#Modifying title screen background color using cheat engine + anything else for forever and ever

yup

there's some stuff you can do

this seems very tedious

like adding breakpoints to stop the game from running code

you can right click and nope out functions to figure out what they do

that was super handy

this all hurts my head so much lol

tell me about it

swine managed to find it super fast

i think my inexperience with CE also isnt helping here

there are some super good tutorials online if you wanna familarize yourself

but tbf they most likely won't apply here

i might give it another shot later but my head thoroughly hurts rn (not literally) so I think it's best I stop for now haha

i got no idea how to get to the draw function for the menu

that should have some of it

why tf do i not have debugging rights

what does that even mean

fyi, code starts at 00400000

damn i don't think the cheat engine brawler sent has debugging rights

im even launched as an admin

does any of this look relevant?

there was also a debug file generated with the exe, idk if that would be helpful?

yeah im stuck too

can't get anywhere else

it seems like the isFemc label is only in that function

doesn't seem like anywhere else in the ghidra code references that label

@nocturne trench any idea? am i on the right track?

just need to find where it renders the config menu and change it to the isFemc function, yeah?

yeah i got no idea

zero progress

Sure thing, only problem is one of the colors must be 0 or two of them should be the same

Or I could try to find a code cave

So I don't get any restrictions

code cave?

Yeah it's like a place in memory to write new code without It affecting the main code of the game

any way that we can get closer to actual hex codes would be nice

it's nice how simple the PC patch is for expansion so i was hoping for something like that too

Yeah, only problem with psp is that the game uses sb zero, 0x0(sp)

And this zero is the red part of the rgb

Problem is, for any other number I'd need to load It in a register previously to store it

Like for instance

li v0, 0xf0
sb v0, 0x0(sp)

I load the red part of the hex with f0 and save It to the sp

Problem is there's no space to load the value

So yeah, that's why I'd need some extra space to make the 3 different rgbs

so would this code work as a cheat @graceful pawn ?

I think I could use some space of debug strings

So yeah think I could do the rgb fully

But I've been busy today with some P3FES stuff, so will let you know when I implement the color change

no worries

handle your biz

Got it!!

Here's the cheat

Now you can change them whenever you want from this cheat since I use rgb

Just change the last 2 numbers of each commented color

We'll grab green as an example, you'll need to change the second part

_L 0x2025A664 0x34020031 # Green

Just the last two numbers are the green part 0x34020031

Same goes for the other colors

oh to the rgb value?

sick that’s super simple

i wonder how i didn’t recognize that

Well before only two of them could be changed, but in this one I added red so It can be easily changed

But yeah you can now change them looking at their respective comment of the cheat taking into account #rr gg bb

oh that's fucking sick

thank you so much

now i get it

you're the greatest

still need to figure out how to change the initial loading icon and config screen

got nowhere last night

working

im so miffed i can't see this on my PSP Go

it's basically a paper weight right now until i get a screw set to reseat the battery

Looking good!! 🔥

True, I'll try to look for these values in the psp version

So changing IsFemc didn't work?

oh no we didn’t even get that far

oh...

i couldn’t find what to change and where it was

we found the label in ghidra

and then the function

I'll check now, I'm sure it was labeled

it was

we just couldn’t figure out how to trace that backwards to what could access it

in cheat engine

Oh, I didn't really intend for you to do that. I just meant literally change it from 0 to 1. to check I didn't even remember that there was a function but if you needed you could do a similar thing with it

wait for real

it was that simple?

Pretty much

It was the function that you needed to change for this

Not sure about the loading icon though, I wasn't fast enough

what the fuck

ok how did you find the function in cheat engine

I just went to the address

what?

the address from ghidra?

