The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Binary Hack Research & Development (https://www.pokecommunity.com/forumdisplay.php?f=195)
-   -   Quick Research & Development Thread (https://www.pokecommunity.com/showthread.php?t=205158)

MrDollSteak July 13th, 2015 11:07 PM

I've located a table that is possibly useful for ASM hackers (certainly those doing abilities). It controls the end of turn effects that tend to do damage such as Leech Seed, Burn, Poison and Nightmare (among other things).

In Fire Red it is located at 0182FC, and in Emerald at 0409C8.

I'm compiling a list of effects that will correspond to the relevant 4 byte entries (they're just pointers that get loaded).

Spoiler:
Entry 3 - Leech Seed Damage
Entry 4 - Poison Damage
Entry 5 - Toxic Poison Damage
Entry 6 - Burn Damage
Entry 7 - Nightmare Damage
Entry 8 - Curse Damage
Entry 9 - Wrap, Fire Spin, Whirlpool, etc. Damage

Touched July 19th, 2015 12:29 PM

Change the order that badges appear on the trainer card (untested)
Simply makes the loop read from a lookup table before checking for the badge.
Spoiler:

Code:

.align 2
.thumb

@ 00 4B 18 47 XX + 1 XX XX 08 at 0x08AFC8 (0808AFC8 via r3)
hook_name:
    asr r7, r0, #0x10
    add r1, #0x11
    adr r0, order_table
    ldrb r0, [r0, r7]
    add r1, r1, r0
    ldrb r0, [r1]
    ldr r3, return
    bx r3

.align 2
return: .word 0x0808AFD0 + 1

@ Change the badge order using this table (reverse order)
order_table: .byte 7, 6, 5, 4, 3, 2, 1, 0



AkimotoBubble July 19th, 2015 9:39 PM

Quote:

Originally Posted by Lost Heart (Post 7993745)
Reusable TMs in Emerald

So I was taking a peek through good old reseach and development today when I saw a cute little post about resuable TMs. You know, making TMs act like HMs. After seeing that it had been found on Ruby and FireRed, I thought, why not find it one Emerald? So I did.

To do this little bad boy, go to 0x1B6EE0 in your Emerald ROM and change the A9 there to 90.
Simple as that!

Here's a tiny little explanation for those wondering.

First, 0x1B6EE0 is this little section of code called when a TM or HM is being used. For simplicity's sake, I'll show what is relevant:

Code:

081B6EE0: 20A9 mov r0, #0xA9
081B6EE2: 0040 lsl r0, r0, #0x1
081B6EE4: 4284 cmp r4, r0
081B6EE6: bhi $081B6EF0


What it does, is first take the number A9, and put it in r0. Then, it takes r0 and left shifts it 1. This is the same as multiplying by 2 (A9 << 1 = A9 * 2 = 152). If one was to look at any item editor, they would see that this is the index of TM50 in Emerald. Then, this new value is compared to r4, which has the index of the TM/HM being used. If this number higher, the game knows that an HM was used, so it goes to the relevant area to keep it.

This is where we come in. What we want the game to think is that all TMs are the same as HMs. So, what we need to do is change the index it looks for into the index for the first TM, rather than the first HM. So looking at the items, TM01's index is 121. Dividing this by 2 gives 90, so that is why we put 90. The only downside to doing this really is that item 120 is included in this check, which doesn't matter because it's not a TM anyway (it's the Devon Goods). So there ya have it!

That's great .but how to remove the number show text
like "TM1 x1"
to
"TM1 "

Exodrake July 19th, 2015 10:36 PM

Is there a method to remove the 100 EV cap on the EV-enhancing medicines (Protein, etc.), for FireRed?

MrDollSteak July 21st, 2015 11:54 PM

1 Attachment(s)
I'm not sure if this is the right place as such for this, but I guess it's sort of Research...

But anyway, the Egg hatching graphics are actually completely independent from the 'Pokemon' Egg sprite which has the index 19C. You can find this graphics in the HUD navigation for Fire Red but I thought I'd post the offsets here as well as the necessary image to replace them with in NSE. Just insert sprite Image+Palette and save the image and the palette to the Rom. It doesn't need any repointing, and the image is indexed.

Fire Red

Palette: 25F842
Image: 25F862

Emerald

Palette: 32B70C
Image: 32B72C

kleenexfeu July 22nd, 2015 1:52 PM

Quote:

Originally Posted by NintendoBoyDX (Post 7331751)
FR Obedience checks:
Deoxys: 0x0801D3EC
Mew: 0x0801D402

There ya go.

Obediance check for Emerald: 0x08045C6C

If you want that every mew/deoxys obey, just insert this 0D E0 at 0x08045C6C.

Deokishisu July 23rd, 2015 6:25 PM

Quote:

Originally Posted by kleenexfeu (Post 8857800)
Obediance check for Emerald: 0x08045C6C

If you want that every mew/deoxys obey, just insert this at 0x08045C6C :

Code:

ldr r0, ByPassCheck
bx r0

.align 2
ByPassCheck: .word 0x08045C8A+1



Is this also the area where Emerald's badge obedience checks are located? I want to mess with the levels that badges allow obedience for.

Joexv July 23rd, 2015 6:33 PM

Quote:

Originally Posted by Deokishisu (Post 8859934)
Is this also the area where Emerald's badge obedience checks are located? I want to mess with the levels that badges allow obedience for.

Quote:

Originally Posted by Touched (Post 8852976)
Levels checks are at:
08045CC6 (0)
08045D4A (10)
08045D58 (30)
08045D66 (50)
08045D74 (70)

The flags this checks are at 08045DC4. There are 4 (2 bytes each). The first flag (0x86E) makes everything obey.


Xencleamas August 3rd, 2015 9:56 AM

Sorry for repost but it should be deserved to be here now.

Emerald Encounter Music


I have been using Hopeless Trainer Editor as my current trainer editor in use to edit trainer data and to change encounter music assigned on trainers as well. I also wondered which songs (Sappy number does each value uses). I have researched that on. And, guess what? Just like in FireRed, an assigned encounter music number plays a certain theme. I was also using Unnamed Trainer Editor and since didn't listed up for Emerald so, here is the list:

Encounter Themes:
  • 0x0: The Youngster encounter theme which music number is 0x17C
  • 0x1: The Lass encounter theme which music number is 0x197
  • 0x2: The Tuber encounter theme which music number is 0x17B
  • 0x3: The Bug Maniac encounter theme which music number is 0x1A7
  • 0x4: The Black Belt encounter theme which music number is 0x1A0
  • 0x5: The Cool Trainer (now Ace Trainer) encounter theme which music number is 0x1A1
  • 0x6: The Team Aqua encounter theme which music number is 0x1A3
  • 0x7: The Team Magma encounter theme which music number is 0x1B9
  • 0x8: The Swimmer encounter theme which music number is 0x181 (edit at 0xB1C30 to change song number 81 01 00 00)
  • 0x9: The Kid encounter theme which music number is 0x1C1
  • 0xA: The Elite Four encounter theme which music number is 0x1C2
  • 0xB: The Hiker encounter theme which music number is 0x1C3
  • 0xC: The Reporters Gabby and Ty encounter theme which music number is 0x1C5
  • 0xD: The Gentleman encounter theme which music number is 0x18D

0xE until 0xFF (14 until 255) plays the Bug Maniac encounter theme which music number is 0x1A7. Alright! That goes for a while. I still need to research them more since there are further information about them on how they work and how they are listed up. I have seen its table around but it is not as dynamic to be easily repointed. I will update this post as soon as I have gathered information.

One important thing: During the process on expanding the Pokedex for Emerald, the ninth step messes up the load of 0x8 encounter music which I have discovered earlier. It seems that in the first twenty-nine 81 01 00 00-s includes the 0x8 encounter theme. To fix the 0x8 encounter music once again: go to 0xB1C30 then type 81 01 00 00.

To conclude this, you can have no longer translating the Controlling/Extending Encounter Music which is only for FireRed. You can have fourteen kinds of encounter music in Emerald (than FireRed being three unless you have applied that hack). You have too much already so expanding it on Emerald is pointless.

Emerald Overworld and Battle Textboxes


Getting lazy jogging down stuff from VBA's Logs? There are few people ask about that. Alright! For being fair, here are the data you need... again for Emerald:

Emerald Overworld Textbox: 0x08DDD768 (uncompressed image)
Emerald Overworld Textbox Palette: 0x08DDD728 (uncompressed palette)
Emerald Battle Textbox: 0x08C00000 (compressed image)
Emerald Battle Textbox Pal: 0x08C004E0 (compressed palette)

I guess you know what compressed and uncompressed images and palettes are? Good!

Jaizu August 4th, 2015 5:26 AM

Hi! If you are using a 32x32px overworld for the PLAYER(NDS style) you will notice that it will look weird when you choose your name.

http://i.imgur.com/qB8ZxAH.png

To fix it just go to the direction 083A3BC0 and put 18 instead 10
It makes the PLAYER and GARY overworlds look like a 32x32px.

http://i.imgur.com/7HNuVBd.png

Credits to daniilS

Mr.Pkmn August 6th, 2015 4:49 PM

Encrypted Counters


FR saves 64 hidden words after the variables space. Apparently, only the first 51 of them are actually used (still their purpose is unknown) and have a max value of 0x00FFFFFF (16 millions). You can access them by using variable 0x4100 + [counter id * 2, only lower halfword] (but you need to disable the security key to read the actual value) and increment by 1 using the scripting command cmdc3 [id] and battle script command cmd60 [id].

Here's the list of counters i found:
Code:

0x0 n. saves
0x1 hall of fame (HHHH/MM/SS)
0x5 n. steps
0x7 n. poke battles
0x8 n. wild battles
0x9 n. trainer battles
0xA n. hall of fame
0xB n. poke caught
0xC n. poke fished
0xD n. eggs hatched
0xE n. poke evolved
0xF n. pokecenter heal
0x11 n. safari games
0x12 n. trees cut
0x13 n. rocks smashed
0x15 n. trades
0x17 n. link win
0x18 n. link loss
0x19 n. link draw
0x1A n. splash used
0x1B n. struggle used
0x1C n. gamecorner max payout
0x20 ??? [manipulated by special 0xED]
0x26 n. pokemart purchases
0x27 n. itemfinder uses
0x28 n. thunderstorm weather in overworld (unused)
0x29 n. pokedex opened
0x2A n. elitefour win? (updated with hall of fame)
0x2B n. ledge jumps
0x2F ???
0x32 n. union room
0x33 n. berry crush



Deokishisu August 7th, 2015 7:24 AM

Quote:

Originally Posted by Mr.Pkmn (Post 8879859)

Encrypted Counters


FR saves 64 hidden words after the variables space. Apparently, only the first 51 of them are actually used (still their purpose is unknown) and have a max value of 0x00FFFFFF (16 millions). You can access them by using variable 0x4100 + [counter id * 2, only lower halfword] (but you need to disable the security key to read the actual value) and increment by 1 using the scripting command cmdc3 [id] and battle script command cmd60 [id].

Here's the list of counters i found:
Code:

0x0 n. saves
0x1 hall of fame (HHHH/MM/SS)
0x5 n. steps
0x7 n. poke battles
0x8 n. wild battles
0x9 n. trainer battles
0xA n. hall of fame
0xB n. poke caught
0xC n. poke fished
0xD n. eggs hatched
0xE n. poke evolved
0xF n. pokecenter heal
0x11 n. safari games
0x12 n. trees cut
0x13 n. rocks smashed
0x15 n. trades
0x17 n. link win
0x18 n. link loss
0x19 n. link draw
0x1A n. splash used
0x1B n. struggle used
0x1C n. gamecorner max payout
0x20 ??? [manipulated by special 0xED]
0x26 n. pokemart purchases
0x27 n. itemfinder uses
0x28 n. thunderstorm weather in overworld (unused)
0x29 n. pokedex opened
0x2A n. elitefour win? (updated with hall of fame)
0x2B n. ledge jumps
0x2F ???
0x32 n. union room
0x33 n. berry crush



Some of these are probably used to give out the stickers on Four Island or to display link records in the upstairs of the Pokemon Center, but others may be RS leftovers that the Storyteller used to keep track of "Legendary Trainers". Like, how often you saved or used the itemfinder and such. In fact, Bulbapedia's list of the Storyteller's stories matches almost all of these, and I suspect the unknown ones check flags that RS used (such as number of berries planted or contests won).

Mr.Pkmn August 7th, 2015 8:02 AM

Quote:

Originally Posted by Deokishisu (Post 8880656)
Some of these are probably used to give out the stickers on Four Island or to display link records in the upstairs of the Pokemon Center, but others may be RS leftovers that the Storyteller used to keep track of "Legendary Trainers". Like, how often you saved or used the itemfinder and such. In fact, Bulbapedia's list of the Storyteller's stories matches almost all of these, and I suspect the unknown ones check flags that RS used (such as number of berries planted or contests won).

Yes, only some of them are used. The others are totally missing (like the heal at home, which is 0x10 but unused by the mom script)

Blah August 7th, 2015 10:29 AM

Hey guys, I just wanted to post a warning about a PKSV bug which occurs quite commonly when testing out routines with callasm (perhaps it happens in XSE too, I haven't tried).

