Messing around with Paper Mario: The Thousand Year Door

I had known about people who hacked sprite-based games, but hacking something from the GameCube seemed like it must be amazingly hard. It's so much more modern, after all! Surely it would be even less accessible since everything must be quite compressed, or purposefully hidden, or just too complex... but actually, certain things are easier. Editing text in TTYD is dramatically easier than in any NES game (and certainly easier than the Sega Saturn) because you actually have nice little directories telling you where everything is and you can just open up a text-editing program and get it all working. Some other things remain challenging - chasing down the memory addresses for values requires patience and a willingness to chase PowerPC instructions for as much as you can. With that being said, I'd like to share some of the things I've found while messing around with the game.

Text editing

This one is incredibly easy. All you need are a few tools and you can get started.

Needed: GCRebuilder
Dolphin
An ISO of the game (there are guides online on how to rip GameCube games for personal backups)

Create your copy of the directory

  1. Open the ISO in GCRebuilder.
  2. Export files
  3. Now you have the directory. Save it somewhere else

Begin text editing

  1. Go to too/msg/{country name here}
  2. Use notepad++ to open files. Make sure you have EOL conversion on (Unix).
  3. Edit the text.
  4. Save the file.

Export

  1. After saving your text files, go to GC Rebuilder. Open Root and select the folder you have been working in.
  2. Root > Save. If you don’t have a new ISO yet, type the name of your modded ISO. Otherwise select the modded ISO.
  3. Root > Rebuild.
  4. Test your ISO in Dolphin or emulator of your choice.

Notes

  1. Build often stalls at 1459814400 bytes written for some reason. Wait it out.
  2. Always test after making changes! Not every single little one, but don’t wait too long between large revisions.
  3. One bug I encountered was incorrect line spacing, where the game was not chunking the lines correctly and thus moving between the blocks of text didn't show correctly. First encountered with the Toad girl in Glitzville who has a crush on the “Welcome to the Glitz Pit!” guy. I could not find a way to fix it. I must have changed something at some point that caused this, but her actual text was unaltered. Removing the <wait 250> command fixed the first segment but I could do nothing to fix the next ones. Solution was to delete the entire tou2.txt file and get a fresh tou2.txt file from the original. Do not copy paste the text from fresh copy to altered - it doesn’t work, for some reason. Instead, deleted your altered tou2.txt and replace with a fresh tou2.txt.
  4. Always keep a copy of the original for this reason. Though the editing is straightforward, the actual behavior of the text engine is not well-documented, so if something goes wrong, it may be anyone's guess as to what went wrong.

Address hunting

Say you're greedy and you want to make lots of money fast in the game, but without putting in the work. How can we do this? The amount of money you have must, of course, be stored in some address, so all you need to do is find the address, change the value, and you can get what you want, right? ...We'll see about that.

We'll start with an illustration of how to find values. Dolphin has a 'cheat code engine' that lets you search for memory addresses that have been altered. This is critical for finding where things are stored!

  1. Open up the cheat code engine.
  2. Say you have 50 coins. You want to convert that number to hexadecimal and then put that in as the value you are monitoring. Search. You will see a bunch of addresses appear.
  3. Spend money.
  4. Look for values that changed to the new value you want (converted to hexadecimal, as always). There may be multiple. Note the addresses somewhere.
  5. Pause the game. This lets you go to the memory manager. Search for the address you are looking for.
  6. Edit the value. Restart the game.
  7. If it was the correct address, then the value will change. If not, try another address.

Success!... if we were looking at a different game. But you will see the number counter change to whatever it was before. What is going on? Why can't I get rich quick? Is the universe teaching me a moral about the value of hard work? In a way, it is - the value we found is only the display value of the money. For many values, TTYD keeps two copies - one that is the actual amount of the thing you have (in our case, coins), and one that is the display value. Changing the coin display value to one that is not the same as the stored value, for example, triggers a coin-counting animation. That is quite cool, but we don't want to trigger an animation. How can we find the real value?

PowerPC

It is here that the true struggle begins. We're a long way from opening text in Notepad++. You will have to jump to the instructions tab and find out what subroutine is updating that address, and then trace it backwards to see if there is copying the value there from somewhere else. In order to that, we need to learn a little about PowerPC, and the registers of the Gamecube CPU.

Gamecube games are written in some higher level language (e.g. C) and then compiled to PowerPC, because that is the assembly language used by the GameCube's CPU. PowerPC, by IBM, is also used by early Macs and by the Xbox 360. PowerPC, to my knowledge, is not really used anymore. As such, simply finding information on it will be challenging.

One relatively important thing to know is registers. You will be looking at these a lot. You'll need to know which register is the stack register, and what is being stored in the other registers. You will also need to track data as it moved through registers and is chopped and screwed.

If there are debug symbols for the game you're using, you will be ahead of the curve. It is much easier to look at something with a name than to stare at a mystery function and try to figure out what it does. If there are no debug symbols, you can still rename functions to what you guess they are doing.

https://mariokartwii.com/showthread.php?tid=873 https://hitmen.c02.at/files/yagcd/yagcd/frames.html