It's labeled in ghidra, there's nothing special

i went to the address in cheat engine and it cut off the 1

instead of 140Dwhatever the fuck

it was 40Dwhatever the

rip

was it really that simple

Yeah...

that’s upsetting :/

I think it's the function for both although changing it for the loading icon is causing a crash for some reason

assuming i get it right and it goes to the proper address

thats all it is?

go to the address? change a 0 to 1?

that’s like

i’m almost a little upset hearing that in all honesty

Nah, I checked and that didn't change anything, you need to change the function IsFemc to return true

oh

i.e.

alloc(newmem,2048,"P3P.exe"+258920) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov rax, 1
ret

originalcode:
sub rsp,28
lea rcx,[P3P.exe+367CFFC]

exit:
jmp returnhere

"P3P.exe"+258920:
jmp newmem
nop 6
returnhere:

wouldn’t that make everything pink no matter if you’re playing as her or not

(No idea why they do it in two separate places like that, some use the global some use the function)

Yes

or is that function only for ui

But that's just a starting point

oh

You add some logic so it only does that on the title screen or something

But changing that function (or if you really want, looking at what's calling it and changing that) is what you need to do ultimately

Oh so just need to find the isFemc function for the psp version probably? Thought color might be hardcoded for the title screen

ok i also had that idea

It's the same menu code as what's used when you're in game

how do i get that function in that spot in the hex memory viewer

I'd be concerned if they duped all of it just for the titlee screen lol

Same way you get to any, it's at 140258920

damn

I've gtg for a bit but have fun

so you could technically add the address as a code

and then see what accesses it

by loading into a femc save and opening the config screen

Not the first time I've seen stuff like that lmao

then just figure out which one is the loading card and config menu

i’m hella pissed that the jump to address thing didn’t work because i literally tried that

i almost had it 😔

Actually one hint before I go, for checking you're on the title screen you could do something simple like checking the date is 0 or something like that. I think that'd always be the case on it (if not maybe something like player level)

maybe

this might grow into a femc overhaul of the UI because of the massive amount of stuff that’s still blue for femc

• the player advantage thing

ok project for tomorrow since it’s midnight and i need sleep

Seems the first loading card can be changed to pink setting the flag to the femaleMc in the psp version

However, it doesn't seem to make any effect on the config menu

It does check it tho, which is weird, but doesn't seem to be anything with the info

Maybe it's a leftover for a pink menu they had in mind in the initial development

I'll keep investigating it tho

Nah doesn't look like it, seems it's the exact same function in the camp menu than the one in the title screen and yet the color is not changing hmm

Seems to be changing the other stuff to blue here tho, but in title screen doesnt seem to do that

Made some progress with the patch

Now loading card is pink, and also this thing here after hitting new game will be pink

Here is the current cheat

man that is slightly upsetting :')

What the hell, now the pink spinning card is crashing to me as well

femc.....

Sheesh think I found a fix for the crashing at the start

You might want to try it on pc (might be a similar function to this one), but in psp it goes to this function before the loading card (seems like an init function that sets the gender to the default mc and calls a bunch of other functions like this one)

Seems like just nopping the goto of that rounded path is not crashing the game anymore

Probably the Get_Protagonist_Gender might be the psp equivalent of isFemc, for reference

Will change it to have the same name

This'd be the code with the other name

This is the new cheat, will keep testing with it just in case it doesn't explode again lol

hmmmmmmmmmmmmmmm

this might be harder than i thought for PC

i can't seem to get it to write what functions access the isFemc function

ok even when force inserting the code that makes isFemc return true, it doesn't print what's accessing it

are you just setting the femc flag to true for everything here or setting the value for specific things to be femc?

how did you find those values for the second thing?

how tf would i find this in ghidra

oh wait so isFemc is basically a yes or no and if it's no it's the MC

damn that's interesting

well I suppose that does make sense

kinda interesting to have that be the check though lol

what the fuck does stepping out even do in a break poimt

the upsetting part is that nothing seems to be accessing that check based on my understanding

there’s a way to add a memory address to the window and then attach a debugger to see what is accessing / writing to it

and assuming i didn’t put it in the wrong spot, nothing is

yet it seemingly does affect things

either the function itself writes to other addresses, which makes the most sense, or other functions are accessing it and i’m doing it wrong

i have no idea how i would trace around that first thing though

It's for specific things, I've commented in the patch for the specific places

You need to put a breakpoint in the end of the isFemc function so when it returns you know where was it being called from

At least that's what I usually do to know from where a certain function has been called

Yeaah it's just a flag the game turns on/off

so add a breakpoint on the return function?

or the function above the return?

In the ret, and when you go to next instruction you'll find out from where it was being called

the isFemc

And from there you go to ghidra and figure out what's going on

how would i do next instrunction

step over?

I think it's step into

or step out?

