-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathSSBM Facts.txt
2552 lines (2372 loc) · 78.9 KB
/
SSBM Facts.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
**********************************************
*** Achilles' SSBM reference ***
*** *********************************
*** - The structure and contents of this file originated from wParam's ***
*** SSBM reference. A note from him which still applies: ***
*** ***
*** Not guaranteed to contain anything useful, or even to make sense ***
*** at all. Read or use this file at your own risk. If you can do ***
*** something cool based on this information, great, go for it, just ***
*** give me a little credit. The idea behind this file is that it ***
*** will contain the things I discover in a format that is somewhat ***
*** clearer than the scratchpad. Unfortunately, not everything that ***
*** gets into the scratchpad makes it into this file. ***
*** ***
****************************************************************************
********************************************************
Variable/table addresses
********************************************************
803C2800 Move table
803C12E0 Extended move table table (indexes 0x155 and up)
(Indexed by "internal" player index)
803D0B00 Mewtwo's table
803CCCB8 Peach's table
803C7120 Mario's table
80479D30 Menu Controller, "Heart" of smash brothers
804D4A08 DbLevel Flag
8049FAB0 Develop item type
8049FAB4 Develop pokemon type
804D6728 Develop CPU processor stats pointer (=0 if off)
804D6B50 ECB toggle value
8045BF28 Current unlocked chars/start of memcard data
8045D850 Start of nametag data (Vulnerable name on memory card)
8045d928 Pointer to branch to on buffer overflow (currently 8045d930)
80469b94 End of last nametag (start of 20XX debug menu flag saves)
8046B0EC End of memcard data (61892/F1C4 total)
80453080 Player blocks. (0xE90 in length)
8046B488 "Multi-man-craziness"_t
8046B6A0 Match info (+0x28 = seconds left)
804C1FAC Button values, length 68/0x44.
0x00 = constant
0x04 = constant, last frame
0x08 = instant
0x10 = released
0x18 = jX, byte
0x19 = jY, byte
0x1A = cX, byte
0x1B = cY, byte
0x1C = L analog, byte
0x1D = R analog, byte
0x1E = ?? byte A (soft analog L?)
0x1F = ?? byte B (soft analog R?)
0x20 = joystick x-axis, float
0x24 = joystick y-axis
0x28 = c-stick x-axis, float (-1 to 1)
0x2c = c-stick y-axis, float (-1 to 1)
0x30 = L analog, float
0x34 = R analog, float
0x38 = ?? float A (soft analog L?)
0x3C = ?? float B (soft analog R?)
0x41 = Controller plugged in (00 = yes, FF = no), byte
803F14C4 Item action function table (itemaction_t 0x3C each)
8046DB68 Looks like a copy of the StartMelee block
8046DB80 Facts about current match. (+0x8 -> item switch values.)
80452C68 camera_t
804D36A0 - 804E36A0 r13 space
Button to move link functions:
-----------------------------------------
803C10D0 called on start/stop [jigglypuff & kirby only]
803C1154 called on start/stop match
803C11D8 called on start/stop match
803C125C [only jigglypuff has this one]
803C12E0 move_t table addresses
803C1364
803C13E8 side+b (ground)
803C146C up+b (air)
803C1574 side+b (air)
803C15F8 b button (air)
803C167C b button (ground)
803C1700 down+b (ground)
803C1784 up+b (ground)
803C1808 empty, except ness, gamewatch
803C188C "Get Item"
803C1910
********************************************************
Function addresses
********************************************************
8000522C Entry point of ssbm.dol
80003220 memcpy (void *dest, void *src, int length)
800031F4 memmove (void *dest, void *src, int length)
80003130 memset (void *addy, int value, int length)
803238C8 memcmp (void *one, void *two, int length)
80301E58 strcpy (needs verified)
8037F1E4 void *malloc(int size); [note: blocks allocated are cached elsewhere,
so this func isn't the one called for ALL allocations, but it
is still helpful enough to be listed here.]
80388220 assert() (or, rather, the function that's called when an
assert fails)
803456a8 printf(), of some kind.
