It was developed by Capcom and based on George Lucas' movie of the same name, though with a somewhat different plot. Despite (or because of) this its been hailed as one of the few movie-to-game translations that are arguably better than their silverscreen counterpart.
I didn't own the cart, I borrowed it from a neighbor. It was the Japanese version, and although it did not use any kanji, my Japanese skills were non-existant back then, leaving much of the plot to guess, making most of the gameplay trial and error. It was very time consuming moving back and forth between towns, talking to every NPC more than twice, just to get the story to move forward.
The thing was, and I still had a blast playing it. The background song during password entry would play in my mind for some time (this was probably because it took so long to enter the password, being in Japanese) .
Recently I took up playing the game in English, just for the heck of it, and reliving fond memories of childhood.
I read somewhere that the password entry system was used in order to cut costs and development time. I believe the original plan was to have the data battery backed, just as Zelda did.
This is where the hacking comes in. I thought, why not add a save game feature to Willow?
Now, in a real NES the cart would have a set of RAM with batteries attached. It would be just another address accessible by memory. In an emulator, a header in the .nes file tells the emu that it has battery backed RAM, by convention this starts at $6000.
So, just modify the header to include battery backed RAM and poof! It became Koko Crunch!
When the emulator loads the ROM it looks for a corresponding file in the battery-backed-data folder, usually called SAVE or something. Using FCEUltra, it looks just like a raw dump of $6000 - $7FFF. For efficiency, the emulator only updates this file whenever another game is loaded or the emulator shuts down.
I tested this with your typical "Hello World!" text hexed into the RAM dump and booted the ROM. Using FCEU's debugging capabilities, I looked into RAM memory and there it was.
That was the easy part.
For a Proof of Concept Hack:
- Modify the header to make it have battery-backed RAM. (Done)
- Find where the stats are located.
- Redirect the password routine to copy battery-backed RAM to game stats.
- Implement a hack in the game joytick routine to detect an unused button combination (Select-B?) and jump to a routine that saves current stats into battery-backed RAM.
For a complete hack a load and save screen should be implmented, and multiple save slots would be nice.
So far I've found where the password is checked, but nothing too in-depth as I am currently disassembling from the emulator. I've also found the main game joystick routine, so I should be able to insert a jump to my own routine to trap the special button combination for the PoC.
Hopefully I can insert the needed code and (later on) screens without having to expand the ROM.
No comments:
Post a Comment