PDA

View Full Version : Emerald Info Archive


droomph
February 6th, 2012, 03:32 PM
Hey guys...

As you probably know, Emerald has the most features and would be awesome to hack.

As you probably also know, not much is known about Emerald, and thus not many people want to hack it.

Also, I want to find out about Animations, but that's a different story.

However, I can't stand not having all the features, so I decided to make a ROM map.What is a ROM map? Well, it's a linear breakdown of data inside the ROM [example] (http://datacrystal.romhacking.net/wiki/EarthBound:ROM_map).It shouldn't be that hard, if we all work together, no?
----------------------------
WANTED
(like, really)
- Any Dynamic Memory Allocation routines (e.g. realloc(), calloc(), free())
- Integer (rounds toward zero) Arithmetic Routines (Already have Division, Modulus)
- Offsets and lengths of scripts that are not main-story (like Tile Behavior Bytes)
- Any Standard C functions you see; basically anything that someone would use often
- Some Cleanup help :\
-------------------------
Anyways, this is what I have:0x0 - 0xBF Header (http://members.iinet.net.au/~freeaxs/gbacomp/#GBA%20Header) (0xC0b)
0xC0 - 0xFF Empty 00 - Don't touch (0x40b)
0x100 - 0x

0x108 - 0x11F "pokemon emerald version" (0x17b)
0x120 - 0x

0x204 - 0x234 reset vector (http://en.wikipedia.org/wiki/Reset_vector) (0x30b) thanks Bond697! (I have no idea what any of these functions do)
0x235 - 0x

0x248 - 0x3A3 intrMain (0x15Bb) thanks Bond697!
0x3A4 - 0x466 AgbMain (0xC2) thanks Bond697! (0x42A - 0x4BE, main loop)
0x467 - 0x

0x4C4 - 0x4FC cal (http://en.wikipedia.org/wiki/Callback_(computer_programming))l (http://en.wikipedia.org/wiki/Callback_(comedy))back (http://en.wikipedia.org/wiki/Callback_(computer_programming))Main (0x38) thanks Bond697!
0x4FD - 0x

0x540 - 0x54E callback (http://en.wikipedia.org/wiki/Callback_(computer_programming))B (0xE) thanks Bond697!
0x54F - 0x

0x554 - 0x55A set timer1CNT (0x6b) thanks Bond697!
0x55B - 0x

0x560 - 0x57A seed main rng (http://en.wikipedia.org/wiki/RNG) (0x1Ab) thanks Bond697! (this function never runs)
0x57B - 0x

0x588 - 0x58C fetch result from 0x02020000 (0x4b) thanks Bond697! (timer1 location - used to seed rng(not used) and creating the trainer id)
0x58D - 0x

0x5BC - 0x5D6 initCounters (0x1Ab) thanks Bond697!
0x5D7 - 0x5

0x5E4 - 0x61C User-input check (http://en.wikipedia.org/wiki/User_input) (0x38b) note: runs every frame. EVERY frame
0x61D - 0x

0x684 - 0x6CC initIRQ (http://en.wikipedia.org/wiki/IRQ) (0x8b) thanks Bond697!
0x6CD - 0x

0x6F0 - 0x6F4 callbackA+0x0C (0x4b) thanks Bond697!
0x6F5 - 0x

0x6FC - 0x700 callbackA+0x10 (0x4b) thanks Bond697!
0x701 - 0x

0x708 - 0x70C callbackA+0x14 (0x4b) thanks Bond697!
0x70D - 0x

0x72C - 0x730 callbackA+0x18 (0x4b) thanks Bond697!
0x731 - 0x

0x738 - 0x7DA vblank handler (0xA2b) thanks Bond697!
0x7DB - 0x

0x988 - 0x99C malloc() (http://en.cppreference.com/w/cpp/memory/c/malloc) header (0x15b) thanks Bond697!
0x99D - 0x

0x9B8 - 0xA1C malloc (http://en.cppreference.com/w/cpp/memory/c/malloc)Main (0x64) thanks Bond697!
0xA1D - 0x

0xB1C - 0xB2C initMalloc (http://en.cppreference.com/w/cpp/memory/c/malloc) (0x10) thanks Bond697!
0xB2D - 0x

0xB38 - 0xB46 malloc() (http://en.cppreference.com/w/cpp/memory/c/malloc) (0xE) thanks Bond697!
0xB46 - 0x

0x6840 - 0x?? Load to Register - Letter and width (0x?b)

0x9570 - 0x9627 Link Cable Debug Function (0x?b) Thanks Sonic1! I have no idea. Someone explain this prtyplz
0x9628 - 0x

0xA850 - 0xA96F Debug Printing Function (0x?b) Thanks Bond697!
0xA970 - 0x

0x5BE04 - 0x5BF7D Execute move animation player (runs every frame for move) (0x179b)
0x5BF7E - 0x

0x61DB0 - 0x61F31 Execute move animation opponent (runs every frame for move) (0x181b)
0x61F32 - 0x

0x67E90 - 0x67EF4 method heading (http://en.wikipedia.org/wiki/Method_heading) - generate PID (0x64b) thanks Bond 697!
0x67EF4 - 0x6

0x6A518 - ?? getPKMData (0x??b)

0x6A674 - ?? readPKMData (0x??b)

0x6ACAC - ?? writePKMData (0x??b)

0x06AD9C - ?? setPKMData

0x6D088 - 0x6D097 Check PID (http://bulbapedia.bulbagarden.net/wiki/PID) for Nature (http://bulbapedia.bulbagarden.net/wiki/PID#Nature) (0xFb)

0x6DCB4 - 0x?? @ void __fastcall pokerusHandler(void *pPartyBlock) (??b) thanks Bond697!

0x6DEC4 - 0x?? pokerusSpread: (??b) thanks Bond697!

