The idea of this tutorial is to teach how to really hack a game which isn't that difficult when you first get the hang of it.
At first, let's start with the basics.
If you simply know nothing about roms or hex whatsoever, read this tutorial. Besides, while reading this, keep up with what I'm doing with the by using both the ROM and RAM Maps the Hacking Guide.
What's a game like ?
Each game consists of two parts: ROM and RAM data.
Those two are abbreviations from these:
ROM = Read-Only Memory
RAM = Random Access Memory
Read-only memory consists of permanent data and it won't change when the game is run.
For example: Map data and item effects (how much HP does Potion give)
Random access memory changes while the game is run.
For example: How many badges do you have, which items are in your pack and their order, the location where you will start after a save is load etc.
How to modify these ?
Hex editors are used to change the ROM data.
To find the data you wish to edit, you can practically do it by two ways: 1) Find a documentation of it 2) Search for the data itself
1) By taking a look at Koolboyman's Pokemon Gold ROM Map, you can see that the Mart Data is stored between offsets $16342 and $16468.
By going to offset $16342 with a hex editor, you can change the items sold in marts.
2) Let's pretend you didn't know that the mart data starts at $16342.
Now, take a look at this picture: it's of the items sold in Cherrygrove City in the beginning of the game in Pokemon Gold/Silver.
Now, these three byte lists should come to your mind (maybe others as well).
1) [WW] [XX] [YY] [ZZ]
2) [WW] 01 2C [XX] 00 64 [YY] 00 C8 [ZZ] 00 FA
3) [WW] 2C 01 [XX] 64 00 [YY] C8 00 [ZZ] FA 00, in which WW, XX, YY and ZZ are also bytes.
These may not make much sense so let's explain it.
0x12C is a number in hexadecimal system that stands for 300 in decimal,
0x64 = 100, 0xC8 = 200 and 0xFA = 250.
Numbers are always in bytes which contain two digits so it's impossible there would be something such as 12C written in the ROM, instead there could be 01 2C (or 2C 01 if the game makers made the game load them that way).
WW, XX, YY, and ZZ stand for the items itself.
Now, go to Google and search for Giegue's Master Hacking Guide.
After you've found it, scroll downwards after you find explanation of the items in G/S/C and you'll find the item numbers for Potion, Antidote, Parlyz Heal and Awakening in there.
You should come up with this:
WW (Potion) = 12
XX (Antidote) = 09
YY (Parlyz Heal) = 0D
ZZ (Awakening) = 0C
Put those bytes in the places of WW, XX, YY and ZZ and you'll get three different possible results for the mart data of Cherrygrove City.
*The mart data could still be something else from these three if the game makers programmed it so but normally when you get something simple in your mind, the game makers can have programmed it that way.
Now, open the ROM with a hex editor (in this case, a pokemon gold/silver rom file) and search for those byte sets. If your hex editor doesn't have a "Search" command programmed in it, you should download a better one...
Anyways, by searching for those byte lists, the first one gives a result and shows you that the offset where bytes 12 09 0D 0C are located, in that order, is at $16343 (the mart data starts at offset $16342).
At offset $16342 you'll see this:
04 12 09 0D 0C FF...
04 and FF actually belong to the mart data of this mart as well.
By experimenting (or thinking), you'll notice that:
04 = Number of items sold in that mart
FF = End of mart data
So, if you wanted, you could for example change 04 to something else to make the salesman sell more/less items than usually. If done so, you'd also have to move the FF somewhere else though.
We're still far from the top
Now, you do understand what hacking is but there is still a lot more to learn. All games are programs. Programs won't work unless they're told what they're supposed to do. In the case above, the mart data was located between offsets $16342 and $16468. Why is the data in there ?
In case a game has to read data from somewhere, it has to be pointed in there. Games from different game consoles use different kind of pointers.
-GameBoy and GameBoy Color games use "Gameboy Pointers"
-GameBoyAdvance games use "GBA Pointers"
-Super Nintendo games use two different kinds of pointers (for both LoROM and HiROM).
As linking to other sites is not allowed in here (though it would be very helpful), use Google once again to find documentation about pointers.
-If you're interested in learning how GameBoy Pointers work, look for something like "mew3 inc GB/C pointer".
-Otherwise, search for "datacrystal pointer" to find data for each of these.
Let's go back to the mart example again.
Pointers to mart data are located between offsets $162FE and $16341.
The pointer table is located in the same bank as the pointed offset, so the pointers are of two bytes.
The pointers are usually stored in a logical way (first pointer leads to the first mart data and the second pointer to the second). The pointer to the first mart data is at $162FE (which is 42 63).
42 63 leads to offset $16342 because:
That seems a little complicated at first but if you're ever about to hack a gameboy or gameboy color game, you're going to have to learn it
Besides, check the tutorial first to understand this way better !
I think that's enough for the ROM data.
All you need to know that everything is linked to each other through pointers. For example, the fat man being in Pallet Town is actually quite a complicated process - the game is told to read the event data of the map through a map header. In the event data, lies the information of the person. Then again, where did the map header come from...
A word or two about RAM
As explained above, RAM contains only temporary data which changes time after time. For example, money.
In Gold/Silver, you'll get 3000 money for starting out.
3000 = 0xBB8 --> 0B B8 (or B8 0B) in bytes.
So, somewhere in the RAM you should be able to find those bytes.
You can modify the RAM data with VBA's Memory Viewer.
It doesn't let you search for anything which is too bad
Anyways, again a document will help.
This time, we're going to use Koolboyman's Pokemon Gold RAM Map.
And according to it, money data is located in D573-D575 in RAM.
Open Gold/Silver ROM with VBA's Memory Viewer, select 8-bit mode (because one byte consists of eight bits) and go to offset D573.
It should be like this: 00 0B B8
By modifying those bytes, the amount of money, you have, will change.
Also, the maximum amount you can get is 0xFFFFFF = 16 777 215 although the game is programmed to show only up to 9 999 999.
An ASM code is told to make you unable to get any more money (just like your pokemon can't level up over lv100 although 100 = 0x64 and maximum level is 0xFF = 255). Then again, if money was only a 2-byte value, you could only have 0xFFFF = 65535 money per time.
I'm done !
Now, you should know enough for starting out.
Time to make your own ROM hack - you're more than capable of doing it
Last edited by miksy91; January 29th, 2011 at 02:11 AM.