Think both would work for the return

140244F80

damn it put me in a giant ass function

Fr??

But when did you check it

At the start of the game??

oh at the start of the game?

the menu was already loaded homeslice

Well, you can check in many places

when should i check it?

Well it depends on the fix you want to work

What do you wanna try to make??

puts me right here

clicking select current function does a bunch of stuff

everything you did in the psp patch + the config menu

Ok you may need then the location of the current isFemc flag then

yeah i was just there

You can find it in the isFemc function probably

swine posted it

oh the flag

not the function?

Yeah, I mean the address the game is checking

140258920

It is useful because you can check when is being written or similar stuff

yeah i tried checking when it was being written and got nothing

how did you check what was being written

This is the address in memory of the flag??

to the function

i don't know which is the flag

im assuming it's the first line so yeah that address

considering we force that line to be true and then add a return

which forces the UI to be pink

Oh so you are forcing the whole checking to be femc??

Ic

i did this

Oh okay so it's the starting point

Gotcha gotcha

yeah

But yeah, next step would be looking the specific places

i tried that

how is the isFemc looking in ghidra??

Just to compare both versions

gimme a second

I mean the decompilation part

oh

But looks quite similar

I have this

lol exactly the same

ignore the fact that i just sent a song called goon juice

misinput

Lmao

Lol how weird the decomp is

basically the same

it's denuvo honey

Yeah, it's kinda cursed

ok what's the next step

is anything even accessing this function

Okay so the idea would be to get the address this function is using

140258920

To get the exact address of the femc flag

Like not the function but rather the address flag

what does that look like

So that we can apply this "is being accesed" or "is being written"

And get to new functions

oh so i was in the wrong spot

im nassuming the DAT_1433636cc is the flag?

Yep, should be the flag

it's in two spots

so how would i know which one is being accessed

or do i just check both

Wdym in two spots??

oh wait sorry

there's two different dats

and they look very similar

im assuming it's the top one then

DAT_14367cffc

Nah, should be the second one since it's the return value

oh

So it's just 1433636cc

You can try to check in game how it changes when going to new game

And selecting the mc or femc

oh the game just crashes

one second

Ooh, that should be the spinning card issue

Right??

no it happened when i clicked new game

Lol

yeah pressing new game when monitoring what accesses that address causes the game to crash

Kinda 💀

fym kinda

yes

yes it does

Is it crashing also without the monitoring of the accesses??

oh no it's just crashing regardless

the fuck

Yeah lol

gimme a hot second

You can try to turn off the agressive fix for the pink stuff

And see what happens

yeah i disabled it and cleared my cache

what the hell man

Nice

Well it was crashing with the pink spinning card so doesnt surprise me that much XDD

still crashing

Damn

That is very weird

Without mods at all??

oh wait it was my ESM mod

whoops lol

nothing accesses it when clicking new game

do i need to continue into the new game?

yeah nope nothing

yeah not sure what we were getting at there

Wait you gotta select one of the two mcs

i did

nothing

How is It possible tho??

Like it's being accesed and read

Like it's needed to print any colored stuff

yeah neither flag are accessing anything

is that exactly what you did?

What is the address inspected here tho??

140258930

Oh, but that should not work like that

did i do something wrong haha

I mean you inspected the memory address not the instruction that acceses the memory address

i thought we were trying to find that second thing by doing this

So you'd need to inspect 143363cc

Which is the address that the function is accesing

?

correct?

still nothing

oh wait

wait a second im stupid

wait no i'm not

what am i doing wrong?

I wonder if theres some kind of offset between ghidra memory address and the pc memory

That might be the problem

nope

we're on the same version

No, I mean having to add some kind of offset or something for the addresses

oh lol i put the wrong address in

For psp I have to do that at least

Oh you are right 😅

Lets see if this does something

we got something already

Lfgo

ok these 3 appear to be for the config menu

ok i kinda wanna toy around with these for now

so how did you manage to recolor the config menu on psp?

like what did you change?