0x6F5CC - 0x6F5E4 rand() (http://en.cppreference.com/w/cpp/numeric/random/rand) (main @ 0x3005d80) (0x18b) thanks Bond697!
0x6F5E5 - 0x

0x6F5F8 - 0x6F606 setRNG (also never runs) (0xEb) thanks Bond697!
0x6F607 - 0x

0x6F610 - 0x6F618 set secondary rng (runs for daycare) (0x8b) thanks Bond697!
0x6F618 - 0x

0x6F620 - 0x6F630 rand() (http://en.cppreference.com/w/cpp/numeric/random/rand) (secondary @ 0x3005d84) (0x10b) thanks Bond697!
0x6F631 - 0x

0x70266 - ?? Inheritance (0x??b) thanks Bond697! bugged to not prevent inheriting the same IV multiple times
0x70218 - ?? Inheritance check (0x??b) thanks Bond697! make sure the same IV isn't inherited multiple times- bugged due to the wrong argument being passed to it

0x84310 - 0x84335 make trainer id set (0x?b) Thanks Bond697!
0x842CC - 0x842DB store trainer id set (0x?b) Thanks Bond697!
0x842DB - 0x

0x844A0 - 0x845CB new game preparations (e.g. sets flags, vars, etc.) (0x?b) Thanks Sonic1!
0x845CC - 0x

0x992CC - 0x992CF nop command (0x4b)
0x992D0 - 0x992D3 nop1 command (0x4b) These Need Not Be Here
0x992D4 - 0x992DF end command main (0xCb)
0x992E0 - 0x99

0x9934C - 0x9935B callasm command main (0x10b)
0x9935C - 0x993

0x99368 - 0x9937F goto command main (0x18b)
0x99380 - 0x9938B return command main (0xCb)
0x9938C - 0x993A3 call command main (0x18b)
0x993A4 - 0x993D9 if1 command main (0x36b)
0x993DA - 0x993D

0x993E0 - 0x99415 if2 command main (0x36b)
0x99416 - 0x99

0x99508 - 0x99537 gotostd command main (0x30b)
0x99538 - 0x99567 callstd/boxset command main (0x30b)
0x99568 - 0x995B3 gotostdif command main (0x4Cb)
0x995B4 - 0x995FF callstdif command main (0x4Cb)
0x99600 - 0x99613 jumpram command main (0x14b)
0x99614 - 0x99629 killscript command main (0x16b)
0x9962A - 0x9962B Empty 0x0 hword
0x9962C - 0x99641 setbyte command main (0x16b)
0x99642 - 0x99643 Empty 0x0 hword
0x99644 - 0x99665 loadpointer command main (0x22b)
0x99666 - 0x99667 Empty 0x0 hword
0x99668 - 0x9968B loadbytefrompointer command main (0x24b)
0x9968C - 0x996A3 writebytetooffset command main (0x18b)
0x996A4 - 0x996BF setbyte2 command main (0x1Cb)
0x996C0 - 0x996E3 setfarbyte command main (0x24b)
0x996E4 - 0x99703 copyscriptbank command main (0x20b)
0x99704 - 0x9971F copybyte command main (0x1Cb)
0x99720 - 0x99741 setvar command main (0x22b)
0x99742 - 0x99743 Empty 0x0 hword
0x99744 - 0x9976F copyvar command main (0x2Cb)
0x99770 - 0x99799 copyvarifnotzero command main (0x2Ab)
0x9979A - 0x9979B Empty 0x0 hword
0x9979C - 0x997BB compare state ASM (0x20b)
0x997BC - 0x997EB comparebanks command main (0x30b)
0x997EC - 0x99813 comparebanktobyte command main (0x28b)
0x99814 - 0x9983F comparebanktofarbyte command main (0x2Cb)
0x99840 - 0x99869 comparefarbytetobank command main (0x2Ab)
0x9986A - 0x9986B Empty 0x0 hword
0x9986C - 0x9988B comparefarbytetobyte command main (0x20b)
0x9988C - 0x998AD comparefarbytes command main (0x22b)
0x998AE - 0x998AF Empty 0x0 hword
0x998B0 - 0x998DD compare command main (0x2Eb)
0x998DE - 0x998DF Empty 0x0 hword
0x998E0 - 0x99913 comparevars command main (0x34b)
0x99914 - 0x99

0x99914 - 0x99939 addvar command main (0x26b)
0x9993A - 0x9993B Empty 0x0 hword
0x9993C - 0x99969 subvar command main (0x26b)
0x9996A - 0x9996B Empty 0x0 hword
0x9996C - 0x9

0x9A9A4 - 0x9A9DB faceplayer command main (0x38b)
0x9A9DC - 0x9A

0x9AAEC - 0x9AB43 lock command main (0x58b)
0x9AB44 - 0x9

0x9D2BC - 0x9D2FF Special 0x1 main (0x44b)
0x9D300 - 0x

0xA3A10 - 0xA3A47 Load move-animation information (0x38b)
0xA3A48 - 0xA

0xAF948 - 0xAF96B Special 0x2 main (0x24b)
0xAF96B - 0xAF9

0xAF9F8 - 0xAFA0B Special 0x3 main (0x14b)
0xAFA0C - 0x

0xB36EC - 0xB371B Special 0x4 main (0x30b)
0xB371C - 0xB3725 Special 0x5 main (0xAb)
0xB3726 - 0xB3727 Empty 0x0 hword
0xB3728 - 0xB

0xB4984 - 0xB4A88 feebas + feebas tile (http://bulbapedia.bulbagarden.net/wiki/Hoenn_Route_119#Finding_Feebas) setup (0x104b) thanks Bond697!
0xB4A89 - 0x

0xB4A98 - 0xB4AA8 alternate rng (0x10b) thanks Bond697!
0xB4AA9 - 0x

0xB4AC8 - 0xB4B80 set encounter slot (0xB8b) thanks Bond697!
0xB4B81 - 0x

0xB4C74 - 0xB4CF5 Something to do with PokéStats (0x81b)
0xB4CF6 - 0x

0xB4C74 - 0xB4CF4 set level for wild+ (0x80b) thanks Bond697!
0xB4CF5 - 0x

0xB4D78 - 0xB4E64 nature setup (0xECb) thanks Bond697!
0xB4E65 - 0x

0xB5144 - 0xB516E battle test (0x2A) thanks Bond697!
0xB516F - 0x

0xBD2B4 - 0xBD3D9 Load Pokédex (0x126b)
0xBD3DA - 0x

0xE8BC8 - 0xE8BF7 Special 0x7 main (0x2Cb)
0xE8BF8 - 0x

0xE8E18 - 0xE8EDF Special 0x6 main (0xC8b)
0xE8EF0 - 0x

0xE9068 - 0xE909B Special 0x8 main (0x34b)
0xE909C - 0x

0xE9744 - 0xE977F Special 0xB main (0x3Cb)
0xE9780 - 0x

0xE9A90 - 0xE9ABF Special 0x9 main (0x30b)
0xE9AC0 - 0xE9ACF Special 0xA main (0x10b)
0xE9AD0 - 0x

