The PokéCommunity Forums  

Go Back   The PokéCommunity Forums > Creative Discussions > Emulation & ROM Hacking > Research & Development
Sign Up Rules/FAQ Live Battle Blogs Mark Forums Read

Notices

Research & Development Got a well-founded knack with ROM hacking? Love reverse-engineering the Pokémon games? Or perhaps you love your assembly language. This is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create!
New threads in this forum are to be approved by a moderator before they are displayed. The thread revival limit does not apply here.


Reply
Click here to go to the first staff post in this thread.  
Thread Tools
  #76    
Old November 11th, 2010, 06:17 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
I need infos on the 0x083E-0x083F area.
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #77    
Old November 11th, 2010, 06:27 AM
Darthatron's Avatar
Darthatron
巨大なトロール。
 
Join Date: Jan 2006
Location: Melbourne, Australia
Age: 22
Gender: Male
Nature: Modest
Quote:
Originally Posted by knizz View Post
I need infos on the 0x083E-0x083F area.
Want to be a little more specific what you're looking for? :\
__________________
あなた は しきしゃ です
わたし は ばか です
Reply With Quote
  #78    
Old November 11th, 2010, 07:18 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
Want? Yes. Can? No.
Theres just a pile of structureless numbers and addresses.
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #79    
Old November 11th, 2010, 02:39 PM
diegoisawesome's Avatar
diegoisawesome
Not the Script Help Thread
 
Join Date: Dec 2007
Location: Goldenrod City, Johto
Age: 17
Gender: Male
Nature: Quirky
Quote:
Originally Posted by knizz View Post
Want? Yes. Can? No.
Theres just a pile of structureless numbers and addresses.
Is 0x083e to 0x083f an address range? (Because that would only be one byte long...)
Or what is it? Where is it? How did you come to the conclusion that they're structureless?
We need this in order to even know what you're talking about...
__________________


My other resources:
My Website
diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
diegoisawesome's Miscellaneous Finds
The Ruins of Alph Puzzles
Reply With Quote
  #80    
Old November 11th, 2010, 08:07 PM
liuyanghejerry's Avatar
liuyanghejerry
Trainer
 
Join Date: Jan 2008
Location: China,Xi'an
Nature: Calm
Send a message via ICQ to liuyanghejerry Send a message via Windows Live Messenger to liuyanghejerry Send a message via Yahoo to liuyanghejerry
Cheat code for bugfixing the save failed of Pokémon Mystery Dungeon: Explorers of Sky

Bugfix device includes:

no$gba //needs to restart the game after using
akrpg (thanks linoul for testing)
ak+ (thanks tingyigg for testing)

It's worth trying if meet this bug in other device

cheat code:

U version
2204AA98 00000007
2208380c 000000BF

E version
2204ADD0 00000007
22083BA4 000000BF

Give credits to enler, who allowed me to post here.
Any problems please contact [email protected]
__________________
Zel,thethethethe,LU-HO,Darthatron,HackMew,ZodiacDaGreat,Juan,score_under,JPAN,Tamah-chan,I really appreciate your kindness and your help!:D


I did something that really bad.But made all Chinese can hack Pokemon, too.If you guys hate me, I totally understand,but cannot do anything but force to keep everything.
If there must be someone to undertake all spit and curse, it must be me.
Reply With Quote
  #81    
Old November 12th, 2010, 11:51 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
I meant 0x083e0000-0x083f0000
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #82    
Old November 12th, 2010, 12:04 PM
Team Fail's Avatar
Team Fail
 
Join Date: May 2009
Age: 18
Gender: Male
Nature: Brave
Tell me what is wrong with these images. I will explain what I am doing if someone can guess it, and I will explain my research, as well as who I did this with as well (Manipulation, don't say anything! ). For more info, visit http://www.megaupload.com/?d=ACNYQ1VR and patch onto a Pokemon Diamond (U) Rom.