Steps to produce bug:
Write a routine and insert it into ROM
Write Script with callasm which uses said routine, compile it
Close PKSV

- Normally around here, I give my routines a game test -

Open a new PKSV and decompile the script
Make modifications to the routine
Make modification to the script and compile

Result:
Modification to the routine are undone. To avoid the bug you need to always reinsert the routine after compiling a script which uses the routine.

Spherical Ice August 11th, 2015 4:58 PM

I've finally updated this thread, too! Again, notify me if I missed something. I too shall be more diligent in keeping this thread updated. :D

esperance August 12th, 2015 1:18 PM

The palette used for sandy footprints is at 0x398FA8 in FireRed and 0x398F88 in LeafGreen. :)

DizzyEgg August 12th, 2015 10:38 PM

Quote:

Originally Posted by Spherical Ice (Post 8886759)
I've finally updated this thread, too! Again, notify me if I missed something. I too shall be more diligent in keeping this thread updated. :D

Wouldn't it be better if each link moved you to a specific post instead of a page? Just like Lost Heart did with the ASM resource thread.

BLAx501! August 13th, 2015 2:11 PM

I'm not sure if this has already been discussed here, but, would it be possible to port the breakable tiles from Sky Pillar (R/S/E) to Fire Red? I mean, to make them only able to be surpassed using the bike and non stopping.

Telinc1 August 14th, 2015 8:39 AM

Quote:

Originally Posted by BLAxTOISE (Post 8889315)
I'm not sure if this has already been discussed here, but, would it be possible to port the breakable tiles from Sky Pillar (R/S/E) to Fire Red? I mean, to make them only able to be surpassed using the bike and non stopping.

Definitely possible, and a similar thing is actually done in the cave in Four Island (forgot the name). There's a scripting command which deals with these sort of things, I think it was cmd3c or cmda6 IIRC. In RSE the same functionality is also used for the ash grass in Route 113. There's a post in this thread which explains the usage of the command, too lazy to dig it up.

Telinc1 August 15th, 2015 3:29 AM

I just made a little discovery for Pokédex hacking to add on to this post. What's been really bugging me is how you can change the amount of items the National Pokédex has, but the byte for the Regional one isn't known. Well, the 0x13 at 0x452010 is that "missing unknown value". Of course, the amount of items in the National Pokédex is at 0x4520C8, just like Chaos Rush discovered.

Spherical Ice August 15th, 2015 2:18 PM

Just a reminder that this thread is not for asking questions, unless it is directly asking a question about a previous post. If you want help, use the Beginner's Lounge and its relevant stickied threads. If you have a small amount of (previously undocumented in this thread or forum) new research and want people to help with it, then that is probably the only acceptable case to ask questions here. Please keep this in mind!

PurpleOrange August 16th, 2015 3:22 AM

some useful RAM stuff

emerald RAM offsets for map bank, map number, and x and y coordinates
0x02025A0C stores the current player map bank
0x02025A0D stores the current player map number
0x02025A08 stores the player's x coordinate
0x02025A0A stores the player's y coordinate

roaming legendary RAM offsets for their current location
RS: 0x02079303
FRLG: 0x0203F3AE
E: 0x0207BC86

Le pug August 18th, 2015 10:03 AM

Quote:

Originally Posted by PurpleOrange (Post 8892450)
some useful RAM stuff

emerald RAM offsets for map bank, map number, and x and y coordinates
0x02025A0C stores the current player map bank
0x02025A0D stores the current player map number
0x02025A08 stores the player's x coordinate
0x02025A0A stores the player's y coordinate

roaming legendary RAM offsets for their current location
RS: 0x02079303
FRLG: 0x0203F3AE
E: 0x0207BC86

good find on the legendary ram offsets but the previous map offsets have already been found and go hand in hand with the intro enhancement patch made by diegoisawesome found here: click

FamiliaWerneck August 18th, 2015 12:16 PM

I know it's nothing hard, nothing WOOOOW, but that's something and my first alone-research-area collaboration. This is for Fire Red:

INFINITE SAFARI TIME


Simply go to 0xA0F1A and replace the 01 38 there, for 00 38.

The game will still give you 600 steps, but it won't decrease, so you will be there until you retire or run out of Safari Balls.
When I figure out how to hide the step count in the start menu, I'll edit this post.

FamiliaWerneck August 19th, 2015 9:33 AM

Well, this is what I did, while learning how to do stuff like debugging and doing new mechanics changes in the game.
Thanks to Touched-sensei, who helped me through the entire process. Thanks to daniilS and kleenexfeu, who also helped in the very end. This is for Fire Red:

REUSABLE POKÉBALLS


- First, go to 0xA1E30. Change 01 21 to 00 21 (with this, Pokéballs won't be deleted when you select them in your bag);
- Now, find some free space and insert this routine there:
Spoiler:
Code:

.text
.align 2
.thumb

main:
        bl deleteball
        mov r9, r4
        pop {r4-r7}
        pop {r0}
        bx r0

deleteball:
        ldr r0, var_800E
        ldrh r0, [r0]
        cmp r0, #0xC
        bls pokeball

notpokeball:
        mov r1, #0
        bl bagremoval       

pokeball:
        mov r1, #1

bagremoval:
        ldr r2, =(0x809A1D9)
        bx r2

.align 2
var_800E: .word 0x0203AD30



Here's a compiled version:
Spoiler:
00 F0 04 F8 A1 46 F0 BC 01 BC 00 47 04 48 00 88 0C 28 02 D9 00 21 00 F0 01 F8 01 21 01 4A 10 47 30 AD 03 02 D9 A1 09 08

This is the code that deletes the Pokéball;
- Finally, go to 0x2D924 and paste write this "00 48 00 47 XX XX XX 08" there. It's a hook to the routine you just inserted. Change the XX XX XX for the pointer to the offset you placed the above routine. Remember to +1 the offset before changing it to a pointer.

With this hack, you won't spend Pokéballs if you don't capture a wild Pokémon. I wanted to do it inspired in the anime.
Again, simple, some people will think it's a broken functionality, but it will do well for that time when you encounter a shiny Pokémon with that one single Pokéball in your bag. =P
Thanks again, everybody. Hope it's helpful.

EDIT:
Thanks to mbcn10ww, I fixed this hack.
Unfortunately, I couldn't test it on the Safari area, as it's saying other saves are not compatible (but I don't know why, since I might have tried to use saves of games with other different hacks. It's been more than a semester I don't even see my games).
Nevertheless, I tested it on regular places and areas, and it is still working. From the previous hack, I set a new condition before removing item from the bag.
I call the removing routine anyway. The difference is that I pass on a 0 value as the number of items to be deleted if it's not a pokeball.
The "cmp r0, #0xC" compares the last item used with the last pokeball index (Premier Ball). If it is lower or equal to that, it is a pokeball. Else, r1 receives 0 and no item should be deleted.
Thanks for the heads up, mbcn10ww!
If anyone can test the Safari part, jumping straight there, or anything, I would appreciate!

chrunch August 25th, 2015 12:24 AM

Player Names in Firered


At 0x46308C, there is a table which lists all the generated player names for when you leave the name entry screen blank. There are 19 entries for each gender, and the table is simply made up of pointers to strings for each possible name.

Spoiler:
Code:

Offset        Name        Gender
46308C        RED        (Male)
463090        FIRE        (Male)
463094        ASH        (Male)
463098        KENE        (Male)
46309C        GEKI        (Male)
4630A0        JAK        (Male)
4630A4        JANNE        (Male)
4630A8        JONN        (Male)
4630AC        KAMON        (Male)
4630B0        KARL        (Male)
4630B4        TAYLOR        (Male)
4630B8        OSCAR        (Male)
4630BC        HIRO        (Male)
4630C0        MAX        (Male)
4630C4        JON        (Male)
4630C8        RALPH        (Male)
4630CC        KAY        (Male)
4630D0        TOSH        (Male)
4630D4        ROAK        (Male)
4630D8        RED        (Female)
4630DC        FIRE        (Female)
4630E0        OMI        (Female)
4630E4        JODI        (Female)
4630E8        AMANDA        (Female)
4630EC        HILLARY (Female)
4630F0        MAKEY        (Female)
4630F4        MICHI        (Female)
4630F8        PAULA        (Female)
4630FC        JUNE        (Female)
463100        CASSIE        (Female)
463104        REY        (Female)
463108        SEDA        (Female)
46310C        KIKO        (Female)
463110        MINA        (Female)
463114        NORIE        (Female)
463118        SAI        (Female)
46311C        MIMI        (Female)
463120        SUYI        (Female)
463124        GREEN        (Rival)
463128        GARY        (Rival)
46312C        KAZ        (Rival)
463130        TORU        (Rival)




The name strings are all located at 0x1C574F if you wish to edit them without repointing. Note that there is also a string for LEAF which is not used in Firered.

DoesntKnowHowToPlay August 29th, 2015 1:57 PM

The roamer in FR is released into the world by special 0x129, at x141D9C.

Its species is chosen from the bytes at x141caa, x141cb4, or x141cb8 (xF3, xF4, xF5 respectively) based on your starter choice (var x4013).

Its level is dependent on the bytes at x141cc8 and x141cdc. I advise changing both to the same value; if only the former is changed it gets generated as a level 50 mon with incorrect HP.

The ability to track the roamer in the dex is specific to Raikou, Entei, and Suicune. There is a table at x4642F4 that maps values of var x4013 to dex entries that should instead check the roamer. To make the dex acknowledge one roamer and disregard starter choice, change the first value in the table to your roamer's ID, and put four 00s at x13cb80.

Dionen September 1st, 2015 11:47 AM

Quote:

Originally Posted by Jaizu (Post 8876026)
Hi! If you are using a 32x32px overworld for the PALYER(NDS style) you will notice that it will look weird when you choose your name.

http://i.imgur.com/qB8ZxAH.png

To fix it just go to the direction 083A3BC0 and put 18 instead 10
It makes the PLAYER and Gary overworld look like a 32x32px.

http://i.imgur.com/7HNuVBd.png

Thanks and merits to daniilS, he literally made everything!

Doing this will also fix the player's male reflection! :)

Artemis64 September 1st, 2015 10:39 PM

Quote:

Originally Posted by Touched (Post 8844381)
Cap individual EVs to 252 instead of 255 Like in Gen VI
Set 080439FC and 08043A02 to 0xFC (FireRed)

To do the same in Emerald, place 0xFC at 0x6DC48 and 0x6DC4E.
To elaborate for the people who don't understand what this is about, it is setting the limiters for the maximum number of EVs a Pokémon can have per stat. Because only four EVs translate into a single stat point, having 255 EVs per stat is pointless, as the last three EVs do not make any difference.

C me September 9th, 2015 12:30 PM

Emerald move effects command table 0x31BD10.

kleenexfeu September 9th, 2015 12:58 PM

We (almost) all know how BSP is useful, though it can't decompile every battlescript in the game because all the commands haven't been implemented.

To change that, I documented on what kind of argument each commands take, I don't know yet what they all do, but we can at least decompile every script. There's still few command undocumented, I'll update the post as I find what argument they take, and what the other commands do.

UPDATE: Now we know the arguments taken by every single command. The only issue is that BSP doesn't prevent infinite loop.
Other than that, you can decompile every single Battlescript in the game.

