Post Reply 
BATTLE.OUT File
04-14-2017, 09:19 PM
Post: #1
BATTLE.OUT File
MysticLord can I ask you to do a text dump of all the hex bytes in the BATTLE.OUT file like you did for the Battle Scripts? Sometimes I have greater luck at figuring out what's inside a file if I look at it in that text dump format. I figured it'll be a good start figuring out what all those pointers mean.
Find all posts by this user
Quote this message in a reply
04-15-2017, 12:25 AM (This post was last modified: 04-15-2017 12:25 AM by MysticLord.)
Post: #2
RE: BATTLE.OUT File
Starting location of pointer table?

Can you upload a save state taken in the middle of a battle? Please tell me what emulator produced the save state as well.

I'll add a script to ScriptHelper to reorder the BATTLE.OUT pointer tables you, uh, point me to as big-endian and output them as text. I'll include that text dump.

I need the save state because I guessed that they point to locations in memory and I'll need the save state to determine what file(s) that location in memory corresponds to. After that you'll can use a disassembler to get at the information contained therein.
Find all posts by this user
Quote this message in a reply
04-15-2017, 06:12 PM
Post: #3
RE: BATTLE.OUT File
I know little to none about this file. It will be perfect if you can just have a program to scan the file, copy the hex bytes to a text file, and save. Sometimes it is easier for me to look at the data and visualize it. Some opcodes/functions reveal their secrets this way.

Still if you need a save state, here is one attached. This should be right before the ciato final battle. I've also attached the memory card files. I use epsxe 1.9.25.


Attached File(s)
.zip  SF Save State.zip (Size: 1.63 MB / Downloads: 0)
Find all posts by this user
Quote this message in a reply
04-16-2017, 01:53 AM (This post was last modified: 04-16-2017 03:36 AM by MysticLord.)
Post: #4
RE: BATTLE.OUT File
(04-15-2017 08:14 PM)Neptuneknight Wrote:  I know little to none about this file. It will be perfect if you can just have a program to scan the file, copy the hex bytes to a text file, and save. Sometimes it is easier for me to look at the data and visualize it. Some opcodes/functions reveal their secrets this way.
I seriously doubt you'll find any event data in BATTLE.OUT, but if you want to teach yourself MIPS r3000a be my guest.

(04-15-2017 08:14 PM)Neptuneknight Wrote:  Still if you need a save state, here is one attached. This should be right before the ciato final battle. I've also attached the memory card files. I use epsxe 1.9.25.

I asked for a save state mid-battle so I wouldn't have to install and configure an emulator to examine RAM during battle. I need to do this to determine what file is being loaded where the pointers point to. From there I can give you a number to subtract from all pointer addresses to determine what routines in that file to begin disassembling.

Doesn't matter though, Linux emulation has improved a fair bit since I last tried four or five years ago. Very pain-free download and installation of PSCX. I'm currently playing as blue for a few minutes while I find a battle.

While navigating through Luminous as Blue I saw Rouge in screen for a second before he disappeared - there's an easy event for you to check out when you get around to it.

EDIT

God fucking damn it, PCSX uses some weird variant of gzip on its save states.

Just give me a save state of ANYTHING that takes place in the middle of a battle. A save state is literally a snapshot of RAM, with a header or a footer.
Find all posts by this user
Quote this message in a reply
04-16-2017, 06:11 PM (This post was last modified: 04-16-2017 06:12 PM by Neptuneknight.)
Post: #5
RE: BATTLE.OUT File
Here's save state 4. It's at the very beginning of the battle with BatKnight. Thanks for your time.


Attached File(s)
.zip  Save State 4.zip (Size: 1.74 MB / Downloads: 2)
Find all posts by this user
Quote this message in a reply
04-16-2017, 08:57 PM (This post was last modified: 04-22-2017 06:51 AM by MysticLord.)
Post: #6
RE: BATTLE.OUT File
(04-16-2017 06:11 PM)Neptuneknight Wrote:  Here's save state 4. It's at the very beginning of the battle with BatKnight. Thanks for your time.

That save state is also compressed with gzip somehow.

Can you get a pSX savestate that's mid-battle?

