To take control of a CPU machine, first we have to disable the CPU from controlling it. We can do this by finding what code sets the input fields of the CPU machine data in memory.

Machine data

Data for the machines running in the current race is stored in memory as blocks of size 0x620 - see fzerogx-docs for details. At offset 0x1ec, we can find the data for current inputs. Setting a write memory breakpoint here gives us the code that sets the CPU racer inputs. We can follow the call stack back a step to find where that function is called, and replacing the function call with NOP disables CPU control.

Address

The address of the function call to disable is reference pointer + 0x839a0, where reference pointer can be found at 0x800030c8. In line__.rel, the line is at 0x8022b2e0.

This site uses Just the Docs, a documentation theme for Jekyll.