0xE9BDC - 0xE9C2B Special 0xC main (0x50b)
0xE9C2C - 0xE9C73 Special 0xD main (0x48b)
0xE9C74 - 0xE9C87 Special 0xE main (0x14b)
0xE9C88 - 0xE9C9B Special 0xF main (0x14b)
0xE9C9C - 0x

0xEA2E4 - 0xEA30B Special 0x10 main (0x28b)
0xEA30C - 0x

0xEA354 - 0xEA3E3 Special 0x11 main (0x90b)
0xEA3E3 - 0x

0xF9180 - 0xF9243 Special 0x0 main (0xC4b)
0xF9244 - 0x

0xFB36C - 0xFB3E7 Rumbly truck thing (run by callback (http://en.wikipedia.org/wiki/Callback_(computer_programming))3) (0x7Cb) thanks Sonic1!
0xFB3E8 - 0xF

0xFC0A0 - 0xFC0AE In safari zone? (0xEb) thanks Bond697!
0xFC0AF - 0x

0xFC3B8 - 0xFC3E4 pokeblock check (0x2Cb) thanks Bond697!
0xFC3E5 - 0x

0x11A1DC - 0x11A209 Running Shoes against Map Type check (0x2Eb)
0x11A20A - 0x11A20B Empty 0x0 hword
0x11A20C - 0x1

0x137CC8 - 0x137CE7 Special Clock main (0x20b)
0x137CE8 - 0x

0x1DB67C - 0x1DBA0B Scripting Functions ASM table (0x390b)
0x1DBA0B - 0x1DBA

0x1DBA64 - 0x1DC29F Specials Table (0x83Cb)
0x1DC2A0 - 0x1DC2CB Callstd Functions Table (0x2Cb)
0x1DC2CC - 0x

0x1DC31C - 0x271314 Main story scripts (not sure) (0x94FF8b)
0x271315 - 0x27131F Callstd 0x2 (0xBb)
0x271320 - 0x271329 Callstd 0x3 (0xAb)
0x27132A - 0x271331 Callstd 0x4 (0x8b)
0x271332 - 0x27133B Callstd 0x5 (0xAb)
0x27133C - 0x271346 Callstd 0x9 (0xBb)
0x271347 - 0x27134D Callstd 0xA (0x7b)
0x27124E - 0x271

0x271494 - 0x27149C Callstd 0x6 (0x9b)
0x27149D - 0x271

0x271AD3 - 0x271BB6 Callstd 0x0 (0xE4b)
0x271BB7 - 0x271BFC Callstd 0x7 (0x46b)
0x271BFD - 0x271C39 Callstd 0x1 (0x3Db)
0x271C3A - 0x27

0x27260D - 0x2736B1 Various texts + scripts (0x10A4b)
0x2736B2 - 0x27

0x2742C9 - 0x2742E5 Callstd 0x8 (0x1Db)
0x2742E6 - 0x27

0x27CB82 - 0x27D467 Contest Move Descript. (0x8E5b)
0x27D468 - 0x

0x2C8D6C - 0x2C9397 Move animations - possibly ends @ 0x2C8D6C (0x62Cb)
0x2C9398 - 0x2

0x2E04DC - 0x2E0592 set up sound + buffer @ 3006380 (0xB6b) thanks Bond697!
0x2E0593 - 0x

0x2E7078 - 0x2E707B arctan2 (0x4b) swi functions
0x2E707C - 0x2E707F bgaffineset (0x4b)
0x2E7080 - 0x2E7083 cpufastset (0x4b)
0x2E7084 - 0x2E7087 cpuset (0x4b) thanks Bond697!
0x2E7088 - 0x2E708B div (0x4b)
0x2E708C - 0x2E708F lz77uncompvram (0x4b)
0x2E7090 - 0x2E7093 lz77uncompwram (0x4b) thanks Bond697!
0x2E7094 - 0x2E7099 multiboot (0x6b)
0x2E709A - 0x2E709B Empty 0x0 hword
0x2E709C - 0x2E709F objaffineset (0x4b)
0x2E70A0 - 0x2E70A3 rluncompvram (0x4b)
0x2E70A4 - 0x2E70A7 rluncompwram (0x4b)
0x2E70A8 - 0x2E70AB registerramreset (0x4b) thanks Bond697!
0x2E70AC - 0x2E70B9 Soft Reset (http://en.wikipedia.org/wiki/Soft_reset#Soft_reboot) (0xCb) thanks Bond697! NOT swi
0x2E70BA - 0x2E70BB Empty 0x0 hword
0x2E70BC - 0x2E70C7 sqrt (0xEb)
0x2E70C8 - 0x2E70CD vblankintrwait (0x6b)
0x2E70CE - 0x2E70CF Empty 0x0 hword
0x2E70D0 - 0x2E710B bx registers (add (4 x r-num) to branch) (0x3Cb)
0x2E710C - 0x2E7

0x2E7540 - 0x2E75D1 Division Routine (0x92b) thanks Darthatron! Probably broken, never bothered to check
0x2E75D2 - 0x

0x2E7BE0 - 0x2E7C9E Modulus Routine? (http://en.wikipedia.org/wiki/Modulo_operator) (0xBEb) (but I've made sure so it's all good) thanks Bond697!
0x2E7C9F - 0x

0x2E93D4 - 0x2E9430 memcpy( (http://en.cppreference.com/w/cpp/string/byte/memcpy)void *pDest, void *pSrc, u32 length) (http://en.cppreference.com/w/cpp/string/byte/memcpy) (0x5Cb) thanks Bond697!
0x2E9431 - 0x

0x2F2E10 - 0x2F3093 Cursor - unLZ #23 (0x284b) Note: LZ77 compressed.

