• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Forum moderator applications are now open! Click here for details.
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.

Quick Research & Development Thread

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
Is it possible to make this number become infinite?

In case 0xFFFFFFFF (=4294967295) frames are not enough for you you can remove the 05 DD (BLE) at 08078C04 and replace it with 05 E0 (B).
 

linkandzelda

Ex-rom hacker turned indie game developer
777
Posts
17
Years
Hey guys, i've been wondering something regarding Emerald.

People have coded tools and stuff to use Emeralds "free space" which is that load of 00 bytes from around 0x9C2000 - 0xAFFFFF. Some people say they are not free space and shouldn't be touched. I also saw that it makes peoples music go funny with beeps?

Well i ran a small test. I was thinking: If the game uses those bytes then filling them out with FF would make it chock; so i did it. The game ran fine and i tested 50 different songs and sounds in-game without problems, they played fine.

So it begs the question: Can anyone confirm either the 00 bytes are free space and can be used or, that they cannot be used but with an explanation as to why.

Also, regarding A-MAP, i think it searches from 0x6B0000 which, is not free space but includes data with quite a few 00 bytes there. If i remember correctly, voicegroup data looks like that with a lot of 00 to it. I have a feeling thats the "music beeps" people talk of as AM decided to write small data to those "blank areas".

Thanks in advance,
Link
 

colcolstyles

Yours truly
1,588
Posts
15
Years
In Emerald, the script at '0x271354' appears to be executed whenever the player steps within the view radius of a trainer. And frankly, I don't have the time or the heart to do much more research than that. :(

Here's the script if anyone wants to see it:

Spoiler:
 
Last edited:

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
I think that the table at 0839FDB0 points to structures that describe the different npc-types.
 

colcolstyles

Yours truly
1,588
Posts
15
Years
How are voicegroups stored? Do they use samples like DS games, by basing each sample on a MIDI instrument that is played at that point in the song? I'm curious as to so. I might try something if I can get that bit answered.

I'm not very knowledgeable when it comes to music hacking but perhaps this document can help you (it has some information on instruments, I know).
 

Datriot

Tachikama!!!
2,203
Posts
19
Years
Does anyone have the specification for Pokémon Black/White's Pokémon and species (name, base stats, type, etc.) data? I'm trying to find out where the data is stored (and how Pokémon and species are represented), so I can dump it into a file and read from it in the application I'm developing. I've managed to find this for the B/W Pokémon format, but there's no information on block shuffling or encryption. I can't find anything for the fifth generation species data either.

Also, can anyone confirm that the move and item data structures are the same for R/S/E, D/P/P and B/W? I managed to find move and item specs for the third generation on Bulbapedia, but not D/P/P or B/W. I can't imagine items and moves would need new attributes for the fourth and fifth generation games (new enumerations can be made for the move's target and which bag the item is placed it), but that might not be the case. This isn't as important as the Pokémon and species data, but it'd still be nice.
 

Shiny Quagsire

I'm Still Alive, Elsewhere
697
Posts
14
Years
When editing some weather GFX, I came across a spot that contained, what I though could be an animation. After editing it in VBA's Memoryviewer, it turns out it used two snow images and looped the animation continuously. The animation is a bit different than some, but it appears to be in similar format.

The animation is located at 0x3C67B4.
 

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
This is the first script started in a firered-game: 081A6481
 
15
Posts
13
Years
In Emerald I found a routine which should be the one for naming your characther at 080e48a8.
Can someone check if I am right, please? I'm trying to undesrstand the meaning of this but I'm new to to ASM so it will take ages... :P
 

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
I just found out that trainer flag 0xXY is regular flag 0x5XY.
 

Sierraffinity

Desperately trying to retire from ROM hacking
1,069
Posts
16
Years
EDIT: I did some research, and I think I found some safe areas to store the new variables in. For FR/LG, the whole area between 0x0203C000 - 0x0203EFFF appears to be totally unused. I somewhat confirmed it by putting a breakpoint on read/write on the whole area. I wasn't able to get the debugger to break yet. Also, here's a list I made, which clearly shows my theory:
0x0203C000 is being used by the help menu: it floods to 00s on opening.
 
94
Posts
13
Years
  • Seen Nov 2, 2016
Using firered bpre.
Are there ram addresses that store the map bank, map number, and current X and Y coordinates? If so does anyone know where they are?

Edit: May have found them
0x02036E4B holds the Y coordinate of the player (byte) [might be a half-word if a map is large enough 0x02036E4A-0x02036E4B]
0x02036E4D holds the X coordinate of the player (byte) [might be a half-word if a map is large enough 0x02036E4C-0x02036E4D]
0x0203F3A8 holds the current player map (byte)
0x0203F3A9 holds the current player map bank(byte)
0x0203F3AA holds the last map the player was at (byte)
0x0203F3AB holds the last map bank the player was at (byte)
0x0203F3AC holds the map the player was at 2 maps beforehand (byte)
0x0203F3AD holds the map bank the player wast at 2 maps beforehand (byte)

Can anyone confirm?

as a side note, I think
0x0203F4E0
0x0203F4E4

are both words(or maybe just half-words) that store the amount of steps taken since the player started the game(or maybe number of tiles covered, haven't tested with running, surfing, or biking).

Can anyone confirm?

Also, due to the fact that arm7 is little endian, I'm not exactly sure which byte is exactly where, but these are the spots they show up as in the memory viewer.

One more question, does anyone know where the whiteout and win-battle routines are?
 
