Notices
For all updates, view the main page.

 Research & Development Got a well-founded knack with ROM hacking? Love reverse-engineering the Pokémon games? Or perhaps you love your assembly language. This is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create! Research & Development programs in this forum are subject to moderator approval before they are displayed.

#1
June 3rd, 2012 (4:03 AM). Edited June 11th, 2012 by Darthatron.
 Darthatron 巨大なトロール。 Silver Tier Join Date: Jan 2006 Location: Melbourne, Australia Age: 25 Gender: Male Nature: Modest Posts: 1,152
Here are some hacks that I have made for people. I hope you enjoy them. I have attempted to explain how they work as well, for those who want to learn.

Spoiler:
Hack:
Code:
Change bytes at 110F44 to 00 20
Change bytes at 110F50 to C0 46
Explained:
Spoiler:
Original:
Code:
08110F32 loc_08110F32:                           @ CODE XREF: sub_08110F14+3Cj
08110F32                 MOVS    R0, R2
08110F34                 MULS    R0, R7
08110F3A                 LDRB    R0, [R0]
08110F3E                 CMP     R0, #0
08110F40                 BEQ     loc_08110F48
08110F42                 LDRB    R0, [R1]
08110F46                 STRB    R0, [R1]
08110F48
08110F48 loc_08110F48:                           @ CODE XREF: sub_08110F14+2Cj
08110F4A                 LSLS    R0, R0, #0x18
08110F4C                 LSRS    R2, R0, #0x18
08110F4E                 CMP     R2, #3
08110F50                 BLS     loc_08110F32
Basically, this code counts the amount of important events that have occured. Once it reaches 3 (CMP R2, #3), it stops counting and continues the game as normal. What we want to do is make it so it always returns zero. We do this by setting R0 to 0 instead of incrementing as normal, and then removing the loop with the NOP (which literally does nothing) command.

New:
Code:
08110F32 loc_08110F32:                           @ CODE XREF: sub_08110F14+3Cj
08110F32                 MOVS    R0, R2
08110F34                 MULS    R0, R7
08110F3A                 LDRB    R0, [R0]
08110F3E                 CMP     R0, #0
08110F40                 BEQ     loc_08110F48
08110F42                 LDRB    R0, [R1]
08110F44                 MOV     R0, #0
08110F46                 STRB    R0, [R1]
08110F48
08110F48 loc_08110F48:                           @ CODE XREF: sub_08110F14+2Cj
08110F4A                 LSLS    R0, R0, #0x18
08110F4C                 LSRS    R2, R0, #0x18
08110F4E                 CMP     R2, #3
08110F50                 NOP
Run a script from an items "Use" command or from registering it from select...
Spoiler:
First of all, follow DavidJCobb's Item Creation Tutorial, until the part where it attempts to add scripts, to actually create a new item. But change the "Type" combobox to #2 in the Item Manager. JPANs engine is not required!

Next step is to put this (assmelbed) code somewhere:
Code:
10 B5 04 1C 78 46 13 30 0C 49 08 60 20 1C 0C 49 00 F0 10 F8 10 BC 01 BC 00 47 10 B5 04 1C 0A 48 05 49 00 F0 07 F8 20 1C 06 49 00 F0 03 F8 10 BC 01 BC 00 47 08 47 C0 46 E5 9A 06 08 98 99 03 02 3D 10 0A 08 09 75 07 08 XX XX XX 08
Where XXXXXX is the location of your script reversed. 800300 would be 00 03 80, for example.

