Simple Mathematics

Lazy Bastard
A note: As with other writings that concern multiple platforms, we'll need some kind of naming convention to get started. From now on, I'll call whatever hacking device/disc/system/utility/whatever the "hacking system". I know that's pretty simple, but keep in mind that I'm trying to make this guide understandable for those just entering the scene.

Also note that this is a modified version of my second section of the never-released FPSXHFAQ.


-Uhh...mathematics?

An often overlooked aspect of VG hacking is simple mathematics. Any hacker, especially one aspiring to work on advanced projects, should have a working knowledge of hexadecimal and conversion between it and decimal. And it's good to understand the idea of mathematical conversion between versions of the same game. But beyond that, most fall short.


-So what else is there?

There are quite a few things in VG hacking that involve mathematics, but I'll cover only one that I feel is important, especially for someone just starting out. This can be a difficult topic to explain, so I'll start with an example. If at some point you become totally confused, don't worry. I expect that to happen; just continue reading.

You're hacking for a brand new game you just bought, Metal Gear Fantasy Alpha (which doesn't actually exist, and now that I think about it, kinda sounds like a porn with robots...heheh). Let's say, for fun's sake, that this game's a combination of an action game, an RPG, and a fighting game. Right now you're in the middle of a battle with three enemies. You stretch out your arms, fill your mouth with nachos, and flare up that hacking system. After a few minutes, you've hacked a modifier for the first enemy's health bar, and you're feeling pretty proud. Congrats, man. Or woman. Or whatever. So now you move on to hack a mod for the second enemy's health bar. Cool. So now you're gonna hack the health bar of the third enemy. You write down the other two addresses, and start an unknown value search for - wait a minute. You just get an idea? If not, that's OK; you're still learning, that's why you're here. Anyway, I sure did, heh. OK, let's look at the two addresses you've found so far (we'll use a PSX/N64 GS address structure for the example)

1st Enemy Health Bar Mod - 80095564 ????

2nd Enemy Health Bar Mod - 80095638 ????

(???? = value; check out the Detailed Basics FAQ for more details about...er...basics, heh)

Now assuming that all three enemies were programmed with the same amount of information, it's safe to assume that their info also takes up the same amount of space in the memory. I'm sorry if this sounds confusing; I'll try to make an analogy. There are exceptions when working with data, but say you have three brand new, cylindrical, steel barrels. They're made of and contain entirely the same substances, and have equal height and circumference (distance around the barrel). It's safe to assume they have equal weight.

Anyway, assuming what I said is true, and that either there is no data between that of the enemies or that the data between enemy one and two takes up the same amount of space as the data between enemy two and three, you can now finally make a useful assumption: that the distance between any two equivalent addresses of enemy one and two should be the same as the distance between any two equivalent addresses of enemy two and three.

So the distance between the 1st Enemy Health Bar Mod (80095564) and the 2nd Enemy Health Bar Mod (80095638) should be the same as the distance between the 2nd Enemy Health Bar Mod and the undiscovered 3rd Enemy Health Bar Mod. And why is this useful? Well, grab a calculator that can work in hex (the one that comes with Windows will work fine, as will any scientific calculator...you could even add and subtract in hex without a calculator at all - read my FAQ on hexadecimal, if you'd like), and find the difference between the two addresses you have.

95638 - 95564 = D4

So the difference between those two addresses is D4. Not only that, but this is the difference between any two equivalent addresses from one enemy to the next. Looking back to what I said before, add D4 to the address that modifies the 2nd enemy's health bar (80095638). You'll get 8009570C. Guess what? That's the 3rd Enemy Health Bar Mod. You've just hacked something without using a hacking system, or hell, even a gaming system.

OK, you happen to be excited about this new game, so you notice that your enemies also each have a magic bar, and you set about to hack those. You do the stretch out, fill mouth, flare up thingy you just did a minute ago, and hack a 1st Enemy Magic Bar Mod - 80095562 ????. Well, you already know that D4 is the distance between any two equivalent addresses from one enemy to the next, so add D4 to that address, and you instantly get the 2nd Enemy Magic Bar Mod - 80095636 ????. Now add D4 again, and you've got the 3rd Enemy Magic Bar Mod, 8009570A ????. Now this idea's finally starting to pay off.

