The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Binary Hack Research & Development (https://www.pokecommunity.com/forumdisplay.php?f=195)
-   -   Quick Research & Development Thread (https://www.pokecommunity.com/showthread.php?t=205158)

Joexv February 10th, 2016 2:58 PM

I dont know if anyone would really need this, but if you want to skip part of the oak intro(where he sends out the Pokemon AND the text that goes with it)

put 79 FD 12 08 at 0x812f9E8

Zaazaa0 February 10th, 2016 11:05 PM

I've been digging into Forecast to try and figure out how to change the types of Castform's weather forms. More specifically, I want to make it possible to have a base form and weather forms that have one shared type with separate dual types. I have an okay amount of hex knowledge and exactly zero scripting knowledge, and I think I've gotten as far as that can take me. Here's what I've figured out so far:

Relevant offsets are, in FireRed (with their normal values in parentheses):
0x8019E70 (00)
0x8019E78 (00)
0x8019E9A (0A)
0x8019EA2 (0A)
0x8019EA6 (0A)
0x8019EC6 (0B)
0x8019ECE (0B)
0x8019ED2 (0B)
0x8019EF2 (0F)
0x8019EFA (0F)
0x8019EFE (0F)
There may be more.

To make sure we're on the same page, those values correspond to types. 00=Normal, 0A=Fire, 0B=Water, and 0F=Ice.

The first two are the primary and secondary types of Castform's base form. If Castform's primary type doesn't match the value at 0x8019E70 AND its secondary type doesn't match 0x8019E78, it will "change" from its Base form into its Base form as soon as it's sent in (in clear weather). If even one of the types matches, it won't do that.

The other sets of three values are of course related to the Sun, Rain, and Hail forms. Only thing is, I can't quite figure out what makes them work. I do know this much:
-If 0x8019E9A and 0x8019E70 are the same value, OR if 0x8019EA2 and 0x8019E78 are the same value, Castform is unable to change from its Base form to its Sun form at all. This leads me to believe that 0x8019E9A and 0x8019EA2 determine Sun's primary and secondary types, respectively. The same is true for changing between ANY two forms.
-Setting the first two values to XX and the third to YY (where XX and YY correspond to types) will cause Castform to transform into that weather form repeatedly forever, soft-locking the game:
http://i.imgur.com/XzzBei4.gif
-No matter what I've tried, I've been unable to get Castform's weather forms to be dual-typed. Which is a shame, since that's what I've been trying to do all this time.

http://www.pokecommunity.com/showpost.php?p=5716298&postcount=11
I basically figured this much out using only this post from years ago, where someone found the script for Forecast's form change. Figured it might help to include it here. Someone who knows enough about battle scripts might be able to find something in there that I didn't.

EDIT: I think I've figured out how the three values work. I say I think because I haven't figured out a way to prove it. But I have a good feeling about this because it makes everything else make sense.
My theory is that the first two values for each weather form are to check the type, and THAT'S IT. The third value is then the ONLY one that says what Castform's type changes to.
If this is the case, it seems very possible to, say, remove one of the type checks so that it only checks one of them, which in the process makes room to allow the weather form to set a dual type.
Time to figure out how to get that to work, then.

EDIT2: Okay yeah that's absolutely the case. Now I just need to figure out how to script this.

leyn09 February 11th, 2016 1:31 AM

Quote:

Originally Posted by GoGoJJTech (Post 9112120)


Nop, like 00 00

Quote:

Originally Posted by Telinc1 (Post 9113001)
To clarify what GoGo said, basically type 8 00s (meaning, 16 0s) at that location. 00 actually corresponds to a THUMB instruction (pretty sure it's lsl r0,#0x0 or something like that) which shifts r0 zero bits to the left - practically nothing. You have to use this, as ARMv4 THUMB doesn't have a NOP instruction like 65816 ASM does (that's the ASM variant which the SNES uses).

Quote:

Originally Posted by FBI (Post 9113364)
Actually the defined nop instruction in Thumb is mov r8, r8. Many other instructions raise something called flags.

The instruction lsl, for example, raises the Zero flag, Carry flag and Sign flag. In the case of lsl r0, r0, #0x0, you won't set the carry flag but the other two can be set. This kind of practice could create unexpected results, so it's much better to use mov r8, r8 instead. That's the bytes "C0 46 C0 46".

Thanks for the clarifications!

DizzyEgg February 11th, 2016 2:34 AM

Quote:

Originally Posted by Zaazaa0 (Post 9114016)
Castform Stuff

Castform switching is a bit complicated, but type changing shouldn't be that much of a problem.
The routine that's responsible for changing its type is located at: 080426BC in Emerald and at 08019DAC in Fire Red.
I think they're both the same, but I'll use emerald one as example.
Full routine:
Spoiler:

