1 2
36 37 38
48 49
Posted: 9/19/2007 5:14 AM
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
JXQ wrote:
Seeing MM6 bumped reminded me I wanted to ask how this run was progressing. So I'm doing that now. :)
Stuck in the clashman stage scrolling, i can't find the "key route" to it to get it to work and there is a bug in the Bisqbot code and can't know what it is. I have done some progress to MM6 because of that but of course im trying to complete that scrolling when i feel to spend some time for it :)
Posted: 12/27/2007 3:40 AM
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Hello. I'm not offering anything special this time. Now i'm back with the 11 frame improvement thought. I still SUPER interested about this run and i LOVE to work on it. I was able to broke flashman's framerule by sacrificing one frame for some reason. This movie end at the place where you need to do that scrolling. You can ask me about this situation, help or anything if you want to. I want to make sure to you guys how hard this is to do in that place + still having badluck. Hope you get some enjoyment from this ;) babies~ http://dehacked.2y.net/microstorage.php/info/1644530355/rm2crash.fcm
Posted: 12/27/2007 12:52 PM
Quote
Flip
Skilled player (1651)
Joined: 7/25/2007
Posts: 299
Location: UK
Sega TAS of 2017 PSX TASer of 2015 PSX TAS of 2015
Brilliant so far, but what are you aiming for? Are you trying to get above the ground and walk on to the boss, or use the ground to clip your way?
Posted: 12/27/2007 1:05 PM
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Flip wrote:
Brilliant so far, but what are you aiming for? Are you trying to get above the ground and walk on to the boss, or use the ground to clip your way?
i'm trying to move next room like in the airmanstage but this time i'm scrolling down to move on the roof of last room :) this movie includes that crashscrolling too so you can see what there exactly happens, this is my old version that got improved. http://dehacked.2y.net/microstorage.php/info/1924415306/rm2bubblescrl-shn.fcm
Posted: 12/27/2007 4:42 PM
Quote
Maza
Joined: 5/27/2005
Posts: 465
Location: Turku, Finland
Looks as frame-perfect as usual :P. Always a pleasure to watch your runs. By the way, have you thought about using Item 1 in Flashman stage? Could it be more beneficial than using Item 3 in Heatman stage? What I'm suggesting is that if you switch the bossorder from flash-heat-air... to heat-flash-air... Though i have a vague feeling that someone has tried it.
Which run should I encode next? :)
Posted: 12/27/2007 5:22 PM
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Maza wrote:
Looks as frame-perfect as usual :P. Always a pleasure to watch your runs. By the way, have you thought about using Item 1 in Flashman stage? Could it be more beneficial than using Item 3 in Heatman stage? What I'm suggesting is that if you switch the bossorder from flash-heat-air... to heat-flash-air... Though i have a vague feeling that someone has tried it.
Well there is no possibility that route is fast, item3 -> zip in the heatman stage is a big time saver. If you start with the Heatman stage you have to sacrifice much time + in Flashman stage there is hard to perform anything fast or interesting with item1s Examples why they are slow: Flashman: http://dehacked.2y.net/microstorage.php/info/988899204/flashamania.fcm Heatman: http://dehacked.2y.net/microstorage.php/info/1792373072/heatmania.fcm
Posted: 12/27/2007 5:23 PM
Quote
Bablo
Player (224)
Joined: 10/17/2005
Posts: 399
You can't really abuse Item1 so much in Flashman stage. And there's the huge zip in Heatman stage too.
<adelikat> I've been quoted with worse
Posted: 12/29/2007 2:56 PM
Post subject: about the re-records
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Current published run had over 200k (BisqBot's re-records were not calculated.) re-records and there is a good reason why there is so much of them. I'm a person who tries to do everything to find even little things out, i usually spend almost a whole day to a little things because i want to find minimal improvements. Re-records were made by my hands and thousands of different tests like, starting some stage few frames later to see if it is faster in the end, killing the boss in different positions, entering the room in different (frame and positions) because there is a possibility to gain 1-2 frames. I just wanted to test many things out and to be sure about everything. Newest WIP (different movie, i started everything from the start) had 19-20k re-records and there is a straight, natural answer for it because i have gained much experience from Rockman games and i know really well how the game works and think about my movements and so on. And why do you guys expect to see high re-records count to game like this? It's easy to perform glitches and everything expect re-record count eater screenscrollings. Hope this helped, thanks.