The commands :
Spoiler:

#command cmd1B 0x1B 0x1 "Byte or Bank" 0x1
#command cmd23 0x23 0x1 "Byte or Bank" 0x1
#command gotoandsomething 0x24 0x1 "ROM Address" 0x4
#command cmd26 0x26 0x1 "Byte or Bank" 0x1
#command cmd32 0x32 0x4 "AddresW" 0x4 "AdresW" 0x4 "AddresW" 0x4 "Byte" 0x1
#command somethinghealcmd3B 0x3B 0x1 "Bank" 0x1
#command cmd40 0x40 0x1 "Address" 0x4
#command cmd44 0x44
#command cmd54 0x54 0x1 "Hword" 0x2
#command cmd55 0x55 0x1 "Word Value" 0x4
#command cmd56 0x56 0x1 "Byte or Bank" 0x1
#command cmd57 0x57
#command checkiflearnmoveinbattle 0x59 0x3 "AddresW" 0x4 "AddresW" 0x4 "Bank or byte" 0x1
#command cmd5A 0x5A 0x1 "Address" 0x4
#command cmd5B 0x5B 0x1 "Address" 0x4
#command cmd5E 0x5E 0x1 "Byte or Bank" 0x1
#command cmd5F 0x5F
#command cmd61 0x61 0x1 "Bank probably" 0x1
#command cmd62 0x62 0x1 "Bank probably" 0x1
#command cmd65 0x65 0x2 "Bank or byte or compare" 0x1 "Word Value" 0x4
#command cmd66 0x66 0x3 "Byte, bank or compare" 0x1 "Byte bank cmp" 0x1 "Word" 0x4
#command cmd67 0x67
#command cmd68 0x68
#command cmd69 0x69
#command removeitem 0x6A 0x1 "Bank" 0x1
#command cmd6B 0x6B
#command cmd6C 0x6C
#command cmd6D 0x6D
#command cmd6E 0x6E
#command cmd6F 0x6F 0x1 "Bank" 0x1
#command cmd70 0x70 0x1 "Bank" 0x1
#command cmd71 0x71
#command somethingwithhelditem 0x72 0x1 "ROM Address" 0x4
#command cmd74 0x74 0x1 "Bank" 0x1
#command cmd75 0x75
#command nop3 0x83
#command koplussomethings 0x93 0x1 "AddresW" 0x4
#command cmd98 0x98 0x1 "Byte" 0x1
#command cmdAB 0xAB
#command cmdBA 0xBA 0x1 "Address" 0x4
#command beatupcalculation 0xC4 0x2 "ROM Address" 0x4 "ROM Address" 0x4
#command cmdD4 0xD4 0x2 "Bank maybe" 0x1 "ROM Address" 0x4
#command cmdE1 0xE1 0x1 "ROM Address" 0x4
#command naturepowereffect 0xE1
#command actualcastformswitch 0xE6
#command castformswitch 0xE7
#command pursuitwhenswitched 0xEC 0x1 "ROM Address" 0x4
#command snatchmove 0xED
#command catchpoke 0xF0
#command capturesomethingF1 0xF1 0x1 "Address" 0x4
#command capturesomethingF2 0xF2
#command capturesomethingF3 0xF3 0x1 "Address" 0x4
#command removehp 0xF4
#command curestatutfirstword 0xF5
#command cmdF6 0xF6
#command activesidesomething 0xF7
#command cmdF8 0xF8 0x1 "Bank" 0x1 // Emerald only
#command callasm 0xF9 0x1 "Offset of routine" 0x4 // Custom command
#command setword 0xFA 0x2 "Offset of address" 0x4 "Word Value" 0x4 // Custom command


Blah September 11th, 2015 8:53 AM

Quote:

Originally Posted by FBI agent (Post 8880893)
Hey guys, I just wanted to post a warning about a PKSV bug which occurs quite commonly when testing out routines with callasm (perhaps it happens in XSE too, I haven't tried).

Steps to produce bug:
Write a routine and insert it into ROM
Write Script with callasm which uses said routine, compile it
Close PKSV

- Normally around here, I give my routines a game test -

Open a new PKSV and decompile the script
Make modifications to the routine
Make modification to the script and compile

Result:
Modification to the routine are undone. To avoid the bug you need to always reinsert the routine after compiling a script which uses the routine.

Something more to add to this. PKSV can't compile money commands, except for showmoney. The coins seem to work, as well as decompiling scripts with these money commands work. However, DO NOT recompile scripts which have money commands. They will most likely break.

In my eyes, with this bug and the ASM bug, PKSV has stopped becoming a viable script editor. XSE is bad too, but PKSV is currently worse. I recommend Red Alien atm. Of course, if you use PKSV for non-ASM projects and for non-money scripts it's still usable.

AkameTheBulbasaur September 11th, 2015 7:47 PM

Quote:

Originally Posted by FBI agent (Post 8923774)
Something more to add to this. PKSV can't compile money commands, except for showmoney. The coins seem to work, as well as decompiling scripts with these money commands work. However, DO NOT recompile scripts which have money commands. They will most likely break.

Adding on to the add-on, money commands CAN work, but you have to use the #raw format instead of the word format for them. I've gotten almost all of them to work using #raw 0x[number] except for "checkmoney" which I haven't gotten to work.

Crizzle September 14th, 2015 7:55 AM

This post- http://www.pokecommunity.com/showpost.php?p=7209316&postcount=251
I know it works for FireRed, but can it be applied to Emerald as well?

Blah September 21st, 2015 8:30 AM

Quote:

Originally Posted by DoesntKnowHowToPlay (Post 8308957)
http://i.imgur.com/Ns7oosj.pnghttp://i.imgur.com/82vkSCw.png

XY added a feature that gives experience points when you catch pokemon. To duplicate this in FR, do the following:

Repoint the battle script at x1d9a42 to point to this:

2A 00 68 3D 02 02 05 00 50 9A 1D 08 60 0B 10 0B 01 F1 XX XX XX XX 2E E0 3F 02 02 00 2E 0C 3C 02 02 00 2E 0D 3C 02 02 00 23 00 10 0F 01 3A 2E 82 3E 02 02 00 F2 10 0D 01 3A 2E 82 3E 02 02 00 F3 80 9A 1D 08 F0 13 54 E6 3F 08 12 40 00 28 81 9A 1D 08

where XX XX XX XX is a pointer to:

2E E0 3F 02 02 00 2E 0C 3C 02 02 00 2E 0D 3C 02 02 00 23 00 10 0D 01 3A 2E 82 3E 02 02 00 F3 80 9A 1D 08 F0 13 54 E6 3F 08 12 40 00 28 81 9A 1D 08

To let the player's mons evolve from this experience, replace the bytes at x15A68 with A1 5A 01 08.

Edit: Changed the scripts, I assumed they cut off earlier than they actually did. Should work with full party+no nickname now.

Quote:

Originally Posted by lsmash (Post 8311049)
I combined my work with the one from Doesnt. As a result, there are less bytes to write into freespace.
So, here's what to do to give exp points when you catch a pokemon:
1-The bytes to put into freespace: 2E E0 3F 02 02 00 2E 0C 3C 02 02 00 2E 0D 3C 02 02 00 23 00 F1 63 9A 1D 08 28 58 9A 1D 08

2-The bytes to replace at 1D9A53: 41 XX XX XX 08 (XX = pointer to the code above).

3-Just like Doesnt wrote earlier, replace the bytes at 15A68 with A1 5A 01 08.

It should work without problems, as I tested it before posting.

Thanks to Doesnt for telling me how to fix a music issue.

Hi, I think both of these solutions ONLY work if the Pokemon is not in the Pokedex already. Was that the intention? If not can someone confirm they've made it work for a Pokemon they've already caught and are in the dex?


EDIT:
Well, even if it is just me (which it isn't going to be looking at this code), it's pretty big of an issue in my eyes. I did a little bit of digging around, and figured out the source. I thought I'd post the fix here.

Replace the bytes at 0x2D990 with:
00 49 08 47 C7 D9 02 08

AkameTheBulbasaur September 21st, 2015 11:53 AM

Quote:

Originally Posted by FBI (Post 8937322)
Hi, I think both of these solutions ONLY work if the Pokemon is not in the Pokedex already. Was that the intention? If not can someone confirm they've made it work for a Pokemon they've already caught and are in the dex?

It works just fine for me when I catch Pokemon I already caught before. I don't know if other people have had the same problem. I'd keep the fix up just in case other people had the same problem as you. Maybe I just got lucky.

Blah September 21st, 2015 2:43 PM

Quote:

Originally Posted by AkameTheBulbasaur (Post 8937604)
It works just fine for me when I catch Pokemon I already caught before. I don't know if other people have had the same problem. I'd keep the fix up just in case other people had the same problem as you. Maybe I just got lucky.

I doubt it's luck. I'm using MrDS's ROM base and I'm not using the national dex. I don't think it has anything to do with my ASM edits or the DS ROM base. I'm thinking it might be a problem with the normal ROM base. If it's just me, then w/e :P

EDIT: Boys and girls. I did a +1 by accident and caused the bug. If you're having the same issue, don't +1 any of the offsets. This never happened btw <3

tkim September 25th, 2015 1:14 AM

Quote:

Originally Posted by Tlachtli (Post 8363021)
I believe I've found an interesting bug with this. Under normal circumstances it works fine: you battle, catch, gain xp, display Pokedex entry:
http://i.imgur.com/RSflXni.png

However if you level up from that xp, it causes the Pokedex to go wonky:
http://i.imgur.com/IAJLx8z.png http://i.imgur.com/YkvbOFB.png

EDIT: Found another small graphical bug, too. Learning a move on level-up after successfully catching a Pokemon will cause the wild Poke's sprite to re-appear after exiting the move learning screen. Unimportant in the long run, as the battle ends right after.

Does anybody know how to not make the captured wild Pokemon's sprite reappear after exiting the move-learning screen? Perhaps if one were to remove the wild pokemon's HUD from the battle screen after catching it? HUD of an enemy Pokemon gets removed when it is defeated..

Deokishisu September 30th, 2015 6:29 PM

This post is to make public some research I did trying to auto-decrypt the things that are encrypted with the security key and disable the DMA in Emerald based on the information in this post on doing the same to Firered. I believe I've also found where to disable the Pokemon Substructure Permutations as well, so that they will always be in the right order instead of shuffled around.

Before anything, I'd like to thank FBI, Touched, GoGo, and kleenexfeu for showing me how to find what I was looking for (FBI), actually finding the security key routine (GoGo), showing me how to verify what I did was working (Touched), and just talking me through some stuff and letting me bounce things off of them (basically everyone, but mostly kleenexfeu). Thanks guys! And of course, thanks to Sagiri for the original research.

To Automatically Decrypt Anything Encrypted with the Security Key in Emerald:
Head to 076CD6 in your hex editor. Change the 24 08 that is there to 00 24. Upon the next map refresh, everything encrypted by the security key will be decrypted and remain that way. Your money, for example, will now sit unencrypted at 02025E90.

To Disable the DMA in Emerald:
Head to 076BEE in your hex editor. Change the 04 40 that is there to 00 24. Upon the next map refresh, your DMA protected information will be moved to a static location and remain there permanently.

To Disable the Pokemon Substructure Permutations in Emerald:
Head to 076BEC in your hex editor. Change the 7C that is there to 00.

Incidentally, to disable the substructure permutations in Firered, head to 04C062 and change that 7C to 00 as well. Credits to Knizz's Firered.idb for that one, I'm posting it here because I haven't seen it anywhere other than the idb.

The New Static Locations in RAM:
All of these can be edited easily through the memory viewer now, none are encrypted or dynamically moved.
Spoiler:

You may also want to refer to this post on Bulbapedia.
Code:

[0x02024A54]    8b    Character name including terminator, padded to end with 0xFFs
[0x02024A5C]    1b    Gender (00/01 m/f)
[0x02024A5D]    1b    Unknown
[0x02024A5E]    2b    Trainer ID
[0x02024A60]    2b    Secret ID (halfword)
[0x02024A62]    2b    Playtime (hours)
[0x02024A64]    1b    Playtime (minutes)
[0x02024A65]    1b    Playtime (seconds)
[0x02024A66]    1b    Playtime (frames)
[0x02024A67]    1b    Unknown
[0x02024A68]    2b    Options
[0x02024B00]    4b    Security Key (Always 00 00 00 00 with the above changes)

-------------------------------------------------------------------------

[0x02025E90]    4b    Player's current money.
[0x02025E98]    200b  Player's PC Items (Structured as item index and quantity. As an example of what it should look like: 0D 01 03 02 0A 01 22 01 is 515 Devon Goods in slot one and 290 Contest Pass in slot two. This format goes on for the PC's 50 slots.)
[0x02025F60]    120b  Player's Item Pocket (Same structure as PC items. This format goes on for the Item Pocket's 30 slots.)
[0x02025FD8]    120b  Player's Key Items Pocket (Same structure as PC items, though you should leave the quantity at 1. This format goes on for the Key Items Pocket's 30 slots.)
[0x02026050]    64b  Player's Ball Pocket (Same structure as PC items. This format goes on for the Ball Pocket's 16 slots.)
[0x02026090]    256b  Player's TM/HM Pocket (Same structure as PC items. This format goes on for the TM/HM Pocket's 64 slots. An invalid TM/HM in this pocket, such as a Master Ball in the TM/HM Pocket, shows the move it teaches as a Normal-type move with --- Power and Accuracy and 0 PP. Trying to use it does nothing.)
[0x02026190]    184b  Player's Berry Pocket (Same structure as PC items. This format goes on for the Berry Pocket's 43 slots. Clicking "Show Tag" on an invalid berry, such as a Master Ball in the Berry Pocket, defaults to Cheri Berry's tag.)



Aruaruu October 4th, 2015 9:31 PM

Been digging into the "easy-chat system" for Emerald and noting down what bytes make what word(s) and stuff like that. List is nowhere near done. Nor are they in any order.

They are mostly used in the Battle Frontier/Tents and Trainers Hill too so if you look up a trainers name from those places in a hex editor you could find the intro/win/lose quotes (12 bytes each, should be just after trainer name) and edit them if you really wanted to.
Not really useful but whatever.