0x305F68 - 0x308CBB PokéAnimations Frame Timing Param. (0x2D54b) Thanks...Chaos Rush (dammit)
0x308CBC - 0x30999B 0x305F68 pointers (0xCE0b) Thanks, Chaos Rush!
0x30999C - 0x309

0x309AAC - 0x30A117 Pointers to table 0x308CBC (0x66Cb) Thanks, Chaos Rush!
0x30A118 - 0x3

0x3185C8 - 0x319779 Pokemon Names (0x11B2b)
0x31977A - 0x31A982 Move Names (0x1209b)
0x31A983 - 0x31

0x31B6DB - 0x31BAD3 Ability names (0x3F9b) Thanks Haowakeorden!
0x31BAD4 - 0x31

0x31C898 - 0x31D93B Move Data (0x10A4b)
0x31D93B - 0x

0x31D944 - 0x31D949 Empty FF - Maybe Safe (0x6b)
0x31D94A - 0x

0x31D94C - 0x31DC81 Dex #s (http://bulbapedia.bulbagarden.net/wiki/List_of_Pokémon_by_index_number_(Generation_III)) (0x335b)
0x31DC82 - 0x31DFB7 Hoenn Dex #s (http://bulbapedia.bulbagarden.net/wiki/List_of_Pokémon_by_Hoenn_Pokédex_number) (0x336b)
0x31DFB8 - 0x31

0x31E898 - 0x31F56F Pokémon TM/HM compatibility (0xCD8b) Thanks Haowakeorden!
0x31F570 - 0x3

0x3203CC - 0x3230DB Pokemon Data (http://bulbapedia.bulbagarden.net/wiki/Pokémon_base_stats_data_structure_in_Generation_III) (0x2D10b)
0x3230DC - 0x325319 Pokémon level-up move tables (0x223Eb) Thanks Haowakeorden!
0x32531A - 0x32531B Empty 00, it seems :) hword
0x32531C - 0x32937B Pokémon evolution data (0x4060b) Thanks Haowakeorden!
0x32937C - 0x3299EB Pokémon level-up move table pointers (0x670b) Thanks Haowakeorden!
0x3299EC - 0x

0x481DD4 - 0x4824B7 Setmapfooter table (0x6E4b) Thanks Sonic1! Please confirm.
0x4824B8 - 0x

0x55D30D - 0x56B5AD Pokédex flavour text (0xE2A1b) Thanks Haowakeorden!
0x56B5AE - 0x5

0x56B5B0 - 0x56E60F Pokédex reference main (0x3060b) Thanks Haowakeorden!
0x56E610 - 0x5

0x57FEA0 - 0x58399C Item Descriptions (0x3AFDb)
0x58399D - 0x58399F essentially Free Space (0x3b)
0x5839A0 - 0x587A6B Item Data (http://bulbapedia.bulbagarden.net/wiki/Item_data_structure_in_Generation_III) (0x40CCb)
0x587A6C - 0x

0x58C2B4 - 0x58CDCB Contest Move Data (http://bulbapedia.bulbagarden.net/wiki/Contest_move_data_structure_in_Generation_III) (0xB18b) Bulbapedia is of thanks for most of these last ones
0x58CDCC - 0x58CE8B Contest Info Structure (http://bulbapedia.bulbagarden.net/wiki/Contest_data_structure_in_Generation_III) (0xC0b)
0x58CE8C - 0x

0x5CECB0 - 0x5CED2D Held Item Table BatFront (0xF6)(hehe) (http://bulbapedia.bulbagarden.net/wiki/Battle_Frontier_data_structures_in_Generation_III)
0x5CED2E - 0x5D5AC9 BattleFront PokéTrainer (0x6D9Cb)
0x5D5ACA - 0x5D5ACB Empty 00 - Don't Touch hword
0x5D5ACC - 0x5D97BB Battle Frontier Trainer (0x3CF0b)
0x5D97BC - 0x5DCEDB Battle Frontier Pokémon (0x3720b)
0x5DCEDC - 0x

0x5DD70C - 0x5DDA13 SlateportBattlePokéTrain (0x2F0b)
0x5DDA14 - 0x5DE02B Slateport Battle Trainer (0x618b)
0x5DE02C - 0x5DE48B Slateport Battle Pokémon (0x460b)
0x5DE48C - 0x

0x5DE610 - 0x5DEC27 Verdanturf Battle Trainer (0x618b)
0x5DEC28 - 0x5DEEF7 Verdanturf Battle Pokémo (0x2D0b)
0x5DEEF8 - 0x5DF081 Ver/FalBattlePokéTrainer (0x18Ab)
0x5DF082 - 0x5DF083 Empty 00 - Don't Touch hword
0x5DF084 - 0x5DF69B Fallarbor Battle Trainer (0x618b)
0x5DF69C - 0x5DF96B Fallarbor Battle Pokémon (0x2D0b)
0x5DF96B - 0x

0x611C9A - 0x611CAF Restricted Pokés Battle Tower (0x16b)Thanks, Sonic1!
0x611CB0 - 0x61

0x615894 - 0x615C07 TM/HM-to-move mappings (0x74b) Thanks Haowakeorden!
0x615C08 - 0x6

0x62BAE4 - 0x6748E4 Fonts (http://www.pokecommunity.com/showthread.php?t=266885) (0x48E00b) too lazy to mark out the fifty things that are there seperately;
font width ptr @0x68C4 for 0x200b (0x2b signed for each)
main font ptr @0x68BC (0x40b reverse 2bpp for each)
Route Sign font ptr @0x65DC
0x6748E5 -

0xB00000 - 0xBFFFFF Maybe Animation sprites? (0x100000b) Note: LZ77 compressed
0xC00000 - 0xC

0xC2FCC8 - 0xD51DC7 Maybe Pokémon Sprites? (0x122100b) Note: LZ77 compressed, and btw VERY up and open for corrections/clarifications right now for these things
0xD51DC8 - 0xD779D7 Maybe Trainer Front Sprites? (0x25C0Fb) Note: LZ77 compressed
0xD779D8 - 0xD

0xD9C3A8 - 0xDA1E77 Maybe Berry Sprites? (0x5AD0b) Note: LZ77 compressed
0xDA1E78 - 0xDA

0xDAB27C - 0xDBA173 Maybe Item icons? (0xEEF7) Note: LZ77 compressed
0xDBA174 - 0x

0xE3CF64 - 0xFFFFFF Free Space (0x1C309Cb)I'm about 10% done. Maybe if we work together, the 90% will be a snap! Bah, doohicky

For the awesome BIOS and pre-installed functions I've done my best to see that they're accurate. However, I can't guarantee 100%, and frankly you shouldn't be playing with it anywho.