Posted: 3/30/2008 6:01 PM
(Edited: 3/30/2008 8:26 PM)
Post subject: Scrolling glitch workings discovered
Quote
Bisqwit
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Hi, Finalfighter and I just discovered what happens in Rockman 2 when it scrolls the screen the wrong way: Scrolling to down when the screen is supposed to only scroll horizontally, or scrolling to the right when the screen is supposed to only scroll vertically. As we knew so far, it happens when lag occurs at the exact same moment when Megaman is on the edge of the screen, about to plunge to his death. When lag occurs sufficiently, the screen scrolls down instead of Megaman dying nonchalantly. So far, we hadn't been able to figure out why it does not always happen when lag occurs: you could have dozens of enemies and Item1s on the screen, the game would be running at half of its normal speed, and yet Megaman would die at the bottom of the screen. Here's what happens normally when Megaman is at the bottom of the screen. 1) The game loads CurrentOrderNum (memory address $38), which indicates the index into the level data which determines the layout of the rooms in the stage. 2) The game reprograms the mapper in order to access the memory bank in which the level data is located. 3) The game reads the value of level data indicated by CurrentOrderNum. 4) If the value loaded equals 3, then the screen may scroll down. Otherwise Megaman dies. Here's what happens when the screen scrolls unexpectedly. 1) The same as above. The value is placed in register Y. 2) The same as above. However, during the mapper reprogramming, the NMI occurs. 3-4) The same as above. Why does this change the circumstances? Let us observe more closely what happens: 2a) The mapper reprogramming routine sets up a flag indicating that it is reprogramming the mapper. 2b) The routine starts reprogramming the mapper. 2c) The NMI occurs. Because the mapper was just in the process of being reprogrammed, the NMI does not change the mapper (for it's not re-entrant), and returns very quickly. The NMI sets up a flag indicating that the sound code was NOT run. (For the sound code is located in another bank and to run it, the mapper would need to be reprogrammed.) 2d) The mapper reprogramming routine notices that the sound code was not run, and therefore chooses bank 12 and runs the sound code. Then it chooses the requested bank again. 2e) The mapper reprogrammer returns, and code continues from step 3 as above. Somewhere here, the value loaded in Y (indicating CurrentOrderNum) changed. The thing is, when the mapper reprogrammer runs the sound code (that is normally run by the NMI), it does not restore the register contents. The sound code clobbers the value of Y, and it does not restore it. So when the code continues from step 3, it has got the wrong value in register 3. When the level data is accessed, it accesses different room data than it would normally do. This is the core of the error. Why does it happen? Well, during Q&A, the game testers probably noticed that in some circumstances, when the game slows down, the music also slows down. The music slows down because the music code, which is normally run by the NMI, cannot be run while the mapper is being reprogrammed. Since music slowing down is a sign of a Badly Programmed Game, they added extra code in the mapper reprogrammer to run the sound code if the NMI skipped it. However, they failed to restore the register contents when sound code is run in this exceptional way. So that is how the trick works. So how do we achieve it? Turns out, it is exactly as difficult as we have observed. Here is a disassembly of the mapper reprogramming routine: 
SwitchBank:
[1E]C000: 85 29                sta DesiredMapperPage       [$0029] A=0E X=2A Y=00 S=F9 P=24
[1E]C002: 85 69                sta CurrentMapperPage       [$0069] A=0E X=2A Y=00 S=F9 P=24
[1E]C004: E6 68                inc MapperProgramming       [$0068] A=0E X=2A Y=00 S=F9 P=24
[1E]C006: 8D F0 FF             sta $FFF0                   [$FFF0] A=0E X=2A Y=00 S=F9 P=24
[1E]C009: 4A                   lsr                                 A=0E X=2A Y=00 S=F9 P=24
[1E]C00A: 8D F0 FF             sta $FFF0                   [$FFF0] A=07 X=2A Y=00 S=F9 P=24
