Thread: Research: Items
View Single Post
Old January 8th, 2010 (6:55 PM).
JPAN JPAN is offline
pokemon rom researcher
Join Date: Dec 2008
Posts: 104
I have sucessfully managed to execute a script through an item. But it is still quite buggy. First, I bring you what matters most, the code:
/*this routine loads a fixed script and runs it*/
New_item_start:  push {r4,lr}
                        ldr r0, script
                        bl script_executer
                        ldr R1, Script_flag_set
                        mov R0, #0x1
                        strb R0, [R1]
                        bl bag_exiter
                        pop {r4,pc}

script: .word 0x08801000 /*the script to execute after leaving the bag*/
Script_flag_set: .word 0x03000f9c
script_executer:  ldr r1, exe_addr
                        bx r1
exe_addr: .word 0x08069AE5
bag_exiter:  ldr r1, exit_code
                 bx r1
exit_code: .word 0x080a103d
(ps: this code does not delete the item used.)
This will sucessfully run a piece of code through the map, just like a normal script. This code has been tested for all pockets, and only works if it's type byte is not 2. In fact, the type byte 2 seems to be used by the game to determine if a code is stored for posterior execution. Items with 2 on it that try to leave the bag will trigger a condition that calls for another type of exit.
As for the bugs, I must say, it all comes down to one: the Start menu.
The game exits the bag and re-opens the menu, a convenient feature most of the time. But, when the game exits the bag and asks to run a script, the game will run both at once. That, besides being graphically ugly (see attatchment), is also very bad for us, as the control scheme for the menu overwrite the normal world controls, and pressing A will automatically open the bag menu once more. Depending on how you start the script, or how you encode your Item, this bug may not be a problem. Using any scripting function that overwrites the Overworld screen, or that refreshes the map entirely (and there are many, refreshing with warps, loading the PC screens, the pokemon selection menu, the town map special...) the bug is no longer important. Also, being a fully functional script, it also allows trainer battles and set wild battles, but message boxes, multichoice boxes (like the Yes\no one) and the like will not work until the map is refreshed somehow.
And here is where I ask for your help. I can't seem to find the location the Menu opens after the return for the OW map (as all of the OW functions located at the function execution table at 0x3005090 seem to be the same when it's on or not, only one byte changes from 0xff to something else, and changing it will crash the game). So, I will place here some of the bag_exit routine, and hope someone will be able to find where to change it to prevent the menu when one of our items runs.
ROM:080A103C Bag_exit                                ; CODE XREF: Bicycle_func+AAp
ROM:080A103C                                         ; ROM:080A1352p ...
ROM:080A103C                 PUSH    {LR}
ROM:080A103E                 LSL     R0, R0, #0x18
ROM:080A1040                 LSR     R2, R0, #0x18
ROM:080A1042                 LDR     R1, =0x3005090
ROM:080A1044                 LSL     R0, R2, #2
ROM:080A1046                 ADD     R0, R0, R2
ROM:080A1048                 LSL     R0, R0, #3
ROM:080A104A                 ADD     R0, R0, R1
ROM:080A104C                 MOV     R1, #0xE
ROM:080A104E                 LDRSH   R0, [R0,R1]
ROM:080A1050                 CMP     R0, #1
ROM:080A1052                 BEQ     loc_80A1070
ROM:080A1054                 LDR     R1, =0x3005020
ROM:080A1056                 LDR     R0, =(loc_80A1084+1)
ROM:080A1058                 STR     R0, [R1]
ROM:080A105A                 ADD     R0, R2, #0
ROM:080A105C                 BL      sub_80A0FBC
ROM:080A1060                 B       loc_80A107A
ROM:080A1060 ; ---------------------------------------------------------------------------
ROM:080A1062                 DCB    0
ROM:080A1063                 DCB    0
ROM:080A1064 dword_80A1064   DCD 0x3005090           ; DATA XREF: Bag_exit+6r
ROM:080A1068 dword_80A1068   DCD 0x3005020           ; DATA XREF: Bag_exit+18r
ROM:080A106C off_80A106C     DCD loc_80A1084+1       ; DATA XREF: Bag_exit+1Ar
ROM:080A1070 ; ---------------------------------------------------------------------------
ROM:080A1070 loc_80A1070                             ; CODE XREF: Bag_exit+16j
ROM:080A1070                 LDR     R0, =0x2039998
ROM:080A1072                 LDR     R1, [R0]
