vgmrips

The forum about vgm files
It is currently 2018-10-23, 16:39:57

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 49 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject:
PostPosted: 2017-11-26, 3:40:25 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
yes, doing searches take a lot of time unless the range is very small. The second argument of the find command is the length, not the end offset. And all arguments are hex by default, so 0x prefix is unnecessary. So to search in a 100 byte range from address 500 you enter "f[ind] 500,64,<data>,< more data>... In any case, i would not suggest using the find command for finding short values, you'll get tons of results and none of them will really make sense.

Anyway, i spent some time figuring out the music format, not fully of course but enough to get some idea of how it works.

The first channel of the intro tune ended up being a bit of a red herring, as it is silent for the duration of the track. Anyway...

Just to make things clear, the SH2 processor used in CPS3 is big endian. That means 16-bit values (and so on) are read with the most significant byte first. (opposite to Intel processors)

C0-FF are song commands. These are like MIDI CCs like pan, master volume and that stuff. Also includes loop and jump commands, but i haven't come that far. These take zero or more bytes as arguments.
80-BF plays a note with velocity. Subtract 80 from the first byte to get velocity, then the second byte is the note number (you mentioned that the title track uses an instrument with chopped samples, that is true and each part corresponds to a note in this case). Third (or fourth) byte contains the gate time (note duration). If this value is >80 then it should be read as 16-bit (2 bytes). Fourth (or fifth) byte is the note duration plus articulation.

Examples:
Code:
bf 3c 81 40 01 40
play note C4 (0x3c) with velocity 63 (0xbf-0x80) for 320 (0x140) frames. Both gate time and note duration are read as 16-bit values if bit 7 is set.

c7 7f
set panning to 127 (full right)
b2 3e 18 24
play note D4 (0x3e) with velocity 50 (0xb2-0x80) for 24 (0x18) frames, then rest for 12 (0x24-0x18) frames.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-26, 9:29:40 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
thanks, and how did you find it?
my searching methods would have taken me so much time to find these commands...
also i remember that there are songs use a offset to trigger a sample from a certain position, like the 9xx command in amiga modules.

but in what file in the rom this data is stored?
i tried to make an listxml, and didnt find nothing usefull...
every simm has a separate memory, and i cant find sequence data anywhere...
Attachment:
sfiii3Roms.xml [20.33 KiB]
Downloaded 35 times


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-27, 0:53:57 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
Actually, i found the data the same way you probably do, by poking. Of course, the longer you do things like this, the easier it will get. I don't think sample offsets are used here, think more like soundfonts/MIDI "instruments" where each note is mapped to a different sample.

You probably won't be able to find anything in the rom directly, as it's encrypted. You can thank capcom for that. It should be possible to save a decrypted copy by using the "save" command in the debugger though.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-27, 18:48:43 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
well, then i dunno how to explain this...

Attachment:
i dunno.zip [1.17 MiB]
Downloaded 43 times


(that is song 000a(in the sound test)s' first channel, i saw that songs are followed by a bunch of 2xxxxxxx, it varies, and the channels by a series of 00000000,or viceversa, but i may be wrong...)

"but i have tried using the save command, and it gives an error, on the gfx driver,
the error is:
Attachment:
cant_use_the_save_feature.txt [4.04 KiB]
Downloaded 40 times

from what address i should start to trim only the musical data?
from 0678c000?
and its only taking the length, how do i count/calculate it?
"

Edit: i figured it out. i had to only subtract the 0678c000 to 067d1f6b, address where starts an ocean of 0, and it gave me the size.
so here is the original .bin file
Attachment:
sfiiiseq2_0.bin [279.85 KiB]
Downloaded 40 times

Edit2: tried to change 1 3c random, and he whole game stops working...
Attachment:
thanks capcom.JPG
thanks capcom.JPG [ 49.92 KiB | Viewed 963 times ]

maybe it was important, but even after reinstalling sfiii3n, i got that screen.
fortunately sfiii3 has the same musical data arragement...


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-29, 21:56:22 

Contributors Contributors
Offline

Joined: 2015-06-18, 22:26:41
Posts: 68
You probably messed with the memory size. If anybody's wondering, the message roughly says "There is a small amount of memory set in the game. Please turn off the power and try again."