Nicee, we have a clue now

I was in the process of doing that

oh lol

Because It seems the config from psp/pc changes and in my version the colors seem to be hardcoded

But in your versión Swaine managed to get them Pink just changing the isFemc return

But I've located the blue backgrounds rn

yeah id like to avoid that

To avoid that good thing you could find out is where the flag is being set

Which would involve looking the "writes" the game is doing to the isFemc flag

That's how I found the writes and replace them for the femc ones

brb ima get some water

keep explaining

Think that'd be It lmao

Find the functions that are writing that address

oh nothing was writing to the flag address

only accessing it

Yeah, but at the beginning of the game or in the new game screen

The game should do the writes

Like just before the spinning loading card

no way in hell am i that fast

unless there’s another way to reload the game that i don’t know about

is there a way to hijack the call the game makes to the flag and force it to return the right value ?

Yeah, to the write flag function It is possible

That's the way I did my cheat for the psp

ok what does that look like and how do i change it

is it the lea function?

the first function accessing the config menu looks like this

seems like all the functions accessing it are mov functions

with lea functions shortly above it

so i know te mov thing is setting something in ram

so i need to hijack what it's moving and make the value 1?

oh it is the lea rax

so the mov edx,[rax+rcx*4] is the whole loading of the color thing

so somehow i need to change the value it accesses to 1

for safe keeping

ok so i have a code injection window open

i need to change the rax value to 1

and game crash 😔

so not that

yeah im stuck :/

game keeps crashing every time i change anything

it's definitely the first window at address 150D04D74

bytes 8B 01

but how do i change the value of what's found to a 1

i'm getting closer

alloc(newmem,2048,"P3P.exe"+10D04D74) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,[1]
test edi,edi
je P3P.exe+10D04D89

originalcode:
mov eax,[rcx]
test edi,edi
je P3P.exe+10D04D89

exit:
jmp returnhere

"P3P.exe"+10D04D74:
jmp newmem
nop
returnhere:

this almost worked

lemme explain my thought process

this lea value at the top is getting the value from the flag for the gender

based on the address and offset

that movsxd does something

that lea does some math to handle how the value is stored

then the mov handles actually inserting that new value

so somehow i need to change that lea value to 1

ok maybe i don't change the starting value but the ending mov value

since it still needs to be operated on

lots and lots of crashing

but it only crashes when i modify the config screen, so that's progress

i can just tell i'm super close but i can't get it figured out

i need to hijack the value it passes but how

Is that a function that writes the isFemc flag???

yeah it's the one that gets accessed when i open the config screen

i tried doing a code injection and forcing the value to be one by doing
mov rcx, 1

but it didn't crash

yet it also didn't change anything.....

wait i think im at the wrong address lol

i definitely am, one second

I mean, you can do that, or you can rather change the arguments of the function that writes to the isFemc flag to write the femc flag

how would one do that

Don't know If I'm explaining XDD

yeah i dunno man 😭

i thought changing the value it grabbed to the femc value would do it

i dunno if code injection is working, it seems like it's moving half the code elsewhere and not actually doing anything

Hahaha don't worry this stuff is hard

Okay so what I would do is

Find where is It writing to the isFemc flag

And change It so instead of writing the 0 flag (default MC) It writes 1 (femc)

i feel like i was already kinda doing that

It won't probably be 0 or 1 but you get the idea

so instead of changing what it grabs

change what it writes?

any of these the write function?

Yeah, exactly

i have a cheat sheet of all the opcodes open but the list is so massive

im assuming it's the mov one right

I'm not very familiar with x86 unfortunately but well we can always try to understand it

embarrassing ass typo

mov is when you assign a variable to a value

and lea is when it grabs a value from an address and assigns it to an address

i think

Yeah it's moving the content of the address into edx right??

https://www.felixcloutier.com/x86/

im using this

Or the other way around not sure now

Oh thanks 😁

yeah it's moving the value from the address into rax

and then edx is being assigned a value based on rax+rcx*4

and the rax is 0 in this case

so rcx is something

And what is the ghidra code for this??

Always like to take a look into ghidra first

To get the general idea of the function

so true king

i forgot ghidra exists

Lmao

im gonna lose my mind

it's doing a fucking bit check

That's why I like to look at the ghidra part first

so the value for edx is either 4103 or 4104

because femc is 4104 that makes her value 1.....

it's all making sense now

Ok but this is similar to my isFemc function huh

why did i not check ghidra holy shit

Like It checks the flag

god bless swine and his labeling

yeah

Nsa Will be mad with you... Lol

the NSA is gonna come to my house sit me down and properly educate me

ok so

LMAO

it's just doing a bit check

that's also a little upsetting

Nah actually it's exactly what the psp is doing

So we are in the good way

yeah we're making progress

Could you check the return of the function in ghidra??

i basically just need to enable flag 4104 on the main menu

return?

like where it goes?

