PDA

View Full Version : [Tutorial] Using C language to hack Pokemon (3rd Gen)


tinix
August 7th, 2011, 9:38 AM
Hello everybody,

Today I'm going to share my knowledge about how to use C for hacking pokemon roms instead of ASM.
Ive been polishing this method for last few days.

EDIT 16.8.2011: Added updated useful.h with header guard #define, remove .txt extension to use it

Required Tools & Knowledge
----------------------------
-Basic Knowledge of C (pointers,control statements,functions,structures) (If you don't know C I recommend this tutorial, you can skip ch9 for our purposes and all you need ends with ch10 http://einstein.drexel.edu/courses/Comp_Phys/General/C_basics/, only flaw is that tutorial is missing structures which I also use, see this one for them http://jan.newmarch.name/OS/l5_2.html)
-Basic Scripting Knowledge
-Know how to use command line (google helps here)
-devkitARM http://sourceforge.net/projects/devkitpro/files/devkitARM/ - install this
-CPKMN.zip file created by me, includes HackMews ASM Compiler package.

Zip file includes code samples used by this tutorial.


Compilation & Usage
------------------------------
EDIT 16.8.2011: Added Optimisation Switches

To compile your C code into .bin files we will be using arm-eabi-gcc compiler which in default assembles code into GBA/NDS roms.
This is good if you want to make your own GBA/NDS game but not good for what we are doing.
So we will tell compiler to NOT assemble & link files but only do C->ASM conversion.
So instead of using :
arm-eabi-gcc -mthumb -mthumb-interwork -Os -std=c99 %oursource% // std=c99 sets compiler to newest C standard so we can use some C++ style code

we will use:
arm-eabi-gcc -S -mthumb -mthumb-interwork Os -std=c99 -o whatever.asm %oursource% //NOTE: Im not sure if -mthumb -mthumb-interwork is needed here, so I rather left it int, the o switch is there because it defaults to .s extension instead of asm = we would have to rename.

The S switch tells compiler only to change the code into Assembly.
This is where ASM (folder) comes in.

Drag ASM file onto thumb.bat.
Voilà, you have your function compiled into .bin file.

To use it open it in hex editor & copy into free space into your rom.
When using add 1 to offset (so CPU knows it is not ARM code but THUMB) ie. you pasted in into 0x720000, so when you are going to use ie. in script you would write 0x720001.
To use your function in script use callasm 0xyouroffset (DON'T FORGET +1).

That should be all Concerning compilation.

If don't yet understand, don't worry i will show you how to do it with images :)

Action Time 1: Compiling, Using and Explanation of GetPokemonLevel.c
--------------------------------------------------------------------
NOTE 000: EXAMPLES ARE FOR FIRE RED US V1.0
NOTE 001: Im using LINUX on the images, they serve only for illustration
NOTE 002: Explanation at the end.

Step 1: Compile GetPokemonLevel.c using above command
NOTE 003: if it says unknown command use full path ie. C: \devkitARM\bin\arm-eabi-gcc.exe params

http://img841.imageshack.us/img841/4687/stepthreed.png


Step 2: Assemble GetPokemonLevel.asm //or whatever .s/asm file it generated
NOTE 004: If you DIDN'T put -o switch there you need to change file extension from .s to .asm

Step 3: Open GetPokemonLevel.bin & your FR rom with hex editor
http://img847.imageshack.us/img847/3264/step8h.png
Step 4: Copy Content of GetPokemonLevel.bin to free space on your FR rom (ie. at 0x720000)

Step 5: Insert this script into your rom & assign it to person
#dynamic 0x800000

#org @start
lock
faceplayer
callasm 0xyouroffset //ie. if you inserted at 0x720000 then this would be 0x720001
buffernumber 0x0 lastresult
msgbox @msg MSG_NORMAL
release
end

#org @msg
= Hey, that Pokemon's Level is [buffer1]!Step 6: Talk to that person and see results!

Code Explanation
-------------------------------------

#include "useful.h"
void GetMaxLvl()
{
PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
int* LRESULT = (int*) pLRESULT_FR;
*LRESULT = pPKMN_DATA->Level;
}Ok so what this junk does?

Lets go line by line:
----------------------------------------------------------------
PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
-----------------------------------------------------------------
PKMN_DATA is structure defined in useful.h which holds data about pokemon.