Last edited:

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
0x02036E4B holds the Y coordinate of the player
0x02036E4D holds the X coordinate of the player

As I said once in another thread there is an array of npc-data at 02036E38. Every npc uses 0x24 bytes. The first (n)pc is usually the player (but it can be changed with a variable I mentioned somewhere in this thread.)
0x02036E38 + 0x10 = 0x02036E48 X of the tile the NPC is leaving
0x02036E38 + 0x12 = 0x02036E4A Y of the tile the NPC is leaving
0x02036E38 + 0x14 = 0x02036E4C X of the tile the NPC is entering
0x02036E38 + 0x16 = 0x02036E4E Y of the tile the NPC is entering

0x0203F3A8 holds the current player map (byte)
0x0203F3A9 holds the current player map bank(byte)
0x0203F3AA holds the last map the player was at (byte)
0x0203F3AB holds the last map bank the player was at (byte)
0x0203F3AC holds the map the player was at 2 maps beforehand (byte)
0x0203F3AD holds the map bank the player wast at 2 maps beforehand (byte)

If it's true ... thank you a lot. Afaik the current map & bank is also stored at 02031DBC (mapnumbers_mem1) and 02031DB4 (mapnumbers_mem2).

One more question, does anyone know where the whiteout and win-battle routines are?

Yup. 08054BC8 for whiteout.

Code:
08054BC8 sub_08054BC8:                           @ CODE XREF: sub_080566A4+26p
08054BC8                 PUSH    {R4,LR}
08054BCA                 LDR     R0, =unk_081A654B
08054BCC                 BL      script_start2
08054BD0                 LDR     R0, =saveblock1
08054BD2                 LDR     R4, [R0]
08054BD4                 MOVS    R0, 0x290
08054BD8                 ADDS    R4, R4, R0
08054BDA                 BL      sub_08054C04
08054BDE                 MOVS    R1, R0
08054BE0                 MOVS    R0, R4
08054BE2                 BL      sub_0809FDD8
08054BE6                 BL      sp_00_heal_pokemon
08054BEA                 BL      sub_08054DD8
08054BEE                 BL      whiteout_mem1
08054BF2                 BL      load_warp_map
08054BF6                 POP     {R4}
08054BF8                 POP     {R0}
08054BFA                 BX      R0
08054BFA @ End of function sub_08054BC8

Code:
080554BC whiteout_mem1:                          @ CODE XREF: sub_08054BC8+26p
080554BC                 PUSH    {LR}
080554BE                 LDR     R0, =mapnumbers_mem1
080554C0                 BL      whiteout (=080BFCD0)
080554C4                 POP     {R0}
080554C6                 BX      R0
080554C6 @ End of function whiteout_mem1
 
94
Posts
13
Years
  • Seen Nov 2, 2016
Knizz, do you know at what part of the whiteout routine are the two texts displayed, and where it cuts off the sound?
"[player] scurried to the pokemon center, shielding the pokemon from further harm..."
and
"first, let's heal your pokemon back to full health"

I've been looking for those for quite a bit with no luck.
 
Last edited:
94
Posts
13
Years
  • Seen Nov 2, 2016
Here are the offsets:
"First, you should restore your POKéMON to full health." - 0x1A5E89

There are actually 2 for this one, one for home returns and one for returns to the pokemon center.

"[PLAYER] scurried to a POKéMON CENTER,
protecting the exhausted and fainted
POKéMON from further harm[...]" - 0x41B554

"[PLAYER] scurried back home, protecting
the exhausted and fainted POKéMON from
further harm[...]: - 0x41B5B6

I'd guess that the part where the music cut's off would be near the routine that uses these strings, but it's just a guess.

EDIT:

I think I found where it loads the text that is on the black screen
Spoiler:

Was right at the end of the whiteout routine, which I wasn't expecting. Still looking for the other parts.
 
Last edited:

knizz

192
Posts
16
Years
  • Seen Oct 28, 2020
Here's what the code looks like from my perspecive:
Spoiler:
 
94
Posts
13
Years
  • Seen Nov 2, 2016
Hm... Turns out, the checkflag routine (the actual one that does the calculations) is run a lot of times in the OW (I know, duh, the people event flags) so I got the flag location (or at least, the memory pointer to it). In Emerald, it's at the address pointed at by 0x03005D8C plus 0x1270.
Now, I have to find the bit that designates the badge flags..
EDIT: 0x0809C7EC in Emerald contains the surf-check-routine... at least for the tile. I'm not sure about the PKMN menu one.
EDIT2: 0x081B54E8 (again, in Emerald) contains the badge-check-routine for the menu. I'm trying to find out where the numbers to add to the first badge are obtained from...
EDIT3: Well, apparently they're loaded from 0x02000020, but I can't find how it gets the value...
Anybody, feel free to help me out with this. :/
EDIT4: Well, I hacked the routine and made it load different flag numbers for each of the old badge+base number. And it works! :D
To get all of the flags to work out on the field, however, you'll need to edit all of the scripts for, say, Rock Smash, Strength, and Cut so that they have the new flags. And then you'll need to hack the surf routine, like I said above.
Also, with the Set Disobedience findings, all we need to control the badges completely is to find out where the Attack/Defense... stats are increased.Even though that doesn't matter much, it would still be cool to be able to control the badges completely.
Do you or anyone else have the addresses for the seven HM routines and the badge check routine for the menu in FR? Been searching for a while and can't find them, if they are found I'd guess it'd be simple enough to make all HMs usable without giving the badges.
 

Sierraffinity

Desperately trying to retire from ROM hacking
1,069
Posts
16
Years
Back
Top