Yup

i forget how to do that

one sec

To see where this call is coming

how do you do that again?

usually i just double click something and it takes me there but there's nothing this time

Can you breakpoint the code when a memory address is read??

It should be possible

Or well place a breakpoint in the return

And make the game trigger the function

game freezes when i add a break point in the return

Nice

that's good?

Then you should be able to know where it's coming from

With the step over/into or whatever

so then i click step into or step out?

i still don't know the difference

Into is enters to functions

And out/over just skips the function call

But for returns It doesnt matter

oh

it's taking me to a different spot every time i click step into

Yeah you are executing the code step by step

So It jumped out of the return?

yeah

to here one sec

Lets see how It looks in ghidra right??

more bit checks

0x1407 is 5127 and 0x141d is 5149

So we just got probably femc flag is 0x1407 right??

Since you stepped out from the bit check

In psp it is 0x1007 tho

femc flag is 4104

unless it's different on the main menu?

that's the male bit flag

4103 is the male bit flag and 4104 is the female bit flag

How do you know the flags tho??

im the one that documented them on the wiki

and they're everywhere in the games flowscript

Ic ic

??? Better update them then since they're the other way around on amicitia lol

mostly for dialogue changes

oh that's fantastic

ill have to do that 😭

But it is quite weird for the game to have one flag for the male and other for female right??

In my case, it seems it's just handled by 1007

well there's a bunch of flags but the main one is those two

Tbh from what I remember looking at the flowxfript I'm pretty sure the way it is not he eiki is correct since I remember the game checking for not 4104 to show femc dialogue and options

Might be wrong tho tbf I'd have to check again lol

If it is set to 0 it's default mc, if it is 1 it's femc. That's how it's working for me in psp

find a friend uses 4104 to show femc social links

yeah because 4103 + 1 = 4104 = femc flag lol

i need to figure out where that flag is set though

But it's not adding the flag, it's just setting it right??

Or maybe I'm lost

Lmao

well the code before seems to be checking if that address is 0 or 1

then adding that value to 4103

to a bit check

which determines which colors to show on the main menu

so we just need to tell the game that the value it's grabbing isn't 0 by default but 1

Exactly, that's why we need to find the functions that write the isFemc flag

this code here is what handles the main menu it seems

To set them to female for the main menu

yeah that's what i'm struggling with right now :/

Yeah I just checked the flags with mod menu in a fresh new-game male and female saves i have and 4104 is on in the male save and 4103 is on in the female save so the wiki's current values are correct

what?

oh wait you're right shit

i got it backwards

so the value of the flag address is 1?

and it needs to be 0?

If it's checking bitflag 4104 then that's probably the case yeah

This is the function I had for setting the protagonist gender

Which could make sense taking into account that it modifies 0x1007 and 0x1008

so somewhere on the title screen it's doing that?

But the game is just looking at this one for the title screen it seems

Maybe for more things tho

There are more address references

Yeaaah that's the function you'd need to look out, the one that writes the flag

Maybe it's documented already in your project

you think it's this function that's constantly counting up only on the title screen

Look for BitSet

Or something like that

it'd be really funny if their method of hardcoding stuff was rapidly setting the value over and over

Would be kinda junky lol

that sounds like P3P to me

oh lol

that address

it is just rapidly setting the address

Well not setting but accesing right?

oh true

We know this one already so no problem

can i just change the value it's grabbing from here?

or would that break other stuff

Would break a lot of stuff

ok so not that

Always when changing stuff

Take a look at the XREF of the current function

Because it is the functions that call the function you are inspecting

So yeah, as you can see a whole lot of functions call the isFemc function

yeah

So would break a lot of stuff

way too many

so i just need to focus on what's calling it and change that

Eeexactly

which is either of these two 5's (at least for the config menu)

i probably sound like an idiot baby with all these observations haha

both of them have lea functions that pull from that address with the flag

Thing is

Watch out this same menu is not being drawn in any other part of the game

oh wait a second

the two 5s interact with each other

Because it'll show up as pink if you force it everywhere

the second one is BitSet while the first is BitCheck

well the flag would definitely get overwritten by the save

and we would be safe there

right?