ROM:080426BC castform_switch: @ CODE XREF: ability_something+416p
ROM:080426BC @ ability_something+48Ap ...
ROM:080426BC
ROM:080426BC var_14 = -0x14
ROM:080426BC
ROM:080426BC PUSH {R4-R6,LR}
ROM:080426BE SUB SP, SP, #4
ROM:080426C0 LSLS R0, R0, #0x18
ROM:080426C2 LSRS R6, R0, #0x18
ROM:080426C4 MOVS R5, #0
ROM:080426C6 LDR R1, =battle_data
ROM:080426C8 MOVS R0, #sizeof(battle_participant)
ROM:080426CA MULS R0, R6
ROM:080426CC ADDS R4, R0, R1
ROM:080426CE LDRH R1, [R4]
ROM:080426D0 LDR R0, =poke_castform
ROM:080426D2 CMP R1, R0
ROM:080426D4 BNE return_0
ROM:080426D6 MOVS R0, R4
ROM:080426D8 ADDS R0, #battle_participant.ability_id
ROM:080426DA LDRB R0, [R0]
ROM:080426DC CMP R0, #ability_forecast
ROM:080426DE BNE return_0
ROM:080426E0 LDRH R0, [R4,#battle_participant.current_hp]
ROM:080426E2 CMP R0, #0
ROM:080426E4 BEQ return_0
ROM:080426E6 STR R5, [SP]
ROM:080426E8 MOVS R0, #0x13
ROM:080426EA MOVS R1, #0
ROM:080426EC MOVS R2, #ability_cloudnine
ROM:080426EE MOVS R3, #0
ROM:080426F0 BL ability_something
ROM:080426F4 LSLS R0, R0, #0x18
ROM:080426F6 CMP R0, #0
ROM:080426F8 BNE change_type_to_normal
ROM:080426FA STR R5, [SP]
ROM:080426FC MOVS R0, #0x13
ROM:080426FE MOVS R1, #0
ROM:08042700 MOVS R2, #ability_airlock
ROM:08042702 MOVS R3, #0
ROM:08042704 BL ability_something
ROM:08042708 LSLS R0, R0, #0x18
ROM:0804270A CMP R0, #0
ROM:0804270C BEQ loc_8042734
ROM:0804270E
ROM:0804270E change_type_to_normal: @ CODE XREF: castform_switch+3Cj
ROM:0804270E MOVS R2, R4
ROM:08042710 ADDS R2, #battle_participant.type1
ROM:08042712 LDRB R0, [R2]
ROM:08042714 CMP R0, #types_normal
ROM:08042716 BEQ loc_8042734
ROM:08042718 MOVS R1, R4
ROM:0804271A ADDS R1, #battle_participant.type2
ROM:0804271C LDRB R0, [R1]
ROM:0804271E CMP R0, #types_normal
ROM:08042720 BEQ loc_8042734
ROM:08042722 STRB R5, [R2]
ROM:08042724 STRB R5, [R1]
ROM:08042726 MOVS R0, #1
ROM:08042728 B end
ROM:08042728 @ ---------------------------------------------------------------------------
ROM:0804272A .align 4
ROM:0804272C off_804272C: .long battle_data @ DATA XREF: castform_switch+Ar
ROM:08042730 dword_8042730: .long poke_castform @ DATA XREF: castform_switch+14r
ROM:08042734 @ ---------------------------------------------------------------------------
ROM:08042734
ROM:08042734 loc_8042734: @ CODE XREF: castform_switch+50j
ROM:08042734 @ castform_switch+5Aj ...
ROM:08042734 MOVS R0, #0
ROM:08042736 STR R0, [SP]
ROM:08042738 MOVS R0, #0x13
ROM:0804273A MOVS R1, #0
ROM:0804273C MOVS R2, #ability_cloudnine
ROM:0804273E MOVS R3, #0
ROM:08042740 BL ability_something
ROM:08042744 LSLS R0, R0, #0x18
ROM:08042746 LSRS R0, R0, #0x18
ROM:08042748 CMP R0, #0
ROM:0804274A BNE return_0
ROM:0804274C STR R0, [SP]
ROM:0804274E MOVS R0, #0x13
ROM:08042750 MOVS R1, #0
ROM:08042752 MOVS R2, #ability_airlock
ROM:08042754 MOVS R3, #0
ROM:08042756 BL ability_something
ROM:0804275A LSLS R0, R0, #0x18
ROM:0804275C CMP R0, #0
ROM:0804275E BEQ loc_8042764
ROM:08042760
ROM:08042760 return_0: @ CODE XREF: castform_switch+18j
ROM:08042760 @ castform_switch+22j ...
ROM:08042760 MOVS R0, #0
ROM:08042762 B end
ROM:08042764 @ ---------------------------------------------------------------------------
ROM:08042764
ROM:08042764 loc_8042764: @ CODE XREF: castform_switch+A2j
ROM:08042764 LDR R1, =weather
ROM:08042766 LDRH R0, [R1]
ROM:08042768 MOVS R2, #weather_flags_rain|weather_flags_downpour|weather_flags_permament_rain|weather_flags_sun|weather_flags_permament_sun|weather_flags_hail
ROM:0804276A ANDS R2, R0
ROM:0804276C MOVS R4, R1
ROM:0804276E CMP R2, #0
ROM:08042770 BNE check_sun
ROM:08042772 LDR R1, =battle_data
ROM:08042774 MOVS R0, #sizeof(battle_participant)
ROM:08042776 MULS R0, R6
ROM:08042778 ADDS R1, R0, R1
ROM:0804277A MOVS R3, R1
ROM:0804277C ADDS R3, #battle_participant.type1
ROM:0804277E LDRB R0, [R3]
ROM:08042780 CMP R0, #types_normal
ROM:08042782 BEQ check_sun
ROM:08042784 ADDS R1, #battle_participant.type2
ROM:08042786 LDRB R0, [R1]
ROM:08042788 CMP R0, #types_normal
ROM:0804278A BEQ check_sun
ROM:0804278C STRB R2, [R3]
ROM:0804278E STRB R2, [R1]
ROM:08042790 MOVS R5, #1
ROM:08042792
ROM:08042792 check_sun: @ CODE XREF: castform_switch+B4j
ROM:08042792 @ castform_switch+C6j ...
ROM:08042792 LDRH R1, [R4]
ROM:08042794 MOVS R0, #weather_flags_sun|weather_flags_permament_sun
ROM:08042796 ANDS R0, R1
ROM:08042798 CMP R0, #0
ROM:0804279A BEQ check_rain
ROM:0804279C LDR R1, =battle_data
ROM:0804279E MOVS R0, #sizeof(battle_participant)
ROM:080427A0 MULS R0, R6
ROM:080427A2 ADDS R1, R0, R1
ROM:080427A4 MOVS R2, R1
ROM:080427A6 ADDS R2, #battle_participant.type1
ROM:080427A8 LDRB R0, [R2]
ROM:080427AA CMP R0, #types_fire
ROM:080427AC BEQ check_rain
ROM:080427AE ADDS R1, #battle_participant.type2
ROM:080427B0 LDRB R0, [R1]
ROM:080427B2 CMP R0, #types_fire
ROM:080427B4 BEQ check_rain
ROM:080427B6 MOVS R0, #types_fire
ROM:080427B8 STRB R0, [R2]
ROM:080427BA STRB R0, [R1]
ROM:080427BC MOVS R5, #2
ROM:080427BE
ROM:080427BE check_rain: @ CODE XREF: castform_switch+DEj
ROM:080427BE @ castform_switch+F0j ...
ROM:080427BE LDRH R1, [R4]
ROM:080427C0 MOVS R0, #weather_flags_rain|weather_flags_downpour|weather_flags_permament_rain
ROM:080427C2 ANDS R0, R1
ROM:080427C4 CMP R0, #0
ROM:080427C6 BEQ check_hail
ROM:080427C8 LDR R1, =battle_data
ROM:080427CA MOVS R0, #sizeof(battle_participant)
ROM:080427CC MULS R0, R6
ROM:080427CE ADDS R1, R0, R1
ROM:080427D0 MOVS R2, R1
ROM:080427D2 ADDS R2, #battle_participant.type1
ROM:080427D4 LDRB R0, [R2]
ROM:080427D6 CMP R0, #types_water
ROM:080427D8 BEQ check_hail
ROM:080427DA ADDS R1, #battle_participant.type2
ROM:080427DC LDRB R0, [R1]
ROM:080427DE CMP R0, #types_water
ROM:080427E0 BEQ check_hail
ROM:080427E2 MOVS R0, #types_water
ROM:080427E4 STRB R0, [R2]
ROM:080427E6 STRB R0, [R1]
ROM:080427E8 MOVS R5, #3
ROM:080427EA
ROM:080427EA check_hail: @ CODE XREF: castform_switch+10Aj
ROM:080427EA @ castform_switch+11Cj ...
ROM:080427EA LDRH R1, [R4]
ROM:080427EC MOVS R0, #weather_flags_hail
ROM:080427EE ANDS R0, R1
ROM:080427F0 CMP R0, #0
ROM:080427F2 BEQ return
ROM:080427F4 LDR R1, =battle_data
ROM:080427F6 MOVS R0, #sizeof(battle_participant)
ROM:080427F8 MULS R0, R6
ROM:080427FA ADDS R1, R0, R1
ROM:080427FC MOVS R2, R1
ROM:080427FE ADDS R2, #battle_participant.type1
ROM:08042800 LDRB R0, [R2]
ROM:08042802 CMP R0, #types_ice
ROM:08042804 BEQ return
ROM:08042806 ADDS R1, #battle_participant.type2
ROM:08042808 LDRB R0, [R1]
ROM:0804280A CMP R0, #types_ice
ROM:0804280C BEQ return
ROM:0804280E MOVS R0, #types_ice
ROM:08042810 STRB R0, [R2]
ROM:08042812 STRB R0, [R1]
ROM:08042814 MOVS R5, #4
ROM:08042816
ROM:08042816 return: @ CODE XREF: castform_switch+136j
ROM:08042816 @ castform_switch+148j ...
ROM:08042816 ADDS R0, R5, #0
ROM:08042818
ROM:08042818 end: @ CODE XREF: castform_switch+6Cj
ROM:08042818 @ castform_switch+A6j
ROM:08042818 ADD SP, SP, #4 @ returns
ROM:08042818 @ 0 if no change
ROM:08042818 @ 1 if normal and no weather
ROM:08042818 @ 2 if fire change
ROM:08042818 @ 3 if water change
ROM:08042818 @ 4 if hail change
ROM:0804281A POP {R4-R6}
ROM:0804281C POP {R1}
ROM:0804281E BX R1


If you're wondering how I got that, it's from emerald IDA, a very useful tool. Anyway, there are three important labels there, chack hail, check sun and check rain. First, they check if Castform already has type related to the weather and if it does, they don't do anything. If it has a different type, it'll change them.
Take a look at that part from check_hail:
ROM:0804280E MOVS R0, #types_ice
ROM:08042810 STRB R0, [R2]
ROM:08042812 STRB R0, [R1]
#types_ice in reality is a value of 0x0F, it's just there to make code reading easier. STRB means that it stores this value at addresses in r2 and r1 which are responsible for pokemon types in battle. All you'd have to do is hook somewhere there and change the value of second type. If you know ASM, this shouldn't be that hard, if you don't however, I suggest you take a look at ASM tutorials.