__________________



Team Fail

Community Supporter Collab
☆ ☆ ☆



Last edited by Team Fail; November 12th, 2010 at 02:18 PM.
Reply With Quote
  #83    
Old November 12th, 2010, 04:43 PM
diegoisawesome's Avatar
diegoisawesome
Not the Script Help Thread
 
Join Date: Dec 2007
Location: Goldenrod City, Johto
Age: 17
Gender: Male
Nature: Quirky
Quote:
Originally Posted by Team Fail View Post
Tell me what is wrong with these images. I will explain what I am doing if someone can guess it, and I will explain my research, as well as who I did this with as well (Manipulation, don't say anything! ). For more info, visit http://www.megaupload.com/?d=ACNYQ1VR and patch onto a Pokemon Diamond (U) Rom.

By the name of the UPS file, I'm guessing you're making Diamond more like its demo version, probably the one in GameStop or something?
__________________


My other resources:
My Website
diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
diegoisawesome's Miscellaneous Finds
The Ruins of Alph Puzzles
Reply With Quote
  #84    
Old November 12th, 2010, 04:50 PM
colcolstyles's Avatar
colcolstyles
Yours truly
 
Join Date: May 2008
Location: The Bay Area
Gender: Male
Nature: Lonely
For anyone who's interested, at '0x078c1c' there is a 32-bit number (the default value is '0x00000a8b') which dictates the number of frames for which the titlescreen is displayed before resetting. The GBA operates at roughly 60 frames per second and '0xa8b' divided by 60 is 45 so the unedited titlescreen is displayed for 45 seconds. You can change that number (remember to reverse it) to lengthen or shorten the amount of time it takes for the titlescreen to reset.

This is for Fire Red, by the way.
__________________

Brother of Vrai
Reply With Quote
  #85    
Old November 12th, 2010, 10:02 PM
Team Fail's Avatar
Team Fail
 
Join Date: May 2009
Age: 18
Gender: Male
Nature: Brave
Quote:
Originally Posted by diegoisawesome View Post
By the name of the UPS file, I'm guessing you're making Diamond more like its demo version, probably the one in GameStop or something?
Yup. You got some of it. What is different about the screens that would compare to normal gameplay from a retail ROM? I'll give you a hint: I obtained a "hacked savestate" with help from my helper. Look at the images closely, they'll stand out blatantly.
Quote:
Originally Posted by colcolstyles View Post
For anyone who's interested, at '0x078c1c' there is a 32-bit number (the default value is '0x00000a8b') which dictates the number of frames for which the titlescreen is displayed before resetting. The GBA operates at roughly 60 frames per second and '0xa8b' divided by 60 is 45 so the unedited titlescreen is displayed for 45 seconds. You can change that number (remember to reverse it) to lengthen or shorten the amount of time it takes for the titlescreen to reset.

This is for Fire Red, by the way.
Is it possible to make this number become infinite?
__________________



Team Fail

Community Supporter Collab
☆ ☆ ☆


Reply With Quote
  #86    
Old November 13th, 2010, 12:44 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
Quote:
Originally Posted by Team Fail View Post
Is it possible to make this number become infinite?
In case 0xFFFFFFFF (=4294967295) frames are not enough for you you can remove the 05 DD (BLE) at 08078C04 and replace it with 05 E0 (B).
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #87    
Old November 17th, 2010, 03:27 AM
linkandzelda's Avatar
linkandzelda
n00b desu ka?
 
Join Date: Dec 2006
Location: Hastings, England
Gender: Male
Nature: Careful
Hey guys, i've been wondering something regarding Emerald.

People have coded tools and stuff to use Emeralds "free space" which is that load of 00 bytes from around 0x9C2000 - 0xAFFFFF. Some people say they are not free space and shouldn't be touched. I also saw that it makes peoples music go funny with beeps?

Well i ran a small test. I was thinking: If the game uses those bytes then filling them out with FF would make it chock; so i did it. The game ran fine and i tested 50 different songs and sounds in-game without problems, they played fine.

So it begs the question: Can anyone confirm either the 00 bytes are free space and can be used or, that they cannot be used but with an explanation as to why.

Also, regarding A-MAP, i think it searches from 0x6B0000 which, is not free space but includes data with quite a few 00 bytes there. If i remember correctly, voicegroup data looks like that with a lot of 00 to it. I have a feeling thats the "music beeps" people talk of as AM decided to write small data to those "blank areas".