By entering this hex somewhere in the ROM and putting it's offset+1 in the "Field Usage" box in the Item Manager, you can call any script by using the item from the bag or by select. Say I put the routine at 800000 in the ROM, the Field Usage box would be 08800001.
Here's the unassembled code:
Spoiler:
Code:
.text
.align 2
.thumb
.thumb_func
.global Hax

setup:
push {r4, lr}
mov r4, r0
mov r0, pc
ldr r1, .unk_02039998
str r0, [r1]
mov r0, r4
ldr r1, .sub_080A103C
bl bx_r1
pop {r4}
pop {r0}
bx r0

main:
push {r4, lr}
mov r4, r0
ldr r0, .ScriptToCall
ldr r1, .CallScript
bl bx_r1
mov r0, r4
bl bx_r1
pop {r4}
pop {r0}
bx r0

.align 2
bx_r1:
bx r1

.align 2
.CallScript:
.word 0x08069AE4+1
.unk_02039998:
.word 0x02039998
.sub_080A103C:
.word 0x080A103C+1
.word 0x08077508+1
.ScriptToCall:
.word 0x08800300
More to come as I can be bothered.

EDIT: Also feel free to ask about/request stuff here. I may not do all requests, but I'll try my best.
__________________
あなた は しきしゃ です
わたし は ばか です

#2
June 3rd, 2012 (9:02 AM).
 Team Fail Coming soon: Litten's final evolution ModeratorCS Join Date: May 2009 Location: yes Age: 21 Gender: Male Nature: Brave Posts: 12,835
So, if I read this correctly, you can also make it record more than 3 important events as well depending on those 2 values?
__________________
CONTENTS
001
THE LAB
002
VISITOR MESSAGE
003
PRIVATE MESSAGE
004
PUSHING BUTTONS
005
PUSHING BUTTONS BLOG
006
ALT
007
PHO
008
PAIR 1
009
PAIR 2
010
011
TF'S MUSIC STUDIO
012
PC DISCORD - #GENERAL
SEEN
151

OWN
151
DATA
CRY
AREA
QUIT
#3
June 3rd, 2012 (4:24 PM).
 Darthatron 巨大なトロール。 Silver Tier Join Date: Jan 2006 Location: Melbourne, Australia Age: 25 Gender: Male Nature: Modest Posts: 1,152
Quote:
 Originally Posted by Team Fail So, if I read this correctly, you can also make it record more than 3 important events as well depending on those 2 values?
Not sure. Even so, not with just this code. There's more code somewhere that reads it somewhere else. But I imagine increasing it without repointing something would be bad.
__________________
あなた は しきしゃ です
わたし は ばか です
#4
June 14th, 2012 (10:34 AM).
 Link_971 French Rom-Hacker Join Date: Jul 2006 Location: France Age: 24 Gender: Male Nature: Relaxed Posts: 212
Quote:
 Originally Posted by Darthatron Spoiler: Code: Change bytes at 110F44 to 00 20 Change bytes at 110F50 to C0 46 EDIT: Also feel free to ask about/request stuff here. I may not do all requests, but I'll try my best.

I have found a little bug, if you save in a Pokemon Center.
When you restart, the game doesn't show the name of the Map.
__________________

#5
June 14th, 2012 (10:38 AM).
 Crimson5M what Crystal Tier Join Date: Feb 2011 Location: Scotland Age: 21 Gender: Male Nature: Quiet Posts: 1,089
Just wondering if you'd know anything about the hidebox command? In Ruby. when you use it in conjunction with showpokepic, it hides the box, showing only the sprite. This is useful for things like mugshots.
In FireRed though...it doesn't work :\
__________________
#6
July 10th, 2012 (1:46 AM).
 jhay21 Join Date: Jan 2010 Nature: Timid Posts: 21
Quote:
 Originally Posted by Darthatron EDIT: Also feel free to ask about/request stuff here. I may not do all requests, but I'll try my best.
how about a pokemon type reader/checker i haven't seen one so maybe nobody's done it yet? you set a query to a variable like 01=fire 02=grass etc.
then it checks whether the type of the pokemon selected by special 0x9F has the same type returns 1 if yes, 0 for no
#7
September 28th, 2012 (2:07 AM).
 ChaosBringer41 Join Date: Nov 2010 Gender: Male Posts: 37
I don't know if I'm asking in the right section (I got a headache trying to read the rules/FAQ). Anyway:

1) Can you - or anyone else - tell me how to upgrade the Pokedex in Pokemon Ruby, so that any non-Hoenn Pokemon are properly registered in the Pokedex pre-Elite Four?