Substitute Doll February 12th, 2016 12:28 PM

Quote:

Originally Posted by Zaazaa0 http://www.pokecommunity.com/showthread.php?p=9114016#post9114016
Castform Stuff
Here is more Castform stuff, the routines FOR FIRERED

This is Castform_Transform as named in IDA
Spoiler:
ROM:0802CF30
ROM:0802CF30
ROM:0802CF30 atkE6_castform_transform: @ DATA XREF: ROM:move_cmdso
ROM:0802CF30 PUSH {R4,LR}
ROM:0802CF32 LDR R4, =b_active_side
ROM:0802CF34 LDR R0, =byte_2023FC4
ROM:0802CF36 LDRB R0, [R0,#23]
ROM:0802CF38 STRB R0, [R4]
ROM:0802CF3A LDR R1, =battle_data
ROM:0802CF3C LDRB R2, [R4]
ROM:0802CF3E MOVS R0, #sizeof(battle_data_t)
ROM:0802CF40 MULS R0, R2
ROM:0802CF42 ADDS R1, #battle_data_t.status2
ROM:0802CF44 ADDS R0, R0, R1
ROM:0802CF46 LDR R0, [R0]
ROM:0802CF48 MOVS R1, #substitute
ROM:0802CF4C ANDS R0, R1
ROM:0802CF4E LDR R3, =dp08_ptr
ROM:0802CF50 CMP R0, #0
ROM:0802CF52 BEQ loc_802CF60
ROM:0802CF54 LDR R0, [R3]
ROM:0802CF56 ADDS R0, #0x7F @ ''
ROM:0802CF58 LDRB R1, [R0]
ROM:0802CF5A MOVS R2, #0x80 @ 'Ç'
ROM:0802CF5C ORRS R1, R2
ROM:0802CF5E STRB R1, [R0]
ROM:0802CF60
ROM:0802CF60 loc_802CF60: @ CODE XREF: atkE6_castform_transform+22j
ROM:0802CF60 LDR R0, [R3]
ROM:0802CF62 ADDS R0, #0x7F @ ''
ROM:0802CF64 LDRB R2, [R0]
ROM:0802CF66 MOVS R0, #0
ROM:0802CF68 MOVS R1, #0
ROM:0802CF6A BL dp01_build_cmdbuf_x34_a_bb_aka_battle_anim
ROM:0802CF6E LDRB R0, [R4]
ROM:0802CF70 BL dp01_battle_side_mark_buffer_for_execution
ROM:0802CF74 LDR R1, =b_movescr_cursor
ROM:0802CF76 LDR R0, [R1]
ROM:0802CF78 ADDS R0, #1
ROM:0802CF7A STR R0, [R1]
ROM:0802CF7C POP {R4}
ROM:0802CF7E POP {R0}
ROM:0802CF80 BX R0
ROM:0802CF80 @ End of function atkE6_castform_transform
ROM:0802CF80
ROM:0802CF80 @ ---------------------------------------------------------------------------
ROM:0802CF82 .align 4
ROM:0802CF84 off_802CF84: .long b_active_side @ DATA XREF: atkE6_castform_transform+2r
ROM:0802CF88 off_802CF88: .long byte_2023FC4 @ DATA XREF: atkE6_castform_transform+4r
ROM:0802CF8C off_802CF8C: .long battle_data @ DATA XREF: atkE6_castform_transform+Ar
ROM:0802CF90 off_802CF90: .long dp08_ptr @ DATA XREF: atkE6_castform_transform+1Er
ROM:0802CF94 off_802CF94: .long b_movescr_cursor @ DATA XREF: atkE6_castform_transform+44r


This is Castform_Switch as named in IDA
Spoiler:
ROM:0802CF98
ROM:0802CF98 @ =============== S U B R O U T I N E =======================================
ROM:0802CF98
ROM:0802CF98
ROM:0802CF98 atkE7_castform_switch: @ DATA XREF: ROM:move_cmdso
ROM:0802CF98 PUSH {R4,LR}
ROM:0802CF9A LDR R1, =b_movescr_cursor
ROM:0802CF9C LDR R0, [R1]
ROM:0802CF9E ADDS R0, #1
ROM:0802CFA0 STR R0, [R1]
ROM:0802CFA2 LDR R0, =byte_2023FC4
ROM:0802CFA4 LDRB R0, [R0,#(battle_side_unknown - byte_2023FC4)]
ROM:0802CFA6 BL castform_switch
ROM:0802CFAA LSLS R0, R0, #0x18
ROM:0802CFAC LSRS R4, R0, #0x18
ROM:0802CFAE CMP R4, #0
ROM:0802CFB0 BEQ dont_load_script
ROM:0802CFB2 LDR R0, =castform_script
ROM:0802CFB4 BL b_push_move_exec
ROM:0802CFB8 LDR R0, =dp08_ptr
ROM:0802CFBA LDR R0, [R0]
ROM:0802CFBC ADDS R0, #0x7F @ ''
ROM:0802CFBE SUBS R1, R4, #1
ROM:0802CFC0 STRB R1, [R0]
ROM:0802CFC2
ROM:0802CFC2 dont_load_script: @ CODE XREF: atkE7_castform_switch+18j
ROM:0802CFC2 POP {R4}
ROM:0802CFC4 POP {R0}
ROM:0802CFC6 BX R0
ROM:0802CFC6 @ End of function atkE7_castform_switch
ROM:0802CFC6
ROM:0802CFC6 @ ---------------------------------------------------------------------------
ROM:0802CFC8 off_802CFC8: .long b_movescr_cursor @ DATA XREF: atkE7_castform_switch+2r
ROM:0802CFCC off_802CFCC: .long byte_2023FC4 @ DATA XREF: atkE7_castform_switch+Ar
ROM:0802CFD0 off_802CFD0: .long castform_script @ DATA XREF: atkE7_castform_switch+1Ar
ROM:0802CFD4 off_802CFD4: .long dp08_ptr @ DATA XREF: atkE7_castform_switch+20r


Like Dizzy, I got these routines using IDA, and if anyone would like to add on, they can.

GoGoJJTech February 15th, 2016 2:41 PM

In Emerald, there are three map names that are hidden on the hoenn map.
The three values at 0x085A1C34 are map names. 0xC8, 0xC9, and 0xD3.
0xC8 is "NAVEL ROCK"
0xC9 is "MT. EMBER"
0xD3 is "TANOBY CHAMBERS"
IDK if you can get to these locations in Emerald (or if you can even open the map in them via fly) but there you have that. I can be completely wrong here

GoGoJJTech February 15th, 2016 2:55 PM

Quote:

Originally Posted by Team Fail (Post 9120081)
Navel Rock is where you can get Ho-oh and Lugia, Tanoby Chambers and Mt. Ember are only in Fire Red and I think are inaccessible.

Would there be a reason for these to be hidden on the Hoenn map? I don't see why it's necessary to have this list, even if it's a tiny one like this.