We got a function match for the write flag function

nice

Some naming is not right lol, will change later

yeah your names are the games actual names

the names i have are the ones swine came up with

ok so

i just need to set the flag 4103?

Well they are the names I came up with, because I've named the functions and stuff lol

oh wait you're making labels too?

Sure, it's the best way to understand the code

So I can look for it in a future

would i be able to hijack this?

and force is to be 1?

You can try as an experiment

shit i forget if it's 1 or 0

0 is default mc

And 1 is femc

Or you can check both lol

yeah

how does one undo a code injection btw

without relaunching the game lol

game crash 😔

F

What are you changing tho??

Equivalent in ghidra I mean

replacing mov [rcx], eax with mov [4103], eax

oh wait a second

But what is it doing in the code??

Functionally I mean

oh it's the bit set function

what i showed here

Yeah 😅 that's what i was getting at

i think i might be doing it wrong

i think eax is the flag and rcx is the on or off value

this is all so confusing

it accesses the address here are the lea function

then does something to get the flag value

You can look it up with the breakpoints anytime

But why are we changing the BitSet function tho??

aren't we trying to enable the 4103 flag for femc?

instead of enabling the 4104 flag for mc?

thus making the UI pink?

oh wait you're right

that would change everything

whoops

back to the drawing board

Exactly, that'd be very destructive lol

Probably that's why it crashed

ok so something else then

You can try to make an experiment and

Try to force the femc flag here

Instead of calling the function, directly loading the result

so replace the test eax, eax with mov eax, 4103?

or 1?

It's good to try this stuff to get comfortable into changing the instructions

You can also force the jump

There are different ways to go around it

nope did nothing

What did you test??

so lemme back up a bit

this

i set an address to the flag itself, and then checked what opcodes accessed it

it says the value is 256

yeah i'm completely lost

what do you want me to try again?

i need to find something to modify to test anything and so far nothing has worked

opening the config menu did this

the two 3s increase when i open it

so does the 7

the 4 increases by 2 when i close it

and the 7 increases by 2 when i close it as well

Wanted to try and force the jump here

So, it's doing test eax, eax it's just setting up the bool for the branch

force the jump here?

oh

so don't modify that

that was the mistake i made and probably why it crashed

And its doing jnz address

You can try to make the opposite thing like a jz (dont know if this one exists)

in cheat engine it's jne

so the opposite would be je

Nice, you can try that to see what it does to the game

nothing lol

no crash, no change

What about leaving and entering the menu?

like letting the intro fmv play?

Nah like just leaving the config and re-entering

still nothing

Then that function must not be important for the color change

yeah i don't think so

it doesn't even access the flag so probably not

do i do more of the same with the other instructions in the access window?

time to go one by one through em all

man one of these functions is massive

i can't fit it all in one window

I'd try to look for a similar function to this one

Checking the writes

That's normal lol

is this what you modified?

so far nothing seems to be accessing a function like that

i checked everything in the opcode accessing that 1433636CC address

bottom 3 are for the bit_set function

top one is the isFemc byte

don't wanna touch that

but it's continuously going up

Not access but write I mean

oh write

So we can write the female at the start of the game

nothing it seems

started a new game and nothing writes to it

a lot more stuff accesses it though

lemme see what accesses the bit set function and see if i can find that function you have

Ic that's weird

what did you do with that function when you found it?

the whole set gender

I checked where it was being called at the start of the game

And instead of setting the default gender I set the femc gender

oh

that's simple as hell

now i just gotta find that function

That'd be the idea yeah

ugh

started a new game with the bitset function being monitored and nothing

Maybe you can put a breakpoint in the bitset funciton before the title screen

because this function get called as init function so it sets the flags

breakpoint did nothing

should i add another and do new game?

in bitset??

yeah

and it's bugged

i can't set a breakpoint

even after restarting cheat engine

For me just choosing the character is doing the bitset

oh there we go

wait what

what is even happening in that video lol

i don't see anything moving on the right

Can even change the flag real time and the colors change as you can see

Yeah, it's stopping the execution, then I have to press "Go" for it to continue the code

ugh what the

i cannot get that

You should be able to modify the flag in real time tho

that is not happening for me whatsoever haha

i am so confused

gimme a second i need to restart my computer

cheat engine is bugged and won't let me add a breakpoint where i want

Lol all right

so when did you add a break point?