Spoiler:
Code:

04 0C = ...
05 0A = YOUR
35 1A = LOOK
09 16 = SAYS
06 0A = YOU'RE
07 0A = YOU'VE
08 0A = MOTHER
09 0A = GRANDFATHER
0A 0A = UNCLE
0B 0A = FATHER
0C 0A = BOY
0D 0A = ADULT
0E 0A = BROTHER
0F 0A = SISTER
10 0A = GRANDMOTHER
11 0A = AUNT
12 0A = PARENT
13 0A = MAN
14 0A = ME
15 0A = GIRL
16 0A = BABE
17 0A = FAMILY
18 0A = HER
19 0A = HIM
1A 0A = HE
1B 0A = PLACE
1C 0A = DAUGHTER
1D 0A = HIS
30 1A = COMICS
2F 1A = FESTIVAL
08 02 = EGG
08 04 = COLOR
08 06 = IF
08 08 = HOW
00 02 = I CHOOSE
00 04 = DARK
00 06 = MATCH UP
00 08 = THANKS
01 08 = YES
02 08 = HERE GOES
03 08 = HERE I COME
04 08 = HERE IT IS
05 08 = YEAH
06 08 = WELCOME
07 08 = OI
08 08 = HOW DO
09 08 = CONGRATS
0A 08 = GIVE ME
0B 08 = SORRY
0C 08 = APOLOGIZE
0D 08 = FORGIVE
0E 08 = HEY, THERE
0F 08 = HELLO
10 08 = GOOD-BYE
11 08 = THANK YOU
12 08 = I'VE ARRIVED
13 08 = PARDON
14 08 = EXCUSE
15 08 = SEE YA
16 08 = EXCUSE ME
17 08 = WELL, THEN
18 08 = GO AHEAD
19 08 = APPRECIATE
1A 08 = HEY?
1B 08 = WHAT'S UP?
1C 08 = HUH?
1D 08 = NO
1E 08 = HI
1F 08 = YEAH, YEAH
20 08 = BYE-BYE
21 08 = MEET YOU
22 08 = HEY
23 08 = SMELL
24 08 = LISTENING
25 08 = HOO-HAH
26 08 = YAHOO
27 08 = YO
28 08 = COME OVER
29 08 = COUNT ON
29 0A = I AM
29 0C = AIYEEH
29 0E = ALSO
29 12 = DISASTER
29 14 = DIFFERENT
29 16 = EATS
29 18 = LIFE
29 1A = HEROINE
29 1C = THURSDAY
29 1E = RIGHT
2A 00 = GOLBAT
2A 01 = SEEDOT
2B 00 = ODDISH
2B 01 = NUZLEAF
2C 00 = GLOOM
2C 01 = SHIFTRY
2D 00 = VILEPLUME
2D 01 = NINCADA
2E 01 = NINJASK
2F 01 = SHEDINJA
30 01 = TAILLOW
31 01 = SWELLOW
31 04 = STATIC
32 01 = SHROOMISH
33 01 = BRELOOM
16 01 = GROVYLE
60 01 = GRUMPIG
90 01 = METAGROSS
99 01 = JIRACHI
9B 01 = CHIMECHO
03 02 = SAPPHIRE
02 02 = TRADE
01 02 = GOTCHA
09 02 = LINK
19 02 = SILVER
1A 02 = EMERALD
1C 00 = SANDSLASH
12 1A = COMPLETE
12 1C = ANOTHER
15 1C = WEDNESDAY
0F 1C = MONDAY
0E 1C = FRIDAY
05 1C = SOMETIME
07 0C = -
09 0C = UH-OH
19 0C = CRY
39 0C = LALALA
12 0C = WOW
13 0C = GIGGLE
01 0A = I
20 16 = KNOW
25 24 = THRASH
19 26 = MEGA KICK
00 27 = SWALLOW
66 26 = MIMIC
8C 26 = BARRAGE
42 24 = SUBMISSION
26 24 = DOUBLE-EDGE
27 24 = TAIL WHIP
00 28 = KTHX, BYE.
00 20 = WANDERING
2C 12 = EAT
0E 28 = LOSING
16 10 = WIN
18 26 = DOUBLE KICK
AF 24 = FLAIL
FB 26 = BEAT UP
01 27 = HEAT WAVE
07 26 = FIRE PUNCH
07 25 = FACADE
C8 24 = OUTRAGE
A4 26 = SUBSTITUTE
E7 24 = IRON TAIL
D5 26 = ATTRACT
B4 24 = SPITE



chrunch October 5th, 2015 12:45 AM

If you've ever inserted a new map in Advance map, you might have noticed that you are unable to use fly on this map. The fix for this is simple: in the map header, swap to professional editing view using CTRL+H. Locate the byte in the image below, and if it is 00 change it to 01.

http://i.imgur.com/aouZWaB.png

Note that the other bytes in your map header will likely be different to mine, this is the only one you have to be concerned about.

DoesntKnowHowToPlay October 9th, 2015 12:42 PM

Quote:

Originally Posted by Deokishisu (Post 8948719)
To Disable the Pokemon Substructure Permutations in Emerald:
Head to 076BEC in your hex editor. Change the 7C that is there to 00.

Incidentally, to disable the substructure permutations in Firered, head to 04C062 and change that 7C to 00 as well. Credits to Knizz's Firered.idb for that one, I'm posting it here because I haven't seen it anywhere other than the idb.]

I have no idea what this is supposed to do but it appears to be something related to DMA, not Pokemon substructures.

At any rate, this inspired me to work out how to get rid of the encryption surrounding them (all offsets for FR):

To unscramble the order, write 00 20 00 00 00 00 at x3F94C. This will always put them in order 0, (growth, attacks, EVs, misc.).

To remove the XOR encryption used for them, put 00 00 at x3F92A, x3F930, x3F906, x3F90C.

To remove the checksum reads, allowing for easy memory editor usage to tweak values, put 0B E0 at x3FDA8 and 0E E0 at x40530.

To remove the checksum writes, effectively adding two more bytes to the Pokemon structure to be used for whatever you feel like, put 00 00 at x40AE6.

For obvious reasons, this will ruin existing saves, but makes memory editing and Pokemon hacking simpler in addition to adding two more bytes to the Pokemon struct.

kleenexfeu October 12th, 2015 11:30 AM

Quote:

Originally Posted by DoesntKnowHowToPlay (Post 8960251)
I have no idea what this is supposed to do but it appears to be something related to DMA, not Pokemon substructures.

At any rate, this inspired me to work out how to get rid of the encryption surrounding them (all offsets for FR):

To unscramble the order, write 00 20 00 00 00 00 at x3F94C. This will always put them in order 0, (growth, attacks, EVs, misc.).

To remove the XOR encryption used for them, put 00 00 at x3F92A, x3F930, x3F906, x3F90C.

To remove the checksum reads, allowing for easy memory editor usage to tweak values, put 0B E0 at x3FDA8 and 0E E0 at x40530.

To remove the checksum writes, effectively adding two more bytes to the Pokemon structure to be used for whatever you feel like, put 00 00 at x40AE6.

For obvious reasons, this will ruin existing saves, but makes memory editing and Pokemon hacking simpler in addition to adding two more bytes to the Pokemon struct.


Theorically, this should do the same for Emerald :

put 00 00 at 0x806A236, 0x806A23C, 0x806A25A and 0x806A260

put 00 20 00 00 00 00 at 0806A27C

0B E0 at 0x806A6D8, 0E E0 at 0x806ADFC

and 00 00 at 0x806B3E4


Thanks Doesnt

EDIT : I can confirm it works, edit the data of the pokemon is easier than ever!

jirachiwishmaker October 17th, 2015 4:00 AM

Quote:

Originally Posted by Turtl3Skulll (Post 8453133)
Increasing Max Money Amount
Spoiler:
You can now hold up to 999 999 999 money! That's nearly 1000 times more money!
This was never added to the manual, but JPAN talked about adding this in a future release, i dunno if it was added as of version 1.1, but here it is anyways:
This replaces 7 bytes, and here's how to do it:

Spoiler:
In a Hexeditor goto:
0809fdd4 replace |3f 42 0f 00| with |ff c9 9a 3b|------------------' (999999 for 999999999)
In the following offsets replace that one byte from |06| to |09| ----'(6 digit display for 9 digit display)
0808a006
0809fe52
0809fe62

Done, you should be able to have that much money now.

For Emerald to Increase Max Money Amount to match BW version:
Spoiler:
You can now hold up to 9999999 money!

In a Hexeditor do the following changes:
At 0xE5188 replace 3F 42 0F 00 with 7F 96 98 00 (999999 for 9999999).
At 0xC36EE, 0xE0C50, 0xE0E48, 0xE5238, 0xE5248, 0x1AD6AA and 0x1AD884 replace 06 with 07 (6 digit display for 7 digit display).
At 0xE1118, 0xE5204 and 0x1ABD06 replace 26 with 20 (fix the 7 digit display problem).


Credits:
JPAN for the original research
Turtl3skulll for writing the Fire Red's dummies tutorial
jiangzhengwenjzw for helping me to fix the 7 digit display problem

PurpleOrange October 17th, 2015 4:50 AM

Quote:

Originally Posted by jirachiwishmaker (Post 8968333)
For Emerald to Increase Max Money Amount to match BW version:
Spoiler:
You can now hold up to 9999999 money!
This replaces 7 bytes, and here's how to do it:

In a Hexeditor goto:
080E5188 replace 3F 42 0F 00 with 7F 96 98 00 (999999 for 9999999)
In the following offsets replace that one byte from 06 to 07 (6 digit display for 7 digit display)
080C36EE
080E5238
080E5248

Done, you should be able to have that much money now.


Credits:
JPAN for the original research
Turtl3skulll for writing the Fire Red's dummies tutorial first

i tried this but the pokemart still displays 6 figures, this makes items not sell for the right price etc.

jirachiwishmaker October 17th, 2015 5:49 AM

Quote:

Originally Posted by PurpleOrange (Post 8968374)
i tried this but the pokemart still displays 6 figures, this makes items not sell for the right price etc.

No, this increasement of max money amount actually means that to increase the player's holding money amount. And the max of the price amount of the items is at only 65535.

PurpleOrange October 17th, 2015 6:36 AM

Quote:

Originally Posted by jirachiwishmaker (Post 8968438)
No, this increasement of max money amount actually means that to increase the player's holding money amount. And the max of the price amount of the items is at only 65535.

sorry, i mean, when you're buying and selling an item, it will show the player's money in the top left, so it shows an the incorrect amount for the player's money

jirachiwishmaker October 17th, 2015 7:41 AM

1 Attachment(s)
Quote:

Originally Posted by PurpleOrange (Post 8968494)
sorry, i mean, when you're buying and selling an item, it will show the player's money in the top left, so it shows an the incorrect amount for the player's money

I'm so sorry. I forgot there is one byte needs to change, too. Just replace the byte at 0xE5204 from 26 to 20.

http://www.pokecommunity.com/attachment.php?attachmentid=76846&stc=1&d=1445096375

PurpleOrange October 17th, 2015 7:52 AM

2 Attachment(s)
Quote:

Originally Posted by jirachiwishmaker (Post 8968563)
I'm so sorry. I forgot there is one byte needs to change, too. Just replace the byte at 0xE5204 from 26 to 20.

http://www.pokecommunity.com/attachment.php?attachmentid=76846&stc=1&d=1445096375

that fixes that problem :) however there seems to be another, when you are buying/selling an item, when you're changing the amount, it will tell you how much it will cost/give you you, however when you confirm it, the man will say a different amount (see below)

~SAGE October 23rd, 2015 4:27 AM

Quote:

Originally Posted by MrDollSteak (Post 7691854)
I've just got some very quick offsets for Pokedex hacking.

I'm not sure whether it's already been posted, I don't think so, as I had to discover these on my own.

I've found 2 limiters for the Kantodex that are quite useful, which when combined with Jambo51's already posted offsets, can allow for the Kantodex to act as a national dex.

Even though Jambo already found the limiter for the Kantodex itself, it would still not display the correct seen/caught numbers as they were still limited to 150 as were the habitats.

By changing the number 96 at the offset: 104BF2
You can extend the limit to the seen/caught text. Eg. changing 96 to FA will allow for a max of 250 seen/caught Pokemon.

By changing the number 97 at the offset: 106828
You can extend the number of Pokemon that will be correctly featured in the habitat pages. Eg. changing 97 to FA will allow for the first 250 Pokemon in your pokedex to be displayed in the habitat pages before receiving the national dex.

This can be helpful as it stops people from having to give the national dex at the start of the game.

I'll just repost Jambo's limiters from his thread here

0x10352C - mov r1, #0x97
0x1035F6 - cmp r0, #0x96

Just change those 2 bytes at that offset to the number of Pokemon you want in.

I've expanded the Dex untill 721, so.. ¿What i should to do to change more bytes at this offset? :/
It might to be 2D1 in hex.

Blah October 23rd, 2015 6:14 AM

Quote:

Originally Posted by laflacapkm (Post 8973965)
I've expanded the Dex untill 721, so.. ¿What i should to do to change more bytes at this offset? :/
It might to be 2D1 in hex.

You need to rework the code in ASM. Maybe there are some parts where you can do some optimization and remove the need to hook, otherwise, this will be hook city.

Telinc1 October 24th, 2015 8:12 AM

I've looked into FireRed's menu descriptions. You know, the blue box that tells you what each entry does. I'm trying to figure out how to get rid of it and I've made some discoveries, nothing complete though.