Joexv February 15th, 2016 7:12 PM

Not sure why im doing all this again, but oh well. May come in handy to someone.
Plus these are gonna be more of notes for me:
To remove the platform that Professor Oak/The hero sprites stand on in the intro place 0x00 at 0x812F832
To stop Oaks palette from loading NOP out 6 bytes at 0x813126C
(To restore it 24 48 60 21 40 22)
To remove Oak I cannot find a decent place to NOP out his call, so just blank him out with unlz

For anyone whos reading this and is wanting to mess with the intro. Doing these things is not the best way to do it. Write a custom one with C or ASM DO NOT mess with this one to a great extent unless you know what you are doing!


The bytes around 0x130203 seem to have an effect on what sprite is displayed.
For example I changed the 48 to 42 and it swapped the player to the VS.Seeker animation(I think I havent actually played FR to know this or not)

So I may get more documentation on it eventually but I dont have much as of now.

NewDenverCity February 25th, 2016 6:18 AM

So I watched all the battle animations that I could find.
Spoiler:
Code:

0x1C68F4-0x1C6E7F is the move animation table
0x1C6E80 is a continuation of the move animation table.
 0x1D53D9 - cartoonish hit mark on the enemy
 0x1D5A44 - poison animation on yourself
 0x1D5A6F - confusion birds
 0x1D5A78 - burn status
 0x1D5AA8 - three hearts rising from self, probably infatuation
 0x1D5ADD - sleep 'Z's rising
 0x1D5B09 - paralyze static stuff
 0x1D5B23 - large blocks of ice over opponent, probably freeze animation
 0x1D5B3E - ghost rises, curse effect
 0x1D5B63 - another ghost rises? different ghost, same sound effect
playanimation stuff:
 0x1D5B88 - transform animation, makes your palette black
 0x1D5BBE - nothing
 0x1D5BC7 - slowly vanishes, then reappears by sliding in from the side
 0x1D5C04 - turns self into pokedoll
 0x1D5C0C - turns into a black hexagon, enemy bounces twice. maybe pokeblock throwing?
 0x1D5C54 - bag falls out of enemy, bounces to the right
 0x1D5C5F - wrap effect
 0x1D5DF2 - bides twice, stars, then circle around user
 0x1D5E66 - puffs of smoke appear all over your sprite, then you disappear
 0x1D5F42 - slowly turns red and backs to the left(right if it's the enemy) and then goes to normal position
 0x1D5F8F - rain
 0x1D5FD8 - sunlight
 0x1D5FDD - sandstorm
 0x1D5FE2 - hail
 0x1D5FE7 - hits self with absorb?
 0x1D5FF5 - same as 0x1D52D9
 0x1D6026 - bag pops out of your pokemon, it lands on you, wiggles, then vanishes.
 0x1D604B - opponent flies around the screen in a circle
 0x1D60A9 - psychic background, enemy shakes
 0x1D6108 - background fades to white, gray streaks appear, enemy explodes
 0x1D61CD - storing energy
 0x1D620D - absorbing particles from enemy
 0x1D6250 - glittering particles around you, healing sound
 0x1D628A - turns blue, shakes, water comes out of you
 0x1D6301 - scary face appears above enemy, enemy does extrasensory effect, you then perform 0x1D628A
 0x1D637B - transform animation, turns into enemy. it keeps the direction the enemy was facing and doesn't change palette.
 0x1D6394 - turns into a rock, throwing sound, hitting sound, then the game freezes.
 0x1D63DC - tilts sideways twice, then goes back to normal.
Some other table, can be used by playanimation as well
 0x1D64B6 - level up sound and whatnot, only effects the bar on the sides.
 0x1D64D7 - animation looks like you're going back into your pokeball
 0x1D64E8 - goes back into pokeball, comes back after the enemy is defeated, but lower and pink.
 0x1D64F9 - throws pokeball, other pokemon goes inside of the ball, then immediately comes out.
 0x1D657B - turns into a pokeball, the game freezes.
 0x1D6594 - slides out, then back in.
 0x1D659E - slides out, then a substitute slides back in.



DizzyEgg February 28th, 2016 5:41 AM

Pokemon Emerald
cmd8a
Spoiler:
In XSE this command is said to do nothing which is false. It takes three arguments and creates a planted Berry.
1.byte - plant ID
2.byte - berry ID
3.byte - berry state:
no berry: 0
planted: 1
sprouted: 2
grew taller: 3
bloomed: 4
pickable: 5
Berry creation can happen both off and on-screen.


Berry data
Spoiler:

Berry data is located sy 0x0858A654. It has 44 entries while the first one isn't technically an entry but just text: "have the power of stars", so the actual table starts at 0x0858A670. Entries are enumerated like this:
Spoiler:

00000000 name: .byte 7 dup(?)
00000007 firmness: .byte ?
00000008 size: .short ?
0000000A max_yield: .byte ? @ XREF: get_planted_berry_yield+C/r
0000000B min_yield: .byte ? @ XREF: get_planted_berry_yield+A/r
0000000C description1: .long ? @ offset (00000000)
00000010 description2: .long ? @ offset (00000000)
00000014 hours_stage: .byte ? @ XREF: get_berry_minutes_stage+A/r
00000015 spicy_level: .byte ?
00000016 dry_level: .byte ?
00000017 sweet_level: .byte ?
00000018 bitter_level: .byte ?
00000019 sour_level: .byte ?
0000001A field_1A: .short ?
0000001C berries_data ends



copyvarifnotzero
Spoiler:
There's a scripting command 0x1A called copyvarifnotzero but it's a wrong name as it doesn't copy vars. It takes two arguments:
1. word = var
2. word = var or number
It simply sets the var specified in the first arguments to value in the second. The more appropiate name would be 'setvar2'. It's different from 'setvar' as it's able to read the second arguments from a var.

Telinc1 March 2nd, 2016 10:46 AM

About time I finally decide to actually find something on my own! Put 00 00 00 00 at 080F8121, 080F8168, 08056C96 and 080F82BE to completely skip looking for location previews. Useful for people who don't want them and don't want to wipe out the table. I've tested it pretty well and I haven't yet noticed any side effects from doing it. And just a warning, I haven't confirmed whether the table (it's at 0x0843E9E8 by the way) actually gets read or not, so I'd advise against using it as free space.

AkameTheBulbasaur March 4th, 2016 9:41 PM

Quote:

Originally Posted by Telinc1 (Post 9143999)
About time I finally decide to actually find something on my own! Put 00 00 00 00 at 080F8121, 080F8168, 08056C96 and 080F82BE to completely skip looking for location previews. Useful for people who don't want them and don't want to wipe out the table. I've tested it pretty well and I haven't yet noticed any side effects from doing it. And just a warning, I haven't confirmed whether the table (it's at 0x0843E9E8 by the way) actually gets read or not, so I'd advise against using it as free space.

Branching off of this post, the Location Preview table is structured with three pointers for each entry. (EDIT: The first four bytes are explained in the post below this.) The second pointer is to the image of the preview, the third is to a Tilemap for the image, and the last is to the image's palette.

Spoiler:

1. Viridian Forest
2. Mt. Moon
3. Diglett's Cave
4. Rock Tunnel
5. Pokemon Tower
6. Safari Zone
7. Seafoam Islands
8. Pokemon Mansion
9. Rocket Hideout (Kanto)
10. Silph Co.
11. Victory Road
13. Cerulean Cave
14. Power Plant
15. Mt. Ember
16. Rocket Hideout (Sevii Isles)
17. Tanoby Ruins
18. Dotted Hole
19. Berry Forest
20. Icefall Cave
21. Lost Cave
22. Altering Cave
23. Another location using the Viridian Forest Preview
24. One of the Tanoby Chambers
25. One of the Tanoby Chambers
26. One of the Tanoby Chambers
27. One of the Tanoby Chambers
28. One of the Tanoby Chambers
29. One of the Tanoby Chambers


I haven't been able to successfully insert a new Location Preview, or change the maps that they appear on (if anybody has any info on that I'd love to know), but I'm sure it's probably possible.

