My Fatal Frame +3 trainer has some problems.

Source:


.586p
GetBase macro Reg
call $+5
pop Reg
sub Reg,$-1
endm

Code segment use32
org 0

dd offset End_of_file
dw 1 ; Version
dd End_of_header ; Size of header
dd offset Selections
dd offset Selections_Text
dd offset ID_List
dd offset Entry
dd 0 ; res1
dd 0 ; res2
db 0 ; Master Enable

End_of_header equ $




Entry:

;
; this code will be called after the game is loadede but before
; it is launched , it shoot be able to check for Pal/Ntsc version
; and if multi xbe files it used in the game.
;

mov edi,010114h
cmp dword ptr [edi],3dc11253h
jne Exit

cld

Photo_90:
cmp [Sel_90+ebp],0
je SStone

mov al,01h
mov edi,0002f392h
stosb


SStone:
cmp [Sel_SStone+ebp],0
je MStone

mov al,090h
mov edi,0002e587h
stosb
stosb
stosb
stosb
stosb
stosb



MStone:
cmp [Sel_MStone+ebp],0
je Exit

mov al,090h
mov edi,0002931ch
stosb
stosb
stosb
stosb
stosb
stosb



Exit:
ret


ID_List label dword
dd 054430004h ; Fatal Frame ID
dd 0

Selections label byte
Sel_90 db 0
Sel_SStone db 0
Sel_Mstone db 0

Selections_Text label word
dd offset Text_Menu
dd offset Text_Info

dd offset text_Photo90
dd offset text_SStone
dd offset text_MStone
dd 0


Text_Menu db 'Fatal Frame +3',0
Text_Info db 'Trainer By Xer',0
db 0 ; End of info

text_Photo90 db 'Unlimited Photo 90',0
text_SStone db 'Unlimited Spirit Stone',0
text_MStone db 'Unlimited Mirror Stone',0

End_of_file equ $

Code ends

end


It works correctly,but only "nondecreasing" not "Infinite".
So I try to maximate the value.

Address "0001BEA0" is a proc that copies saved data to memory in batches,"010023EC" stores saved data.

I set a breakpoint on "010023EC" to see when the value is changed,but the game never freezes even datum in "010023EC" are changed.So I poke it myself,and the breakpoint works correctly.

I've really no idea why the game doesn't halt when the breakpoint is reached.

why doesn't
poke 0002F38D 90
poke 0002F38E 90
poke 0002F38F 90
poke 0002F390 90
poke 0002F391 90
poke 0002F392 90

work?

0002F38D dec byte_396BB8[eax]
0002F393 mov word_396DCE, 78h

looks to me like that stops it from updating :)

if you've got the value to decreasing then you can poke a value into it's location, but most of the time there are other routines that will overwrite that value such as when you load your saved game or start a new game so it just easier for you just to keep it as a non decreasing number

oh, and congrats on writing a trainer :)

Originally posted by dootdoo
oh, and congrats on writing a trainer :)

Thx :)


Originally posted by dootdoo

why doesn't
poke 0002F38D 90
poke 0002F38E 90
poke 0002F38F 90
poke 0002F390 90
poke 0002F391 90
poke 0002F392 90

work?

0002F38D dec byte_396BB8[eax]
0002F393 mov word_396DCE, 78h

I've tried,the game hangs.

0002F390~0002F392 also can be disassembled as "imul edi,[ecx],0".
I assume that it has a same effect as "sub".
so
mov al,01h
mov edi,0002f392h
stosb

works fine.


Now the problem is:
.text:0001BEA0 loc_1BEA0:
.text:0001BEA0 mov dl, [edi]
.text:0001BEA2 mov [eax], dl
.text:0001BEA4 mov edx, [esi]
.text:0001BEA6 inc eax
.text:0001BEA7 inc edi
.text:0001BEA8 inc ecx
.text:0001BEA9 cmp ecx, edx
.text:0001BEAB jl short loc_1BEA0

I tried
poke 0001BEA0 B2
poke 0001BEA1 63
(mov dl,063h)

these codes copy saved data(items' info) to a 80 byte mem area start from 00396BB7 when load stage.

Question is how to maximate items when load stage or start a new game.

Just wondering if the trainer was ever finished and if so, could you upload it here. I could really use it if you are done with it. :)


Storm180

I would also like to request the Fatal Frame trainer.
It would be really cool if you could upload it so that people can download your creation.
Thanks!!