ROM:080A1074                 ADD     R0, R2, #0
ROM:080A1076                 BL      sub_81E3BAC
ROM:080A107A loc_80A107A                             ; CODE XREF: Bag_exit+24j
ROM:080A107A                 POP     {R0}
ROM:080A107C                 BX      R0
ROM:080A107C ; End of function Bag_exit
ROM:080A107C ; ---------------------------------------------------------------------------
ROM:080A107E                 DCB    0
ROM:080A107F                 DCB    0
ROM:080A1080 dword_80A1080   DCD 0x2039998           ; DATA XREF: Bag_exit:loc_80A1070r
ROM:080A1084 ; ---------------------------------------------------------------------------
ROM:080A0FBC sub_80A0FBC                             ; CODE XREF: Bag_exit+20p
ROM:080A0FBC                                         ; sub_80A16D0+6p
ROM:080A0FBC                 PUSH    {R4,R5,LR}
ROM:080A0FBE                 LSL     R0, R0, #0x18
ROM:080A0FC0                 LSR     R5, R0, #0x18
ROM:080A0FC2                 LDR     R1, =0x203AD30
ROM:080A0FC4                 LDRH    R0, [R1]
ROM:080A0FC6                 CMP     R0, #0xAF
ROM:080A0FC8                 BNE     loc_80A0FE0
ROM:080A0FCA                 LDR     R0, =0x3005090
ROM:080A0FCC                 LSL     R1, R5, #2
ROM:080A0FCE                 ADD     R1, R1, R5
ROM:080A0FD0                 LSL     R1, R1, #3
ROM:080A0FD2                 ADD     R1, R1, R0
ROM:080A0FD4                 LDRB    R0, [R1,#0x10]
ROM:080A0FD6                 B       loc_80A0FE6
ROM:080A0FD6 ; ---------------------------------------------------------------------------
ROM:080A0FD8 dword_80A0FD8   DCD 0x203AD30           ; DATA XREF: sub_80A0FBC+6r
ROM:080A0FDC dword_80A0FDC   DCD 0x3005090           ; DATA XREF: sub_80A0FBC+Er
ROM:080A0FE0 ; ---------------------------------------------------------------------------
ROM:080A0FE0 loc_80A0FE0                             ; CODE XREF: sub_80A0FBC+Cj
ROM:080A0FE0                 LDRH    R0, [R1]
ROM:080A0FE2                 BL      get_item_type
ROM:080A0FE6 loc_80A0FE6                             ; CODE XREF: sub_80A0FBC+1Aj
ROM:080A0FE6                 SUB     R0, #1
ROM:080A0FE8                 LSL     R0, R0, #0x18
ROM:080A0FEA                 LSR     R4, R0, #0x18
ROM:080A0FEC                 LDR     R0, =0x203AD30
ROM:080A0FEE                 LDRH    R0, [R0]
ROM:080A0FF0                 BL      sub_809A260
ROM:080A0FF4                 LSL     R0, R0, #0x18
ROM:080A0FF6                 LSR     R0, R0, #0x18
ROM:080A0FF8                 CMP     R0, #5
ROM:080A0FFA                 BNE     loc_80A1018
ROM:080A0FFC                 LDR     R0, =off_83E2954
ROM:080A0FFE                 LSL     R1, R4, #2
ROM:080A1000                 ADD     R1, R1, R0
ROM:080A1002                 LDR     R0, [R1]
ROM:080A1004                 BL      sub_813D934
ROM:080A1008                 ADD     R0, R5, #0
ROM:080A100A                 BL      sub_813D808
ROM:080A100E                 B       loc_80A1032
ROM:080A100E ; ---------------------------------------------------------------------------
ROM:080A1010 dword_80A1010   DCD 0x203AD30           ; DATA XREF: sub_80A0FBC+30r
ROM:080A1014 off_80A1014     DCD off_83E2954         ; DATA XREF: sub_80A0FBC+40r
ROM:080A1018 ; ---------------------------------------------------------------------------
ROM:080A1018 loc_80A1018                             ; CODE XREF: sub_80A0FBC+3Ej
ROM:080A1018                 LDR     R0, =off_83E2954
ROM:080A101A                 LSL     R1, R4, #2
ROM:080A101C                 ADD     R1, R1, R0
ROM:080A101E                 LDR     R0, [R1]
ROM:080A1020                 BL      sub_8108EE0
ROM:080A1024                 CMP     R4, #1
ROM:080A1026                 BNE     loc_80A102C
ROM:080A1028                 BL      sub_8108CB4
ROM:080A102C loc_80A102C                             ; CODE XREF: sub_80A0FBC+6Aj
ROM:080A102C                 ADD     R0, R5, #0
ROM:080A102E                 BL      sub_8108B50
ROM:080A1032 loc_80A1032                             ; CODE XREF: sub_80A0FBC+52j
ROM:080A1032                 POP     {R4,R5}
ROM:080A1034                 POP     {R0}
ROM:080A1036                 BX      R0
ROM:080A1036 ; End of function sub_80A0FBC
ROM:080A1036 ; ---------------------------------------------------------------------------
ROM:080A1038 off_80A1038     DCD off_83E2954         ; DATA XREF: sub_80A0FBC:loc_80A1018r
Attached Images
File Type: png Dirty_image.png‎ (7.8 KB, 287 views) (Save to Dropbox)
Here are the links for my work

Currently working on:
Battle Script Documentation
Another large project
Reply With Quote