• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Forum moderator applications are now open! Click here for details.
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.

ASM Hackers...

Darthatron

巨大なトロール。
1,152
Posts
18
Years
What method do you all use in order to locate images/tilemaps written to the VRAM in the ROM? I've tried everything I can think of, and each time it's just lead to rage-quits (but not really)... So... Help?

I attempted setting a break point on any writes to the VRAM, but it didn't work.

Discuss?
 

colcolstyles

Yours truly
1,588
Posts
15
Years
Moving this to R&D...

I have a general method that I use which works most of the time. I've considered writing a tutorial detailing it but ah, there's never enough free time. Anyway, first I open the ROM with VBA-H and use its logging capability to track calls of DMA3 and SWI and then search through the results for the address I'm looking for. The good thing about this is that it also catches the decompression of any data which comes in handy for a lot of graphics in particular. If I don't see the address in the log file, then I fire up VBA-SDL-H and put a breakpoint on the address of the image/tilemap in the VRAM. This allows me to see exactly what's going on when the game writes to the VRAM. If the game breaks on a SWI call, then I can check the registers (r0 usually has the source) to find where the data is located in the ROM. If the game breaks on something like "str r0, [r7, #0x00]" and r7 contains an I/O Register address ('0x0400:0XXX'), then it's probably utilizing one of the DMAs. And if it's just a "str/b/h" or "stmia" instruction, then you'll have to decompile some routines to trace where the data is being read from, which, admittedly, can be a very tedious process.

Also, some of the time (I see this more with compressed data), the game copies the image into the WRAM and from there copies it to the VRAM. I'm assuming this has something to do with with buses and all that technical, hardware stuff that I don't understand.
 

Darthatron

巨大なトロール。
1,152
Posts
18
Years
I'm shocked that I never thought of that... That's a very good way of doing it, kudos. :) I just followed your method and found exactly what I was looking for. :D

Anyone else have different ways, for future reference??
 

Full Metal

C(++) Developer.
810
Posts
16
Years
[uncompressed only]
1.finf gfx memory [use oam/tile/sprite viewer]
2. dump a few bytes and search w/ hexeditor.
:]
 

ZodiacDaGreat

Working on a Mobile System
429
Posts
17
Years
Add onto Full Metal's way. But can also work for Compressed ;) Look for the address using the viewers, dump like approximate size and then compressed it with a tool and then search XD
 
150
Posts
17
Years
I set address=byte breakpoints and backtrace until I get a source address that's in the ROM. If the data is copied using DMA you can just peek at the DMA I/O ports and see what the source address is. Normal break-on-write breakpoints often don't work on VRAM because it's filled either through DMA or Cpu(Fast)Set.
 
Back
Top