User:32th System/SA Replay Info Collection: Difference between revisions

From Touhou Patch Center
Jump to navigation Jump to search
No edit summary
No edit summary
Line 32: Line 32:
<li>The address at which the game crashes should be in the replay loading function</li>
<li>The address at which the game crashes should be in the replay loading function</li>
</ul>
</ul>
<h2>What I know about decryption so far</h2>
Start at replay start + offset
after decrypting a byte with initial key AA, add a number specified by function argument decrypt_adder (argument 3 of function Rx581c0), go 2 bytes before the byte just decrypted and repeat until the variable/register (in this case eax) with initial value offset/2 that gets decremented every loop is 0

Revision as of 08:41, 30 June 2019

Replay header

THIS INFORMATION IS INCOMPLETE

Address Type Name Description
0x00 int magic_number "t11r"
0x04 short check Must be 4, otherwise the replay is invalid
0x1c int replay_size Size of the replay data not including header or user information

Finding replay loading code

These steps should also be possible with any other Touhou game. If saving a replay twice results in a completely different replay (like it's the case in Icon th10.png Mountain of Faith) this exact method will not work

  • Save 2 of the exact same replay with a different name
  • Make sure that there are only a few bytes that differ in your replays
  • In one of the replays, edit a byte that is different from the other
  • Enter the replay menu, your game should crash! If it does, enter the replay menu again, this time run the game with a debugger
  • The address at which the game crashes should be in the replay loading function

What I know about decryption so far

Start at replay start + offset after decrypting a byte with initial key AA, add a number specified by function argument decrypt_adder (argument 3 of function Rx581c0), go 2 bytes before the byte just decrypted and repeat until the variable/register (in this case eax) with initial value offset/2 that gets decremented every loop is 0