name table area as the screens are drawn, and then you can step through the code and try to figure out where the days is being copied from and the format in which it's encoded. If you can figure the format out, you can create the new screen using the same encoding. You also have to worry about the space taken by the replacement data... if it's bigger than the original, you'll have to rearrange things in the ROM, which isn't always easy.

Locate the data set for the screen, somewhere in the ROM.


-just before the game loads from the ROM to the PPU, save state, then turn on the CDL (code/data logger)
-as soon as the image is loaded to the PPU, turn off the CDL
-view hex editor tool, view = ROM, it color codes the data. PPU data should be a large contiguous chunk of data

-pause emulator, reload save state, edit some data, run emulator, see if it changed. If no, reload save state, edit some other data...repeat.

Locate the data set for the screen, somewhere in the ROM.


-just before the game loads from the ROM to the PPU, save state, then turn on the CDL (code/data logger)
-as soon as the image is loaded to the PPU, turn off the CDL
-view hex editor tool, view = ROM, it color codes the data. PPU data should be a large contiguous chunk of data

-pause emulator, reload save state, edit some data, run emulator, see if it changed. If no, reload save state, edit some other data...repeat.

I was trying to figure out something using a technique similar to what you've suggested to me.
Starting the Code/Data logger in the right time [a millisecond before the screen appears, right? or it can be done after a screen is idling a bit, like a title screen or game over screen?]

Btw, when i use the data/code logger, as you said, the hex editor should be able to colorize values used in the determined time i've logged stuff. Right? But for example, if i want a text blink, how i'll know which value should be used in a determined slot of a table? That are not square matrix like the ppu memory, but totally random allocated. Discovering functions are just random as they seems?

Hope i've been clear

Yes, start the CDL before it loads data to PPU.

'Blinking text'

Open the 'nametable viewer', hover the mouse pointer over the text, see its PPU address.
Set a breakpoint for 'writes' to this address. Reset the game to before it loads the screen, it should break when the data is written to that location. Work backwards in the disassembly to see where it came from.

Yes, start the CDL before it loads data to PPU.

'Blinking text'

Open the 'nametable viewer', hover the mouse pointer over the text, see its PPU address.
Set a breakpoint for 'writes' to this address. Reset the game to before it loads the screen, it should break when the data is written to that location. Work backwards in the disassembly to see where it came from.

Ok.
Where i should put this breakpoints? In the 'Debugger'?

Started to being harder than i thought, but if someone show me the way i'll try to walk in the right direction.

regards, btw

Here's some things you can do...

I found some blinking text in this game, now I want to edit "Press Start Key", I open the Nametable viewer to get the PPU address of the text.
I could set a breakpoint for writes to this PPU address, like this...but it wasn't very fruitful.
It would have required 2-3 extra steps to find the text in the ROM this way (trace logger, breakpoint, work backwords, more breakpoints, another trace, etc.)

Better, was to simply look up the string...first in the PPU memory...
Then in the ROM memory...


....at this point, you could also make a .TBL file, which is just a text file with statements in it like this...
e5=A
e6=B
e7=C
(looking at the PPU viewer, and figuring out what tile # the letters are)
...which will allow you to read the text in the hex editor, and to edit it by typing in the right column.

In the hex editor tool...

File/Load TBL

and it looks like this...

Sure, i totally agree with you.

I find texts just writing them, or at least use the tile hex number and search for the sequence. For example: if it's PUSH of a 'push start'
and, still for example the tile are $51 $56 $57 $60 , i search for the sequence, as i do for palette swatches.

Now, thanks to your method of debugging [i'm using the code/data logger playing with the emulation speed so i can be enough precise, then i figure out what some codes does] i found out the notes of the main theme and i'm able to change the pitch, and i'm trying to figure out how to change tempo.

Returning to the 'blinking text', if i've found the strings in hex where the code is, how to make it blink? [i'll post a screenshot of my hex later]

btw when i'll be back at home i'll post you some screenshots, 'bout music and stuff.

Found out that from the highlighted A1 starts the main theme notation, and A1 should be the note C.

A2-C#/A3-D and so on, A0 seems to be a pause..

I'm just bending random values before to try to figure out how to change sound/tempo.

For the 'blinking' text i've already found where it was, changed it to 'GET HIGH', is a pot oriented game.

I just can't figure out how to make it animate.

Animating it can be done by several means. One is to have it be written again each time you want it to change. For blinking, you would write blank spaces where "GET HIGH" is, and then write "GET HIGH" again after a bit, alternating.