• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.

Help Thread: ASM & Disassembly

Status
Not open for further replies.
I'm looking into getting into ASM hacking, as my current project is one that's aimed at being a more "refreshing" experience rather than the typical "10 year old solo's the entire country and defeats grown adults etc.".

Would any of you know any tutorials for ASM hacking? Videos are not required, but are a big bonus (a lot of images that are included in text guides eventually are pulled down).
 
I'm looking into getting into ASM hacking, as my current project is one that's aimed at being a more "refreshing" experience rather than the typical "10 year old solo's the entire country and defeats grown adults etc.".

Would any of you know any tutorials for ASM hacking? Videos are not required, but are a big bonus (a lot of images that are included in text guides eventually are pulled down).

Try this. I've heard FBI has left pokecommunity (and possibly hacking in general) now but it should still be helpful ><.
 
Sup guys.
This is daniilS' routine for the Heal Ball:
Spoiler:
I got a few questions. If I only want it to heal half the Pokémon's HP, I'll need a new "healpoke" routine, right?
By just changing the to-be-made "halfhealpoke" with the "healpoke", it will work alright?

Also, I wanna make it work for every Pokéball, not actually intending to put a Heal Ball in the game.
daniilS told me that if I simply delete the line with the ball index of the Heal Ball, it will work for every other ball.
His post:
You can easily change the ball index check in the healing routine, or remove it altogether if you want it to work for every ball.
But don't I need something in the battle script after capturing a Pokémon to call this routine? Or it runs automatically after I catch a Pokémon?
 
I got a few questions. If I only want it to heal half the Pokémon's HP, I'll need a new "healpoke" routine, right?
By just changing the to-be-made "halfhealpoke" with the "healpoke", it will work alright?
The thing is, the healing is done by calling the party healing routine and making it only work on the caught poke. Perhaps writing a custom routine would work better if you only want it to restore half its HP.
Also, I wanna make it work for every Pokéball, not actually intending to put a Heal Ball in the game.
daniilS told me that if I simply delete the line with the ball index of the Heal Ball, it will work for every other ball.
His post:

But don't I need something in the battle script after capturing a Pokémon to call this routine? Or it runs automatically after I catch a Pokémon?
The ball hacking thread tells you how to activate this routine.
 
I got a few questions. If I only want it to heal half the Pokémon's HP, I'll need a new "healpoke" routine, right?
By just changing the to-be-made "halfhealpoke" with the "healpoke", it will work alright?
The thing is, the healing is done by calling the party healing routine and making it only work on the caught poke. Perhaps writing a custom routine would work better if you only want it to restore half its HP.
Also, I wanna make it work for every Pokéball, not actually intending to put a Heal Ball in the game.
daniilS told me that if I simply delete the line with the ball index of the Heal Ball, it will work for every other ball.
His post:

But don't I need something in the battle script after capturing a Pokémon to call this routine? Or it runs automatically after I catch a Pokémon?
The ball hacking thread tells you how to activate this routine.

But if I write a custom routine for half healing a Pokémon, would I activate it the same way as the ball hacking thread explains?
Or I just call this custom routine I'd make from yours, instead of healpoke?
 
I'd replace the healing parts of mine (not just healpoke) with it, but you could also just write your own hook.
 
When an item is used on a Pokemon where does it store what party slot the Pokemon is in?(FR)
Or is there any way to find out?
 
How do I write a branch to a specific offset? When I try to overwrite existing routines and use a format like:

.org 0x08XXXXXX
stuff here
b 0x08YYYYYY

although it assembles at the offset 0x08XXXXXX and 0x08YYYYYY is well within the branch range (only like 100 bytes away from pc), the b 0x08YYYYYY, on DevkitARM at least, just assembles as branching to itself. I've been using opcodes for those instructions, but surely that isn't an efficient method. Even a method that lets me write out something like "branch + 24 bytes" would be a lot better than what I'm using right now.
 
How do I write a branch to a specific offset? When I try to overwrite existing routines and use a format like:

.org 0x08XXXXXX
stuff here
b 0x08YYYYYY

although it assembles at the offset 0x08XXXXXX and 0x08YYYYYY is well within the branch range (only like 100 bytes away from pc), the b 0x08YYYYYY, on DevkitARM at least, just assembles as branching to itself. I've been using opcodes for those instructions, but surely that isn't an efficient method. Even a method that lets me write out something like "branch + 24 bytes" would be a lot better than what I'm using right now.

While I don't think you can use precise offsets/addresses, you can use arithmetic on labels and symbols, so try "$+OFFSET", ".+OFFSET" (relative to the current instruction) or use a label and mark it relative to that with "label+OFFSET". It seems that any undefined symbol (with a valid name) is treated as ".", which is the special symbol reserved to mean the current address.

Keep in mind that .org doesn't really work so well for that purpose and will cause your output binary to be padded with zeroes. See https://tigcc.ticalc.org/doc/gnuasm.html#SEC112
 
How do I write a branch to a specific offset? When I try to overwrite existing routines and use a format like:

.org 0x08XXXXXX
stuff here
b 0x08YYYYYY

although it assembles at the offset 0x08XXXXXX and 0x08YYYYYY is well within the branch range (only like 100 bytes away from pc), the b 0x08YYYYYY, on DevkitARM at least, just assembles as branching to itself. I've been using opcodes for those instructions, but surely that isn't an efficient method. Even a method that lets me write out something like "branch + 24 bytes" would be a lot better than what I'm using right now.