EDIT

To clarify, I know for a fact that this emulator doesn't use savestates compressed in such a way that I can't decompress them without debugging the issue. You can get a BIOS from... somewhere, get the emulator running, and get a mid-battle save state in 10 minutes. I can't do this because I run Linux. Yes, there is a Linux pSX executable. No, it isn't often easy to set up (and it doesn't have a debugger). I'm still extremely checked-out on modding, so while I'm happy to program something for you I'm done jumping through hoops to get the information I need to program something.
Find all posts by this user
Quote this message in a reply
05-15-2017, 12:29 AM
Post: #7
RE: BATTLE.OUT File
(04-16-2017 08:57 PM)MysticLord Wrote:  
(04-16-2017 06:11 PM)Neptuneknight Wrote:  Here's save state 4. It's at the very beginning of the battle with BatKnight. Thanks for your time.

That save state is also compressed with gzip somehow.

Can you get a pSX savestate that's mid-battle?

EDIT

To clarify, I know for a fact that this emulator doesn't use savestates compressed in such a way that I can't decompress them without debugging the issue. You can get a BIOS from... somewhere, get the emulator running, and get a mid-battle save state in 10 minutes. I can't do this because I run Linux. Yes, there is a Linux pSX executable. No, it isn't often easy to set up (and it doesn't have a debugger). I'm still extremely checked-out on modding, so while I'm happy to program something for you I'm done jumping through hoops to get the information I need to program something.

Let's breathe some life into this part of the forums. Sorry I've been away for so long, work's been siphoning the life out of me. I'm on vacation this week. It took me forever to get some save states, try these and tell me what you think.

Save state 1 is right before a battle.
Save state 2 is in battle.


Attached File(s)
.zip  SStates pSX.zip (Size: 3.28 MB / Downloads: 1)
Find all posts by this user
Quote this message in a reply
05-15-2017, 12:33 AM (This post was last modified: 05-15-2017 12:43 AM by MysticLord.)
Post: #8
RE: BATTLE.OUT File
Perfect. I should have something for you by the end of next weekend.

EDIT

Shit, that's after your vacation. I just bought a car, I need to get a job and a different apartment this week - along with school busywork. Very hectic. Maybe work on battle scripting while you wait?
Find all posts by this user
Quote this message in a reply
05-15-2017, 11:26 PM
Post: #9
RE: BATTLE.OUT File
(05-15-2017 12:33 AM)MysticLord Wrote:  Perfect. I should have something for you by the end of next weekend.

EDIT

Shit, that's after your vacation. I just bought a car, I need to get a job and a different apartment this week - along with school busywork. Very hectic. Maybe work on battle scripting while you wait?

Put the hacking on the back burner, sounds like a very stressful week. Congrats on the car purchase! Did you get a truck? SUV? Grin

Yeah I'll keep looking at the battle script opcodes. Last time I found the opcode that regenerates WP, JP and LP in battle. There was also another one to set the enemy's LP value. Have to go through my notes.
Find all posts by this user
Quote this message in a reply
06-24-2017, 04:32 PM
Post: #10
RE: BATTLE.OUT File
I have some free time now. What did you want me to do again?
Find all posts by this user
Quote this message in a reply
06-24-2017, 11:44 PM
Post: #11
RE: BATTLE.OUT File
(06-24-2017 04:32 PM)MysticLord Wrote:  I have some free time now. What did you want me to do again?

LOL. This file looks like it's full of pointers, but all the battle info is here. Battle winning animations, standard text ("Learned New Gun Technique XXX, Learned XXX Magic YYY), "XXX is dead", etc. I'd like to figure out how the game recognizes what goes to which character, and how to possibly change and add new text.

The file is full of pointers at the beginning which I'm not sure I understand. Your theory was that these were RAM addresses and that some offset needed to be added/subtracted. You were going to check on this somehow.
Find all posts by this user
Quote this message in a reply
06-25-2017, 01:23 AM (This post was last modified: 06-25-2017 02:03 AM by MysticLord.)
Post: #12
RE: BATTLE.OUT File
BATTLE.OUT:
https://i.imgur.com/0HeIN34.png

Save state:
https://i.imgur.com/hAABxON.png

To convert from PSV to RAM: Subtract 0x2B0

RAM (Savestate with first 0x2b0 bytes deleted):
https://i.imgur.com/QN52x1P.png

The offsets don't quite match up - I've never seen a 4 byte per entry pointer table that didn't start at an address that ends in 0x0, 0x4, 0x8, or 0xC. Maybe I deleted something. That said, it's not impossible.

