forked from pluot-mb/CCCaster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes.txt
250 lines (161 loc) · 6.52 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
========================================================
==================== MBAA SFX stuff ====================
========================================================
#define CC_SFX_ARRAY_ADDR ((char *)0x76E008) // array of bytes, set a byte to 1 to start SFX
#define CC_SFX_ARRAY_LEN (1500)
- play any SFX by setting a flag
- playback rate is approximately 365 bytes per frame (for setting starting position)
- set starting position by pushing the starting bytes instead of "push 00"
- see IDirectSoundBuffer8::SetCurrentPosition in MBAA.CT
- cancel an existing playback by playing the same SFX muted
- TODO figure out SFX playback length in frames, check the struct that gets passed to the set volume function
=================================================================
==================== Crit damage disassemble ====================
=================================================================
F-Akiha 5A norm damage = 0x12C
F-Akiha 5A crit damage = 0x159
collision detection code?
0046F5F7 - 89 16 - mov [esi],edx
00419637 - 8B 50 08 - mov edx,[eax+08]
00419657 - 89 50 08 - mov [eax+08],edx
004196A5 - D1 60 08 - shl [eax+08],1
004196B0 - 01 50 08 - add [eax+08],edx
004196C3 - 8B 58 08 - mov ebx,[eax+08]
0046E432 - 8B 4E 08 - mov ecx,[esi+08]
code that assigns damage value to 0x18FD50
0047079B - 89 4E 10 - mov [esi+10],ecx
block that detects crits
00470781
crit happens here
00470777
rand func here
00421A80
seems to be called on every frame and during character select
(but not every frame in training mode)
rand func decompiled
ecx = *CC_RAND2_ADDR
ecx += 1
if (ecx >= 0x38)
ecx = 1
*CC_RAND2_ADDR = ecx;
edx = ecx + 0x15;
if (ecx > 0x22)
edx = ecx - 0x22;
eax = *(int *)(CC_RAND3_ADDR + ecx * 4);
eax -= *(int *)(CC_RAND3_ADDR + edx * 4);
if (eax < 0)
eax += 0x7FFFFFFF;
*(int *)CC_RAND1_ADDR += 1;
*(int *)(CC_RAND3_ADDR + ecx * 4) = eax;
*(int *)CC_RAND0_ADDR = eax;
rand func state is stored in 4 locations
CC_RAND0_ADDR = 0x563778 points to a 4 byte value
CC_RAND1_ADDR = 0x56377C points to a 4 byte value
CC_RAND2_ADDR = 0x564068 points to a 4 byte value
CC_RAND3_ADDR = 0x564070 points to a block of data 220 bytes long
===========================================================
==================== MBAA player stuff ====================
===========================================================
0x555134 Player 1 struct start
0x555140 start of relevant stuff
0x555160 to 0x555180 ???
0x555188 to 0x555190 ???
0x555240 ???
0x555284 ???
0x5552EC ???
0x5552F4 to 0x555310 ???
0x55532C 4 byte pointer
[0x24] 1 byte
[0x30] 2 byte
0x555330 to 0x55534C ???
0x55535C to 0x5553CC ???
0x5553CC is a pointer but it seems to just point to player struct stuff?
0x5553D0 to 0x5553EC ???
0x5553EC is a pointer but it seems to just point to player struct stuff?
0x5553F0 is a pointer but it seems to just point to player struct stuff?
0x5553FC points to the beginning of the player struct?
0x555400 is a pointer but it seems to just point to player struct stuff?
0x555404 to 0x555410 ???
0x55542C ???
0x55544C ??? pointer?
0x555450 aaaaaaa huge pointer
0x555454 another pointer
0x555458 another pointer
0x555460 4 byte pointer
[0x0] 4 byte pointer
[0x4] 4 byte pointer
[0xC] 4 byte
0x55546C pointer to data that doesn't change?
0x55550C ???
0x555518 to 0x55561A input history (directions)
0x55561A to 0x55571C input history (A button)
0x55571C to 0x55581E input history (B button)
0x55581E to 0x555920 input history (C button)
0x555920 to 0x555A22 input history (D button)
0x555A22 to 0x555B24 input history (E button)
0x555B2C to 0x555C30 ???
0x555C30 Player 1 struct end
0x555C30 Player 2 struct start (previous+0xAFC)
0x55672C Puppet 1 struct start (previous+0xAFC)
0x557228 Puppet 2 struct start (previous+0xAFC)
0x557DB8 Player 1 extra struct start
0x557DB8 to 0x557DBC maids tag state
0x557DDC to 0x557DF4 ???
0x557DF4 float
0x557DF8 ???
0x557E00 accessed when paused
0x557E04 some health constant?
0x557E08 to 0x557E10 accessed when paused
0x557E1C to 0x557E20 accessed when paused
0x557E24 ???
0x557E28 to 0x557E30 accessed when paused
0x557E38 accessed when paused
0x557E40 to 0x557E48 accessed when paused
0x557E50 accessed when paused
0x557E58 1 byte
0x557E59 1 byte, accessed when paused
0x557E5A 2 byte ???
0x557E5C accessed when paused
0x557E60 accessed when paused
0x557E64 accessed when paused
0x557E68 accessed when paused
0x557E6C 1 byte, accessed when paused
0x557E6D 1 byte, accessed when paused
0x557E6E 2 byte
0x557E7C to 0x557EB4 accessed when paused
0x557EB4 2 byte, accessed when paused
0x557EB6 2 byte, accessed when paused
0x557EB8 to 0x557F38 accessed when paused
0x557F38 2 byte, accessed when paused
0x557F3A 2 byte, accessed when paused
0x557F3C to 0x557F64 accessed when paused
0x557F64 2 byte, accessed when paused
0x557F66 2 byte, accessed when paused
0x557F68 to 0x557F90
0x557F90 2 byte, accessed when paused
0x557F92 2 byte, accessed when paused?
0x557F94 to 0x557FBC accessed when paused
0x557FC4 Player 2 combo struct start
Any untagged DWORD address ranges just contain POD without pointers.
======================================================
==================== Palette info ====================
======================================================
36 palettes per character
Each palette has 256 colors (4 byte RGBA, the alpha is ignored)
- Possible duplicate colors?
All the palettes are loaded during character select and can be modified in memory
- Need to intercept the memory data before the sprites are fully loaded
- Need to change color/sprite multiple frames to update the cached sprite during character select
The selected palette is reloaded during the loading state
- Need to intercept the memory data before the sprites are fully loaded
Can hide the character name during character select by disabling
0x48A588 - D9 55 20 - fst dword ptr [ebp+20]
then assigning 0.0 to [ebp+20]
Can hide the color selector by assigning 1 to CC_P1_SELECTOR_MODE_ADDR (0x74D8EC)
Team character color loading:
- During character select, the loading order is always (initial) point character then assist character
eg. for either P1/P2 Maids: Hisui colors would be loaded first then Kohaku colors
- During loading state, the loading order is: P1 point, P2 point, then P1 assist, P2 assist
eg. for Maids vs Sion the order is: Hisui, Sion, Koha, because Koha is the assist initially
eg. for Sion vs NekoMech the order is: Sion, Mech, Neko, because Neko is the assist
eg. for Maids vs NekoMech the order is: Hisui, Mech, Koha, Neko