0x083A7394 is table of pointers to the descriptions. You can repoint each one of them if you want.
There's two offsets which point to it - 0806F104 and 0806F30A. They're referenced a couple of bytes back by ldr r2 opcodes.
The first pointer seems to be part of a routine which loads the description of the first entry. Changing stuff in it only breaks opening the menu. Changing options works fine.
The second pointer to the table seems to be part of a routine which loads the description of any entry you go to after opening the menu. There's a bunch of branching in there and screwing around with it seems to break either selecting options you've already went through or moving the cursor down in the menu. Don't know which of the two because I didn't test it.

While this may not be useful as it is, it's a least a start. One thing I do know is that I've found the routines which load the darn thing. Now to figure out where they start and stub them.

Blah October 24th, 2015 7:01 PM

Quote:

Originally Posted by Telinc1 (Post 8975110)
I've looked into FireRed's menu descriptions. You know, the blue box that tells you what each entry does. I'm trying to figure out how to get rid of it and I've made some discoveries, nothing complete though.

0x083A7394 is table of pointers to the descriptions. You can repoint each one of them if you want.
There's two offsets which point to it - 0806F104 and 0806F30A. They're referenced a couple of bytes back by ldr r2 opcodes.
The first pointer seems to be part of a routine which loads the description of the first entry. Changing stuff in it only breaks opening the menu. Changing options works fine.
The second pointer to the table seems to be part of a routine which loads the description of any entry you go to after opening the menu. There's a bunch of branching in there and screwing around with it seems to break either selecting options you've already went through or moving the cursor down in the menu. Don't know which of the two because I didn't test it.

While this may not be useful as it is, it's a least a start. One thing I do know is that I've found the routines which load the darn thing. Now to figure out where they start and stub them.

Check the ASM resource thread. I made a post about field moves and adding new ones.

To remove the descriptions, I think you can just nop out function calls to 08113018. Try writing 4 bytes of 0x0s to 0806F2CE, 0806F31C, and 080F798E.

jirachiwishmaker November 6th, 2015 3:34 AM

For Emerald, if you want to enable the trainer's national Pokemon in the contests before beating the Elite Four, do the following changes:
Put 00 00 00 00 00 00 at 0xDABA6 (for removing the entire flag checking command).

Touched November 6th, 2015 6:52 AM

Quote:

Originally Posted by pokemontutorialTV (Post 8987382)
In firered prices above 9999$ will be displayed with ?xxxx$. Does somebody now how to fix this?

Try increasing the value at 0809B430 (FR) from 4 to 5. That number should be the digit length of prices for the Pokemart.

kearnseyboy6 November 7th, 2015 9:08 PM

Quote:

Originally Posted by pokemontutorialTV (Post 8988434)
Annother question... if i have expanded items and i want to buy some from the new indices, the market closing immedetly. Do you have an idea where the limiter is or how to change this?

Try this:
0x98998 = number of new items
0x9a8ae = 00 00 00 00

kleenexfeu November 8th, 2015 12:47 PM

Soul Dew works in the Battle Frontier for [email protected] :

C0 46 C0 46 at 0x806979E & 0x80697D4

DraconianWing November 8th, 2015 1:27 PM

Changing the pre-battle, post-battle and switch-in text in Emerald (BPEE) and FireRed (BPRE)

This post focuses on changing the challenge, defeat, and switch-in text strings that appear during battle in Emerald and FireRed. To clarify, I'm talking about these:
Quote:

[trainer]
would like to battle!
Quote:

Player defeated
[trainer]!
Quote:

[trainer] is
about to use [Pokemon].

Will [player] change
POKéMON?
With a few tips from Sky High, success has been achieved in modifying them :)

Green denotes Emerald offsets.
Red
denotes FireRed offsets.

This is the default challenge text, found in 0x5CBB9C, and has pointers at 0x14E228 and 0x14E264.
Located at 0x3FD366 and the pointer at 0xD73C0 for FireRed.
Code:

FD 1C 00 FD 1D FE EB E3 E9 E0 D8 00 E0 DD DF D9 00 E8 E3 00 D6 D5 E8 E8 E0 D9 AB FB FF


The default defeat text is in 0x5CBA2E, with pointers at 0x14E66C and 0x5CC744.
For FireRed, it's at 0x3FD1C7 with pointers at 0xD776C and 0x3FE410.
Code:

CA E0 D5 ED D9 E6 00 D8 D9 DA D9 D5 E8 D9 D8 FE FD 1C 00 FD 1D AB FB FF


Last but not least, here's the default switch-in dialogue at 0x5CB9ED. Its pointer is at 0x5CC6A8.
On FireRed, it's at 0x3FD186 and the pointer located at 0x3FE374. This exact form is only present in ROMs that have not been decapitalized.
Code:

FD 1C 00 FD 1D 00 DD E7 FE D5 D6 E3 E9 E8 00 E8 E3 00 E9 E7 D9 00 FD 01 AD FB D1 DD E0 E0 00 FD 23 00 D7 DC D5 E2 DB D9 FE CA C9 C5 1B C7 C9 C8 AC FF


Some bytes are used to load stored text, like the trainer class and trainer name. There are also others that stand for different functions. They are as follows:
Code:

FD 01: Loads the name of the Pokemon the opponent is switching into/sending out
FD 1C: Loads the trainer class
FD 1D: Loads the trainer's name
FA: Continues the string after FE has been used. Similar to XSE's "\l" command
FB: Moves to a new box altogether and carries on the string. Works like "\p" (Yes, from XSE as well)
FE: The "new line" function for the string, similar to "\n" in XSE scripting
FF: Terminates the string to avoid reading further bytes (I think).


Modifying them is quite simple. Just write a custom string that you want (either in raw hex form or with a script editor) while making use of the byte functions listed above, compile or insert into free space using a hex editor, then change the respective pointers! I'll put mine up as an example because I'm awful at explaining stuff; feel free to use them. Be aware that these are optimized for EM, but they might work for FR:

Challenge text:
http://i.imgur.com/ogx5bDo.png
Code:

D3 E3 E9 00 D5 E6 D9 00 D7 DC D5 E0 E0 D9 E2 DB D9 D8 00 D6 ED FE FD 1C 00 FD 1D AB FB FF



Defeat text:
http://i.imgur.com/5jXzqhX.png
Code:

D3 E3 E9 00 D8 D9 DA D9 D5 E8 D9 D8 FE FD 1C 00 FD 1D AB FB FF


Switch-in text:
http://i.imgur.com/TXAV8aV.pnghttp://i.imgur.com/YG2yKqT.png
Code:

FD 1C 00 FD 1D 00 DD E7 FE D5 D6 E3 E9 E8 00 E8 E3 00 E7 D9 E2 D8 00 DD E2 00 FD 01 AD FA D1 DD E0 E0 00 ED E3 E9 00 E7 EB DD E8 D7 DC 00 ED E3 E9 E6 00 CA E3 DF 1B E1 E3 E2 AC FF



PurpleOrange November 9th, 2015 9:15 AM

Not sure if anyone else has found this yet but meh

So to upgrade your pokedex to the national dex in ruby you put this is an xse script
Code:

writebytetooffset 0x2 0x2026B00
writebytetooffset 0x3 0x2026B01
writebytetooffset 0xDA 0x2024EBE
writebytetooffset 0x67 0x2026A5A


which Renegade worked out and documented in THIS old thread

well this kinda does the job but leaves it like this so it's kinda still the hoenn dex except now you can search the national dex, and the number on the summary screen will be the national dex number

in order to fix that we need to add another line to the script so it becomes this (with changes in bold)
Code:

writebytetooffset 0x2 0x2026B00
writebytetooffset 0x3 0x2026B01
writebtyetooffset 0x1 0x2024EBD
writebytetooffset 0xDA 0x2024EBE
writebytetooffset 0x67 0x2026A5A


so now it looks like this

DraconianWing November 12th, 2015 9:39 AM

Previous post has been updated to include offsets for FireRed!

-------------------------------------------------------------------------------

In an attempt to further modernize the strings in the battle system, I've also looked into the text that prints whenever something happens with the opponent's Pokemon, namely the term "Foe." Basically, in-battle dialogue such as:
Quote:

Foe [Pokemon] used
[move]!
Quote:

Foe [Pokemon] is paralyzed!
It may be unable to move!
Because it's used in a lot of other strings, "Foe" seems to be loaded from stored text as opposed to being separate like the pre- and post-battle messages.

It's located at 0x5CBD8B and has quite a few pointers: 0x14EB28, 0x14EC9C, 0x14ED38, 0x14EDD4, 0x14EE70, 0x14EF0C, 0x14F390, 0x14F784. This doesn't cover the Screen move strings though (Light Screen and Reflect). On FireRed, the text is at 0x3FD55B and pointers at 0xD7B7C, 0xD7CA4, 0xD7D18, 0xD7D8C, 0xD7E00, 0xD7E74, 0xD82C0, 0xD8554.

Changing it is pretty much the same as the ones on my previous post, but note that you're only changing one word and not the messages themselves. Once again, I'll be putting up an example. This replaces "Foe" with "The opposing". Remember, insert into free space and re-point accordingly!

http://i.imgur.com/hbqFX3N.png
Code:

CE DC D9 00 E3 E4 E4 E3 E7 DD E2 DB 00 FF


A side effect of using this custom string is that it interferes with a few other dialogue, which become long enough to go off the screen when printing. Fortunately, these are easily fixed by making the following byte changes (I'll be updating my posts as more information is found):

Emerald:
https://i.imgur.com/AUGR96R.png
https://i.imgur.com/RarvsgZ.png
https://i.imgur.com/2BRATiH.png
Code:

0x5CAC2D: FE (Ingrain)
0x5CA8C9: FE (Ghost-type Curse)
0x5CA8CD: 00 (Ghost-type Curse)
0x5CACB3: FE (Skill Swap)
0x5CACBD: 00 (Skill Swap)


FireRed:
Code:

0x3FC3BD: FE (Ingrain)
0x3FC059: FE (Ghost-type Curse)
0x3FC05D: 00 (Ghost-type Curse)


EDIT: Updated with FireRed offsets. Credits to BlackWhiteRobin for finding them!

EDIT 2: Added Skill Swap fix for Emerald. Have yet to find FireRed equivalents.

Spherical Ice November 13th, 2015 5:38 AM

Special 0x167 is used by the printer in the Game Corner in vanilla FireRed to add the icons of your party to your Trainer Card.

Vars 0x4043 - 0x4048 correspond to the six Pokémon icons on the back of the Trainer Card. You can change them at x89a78, but note that special 0x167 assumes they will be consecutively stored (and it will take the starting variable as the one stored at xCC3C0. 0x4042 is also used by the special, but it just appears to be a clone of 0x8004, which determines what colour the icons should use.

0x4049 - 0x404B controls the three stickers on the back of the Trainer Card. You can change them at x89a6c. They're checked by the script of the sticker kid on Four Island, too, so just change them there like usual too.

Trainer 781 November 15th, 2015 8:28 AM

This post is a little extension to JPAN's document on Battle Structs for Fire Red (link here). The bolded ones are the new ones found during my research.

Spoiler:
Hit Marker at x2023DD0 (single word):
Code:

Flag          Function
x40        -  Destiny Bond
x80        -  Skip Move Animations
x100        -  Overrides substitute & outcome checks to enable graphical and data damage updates. Used for burn damage, leech seed heal, Hi Jump Kick Crash etc.
x200        -  Inhibit Attack String & PP reduction. Set before the second iteration of the move that target
both Foes. Also ensures that second iteration runs regardless of user faint.
x400        -  Inhibit Attack String Print
x800        -  Inhibit PP deduction. Set on struggle & second phase of charging turn moves.
x1000        -  Toggled in cmd5f. Further info not known
x2000        -  Set due to some contact abilities to adjust status affliction
x4000        -  Required to be set for Synchronize. Set in the seteffectcommands
x8000        -  Set on successful flee

x10000  -  Overrides fly evasion
x20000  -  Overrides dig evasion
x40000  -  Overrides dive evasion
x80000        -  Set in Attack Canceler due to being unable to move (flinch, recharge, sleep etc). Used to prevent second iteration of Dual Foe Targeting move in doubles and delays the charge part of moves like Sky Attack etc.
x200000        -  Related to obedience check
x800000        -  Does something with Magic Coat

x1000000  - Prevents setting of destiny bond.
x2000000 -  required to be set for minimize
x10000000 -        death marker for bank 0. further bits for death marker of other banks


Special Status Flags at x2023DFC (a word each for 4 banks):
Flag - Functions
Code:

x1 - ???
x2 - ???
x4 - Leech Seed
x8 -        lockon
x10 -        mind reader
x20 -        Perish song
x40 -        Airborne
x80 -        Underground
x100 -        Minized
x200 -        Charged
x400 -        Rooted
x800 -        Sleep this turn (yawn)
x1000 -        Sleep in one turn (yawn)
x2000 -        Imprisoned
x4000 -        Grudged
x8000 - ???
x10000 -        Mud sport
x20000 -        Fire sport
x40000 -        Dive
x80000 - Intimidate BS Lock
x100000 - Trace BS Lock


The last 11 bits seem to be unused, so they can be used for things like Aqua Ring, Unburden boost, Smacked Down, Phantom Force, Electrify etc.
If you want to set a custom status which clears upon switching then this is the perfect spot to place it.
The word at x128EC controls the special status bits that can be Baton Passed. So Aqua Ring etc. can be passed by altering this word to accomodate to more bits.

