|
|
SCHG:Nem s3ssFrom Sonic Retro
IntroductionHere are my notes on the S3 savestates. In order to edit these files I recommend a hex utility called Hex Workshop, and I recommend getting the emulators gens and genecyst. Gens is the one I use most of the time, but genecyst has a lot of features that are extremely useful that gens dosen't have. First of all it's very important that you understand the basics. All data stored on a computer is in the form of 1's and 0's. On a CD for example, a laser hits the surface, and if the laser bounces back and hits the lens it's a 1, and if it dosen't it's a zero. Each 1 or 0 is called a bit, and a bit cannot have any other characters in it other that a 1 or a 0. Now the computer deals with bits in groups of 4. There are 16 possible combinations for a group of four 1's and 0's, so to make it simpler to deal with it as one value, rather than 4 (Eg. 0110 becomes 6). Now as there are 16 possible combinations for a group of 4 bits, this value to represent thier values must have 16 values itself, so rather than a simple 0-9, this value is 0-F (0123456789ABCDEF). This value is called a hexadecimal value (hex value fo short). Each hex value is dealt with in groups of 2, called a byte, each byte having 128 possible combinations. Now on a final output level the byte may be looked up on an ASCII table, which will convert that value into a recogniseable character (Eg. a byte value of 73 becomes a lowercase s on an english ASCII table). You will practically never touch the ASCII version of the code in hacking though. Now one important thing to realise is that as one character of hex has 16 values and a decimal (real) value only has 10, it may be nessicary to convert the numbers between them from time to time. This is done with the use of a base converter (included in hex workshop). Let's say you wanted to give Sonic 50 rings. If you enter 50 as the vaue, you will in fact end up with 80, becuase that value you are entering is actually a hex value, but if you use the base converer to convert it first, you merely enter the value of 50 into the decimal box, and it will spit out a hex value of 32, which will in fact give you 50 rings in the game. Another useful utility that you will need is a hex calculator (also included in hex workshop). A hex calculator is the same as a normal calculator, but it deals with hex values rather than decimal values. Now onto exactly what a savestate consists of. A savestate is a dump of all the ram that is allocated to the system, but that's not just main system ram, it's sound ram, CPU cache, etc. In a savestate all of this is mashed together in one file. Here's what's where in a genecyst savestate:
And here's what's where in a Kgen savestate:
Now any single value that is stored in the system ram can be altered in game by use of a pro action replay code. First of all, here's an example of a Pro action replay code: FFFE10:0800 Now, the first byte in this code is FF, and a value of FF in the first two characters indicates that the code is altering data in the system ram. The next four character after it are the actual memory location in the ram, and the last four are the two byte value to write into that memory address. The pro action replay will always alter two memory addreses at a time by the way, because the Mega Drive (Genesis) is a 16 bit system. It dosen't matter though because you will find that a value will have two bytes assigned to it anyway, or the second byte will be related. In the case of the example, the first byte being altered is the current level, and the second is the current act within that level. The actual address of these values in the savestate are 12288 and 12289. An explination of why lies in the locations of the ram data that is stored in the savestate. If you look at the above table, there are 2478 lines worth of data before the system ram in the savestate, so for any action replay code you want to convert into a file location, you will need to add 2478 to the line number, and for any line number you want to convert into a pro action replay code you will need to minus 2478. Remember that these line numbers are hex values though, so you will need to do this in a hex calculator. (NOTE: Genecyst dosen't do pro action replay codes properly, use gens instead for that function). Another thing you need to know is that each level in Sonic 3 has a value asigned to it, but this value does not correspond with each level's final position in the game. Here is a list of the level values in S3&K:
And one last thing you need to know is the way that the Mega Drive stores all the art. All the art that is used in the game is stored in the form of 8x8 pixel blocks. These blocks do not actually store colours at all, they actually only have one hex value per pixel. That value specifies what point on the palette line the pixel will get it's colour from. The palette has 4 lines, each with 16 colurs on them. Now the colours on the palette can be changed at any point during play, and some palette colours may even automatically change colour each couple of frames to make it look like the colour is flashing. Now these 8x8 blocks are not what makes up the level directly. 4 8x8 blocks are grouped together to form a 16x16 block, and it is at this point that the palette line to use for that 16x16 block is specified. The 8x8 patterns can also have thier x, y, or x and y values reversed when placing them in a 16x16 block. Also it's at the 16x16 level that the collision index comes into play. Now finally we get to a 128x128 block, and these are the things that the actual level info loads. It is made up of 64 16x16 blocks,and each block inside them can use a different palette line. You cannot place anything except a sprite or a 128x128 block directly into a level. Now that you know all the basics, here's my breakdown: Internal Groups
Single Variables
Pattern breakdown 8x8 blocks (12478-1C477)All 8x8 patterns are stored sequentially, each one taking up 32(20) bytes. One pixel takes up one hex value, not one byte. The value of this hex value being 0-16 represents the colour that pixel is on the palette, 0 being the start, and F being the end (NOTE: specifying a value of 0 will not load up the first colour on the palette line, but instead make that pixel transparent). 16x16 block mappings: (B478-CE77)Each 16x16 block is made up of four 8x8 blocks. Delt with in blocks of 8 bytes, 2 bytes per pattern to be used in block. First value determins which palette line to use, and which orientation the pattern is at. Refer to table for explination:
The next three values represent the pattern number to use. Specify the number that the pattern is in the list. Past the value of 800, the block number restarts back at block 0, but the block is mirrored. The block mappings use the standard method of layout, start at x0 y0 and move across x values until end of line is reached, then repeating on next y value. If a space is blank in the 16x16 mappings, it will have the values 4000 in every box. 128x128 block mappings: (2478-A477)A simple 12 bit RGB value. One colour on palette is represented by two bytes, and working back from the last value forward an RGB value is specified like this: 0BGR. So if you wanted that colour on the palette to be completely red, you would enter a value of 000F. The first colour on the palette is the default colour of the stage. If you had a value of 0 in one of the background tiles, this colour will be substituted in instead of making it transparent. Pattern load cue (11AF8-?????)Requests are processed in the order they are listed. If you try to load multiple patterns to the same area, the last one will overwrite the first. A six byte value per request. First four bytes are the address to load the patterns from the rom (eg, 0008 30D2). The last two bytes are the address to load the patterns into in the video ram. The pattern view window in genecyst is the easiest way to determine this. Note that whenever clearing out the pattern cue you must also set 11B71 to 00, or else some crap will be written over the first few patterns in the video ram. I have yet to narrow down the exact relationship this variable has with the load cue. Master level trigger (11A78)This trigger is the main trigger that specifies the current "mode" if you will that the game is in. Changing this will make the game switch to the mode you specify once it finishes it's current process.
These values repeat after 80. Values above 50 have not been used. If you change this value in level the screen will fade out and the data for the thing you have selected will be loaded instead. If you specify a value betwen the values I have listed, you will get some strange results. Level layout (A478-B477)In sonic 3 the level layout is stored in a clever way to save space, and as such allow for the larger levels that the S3 platform supports. I'm not sure what the first 8 bytes do, but after that there's a list of 2 byte ram locations. There's two locations per line of 128x128 blocks. The first one gives the location of the foreground line, and the second one gives the location of the background line. To get this location from a savestate, minus 2478 from the internal file location. The lines themselves are simple. The level is delt with as a grid, starting with first tile in top left and working across to the right doing one x value at a time. One byte represents one tile in one grid location. A value of 00 is the first large tile in the database, 01 is the second, etc.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
