View Single Post
Old 06-20-2019, 03:51 PM   #5
Reaper man
Reaper man's Avatar
Join Date: Apr 2002
Location: Austin, TX
Posts: 5,409

okay, after looking at the data again, it really doesn't follow any... common sense order in regards to the letters. How, exactly, did you find this data in the first place?

EDIT: okay, maybe I was a bit tired last I looked at it, it actually does make some sense. Just so you know , those values are 16 bit vram addresses that indicate where the tiles are stored, so the extra bytes (eg: 20) are just the upper bytes in the address.
I did find something though, perhaps modifying the 16 bit value at address 0x25C1 2615 will change where it points to. With that said, however, you still need to figure out how it knows to print out 5 characters instead of say 6.
oh who the fuck am I kidding *keeps digging through code*

EDIT EDIT: I'm an idiot, I set the wrong breakpoint (I had it set to the "L" string, whoops!), like a moron. Good thing I caught that, or else I would be pulling my hair out.

Okay, so now that I spotted fixed that error, everything makes a lot more sense. This game handles pointers in a very strange way, utilizing its zero page register as the pointer itself (never seen that before). It loads it from a pointer table of sorts, which is more like a pointer/length/location array. The table is basically 2 bytes that indicate the pointer (where to read the data), 2 more bytes to indicate the value of the x register (used for length of string) and another 2 bytes that indicate where to write this in vram (modifying this would change the position of the string)

With this knowledge, it should be trivial to modify the string to any length and if you know how snes vram works, put it anywhere you damn well please. I'll probably cook up a proof of concept in a bit.

Last edited by Reaper man; 06-20-2019 at 07:10 PM.
Reaper man is offline   Reply With Quote