[B]Protect Structure at x2023E8C (16 bytes allocated per bank):[B]
Code:

        Flag -  Function
Byte 0x0:
        0x1 - Protect On
        0x2 -        Endure On
        0x4        Struggle On
        0x8 -        Helping Hand On
        0x10 -        Magic Coat On
        0x20 -        Snatch On
        0x40 -  ??
        0x80 -        Set in Attack Canceler when unable to move due to being paralyzed
Byte 0x1:
        0x1 -        Set due to confusion. Prevent contact abilties to activate due to the confusion hit
        0x2 -        Set if move is not Effective
        0x4 -        Set in a Repeating Attack along with x1000 secondary status
        0x8 -        Marker to print Smoke Ball Flee
        0x10 -        Marker to print Run Away Flee
        0x20 -        Set in Attack Canceler when attempting to use an imprisoned move
        0x40 -        Set in Attack Canceler when immobilized by love
        0x80 -        Set in Attack Canceler when attempting to use a disabled move

Byte 0x2:
       0x1 -        Set in Attack Canceler when attempting to use a status while being taunted
        0x2 -        Don't know but is checked in a subroutine
        0x4 -        Set in Attack Canceler when flinched
        0x8 -        Set when PP is deducted. Checked for absorb abilities.
        0x10 - Vacant
        0x20 - Vacant
        0x40 - Vacant
        0x80 - Vacant

Remaining Bytes:
0x3 -        Vacant
0x4-0x7 - Physical damage suffered                (JPAN incorrectly labelled the physical & special damage locations)
0x8-0xB        - Special damage suffered
0xC        - The bank that did physical damage (Used to select the counter target)
0xD        - The bank that did special damage (Used to select the mirror coat)
0xE-0xF - Vacant


The vacant places are good for Status that are cleared after end of turn and can be used to include things like King Shield, Spiky Shield etc.

I'll update this post after researching more locations.

GoGoJJTech November 15th, 2015 8:05 PM

Code:

[10:59:13 PM] GoGoJJTech: http://sphericalice.com/romhacking/documents/script/#c-D5
[10:59:20 PM] GoGoJJTech: pokemon emerald 0x26E331
[10:59:24 PM] GoGoJJTech: I think it's the trick house
[10:59:41 PM] GoGoJJTech: map 29.9
[10:59:45 PM] GoGoJJTech: script tiles
[10:59:50 PM] GoGoJJTech: essentially this happens:
[11:00:19 PM] GoGoJJTech: http://hastebin.com/xuqoduhaho.hs (in xse)
[11:00:33 PM] GoGoJJTech: if we take into account that cmdd5 has no arguments, it'd appear as so:
[11:00:56 PM] GoGoJJTech: http://hastebin.com/jakigedicu.hs
[11:01:02 PM] GoGoJJTech: however, d3 is braille2
[11:01:12 PM] GoGoJJTech: meaning that d3 can change its effect based on d5 before it
[11:01:16 PM] GoGoJJTech: but why?
[11:01:20 PM] GoGoJJTech: and d4 too
[11:01:24 PM] GoGoJJTech: which is usually bufferitems
[11:01:30 PM] GoGoJJTech: this is pretty funky


Yeah, so apparently this is a thing and this happens. It's probably useless to us hackers because it's so specific in its existence, but that's what researching is for right? (btw the only reason I came across this was because my script decompiler flopped here, meaning that most script editors might also flop on these scripts)

EDIT: In Emerald, Command 0xD5 actually uses a halfword as its argument (meaning XSE is correct) for Emerald
Also, XSE states that D4 (bufferitems) only exists in FRLG, meaning that for Emerald, it's probably only used in this strange context

Touched November 16th, 2015 3:02 AM

Quote:

Originally Posted by GoGoJJTech (Post 8998618)
Yeah, so apparently this is a thing and this happens. It's probably useless to us hackers because it's so specific in its existence, but that's what researching is for right? (btw the only reason I came across this was because my script decompiler flopped here, meaning that most script editors might also flop on these scripts)

EDIT: In Emerald, Command 0xD5 actually uses a halfword as its argument (meaning XSE is correct) for Emerald
Also, XSE states that D4 (bufferitems) only exists in FRLG, meaning that for Emerald, it's probably only used in this strange context

They seem to control those rotating obstacles as seen in the trickhouse 29.9 and mossdeep's gym.

cmdD3 does some nasty checking of the map tile ID. All those arrow panels are tile 0x298 and above. They're in groups of 8. Right, Down, Let, Up, Trigger, and then three blanks. D3 checks what group you're activating and rotates all the NPCs on those tiles in the correct directions. It uses movement scripts at 861269C, 86126A0, 86126A4 and 8612698 to accomplish this NPC movement. It also keeps track of their coordinates in the saveblock. I would guess this command also rotates the relevant tiles.

cmdD4 updates the facing of all relevant NPCs with applymovements and updates their behaviours so that they are facing the correct direction.

cmdD5 allocates memory for this whole process (if there is no memory already allocated). cmdD6 frees that memory, and updates the player's overworld sprite. It also waits for some task. For all these scripts, you'll see a cmdD5 first, then a cmdD6 at the end.

Summary:
cmdD3 - mossdeep gym trap rotate: takes a halfword (variable or number) of the trap type (panel colour)
cmdD4 - mossdeep gym trap update: no arguments
cmdD5 - mossdeep gym trap begin: takes a halfword (variable or number). true indicates trick house (panels start at 0x298), false indicates mossdeep gym (panels start at block id 0x250)
cmdD6 - mossdeep gym trap end: no arguments

Dr. Seuss November 16th, 2015 6:47 AM

I've made a quick research about the background of the Oak's intro screen in Fire Red, to be accurate, this background
http://i289.photobucket.com/albums/ll219/Jameika314159/LP%20Pokemon%20Liquid%20Crystal/1636-PokemonFireRedUSquirrels_103.png

Tileset of Background: 0x460CA4
Tilemap:0x460CE8
Palletes: 0x460568
Tilemap size (In NTME): 30x20 (240x160)
Amount of colors: 16

I really don't understand why the Oak's intro uses 256 colors if a lot of colors aren't used.

kleenexfeu November 18th, 2015 7:20 AM

For Emerald

Proper cry for limbo slots



This should theorically allow the limbo slots (between Celebi and Treecko) to have their proper cry, could be useful for forms etc, since the emerald expansion isn't finished yet :

Update : put C0 46 C0 46 C0 46 at 0x806D51C

A repoint might be needed, sadly I can't test on my PC as I don't have sound

Tbh the engine handles the cry weirdly, if someone has more information about how to repoint the tables correctly, please share. Thanks PurpleOrange :

Quote:

Originally Posted by PurpleOrange (Post 9001472)
EDIT: It should be noted with this method the repointed table must include the the national dex number of the first 251 pokemon in hex -1 followed by 25 lots of 00 00 (which can be changed for new cries), then followed by the index numbers of the hoenn pokemon (in their weird order)

The game displays the default sprite, icon and base stats for Deoxys




01 BC 00 47 at 0x8034C32 for the sprite.

C0 46 C0 46 C0 46 C0 46 at 0x8068A2C for the stats.

C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 at 0x80D3030 for the icon.

PurpleOrange November 18th, 2015 8:31 AM

Quote:

Originally Posted by kleenexfeu (Post 9001424)
For Emerald

Proper cry for limbo slots



This should theorically allow the limbo slots (between Celebi and Treecko) to have their proper cry, could be useful for forms etc, since the emerald expansion isn't finished yet :

put C0 46 C0 46 at 0x80A359C

after that, you can fill 0x806D510-0x806D540 with FF bytes to create a bit of freespace

Though I don't have sound on my PC, so if someone could test I would appreciate

hey, there is another method for limbo cries that seems to work found in THIS POST.
Quote:

Originally Posted by ThomasWinwood (Post 8214823)
write 00 00 00 00 00 00 00 00 00 00 (that's ten bytes) to x4330C and 00 00 00 00 (four) to x43318, then repoint the table at x4539D4 and expand it - it's now a table with one word for every ID

i found that the equivalent offsets for emerald are at 0x6D518, and 0x6D527
regardless, with your method, you'd still need to repoint and expand the cry table, no?

EDIT: It should be noted with this method the repointed table must include the the national dex number of the first 251 pokemon in hex -1 followed by 25 lots of 00 00 (which can be changed for new cries), then followed by the index numbers of the hoenn pokemon (in their weird order)

kleenexfeu November 18th, 2015 8:37 AM

Quote:

Originally Posted by PurpleOrange (Post 9001472)
hey, there is another method for limbo cries that seems to work found in THIS POST.

i found that the equivalent offsets for emerald are at 0x6D518, and 0x6D527
regardless, with your method, you'd still need to repoint and expand the cry table, no?

No idea, as I said I can't test. I never even tried to expand or look at any sound-related table :s
I just negate the function that replaces limbos cries with unown cries

PurpleOrange November 18th, 2015 8:55 AM

Quote:

Originally Posted by kleenexfeu (Post 9001475)
No idea, as I said I can't test. I never even tried to expand or look at any sound-related table :s
I just negate the function that replaces limbos cries with unown cries

well tested out your method, the first 251 pokemon have the correct cries, but the rest of the hoenn pokemon seem to be in a messed up order, and not an order that i recognize at all

Telinc1 November 18th, 2015 12:23 PM

I don't think this has been posted here, but if it has, sorry.
The step counter for the Safari Zone is at 02039996. It's completely unprotected by DMA and you can change it with cheat codes or ASM routines.

Telinc1 November 22nd, 2015 11:27 AM

Sorry for the double post, but this is something completely different and has nothing to do with the Safari Zone. I'm okay with it being merged though.
I've found a couple of graphics offsets for FireRed's slot machines. Maybe I'll post the palette offsets too later.

Code:

0x084659D0 - The slot machine itself. Definitely uses multiple palettes.
0x0846653C - Some Poké Ball looking thing. Gets decompressed when the slot machine loads, but I don't know if it's used there.
0x08466620 - Combo images. Used for the little popup when you hit the right arrow. Width: 14, uses palette 8 from the background palettes
0x08464A14 - The actual 32x32 slot images. Get loaded in the OAM. Width: 4, uses palette 2 from the sprite palettes
0x0846506C - Clefairy down at the bottom. Width: 4, uses palette 5 from the sprite palettes
0x08465544 - Bubble-looking things that I can't identify. Similarly to 0x0846653C, they get decompressed when the slot machine loads. Don't think they're used.


By the way, this is everything that has do with LZ77 in the log file I extracted those offsets out of. Maybe it'll be useful to somebody.
Spoiler:
Code:

LZ77UnCompWram: 0x084659d0,0x02006fe0 (VCOUNT=120)
LZ77UnCompWram: 0x0846653c,0x02008130 (VCOUNT=152)
LZ77UnCompWram: 0x084661d4,0x02004620 (VCOUNT=154)
LZ77UnCompWram: 0x08466620,0x020081c0 (VCOUNT=14)
LZ77UnCompWram: 0x08466998,0x02008a10 (VCOUNT=35)
LZ77UnCompWram: 0x08464a14,0x0201c000 (VCOUNT=134)
LZ77UnCompWram: 0x0846506c,0x0201c000 (VCOUNT=200)
LZ77UnCompWram: 0x08465544,0x0201c000 (VCOUNT=19)




PurpleOrange November 29th, 2015 7:59 AM

so I found this "table" in FireRed at 0x08466C58
Code:

13 14 27 29 FF FF FF 14 13 15 29 FF FF FF 15 14 16 FF FF FF FF 16 15 17 1B 2B
FF FF 17 16 18 19 1A 1B 2B 18 17 19 1A 1D FF FF 19 17 18 1A 22 FF FF 1A 17 18
19 1C 1E FF 1B 16 17 1C 2B FF FF 1C 1A 1B 1E FF FF FF 1D 18 1E FF FF FF FF 1E
1C 1D 1F FF FF FF 1F 1E 20 FF FF FF FF 20 1F 21 FF FF FF FF 21 20 24 25 FF FF
FF 22 19 23 FF FF FF FF 23 22 24 FF FF FF FF 24 21 23 25 FF FF FF 25 21 24 26
FF FF FF 26 25 27 FF FF FF FF 27 13 26 FF FF FF FF 29 13 14 2A FF FF FF 2A 29
14 FF FF FF FF 2B 16 17 1B FF FF FF 2C 2B 1B FF FF FF FF FF FF FF FF FF FF FF


each byte (other than the FF's) refer to the map number of the possible route the roaming pokemon can be found on. however I can't seem to find any sort of pattern for it, so expanding it doesn't seem to be easy. also, it doesn't seem to have a byte for the map bank (03), could that mean the map bank is calculated somewhere else?