800693AC CharActionStateChange (running char block, state, flags, flags)
8016E730 StartMelee (meleeblock_t)
802FFF2C CopyDebugToMeleeType (meleeblock_t *out)
8016AE80 GetItemFrequency ()
802255A4 Returns first frame button preses (int charindex) (develop only)
8022558C Returns button presses (develop only)
80225754 HandleDevelopKeys()
80034110 player_t *PlayerFromIndex (int index)
8006CC7C void DamagePlayer (r3=*SUB*player_t, f1=damage amount)
Heart related:
801A42F8 Write r3 to new major function (and go?)
801A428C Write r3 to new major function
801A42A0 Write r3 to new minor function
801A4B60 Write 1 to "go" (writes [word] int 1 to 8047D964)
801A42D4 Write 1 to "heart" + 12
801A43A0 Run Major state (takes state index; doesn't return until done)
Does, however, mess up state, so don't call directly.
Debug Menu Related:
801b09C0 Initialize main debug menu
801B09F8 Exiting Debug Menu, r3 at +0x1C controls what screen to go to after exit
Move related:
8008DCE0 Generic take damage (move mods at 8008E258)
80094A14 Called when you pick up an item
8009447C ApplyInstantItem (player_t, item_t)
800D1FFC Small mushroom on ground
800D21BC Small mushroom in air
800D170C Big mushroom on ground
800D18CC Big mushroom in air
80090B60 DoFreezie (not sure how long it's applied for)
8027AB64 SpawnPokemon (unsure)
8007FA58 GiveBunnyHood (player, item[?])
8007F8E8 RemoveBunnyHood (player) (?)
800C88D4 ApplyCloaking (player, duration, bool something)
800C8A64 RemoveCloaking (player) (?)
800871A8 ApplyMetalItem (player, item) [need to use this, not ApplyMetal]
800C8348 ApplyMetal (player, duration, something (0x32)) [incomplete]
800C8540 RemoveMetal (player)
8007B7FC ApplyStarman (player, duration)
800C0200 RemoveStarman (player, something) (probably)
80390CFC RunObjectFrameFuncs () (one blrl for each item, player, etc.)
8006A360 RunPlayerObject (player_t *)
802C5000 SpawnProjectile (?)
800DEBD0 DoPlayerTaunt()
800693AC SetPlayerState(player_t *, int newstate, int ?, int ?)
8026B3C0 CountItemsOfType (int type)
8026C75C int ChooseRandomItem (void *someparam);
80268B18 entity_t *SpawnEntity (spawnitem_t *, int one);
8026A8EC DestroyItem (item_t)
800948A8 GiveItemToPlayer (player_t, item_t) [check for existing item before
calling. This will put instant items like metal boxes in their
hand instead of activating it. Call this followed immediately
by ApplyInstantItem to activate it.]
80086724 RemoveItemFromPlayer (player_t, item_t)
800942A0 CheckForItems (player_t) [Seems to walk the item list looking for
items within range of a player. Called when you press A on the
ground or Z in the air. Returns NULL if no item found]
8026AD20 ThrowItem (item_t *, vec3_t *pos, vec3_t *vel, int =1, float f1=1.0)
800027E4 UnhookedThrowItem
80225d1c Returns the develop mode pokemon type
8027a4d4 ChooseRandomPokemon() (returns internal pokemon type)
800860C4 CountPlayers() (walks the player entity list, returns count)
8046AF00 ssbm+: SlotToButtons (r3=slot from subplayer+C, returns pointer in 804C1FAC or 0)
8046AEC0 ssbm+: fcfi, r3=int, returns (double)r3 in f8
80041EE4 InitPhys (phys_t)
80043754 RunPhys (func *, phys_t *, int flags)
80031AD0 SetupPlayerSlot (int slot); [Called on melee start, it calls
AllocateAndInitPlayer for each running player. It calls
AAIP again to allocate nana, if appropriate.]