2) On one of my 'this is how I'd like Pokemon Ruby to be like' hacks, I used a patch to put an old man in the intro instead of Professor Birch. The patch's name was Mr Fuji. According to my scribbled notes, I got it from PokeCommunity, but nothing on who made it. Any ideas? (I tried searching, but couldn't find it)
__________________
I don't always know what I'm doing. Life is more interesting that way.
#8
September 28th, 2012 (7:22 AM).
 Jambo51 Glory To Arstotzka Join Date: Jun 2009 Gender: Male Nature: Quiet Posts: 732
Quote:
 Originally Posted by ChaosBringer41 I don't know if I'm asking in the right section (I got a headache trying to read the rules/FAQ). Anyway:
This belongs in the general ROM hacking discussion thread, as opposed to here.

Quote:
 Originally Posted by ChaosBringer41 1) Can you - or anyone else - tell me how to upgrade the Pokedex in Pokemon Ruby, so that any non-Hoenn Pokemon are properly registered in the Pokedex pre-Elite Four?
They are correctly registered, you just can't see them because they're not part of the Hoenn Dex. The easiest thing to do is to extend Ruby's Hoenn dex to include all the other Pokémon. I don't know precisely how to do that off the top of my head.

Quote:
 Originally Posted by ChaosBringer41 2) On one of my 'this is how I'd like Pokemon Ruby to be like' hacks, I used a patch to put an old man in the intro instead of Professor Birch. The patch's name was Mr Fuji. According to my scribbled notes, I got it from PokeCommunity, but nothing on who made it. Any ideas? (I tried searching, but couldn't find it)

And, so this post is actually on subject, these 2 hacks will probably have been of great use to many people. I hope you have more cool stuff up your sleeve, Darthatron!
__________________
Hey guys, please check out my recreations of the gen 1 and 2 music on my custom engine at my SoundCloud! - Here!
#9
September 29th, 2012 (8:19 AM).
 .parado✗ paranormal user Join Date: Sep 2012 Location: Ha✗land Age: 20 Gender: Male Nature: Gentle Posts: 38
Thank you!
The Item Stuff could be very useful for my Ruby hack.
I ever wonder how long you must research for those things..
#10
February 12th, 2013 (1:25 PM).
 karatekid552 What happens if I push it?.... Join Date: Nov 2012 Location: Do you really want to know? Really? Gender: Male Nature: Bold Posts: 1,766
Quote:
 Originally Posted by .parado✗ Thank you! The Item Stuff could be very useful for my Ruby hack. I ever wonder how long you must research for those things..
With the help of Darthatron, I have successfully ported over the item script runner to Ruby. Everything is the same, except the offsets:

Code:
.text
.align 2
.thumb
.thumb_func
.global Hax

setup:
push {r4, lr}
mov r4, r0
mov r0, pc
ldr r1, .unk_03005D00
str r0, [r1]
mov r0, r4
ldr r1, .sub_080C9050
bl bx_r1
pop {r4}
pop {r0}
bx r0

main:
push {r4, lr}
mov r4, r0
ldr r0, .ScriptToCall
ldr r1, .CallScript
bl bx_r1
mov r0, r4
bl bx_r1
pop {r4}
pop {r0}
bx r0
.align 2
bx_r1:
bx r1

.align 2
.CallScript:
.word 0x080655B8+1
.unk_03005D00:
.word 0x03005D00
.sub_080C9050:
.word 0x080C9050+1
.word 0x0807AB74+1
.ScriptToCall:
.word 0x08XXXXXX
Here is the compiled version:

Code:
10 B5 04 1C 78 46 13 30 0C 49 08 60 20 1C 0C 49 00 F0 10 F8 10 BC 01 BC 00 47 10 B5 04 1C 0A 48 05 49 00 F0 07 F8 20 1C 06 49 00 F0 03 F8 10 BC 01 BC 00 47 08 47 C0 46 B9 55 06 08 00 5D 00 03 51 90 0C 08 75 AB 07 08 XX XX XX 08
Hope this helps all of the Ruby hackers out there!
__________________

Paired with Simba
#11
June 19th, 2014 (2:55 AM). Edited June 19th, 2014 by Phenom2122.
 Phenom2122 Join Date: Jun 2014 Gender: Male Nature: Quiet Posts: 43
Every few years I decide to try and work on my Emerald hack again. Only to find that every useful hack and mod has been made exclusively for Fire Red and in some cases, Ruby for some odd reason.
I was so excited to use this scripted items hack, only to find, surprise surprise, it is exclusive to Fire Red and Ruby. Makes me want to give up on hacking generation 3 Pokemon games again. Makes me want to pick up my computer and just throw it out the window.
Now I could compare the Fire Red and Ruby routines provided here to try to find the Emerald offset, although when comparing bytes, it looks like it is not just the offset that has changed. Does anyone have any idea how I could get this hack working in Emerald?

EDIT: I have found two of the offsets for Emerald to insert into the routine. However I am stuck with two and help would be appreciated.
In Fire Red this address: 02039998 points to somewhere in the ram I assume? in the Ruby routine it is this: 03005D00. I have no idea how to go about finding this in Emerald.
The other offset I am stuck with is this in Fire Red: 08069AE4 and this in Ruby: 080655B8.
In each Rom those offsets point to four particular bytes. Those four bytes appear multiple times throughout the Emerald Rom.
#12
June 20th, 2014 (12:59 AM).
 DarkPsychic Join Date: Jul 2012 Gender: Male Nature: Timid Posts: 109
Thank you Darthatron

This is exactly what I needed...
The way you explain the code and show the routine and not just the hex...

If you can and it's not to much to ask, could you try to make the 4th gen evolutions or even just the Dawn stone would be nice >_<

Also, could you write up a routine that takes the money the player gets after a battle and puts it into a bank account with the activation of a flag and clearing the flag would obviously make it go back to normal...

I would love to write these up my self but I have no skill in asm and at the moment I am just trying to focus on scripting and until I master that I can't move on to asm...
Not to mention I can't get debugging down for the life of me either much less write my own routines >_< hahaha
#13
June 24th, 2014 (7:32 PM). Edited June 24th, 2014 by Phenom2122.
 Phenom2122 Join Date: Jun 2014 Gender: Male Nature: Quiet Posts: 43
Hey guys, after finding my brain and a new Hex Editor that supports wildcard searches, I figured out the offsets for Emerald. Thanks to @Darthatron for the original ASM and thanks to absolutely nobody for helping me find those offsets.
Even though I couldn't get it to compile for some reason, I will post the modified code here:
Spoiler:
Code:
.text
.align 2
.thumb
.thumb_func
.global Hax

setup:
push {r4, lr}
mov r4, r0
mov r0, pc
ldr r1, .unk_0203A0F4
str r0, [r1]
mov r0, r4
ldr r1, .sub_080FD0DC
bl bx_r1
pop {r4}
pop {r0}
bx r0

main:
push {r4, lr}
mov r4, r0
ldr r0, .ScriptToCall
ldr r1, .CallScript
bl bx_r1
mov r0, r4
bl bx_r1
pop {r4}
pop {r0}
bx r0

.align 2
bx_r1:
bx r1

.align 2
.CallScript:
.word 0x08098EF8+1
.unk_02039998:
.word 0x0203A0F4
.sub_080A103C:
.word 0x080FD0DC+1
.word 0x080A909C+1
.ScriptToCall:
.word 0x08800300