Vendily November 30th, 2015 6:27 PM

In PMD: Red Rescue, the tilemap that contains the letters and symbols in the game is located at 302088 and is 9E0 bytes long.
This is a dump of the first tile, a #, that fingerprints the sheet.
Code:

00 00 00 00 10 11 11 00 11 17 17 01 71 77 77 01 11 17 17 01 71 77 77 01 11 17 17 01 10 11 11 00


It appears to be formatted like this on a tile (Spaces separate pixels):
Code:

0 0 0 0 0 0 0 0
0 1 1 1 1 1 0 0
1 1 7 1 7 1 1 1
1 7 7 7 7 7 1 0
1 1 7 1 7 1 1 0
1 7 7 7 7 7 1 0
1 1 7 1 7 1 1 0
0 1 1 1 1 1 0 0


I have yet to find the palette.

EDIT: I suspect the Palette is controlled by ASM because I can't even find it saved in the rom.
There might be more tiles before and after but I'm not 100% sure about anything outside this range.

EDIT 2: I think I found the beginning of the tile map at 302048 which is just a one pixel column of black on the left and the rest is the transparent green.
Original:
Code:

03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00


Decompiled:
Code:

3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0


There is this block-large section of 7s right after it which doesn't make sense.
Original:
Code:

77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77


Decompiled:
Code:

7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7


There is also a 48 20 30 at 147E5, the only instance of it but it's immediately followed by a 05 so I don't know if it's a pointer to the tilemap. There was no pointer to the # though.

EDIT 3: Changed 48 20 30 to 48 20 40, there doesn't seem to be a visual effect. Conclusion: this is not a pointer (probably).

Telinc1 December 4th, 2015 10:16 AM

I'll just point out two things.
02036E58 contains the direction the player is facing. It's got the same key as 0x800C (1: down, 2: up, 3: left, 4: right), except that you can't change it (changing it will make it flip back to what it should be, so that makes me believe it's updated every frame) and it's also reliable. I haven't looked at it in a memory viewer, but 0x800C seems to behave funnily if you want to check the player's facing and not change it. Ergo, you should do something like comparefarbytetobyte 0x2036E58 0x2 instead of compare PLAYERFACING 0x2 in scripts.

The second I haven't looked into a lot, so I'm not sure if it's got truth in it, but type 0x7 level scripts seem to run only on menu close and not when the map is loaded (AdvanceMap 1.92 says they also run on map load). Maybe someone can confirm/reject this?

Blah December 4th, 2015 10:58 AM

Quote:

Originally Posted by Telinc1 (Post 9021504)
I'll just point out two things.
02036E58 contains the direction the player is facing. It's got the same key as 0x800C (1: down, 2: up, 3: left, 4: right), except that you can't change it (changing it will make it flip back to what it should be, so that makes me believe it's updated every frame) and it's also reliable. I haven't looked at it in a memory viewer, but 0x800C seems to behave funnily if you want to check the player's facing and not change it. Ergo, you should do something like comparefarbytetobyte 0x2036E58 0x2 instead of compare PLAYERFACING 0x2 in scripts.

The second I haven't looked into a lot, so I'm not sure if it's got truth in it, but type 0x7 level scripts seem to run only on menu close and not when the map is loaded (AdvanceMap 1.92 says they also run on map load). Maybe someone can confirm/reject this?

That's the npc_states data structure. Basically, the first entry is always the player, and then the next entries are NPCs around the player (they include NPCs offscreen until a certain distance). The advantage to using this instead of "PLAYER_FACING" is that the temporary variable 0x800C (which is player_facing) is only updated when the "A" button is pressed. So if you wanted to use it with a green script tile, you'd a random result. Knizz has some more indepth research about the npc_states data struct in his IDB and he also made a thread about it some years ago, if you're interested.

For your inquiry about level script 0x7, I think they are all going to activate on map reload (just a guess). You can confirm by setting a break point at "08069940" with 0x7 as the only level script. See if it's breaking on the map reload/menu open-close :)

edit:
I thought I'd drop this here for archival purposes for anyone trying to do this:
http://www.pokecommunity.com/showpost.php?p=9028130&postcount=4

C me December 14th, 2015 11:18 AM

I'm going to post this here because I'm sick of working on it and it should be so simple.

I have been trying to find the location of the routine called when you use fly from the pokemon menu in Emerald. FBI found it at 0xC4EF8 in FireRed and a simple callasm script makes it work perfectly.

After spending hours looking for byte similarities between FireRed and Emerald I found nothing of value.
So then I moved on to making breakpoints for 'FLY', 'FLY to where?' and for cities names as well as breakpoints for the map tilesets and tilemaps, after hours the thing I keep getting is that it's around 0x124600.

KDS spent some time helping me out and he pointed out the routine at 0x124690.

Callasming 0x124691 produces a black screen, every other routine I've tried does nothing. Maybe something has to be set before the callasm?

That's all the information I have, I would really appreciate help. Thank You

Blah December 14th, 2015 3:10 PM

Quote:

Originally Posted by C me (Post 9034916)
I'm going to post this here because I'm sick of working on it and it should be so simple.

I have been trying to find the location of the routine called when you use fly from the pokemon menu in Emerald. FBI found it at 0xC4EF8 in FireRed and a simple callasm script makes it work perfectly.

After spending hours looking for byte similarities between FireRed and Emerald I found nothing of value.
So then I moved on to making breakpoints for 'FLY', 'FLY to where?' and for cities names as well as breakpoints for the map tilesets and tilemaps, after hours the thing I keep getting is that it's around 0x124600.

KDS spent some time helping me out and he pointed out the routine at 0x124690.

Callasming 0x124691 produces a black screen, every other routine I've tried does nothing. Maybe something has to be set before the callasm?

That's all the information I have, I would really appreciate help. Thank You

I don't have an EM ROM so I can't confirm some of the ROM data, but have you tried calling it's parent 081B5470? The one you seemed to try callasm-ing is a task.

C me December 14th, 2015 3:50 PM

Quote:

Originally Posted by FBI (Post 9035225)
I don't have an EM ROM so I can't confirm some of the ROM data, but have you tried calling it's parent 081B5470? The one you seemed to try callasm-ing is a task.

It justs freezes the game, sadly that doesn't work.

Edit: Don't know why it never occured to me to find a pointer to the routine, there is a pointer for 0x124691 at 0x1B5620.
Oh that's where 081B5470 came from, didn't think the routine would be that big.

Edit2: If I set a breakpoint at 08124691, 081B5620 or 081B5470 the game doesn't break when I use fly. Am I doing it wrong or does that mean it's not there?

Spherical Ice December 15th, 2015 1:37 PM

The series of checks at x5613C check if the player is in a map with the name VICTORY ROAD (map name ID 0x84), ROUTE 23 (map name ID 0x7B) or INDIGO PLATEAU (map name ID 0x61). If they are, then the SURFing music will not play.

This becomes an issue, though, if you have maps on there that aren't supposed to be climactic or whatever; just change the map name IDs at that location to whichever map name you want to prevent SURFing music from playing on, or simply paste 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 to nop that entire series of checks out at x5613C.

This is for FireRed.

Spherical Ice December 21st, 2015 4:59 AM

Unsure if this has been done already, but whatever. If you want Pokémon to not show their Pokédex number as ??? on the summary screen before getting the National Pokédex, make the following changes:

0x6E272: 00 00 00 00
0x6E280: 00 00 00 00
0x1360F7: E0
EDIT: also this 0x43FA6: 00 00 04 E0

This is for FireRed.

Lance32497 December 27th, 2015 8:24 PM

Quote:

Originally Posted by Spherical Ice (Post 9043720)
Unsure if this has been done already, but whatever. If you want Pokémon to not show their Pokédex number as ??? on the summary screen before getting the National Pokédex, make the following changes:

0x6E272: 00 00 00 00
0x6E280: 00 00 00 00
0x1360F7: E0

This is for FireRed.

I have one problem though, Instead of showing the correct dex number, it only shows ?35

Spherical Ice December 28th, 2015 6:59 AM

Quote:

Originally Posted by Lance32497 (Post 9052589)
I have one problem though, Instead of showing the correct dex number, it only shows ?35

Oh, my bad, I forgot to include this:

0x43FA6: 00 00 04 E0

Spherical Ice December 29th, 2015 3:21 PM

To fix the broken sprite behaviour 0xC, which Advance Map labels as Face Down, you can put B5 FF 05 08 at x39fbf8, and the sprite behaviour will then actually make the sprite face down and not risk the game crashing etc. If you want to make it hide the NPC like it does in RSE, put F1 31 06 08 there instead.

GoGoJJTech January 2nd, 2016 8:12 PM

Changing the second byte in the battle flags in Emerald (02022FEC) to 02 will activate the Wally AI. This means Wally can go against trainers..

I'm not posting this so it goes anywhere or develops further, I just thought it was funny

Deokishisu January 13th, 2016 6:25 PM

This is kinda useless to everyone, but I'm posting it so that I don't lose this info. This is all for FireRed.

When the player enters a battle, the player's backsprite slides in from the right and stops. To change the position from which the backsprite starts sliding (that is, the sprite's initial position as the screen fades in) change the byte at 0x0323C0. By default, it's F0. Higher than F0 will start the sprite further to the right (depending on how high you put the value, the player may wrap around to the other side of the screen). Lower than F0 will start the sprite further to the left. Regardless, the sprite will stop at the same position. If I can find how to edit this position, or other battle intro stuff, I'll edit this post.

EDIT: To disable the showing of map names when crossing to a new map regardless of the setting in AMap, write 00 00 00 00 to 0x055910. As an aside, the function knizz's idb labelled "show_new_mapname", located at 0x098110, is probably the key to getting unique graphics to show for each map name. Some of the function calls look promising (to my untrained eye) for messing with what bg is loaded. EDIT3: It appears that you still have to set A-Map to not show the name. Granted, in FireRed, the names showed even with that set for me, and nulling out that function call finally stopped them from popping down.

EDIT2: To disable the descriptions of items on the start menu (that little blue box that spans the bottom of the screen) regardless of your options settings, write 00 00 00 00 to 0x113034.

DizzyEgg January 23rd, 2016 3:17 AM

Emerald Wally battle

Spoiler:
At the beginning of script special 0x28 saves your whole party and then special 0x12F replaces it with a Zigzagoon at lvl7.
To change Pokemon's data:
at 0x139472 index of new Poke / 2 ;has to be an even number and not higher than 510
at 0x139482 level of new Poke
at 0x13949C index of first move
Whole routine is at 0x0813946C.

Special 0xA0 generates Wally's opponent.
To change it:
at 0x0B0870 index of new Poke / 2 ;has to be an even number and not higher than 510
at 0x0B0874 level of new Poke
Wally's Ralts is always generated to be male. If you want its gender random place 00 00 00 00 at 0x068038.
If you want it to always be female place D0 at 0x06803B.

Wally fight uses a special battle flag: 0x200.

Versekr Dark January 24th, 2016 11:25 AM

no Pokemon Ruby?

azurile13 January 25th, 2016 1:56 AM

I don't know if this has been posted before, but whatevs. It came to my attention today that the bag in FireRed crashes if a "main" pocket has more than 42 items (the normal max for regular items). I had always assumed the malloc was done based on a multiple of the numbers inputted at the routine beginning 0x08099E44, because the TM pocket works fine even with over 100 items, but apparently the berry/TM cases mean they run off of something different. Anyhow, to allow for sufficient malloc requests, change ".equ largest_pocket_size" to your new max and insert this:
Code:

.equ largest_pocket_size,        CHANGE THIS LINE
.equ largest_pocket_size_plus_one, largest_pocket_size + 1
.equ strings_size,        largest_pocket_size_plus_one * 19

.org 0x08002B9C
malloc:
        push {lr}
        mov r1, r0

.org 0x081083F4
main:
        push {r4, lr}
        ldr r4, =(0x0203AD18)
        mov r0, #largest_pocket_size_plus_one
        lsl r0, r0, #0x3
        bl malloc
        str r0, [r4, #0x0]
        cmp r0, #0x0
        beq return
        ldr r0, =strings_size
        bl malloc
        str r0, [r4, #0x4]
        cmp r0, #0x0
        beq return
        mov r0, #0x1

return:
        pop {r4}
        pop {r1}
        bx r1


EDIT: I haven't done much testing. I've only thrown like 60 items into the general items pocket before I got bored & assumed this routine was the only problem.