Progress: 13.5804%/32.1086% (0x5232AFb) as of March 17, 2012

Don't be afraid to put stuff up; if you have even one new offset, it's very much appreciated.
----------------------Credits
I would like to thank these fellow PokéCommunity Members for contributing to this "project" (if you would even call it that), however small their contribution:
Bond697

sonic1

Chaos Rush

HackMew

Darthatron

Haowakeorden

Bond697
February 16th, 2012, 07:00 PM
do you want full routines or just offsets?

also:

0x98E - 0x99D IRQ BIOS branch 1 (0xFb) unsure!

-pretty sure this is the header part of malloc()(and it starts at 8000988)

droomph
February 16th, 2012, 08:05 PM
do you want full routines or just offsets?

also:

0x98E - 0x99D IRQ BIOS branch 1 (0xFb) unsure!

-pretty sure this is the header part of malloc()(and it starts at 8000988)Offsets in the format of this document: http://datacrystal.romhacking.net/wiki/EarthBound:ROM_map

Yeah, Some of the BIOS functions might be wrong, as the routines there run into each other quite a lot. I'll change that, thanks!

Bond697
February 16th, 2012, 08:38 PM
e: nvm, gonna go ahead and start putting stuff up.

80003A4-8000466 - AgbMain(800042A-80004BE, main loop)
82E70AC-82E70B8 - soft reset
80B5144 - 80B516E - battle test
80004c4 - 80004d6 - callbackMain
80004d8 - 80004fc - define callback pointers
82e7be0 - 82e7c9e - doMod
80b4984 - 80b4a88 - feebas + feebas tile setup
80005bc - 80005d6 - initCounters
8000684 - 80006cc - initIRQ
80005e4 - 800061c - input handler
8000248 - 8000398 - intrMain
80fc0a0 - 80fc0ae - in safari zone check
8000988 - 800099c - malloc header (A3A3, etc)
8000b1c - 8000b2c - initMalloc
80009b8 - 8000a1c - mallocMain
8000b38 - 8000b46 - malloc()
82e93d4 - 82e9430 - memcpy(void *pDest, void *pSrc, u32 length)


i'll grab the rest from my database and post it in a bit.

e: i just noticed you linked over to my work on project pokemon. good stuff.

and i have a lot more disassembly to do for emerald to get more code laid out, etc in IDA. once i do, i'm sure i'll have quite a bit more to add.

also, someone should do this for black and white. i have 675 functions labelled from the arm9 binary alone. srsly.

droomph
February 16th, 2012, 09:27 PM
Oh hey looky I didn't recognize you, you were the one that found almost all the offsets for Emerald ^^

(and if you're still on Project Pokémon you should help do some clean up btw)

Anyways, thanks, I'll look over them asap

Bond697
February 16th, 2012, 10:08 PM
clean up what? not sure what you mean. here are the rest from my database, btw:


8067e90 - 8067ef4 - method H pid gen
806d088 - 806d096 - get nature from temp pids
80b4d78 - 80b4e64 - nature setup
80fc3b8 - 80fc3e4 - pokeblock check
80b4a98 - 80b4aa8 - alternate rng
80b4ac8 - 80b4b80 - set encounter slot
806f5cc - 806f5e4 - rand() (main @ 0x3005d80)
806f620 - 806f630 - rand() (secondary @ 0x3005d84)
8000204 - 8000234 - reset vector
8000560 - 800057a - seed main rng (this function never runs)
80006fc - 8000700 - callbackA+0x10
8000708 - 800070C - callbackA+0x14
800072c - 8000730 - callbackA+0x18
80006f0 - 80006f4 - callbackA+0x0C
8000540 - 800054e - callbackB
80b4c74 - 80b4cf4 - set level for wild+
806f5f8 - 806f606 - setRNG (also never runs)
806f610 - 806f618 - set secondary rng (runs for daycare)
82e04dc - 82e0592 - set up sound + buffer @ 3006380
82e70a8 - 82e70aa - register ram reset
82e7084 - 82e7086 - cpuset
82e7090 - 82e7092 - lz77uncompwram
8000554 - 800055a - set timer1CNT
8000738 - 80007da - vblank handler
8000588 - 800058C - fetch result from 0x02020000 (location of timer1 data writes - for seeding rng(not used) and for creating the trainer id)


that's everything for now until i take more apart in IDA.

droomph
February 20th, 2012, 04:49 PM
cleanup as in "at least put them in order"

but whatever I couldn't ever do that much by myself so thanks!

Fiori
February 23rd, 2012, 01:13 PM
I have a question: in emerald,is there a part of memory never used?
cause i want to store some temp data in the memory.

droomph
February 23rd, 2012, 03:31 PM
I have a question: in emerald,is there a part of memory never used?
cause i want to store some temp data in the memory.There's some parts of the 256KB WRAM (0x2000000 on) that are completely blanked out as far as I can tell, you could try those. If you want to SAVE, however, you need to test them yourself; I'm not sure if the whole of the 256+32KB RAM is saved in the save file. If not, then probably you'll need to pick some unused-but-saved bytes (like the two "padding" bytes in Pokémon stats) and use those.

Or, you could remove contests; that could free up a couple hundred bytes.

Fiori
February 23rd, 2012, 11:11 PM
There's some parts of the 256KB WRAM (0x2000000 on) that are completely blanked out as far as I can tell, you could try those. If you want to SAVE, however, you need to test them yourself; I'm not sure if the whole of the 256+32KB RAM is saved in the save file. If not, then probably you'll need to pick some unused-but-saved bytes (like the two "padding" bytes in Pokémon stats) and use those.

Or, you could remove contests; that could free up a couple hundred bytes.