It is defined as follows

typedef char BYTE;

struct PKMN_DATA_S
{
int Personality;
int OT_ID;
char Nickname[10];
short Language;
char OT_NAME[7];
BYTE Mark;
short Checksum;
short unk1;
BYTE Data[48];
int status_aliment;
BYTE Level;
BYTE pokerus_rem;
short CurHP;
short TotalHP;
short Att;
short Def;
short Speed;
short SpAtt;
short SpDef;
};

typedef struct PKMN_DATA_S PKMN_DATA;
Note, that this order CANNOT be changed because this is the order of data in WRAM (now you know why it is pointer).
So to get data about party I initialize pointer with address of first pokemon.
To get next pokemon add 0x64 (100dec) to the address.

----------------------------------------------------
int* LRESULT = (int*) pLRESULT_FR;
----------------------------------------------------
Pointer to LAST_RESULT variable.
TECHNICAL NOTE: Look into useful.h and on this #define, only if you like messing with offsets

----------------------------------------------------
*LRESULT = pPKMN_DATA->Level;
----------------------------------------------------
assign Level property to last result.

Compatibility note: To change addresses for your game change FR into your games name (LG/R/S/E/E_US in PKMN_DATA, RS/E in LRESULT).

Action Time 2: Calling Another Function (ASM or C)
-----------------------------------------------
I wont explain whole source here only this important bit.

Source itself is well documented ;)

int (*pFunc) ();This is function pointer. You can only assign functions with same return type and parameters to it.
Normal assignment: pFunc = Function; //this is ok if you are normally linking and compiling
our assignment: pFunc = 0x08ouroffset (+1 one ofc)
You need to change parameters and return type as needed(most ASM functions should have void return).

Compilation Notes: First Compile min_lvl.c then write down its offset and insert it into branch.c at specified place, modify script used in example one with offset of branch.c

Also please note this is only way to link functions together(except for having them in one file)

That should be all regarding C & pokemon games :)
If you have any questions post here.
Do not copy without permission.


Thanks to: HackMew for creating ASM compiler package and bat file

Appendix: Pros and cons (if you think you have more say so in comments)
Pros:
- much easier than ASM
- no need to mess with registers
- more readable code
Cons:
- A bit larger than your usual ASM routine
- you need to guess types of original game data based on size

Full Metal
August 10th, 2011, 7:35 AM
Very nice, I guess I thought the size of the routine would have been much larger from past experience. But with your options it appears as though it does perfectly fine. Props to you, my man. :)

tinix
August 10th, 2011, 8:13 AM
Oh, I forgot to attach zip with examples and it was on HDD I reformated >.< . Dont worry i still have files but i need to repack them.

Full Metal
August 10th, 2011, 8:18 AM
That would be useful. hahaha. XD { Failolol }

tinix
August 10th, 2011, 8:21 AM
Updated, ive noticed that I have forgotten zip just after i clicked submit

ipatix
August 11th, 2011, 2:04 AM
I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

tinix
August 11th, 2011, 3:01 AM
I have tested it with two C routines(see example two), but i think it should be possible with any ASM routine in rom.

Full Metal
August 11th, 2011, 7:01 AM
I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

__asm{ "MOV r0,24" }
^ Or something to that effect.

tinix
August 11th, 2011, 8:22 AM
__asm{ "MOV r0,24" }
^ Or something to that effect.

Why not use function pointer to call other code?
ie.

void (*func) ();
func = 0x8romoffset;
func();

Full Metal
August 11th, 2011, 9:46 AM
SWI
SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

Shiny Quagsire
August 11th, 2011, 10:27 AM
Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

tinix
August 11th, 2011, 10:36 AM
SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.

Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

Full Metal
August 11th, 2011, 1:11 PM
hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.



Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\

tinix
August 12th, 2011, 3:55 AM
I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\
I have also bee looking trought interwebz and didnt find any, maybe you could try trial and error with examples?

Full Metal
August 12th, 2011, 7:15 AM
I guess. haha. Not much else choice we have, eh? XD

Giga Universe
August 15th, 2011, 5:27 AM
-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O). -O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.
Also, please use include guards on your header, it may help us if we use more than one C file...

tinix
August 16th, 2011, 2:03 AM
-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

I know what they do, also assembler batch file uses these so I left them in, just for compatibilty with batch file.


Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O). -O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.

Well I was thinking about this too and looked into arm-eabi-gcc --help if they are present and I didn't saw them here so I thought they aren't supported.


Also, please use include guards on your header, it may help us if we use more than one C file...


I forgot about this xP

Anyway thanks for noticing, I will edit tutorial accordingly.

EDIT: Updated first post.

Bonnox
April 12th, 2016, 1:42 AM
hey, nice tutorial!

I'm REALLY REALLY sorry for updating the thread after such HUGE amount of time, but, you know, bookmarks naturally age ; ) :3c

May I ask some questions, please?
I was wondering if I could use a library, so downloaded libtonc, but couldn't manage to get it working, because it has to be linked, something you definitely do only when compiling a game from scratch.
I tried all sort of things, but didn't work for me.
Do you know a good GBA library to just #include in my C file?
yes, I know that including everything in a single file is bad, but I'm allergic to makefiles and such things :p
If the C file remains short, everything works fine, but I remain limited to very poor things. If I begin to put toghether some H and C files made by me (to try to supply a library) in the main one, it is really probable that everything messes up and the ROM crashes upon calling the routine.
Moreover, the GCC and tge AS are tricking me in some strange ways. >:)

thanks in advance, goodbye ^^

PorygonY
April 12th, 2016, 1:02 PM
There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise. As long as you are using one source file only, you should also not be bothering with makefiles.

$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bin

Bonnox
April 13th, 2016, 11:38 PM
There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise.

so do you know how to link "professional" libraries in our simple C files?


$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bini personally use

gcc -S -mthumb -mthumb-interwork -O1 -Wall and then hackmew's thumb batch.
so, you enlighted me! could I "skip a step" compiling with gcc? it would save me a lot of time, because the assembly output is always really messy, in comparison to what an human would be, so I developed some tools in java to try to patch things up. and I should really try doing so, maybe I will not experiment some of the strange issues GCC and AS are giving me, and MAYBE my naive method of including everything will work! (I doubt, maybe it's my code wrong. may I upload it to ask you to look at it, please?)

thanks, now I will let this topic rest in peace and continue posting on another recent one wich I missed out.

really thankyou, good morning.

PorygonY
April 14th, 2016, 5:25 AM
so do you know how to link "professional" libraries in our simple C files?

Not sure if there are any static library files (*.lib, *.a) that you can link with the -mthumb specifier, but if there is, just add the following to your line above:
-l/path/to/library -Llibraryname

Then, of course, don't forget to include the header files for that library:
-I/path/to/headers

Bonnox
April 14th, 2016, 10:20 AM
Not sure if there are any static library files (*.lib, *.a) that you can link with the -mthumb specifier, but if there is, just add the following to your line above:
-l/path/to/library -LlibrarynameThen, of course, don't forget to include the header files for that library:
-I/path/to/headers

thanks a lot, will surely try sooner or later. I infact recall that libgba might exist in a compiled fashion (matter? substance?).

but... doesn't suffice to include the header in the source? do I really have to specify things via command line?

anyway, thank you for the support! sorry for having bothered you :)

FBI
April 14th, 2016, 10:32 AM
There's a library in C:\devkitPro\libgba by default if you have installed devkitarm. I dislike using a make file myself for this sort of thing, I'm pretty sure it doesn't even support things like extern.

You could try using the Python and DevkitARM dependent setup here: https://github.com/EternalCode/Empty-Template/tree/master/Sample%20Project

If I recall correctly, you need to execute scripts/build and scripts/insert for Linux, and windows required scripts/build2 and scripts/insert3. Sorry for the poor names. This setup is far superior for bigger projects as it also supports direct insertion and various other perks like hooking and address repointing. It works well for small single-file projects as well.

