User:32th System/SA Replay Info Collection: Difference between revisions
Jump to navigation
Jump to search
32th System (talk | contribs) No edit summary |
32th System (talk | contribs) No edit summary |
||
Line 32: | Line 32: | ||
<li>The address at which the game crashes should be in the replay loading function</li> | <li>The address at which the game crashes should be in the replay loading function</li> | ||
</ul> | </ul> | ||
<h2>What I know about decryption so far</h2> | |||
Start at replay start + offset | |||
after decrypting a byte with initial key AA, add a number specified by function argument decrypt_adder (argument 3 of function Rx581c0), go 2 bytes before the byte just decrypted and repeat until the variable/register (in this case eax) with initial value offset/2 that gets decremented every loop is 0 |
Revision as of 08:41, 30 June 2019
Replay header
THIS INFORMATION IS INCOMPLETE
Address | Type | Name | Description |
---|---|---|---|
0x00 | int | magic_number | "t11r" |
0x04 | short | check | Must be 4, otherwise the replay is invalid |
0x1c | int | replay_size | Size of the replay data not including header or user information |
Finding replay loading code
These steps should also be possible with any other Touhou game. If saving a replay twice results in a completely different replay (like it's the case in Mountain of Faith) this exact method will not work
- Save 2 of the exact same replay with a different name
- Make sure that there are only a few bytes that differ in your replays
- In one of the replays, edit a byte that is different from the other
- Enter the replay menu, your game should crash! If it does, enter the replay menu again, this time run the game with a debugger
- The address at which the game crashes should be in the replay loading function
What I know about decryption so far
Start at replay start + offset after decrypting a byte with initial key AA, add a number specified by function argument decrypt_adder (argument 3 of function Rx581c0), go 2 bytes before the byte just decrypted and repeat until the variable/register (in this case eax) with initial value offset/2 that gets decremented every loop is 0