This may seem like a simple time saver, and it is in that example. But when something more complicated needs to be performed, you'll suddenly have a good tool in your hand where you thought there was a simple time saver.

For our next example, let's say you saved up 50 bucks helping the old lady across the street take her trash out for a month (you swindler, you), and went down to the store and picked up a game you've been wanting for a long time, Resident Frontier VII (which also doesn't actually exist), 66% RPG and 33% Survival Horror. You play it for a few hours, and you get to the part where you're out on the world map, and the big, evil mutant goldfish is trying to find you and eat you, and it has way more HP than you do. You'd rather not fight her, and she could teleport from the other side of the world where she's just broken free from Parasol Corporation's illegal labs to being only a few steps away from you at any moment. You suddenly have an idea. If you could hack her coordinates, you could stick her in one spot for as long as you want. You have a dilemma, though. Since she warps, and only makes a jump or two to get to you after that, it's not really an option to hack her coordinates. You shrug your shoulders, pause the game, and flood your mouth with some kind of caffeinated substance as you ponder over what to do.

This seems impossible. In reality it isn't, of course, but it may seem like it is the first time you hack something like this. If you get confused and have to read this more than a few times before you understand it fully, that's OK. You're still doing a far shot better than about 90% of the VG hackers around, especially the run-of-the-mill method hackers with their damn abaxialism (heheh).

*apologizes to KE for stealing his material*

Heh, well, there are only a few scattered sprites on the world map. Sprites, in case you don't know, are simply characters and objects that have an action or move at some point in the game (technically, the definition for "sprite" in graphics is "A two dimensional image or animation that is integrated into a larger scene", but use in the hacking scene tends to be a little more loose). They exist in towns, on world maps, and even in battles, and they're in every game you play. But for right now, there's you, the jeep you have, which you can get in and out of, the goldfish, this ship that goes constantly between your continent and the next, which has nothing to do with what you're hacking, and this dragon which flies around in the skies that you'll fight later on in the game, which also has nothing to do with what you're hacking. The data for the sprite you control, in pretty much any game, is first in the memory, before that of the other sprites. Next usually come things like your vehicle or animal you ride, and after that it's a grab bag of whatever else exists (your controls, if you're wondering, are usually in a totally different area of memory). Getting any ideas yet?

Using the same idea you used when you hacked those codes for your old fav, Metal Gear Fantasy Alpha, you decide that the information for each sprite probably takes up the same amount of space, and is arranged the same way. So if you were to find the coordinates for one sprite, and then for another, preferably the next, you could solve for the coordinates of the others. Before I continue, let me briefly explain the three types of coordinates.

X - West to East, or East to West

Y - North to South, or South to North

Z - Up and down, heh. Your Z coordinate is your elevation level, or how high in the air you are.

Now, since you control yourself, heh, you set about hacking your own coordinates. You walk north, and run a Different To Last search. You then walk east, being careful not to walk north or south, and run an Equal To Last search (if you don't think you can avoid moving slightly north or south - or east and west while searching for north/south coordinates - you may be restricted to Different To Last searches, and exclusion by entering/exiting menus). You walk south, and run a Different To Last search again. You may be wondering why I'm not running Greater Than Last searches as I go north, and Less Than Last searches as I go south. Well, in some games, coordinates increase as you go south, and in others they increase as you go north. Also, you may cross the end of an axis, at which point its value starts over at a much higher or lower number. Once you know which way the particular game you're hacking works, and, if possible, where each axis starts and ends, you can then use Greater Than Last and Less Than Last searches with confidence. You could use them anyway, and just try one way, and if that fails, try the other, but doing things like that should be held as a last resort, in case you can't succeed any other way. Anyway, now you do some other thing that doesn't make you move north or south at all (enter and exit a menu, etc), and run an Equal To Last search again. You continue this pattern, and eventually you've hacked your Y coordinates. You now do the opposite, and hack your X coordinates. Next you start a new search, walk up a hill, and run a Greater Than Last search. You then walk down the hill a little, and run a Less Than Last search. Then you walk down the rest of the way, and run another Less Than Last search, and walk back up, and run a Greater Than Last search, and so on, eventually finding your Z coordinates (again, you may have to invert these instructions, running greater than last as you walk down a hill, or even resort to Unknown Value searches). Good job.