Thanks,could you please tell me the address of that "completely blanked out" part?

droomph
February 24th, 2012, 03:07 PM
There's many; if you have VBA on PC, you can search through the memory-map tool from 0x2000000 on, you'll find parts that are completely filled with 00s (nulled out). They might have a purpose, however, so I suggest you test them first.

Fiori
February 25th, 2012, 03:36 AM
Thank you very much,actually i wanna make a npc who can tell you the individual values of your 1st pokemon,and now i can store the ivs into the memory (i used 0x20500a0),but i dont know how to use xse script to get the value...Do you have any idea to do this?

droomph
February 25th, 2012, 11:19 AM
I believe storing them in the RAM of temporary variables (0x800D up) would be a better way to do that.

sonic1
February 25th, 2012, 12:17 PM
Not to mention that ewram only goes up to 02040000 (256kb).
Anyways,

080FB36C ->Truck_Sequence of newgame (ran by callback3)

Fiori
February 26th, 2012, 01:32 AM
I believe storing them in the RAM of temporary variables (0x800D up) would be a better way to do that.
:D i did it in this way,thanks anyway.

080FB36C ->Truck_Sequence of newgame (ran by callback3)
Thanks for your reply ,but i dont understand this,could u explain it ?

droomph
February 26th, 2012, 03:09 PM
Thanks for your reply ,but i dont understand this,could u explain it ?That's for the ROM map, which is what the original post is going to be.

EDIT: I now realize how much of an ass I sounded like. I'm sorry if I offended you ^^ no hard feelings?

hinkage
March 15th, 2012, 03:23 PM
What do you mean by "Rumbly truck thing (run by callback3)"

If I zero this out, will it make the truck intro go away?

droomph
March 15th, 2012, 03:32 PM
Yes, but you will have to add a bx rd to the front of the newly nulled-out section so that it returns every time it's called (because it still will be called).

Alternatively you can use a tool that I recently found around these forums - it's called Truck Remover - that will do all that crap for you.I hope you know how to search

Edit: OH AND HAY GUIZE I really need to know how the LZ77 thing works so I can add all that cool stuff ^^ and possibly squeeze another 2% out Ö

Bond697
March 28th, 2012, 09:14 PM
8084310 - make trainer id set
80842cc - store trainer id set

i should spend some time idly scrolling through the disassembly in ida at some point soon and see if i can pick some more stuff out.. maybe tomorrow.

e:

800a850 - debug printing function

droomph
March 28th, 2012, 10:02 PM
800a850 - debug printing functionPlease explain more desuka?

sonic1
March 29th, 2012, 04:22 AM
Please explain more desuka?

I think i can explain it a bit more. That function is called by this routine:

08009570 @ =============== S U B R O U T I N E =======================================
08009570
08009570
08009570 LINK_CABLE_DEBUG_FUNC:
08009570
08009570 var_C = -0xC
08009570
08009570 PUSH {R4,LR}
08009572 SUB SP, SP, #4
08009574 BL init_screen_maybe
08009578 BL sub_0800870C
0800957C BL sub_080A8F50
08009580 LDR R0, =(sub_080096BC+1)
08009582 BL set_callback1xC
08009586 BL sub_0800A2E0
0800958A LDR R1, =word_020229C6
0800958C LDR R2, =0x1111
0800958E MOVS R0, R2
08009590 STRH R0, [R1]
08009592 BL sub_08009734
08009596 LDR R0, =callback1
08009598 LDRH R0, [R0,#(dword_030022E4 - 0x30022C0)]
0800959A BL Update_Seed
0800959E MOVS R4, #0
080095A0
080095A0 loc_080095A0: @ CODE XREF: LINK_CABLE_DEBUG_FUNC+42j
080095A0 BL rand
080095A4 LDR R1, =saveblock2_trainercard
080095A6 LDR R1, [R1]
080095A8 ADDS R1, #Saveblock2TrainerCard_entries.Trainer_ID
080095AA ADDS R1, R1, R4
080095AC STRB R0, [R1]
080095AE ADDS R4, #1
080095B0 CMP R4, #3
080095B2 BLE loc_080095A0
080095B4 MOVS R4, #0
080095B6 STR R4, [SP,#0xC+var_C]
080095B8 MOVS R0, #0
080095BA MOVS R1, #2
080095BC MOVS R2, #4
080095BE MOVS R3, #0
080095C0 BL sub_08009414
080095C4 MOVS R1, 0x1540
080095C8 MOVS R0, #0
080095CA BL sub_080010B4
080095CE LDR R0, =(sub_08009404+1)
080095D0 MOVS R1, #0
080095D2 BL add_to_callback3_list
080095D6 BL call_back3
080095DA BL call_back_oam
080095DE BL write_oam_something
080095E2 BL sub_080A1A1C
080095E6 LDR R0, =dword_03000D60
080095E8 STR R4, [R0]
080095EA BL sub_08009638
080095EE LDR R0, =(sub_0800A850+1)
080095F0 MOVS R1, #0
080095F2 BL add_to_callback3_list
080095F6 LDR R0, =(sub_080099BC+1) @ func
080095F8 BL set_callback2
080095FC ADD SP, SP, #4
080095FE POP {R4}
08009600 POP {R0}
08009602 BX R0
08009602 @ End of function LINK_CABLE_DEBUG_FUNC
08009602
08009602 @ ---------------------------------------------------------------------------
08009604 off_08009604: .long sub_080096BC+1 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+10r
08009608 off_08009608: .long word_020229C6 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+1Ar
0800960C dword_0800960C: .long 0x1111 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+1Cr
08009610 off_08009610: .long callback1 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+26r
08009614 off_08009614: .long saveblock2_trainercard @ DATA XREF: LINK_CABLE_DEBUG_FUNC+34r
08009618 off_08009618: .long sub_08009404+1 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+5Er
0800961C off_0800961C: .long dword_03000D60 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+76r
08009620 off_08009620: .long sub_0800A850+1 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+7Er
08009624 @ void (__fastcall *off_08009624)()
08009624 off_08009624: .long sub_080099BC+1 @ DATA XREF: LINK_CABLE_DEBUG_FUNC+86r

Try callasm this function to see what happens and try to understand!