Thanks in advance,
Link
__________________
Reply With Quote
  #88    
Old November 17th, 2010, 04:42 PM
colcolstyles's Avatar
colcolstyles
Yours truly
 
Join Date: May 2008
Location: The Bay Area
Gender: Male
Nature: Lonely
In Emerald, the script at '0x271354' appears to be executed whenever the player steps within the view radius of a trainer. And frankly, I don't have the time or the heart to do much more research than that. :(

Here's the script if anyone wants to see it:

Spoiler:
Code:
'---------------
#org 0x271354
cmdd8
cmdd9
special 0x3B
special 0x3A
waitstate
goto 0x827143C

'---------------
#org 0x27143C
special 0x37
waitmsg
waitkeypress
special 0x20B
compare LASTRESULT 0x1
if 0x1 goto 0x8271356
goto 0x8271454

'---------------
#org 0x271356
special 0x3B
special 0x3A
waitstate
goto 0x827143C

'---------------
#org 0x271454
repeattrainerbattle
special2 LASTRESULT 0x36
compare LASTRESULT 0x0
if 0x1 goto 0x8271491
compare LASTRESULT 0x2
if 0x1 goto 0x8271491
compare LASTRESULT 0x1
if 0x1 goto 0x8271491
compare LASTRESULT 0x6
if 0x1 goto 0x8271491
compare LASTRESULT 0x8
if 0x1 goto 0x8271491
endtrainerbattle2
releaseall
end

'---------------
#org 0x271491
endtrainerbattle2
releaseall
end
__________________

Brother of Vrai

Last edited by colcolstyles; November 21st, 2010 at 09:53 AM. Reason: Added the script
Reply With Quote
  #89    
Old December 21st, 2010, 07:19 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
I think that the table at 0839FDB0 points to structures that describe the different npc-types.
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #90    
Old December 21st, 2010, 11:54 AM
Team Fail's Avatar
Team Fail
 
Join Date: May 2009
Age: 18
Gender: Male
Nature: Brave
Ok. I have a little question that won't require the Simple Questions thread.

How are voicegroups stored? Do they use samples like DS games, by basing each sample on a MIDI instrument that is played at that point in the song? I'm curious as to so. I might try something if I can get that bit answered.
__________________



Team Fail

Community Supporter Collab
☆ ☆ ☆


Reply With Quote
  #91    
Old December 21st, 2010, 11:30 PM
colcolstyles's Avatar
colcolstyles
Yours truly
 
Join Date: May 2008
Location: The Bay Area
Gender: Male
Nature: Lonely
Quote:
Originally Posted by Team Fail View Post
How are voicegroups stored? Do they use samples like DS games, by basing each sample on a MIDI instrument that is played at that point in the song? I'm curious as to so. I might try something if I can get that bit answered.
I'm not very knowledgeable when it comes to music hacking but perhaps this document can help you (it has some information on instruments, I know).
__________________

Brother of Vrai
Reply With Quote
  #92    
Old December 22nd, 2010, 05:27 AM
Datriot's Avatar
Datriot
Tachikama!!!
 
Join Date: Mar 2005
Location: UK, England, Leeds. Simple.
Age: 22
Nature: Sassy
Does anyone have the specification for Pokémon Black/White's Pokémon and species (name, base stats, type, etc.) data? I'm trying to find out where the data is stored (and how Pokémon and species are represented), so I can dump it into a file and read from it in the application I'm developing. I've managed to find this for the B/W Pokémon format, but there's no information on block shuffling or encryption. I can't find anything for the fifth generation species data either.

Also, can anyone confirm that the move and item data structures are the same for R/S/E, D/P/P and B/W? I managed to find move and item specs for the third generation on Bulbapedia, but not D/P/P or B/W. I can't imagine items and moves would need new attributes for the fourth and fifth generation games (new enumerations can be made for the move's target and which bag the item is placed it), but that might not be the case. This isn't as important as the Pokémon and species data, but it'd still be nice.
__________________

Datra: 1804 8720 6653
Reply With Quote
  #93    
Old December 22nd, 2010, 10:51 AM
Team Fail's Avatar
Team Fail
 
Join Date: May 2009
Age: 18
Gender: Male
Nature: Brave
Quote:
Originally Posted by Datriot View Post
Does anyone have the specification for Pokémon Black/White's Pokémon and species (name, base stats, type, etc.) data? I'm trying to find out where the data is stored (and how Pokémon and species are represented), so I can dump it into a file and read from it in the application I'm developing. I've managed to find this for the B/W Pokémon format, but there's no information on block shuffling or encryption. I can't find anything for the fifth generation species data either.