Next, you get into your jeep, and do the same thing entirely, until you have X, Y, and Z coordinates for it, too. Let me lay out a set of results for you:

Your character

X Coordinates - 80094BBA ????

Y Coordinates - 80094BBE ????

Z Coordinates - 80094BBC ????

The jeep

X Coordinates - 80094C60 ????

Y Coordinates - 80094C64 ????

Z Coordinates - 80094C62 ????

You may wonder why the address for the Z coordinates is between the addresses for the X and Y coordinates. I wonder this too, heh, but it's usually the case.

Now, you find the difference between your X coordinates, and those of the jeep. It turns out to be A6. This is, then, the difference between any two equivalent addresses of your character and the jeep. If you don't believe me, find the difference between your Y coordinates and the jeep's Y coordinates, or do the same with Z coordinates. It's A6. We can't say for sure if it's the difference between the equivalent addresses of any sprite and the next (or previous), since we don't know if the data for any other sprites is between that of your character and the jeep (if it was, the difference between your character and the jeep would be larger than the difference between any sprite and the one after or before it, because the next sprite after your character wouldn't be the jeep, but some other sprite). There are three things you could do about this. If the distance between the data for your character and the jeep is small enough, as it is, and you have a decent memory editor for this system, you could use said memory editor and look at everything between the two, to see whether or not anything resembles another set of coordinates. You could try dividing the difference (A6) by two, or by three, and so forth, and see if you find the coordinate mods for anything else, and work from there. Or you could simply assume A6 is indeed the correct difference between any sprite and the next, and try it out. If you're in a hurry to find one thing, go with the latter. So, staying in your jeep, look in the memory at all of your coordinates, and write them down. I'll make some coordinates up:

X Coordinates - 80094C60 5376

Y Coordinates - 80094C64 7393

Z Coordinates - 80094C62 1063

Now, if you found another sprite's coordinate mods, and used these digits with them, you'd probably be right in assuming you'd put them in the exact spot you're at right now, from wherever they were at before. This noted, in case adding A6 once gives you the coordinates of the goldfish, which you definitely do not want to suddenly be at the same spot you are, you move away from the spot you're at. Now add A6 to all of those addresses. You'll get

X Coordinates - 80094D06 ????

Y Coordinates - 80094D0A ????

Z Coordinates - 80094D08 ????

OK, before you modify this poor sprite's coordinates, save your game. At this point, assuming you don't have much experience, I don't want to walk you through writing other parts of the memory down so you can change things back in a moment if you need to, so saving is the best thing for now. If you eventually discover and invent your own shortcuts, great. And if you really can't think of any, e-mail someone on the GSHI staff. Anyway, let's move on.

If the hacking system you're using includes a memory editor (or if you're using one externally, somehow), look at the three addresses you just found a moment ago. Did anything happen? Good, I was just kidding; nothing was supposed to happen. Heheh. Anyway, get those values you wrote down, and plug'em into the three addresses you just solved for. Now return to the game. Damn, it's the dragon. Well, it's a good thing you just saved, because since you didn't write down the original coordinates for that dragon, you might as well reset, or go die or something (in the game, mind you), so you don't have to make up new coordinates to try with the next sprite.

Now you've reset (and disabled any of your coordinate mod codes, if you had them on at all) and loaded your save (or a savestate, in the case of most emulators). You add A6 to those new addresses (those of the dragon), and plug in those values again. And this time it's the goldfish! Don't worry; she can't hurt you - she's stuck in that spot. A job well done. Change her coordinates and move her around if you want to. She's totally under your control now, as is any other sprite on the map.

I'm too lazy to give any more examples right now. You should have a pretty good grasp of how useful simple mathematics can be in VG hacking, if you're willing to use your head. Good luck with it all.


This text was brought to you by GSHI.org, unless someone else gave it to you, in which case it was only written by someone at GSHI.org. Heheh.

Greets to: Kodewerx, CodeMasters-Project, Hacking 101, Cheaters' Lounge, RHDN, PS2Dev.org, Zophar, cYs Driver, Tony Hedstrom, Pugsy, SwampGas, Link, and everyone in the hacking scene.


This text was brought to you by GSHI.org, unless someone else gave it to you, in which case it was only written by someone at GSHI.org. Heheh.