The Debugger
In this post, I assume you have BlueMSX installed with the game Dragonslayer 6 running. Also, I assume you have spent some time playing and getting to know the game. Some of the BlueMSX commands come in handy, especially (quick) saving and loading the machine state and speeding up to make grinding a lot more bearable. Also, with F9, the game can be paused. That is handy if you want to take a break, but it also makes debugging possible. Debugging means looking into the machine state and see what is going on. This is the most important way of finding errors (‘bugs’) in code. Okay so let’s start the game and at any moment pause the game with F9 and in the BlueMSX menu, choose Tools->Debugger. An second application opens up with a lot of information. Don’t be scared with all you see here, we will address most of these parts one at a time during this blog series.
Now the only window we will use here is the Memory window. So go ahead and make this bigger. In here the total ‘Visible Memory’ of the Z80 is shown. This is the memory of the Z80 at the moment we pressed F9. Each piece you see is actually a number between 0 and 255. It is shown in ‘hexadecimal ‘ format. For now, it is not really important to know how this works. There is, again, a lot of information online so go ahead and research if you want to know more. There are also a lot of online converters to convert between hexadecimal and decimal, and you will need to use one of those. If you click on one of the values, you can see the address of that value. So starting from the top left, the addresses are 00000, 00001, 00002 etc. Address 00000c is the first memory position with a value different than 00, c3. If you click on that c3, you also see the address shown in the address box. We will write the addresses from now on in the format #address. We will omit trailing zeroes.
In the previous post, I promised to make you rich. So let’s do that. In the Memory window, we see all the memory of the Z80. So the amount of money we have at that moment should be in there too. If you want to follow the search hands-on, I suggest you open the following state file (unzip it and load it in BlueMSX with ALT-F7).
If you load this state, you can see we have 3063 gold. To find this in memory, we need to convert this to hexadecimal (from now on ‘hex’). If you convert this, you see this is bf7 in hex. Just like with decimal values, you can add trailing zeroes as you wish. Since the memory positions all contain 2 digits, we need to add one zero and the value to find is 0bf7. This means it will be present as 2 values: one of 0b and one of f7. One would assume to find the 0b first and de F7 second, but for reasons I do not know (yet), the values in the Z80 are swapped. So the least significant value will be first and it will be present as f7 first and then a 0b.
Searching for ASCII characters
To find these values in BlueMSX is a bit of a hassle. Until now, it is not possible to search for the hex values. The only format you can search for is the ASCII representation of the values. If you look at the right side of the Memory window, you see all sorts of characters. If you scroll through the memory, you can also recognize words there. These characters are a set of 256, which are standardized by ASCII. So each number between 0 and 255 represent a character. If you look for a table online, you see for example that the number 21(hex) represents a ! sign. So if we want to find a hex value in BlueMSX, we need to look for the ASCII representation of those values.
https://www.rapidtables.com/code/text/ascii-table.html
And there is another catch. Some characters, like the first set of characters (00 to 20 hex) and 7f hex, are special characters like ‘ESCape’ and ‘DELete’. Since these can’t be typed into the search box, it is not possible to search for those. So you well need to try a few times with different values to get values that you can find.
We want to find the values f7 0b. The 0b is not a searchable character, but the f7 is. So there is nothing to it but looking for all f7 values and see which one is followed by a 0b value. So looking in an ASCII table online, we see that it is represented by a ÷ token. So let’s look for that and see whether we can find one that is followed by a 0b. Press CTRL F and paste the ÷ sign from the online table. Press F3 to cycle through the results. After about 20 times you will find a candidate. If you click the f7, in the box above you see the address is #208c.
To check whether the amount of gold is indeed stored here in memory, go back to the game, press F9 and do something to change the amount of gold. The easiest is to buy or sell something in a store. Then press F9 again, go back to the debugger, and check the same memory address again (you can enter 208c in the address box and press enter to go to that address).
We see that indeed the amount of gold has changed. BlueMSX even shows the changed values since last debugging session in red. So it is quite safe to assume this is the memory location of the gold. If you want to be totally sure, check the new hex values with the new amount of gold in game.
Gimme the money!
Now we know where the gold is stored, it is easy to make ourselves rich. We know #208c is the lowest significant and #208d is the higher significant address. We can put ff in both of these to give us the maximum value represented by 2 addresses, 65535. But since in game you can own bigger amounts than that, also the #208e will be part of the gold at even higher significance. Putting ff in here too will net your gold at over 16 million. So go ahead and click on the memory values and enter the values you want. Press F9 again in the game and see…. nothing!
We have the money updated in memory, but because since this was not a normal way to obtain money, the game has not redrawn the new gold amount to the screen. So do anything that changes your amount of gold the normal way (in a store, for example), and see yourself rich!
Now as an excercise, I suggest you use RO’s current HP value to find where this is stored in memory. One hint: The HP can be bigger than 255, so it will be followed by a 00.
Then give alle our 3 party members 1024 HP, MAX HP, MP and MAX MP. What do you need to do to make these values visible? Write down the memory addresses you need to change these values. Do you see any pattern?
Now that you know all memory addresses, you can load your own last saved state file and alter the same values there.
In the next post, we will look a bit more into the the character and enemy statistics and make the fighting a bit easier.
Geef een reactie