Also, can anyone confirm that the move and item data structures are the same for R/S/E, D/P/P and B/W? I managed to find move and item specs for the third generation on Bulbapedia, but not D/P/P or B/W. I can't imagine items and moves would need new attributes for the fourth and fifth generation games (new enumerations can be made for the move's target and which bag the item is placed it), but that might not be the case. This isn't as important as the Pokémon and species data, but it'd still be nice.
I can tell you the item structure is the same because the same dummied items exist in B/W.

Anyways, that tutorial you pointed to me didn't have 100% wat I was looking for, but it did somewhat confirm something. THe game uses some kind of sample. But, I need to know
A. Where they are
B. What instrument they are assigned to
C. What format they can be extracted in.
__________________



Team Fail

Community Supporter Collab
☆ ☆ ☆


Reply With Quote
  #94    
Old January 1st, 2011, 11:12 AM
Shiny Quagsire's Avatar
Shiny Quagsire
Working on a Follow-Me
 
Join Date: May 2009
Location: Hoenn Safari Zone
Age: 16
Gender: Male
Nature: Jolly
When editing some weather GFX, I came across a spot that contained, what I though could be an animation. After editing it in VBA's Memoryviewer, it turns out it used two snow images and looped the animation continuously. The animation is a bit different than some, but it appears to be in similar format.

The animation is located at 0x3C67B4.
__________________



Reply With Quote
  #95    
Old January 2nd, 2011, 06:51 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
This is the first script started in a firered-game: 081A6481
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #96    
Old January 4th, 2011, 02:48 AM
Fabi_ash's Avatar
Fabi_ash
Beginning Trainer
 
Join Date: Jun 2010
Location: Italy
Gender: Male
In Emerald I found a routine which should be the one for naming your characther at 080e48a8.
Can someone check if I am right, please? I'm trying to undesrstand the meaning of this but I'm new to to ASM so it will take ages...
Reply With Quote
  #97    
Old January 7th, 2011, 12:51 PM
knizz's Avatar
knizz
 
Join Date: Aug 2007
I just found out that trainer flag 0xXY is regular flag 0x5XY.
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
  #98    
Old January 10th, 2011, 04:04 PM
diegoisawesome's Avatar
diegoisawesome
Not the Script Help Thread
 
Join Date: Dec 2007
Location: Goldenrod City, Johto
Age: 17
Gender: Male
Nature: Quirky
Quote:
Originally Posted by HackMew View Post
EDIT: I did some research, and I think I found some safe areas to store the new variables in. For FR/LG, the whole area between 0x0203C000 - 0x0203EFFF appears to be totally unused. I somewhat confirmed it by putting a breakpoint on read/write on the whole area. I wasn't able to get the debugger to break yet. Also, here's a list I made, which clearly shows my theory:
0x0203C000 is being used by the help menu: it floods to 00s on opening.
__________________


My other resources:
My Website
diegoisawesome's MEGA-HUGE XSE Scripting Tutorial
diegoisawesome's Miscellaneous Finds
The Ruins of Alph Puzzles
Reply With Quote
  #99    
Old January 12th, 2011, 10:57 PM
NintendoBoyDX
Togepi
 
Join Date: Jul 2010
Gender: Male
Using firered bpre.
Are there ram addresses that store the map bank, map number, and current X and Y coordinates? If so does anyone know where they are?

Edit: May have found them
0x02036E4B holds the Y coordinate of the player (byte) [might be a half-word if a map is large enough 0x02036E4A-0x02036E4B]
0x02036E4D holds the X coordinate of the player (byte) [might be a half-word if a map is large enough 0x02036E4C-0x02036E4D]
0x0203F3A8 holds the current player map (byte)
0x0203F3A9 holds the current player map bank(byte)
0x0203F3AA holds the last map the player was at (byte)
0x0203F3AB holds the last map bank the player was at (byte)
0x0203F3AC holds the map the player was at 2 maps beforehand (byte)
0x0203F3AD holds the map bank the player wast at 2 maps beforehand (byte)

Can anyone confirm?

as a side note, I think
0x0203F4E0
0x0203F4E4

are both words(or maybe just half-words) that store the amount of steps taken since the player started the game(or maybe number of tiles covered, haven't tested with running, surfing, or biking).