80068E98 AllocateAndInitPlayer (spawnplayer_t *)
8006CA5C PlayerThink(player_t *) (once per player per frame)
8006A360 PlayerAlsoThink(player_t *)
8001BE30 SaveGameData ()
r3 : 0 = Slot A, 1 = Slot B
r4 : 803BAC5C "SuperSmashBros01..."
r5 : 803BAB74 directs the thing on what to save.
r6 : 80433334 [the strings that go in the file] appears to be all
r7 : 80BE7CE0 points to the picture data
r8 : 80BEACE0 i believe this is the icon
r9 : 8043331C points to just before strings in r6
r10 : 8001CC30 if (r3==0)return; *(80433318+8) = 2; (OnComplete() function)
r11 : 00000000
8001A4CC Related to finding files on memcard (char *filename, int zero)
8001BD34 Load from memcard (int unknown, char *name, void *sameasr5fromsave)
8001BE28 mtlr from Load (executed AFTER data is loaded)
8001CBBC DoLoadData (no params, handles all of the loading tasks)
8001bC18 CreateGameData
r3: 0 = Slot A, 1 = Slot B
r4: Pointer to internal file name (SuperSmashBros0110290334) (803bac5c)
r5: Pointer to data table containing what data to copy (803bab74)
r6: Pointer to flags regarding banner/icon image format (803bab60)
r7: Pointer to file name (80433334) (Super Smash Bros. Melee...Game Data..)
r8: Pointer to banner image (806f0300)
r9: Pointer to icon image (806f4b00)
r10: 8043331c (card plugged/unplugged status, seems to be unused)
Return values (r3):
0: Success
1: File already exists (for creating, doesn't save if so)
4: File doesn't exist (for loading/deleting file)
9: ??? Maybe the card isn't formatted or something
F: No card inserted
********************************************************
Value tables
********************************************************
Characters: (external/internal/name)
----------------------------------
00 02 falcon
01 03 donkey
02 01 fox
03 18 game&watch
04 04 kirby
05 05 bowser
06 06 link
07 11 luigi
08 00 mario
09 12 marth
0A 10 mewtwo
0B 08 ness
0C 09 peach
0D 0C pikachu
0E 0A/0B ice climbers
0F 0F jigglypuff
10 0D samus
11 0E yoshi
12 13 zelda
13 07 shiek
14 16 falco
15 14 y. link
16 15 drmario
17 1A roy
18 17 pichu
19 19 ganondorf
1A 1B master hand
1B 1D male wireframe
1C 1E female wireframe
1D 1F giga bowser
1E 1C crazy hand
1F 20 sandbag
20 0A popo (ice climbers)
Player flags
------------
0x01 stamina mode
0x02 no talking
0x04 low gravity
0x08 invisible
0x10 black stock icon
0x20 metal
0x40 start the match on warp-in platform
0x80 controller rumble enabled
Stage flags
-----------
0x20 No character interaction (pokemon battle)
Also means no get-on-touch items
Pokemon (decimal) (external, from the debug menu)
Internally, the item type is (external - 1) + 0xA1
--------
00 random
01 goldeen
02 green blade thing ("chiku")
03 snorlax
04 blastoise
05 wheezing
06 charizard
07 fire bird
08 thunder bird
09 ice bird
10 wabbafet
11 ceasar
12 beedril wannabe
13 fire dog
14 thunder dog
15 ice dog
16 bellosom
17 voltorb
18 lugia
19 houou
20 ditto
21 clefairy
22 togepi
23 mew
24 celebi
25 starman
26 chansey
27 porygon
28 irritating fire thing
29 maril
30 venusaur
Items (decimal/hex/name)
-------------------------------
## 0x Item
------------------
00 00 capsule
01 01 box
02 02 barrel
03 03 egg
04 04 partyball
05 05 cannon
06 06 bombomb
07 07 mr. saturn
08 08 heart
09 09 tomato
10 0A star
11 0B bat
12 0C sword
13 0D umbrella
14 0E green shell
15 0F red shell
16 10 gun
17 11 freezie
18 12 food
19 13 mine
20 14 bumper
21 15 super scope
22 16 star rod
23 17 lip stick
24 18 fan
25 19 fire flower
26 1A big mushroom
27 1B small mushroom
28 1C hammer
29 1D warp star
30 1E screw attack
31 1F rabbit hood
32 20 metal
33 21 cloak
34 22 pokeball
43 2B goomba
44 2C redead
45 2D octarok
46 2E otosea
2F Stone
30 Mario's fire
31 Dr.Mario's Capsule
32 Kirby's Cutter beam
33 Kirby's Hammer
34 Raygun beam
35
36 Fox's laser
37 ? Falco's Laser ?