and how did you get there?

we’re starting at the top of the bit set function right? adding a break point there?

computers back up

ok i got no idea where to add the break point

adding it near the top doesn't stop the flag from changing when i move characters

adding the break point anywhere doesn't stop anything

the little arrow icons keep changing so the flag is still being set clearly

yeah im lost

no idea what to do

but i'm 🤏 this close

how come the address at the top and bottom don't line up?

Aaaah down view is memory view

Where you can change values on the go

yeah but shouldn't they be in the same spot?

And top view is the instructions/code view

how'd you know it would be there when the code you're modifying is in a different spot?

or where the breakpoint is i guess

im still confused on that step, can't find where to put the breakpoint to make an actual difference

the colors of the dialogue boxes change no matter where i put the breakpoint

I mean I add a breakpoint on the code but I can still modify the memory anytime

so it doesn't matter where the breakpoint is?

can we get back to finding where this is haha

i don't really know what i'm supposed to get from this screen and breakpoint

I mean, we got matching functions, so if you can add a breakpoint on the bitset and do what I do in this video, it should stop the execution

ok but where did you put the break point

i already added several breakpoints and none stopped the execution

Oh that

I just added it to the return

In mips jr is jump return which is the return

oh so not ret

at the bottom

but something else

jna, je?

Well there are two returns on the function you are right

no, just one

Well, depends how the code compiled

But if there's one that's better

Just place it there

i did

and nothing happened

nothing stopped

and the flags kept changing

ghidra says there are two returns

but i'm only seeing one when i click select current function

Can you click the two returns to see where the asm takes you?

in ghidra?

Yeah

nowhere

they do nothing when clicked or double clicked

I can do this and it will select me the approximation of the assembly code of what im selecting

oh you mean that

i can see them yeah lol

adding a break point to the second return also does nothing

no stopping, flags clearly change based on the dialogue colors

That's so weird 🤔

Well I gotta rest now, it's a bit late here

no worries

ill keep poking and prodding

Hope you dig some stuff of the code

hopefully swine will know something

gonna be such a pain to find this considering this is the decompiled function

150d04d00

14025dda0

ok so it seems like that function you listed just doesn't exist at all for me

i double clicked the bitset xref on the right there

which listed every time the function was used

including two named functions

oh nevermind there are much more wtf

thunk functions be like

im legit going through each function one by one

ugh

that took ages

and i didn't even find it :/

this is the closest one

ok i don't think the function ivan shows even exists

ive checked every reference for BitSet and nothing

ive been at this for 6 hours straight

i am so damn close but i need a break

ill wait for swine to get on because i'm stumped

i need to find where the game sets the protags gender at the start of the game and change it from the male MC to the female MC

that's what teolicht did in the PSP version

that way it'll get overwritten when the save is loaded

ok what the fuck is a sig scan

why do people keep using that term when google has no idea what that is

search program text?

say that?

https://reloaded-project.github.io/Reloaded-II/CheatSheet/SignatureScanning/

It's not exactly a common thing, it's pretty niche knowledge

Only really applicable to modding modern games so I'm not surprised you had trouble finding information

(I've not read everything, just the last few messages)

yeah i still couldn't gleam much from the page

plus i don't think i can really search for what's shown there since it's the decompilation window

What's the actual problem?

need to find this function somewhere

as it handles setting the gender at the beginning of the game

Oh

by default it's male

just need to make the default female

apparently

according to ivan

i had a bunch of other ideas but they didn't seem to work

and this is technically the highest up the chain it can go without breaking a bunch of stuff

It'd probably be easiest to just set a breakpoint on that bit to see what writes to it

a breakpoint on the isFemc flag?

the byte?

Yeah

Break on write specifically

break on write to this?

or to the flag

The flag

so 1433636cc

Yeah

how does one do a break on write in cheat engine haha

Right click the byte in the memory window, the option should come up

Either that or use "Find what writes to", it should accomplish the same thing on this case

oh wow that did it for once

pressed new game and it froze

ok so step out? i think?