Here's an example of how I deal with this cases. Here it's an extension of a set of compares for screen darkening because of OW weather effects:
Code:
.thumb
.equ loc,	0x0807A872
.equ nofade,	0x0807A880
.equ next,	0x0807A882
extracheck:
	cmp r0, #5
	beq nofade-loc
recycle:
	mov r2, #1
	b next-loc
Instead of using equs you could also just put the offsets in the routine itself, because it's the +/- that matters here if I'm right.
 
Here's an example of how I deal with this cases. Here it's an extension of a set of compares for screen darkening because of OW weather effects:
Code:
.thumb
.equ loc,	0x0807A872
.equ nofade,	0x0807A880
.equ next,	0x0807A882
extracheck:
	cmp r0, #5
	beq nofade-loc
recycle:
	mov r2, #1
	b next-loc
Instead of using equs you could also just put the offsets in the routine itself, because it's the +/- that matters here if I'm right.
Hmm. If I'm understanding what you did correctly, are each of those .equ, despite being real (sort of defines?), only being used for simple arithmetic? As in..... your "b next-loc" is basically branch + 0x10 bytes in a more legible way? Regardless, what assembler did you use for that? I quickly tested out what you wrote with DevkitARM and at the end of my bin, I saw the all too familiar FE E7 (a branch to itself). Touched's suggestion of label + offset worked, but when it comes to b/bl/beq etc. to any actual addresses, I haven't been able to assemble anything involving +/- that doesn't literally include a number on the line. Not that it matters too much I suppose; it would just be easier to read.
 
Hmm. If I'm understanding what you did correctly, are each of those .equ, despite being real (sort of defines?), only being used for simple arithmetic? As in..... your "b next-loc" is basically branch + 0x10 bytes in a more legible way? Regardless, what assembler did you use for that? I quickly tested out what you wrote with DevkitARM and at the end of my bin, I saw the all too familiar FE E7 (a branch to itself). Touched's suggestion of label + offset worked, but when it comes to b/bl/beq etc. to any actual addresses, I haven't been able to assemble anything involving +/- that doesn't literally include a number on the line. Not that it matters too much I suppose; it would just be easier to read.

Yeah, I'm using defines so I don't have to calculate all the branches manually. If I remember correctly this worked just fine with Hackmew's assembler, which uses DevkitARM.
 
I have a few questions. Is it possible to show a background via ASM? And if it is, could anyone explain to me how to use it (the routine location, parameters)? Or is it done via multiple routines instead of one routine?
 
The 'flymap' routine is at 0x0C4EF8 in FireRed so callasm 0x0C4EF9 shows you the flymap. (FBI found this, not me)

I've been trying to find the Emerald equivalent for the past few hours looking through a hex editor searching for a string of bytes from the routine in FireRed that might lead me to the one in Emerald.

But so far nothing...

Anyone know another way of finding it, or anyone know where it is?
 
The 'flymap' routine is at 0x0C4EF8 in FireRed so callasm 0x0C4EF9 shows you the flymap. (FBI found this, not me)

I've been trying to find the Emerald equivalent for the past few hours looking through a hex editor searching for a string of bytes from the routine in FireRed that might lead me to the one in Emerald.

But so far nothing...

Anyone know another way of finding it, or anyone know where it is?
Using a hex editor to look for exact bytes won't work; it surely uses bl instructions at various places within the routine even if it miraculously uses the "same" routine (which it probably doesn't given that emerald has only one map). Is there anything you know about the fly map? I would use something that you "know" to set a break on read with vba-sdl-h and follow the routine from there.
 
Using a hex editor to look for exact bytes won't work; it surely uses bl instructions at various places within the routine even if it miraculously uses the "same" routine (which it probably doesn't given that emerald has only one map). Is there anything you know about the fly map? I would use something that you "know" to set a break on read with vba-sdl-h and follow the routine from there.

Oh yeah I forgot about the other maps. The method worked for surf I thought it would work for fly too.

I guess what I 'know' is the tileset/tilemap location, the flags needed to fly to each city and that doanimation,0E,0F and 20 do the flying animation.

Is that good enough or completely useless?
 
Oh yeah I forgot about the other maps. The method worked for surf I thought it would work for fly too.

I guess what I 'know' is the tileset/tilemap location, the flags needed to fly to each city and that doanimation,0E,0F and 20 do the flying animation.

Is that good enough or completely useless?

It should work. If someone has researched field moves in Emerald, there should be a table of routines for each move there too. Try finding it from that.
 
It should work. If someone has researched field moves in Emerald, there should be a table of routines for each move there too. Try finding it from that.

They're in a table? That means I could go to the surf routine, find the pointer to it and fly will be near it right? I'll look into it tomorrow I'm off to bed now.
 
If r0 held a pointer(let's just say I'm using 0x20270B6 as an example), would r1 hold that pointer as well if I did ldr r1, [r0]?

It would not. What that'd do is load the word at r0's location into r1. That's what the [] is for.
 
Last edited:
Status
Not open for further replies.
Back
Top