38 Fox's shadow
39 Falco's shadow
3A Link's bomb
3B Young Link's bomb
3C Link's boomerang
3D Young Link's boomerang
3E Link's Hookshot
3F Young Link's Hookshot
40 Arrow
41 Fire Arrow
42 PK Fire
43 PK Flash
44 PK Flash
45 PK Thunder
46 PK Thunder
47 PK Thunder
48 PK Thunder
49 PK Thunder
4A Fox's Blaster
4B Falco's Blaster
4C ? Link's Arrow ?
4D Young Link's arrow
4E PK Flash (explosion)
4F Needle(thrown)
50 Needle
51 Pikachu's Thunder
52 Pichu's Thunder
53 Mario's cape
54 Dr.Mario's cape
55 Smoke (Sheik)
56 Yoshi's egg(thrown)
57
58 Yoshi's Star
59 Pikachu's thunder
5A Pikachu's thunder
5B Pichu's thunder
5C Pichu's thunder
5D Samus's bomb
5E Samus's chargeshot
5F Missile
60 Grapple beam
61 Sheik's chain
62
63 Turnip
64 Bowser's flame
65 Ness's bat
66 Yoyo
67 Peach's parasol
68 Toad
69 Luigi's fire
6A Ice(Iceclimbers)
6B Blizzard
6C Zelda's fire
6D Zelda's fire (explosion)
6E
6F Toad's spore
70 Mewtwo's Shadowball
71 Iceclimbers' Up-B
72 Pesticide
73 Manhole
74 Fire(G&W)
75 Parashute
76 Turtle
77 Sperky
78 Judge
79
7A Sausage
7B Milk (Young Link)
7C Firefighter(G&W)
7D Masterhand's laser
7E Masterhand's bullet
7F
80
81 Crazyhand's Bomb
82
83
84
85
86
87
88
89
8A
8B
8C
8D
8E
8F
90
91
92
93
94
95
96
97 (crashes with peach pulls out)
98
99
9A
9B
9C
9D
9E Coin
9F
A0 Null pokemon entry?
A1 Goldeen (Tosakinto)
A2 Chicorita
A3 Snorlax
A4 Blastoise
A5 Weezing (Matadogas)
A6 Charizard (Lizardon)
A7 Moltres
A8 Zapdos
A9 Articuno
AA Wobbuffet
AB Scizor
AC Unown
AD Entei
AE Raikou
AF Suicune
B0 Bellossom (Kireihana)
B1 Electrode (Marumine)
B2 Lugia
B3 Ho-oh
B4 Metamon
B5 Clefairy
B6 Togepi
B7 Mew
B8 Celebi
B9 Staryu (Hitodeman)
BA Chansey
BB Porygon2
BC Cyndaquil (Hinoarashi)
BD Marill
BE Venusaur (Fushigibana)
BF Chikorita's Leaf
C0 Blastoise's Water
C1 Weezing's Gas
C2 Weezing's Gas
C3 Burn ??? Fire something
C4 Burn ??? Fire something
C5 Charizard's Breath
C6 Charizard's Breath
C7 Unowns
C8 Lugia's Aeroblast
C9 Lugia's Aeroblast
CA Lugia's Aeroblast
CB Ho-oh's Flame
CC Staryu's Star
CD Healing Egg
CE Cyndaquil's Fire
CF ??? invisible
D0
D1 Target
D2 Shyguy (Heiho)
D3 Koopa(Green) (Nokonoko)
D4 Koopa(Red) (PataPata)
D5 Likelile
D6 (old-lead)
D7 (old-octa)
D8 (old-otto)
D9 White Bear (whitebea)
DA klap
DB Paratroopa (Green) (zgshell)
DC Paratroopa (Red) (zrshell)
DD
DE
DF
E0 (crashes with peach pulls out)
E1 Apple
E2
E3
E4
E5
E6 Tool
E7
E8
EA Arwing Laser
EB Wolfen Laser
EC
ED
EE
EF
F0
F1
F2
F3
F4
F5
F6
F7
F8
F9 (crashes with peach pulls out)
FA
FB
FC
FD
FE
FF
Menu IDs (menu major)
------------------
00 - Title Screen (Press Start)
01 - Reloads menu from language change? (brings to language change selection and saves)
02 - VS mode character select
03 - Classic Mode
04 - Adventure Mode
05 - All-Star Mode
06 - Debug Menu
07 - Master Sound Test
08 - Looks like regular VS mode, but actually cycles through many different character select screens
09 - Black Screen...?