Oh, btw, here's another contribution, newgame routine:
080844A0 @ =============== S U B R O U T I N E =======================================
080844A0
080844A0
080844A0 newgame: @ CODE XREF: c2_Newgame+Ep
080844A0 PUSH {R4,R5,LR}
080844A2 LDR R0, =word_03006210
080844A4 LDRH R0, [R0]
080844A6 CMP R0, #0
080844A8 BEQ loc_080844AE
080844AA CMP R0, #2
080844AC BNE loc_080844B2
080844AE
080844AE loc_080844AE: @ CODE XREF: newgame+8j
080844AE BL sub_0802F3F8
080844B2
080844B2 loc_080844B2: @ CODE XREF: newgame+Cj
080844B2 LDR R1, =byte_020322D4
080844B4 MOVS R0, #1
080844B6 STRB R0, [R1]
080844B8 LDR R4, =saveblock2_trainercard
080844BA LDR R0, [R4]
080844BC ADDS R0, #0xAC
080844BE MOVS R5, #0
080844C0 STR R5, [R0]
080844C2 BL sub_08067B0C
080844C6 BL sub_08067B2C
080844CA BL sub_080BB2D0
080844CE BL sub_08084400
080844D2 BL sub_08076BB8
080844D6 BL sub_080D436C
080844DA LDR R0, [R4]
080844DC STRB R5, [R0,#9]
080844DE LDR R0, [R4]
080844E0 ADDS R0, #0xA8
080844E2 STR R5, [R0]
080844E4 BL make_trainerID
080844E8 BL sub_080841E4
080844EC BL sub_08084390
080844F0 BL sub_0809D300
080844F4 BL sub_080EBEE0
080844F8 BL sub_080EC21C
080844FC BL sub_080E8B28
08084500 BL sub_080E1794
08084504 LDR R4, =saveblock1
08084506 LDR R0, [R4]
08084508 MOVS R1, 0x490
0808450C ADDS R0, R0, R1
0808450E LDR R1, =0xBB8
08084510 BL sub_080E5128
08084514 MOVS R0, #0
08084516 BL sub_08145C58
0808451A BL sub_080D766C
0808451E BL sub_080847A8
08084522 BL sub_080843C0
08084526 BL sub_0813C1F8
0808452A BL sub_080F9A7C
0808452E BL sub_080F9AD4
08084532 LDR R0, =poke_quantity
08084534 STRB R5, [R0]
08084536 BL sub_08067B0C
0808453A BL sub_080C7770
0808453E BL sub_08161B34
08084542 BL sub_08161B60
08084546 LDR R0, [R4]
08084548 LDR R1, =0x496
0808454A ADDS R0, R0, R1
0808454C STRH R5, [R0]
0808454E BL sub_080D7094
08084552 BL sub_0816ADF4
08084556 BL sub_08136E88
0808455A BL sub_081618B4
0808455E BL sub_0811F184
08084562 BL sub_08120160
08084566 BL sub_081224D4
0808456A BL sub_0813BA10
0808456E BL sub_08177558
08084572 BL sub_0808444C
08084576 LDR R0, =scr_NEWGAME_start_flags
08084578 BL script_start_2
0808457C BL sub_080845CC
08084580 BL sub_0801F1DC
08084584 BL sub_0818DA30
08084588 BL sub_0819FAA0
0808458C BL sub_081A4B14
08084590 BL sub_08195E10
08084594 BL sub_0801AFD8
08084598 BL sub_0800E5AC
0808459C BL sub_081D54BC
080845A0 BL sub_080DED74
080845A4 POP {R4,R5}
080845A6 POP {R0}
080845A8 BX R0
080845A8 @ End of function newgame
080845A8
080845A8 @ ---------------------------------------------------------------------------

droomph
March 29th, 2012, 02:29 PM
I...don't really know. It changes the screen to a different tilemap, but that's pretty much all that happens, and the other emulator won't cooperate with me today.

droomph
May 4th, 2012, 11:42 AM
Okay hey everyone, I'm here today with a new set of things to figure out reference. This thread needs some action, come on~

This is the same command that does the Shoal Cave business. Its use is pretty complicated so I'll try to explain it thoroughly.

Arguments: hword mapNum

Use: Changing the map tiles and map movement on any given map.

This will take the map that it's given through the argument and set it on top of the original map. If the map sizes are not the same, it will align from the top left corner.

mapNum: from 0x8481DD4 (or from the offset pointed to at 0x80849CC) there is a table of map footer offsets. Also, in the map header there is also a map footer offset. The entry in the table plus one is the argument of setmapfooter for that map.