It's possible - since the game doesn't actually load BATTLE.OUT but the compressed version of it (BATTLE.BIN) that the stuff above this supposed pointer table is the decompression routine.

In any case none of the pointers correspond to a RAM address. I thought the PS1 had 2 MB of RAM, why is this RAM snapshot only go to 0x30206a?
Find all posts by this user
Quote this message in a reply
06-25-2017, 02:11 AM (This post was last modified: 06-25-2017 02:11 AM by Neptuneknight.)
Post: #13
RE: BATTLE.OUT File
So the game decompresses the encryption and then loads the info? *Reminds me of Valkyrie Profile* *Curses Profusely*
Find all posts by this user
Quote this message in a reply
06-25-2017, 04:27 PM (This post was last modified: 06-25-2017 10:33 PM by MysticLord.)
Post: #14
RE: BATTLE.OUT File
This is compression, not encryption.

I should explain this in more detail.

The *.PSV save state you gave me is a snapshot of RAM, but with a header prepended to it. That is, the first 0x2B0 bytes of the save state are not RAM and can be discarded. After we do this we have a real RAM snapshot.

I searched the RAM snapshot for the first 8 bytes of BATTLE.OUT and I found them at address 0x180000. Thus this is where the game loads BATTLE.OUT.

However, we know that BATTLE.OUT isn't actually used or loaded anywhere in the game, because Vimes modified it and imported it into a disc image, yet nothing changed. The game actually used BATTLE.ARC, which is BATTLE.OUT run through a compression program.

To alleviate confusion, I'll refer to the decompressed BATTLE.ARC as d_BATTLE.ARC, to differentiate between it and BATTLE.OUT. I need to do this because byte for byte they are identical.

Since we know where d_BATTLE.ARC is loaded in RAM, it's reasonable to guess that the assembly language routines just above it are those which perform the loading and decompression.

Since we also know the length of BATTLE.OUT, we can check if the bytes at address 0x180000 + lengthOfBattleDotOut are the same as those at the end of BATTLE.OUT. Looking at the end of the file it's all zeros, so I have to scroll up a bit. Below are the last 8 non-zero bytes of BATTLE.OUT, starting at 0x7d1cc.

https://i.imgur.com/E9LzjIM.png

Searching for those eight bytes in the RAM snapshot we find them at 0x1fd1cc.

https://i.imgur.com/Ask1gGL.png

0x1fd1cc minus 0x7d1cc equals 0x180000

BATTLE.OUT is 0x7e24f bytes long.

Thus we know that d_BATTLE.ARC is probably loaded in its entirety, not in chunks, starting from 0x18000 to about 0x1fd24f.

Obviously the zeroed out portions are not present in RAM, at least not for long - those are workspace for the assembly language routines above them to store and manipulate data. I heard that this is something that compilers did in the 90s which they no longer do because it compresses poorly - it would compress smaller if all the assembly routines were in one place and all the data were in another, as much as you can do this given the limitations of your architecture... but that's not important for our discussion.

To recap:
* Those are still probably pointer tables of some sort
* If they aren't pointer tables then run the hex through this website to determine if the instructions make sense (https://www.eg.bucknell.edu/~csci320/mips_web/).
* Everything starts at 0x180000.
* Everything probably ends at 0x180000 + lengthOfBattleDotOut, aka 0x1fd24f.

What you suspect are pointers are located from 0x180000 to 0x18090f. It is 0x654 bytes long.

Interspersed throughout are ASCII strings which are of a length between 4 and an integer evenly divisible by four. Spaces in these strings are 0x20 (the ASCII space), and nulls are 0x00 (the ASCII null). None of the strings contain 0x80 in the last position, so I can delimit and parse them if you'd like.

Before I do that, I want you to edit these strings and see if this changes what is displayed in battle. If they aren't, then they're trash and we can ignore them. Probably leftover printf strings that were left in a program somehow.

The first string is located at 0x180238. Searching for this in BATTLE.OUT as little endian (38 02 18) gets no results, so these aren't directly pointered. More evidence that they are trash, but I want confirmation first.