Can anyone confirm?

Also, due to the fact that arm7 is little endian, I'm not exactly sure which byte is exactly where, but these are the spots they show up as in the memory viewer.

One more question, does anyone know where the whiteout and win-battle routines are?

Last edited by NintendoBoyDX; January 13th, 2011 at 12:05 AM. Reason: Added info
Reply With Quote
  #100    
Old January 13th, 2011, 06:31 AM
knizz's Avatar
knizz
 
Join Date: Aug 2007
Quote:
Originally Posted by NintendoBoyDX View Post
0x02036E4B holds the Y coordinate of the player
0x02036E4D holds the X coordinate of the player
As I said once in another thread there is an array of npc-data at 02036E38. Every npc uses 0x24 bytes. The first (n)pc is usually the player (but it can be changed with a variable I mentioned somewhere in this thread.)
0x02036E38 + 0x10 = 0x02036E48 X of the tile the NPC is leaving
0x02036E38 + 0x12 = 0x02036E4A Y of the tile the NPC is leaving
0x02036E38 + 0x14 = 0x02036E4C X of the tile the NPC is entering
0x02036E38 + 0x16 = 0x02036E4E Y of the tile the NPC is entering

Quote:
Originally Posted by NintendoBoyDX View Post
0x0203F3A8 holds the current player map (byte)
0x0203F3A9 holds the current player map bank(byte)
0x0203F3AA holds the last map the player was at (byte)
0x0203F3AB holds the last map bank the player was at (byte)
0x0203F3AC holds the map the player was at 2 maps beforehand (byte)
0x0203F3AD holds the map bank the player wast at 2 maps beforehand (byte)
If it's true ... thank you a lot. Afaik the current map & bank is also stored at 02031DBC (mapnumbers_mem1) and 02031DB4 (mapnumbers_mem2).

Quote:
Originally Posted by NintendoBoyDX View Post
One more question, does anyone know where the whiteout and win-battle routines are?
Yup. 08054BC8 for whiteout.

Code:
08054BC8 sub_08054BC8:                           @ CODE XREF: sub_080566A4+26p
08054BC8                 PUSH    {R4,LR}
08054BCA                 LDR     R0, =unk_081A654B
08054BCC                 BL      script_start2
08054BD0                 LDR     R0, =saveblock1
08054BD2                 LDR     R4, [R0]
08054BD4                 MOVS    R0, 0x290
08054BD8                 ADDS    R4, R4, R0
08054BDA                 BL      sub_08054C04
08054BDE                 MOVS    R1, R0
08054BE0                 MOVS    R0, R4
08054BE2                 BL      sub_0809FDD8
08054BE6                 BL      sp_00_heal_pokemon
08054BEA                 BL      sub_08054DD8
08054BEE                 BL      whiteout_mem1
08054BF2                 BL      load_warp_map
08054BF6                 POP     {R4}
08054BF8                 POP     {R0}
08054BFA                 BX      R0
08054BFA @ End of function sub_08054BC8
Code:
080554BC whiteout_mem1:                          @ CODE XREF: sub_08054BC8+26p
080554BC                 PUSH    {LR}
080554BE                 LDR     R0, =mapnumbers_mem1
080554C0                 BL      whiteout (=080BFCD0)
080554C4                 POP     {R0}
080554C6                 BX      R0
080554C6 @ End of function whiteout_mem1
__________________
Firered IDA 6.1 DB: https://www.dropbox.com/s/hvvmxxoo1dkmdzc/firered.idb
VBA-M with lua scripting support (no longer in development)
Reply With Quote
Reply
Quick Reply

Sponsored Links


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Minimum Characters Per Post: 25



All times are UTC -8. The time now is 06:40 AM.


Style by Nymphadora, artwork by Sa-Dui.
Like our Facebook Page Follow us on Twitter © 2002 - 2014 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2014 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.