And here is the compiled code, modified with the correct Emerald offsets:
Spoiler:
Code:
10 B5 04 1C 78 46 13 30 0C 49 08 60 20 1C 0C 49 00 F0 10 F8 10 BC 01 BC 00 47 10 B5 04 1C 0A 48 05 49 00 F0 07 F8 20 1C 06 49 00 F0 03 F8 10 BC 01 BC 00 47 08 47 C0 46 F9 8E 09 08 F4 A0 03 02 DD D0 0F 08 9D 90 0A 08 XX XX XX 08

I just did a quick test with a Littleroot Town signboard item called 'Dog'. Everything seems to be a-ok. Time for sleep.
#14
December 2nd, 2014 (8:59 AM).
 Lance32497 LanceKoijer of Pokemon_Addicts Join Date: Aug 2014 Location: Criscanto town-Ginoa Region xD Gender: Male Nature: Adamant Posts: 752
In your routine for calling scripts, it always restats the game after the "Use to Pokemon" portion
I did the Warp script given by the PC member...
__________________
This signature has been disabled.
Scrollbar appears

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
#15
December 2nd, 2014 (9:13 AM).
 anonyboy Pokemon Aerial Emerald Creator&Pokemon Hybrid Co-Creator Join Date: Sep 2013 Location: Israel Gender: Male Nature: Adamant Posts: 274
Quote:
 Originally Posted by DarkPsychic Thank you Darthatron This is exactly what I needed... The way you explain the code and show the routine and not just the hex... If you can and it's not to much to ask, could you try to make the 4th gen evolutions or even just the Dawn stone would be nice >_< Also, could you write up a routine that takes the money the player gets after a battle and puts it into a bank account with the activation of a flag and clearing the flag would obviously make it go back to normal... I would love to write these up my self but I have no skill in asm and at the moment I am just trying to focus on scripting and until I master that I can't move on to asm... Not to mention I can't get debugging down for the life of me either much less write my own routines >_< hahaha
All evolutions till gen VI (expect time-based since i need the EM offset that checks time) are available on my tut here on PC
__________________
Pokemon....

A new Dawn of ROM Hacking.....
#16
August 27th, 2015 (4:11 AM).
 kleenexfeu Join Date: Aug 2013 Gender: Male Posts: 217
Quote:
 Originally Posted by Phenom2122 Spoiler: Code: .text .align 2 .thumb .thumb_func .global Hax setup: push {r4, lr} mov r4, r0 mov r0, pc add r0, #0x13 ldr r1, .unk_0203A0F4 str r0, [r1] mov r0, r4 ldr r1, .sub_080FD0DC bl bx_r1 pop {r4} pop {r0} bx r0 main: push {r4, lr} mov r4, r0 ldr r0, .ScriptToCall ldr r1, .CallScript bl bx_r1 mov r0, r4 ldr r1, .del_c3_from_linked_list bl bx_r1 pop {r4} pop {r0} bx r0 .align 2 bx_r1: bx r1 .align 2 .CallScript: .word 0x08098EF8+1 .unk_0203A0F4: .word 0x0203A0F4 .sub_080A103C: .word 0x080FD0DC+1 .del_c3_from_linked_list: .word 0x080A909C+1 .ScriptToCall: .word 0x08800300
There was a little typo in Phenom's routine, this one should compile correctly
#17
October 30th, 2015 (2:55 AM). Edited October 30th, 2015 by Lunos.
 Lunos Uruguayan Random Guy Join Date: Oct 2008 Posts: 667
The script triggered by an item thing isn't working for me.
-FireRed USA v1.0
-This is the script i'm using
-When trying to trigger the item by Register+Select or by the "Use" button, the game restarts.