[1E]C00D: 4A                   lsr                                 A=07 X=2A Y=00 S=F9 P=24
[1E]C00E: 8D F0 FF             sta $FFF0                   [$FFF0] A=03 X=2A Y=00 S=F9 P=25
[1E]C011: 4A                   lsr                                 A=03 X=2A Y=00 S=F9 P=25
[1E]C012: 8D F0 FF             sta $FFF0                   [$FFF0] A=01 X=2A Y=00 S=F9 P=25
[1E]C015: 4A                   lsr                                 A=01 X=2A Y=00 S=F9 P=25
[1E]C016: 8D F0 FF             sta $FFF0                   [$FFF0] A=00 X=2A Y=00 S=F9 P=27
[1E]C019: A9 00                lda #$00                            A=00 X=2A Y=00 S=F9 P=27
[1E]C01B: 85 68                sta MapperProgramming       [$0068] A=00 X=2A Y=00 S=F9 P=27
[1E]C01D: A5 67                lda SoundCodeSkipped        [$0067] A=00 X=2A Y=00 S=F9 P=27
[1E]C01F: D0 01                bne $C022                           A=00 X=2A Y=00 S=F9 P=27
[1E]C021: 60                   rts        <-- this branch is normally taken
[1E]C022: A9 0C                lda #$0C    <-- this branch is taken when the glitch happens
[1E]C024: 8D F0 FF             sta $FFF0                   [$FFF0] A=0C X=2A Y=0E S=F9 P=24
[1E]C027: 4A                   lsr                                 A=0C X=2A Y=0E S=F9 P=24
[1E]C028: 8D F0 FF             sta $FFF0                   [$FFF0] A=06 X=2A Y=0E S=F9 P=24
[1E]C02B: 4A                   lsr                                 A=06 X=2A Y=0E S=F9 P=24
[1E]C02C: 8D F0 FF             sta $FFF0                   [$FFF0] A=03 X=2A Y=0E S=F9 P=24
[1E]C02F: 4A                   lsr                                 A=03 X=2A Y=0E S=F9 P=24
[1E]C030: 8D F0 FF             sta $FFF0                   [$FFF0] A=01 X=2A Y=0E S=F9 P=25
[1E]C033: 4A                   lsr                                 A=01 X=2A Y=0E S=F9 P=25
[1E]C034: 8D F0 FF             sta $FFF0                   [$FFF0] A=00 X=2A Y=0E S=F9 P=27
[1E]C037: 20 00 80             jsr SoundCode  <-- clobbers the value of Y
[1E]C03A: A6 66                ldx $66                     [$0066] A=00 X=0E Y=1C S=F9 P=26
[1E]C03C: F0 0A                beq $C048                           A=00 X=00 Y=1C S=F9 P=26
[1E]C048: A9 00                lda #$00                            A=00 X=00 Y=1C S=F9 P=26
[1E]C04A: 85 67                sta $67                     [$0067] A=00 X=00 Y=1C S=F9 P=26
[1E]C04C: A5 69                lda CurrentMapperPage       [$0069] A=00 X=00 Y=1C S=F9 P=26
[1E]C04E: 4C 00 C0             jmp SwitchBank              [$C000] A=00 X=00 Y=1C S=F9 P=26
The window of opportunity is such, that the NMI must occur within a 10 instructions window: Addresses C006 .. C019. If the NMI occurs when PC ≤ C004, or PC ≥ C01B, the glitch won't occur. Incidentally, this is exactly 25 instructions before the main loop returns waiting for the next NMI. So it requires a very small lag: 25..34 instructions too much for the CPU to execute during the current frame. The values that the sound code may leave in the Y register seem to include: * Predominantly 1C. * Value 01 every 10th frame or so. * Other values such as 09, 0B, 0F at different moments (sound effects seem to play a role in this) 1C being the most common value is good news. Let's look at the level data: 
Map 0
00003400  47 40 4a 40 20 20 00 88  80 80 80 80 80 04 00 00  |G@J@  ..........|
00003410  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
Map 1
00007400  49 40 28 20 00 45 40 40  40 45 40 40 00 00 00 ff  |I@( .E@@@E@@....|
00007410  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
Map 2
0000b400  44 40 20 20 20 80 80 44  40 40 40 22 20 00 40 40  |D@   ..D@@@" .@@|
0000b410  40 44 40 40 40 40 22 00  00 00 ff ff ff ff ff ff  |@D@@@@".........|
Map 3
0000f400  44 40 40 40 26 24 20 00  80 80 80 80 80 80 41 40  |D@@@&$ .......A@|
0000f410  40 40 40 23 00 00 00 ff  ff ff ff ff ff ff ff ff  |@@@#............|
Map 4
00013400  40 40 40 40 40 40 40 44  40 40 40 40 40 40 40 22  |@@@@@@@D@@@@@@@"|
00013410  20 00 00 00 00 00 00 ff  ff ff ff ff ff ff ff ff  | ...............|
Map 5
00017400  46 40 40 40 40 40 40 24  20 00 40 40 40 25 00 00  |F@@@@@@$ .@@@%..|
00017410  00 ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
Map 6
0001b400  49 40 28 20 00 00 00 ff  ff ff ff ff ff ff ff ff  |I@( ............|
0001b410  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