Bonnox
April 14th, 2016, 11:23 AM
You could try using the Python and DevkitARM dependent setup here: https://github.com/EternalCode/Empty-Template/tree/master/Sample%20Project

If I recall correctly, you need to execute scripts/build and scripts/insert for Linux, and windows required scripts/build2 and scripts/insert3. Sorry for the poor names. This setup is far superior for bigger projects as it also supports direct insertion and various other perks like hooking and address repointing. It works well for small single-file projects as well.

thanks also to you, FBI.
.woah, I just discovered that also libtonc comes with an A file...
so now how to compile properly? (sorry if I'm an hassle)
if I look at openpoke, he does

#include <libtonc>

and lets the makefile do the rest.
but you said me completely different things!


arm-none-eabi-gcc -I/path/to/headers -l/path/to/library -Llibraryname -mthumb -o file.o
arm-none-eabi-gcc file.o -o asm.bin


is that correct? and in the sources?
(i did a mistake, I don't have gcc but devkit, with arm-none-eabi-gcc)

excuse me, I don't understand very well the parameters "path to library" and "libraryname". dees the latter have to match something in particular or can it be anything? and in "path to library", what does "library" identify? the A file?

therefore, assuming I want to use libtonc and didn't change the folder directory, what are the steps neded to compile?

sorry if I'm demanding for such a great detail but as you can imagine I'm a total newbie in this kind of things.
I feel really bad for bothering a "god" and a recently signed-up user :p

well, I primarily use windows :p
what do your scripts do? I used to use a simple program developed in java by me to insert a routine in the ROM :p
and once compiled, what do I have to search to branch to?

I saw your template in the other post (have to reply yet), but don't have looked at it for now. I will do, but I use ruby, does anithing change (hope/think not) ?

PorygonY
April 14th, 2016, 11:33 AM
I also recommend FBI's method, unfortunately you have to modify their python scripts to link to external stuff.

Your lines above would be correct, just your source file is missing somewhere at the beginning. /path/to/library simply refers to the folder where the library file is located in. libraryname would be libtonc then. (as far as I know, GCC automatically appends .lib or .a)

So it would basically be (libtonc in the same directory as main.c):
arm-none-eabi-gcc main.c -Llibtonc -mthumb -o file.o
arm-none-eabi-gcc file.o -o asm.bin

Check out if it works and post again if you stumble upon any problems. :)

FBI
April 14th, 2016, 12:55 PM
if I look at openpoke, he does

#include <libtonc>
...

well, I primarily use windows :p
what do your scripts do? I used to use a simple program developed in java by me to insert a routine in the ROM :p
and once compiled, what do I have to search to branch to?

I saw your template in the other post (have to reply yet), but don't have looked at it for now. I will do, but I use ruby, does anithing change (hope/think not) ?
Oh, looks like our friend Porygon has answered most of your questions, but I'll speak about the ones directed at me.

Yeah, so you can't directly do using #include <libtonc> with this python setup unless you went into C:\devkitPro\devkitARM\arm-none-eabi\include and put in the files you needed in there. You could alternatively just cp the files you wanted to use into the cwd and call it a day, lol. I personally prefer to make my own .h files for generic GBA stuff, but that's just me.

The python script build essentially is recursively doing:
arm-none-eabi-gcc -mthum -mno-thumb-interwork -mcpu=arm7tdmi -fno-inlin -mlong-calls -march=armv4t -Wall -O2 -c file.c -o ./build/file
Then doing arm-none-eabi-ld with the linker files and such.

The python script insert is taking the .bin output and placing it in the ROM, as well as setting up hooks and address repointing. It's got a nice --debug command line argument which will tell you what function was compiled into what part of the ROM. :)

For using this setup for Ruby, you first put Ruby.gba in the recycling bin and empty bin, just make sure your ROM is called BPRE.gba. It doesn't actually check the ROM tag, just the file name.

Bonnox
May 2nd, 2016, 12:45 AM
i feel sad telling you this, but I decided (a hard decision) to rewrite the library in ASM myself, and use it in C, because seems simplier to me rather than doing strange things with linker and compilers (i'm not used to)
Since the library is called more often than the application logic, I think that the performances will improve compared to a full C library.
I will do only the minimum necessary for a comfortable basic usage of the console (tilemap, bios, etc), trying to avoid complex themes (transformation matrix, sound) and then will put the source on this site , if tou want.

DEEhunter
May 3rd, 2016, 10:41 PM
Gonna provide some input and say that I use this web tool a lot to view compiler optimizations but it will make the process of C/C++ -> ASM a much more rapid iteration process for smaller cases. You can't have multiple files included beyond the standard library but you can flatly implement your data types for the sake of getting some workable ASM out. Could possibly make a fork on github specifically for the purpose of generating pokemon asm with custom include files.
https://gcc.godbolt.org/