Welcome!
Final Burn Neo => FBN Development => Topic started by: Badablek on July 30, 2005, 11:45:23 AM
-
Hi,
little question for Metal Slug X, i'd like to understand the initialisation of this game, in order to patch the P1 (and make it "universal"), like an AES patch (but here it seems to be an MVS patch :biggrin:).
I really like fully decrypted sets (like some others really like fully original encrypted sets :wink:), and I want to have a fully decrypted FBA build (even if some games still need special ini)
#if 0
for (int i = 0; i < 0x100000 - 8; i += 2) {
if (*((unsigned short*)(Neo68KROM + i + 0)) == 0x0243 && *((unsigned short*)(Neo68KROM + i + 2)) == 0x0001 && *((unsigned short*)(Neo68KROM + i + 4)) == 0x6600) {
*((unsigned short*)(Neo68KROM + i + 4)) = 0x4E71;
*((unsigned short*)(Neo68KROM + i + 6)) = 0x4E71;
bprintf(PRINT_NORMAL, _T(" - prot patch at 0x%06X\n"), i);
}
}
*((unsigned short*)(Neo68KROM + 0x3BDC)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3BDE)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3BE0)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C0C)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C0E)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C10)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C36)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C38)) = 0x4E71;
#endif
}
I open 250-p1.bin CRC 81f1f60b, then go to offset 0x3BDC and write 714E, then 0x3BDE and write 714E then 0x3BE0 and write 714E etc.......
The game boots fine (Special initilisation removed, no warning screen) then it freezes with both the title screen and the warning screen :redface:
(http://img261.imageshack.us/img261/1401/mslugx07301527536jx.png)
I do not understand the first part of the patching process (I do not have any programation skill :rolleyes:), and it's 99,9% sure that this is the missing part for my "universal" P1.
Please help me :wink:
-
for (int i = 0; i < 0x100000 - 8; i += 2) {
if (*((unsigned short*)(Neo68KROM + i + 0)) == 0x0243 && *((unsigned short*)(Neo68KROM + i + 2)) == 0x0001 && *((unsigned short*)(Neo68KROM + i + 4)) == 0x6600) {
*((unsigned short*)(Neo68KROM + i + 4)) = 0x4E71;
*((unsigned short*)(Neo68KROM + i + 6)) = 0x4E71;
bprintf(PRINT_NORMAL, _T(" - prot patch at 0x%06X\n"), i);
}
}
This first part translates into this:
For the first 1mb of the rom, search for this: 430201000066 and replace the last 4 with 714E and the next four with 714E:
430201000066xxxx -> 430201000066714E714E
(xxxx is any number in hex)
Also attached is a patch to do this for you.
-
Thank you very much for this patch, works great :biggrin:
And this helps me a lot, as FBA didn't work anymore with Metal Slug X, since I tried to patch the P1 (did a fresh compile with the special ini, erased all config files of mslugx, red sceen.......really strange :confused:)
Anyway now it works, that's the most important :wink:
see ya
-
I came up with a different init for this using only one patch. I've played it 3 times through and several others have played it as well. Please test this for me and give feedback. Make sure to delete your .nv or .fs files. Also, please test savestates + resets too. Thanks!
static void mslugxPatch()
{
*((unsigned short*)(Neo68KROM + 0x3C72)) = 0x4E75;
}
UPDATE
Looks like this can cause background lag in the game. :(
-
It seems that works like a charm!!!!!!!!!! thanks for this man!!!!
TEST_log:
Plays: 5
Errors: 0
Bugs: 0
Aditional settings and tests: reset, states... memcard
Bugs: None
Result: Perfect
See ya!!!!! :biggrin:
-
:eek:
So, this :
#if 0
for (int i = 0; i < 0x100000 - 8; i += 2) {
if (*((unsigned short*)(Neo68KROM + i + 0)) == 0x0243 && *((unsigned short*)(Neo68KROM + i + 2)) == 0x0001 && *((unsigned short*)(Neo68KROM + i + 4)) == 0x6600) {
*((unsigned short*)(Neo68KROM + i + 4)) = 0x4E71;
*((unsigned short*)(Neo68KROM + i + 6)) = 0x4E71;
bprintf(PRINT_NORMAL, _T(" - prot patch at 0x%06X\n"), i);
}
}
*((unsigned short*)(Neo68KROM + 0x3BDC)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3BDE)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3BE0)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C0C)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C0E)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C10)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C36)) = 0x4E71;
*((unsigned short*)(Neo68KROM + 0x3C38)) = 0x4E71;
#endif
}
is replaced with only....this :
static void mslugxPatch()
{
*((unsigned short*)(Neo68KROM + 0x3C72)) = 0x4E75;
}
Amazing :biggrin:
I tried quiclky to boot it, and seems to work....now it's a good excuse for me to play this great game, again and again :cool:
So if I want to make 250-p1a.bin (unprotected), I only need to replace 390C with 754E at offset 3C72 of original P1 81F1F60B and it gives me crc32 C493552D ?? [EDIT]Works very well, nice
BTW now it boots without any problem, by using this init, thanks a lot ^^
-
Fantastic :) Keep testing people! :)
-
looking good so far :)
-
If you dont' like using patches in your emulator, you can include this cheat with fba.
cheat "Patch protection"
default 1
0 "Disabled"
1 "Enabled", 0, 0x003C72, 0x4E, 0, 0x003C73, 0x75
The cheat will patch the game for you (by default it's enabled).