Help? :c

EDIT:
Okay, i'm just retarded.
Item Manager doesn't use offsets with 8 digits, and i've put "08800048" instead of just "800048",
The item isn't working anyways tho, if i choose it by "Use", the music sounds messed up and the game freezes.
If i use it by Register+Select, the game just freezes but the music still sounds correctly.
So.. yeah.. i think i'll try this again..
__________________
I've tried to support so many hacks, that i've broken up the rules, i'm such an awesome fan D:
#18
October 30th, 2015 (3:26 AM).
 kleenexfeu Join Date: Aug 2013 Gender: Male Posts: 217
Quote:
 Originally Posted by Lunos The script triggered by an item thing isn't working for me. -FireRed USA v1.0 -This is the script i'm using -When trying to trigger the item by Register+Select or by the "Use" button, the game restarts. Help? :c EDIT: Okay, i'm just retarded. Item Manager doesn't use offsets with 8 digits, and i've put "08800048" instead of just "800048", The item isn't working anyways tho, if i choose it by "Use", the music sounds fuc*ed up and the game freezes. If i use it by Register+Select, the game just freezes but the music still sounds correctly. So.. yeah.. i think i'll try this again..
It's been a while that I didn't used this, but I know that you can't use some scripts command by using this method. The problem might lies into your script because I tested it (on emerald) and it works
#19
October 30th, 2015 (3:52 AM). Edited October 30th, 2015 by Lunos.
 Lunos Uruguayan Random Guy Join Date: Oct 2008 Posts: 667
Quote:
 Originally Posted by kleenexfeu It's been a while that I didn't used this, but I know that you can't use some scripts command by using this method. The problem might lies into your script because I tested it (on emerald) and it works
I did it!
The problem must have been or the "lock" or the "fadescreen" commands xD
I'll try the fadescreens again, because they add a more of coolness to the script <3
Thank you so much to you for your help and to Darthatron for this kind of tutorials <3

EDIT:
Yep, the Lock was definitely the problem since the Fadescreen is working perfectly <3
__________________
I've tried to support so many hacks, that i've broken up the rules, i'm such an awesome fan D:
#20
November 9th, 2015 (11:51 AM).
 Splash But nothing happened. Join Date: Oct 2009 Location: Just use an Old Rod Gender: Male Nature: Hasty Posts: 667
Can I still use the script runner even if I have JPAN's patch?
__________________
༼ つ ◕_◕ ༽つ PRAISE Splash ༼ つ ◕_◕ ༽つ
|VM|Flare Red Version|PM
|
#21
November 9th, 2015 (4:06 PM).
 Turtl3Skulll Blue Turtl3 Join Date: Jun 2013 Location: Utah, U.S.A. Age: 20 Gender: Male Nature: Bold Posts: 75
Quote:
 Originally Posted by Darthatron EDIT: Also feel free to ask about/request stuff here. I may not do all requests, but I'll try my best.
If you're still willing to take requests, I was wondering if you could recreate JPAN's walking script.
His script works, yet it checks on every step and takes priority over the tall grass, making it so Pokemon don't appear on the grass.
If you'd rather try as see if you can fix it here is the code:

Spoiler:
.thumb
.align 2

/*This hack, when placed at 0x0806d720 (safari walking routine) will
allow to load a script that has been placed at a specific RAM location to
be used every time the player takes a step.

replacer: ldr r1, new_function
bx r1
new_function: .word 0x00000000

aka:
00 49 08 47 pointer
*/

start: bl call_safari
cmp r0, #0x1
beq ender
ldr r1, script_to_RAM
ldr r0, [r1]
cmp r0, #0x0
bne to_execute
ldr r0, var_407e
cmp r0, #0x0
beq almost_ender
ldr r1, ROM_table
cmp r0, #0x4
bgt almost_ender
lsl r0, r0, #0x2
ldr r0, [r0]
cmp r0, #0x0
beq almost_ender
b ender
almost_ender: mov r0, #0x0
pop {r4, pc}
ender: mov r0, #0x1
pop {r4, pc}
call_safari: ldr r1, safari_pedometer
bx r1

bx r1

bx r1

script_to_RAM: .word 0x0203f4f0
var_407e: .word 0x0000407e
ROM_table: .word 0x00000000 /*actual table - 4, 081a4e2c start*/
safari_pedometer: .word 0x080A0F0D

Thanks in advance (& if not, thanks for the item hack )
__________________
To steal ideas from one person is plagiarism; to steal from many is research.