Changing the pre-existing images on the pre-existing maps with Location Previews is as easy as copying the image, tilemap and palette pointers and replacing another entry on the list with them.

azurile13 March 5th, 2016 12:58 AM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9147672)
Branching off of this post, the Location Preview table is structured with four pointers for each entry. I don't know what the first pointer is exactly (but I believe it has something to do with which map name the Location Preview appears in upon entering). The second pointer is to the image of the preview, the third is to a Tilemap for the image, and the last is to the image's palette.

Spoiler:

1. Viridian Forest
2. Mt. Moon
3. Diglett's Cave
4. Rock Tunnel
5. Pokemon Tower
6. Safari Zone
7. Seafoam Islands
8. Pokemon Mansion
9. Rocket Hideout (Kanto)
10. Silph Co.
11. Victory Road
13. Cerulean Cave
14. Power Plant
15. Mt. Ember
16. Rocket Hideout (Sevii Isles)
17. Tanoby Ruins
18. Dotted Hole
19. Berry Forest
20. Icefall Cave
21. Lost Cave
22. Altering Cave
23. Another location using the Viridian Forest Preview
24. One of the Tanoby Chambers
25. One of the Tanoby Chambers
26. One of the Tanoby Chambers
27. One of the Tanoby Chambers
28. One of the Tanoby Chambers
29. One of the Tanoby Chambers


I haven't been able to successfully insert a new Location Preview, or change the maps that they appear on (if anybody has any info on that I'd love to know), but I'm sure it's probably possible.

Changing the pre-existing images on the pre-existing maps with Location Previews is as easy as copying the image, tilemap and palette pointers and replacing another entry on the list with them.

That’s because the first four bytes are not a pointer.
Code:

0x0: map_name (byte)
0x1: map_transition (byte)
0x2: worldmap_flag (short)
0x4: img_ptr (long)
0x8: tile_ptr (long)
0xC: palettes_ptr (long)


Examples:
worldmap flag 0x8A5 = Viridian Forest
worldmap flag 0x8A9 = Mt. Moon
worldmap flag 0x8B0 = Rock Tunnel

Telinc1 March 5th, 2016 7:53 AM

Quote:

Originally Posted by azurile13 (Post 9147883)
That’s because the first four bytes are not a pointer.
Code:

0x0: map_name (byte)
0x1: map_transition (byte)
0x2: worldmap_flag (short)
0x4: img_ptr (long)
0x8: tile_ptr (long)
0xC: palettes_ptr (long)


Examples:
worldmap flag 0x8A5 = Viridian Forest
worldmap flag 0x8A9 = Mt. Moon
worldmap flag 0x8B0 = Rock Tunnel

Some of this is documented here (that's where I got the table offset from). This is nice though, as that post doesn't really mention the purpose of the first couple of bytes that much (what does the game need the world map flag for, though?). Just so people don't have to go there to see, the map_transition is 0 for caves (screen fades to white and then transitions to black before fading out) and 1 for everything else (screen just fades to the map). Other values make the game ignore the picture (according to the post; I'll research that a bit, because I'm not sure how much the author of that post knew about the table's structure, so maybe other values do mean something else or can be hooked into).

DizzyEgg March 5th, 2016 10:07 AM

Pokemon Emerald
cmdc3 increments a counter specified in the argument(0 for the first counter ,1 for the second counter, etc.) by 1. There are 64 in-game encrypted counters, though only the first 51 can be accessed.

cmdb2 it's a nop

cmdb1 a buggy command that gets the value of first argument three times and doesn't return it in any way

cmd24 probably gotoasm

azurile13 March 5th, 2016 1:34 PM

Quote:

Originally Posted by Telinc1 (Post 9148302)
Some of this is documented here (that's where I got the table offset from). This is nice though, as that post doesn't really mention the purpose of the first couple of bytes that much (what does the game need the world map flag for, though?). Just so people don't have to go there to see, the map_transition is 0 for caves (screen fades to white and then transitions to black before fading out) and 1 for everything else (screen just fades to the map). Other values make the game ignore the picture (according to the post; I'll research that a bit, because I'm not sure how much the author of that post knew about the table's structure, so maybe other values do mean something else or can be hooked into).

I don't know what specifically it needs the worldmap flag for. I only know because I saw it load the halfword then use it as an argument for the flag check routine. See 0x080F8582. I didn't really read beyond that, as it seems sufficient for any table extension you'd want to do.

The transition byte, I don't really know. It seems to always be fed as an argument 0 or 1. Although you could theoretically add new ways of loading the map, I'm not sure why you would need to.

Quick scan:
0x080F8104: 0x1B, number of entries (zero indexed)
0x080F8108: 0x1C, 1 more than number of pics, indicates no pic
0x080F8126: 0x1C, check for no matching pic
0x080F81AC: 0x1C, check for no matching pic
0x080F8552: 0x1C, check for no matching pic
0x080F857A: 0x1C, check for no matching pic

Note that I literally looked for these while typing up the post, so I may have missed something.

Xencleamas March 24th, 2016 6:16 AM

Field Move Selection Table

One more thing about expanding the move name list: Do you remember selecting field moves from Pokemon menu, right? You can clear the original and old move name table to have more free space. However, after that, the selection becomes blank, right? Want to know why? It is because there is a table in the ROM to load the selection of field moves. Here's the table:

Code:

3F 98 31 08 71 54 1B 08 00 9F 31 08 71 54 1B 08
21 A4 31 08 71 54 1B 08 0A 9B 31 08 71 54 1B 08
61 9A 31 08 71 54 1B 08 73 98 31 08 71 54 1B 08
43 A6 31 08 71 54 1B 08 EF 9D 31 08 71 54 1B 08
90 9C 31 08 71 54 1B 08 1B 9C 31 08 71 54 1B 08
36 A6 31 08 71 54 1B 08 0C A2 31 08 71 54 1B 08
57 9E 31 08 71 54 1B 08 2A A3 31 08 71 54 1B 08


*Emerald's Field Move Selection Table

The table contains two pointers for each slot: the first pointer leads to a string of a move's name, actually inside the move name table; and, the second pointer... I dunno what it actually does but further investigation (it leads to an ASM routine I suppose), and every slot has the same pointer. For real, that table is part of the Pokemon Menu selection table (Shift, Summary, Exit, etc.). Here's the location of the field move selection table:

Code:

Emerald: 0x08615CA0 (14 field moves available)
FireRed: 0x0845A6A8 (12 field moves available)
LeafGreen: 0x0845A138 (12 field moves available)
Ruby: 0x0839F4FC (14 field moves available)
Sapphire: 0x0839F344 (14 field moves available)


Here's then the list of the second pointer for those who care:

Code:

Emerald: 0x081B5471
FireRed: 0x081245A5
LeafGreen: 0x081245F5
Ruby: 0x0808A9A5
Sapphire: 0x0808A9A5


Only thing you need to do is to find the new string of the move, and replace the first pointer with the pointer of the location of the new string. In the easy way, you just need to multiply the slot number of a field move by 0xD. It is because that is the limit of the string. Add it by the location of a move table. Then, convert it into pointer and place it in the table. This maybe sound confusing since the table is arranged in how the HMs are unlock according to badges, plus non-HM field moves. In the list, the HMs go first then the other field moves (Secret Power, Teleport, Milk Drink) comes last. Here is the list of how the slots were ordered:

Code:

R/S/E:                FR/LG:
Cut                Flash
Flash                Cut
Rock Smash        Fly
Strength        Strength
Surf                Surf
Fly                Rock Smash
Dive                Waterfall
Waterfall        Teleport
Teleport        Dig
Dig                Milk Drink
Secret Power        Softboiled
Milk Drink        Sweet Scent
Softboiled
Sweet Scent


To be helpful, I made an ASM routine that will generate the table according to your customized location of your move name table. To note that this is NOT actually an ASM routine that programs stuff but generating a table:

Routines:
Spoiler:
Emerald:
Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func
.global fieldmovetable

@ Insert entire data at 0x08615CA0

.equ NewMoveTable, 0x0831977C @ Insert the offset of your new Move Name table location.
.equ SuchPointer, 0x081B5471 @ I dunno what it does but will investigate it later. No need to change.
.equ StringLimit, 0xD @ Character limit of each slot from the Move Name table. No need to change.
.equ CutID, 0xF
.equ FlashID, 0x94
.equ RockSmashID, 0xF9
.equ StrengthID, 0x46
.equ SurfID, 0x39
.equ FlyID, 0x13
.equ DiveID, 0x123
.equ WaterfallID, 0x7F
.equ TeleportID, 0x64
.equ DigID, 0x5B
.equ SecretPowerID, 0x122
.equ MilkDrinkID, 0xD0
.equ SoftboiledID, 0x87
.equ SweetScentID, 0xE6

Cut: .word NewMoveTable + (StringLimit * CutID), SuchPointer
Flash: .word NewMoveTable + (StringLimit * FlashID), SuchPointer
RockSmash: .word NewMoveTable + (StringLimit * RockSmashID), SuchPointer
Strength: .word NewMoveTable + (StringLimit * StrengthID), SuchPointer
Surf: .word NewMoveTable + (StringLimit * SurfID), SuchPointer
Fly: .word NewMoveTable + (StringLimit * FlyID), SuchPointer
Dive: .word NewMoveTable + (StringLimit * DiveID), SuchPointer
Waterfall: .word NewMoveTable + (StringLimit * WaterfallID), SuchPointer
Teleport: .word NewMoveTable + (StringLimit * TeleportID), SuchPointer
Dig: .word NewMoveTable + (StringLimit * DigID), SuchPointer
SecretPower: .word NewMoveTable + (StringLimit * SecretPowerID), SuchPointer
MilkDrink: .word NewMoveTable + (StringLimit * MilkDrinkID), SuchPointer
Softboiled: .word NewMoveTable + (StringLimit * SoftboiledID), SuchPointer
SweetScent: .word NewMoveTable + (StringLimit * SweetScentID), SuchPointer




FireRed:
Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func
.global fieldmovetable

@ Insert entire data at 0x0845A6A8

.equ NewMoveTable, 0x08247094 @ Insert the offset of your new Move Name table location.
.equ SuchPointer, 0x081245A5 @ I dunno what it does but will investigate it later.
.equ StringLimit, 0xD
.equ FlashID, 0x94
.equ CutID, 0xF
.equ FlyID, 0x13
.equ StrengthID, 0x46
.equ SurfID, 0x39
.equ RockSmashID, 0xF9
.equ WaterfallID, 0x7F
.equ TeleportID, 0x64
.equ DigID, 0x5B
.equ MilkDrinkID, 0xD0
.equ SoftboiledID, 0x87
.equ SweetScentID, 0xE6

Flash: .word NewMoveTable + (StringLimit * FlashID), SuchPointer
Cut: .word NewMoveTable + (StringLimit * CutID), SuchPointer
Fly: .word NewMoveTable + (StringLimit * FlyID), SuchPointer
Strength: .word NewMoveTable + (StringLimit * StrengthID), SuchPointer
Surf: .word NewMoveTable + (StringLimit * SurfID), SuchPointer
RockSmash: .word NewMoveTable + (StringLimit * RockSmashID), SuchPointer
Waterfall: .word NewMoveTable + (StringLimit * WaterfallID), SuchPointer
Teleport: .word NewMoveTable + (StringLimit * TeleportID), SuchPointer
Dig: .word NewMoveTable + (StringLimit * DigID), SuchPointer
MilkDrink: .word NewMoveTable + (StringLimit * MilkDrinkID), SuchPointer
Softboiled: .word NewMoveTable + (StringLimit * SoftboiledID), SuchPointer
SweetScent: .word NewMoveTable + (StringLimit * SweetScentID), SuchPointer




LeafGreen:
Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func
.global fieldmovetable

@ Insert entire data at 0x0845A138

.equ NewMoveTable, 0x082470E0 @ Insert the offset of your new Move Name table location.
.equ SuchPointer, 0x081245F5 @ I dunno what it does but will investigate it later.
.equ StringLimit, 0xD
.equ FlashID, 0x94
.equ CutID, 0xF
.equ FlyID, 0x13
.equ StrengthID, 0x46
.equ SurfID, 0x39
.equ RockSmashID, 0xF9
.equ WaterfallID, 0x7F
.equ TeleportID, 0x64
.equ DigID, 0x5B
.equ MilkDrinkID, 0xD0
.equ SoftboiledID, 0x87
.equ SweetScentID, 0xE6

Flash: .word NewMoveTable + (StringLimit * FlashID), SuchPointer
Cut: .word NewMoveTable + (StringLimit * CutID), SuchPointer
Fly: .word NewMoveTable + (StringLimit * FlyID), SuchPointer
Strength: .word NewMoveTable + (StringLimit * StrengthID), SuchPointer
Surf: .word NewMoveTable + (StringLimit * SurfID), SuchPointer
RockSmash: .word NewMoveTable + (StringLimit * RockSmashID), SuchPointer
Waterfall: .word NewMoveTable + (StringLimit * WaterfallID), SuchPointer
Teleport: .word NewMoveTable + (StringLimit * TeleportID), SuchPointer
Dig: .word NewMoveTable + (StringLimit * DigID), SuchPointer
MilkDrink: .word NewMoveTable + (StringLimit * MilkDrinkID), SuchPointer
Softboiled: .word NewMoveTable + (StringLimit * SoftboiledID), SuchPointer
SweetScent: .word NewMoveTable + (StringLimit * SweetScentID), SuchPointer




Ruby:
Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func
.global fieldmovetable

@ Insert entire data at 0x0839F4FC

.equ NewMoveTable, 0x081F8338 @ Insert the offset of your new Move Name table location.
.equ SuchPointer, 0x0808A9A5 @ I dunno what it does but will investigate it later. No need to change.
.equ StringLimit, 0xD @ Character limit of each slot from the Move Name table. No need to change.
.equ CutID, 0xF
.equ FlashID, 0x94
.equ RockSmashID, 0xF9
.equ StrengthID, 0x46
.equ SurfID, 0x39
.equ FlyID, 0x13
.equ DiveID, 0x123
.equ WaterfallID, 0x7F
.equ TeleportID, 0x64
.equ DigID, 0x5B
.equ SecretPowerID, 0x122
.equ MilkDrinkID, 0xD0
.equ SoftboiledID, 0x87
.equ SweetScentID, 0xE6

Cut: .word NewMoveTable + (StringLimit * CutID), SuchPointer
Flash: .word NewMoveTable + (StringLimit * FlashID), SuchPointer
RockSmash: .word NewMoveTable + (StringLimit * RockSmashID), SuchPointer
Strength: .word NewMoveTable + (StringLimit * StrengthID), SuchPointer
Surf: .word NewMoveTable + (StringLimit * SurfID), SuchPointer
Fly: .word NewMoveTable + (StringLimit * FlyID), SuchPointer
Dive: .word NewMoveTable + (StringLimit * DiveID), SuchPointer
Waterfall: .word NewMoveTable + (StringLimit * WaterfallID), SuchPointer
Teleport: .word NewMoveTable + (StringLimit * TeleportID), SuchPointer
Dig: .word NewMoveTable + (StringLimit * DigID), SuchPointer
SecretPower: .word NewMoveTable + (StringLimit * SecretPowerID), SuchPointer
MilkDrink: .word NewMoveTable + (StringLimit * MilkDrinkID), SuchPointer
Softboiled: .word NewMoveTable + (StringLimit * SoftboiledID), SuchPointer
SweetScent: .word NewMoveTable + (StringLimit * SweetScentID), SuchPointer




