View Single Post
Old March 23rd, 2008 (8:07 PM). Edited March 23rd, 2008 by IIMarckus.
IIMarckus's Avatar
IIMarckus IIMarckus is offline
[email protected]
Join Date: Oct 2007
Posts: 402
Originally Posted by timmy112 View Post
How do I change the old pointer to the new location.
Depends on what system you're hacking. Let's use Crystal as an example. If the offset is >4000, then we can get its pointer by (offset MOD 4000) + 4000.

034BB1 Mod 4000 = 0BB1
0BB1 + 4000 = 4BB1

So 4BB1 is our pointer. Next, we look for the pointer in our ROM. In most cases (not always, but usually), the pointer is in the same bank as the data. Each bank is 4000 bytes long and starts at the offset rounded down to the nearest 4000, which in our case is 034000. So we navigate to 034000 in our hex editor and search for the pointer. GBC pointers are little-endian, which means that the one's place byte goes first. So we search for B14B.

Our result is at 034741. Notice the 21 in front of the pointer. 21, 11, and 01 are assembly commands that mean "load the next two bytes into the CPU registers." If you see one of those while searching for pointer values, it's a good bet that you've found your pointer. (Not to say that a pointer without a 21 in front is less likely to be a pointer -- a lot of the time you'll find pointers in lists, especially when it comes to things like text.)

So we change the value in 034741-034742 to the pointer to our new location for the data. The free space in this bank starts at 037EE2, so let's assume we copied our data there. Like before, we would find the pointer to our new location with ((037EE2 MOD 4000) + 4000), which is 7EE2. Don't forget to byteswap! Our final value will be E27E.

This method will work for GBC pointers, but not GBA pointers. If you're needing those instead, it shouldn't be that hard to find out info on how they work.