Map 7
0001f400  80 80 81 80 80 80 81 80  80 80 80 80 80 80 21 20  |..............! |
0001f410  00 00 00 ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
These are the tables indexed with the Y register value at step 3. There are 8 tables, for 8 stages. (The Wily stages reuse the tables for the 8 basic stages.) As you can see, in each of these tables, the value at offset 1C equals FF. Why is FF is good? Because it is a bitmask indicating that the room can scroll into any direction: left, up, right (shutter), and down. Okay, so how to reliably make the scrolling happen? I have no idea. Everything can affect it -- including the playing position in the music! We know that 1) Although Mega Man 1 uses the same sound engine as Mega Man 2, this bug does not happen in Mega Man 1, because Mega Man 1 uses a mapper that can be reprogrammed in an atomic (uninterruptable) manner, and therefore there's no need to run sound code in non-NMI context. (It is unknown whether MM3-6 are vulnerable, but since they use a radically different codebase, probably not.) 2) This glitch is not limited to scrolling. In fact, any time the SwitchBank routine is invoked by a code that does not expect the Y register value to change, something weird can happen, if only the NMI occurs at the right moment!
Posted: 3/30/2008 8:14 PM
Quote
Titus_Kwok
Joined: 4/30/2006
Posts: 480
Location: the secret cow level
There are so many bugs in that game, it's hard to believe it ever works right!
Posted: 3/30/2008 8:29 PM
Quote
Bisqwit
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Make no mistake, this is not something you can obviously see when you write the game, or even when you run it. It requires very specific circumstances, not unlike those which are the background for kernel exploits in modern operating systems.
Posted: 3/30/2008 10:03 PM
Quote
Vatchern
Player (86)
Joined: 3/8/2005
Posts: 973
Location: Newfoundland, Canada
Great find. Way to go Bisq & FF. [edit] does this mean now, that it will be alot easier to manipulate the scrolling?
http://tasvideos.org/Vatchern.html
Posted: 3/30/2008 10:34 PM
Post subject: Re: Scrolling glitch workings discovered
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Bisqwit wrote:
2) This glitch is not limited to scrolling. In fact, any time the SwitchBank routine is invoked by a code that does not expect the Y register value to change, something weird can happen, if only the NMI occurs at the right moment!
Sounds like you have something really interesting in your mind now :) ...If you mean something weird, let's make it possible to move through 8-bit dimensions of Rockman 2 and beat that game less than 10 seconds!! Incredible discovery from you guys!
Posted: 3/31/2008 5:48 AM
Quote
Bisqwit
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Vatchern wrote:
does this mean now, that it will be alot easier to manipulate the scrolling?
Not really. It's still as much a matter of good luck as it was before. We knew before it has something to do with lag and _very good_ luck, and we still know exactly that much. But it may enable us to find new techniques. I for example added in FCEU some code that tracks if the glitch occurs at some other circumstances. Even if it has no symptoms there, it may be irked to have them, when you know what you're searching for.
Posted: 3/31/2008 9:18 AM
Quote
Vatchern
Player (86)
Joined: 3/8/2005
Posts: 973
Location: Newfoundland, Canada
Bisqwit wrote:
Not really. It's still as much a matter of good luck as it was before. We knew before it has something to do with lag and _very good_ luck, and we still know exactly that much. But it may enable us to find new techniques. I for example added in FCEU some code that tracks if the glitch occurs at some other circumstances. Even if it has no symptoms there, it may be irked to have them, when you know what you're searching for.
Well, I look forward to following this to see if anything new comes out of this.
http://tasvideos.org/Vatchern.html
Posted: 4/12/2008 11:39 PM
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
http://www.yuko2ch.net/rockman/delaydeath.mpg I find the new tech. Megaman die in the place where the scroll in the under is possible. The mechanism is similar to delay + down scroll.