Info on 0x08099E44: http://www.pokecommunity.com/showpost.php?p=9014911&postcount=2018

DizzyEgg January 26th, 2016 3:06 AM

Pokemon Emerald Trading Information:
0x08338ED0 is a table with info related to trading. Each entry is 0x3C bytes, used as such:
Spoiler:
00000000 poke_nickname: .byte 12
0000000C trading_poke_index:.short
0000000E hp_ivs: .byte
0000000F attack_ivs: .byte
00000010 defense_ivs: .byte
00000011 speed_ivs: .byte
00000012 sp_attack_ivs: .byte
00000013 sp_def_ivs: .byte
00000014 ability_bit: .byte
00000015 field_15: .byte ?
00000016 field_16: .byte ?
00000017 field_17: .byte ?
00000018 trainer_ID: .long
0000001C coolness: .byte
0000001D beauty: .byte
0000001E cuteness: .byte
0000001F smartness: .byte
00000020 toughness: .byte
00000021 field_21: .byte ?
00000022 field_22: .byte ?
00000023 field_23: .byte ?
00000024 personality_value:.long
00000028 held_item: .short
0000002A mail_index*: .byte (0,1,2 or 0xFF)
0000002B ot_name: .byte 8 dup
00000033 field_33: .byte ?
00000034 field_34: .byte ?
00000035 field_35: .byte ?
00000036 gender: .byte
00000037 sheen: .byte
00000038 required_poke_index:.short
0000003A field_3A: .byte ?
0000003B field_3B: .byte ?
0000003C trading ends

Field values are unused.


There's also traded mail table. It starts at 0x08338FC0 and is 18 bytes long. Each entry is a halfword that's a word being displayed in Mail screen ending with 0x0000. Mail Index in the above struct is responsible for choosing correct entry in mails. FF is used when held item isn't a mail.

Spherical Ice January 26th, 2016 8:56 AM

To remove the black bar animation, cry and Pokémon sprite and all, that shows when you use a HM, do the following:
Quote:

Originally Posted by Spherical Ice (Post 9092270)
FR: 00 00 00 00 00 00 00 00 00 00 00 00 at x860C2.
EM: 00 00 00 00 00 00 00 00 00 00 00 00 at xB8536.

Result: https://my.mixtape.moe/pmjmtn.webm

Posting this here in case anyone else wants it.

C me January 26th, 2016 9:37 AM

The RAM byte which checks for the current maps type is found at:

FR:0x02036E13 (credits to FBI)
Em:0x0203732F

Useful for custom scripts to check if the player is underwater/underground/secret base etc

GoGoJJTech January 26th, 2016 1:29 PM



I guess I'm just on a roll, huh?
I'll post the code to Github when I learn how to use it (and the code for follow me as well)

Epsilon January 28th, 2016 3:24 PM

So I have been looking to make the various search categories (A to Z, Type, Lighest, Smallest) work for expanded Pokemon in Fire Red. This is what I found.

The 'lighest list' is from 4442f6 - 4449ef.
A to Z seems to be at 3e7d94, although it weirdly seems to skip some Pokemon.
Type is at 4448fe.
The Smallest list I can't find.

Now, taking the Lightest category, I found the pointer to it at 1037cc. Then at 1037D4 there's 81 01 (385, number of dex entries minus 1). Expanding and repointing the lighest table and changing the number at 1037D4 did seem to expand the list, but it only shows Gen III Pokemon in the slots I added.

So, with these findings, a smarter person than me might be able to figure out how to make the categories work for expanded Pokemon? I reckon there must be limiting bytes somewhere, just as with the National Dex list in the Pokedex Expanding tutorial.

Anyone? :)

Xencleamas February 7th, 2016 10:10 PM

Quote:

Originally Posted by Jambo51 (Post 7559059)
So, I've gotten sick of being asked for this, so I figured it might be a good idea to share it. It's so short and easy that it definitely doesn't warrant having its own thread, so putting it here seems like a good compromise.

Extending the Number of Direct Sound Tracks on 3rd Gen Pokémon Games

It's as easy as this:
  1. Search for the hex string "00 C5 94 00" in your ROM
  2. Replace said string with "00 CX 94 00" where X stands for the number of maximum DS tracks

Now, there are limits here. Fire Red and Emerald (presumably Leaf Green too) can support a maximum of 12 (0xC) tracks, so you can put 00 CC 94 00 for these ROMs, however, Ruby (presumably Sapphire too) are different. RS can only support a maximum of 7!

BPR - 12
BPG - 12
BPE - 12
AXV - 7
AXP - 7

Here are the offsets for each game for those who care (I don't have Sapphire and Leaf Green. Sorry! :/ But, will sure find them soon):

Ruby: 0x081DDECC (if not, destinjagold or any other Ruby hackers, correct me)
FireRed: 0x081DD0C8
Emerald: 0x082E0104

If you just want to go where to replace C5, go to one byte after it. ;)

Deokishisu February 8th, 2016 3:02 AM

Mods, just let me know if you want me to separate this post into multiple ones for easier archival in the first post.

This is not my research, but I stumbled upon it and thought that it would be useful for locating the Emerald equivalents, as well as tracking down where other Record Mixed data is stored in the save. This is all for Ruby and Sapphire.

Spoiler:
Quote:

Battle Tower Data
When you challenge the battle tower, your party is recorded in your save file and transmitted to others when you mix records.
This data is almost identical to the Mossdeep Trainer data, except it seems there are no winning/losing quotes here.

Data Layout
0x0000 - Mystery Value (Word) (Deokishisu's edit: I have a hunch that this is what battle the player lost in the Tower, as position in the Tower is shared when Record Mixing.)
0x0004 - Trainer Name (7 Bytes)
0x000B - String Terminator (0xFF)
0x000C - Trainer ID (Word)
0x0010 - Introduction Phrases (6 Halfwords)
0x001C - Pokemon 1 (44 Bytes)
0x0048 - Pokemon 2 (44 Bytes)
0x0074 - Pokemon 3 (44 Bytes)
0x00A0 - Checksum (Word) This is just the sum of the 160 byte structure. I assume it is used to check for fiddled-with data.

Pokemon Pokemon are stored in 44 byte structures as follows:
0x00 - Species - Halfword
0x02 - Held Item - Halfword
0x04 - Move 1 - Halfword
0x06 - Move 2 - Halfword
0x08 - Move 3 - Halfword
0x0A - Move 4 - Halfword
0x0C - Level - Byte
0x0D - ?? (always 0x00) - Byte
0x0E - HP EV - Byte
0x0F - ATK EV - Byte
0x10 - DEF EV - Byte
0x11 - SPD EV - Byte
0x12 - SP.ATK EV - Byte
0x13 - SP.DEF EV - Byte
0x14 - Trainer ID - Word
0x18 - Poss. IVs - Word
0x1C - Personality - Word
0x20 - Nickname - 10 Bytes
0x2A - ?? (always 0x00) - Byte
0x2B - ?? (always 0xFF) - Byte

Source: This page on Furlock's Forest Wiki
Quote:

Secret Base Data
Scattered around Hoenn are a number of hidden locations that players may make into their own secret hideout. These are known as Secret Bases and are transfered to other players when you mix records, allowing you to visit them and even battle them once you've beaten the Pokémon League.

If you have forgotten where you set up your own Secret Base, there is a boy in Mossdeep who will remind you.
Up to 20 bases are able to be stored per Ruby or Sapphire cart, and no two bases may share the same location.

Data Structure
Position in save data: 0x2988
160 byte structure x 20
0x0000 - Location - Halfword
0x0002 - Trainer Name - 7 Bytes
0x0009 - Trainer ID - Word
0x000D - Unknown - Byte
0x000E - Unknown - 2 Halfwords
0x0012 - Decorations in base - 16 Bytes
0x0022 - Decoration positions - 16 Bytes
0x0032 - Unknown - 2 Bytes
0x0034 - Pokemon Personalities - 4 Words
0x004C - Pokemon Moves - 24 Halfwords
0x007C - Pokemon Species - 6 Halfwords
0x0088 - Pokemon Held Items - 6 Halfwords
0x0094 - Pokemon Levels - 6 Bytes
0x009A - Unknown - 6 Bytes

(Deokishisu's Edit: One of these bytes might be the Trainer's gender, perhaps the one at 0x000D.)

Source: This page on Furlock's Forest Wiki
Quote:

Mossdeep Trainer Data
In Pokémon Ruby & Sapphire, in Mossdeep, there is a house with a locked door. If you have previously scanned an e-Reader Pokémon Battle eCard then the old man who lives in the house will stand in front of the door and will tell you of a guest staying in his house that you may battle.

The trainer's data is quite basic and only consists of a name, type, 3 pokémon and 6 vocabulary words that are spoken when introducing themselves, winning and losing. It's basically the same as a Battle Tower trainer.

Data Map
MossDeep Trainer Battle E-Card
Data Structure - 188 Bytes
------------------------------
0x00 - Battle Tower Type - Byte
0x01 - Type eg. Camper - Byte
0x02 - Battle Tower Lvl -
Byte 0x03 - ?? - Byte

Type is 0x00 for lvl 50, 0x01 for lvl 100 Lvl is the level they will appear at battle tower These aren't set unless the ecard has a mark indicating that the trainer will appear in the battle tower.

0x04 - Name - 7 Bytes
0x0B - String terminator - Byte
0x0C - Trainer ID - Word
--------- This is usually 0x00000000
0x10 - Introduction - 6 Halfword
0x1C - Win Quote - 6 Halfword
0x28 - Lose Quote - 6 Shorts

These minor amounts of dialogue are made up using set phrases in the same manner as trainers in the Battle Tower.

0x34 - Pokemon 1 - 44 Bytes
0x60 - Pokemon 2 - 44 Bytes
0x8C - Pokemon 3 - 44 Bytes
See the below structure.
0xB8 - Checksum - Word

A sum of the 184 bytes that make up the trainer data, added together as words. 44 Byte Pokemon Structure
-------------------------
0x00 - Species - Halfword
0x02 - Held Item - Halfword
0x04 - Move 1 - Halfword
0x06 - Move 2 - Halfword
0x08 - Move 3 - Halfword
0x0A - Move 4 - Halfword
0x0C - Level - Byte
0x0D - ?? (always 0x00) - Byte
0x0E - HP EV - Byte
0x0F - ATK EV - Byte
0x10 - DEF EV - Byte
0x11 - SPD EV - Byte
0x12 - SP.ATK EV - Byte
0x13 - SP.DEF EV - Byte
0x14 - OT ID - Word
0x18 - Poss. IVs - Word
0x1C - Personality - Word
0x20 - Nickname - 10 Bytes
0x2A - ?? (always 0x00) - Byte
0x2B - ?? (always 0xFF) - Byte

Source: This page on Furlock's Forest Wiki


This wiki also has some interesting information on R/S/E's RTC chip, some of which we already have documented in various places, but some of the information is new to me, so it may be new to others as well. I'll leave links to what I've found:

First, a Glitch City Forum topic about the R/S Berry Glitch that sheds some light on how the RTC works internally.

Second, a page on Furlock's Forest Wiki which explains how the time is stored in the save, and why simply replacing your RTC battery will not restart time-based events. This link also includes a program that can be loaded up in a flashcart and used to modify the RTC of your retail R/S/E's internal time to whatever the user desires. The source for the program is included.

The wiki doesn't look maintained anymore, by the way, so someone may want to archive everything in the event that it's taken down.

GoGoJJTech February 8th, 2016 11:17 AM

The fanfare and waitfanfare commands in Pokémon Emerald (not sure about other games) work based on a table. The table is at 0x085248BC and works like this:
http://i.snag.gy/zSJxS.jpg

If you don't understand what's going on here, the table looks like this:
http://i.snag.gy/Z6q9N.jpg
First halfword is the song, second halfword is the length that waitfanfare waits (in ticks or frames, I don't know the term).

The limiter for this table is at 0x080A310C. Change 0x11 to the new amount of fanfares if you're expanding this table.

Fanfare playing works like this if you're interested:
http://i.snag.gy/KACDp.jpg
Basically it loops through the table and gets the first halfword each time, then checks if the song you're trying to play is in the table. If not, it just plays the first fanfare in the table (which by default, is the level-up theme)

leyn09 February 9th, 2016 6:13 PM

Quote:

Originally Posted by GoGoJJTech (Post 8182332)
nop the 8 bytes at 080484 to make trainerbattle 0x9 not have oak's text
found by knizz

I'm quite confused on how should I nop those bytes? Please enlighten me. Thanks :D

GoGoJJTech February 9th, 2016 6:15 PM

Quote:

Originally Posted by leyn09 (Post 9112116)
I'm quite confused on how should I nop those bytes? Please enlighten me. Thanks :D

Nop, like 00 00

Telinc1 February 10th, 2016 9:36 AM

Quote:

Originally Posted by leyn09 (Post 9112116)
I'm quite confused on how should I nop those bytes? Please enlighten me. Thanks :D

To clarify what GoGo said, basically type 8 00s (meaning, 16 0s) at that location. 00 actually corresponds to a THUMB instruction (pretty sure it's lsl r0,#0x0 or something like that) which shifts r0 zero bits to the left - practically nothing. You have to use this, as ARMv4 THUMB doesn't have a NOP instruction like 65816 ASM does (that's the ASM variant which the SNES uses).

Blah February 10th, 2016 1:50 PM

Actually the defined nop instruction in Thumb is mov r8, r8. Many other instructions raise something called flags.

The instruction lsl, for example, raises the Zero flag, Carry flag and Sign flag. In the case of lsl r0, r0, #0x0, you won't set the carry flag but the other two can be set. This kind of practice could create unexpected results, so it's much better to use mov r8, r8 instead. That's the bytes "C0 46 C0 46".


All times are GMT -8. The time now is 8:53 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.