Yeah

oh it's just a call

imagine i find the function right here

no

it just leads to a thunk function call

Oh wait, you didn't need to step out

oh

What you broke on should be the function you need

(Probably)

Wasn't thinking

oh

lol no worries

oh it force moved me

weird

that's normal?

Force move?

yeah like i'm no longer at the address i put the breakpoint at

That's the address that wrote to that flag

oh

Open that up in Ghidra and have a look at the function

Hopefully it looks similar to what you were looking for

doesn't seem like there's any bitset here

I think that's zeroing out a bunch of them at once

You could add a hook and just change the flag you want after it finishes running

would that change the main menu config screen though?

it only broke after i clicked new game

Then no

Oh, I see what you mean. It's probably set in some other function

yeah

i need to change the default gender assigned in the main menu

which should hopefully change the loading icon card too

Well good luck, I've gtg back to work

😔

well let's hope this can carry me the rest of the way there

i got it to break on the config screen

ok so that break took me to the bitset function

weird

like actually part of the bitset function

oh so the function i need is bitset haha i get it now

incredible

ok so break on something else besides the config screen it seems

not many options

i need to figure out how to reload the game while it's open so i can get where it's set when the game launches

well hey that's something

ok well keeping the flag value at 640 is what makes it render pink

but everything is kotone when you load a male save

i think i might need to make this into a dll

seems like loading a save doesn't actually undo the flag

i guess i could say to disable the mod when playing as MC considering why would you be playing as MC with this mod enabled

but the game crashes with my current expatch

it gets in game but dies on the card :/

is makesig.py just busted or something

no it works you just need to start of function

what doesn't work are my changes?

is this incorrect?

its whats on the tin so

nevermind i guess something happened because it crashes again

it's crashing just before the card shows up so it's something to do with that

just in case

im stumped

this issue is known but was never told how to fix it

ok now i need to find this function :/

did a check for how many functions reference isFemc and it's 696

ugh this shit sucks man

i wish there was a way to force the game to start from the beginning like on PSP

while keeping the game open

i think it's time to stop

i kinda wasted my entire day on this and got basically nowhere

so ill pick this up later after a break or something

idk man im just tired of getting nothing done

the cheat doesn't work because i need to nope out the path in the message i replied to, zero clue on how to find that exact function when there's between 235-696 references to isFemc

that is assuming isFemc is the same function we're both referring too

considering we're both crashing in the same way i assume so

ok i feel better now

binge watched the last 5 episodes of gravity falls

crazy that you can upload anything on the internet to evade copyright by mirroring the video

like we really have not advanced copyright detection to get past that, wild

gonna take one last stab at it then im sleeping

can't be up too late or else i sleep walk and i've been doing some stupid shit when i do

gonna try to rubber duck this by explaining the situation out loud

ok that is helping

the 696 one is IsFemc as a value itself

but the 235 is the function itself

considering there's a (); that means it's a function

so i just need to crawl through 235 references

and find which one matches this string

time to turn on some wendigoon

Uuuuh good job, you found the flag!!

yeah it was staring at me in the face

the DAT_1433636CC was literally an address

for male it was 256

for femc it's 640????????

so adding it as an address in cheat engine, force a value of 640

bing bang boom, pink config screen

problem though

loading a male save makes you kotone

like everything

and of course making it into an expatch causes the game to crash just before the loading card

so now i need to figure out what you figured out

Yup, seems like it

So you made a patch for that address to stay in femc right??

yup

Ic ic

this

Well at least you can now toy with that address, like I did with mine, looking which part of the programs write to It

yeah that's the problem

i have no idea how to figure out what writes to the loading card

Like placing a breakpoint when writing to that address

like

i need to launch the game, add cheat engine to the game, add the debugger, and add a break point, all before it progresses into the intro?

no idea how to freeze the game

you're lucky you're working with the psp version and can easily reload the game from the start

Yeah wonder how to do that in pc

but there's no easy way to get back to the beginning besides restarting the entire game

Yeah in psp I just hit restart and boom

yeah.... 😔

lucky

2024 and i'm working on PC mods while others are working on hardware mods

what a world we live in

Unless we can find a function that gets executed at the start

Well no

Because there's no time to set the debugger

Damn