Sapphire:
Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func
.global fieldmovetable

@ Insert entire data at 0x0839F344

.equ NewMoveTable, 0x081F82C8 @ Insert the offset of your new Move Name table location.
.equ SuchPointer, 0x0808A9A5 @ I dunno what it does but will investigate it later. No need to change.
.equ StringLimit, 0xD @ Character limit of each slot from the Move Name table. No need to change.
.equ CutID, 0xF
.equ FlashID, 0x94
.equ RockSmashID, 0xF9
.equ StrengthID, 0x46
.equ SurfID, 0x39
.equ FlyID, 0x13
.equ DiveID, 0x123
.equ WaterfallID, 0x7F
.equ TeleportID, 0x64
.equ DigID, 0x5B
.equ SecretPowerID, 0x122
.equ MilkDrinkID, 0xD0
.equ SoftboiledID, 0x87
.equ SweetScentID, 0xE6

Cut: .word NewMoveTable + (StringLimit * CutID), SuchPointer
Flash: .word NewMoveTable + (StringLimit * FlashID), SuchPointer
RockSmash: .word NewMoveTable + (StringLimit * RockSmashID), SuchPointer
Strength: .word NewMoveTable + (StringLimit * StrengthID), SuchPointer
Surf: .word NewMoveTable + (StringLimit * SurfID), SuchPointer
Fly: .word NewMoveTable + (StringLimit * FlyID), SuchPointer
Dive: .word NewMoveTable + (StringLimit * DiveID), SuchPointer
Waterfall: .word NewMoveTable + (StringLimit * WaterfallID), SuchPointer
Teleport: .word NewMoveTable + (StringLimit * TeleportID), SuchPointer
Dig: .word NewMoveTable + (StringLimit * DigID), SuchPointer
SecretPower: .word NewMoveTable + (StringLimit * SecretPowerID), SuchPointer
MilkDrink: .word NewMoveTable + (StringLimit * MilkDrinkID), SuchPointer
Softboiled: .word NewMoveTable + (StringLimit * SoftboiledID), SuchPointer
SweetScent: .word NewMoveTable + (StringLimit * SweetScentID), SuchPointer




I wonder if it can be expanded though to add more field moves like Rock Climb, Defog, etc. Alright! That's it! Hope you've understand what it just wrote.

DizzyEgg March 24th, 2016 6:45 AM

Quote:

Originally Posted by Sky High (Post 9177226)
stuff

So, I'll be addressing Emerald. The actual table starts at 0x08615C08 and contains all pokemon menu options. It goes like this:
ptr to text
ptr to function to execute
Field moves are also in that table. It seems the order of those options displayed is determined somewhere else.
0x081B5470 is a function that's executed upon selecting a field move. This function checks obtained badges, whether you can use the move here, executes appropriate script, etc. I may try to look around to find the limiter.

Blah March 24th, 2016 9:34 AM

Quote:

Originally Posted by DizzyEgg (Post 9177245)
So, I'll be addressing Emerald. The actual table starts at 0x08615C08 and contains all pokemon menu options. It goes like this:
ptr to text
ptr to function to execute
Field moves are also in that table. It seems the order of those options displayed is determined somewhere else.
0x081B5470 is a function that's executed upon selecting a field move. This function checks obtained badges, whether you can use the move here, executes appropriate script, etc. I may try to look around to find the limiter.

I found this stuff for FR and expanded it successfully. Check the ASM resource thread, I have a post there titled field moves, it may be useful as it's probably 1:1 with EM. Also we need a better organisation of things discovered. That's like the 5th person who's trying to expand field moves now :D

Spherical Ice March 24th, 2016 10:39 AM

When a new save is generated, the default wallpapers for the storage system will loop through the first four wallpapers for every box. This always annoyed me way back when I first played FRLG; it felt like they were just wasting the assets.

To make the boxes use wallpapers 1 through 14, change the byte at 0x8C836 to 0xD (you can make it higher but as there are only fourteen boxes, it won't really affect anything). As the wallpapers are assigned at the time of generating the save, this will only affect new saves.

Xencleamas March 27th, 2016 7:34 AM

Quote:

Originally Posted by Spherical Ice (Post 9177481)
When a new save is generated, the default wallpapers for the storage system will loop through the first four wallpapers for every box. This always annoyed me way back when I first played FRLG; it felt like they were just wasting the assets.

To make the boxes use wallpapers 1 through 14, change the byte at 0x8C836 to 0xD (you can make it higher but as there are only fourteen boxes, it won't really affect anything). As the wallpapers are assigned at the time of generating the save, this will only affect new saves.

Default Wallpapers (Emerald)

In Emerald, to make the boxes use wallpapers 1 through 14, change the byte at 0x080C77C6 to 0xF (you can make it higher but as there are only fourteen boxes, it won't really affect anything). As the wallpapers are assigned at the time of generating the save, this will only affect new saves.

To note though, especially for FireRed, it should be 0xF not 0xD. It is because not a complete bug but what happened to me is Forest, City, Forest, City, Crag, Volcano, Crag, Volcano, Beach, Seafloor, Beach, Seafloor, Polka Dot, PokeCenter (from Boxes 1-14 respectively)... Shortly, it skips the third and fourth, used the first and second wallpapers again. Divisible by "4" (digits 0x3, 0x7, 0xB, 0xF) results better, otherwise like I said before.

AkameTheBulbasaur March 28th, 2016 7:21 PM

PokeDex Search Functions

In Fire Red, there are four "Search Modes" for the PokeDex. Alphabetical Mode, Type Mode, Lightest Mode and Smallest Mode.

The PokeDex determines the order of the Pokemon in these modes by looking at a table. There are four tables, one for each mode.

So let's say you change the heights and weights for any number of Pokemon, or you change the types. Maybe you have new Pokemon and the Alphabetical Order table is now out of date.

These tables can be edited and re pointed to accommodate new Pokemon. It may be a small thing, but the little things can go a long way into making a hack more professional.

The Alphabetical Mode Table starts at 0x443FC0.
The Lightest Mode Table starts at 0x4442F6.
The Smallest Mode Table starts at 0x4445FA.
The Type Mode Table starts at 0x4448FE.

The pointer to the Alphabetical Mode Table is at 0x103694.
The pointer to the Type Mode Table is at 0x103734.
The pointer to the Lightest Mode Table is at 0x1037CC.
The pointer to the Smallest Mode Table is at 0x103868.

Some Notes:

Each table consists of one entry per Pokemon, with two bytes per entry. These two bytes are the reverse index number of the Pokemon. For example, Bulbasaur's Index Number is 0001, which would be shown in the table as 0100.

The Alphabetical table truly begins at 0x443FF2. There are some entries that begin at 0x443FC0 that do not appear in the actual game. They are after the "PokeDex index numbers" for Deoxys, which I will explain later. Not sure why they are there, but unless you expanded the number of Pokemon in the PokeDex I would leave them alone. (Although if you expanded the number of Pokemon in the PokeDex you would have to repoint anyway.)

Also, the Type Mode table uses the "true index numbers", which are the ones given by programs such as Gen III Hacking Suite and are the ones used by nearly every other function of the game (Wild Battles, Trainer Parties, Give Pokemon Scripts, etc.)

