Tweet
Submit [GENS] Vectorman 2 (USA)
Improved infinite rockets boots jump
00EF8C:6004
015F3E:6008
Get always "Pacifist" bonus.
00D13A:6002
Get always "All photons collected" bonus.
00B728:E9B6
Get always "All photons collected" bonus (Alternate).
00B72A:4E71
Get always "All powersacks" bonus.
00B604:E9CE
Get always "All powersacks" bonus (Alternate).
00B606:4E71
================================================== ==============================
I was working on improving "infinite rocket jump".
Current codes lets Vectorman use multiple rocket boots but it takes a while (or you have to shoot in air quickly to be able to jump again).
My code deletes that waiting time so you can use infinite rocket boots quickly, without shooting and without waiting.
I am submiting some other codes I have found.
FFE4CA is RAM address for some Vectorman's stats.
After using rocket boots it is 10 (binary 10000)
Above opcode sets 5th bit. I branch it so Vectorman can use multiple rocket boots jump. We have the fisrt code 00EF8C:6004.
But why are we not able to use them quickly if we branched that opcode? Maybe another RAM is changing when we are using them.
Now we are at 00:EF8C. This program block ends few lines ahead and a new one starts at 01:6110 aprox.
If you scroll down, you'll see:
That means another RAM address(A4=FFE468; FFE468+4E=FFE4B6) is being MOVED. It is Long-word(4 bytes search) Thats the wanted one!
015F3E:6008 is the other code.
For some reason, rockets sound is not played, Im not sure how Z80 works. I will work on it again. At the moment it works fine for our purpose.
-------------------------------------------------------------------------------------------------------------------------------------------------
I will explain how did I find those codes...
RAM address for current collected photons is FFE9B6.
RAM address for amount of photons in level is FFE9B8.
If you make a gens trace a while before you complete a stage, you will see something like this:
00:B722 30 38 MOVE.W ($E9B6),D0
MOVE.W sets D0 to FFE9B6's value (photons collected by you). Now D0 is the amount of collected photons.
.W means that FFE9B6 is treated as WORD (2 bytes), so if you collected 6 photons (for example), FFE9B6 will be 0006 instead 06.
00:B726 B0 78 CMP.W ($E9B8),D0
CMP.W compares FFE9B8 to D0. Remember D0 is FFE9B6. This means that the amount of collected photons is compared to amount of level photons.
00:B72A 66 52 BNE #$52 [00:B77E]
BNE is a conditional BRANCH (Branch if Not Equal).
#$52 is amount of bytes PC will branch.
$ Dollar sign means 52 is a hexadecimal number (hex 52 = decimal 82).
[00:B77E] is the result of 00B72A+52 (you have to add 2 bytes of BNE opcode).
This means that Program Counter (PC) will branch $52 bytes if collected photons is NOT EQUAL to level's photons.
00:B77E 4A 40 TST.W D0
Nothing interesting... I just included so you can see where branches previous instruction. This is executed if you collect less photons than FFE9B8.
METHOD 1:
My first code (00B728:E9B6), forces comparing D0 to FFE9B6 instead FFE9B8. Remember D0 is FFE9B6, so it is comparing to itself.
This results on BNE is never executed. You will notice I used 00B728 instead 00B726. This is because 00B726 is opcode address (2 bytes). 00B728 is opcode's value.
METHOD 2:
You can force BNE is never executed overriding this opcode. Just use NOP opcode (NOP = No operation).
4E71 is hexadecimal opcode of NOP. In this case, we do not have to add 2 to desired address because we want to patch that instruction, not RAM address it is working.
00B72A:4E71 is the second method.
I apllied both methods to all bonus types (except for pacifist bonus which doesnt need to count items. It is true or false.).
Pacifist bonus RAM address is FFE9D0. It starts worthing 0 until you use your weapon (it MOVES to FF).
Sometimes, FF worths 255 but sometimes it worths -1, this depends on what opcode is reading/writing it.
Bytes from 00 to 7F are always positive numbers.
Bytes from FF to 80 may be negative numbers (FF= -1, FE=-2, FD=-3, etc) but not always will be negative.