0A (10) - Camera Mode
0B (11) - Trophy Gallery
0C (12) - Trophy Lottery
0D (13) - Trophy Collection
0E (14) - Starts a match (with the debug menu configurations?)
0F (15) - Target Test
10 (16) - Super Sudden Death
11 (17) - Invisible Melee
12 (18) - Slo-Mo Melee
13 (19) - Lightning Melee
14 (20) - "A new foe has appeared!" (Ganon with sword, freezes if you try to progress, ID from debug?)
15 (21) - Classic Mode trophy acquisition & credits (C.Falcon, ID from debug?)
16 (22) - Adventure Mode trophy acquisition & credits (C.Falcon, ID from debug?)
17 (23) - All-Star Mode trophy acquisition & credits (C.Falcon, ID from debug?)
18 (24) - Intro video
19 (25) - Cycles through Adventure Mode cinematics
1A (26) - Character trophy acquisition (no credits) (uses All-Star trophy) (C.Falcon, ID from debug?)
1B (27) - Tournament Menu
1C (28) - Training Mode
1D (29) - Tiny Melee
1E (30) - Giant Melee
1F (31) - Stamina Mode
20 (32) - Home-Run Contest
21 (33) - 10-Man Melee
22 (34) - 100-Man Melee
23 (35) - 3-Minute Melee
24 (36) - 15-Minute Melee
25 (37) - Endless Melee
26 (38) - Cruel Melee
27 (39) - "Enable Progressive Scan Display?"
28 (40) - Plays Intro Video
29 (41) - Memory Card Overwrite Confirmation
2A (42) - Fixed-Camera Mode
2B (43) - Loads Event Match 1 (Match ID from the debug menu?)
2C (44) - Single-Button Mode
Button Inputs
-------------------
1000 = START
0200 = B
0100 = A
0800 = Y
0400 = X
0010 = Z
0040 = L
0020 = R
0008 = D UP
0004 = D DOWN
0001 = D LEFT
0002 = D RIGHT
********************************************************
Struct types
********************************************************
Debug menu
----------------------------------------------------
#define MENUTYPE_LABEL 0
#define MENUTYPE_CALLFUNC 1
#define MENUTYPE_ENUM 2
#define MENUTYPE_INT 3
#define MENUTYPE_INT_UNBOUNDED 4 //I've never seen this used
#define MENUTYPE_HEX8BIT 5
#define MENUTYPE_HEX16BIT 6
#define MENUTYPE_HEX32BIT 7
#define MENUTYPE_FLOAT 8
#define MENUTYPE_END_MENU 9
debug menu struct:
{
int type;
void *func; //seems to take only 1 parameter
char *text;
char **enumtexts;
void *data; //pointer to where data goes
float mindata; //inclusive
float maxdata; //inclusive
float delta;
}
for the function, r3=0 means menu changed, r3=4 means menu displayed
type - One of the MENUTYPE_ values defined above
func - A pointer to some code. Value of r3 determines what action
to take. (Detailed research into this has not been written)
enumtexts - Pointer to a list of pointers to text. This is how enum
values are displayed; as far as I know this parameter is ignored
for all other types. No bounds checking is performed, and no
terminating NULL is needed. There must be enough pointers to
satisfy the range specified by the mindata and maxdata elements
or the game will crash when it tries to display an invalid entry.