I suppose it's possible that the non-string parts of this table are pointers. If you ignore the 0x80, some of them point to a nop (00 00 00 00) and the next "pointer" also points to a nop. Others point to the beginning of a routine, but immediately after an nop. I don't know why some would point to an nop and some would point to an instruction immediately after an nop, but the relevant point here is that the address that each "pointer" points to are delimited by nops.

"Pointers" starting at 0x180000:
0x180000: BC 74 18 80 // 0x1874bc
0x180004: CC 74 18 80 // 0x1874cc
0x180008: DC 74 18 80 // 0x1874dc

Data at address of first "pointer":
0x1874BC: 49 1E 06 0C 00 00 00 00 45 1E 06 08 00 00 00 00

Data at address of second "pointer":
0x1874CC: C6 1E 06 0C 00 00 00 00 45 1E 06 08 00 00 00 00 //note that this ends at 0x1874DB

If you'd like, I could write a script to spit out these pointers. If you also want it to append the data present at these pointers and up until the next pointer I can do that too. It would resemble the text above. Please state any additional formatting preferences. Since each pointer ends in 0x0, 0x4, 0x8, or 0xC, I can assume that these point to chunks of assembly code - each opcode is four bytes long. If you'd like the opcodes broken up somehow - with line breaks, perhaps - I can do that. Simply state what you want.

EDIT

LOL realized that you can't edit these strings because BATTLE.OUT isn't loaded. You have to edit them in either a save state or in RAM.
Find all posts by this user
Quote this message in a reply
06-30-2017, 04:44 PM
Post: #15
RE: BATTLE.OUT File
I will have some time this coming weekend, I will take a look at this. I will need to edit the battle.arc file instead of the battle.out file, correct?

I wonder if those 16 byte pointers are acutally battle stats or modifiers or something. More to come.
Find all posts by this user
Quote this message in a reply
07-01-2017, 08:46 PM
Post: #16
RE: BATTLE.OUT File
Nope. Start pSX, get into a fight, open r3000 debugger, go to memory viewer window, ctrl + g 0x180000, scroll down until you find text you can trigger in this battle, modify text, trigger text by using an ability or something, see if text changes.
Find all posts by this user
Quote this message in a reply
07-03-2017, 02:07 AM (This post was last modified: 07-05-2017 05:10 AM by MysticLord.)
Post: #17
RE: BATTLE.OUT File
Adding this here so I'll do it tomorrow or the day after.

Here's what I intend to make.

A program - not sure if GUI or CLI - that will print pointers, the data they point to (optional), and address of one or both (optional). It needs the file/path, the offset at which the pointers start, the length of the pointer in bytes, and which bytes if any can be used as a conditional (and if so, what value that conditional corresponds to a legal pointer and what value indicates trash). The text formatting requires parameters too - upper or lowercase hexadecimal, leading zeros, 0x prefix.

Other than the parameters and the abstraction required to use them correctly, it's very straightforward. I'll use a RandomAccessFile, int arrays of various sizes, bit-shifting and logical OR to combine the bytes into a single long that the RandomAccessFile can seek. From there it's almost exactly the same as the other program I wrote to dump battle scripts.

I want to do it this way because then I won't have to make another script in the future.

EDIT

I decided to call this program Vizsla, after the Hungarian pointer dog.

https://bitbucket.org/Atriedes/vizsla

Note to self: reference ScriptHelper.

https://bitbucket.org/Atriedes/scripthel...ew-default

https://bitbucket.org/Atriedes/scripthel...ew-default

EDIT

Started work:
https://bitbucket.org/Atriedes/vizsla/co...nch/master
Find all posts by this user
Quote this message in a reply
08-10-2017, 07:58 PM
Post: #18
RE: BATTLE.OUT File
Some research on the BATTLE.OUT pointer table and the data it points to.


Attached File(s)
.txt  battleDotOutPointers.txt (Size: 247.18 KB / Downloads: 1)
Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  SaGa Frontier Battle Script Opcodes Neptuneknight 34 1,221 05-17-2017 01:44 PM
Last Post: MysticLord
  Japanese Scripted Battle Events Neptuneknight 1 215 03-26-2017 11:52 PM
Last Post: MysticLord
  In-Battle Status Blocks - RAM MysticLord 0 220 12-31-2016 08:40 PM
Last Post: MysticLord

Forum Jump:


User(s) browsing this thread: 1 Guest(s)