00EF8C:6004
015F3E:6008
Get always "Pacifist" bonus.
00D13A:6002
Get always "All photons collected" bonus.
00B728:E9B6
Get always "All photons collected" bonus (Alternate).
00B72A:4E71
Get always "All powersacks" bonus.
00B604:E9CE
Get always "All powersacks" bonus (Alternate).
00B606:4E71
================================================== ==============================
I was working on improving "infinite rocket jump".
Current codes lets Vectorman use multiple rocket boots but it takes a while (or you have to shoot in air quickly to be able to jump again).
My code deletes that waiting time so you can use infinite rocket boots quickly, without shooting and without waiting.
I am submiting some other codes I have found.
FFE4CA is RAM address for some Vectorman's stats.
After using rocket boots it is 10 (binary 10000)
Code:
00:EF8C 08 EC BSET #4,$0062(A4)
But why are we not able to use them quickly if we branched that opcode? Maybe another RAM is changing when we are using them.
Now we are at 00:EF8C. This program block ends few lines ahead and a new one starts at 01:6110 aprox.
If you scroll down, you'll see:
Code:
01:5F3E 29 7C MOVE.L #$000160A2,$004E(A4) A4=FFFFE468
015F3E:6008 is the other code.
For some reason, rockets sound is not played, Im not sure how Z80 works. I will work on it again. At the moment it works fine for our purpose.
-------------------------------------------------------------------------------------------------------------------------------------------------
I will explain how did I find those codes...
RAM address for current collected photons is FFE9B6.
RAM address for amount of photons in level is FFE9B8.
If you make a gens trace a while before you complete a stage, you will see something like this:
Code:
00:B722 30 38 MOVE.W ($E9B6),D0 00:B726 B0 78 CMP.W ($E9B8),D0 00:B72A 66 52 BNE #$52 [00:B77E] 00:B77E 4A 40 TST.W D0
00:B722 30 38 MOVE.W ($E9B6),D0
MOVE.W sets D0 to FFE9B6's value (photons collected by you). Now D0 is the amount of collected photons.
.W means that FFE9B6 is treated as WORD (2 bytes), so if you collected 6 photons (for example), FFE9B6 will be 0006 instead 06.
00:B726 B0 78 CMP.W ($E9B8),D0
CMP.W compares FFE9B8 to D0. Remember D0 is FFE9B6. This means that the amount of collected photons is compared to amount of level photons.
00:B72A 66 52 BNE #$52 [00:B77E]
BNE is a conditional BRANCH (Branch if Not Equal).
#$52 is amount of bytes PC will branch.
$ Dollar sign means 52 is a hexadecimal number (hex 52 = decimal 82).
[00:B77E] is the result of 00B72A+52 (you have to add 2 bytes of BNE opcode).
This means that Program Counter (PC) will branch $52 bytes if collected photons is NOT EQUAL to level's photons.
00:B77E 4A 40 TST.W D0
Nothing interesting... I just included so you can see where branches previous instruction. This is executed if you collect less photons than FFE9B8.
METHOD 1:
My first code (00B728:E9B6), forces comparing D0 to FFE9B6 instead FFE9B8. Remember D0 is FFE9B6, so it is comparing to itself.
This results on BNE is never executed. You will notice I used 00B728 instead 00B726. This is because 00B726 is opcode address (2 bytes). 00B728 is opcode's value.
METHOD 2:
You can force BNE is never executed overriding this opcode. Just use NOP opcode (NOP = No operation).
4E71 is hexadecimal opcode of NOP. In this case, we do not have to add 2 to desired address because we want to patch that instruction, not RAM address it is working.
00B72A:4E71 is the second method.
I apllied both methods to all bonus types (except for pacifist bonus which doesnt need to count items. It is true or false.).
Pacifist bonus RAM address is FFE9D0. It starts worthing 0 until you use your weapon (it MOVES to FF).
Sometimes, FF worths 255 but sometimes it worths -1, this depends on what opcode is reading/writing it.
Bytes from 00 to 7F are always positive numbers.
Bytes from FF to 80 may be negative numbers (FF= -1, FE=-2, FD=-3, etc) but not always will be negative.
Comment