Quick example. Let's say you have the text "One" at 0x80001234,
"Two" at 0x8000133C, and "Four" at 0x803CFF84. To use these in
an enum, you would need to store the byte pattern:
80 00 12 34 80 00 13 3C 80 3C FF 84
in memory and store the address of the first byte in enumtexts.
data - Pointer to data to be modified; interpretation depends on the
type
mindata - Minimum data value, inclusive. Not used by HEX types.
(Hex types always let you go from 0x00 to 0xFF)
maxdata - Maximum data value, inclusive. Not used by HEX types.
delta - How much the data changes at each step. Used by int, float,
and the hex types.
The function takes one paramater, a small int.
r3 = 0 -> Menu item is being hidden.
r3 = 1 -> User pressed A on menu.
r3 = 2 -> Value decremented
r3 = 3 -> Value incremented
r3 = 4 -> User pressed B on menu.
It seems returning 0 is the norm.
The player type.
----------------------------------------------
DataOffset
These all refer to the "sub player", the one you get by
loading a pointer value 44 bytes ahead of the root "player"
struct. (I think this root struct is actually a generic entity
for the game)
subplayer_t (size = 0x23EC bytes)
{
0x0000 point Pointer back to entity_t
0x0004 word Character ID (internal)
0x0008 word Spawn number since beginning of match (1-indexed), increments with every rebirth
0x000C byte Player slot (only 1 byte long, other 3 probably padding garbage)
0x0010 word action state
0x0014 word animation state (subaction)
0x0018 word action state ID # for start of character-dependent move table logic
0x001C point common move table (803c2800)
0x0020 point character dependent move table
0x0024 point Pointer to subaction data. ("move swap code value")
0x0028 point End of hitbox data pointer (?)
0x002C float Player facing direction (-1 = left, 1 = right, moves environment boxes)
0x0030 float Player facing direction again (of previous action state)
0x0034 float Player scale. (read on map start)
0x0038 float Player scale. (set according to 0x34, seems to affect physics)
0x003C float Player Z scale factor (makes you really wide)
0x0040 Some sort of vertical model offset
0x0050 float ??
0x0074 float ??
0x0078 float ?? (set to 0 when jumping)
0x007C float ??
0x0080 float X velocity (air, self-induced)
0x0084 float Y velocity (self-induced)
0x0088 float Z velocity
0x008C float X velocity (attack-induced)
0x0090 float Y velocity (attack-induced)
0x0098 float X velocity (Atk-Shd KB)
0x009C float Y velocity (Atk-Shd KB)
0x00A0 float ?? (set to 0 when jumping)
0x00A4 float ?? subtracted from X veloc
0x00A8 float ?? subtracted from Y veloc
0x00B0 float X coord - TopN
0x00B4 float Y coord - TopN
0x00B8 float Z coord - TopN
0x00BC float X coord, again (prev. frame)
0x00C0 float Y coord, again
0x00C4 float Z coord, again
0x00C8 float X delta (last frame to this frame)
0x00CC float Y delta (last frame to this frame)
0x00D0 float Z delta (last frame to this frame)
0x00D4 float
0x00D8 float
0x00DC float
0x00E0 word air (1) /ground state (0)
0x00E4 float ??
0x00E8 float value to add to below x-velocity
0x00EC float X velocity (ground, self induced)
0x00F0 float X velocity (ground, traction?)
0x00F4 float ??
0x00F8 float nudge X coord addition
0x00FC float nudge Z coord addition
0x0100 float ??
0x0104 byte counter of some sort
0x010C point Pointer to a pointer to the start of player attributes deep in RAM
*Current Char Attributes*
0x0110 float Walk initial velocity
0x0114 float Walk acceleration
0x0118 float walk maximum velocity
0x011C float slow walk max?