Posted: 4/12/2008 11:43 PM
Quote
AngerFist
Active player (437)
Joined: 4/21/2004
Posts: 3517
Location: Stockholm, Sweden
First edition TAS of 2015 Innovative TAS of 2007
Nice find but one question, as usual, I am confused but does this trick save time?
Nitrogenesis wrote:
Guys I come from the DidyKnogRacist communite, and you are all wrong, tihs is the run of the mileniun and everyone who says otherwise dosnt know any bater! I found this run vary ease to masturbate too!!!! Don't fuck with me, I know this game so that mean I'm always right!StupedfackincommunityTASVideoz!!!!!!
Arc wrote:
I enjoyed this movie in which hands firmly gripping a shaft lead to balls deep in multiple holes.
natt wrote:
I don't want to get involved in this discussion, but as a point of fact C# is literally the first goddamn thing on that fucking page you linked did you even fucking read it
Cooljay wrote:
Mayor Haggar and Cody are such nice people for the community. Metro City's hospitals reached an all time new record of incoming patients due to their great efforts :P
Posted: 4/12/2008 11:54 PM
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
There is a possibility of leading to shortening time until dying in the Woodman stage though I have not understood be possible yet. http://www.yuko2ch.net/rockman/delay-deaty--idea.jpg
Posted: 4/13/2008 10:08 AM
Quote
Shinryuu
Experienced player (544)
Joined: 5/12/2005
Posts: 707
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
If this is possible to do you don't have to move to another screen + drop, so it would be a nice time saver. Succeeding possibility of this glitch is extremely low because death+delay must occur instead of delay. You can't use any item1s there because screen is "shifted" but the hope stands in Heatman's weapon and it also shortens the black screen time after dying.
Posted: 4/14/2008 6:51 PM
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
http://www.yuko2ch.net/rockman/ladderupdownscroll.mpg I and Bisqwit found the new tech. The delay scroll is unrelated. It is the one that looks like ladder tech. http://www.yuko2ch.net/rockman/updownscroll.jpg If Y register equals 80-A0 by delay, "Scroll in the under" is possible if there is a ladder where it goes up in the place with delay. It only has to make Y coordinates "1" and to delete the up scroll signal on by delay. http://www.yuko2ch.net/rockman/delayladderupdownscroll.JPG (Though I have not understand be possible yet...)
Posted: 4/17/2008 9:06 PM
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
Reference RockY & KeyInput http://www.yuko2ch.net/rockman/downscroll.avi
Posted: 4/18/2008 9:07 AM
Quote
Bisqwit
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
finalfighter wrote:
http://www.yuko2ch.net/rockman/updownscroll.jpg
The blue text is very blurry. From now on, please use PNG instead of JPEG. PNG is lossless, whereas JPEG is lossy and destroys image content.
Posted: 4/24/2008 7:29 PM
(Edited: 4/24/2008 9:01 PM)
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
I just discovered what happens in Rockman 2 when updownscroll tech is caused. value of $F9 0x80-0xFF = screen outside(up) 0x01-0x7F = screen outdside(down) 0x00 = screen inside In updownscroll case, $F9 decreases from 0xFF to 0xE5 0xE1 . . little by little with the ladder outside the screen. The technique succeeds at $F9=0x7F 1:$F9 is adjusted to 0x80. 2:Rockman locationY is adjusted to 0xF4(244) 3:press up 4:scroll down ( RockY=03 and $F9=0x7F ) http://www.yuko2ch.net/rockman/updownscrollrefer.avi http://www.yuko2ch.net/rockman/updownscroll_opt.avi optimized movie
Posted: 4/24/2008 7:36 PM
Quote
finalfighter
Active player (276)
Joined: 4/20/2004
Posts: 219
Location: Japan,Tokyo
NES TAS of 2020 Glitchy TAS of 2020 TAS of 2010 NES TAS of 2010 Glitchy TAS of 2010 NES TAS of 2009
In ladder tech case, $F9=0xFF locationY=about 0x20 When usually going up in the ladder(outside) $F9=0xFF Ylocation=about 0xE0
Posted: 4/25/2008 5:24 AM
Quote
Bisqwit
Editor, Active player (297)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
With the huge wait to get Rockman fall 128 screenfuls (128*256/12 frames = 2730 frames [1]), can this trick be useful?
1 2
36 37 38
48 49