ASM:08099EA0 B500 push {r14}
08099EA2 F7FEFFB3 bl #0x8098E0C
08099EA6 0400 lsl r0,r0,#0x10
08099EA8 0C00 lsr r0,r0,#0x10
08099EAA F003FBF3 bl #0x809D694
08099EAE 0400 lsl r0,r0,#0x10
08099EB0 0C00 lsr r0,r0,#0x10
08099EB2 F7EBFB37 bl #0x8085524
08099EB6 2000 mov r0,#0x0
08099EB8 BC02 pop {r1}
08099EBA 4708 bx r1Setmapfooter maps reference (not meant to be completed)0x0 - Borked~?
0x1 - 0.0 PETALBURG CITY
0x2 - 0.1 SLATEPORT CITY
0x3 - 0.2 MAUVILLE CITY
0x4 - 0.3 RUSTBORO CITY
0x5 - 0.4 FORTREE CITY
0x6 - 0.5 LILYCOVE CITY
0x7 - 0.6 MOSSDEEP CITY
0x8 - 0.7 SOOTOPOLIS CITY
0x9 - 0.8 EVER GRANDE CITY
0xA - 0.9 LITTLEROOT TOWN
0xB - 0.10 ODALE TOWN
0xC - 0.11 DEWFORD TOWN
0xD - 0.12 LAVARIDGE TOWN
0xE - 0.13 FALLARBOR TOWN
0xF - 0.14 VERDANTURF TOWN
0x10 - 0.15 PACIFIDLOG TOWN
0x11 - 0.16 ROUTE 101
0x12 - 0.17 ROUTE 102
0x13 - 0.18 ROUTE 103
0x14 - 0.19 ROUTE 104
0x15 - 0.20 ROUTE 105
0x16 - 0.21 ROUTE 106
0x17 - 0.22 ROUTE 107
0x18 - 0.23 ROUTE 108
0x19 - 0.24 ROUTE 109
0x1A - 0.25 ROUTE 110
0x1B - 0.26 ROUTE 111
0x1C - 0.27 ROUTE 112
0x1D - 0.28 ROUTE 113
0x1E - 0.29 ROUTE 114
0x1F - 0.30 ROUTE 115
0x20 - 0.31 ROUTE 116
0x21 - 0.32 ROUTE 117
0x22 - 0.33 ROUTE 118
0x23 - 0.34 ROUTE 119
0x24 - 0.35 ROUTE 120
0x25 - 0.36 ROUTE 121
0x26 - 0.37 ROUTE 122
0x27 - 0.38 ROUTE 123
0x28 - 0.39 ROUTE 124
0x29 - 0.40 ROUTE 125
0x2A - 0.41 ROUTE 126
0x2B - 0.42 ROUTE 127
0x2C - 0.43 ROUTE 128
0x2D - 0.44 ROUTE 129
0x2E - 0.45 ROUTE 130
0x2F - 0.46 ROUTE 131
0x30 - 0.47 ROUTE 132
0x31 - 0.48 ROUTE 133
0x32 - 0.49 ROUTE 134
0x33 - 0.51 UNDERWATER
0x34 - 0.52 UNDERWATER
0x35 - 0.53 UNDERWATER
0x36 - 1.1 LITTLEROOT TOWN
0x37 - 1.2 LITTLEROOT TOWN
0x38 - 1.3 LITTLEROOT TOWN
0x39 - 1.4 LITTLEROOT TOWN
0x3A - 1.5 LITTLEROOT TOWN
0x3B - 2.0 ODALE TOWN
0x3C - 2.1 ODALE TOWN
0x3D - 2.2 ODALE TOWN (PC)
0x3E - 2.3 ODALE TOWN (PC 2nd floor)
0x3F - 2.4 ODALE TOWN (Pokémart)
0x40 - 3.0 DEWFORD TOWN
0x41 - 3.3 DEWFORD TOWN (Gym)
0x42 - 3.4 DEWFORD TOWN
0x43 - 3.5 DEWFORD TOWN
0x44 - 4.0 LAVARIDGE TOWN
0x45 - 4.1 LAVARIDGE TOWN (Gym)
0x46 - 4.2 LAVARIDGE TOWN (Gym 2)
0x47 - 4.5 LAVARIDGE TOWN (PC)
0x48 - Some contest hall.
0x49 - Some contest stage.
0x4A - Some house?
0x4B - borked~
0x4C - 6.6 VERDANTURF TOWN
0x4D - 7.2 PACIFIDLOG TOWN
0x4E - 7.3 PACIFIDLOG TOWN
0x4F - 8.1 PETALBURG CITY (Gym)
0x50 - 8.3 PETALBURG CITY/9.5 SLATEPORT CITY Please confirm!
0x51 - 9.0 SLATEPORT CITY
0x52 - 9.1 SLATEPORT CITY
0x53 - borked~
0x54 - broken
0x55 - 9.6 SLATEPORT CITY
0x56 - 9.7 SLATEPORT CITY
0x57 - 9.8 SLATEPORT CITY
0x58 - 9.9 SLATEPORT CITY

0xA3 - 24.46 SHOAL CAVE!!!!! YEAH BRAH

0x110 - Where you get Castform (I'm not going to do all of that remembering!)
0x111 - Borked?

0x19A - 0.55 UNDERWATER
0x19B - 0.56 UNDERWATER
0x19C - 0.54 UNDERWATER

droomph
May 12th, 2012, 02:01 PM
Come on guys~

Alright, so you know setpkmnpp, it takes four bytes as arguments.

The XSE guide says this is how it's used:

b Pokémon slot
b Move slot
h New PP amountHowever, the last argument is wrong. Instead of giving a new PP amount, it replaces the move with the move whose index number is equal to the hword you give.

It might just be Emerald, but take note of that.

Haowakeorden
June 25th, 2012, 04:42 PM
Here are some offsets that I noticed were missing from the ROM map. They're from (or deduced from) the YAPE romdata.ini file.

0x31B6DB - 0x31BAD3 - Ability names (0x3F9b)

0x31E898 - 0x31F56F - Pokémon TM/HM compatibility (0xCD8b)

0x3230DC - 0x325319 - Pokémon level-up move tables (0x223Eb)

0x32531C - 0x32937B - Pokémon evolution data (0x4060b)
0x32937C - 0x3299EB - Pokémon level-up move table pointers (0x670b)

0x55D30D - 0x56B5AD - Pokédex flavour text (0xE2A1b)

0x56B5B0 - 0x56E60F - Pokédex classifications, heights, weights, flavour text pointers, and size comparison data (0x3060b)

0x615894 - 0x615C07 - TM/HM-to-move mappings (0x74b)

Hope it helps!

droomph
July 10th, 2012, 03:09 PM
Okay, thank you! I'll get to it immediately.

:c

Bond697
August 28th, 2012, 02:50 PM
ROM:0806A518 getPKMData:
ROM:0806A674 readPKMData:
ROM:0806ACAC writePKMData:
ROM:0806AD9C setPKMData:
08070266 Inheritance- bugged to not prevent inheriting the same IV multiple times Bond697
08070218 Inheritance check- make sure the same IV isn't inherited multiple times- bugged due to the wrong argument being passed to it Bond697
ROM:0806DCB4 @ void __fastcall pokerusHandler(void *pPartyBlock)
ROM:0806DEC4 pokerusSpread:

fun fact: in gen 3, eggs cannot be infected with pokerus. they can still get it, however, by having it spread to them by another party member.

FirEmerald
August 28th, 2012, 06:49 PM
Hi. I've been working on a list of pokemon emerald compressed data using Nintenlord's GBA Graphics Editor.I did't notice the comressed pallete option on the pallete window until I started the items, so I have yet to do any of them before the items.I just completed the compressed data.Attachments follow.

droomph
September 29th, 2012, 04:09 PM
oh crap! I'm so sorry for forgetting this! I would definitely love to have you guys still help me :3

I'll get immediately onto updating the OP!