0x0128 float ground friction
0x014C float Jump H initial velocity
0x0150 float Jump V initial velocity
0x0154 float Ground to air jump momentum multiplier
0x0158 float Jump H maximum velocity
0x015C float Hop V initial velocity
0x0160 float Air Jump V multiplier
0x0164 float Air Jump H multiplier
0x0168 word Number of jumps
0x016C float Gravity
0x0170 float Terminal velocity
0x0174 float Air Mobility A
0x017C float
0x0184 float Fastfall velocity
0x018C float Jab2 frame window
0x0190 float Jab3 frame window
0x0198 float weight
0x019C float Model scaling
0x01A4 float Shield break initial velocity
0x01A8 float Rapid jab window (A button instant/release counter)
0x01F0 Kirby B star damage
0x01F4 float normal landing lag
0x01F8 float nair landing lag
0x01FC float fair landing lag
0x0200 float bair landing lag
0x0204 float uair landing lag
0x0208 float dair landing lag
0x020C float victory screen window model scaling
0x0214 float walljump H velocity
0x0218 float walljump V velocity
0x0258 float walljump min x-delta to walljump?
0x025C bubble ratio?
0x0270 ice traction?
0x028C float ??
0x0294 float Item pickup Range X Translation - Ground
0x0298 float Item pickup Range Y Translation - Ground
0x029C float Item Pickup Range Width - Ground
0x02A0 float Item Picup Range Height - Ground
0x02A4 float ?? X Translation - Ground
0x02A8 float ?? Y Translation - Ground
0x02AC float ?? Width - Ground
0x02B0 float ?? Height - Ground
0x02B4 float Item pickup Range X Translation - Air
0x02B8 float Item pickup Range Y Translation - Air
0x02BC float Item Pickup Range Width - Air
0x02C0 float Item Picup Range Height - Air
0x02C4 ----start of something new (?)---
0x02D4 point Special Move Floats offset begin
0x02D8 word ?? pointer to struct of size 0x424
0x02EC float SpecialFallLand animation speed mult (higher = faster)
0x02F0
0x03E8 float Frame counter (resets to 1 with each new action state)
0x0430 word Color data selector flag (if 0, apply second color data)
0x0444 float ?? start of current subaction timer info
0x0448 float subaction frame timer
0x044c point current subaction script line
0x0450 point ?? something for subaction?
- for 0x14 command, it is an int counter
0x0454 point GOTO pointer RAM return script line
0x0490 Color blend pointer (same stuff as from item_t)
0x04B0 float ?? 800df61c
0x04B4 word rrggbbaa color applied. This is calculated and written every frame from the color floats below
0x04B8 float red (used by 0x490 stuff)
0x04BC float green (used by 0x490 stuff)
0x04C0 float blue (used by 0x490 stuff)
0x04C4 float alpha (used by 0x490 stuff)
0x04C8 float red flash rate
0x04CC float green flash rate
0x04D0 float blue flash rate
0x04D4 float alpha flash rate
0x0504 byte Flag values: 0x80 or higher == use color
0x058C word flags?
0x0594 byte ?? checked against 01 in physics playerthink
0x0596 half ?? flags
0x059C point ??
0x05A4 word ?? flags
0x05A8 word ?? flags
0x05AC word Number of char model view flags (?)
0x05CC word Number of char model something
0x05D4 point model struct?
0x64 = ?? 80070694
0x05E8 point Animation data pointer (?)
- 0x10 in length each
0x00 point bone structure
0x04 point ??
0x08 byte flags
(08) =
(40) =
(80) =
0x05F4 byte Character model view flags (ex. Ganon sword)
0x05F5 byte Character model view flags
0x05F6 short? Character model view flags
0x05F8 short? Character model view flags
0x060C start of a sub-struct
0x060C point ??
0x0610 byte Subcolor RED
0x0611 byte Subcolor GREEN
0x0612 byte Subcolor BLUE
0x0613 byte Subcolor ALPHA
0x0618 byte Player control index (what player's button inputs are used)
0x0619 byte costume ID
0x061A byte subcolor ID
00 = no sub color
01 = light
02 = dark
03 = black
04 = gray
05 = red (need code so doesnt freeze)
0x061B byte team ID
04 = Team CPU
0x0620 float Joystick X axis (float; -1.0-1.0)
0x0624 float Joystick Y axis (float; -1.0-1.0)
0x0628 float Joystick X axis previous frame
0x062c float Joystick Y axis previous frame
0x0630 float ??