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-29, 22:30:02 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
well.. i dont know how to do a proper calculation of the lenght, but saving and then loading the same region would be fine, but no, i guess...
do i need to save the entire rom?
maybe i will try just that, i will edit in a message, in this post, to tell you if it worked...
Edit: or is it that the entire memory is begin overwritten?
but it doesnt seem like so.

mame is getting weirder and weirder...
after i did another load test, after a while it crashed.

so, in the mame cps3 code (here), it says, at line 2212, that the entire rom is loaded in a size of 800000, maybe, so i will try that...

i forgot that mame does not save the gfx...
so, time to find a modded version with tile saving!
but it migth get too big for my pc to host it...


how do i use the save feature?
please, i would like to understand this command...
im not angry, just annoyed


Edit2: in the mame compiling tutorial page, there is this phrase, that reads
Quote:
Various modules are disabled by default, such as the MAME interactive debugger, but can be enabled through arguments when building and may require additional MSYS2 packages to be installed.

i would like to know what interactive debugger means...

cheat engine seems to work fine for data poking for me, there is only the problem of finding the values every time mame resets, but i can deal with that...


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-30, 13:53:05 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
to get rid of that screen, remove the contents in the MAME nvram/sfiii3n folder.

type "help save" or "help <command>" in the debugger to get help on various commands.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-11-30, 14:19:45 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
i had discovered that while i was trying to fix the rom, and there are 3 versions of the save command.
i will use the one that gives me the least problem.
there is going to be an edit later on, containing what i found.
also, to clarify, i used "save sfiiiseq.bin,0678c000,45f6b"

Edit: the 3 versions of save are:
save, for program space memory;
saved, for data space memory;
and savei, for i/o space memory.
i dont know the differences in those 3.
when i try using saved and savei, an error pops up, saying that there is no matching memory space...
the help command only shows a vague description, i cant find any detailed one on google...


i dont know if is the save command worht it, i can just use the breakpoints or cheat engine.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 0:44:13 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
im trying to find the command that controls the sample offset, if there is one, lets see if i can find something...
after some rest, of course, i dont have too much time today.
maybe later or tomorrow, i will edit this message, to tell if i got any result.

Edit: wait, i forgot to ask if there is a function that allows to show addresses interactions, like one address writing an another.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 8:49:42 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
insertnamehere wrote:
Edit: wait, i forgot to ask if there is a function that allows to show addresses interactions, like one address writing an another.


ctr wrote:
you mentioned that the title track uses an instrument with chopped samples, that is true and each part corresponds to a note in this case


Each part is simply defined as a separate sample in the sample table (you can find the location in one of my replies), then using an instrument (you can also find the location to the instrument tables), the parts are mapped to a separate note.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 9:15:53 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
sorry, but i was not talking about song 01, but song 0a, a later song, if it wasnt clear...
and it seems like you're right, even in song 0a, there is the same multipart instrument.
and, if there is a sample offset, maybe its easier to chop the sample where the offset plays and remap it, that implement the sample offset itself.
i will look more into that, just to be sure.

Edit: trying to find anything, but seems like there is none, so, you where right.

Edit2: tell me if im annoying, and i will stop.
also before, when i asked about a function to find address interactions, i was trying to say if mame's debugger had a feature like cheat engine, that allows you to see what writes/access an address.

when i posted that reply, it was night, and i was going to sleep.
i will never going to do that again, because i risk to write incomplete or nonsensical messages.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 12:52:06 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
insertnamehere wrote:
also before, when i asked about a function to find address interactions, i was trying to say if mame's debugger had a feature like cheat engine, that allows you to see what writes/access an address.


there is, try enter "help wpset".


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 14:40:28 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
oh, ok, because i wanted to know if there is an expression with wpset that, if there is a watchpoint in an address that has its value begin writen, shows what is writing that address.

for example(making this up to explain what i mean), an address 0x100 has its value constantly writen by 0x200, and i put a watchpoint, i wanted to know if there is an expression that i can add to the watchpoint that tells something like"0x100 is begin modifed by 0x200"...

i cant explain it better that this, so, if you cant understand what im trying to say, well...
its not that important, just for curiosity.


Last edited by insertnamehere on 2017-12-02, 15:32:42, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 15:10:20 

Contributors Contributors
Staff Staff
Reverse engineers Reverse engineers
Offline
User avatar

Joined: 2013-07-17, 23:32:39
Posts: 333
yes, that is possible, i think the help description already shows that.

example:
Code:
wpset 618000,2000,w,1,{printf "data = %04X (addr=%08x,pc=%08x)\n",wpdata,wpaddr,pc;g;}


The final "g;" before the closing brace tells the debugger to resume execution and not halt when the watchpoint is hit.


Top
 Profile  
 
 Post subject:
PostPosted: 2017-12-02, 16:44:30 
Offline

Joined: 2017-11-21, 16:36:09
Posts: 29
Attachment:
Capture.JPG
Capture.JPG [ 16.07 KiB | Viewed 851 times ]

it works fine, and sorry if i may seem picky, but i asked for an expression that shows what is accessing 06794cf0...
its not a big deal, though.
just wanted to see how the songs are separated in the memory viewer, but maybe, is the game is reading from somewhere the start and end address, and using those to locate the song.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 49 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group