0x0634 float ??
0x0638 float C-stick X axis (float; -1.0-1.0)
0x063C float C-stick Y axis (float; -1.0-1.0)
0x0640 float C-stick X axis previous frame
0x0644 float C-stick Y axis previous frame
0x0650 float Analog trigger data
0x0654 float Analog trigger data previous frame (unchecked)
0x065C word Buttons pressed (in this frame)
0x0660 word Buttons pressed last frame (== the +0x65C from last frame)
0x0664 NULL???
0x0668 word Instant buttons
0x066C word Released buttons
0x0670 byte X joystick hold frame count
0x0671 byte Y joystick hold frame count
0x0672 byte ??
0x0673 byte X button hold frame count
0x0674 byte Y button hold frame count
0x0675 byte ??
0x0676 byte X joystick frame count since last
0x0677 byte Y joystick frame count since last
0x0678 byte ??
0x0679 byte ?? joystick X something i think
0x067A byte ?? joystick Y something i think
0x067B byte ??
0x067C byte A/Z button frame count since last instant
0x067D byte B button frame count since last instant
0x067E byte X/Y button frame count since last
0x067F byte L/R/Z button frame count since last (analog L/R included), used for L-canceling
0x0680 byte L/R digital frame count since last instant
- used for L/R tech dead window (20 frames)
0x0681 byte D-Pad Up frame count since last instant
0x0682 byte D-Pad Down frame count since last instant
0x0683 byte A/Z button frames between last presses
- used for item grab buffer activation
0x0684 byte L/R/Z (digital) frames between last presses
- used for tech dead window (40 frames)
0x0685 byte Jumping frame count since last
0x0686 byte Up-B frames since last
0x0687 byte Down-B frames since last
0x0688 byte Side-B frames since last
0x0689 byte B button frame count since last
0x068A byte jumping frames between jump input
0x068B byte ??
0x0690 float ?? summed with a value and added to y coord - 800815b4
0x0694 float ?? summed with a value and added to x coord
0x06BC float ?? Noticed in Marth Up-B
+1776 (decimal)
0x06F0 phys_t
0x06F4 X, Y, Z
0x0700 X, Y, Z
0x070C X, Y, Z
0x0718 X, Y, Z
0x0724 byte ??
0x0728 word frame counter for something
0x072C word
0x0738 noclip if =0, clip else (what does this mean, wparam??)
0x0774 float ECB top, x-coord (for ceiling collisions)
0x0778 float ECB top, y-coord (for ceiling collisions)
0x077C float ECB bottom, x-coord (floor collisions)
0x0780 float ECB bottom, y-coord (floor collisions)
0x0784 float ECB right, x-coord
0x0788 float ECB right, y-coord
0x078C float ECB left, x-coord
0x0790 float ECB left, y-coord
0x07A4 float ??
0x07AC float ??
0x0820 word (00000010) = do not update ECB bottom
0x0824 word Stage collision physics
(00008000) = on floor
(00000800) = ??
(00004000) = hitting a ceiling
(00000020) = hitting a wall
(00800000) = ?? needed to ledge teeter
(01000000) = ?? something with grabbing ledge
(02000000) = ?? something with grabbing ledge
(03000000) = in range of grabbing ledge (I think more like in range and available to grab ledge)
0x0828 word Stage collision physics prev frame
0x0830 float x coord of position last landed
0x0834 float y coord of position last landed
0x083C word ground ID, last on
0x0842 byte ground type ID, last on
00 = no drop-through, no grabbable edges
01 = can drop-through, no grabbable edges
02 = no drop-through, can grab edges
03 = can drop-through, can grab edges
0x0843 byte ground property ID (ice, wood, etc.)
0x0844 - Start of new properties (?) -
0x0844 float 80000000, multiplier for combo count y-coord (does nothing)
0x0848 float normally 1, multipier for combo count x-coord force push and maybe more
0x084C float ?? related to above two values
0x0850 word right wall ID, last hit
0x0856 byte right wall type ID
0x0864 word left wall ID, last hit
0x086A byte left wall type ID