HOWEVER

Every other table here uses the PokeDex numbers as the index numbers. For example, Abra is 63 in the PokeDex, and appears in the table as 3F 00.

This is really only important for the Hoenn Pokemon, as their internal order and PokeDex order are drastically different. The Type Mode Table includes the 25 Unused Slots between Celebi and Treecko in the table (though they are not shown in game), but the other three do not.

This is likely related to the entries in the Alphabetical Mode before the true table starts. The 25 entries before the table truly starts are after Deoxys (who is 0x182 in the PokeDex Order) and are not shown in the Vanilla game.

Below is a list of the Hoenn Pokemon and their co responding PokeDex Index Numbers. You could go onto Bulbapedia and translate the PokeDex Number there into hex, but that's really tedious.

Spoiler:
Treecko - FC 00
Grovyle - FD 00
Sceptile - FE 00
Torchic - FF 00
Combusken - 00 01
Blaziken - 01 01
Mudkip - 02 01
Marshtomp - 03 01
Swampert - 04 01
Poochyena - 05 01
Mightyena - 06 01
Zigzagoon - 07 01
Linoone - 08 01
Wurmple - 09 01
Silcoon - 0A 01
Beautifly - 0B 01
Cascoon - 0C 01
Dustox - 0D 01
Lotad - 0E 01
Lombre - 0F 01
Ludicolo - 10 01
Seedot - 11 01
Nuzleaf - 12 01
Shiftry - 13 01
Taillow - 14 01
Swellow - 15 01
Wingull - 16 01
Pelipper - 17 01
Ralts - 18 01
Kirlia - 19 01
Gardevoir - 1A 01
Surskit - 1B 01
Masquerain - 1C 01
Shroomish - 1D 01
Breloom - 1E 01
Slakoth - 1F 01
Vigoroth - 20 01
Slaking - 21 01
Nincada - 22 01
Ninjask - 23 01
Shedinja - 24 01
Whismur - 25 01
Loudred - 26 01
Exploud - 27 01
Makuhita - 28 01
Hariyama - 29 01
Azurill - 2A 01
Nosepass - 2B 01
Skitty - 2C 01
Delcatty - 2D 01
Sableye - 2E 01
Mawile - 2F 01
Aron - 30 01
Lairon - 31 01
Aggron - 32 01
Meditite - 33 01
Medicham - 34 01
Electrike - 35 01
Manectric - 36 01
Plusle - 37 01
Minun - 38 01
Volbeat - 39 01
Illumise - 3A 01
Roselia - 3B 01
Gulpin - 3C 01
Swalot - 3D 01
Carvanha - 3E 01
Sharpedo - 3F 01
Wailmer - 40 01
Wailord - 41 01
Numel - 42 01
Camerupt - 43 01
Torkoal - 44 01
Spoink - 45 01
Grumpig - 46 01
Spinda - 47 01
Trapinch - 48 01
Vibrava - 49 01
Flygon - 4A 01
Cacnea - 4B 01
Cacturne - 4C 01
Swablu - 4D 01
Altaria - 4E 01
Zangoose - 4F 01
Seviper - 50 01
Lunatone - 51 01
Solrock - 52 01
Barboach - 53 01
Whiscash - 54 01
Corphish - 55 01\
Crawdaunt - 56 01
Baltoy - 57 01
Claydol - 58 01
Lileep - 59 01
Cradily - 5A 01
Anorith - 5B 01
Armaldo - 5C 01
Feebas - 5D 01
Milotic - 5E 01
Castform - 5F 01
Kecleon - 60 01
Shuppet - 61 01
Banette - 62 01
Duskull - 63 01
Dusclops - 64 01
Tropius - 65 01
Chimecho - 66 01
Absol - 67 01
Wynaut - 68 01
Snorunt - 69 01
Glalie- 6A 01
Spheal - 6B 01
Sealeo - 6C 01
Walrein - 6D 01
Clamperl - 6E 01
Huntail - 6F 01
Gorebyss - 70 01
Relicanth - 71 01
Luvdisc - 72 01
Bagon - 73 01
Shelgon - 74 01
Salamence - 75 01
Beldum - 76 01
Metang - 77 01
Metagross - 78 01
Regirock - 79 01
Regice - 7A 01
Registeel - 7B 01
Latias - 7C 01
Latios - 7D 01
Kyogre - 7E 01
Groudon - 7F 01
Rayquaza - 80 01
Jirachi - 81 01
Deoxys - 81 01


The Lightest and Smallest Tables have a limiter of 386 (or 0x181), so if the tables are extended they will have to be changed. The Type Mode Table does not have a limiter and ends at FF followed by anything that's not 00 (as FF 00 is an index number for a Pokemon.) I haven't looked into the Alphabetical Table much, but it doesn't appear to have a limiter either. I don't know how it measures the size of the table but the unused entries at the beginning might have something to do with it.

AkameTheBulbasaur April 1st, 2016 7:48 PM

http://pokedream.com/games/fireleaf/help/teachy1.png

Ah, the Teachy TV. This item is given to you by the Old Man in Viridian City to teach the player about Pokemon. I find it to be completely useless, but one can hack the text to make it more useful if they wish.

There is a table at 0x479308 that determines the text that is displayed on the Teachy TV menu and which video it plays when the option is picked.

There is another table right after it that the TV uses at first.

The length of this table is at 0x479374.

Format

Each entry is eight bytes long. The first four are a pointer to the string of the menu option, for example "How do I catch a Pokemon?"

The fifth byte is the video that it will play. The valid numbers for this byte are 00 to 05. This is the order of the videos associated with each number.

00 - How to battle
01 - Status conditions
02 - Type matchups
03 - Catching Pokemon
04 - TMs
05 - Registering Items

Offsets for Text

The intro to each video is at 0x41B83D.

Offsets for How to Battle
Spoiler:

Part 1: 0x41B8BF ("Today, the POKé DUDE's here to...")
Part 2: 0x1C5F69 ("The speedier of the battlers gets to attack first...")
Part 3: 0x1C5FA7 ("It looks like my RATTATA was faster...")
Part 4: 0x1C5FDC ("The battlers take turns...")
Part 5: 0x1C601C ("My RATTATA reduced the foe's...")
Part 6: 0x41BA41 ("Well, did you get that? Even if your own...")


Offsets for Status Conditions
Spoiler:

Part 1: 0x41BB40 ("Today, the POKé DUDE's here to...")
Part 2: 0x1C60FA ("POKé DUDE: Uh-oh[...] My RATTATA has...")
Part 3: 0x1C615A ("...It's best to heal it right away")
Part 4: 0x1C61EA ("Yay! We managed to win!")
Part 5: 0x41BD10 ("Poisoning or paralysis don't go...")


Offsets for Type Matchup
Spoiler:

Part 1: 0x41BE76 ("Does everyone know about...")
Part 2: 0x1C6202 ("POKé DUDE: The move BUBBLE is...")
Part 3: 0x1C6301 ("Uh-oh, this is not good! The ABSORB...")
Part 4: 0x1C63A9 ("BUTTERFREE is a BUG/FLYING-type...")
Part 5: 0x1C63F9 ("ODDISH is a GRASS/POISON-type...")
Part 6: 0x41C0AF ("Is it possible to launch an attack...")


Offsets for Catching Pokemon
Spoiler:

Part 1: 0x41C23B ("Today the POKé DUDE's going to show...")
Part 2: 0x1C6645 ("POKé DUDE: When you're trying to...")
Part 3: 0x1C66F1 ("Okay, that should be good enough...")
Part 4: 0x1C6787 ("This will make the POKéMON a lot...")
Part 5: 0x1C684B ("Okay! Let me throw my...")
Part 6: 0x1C686C ("Before you throw a POKé BALL, consider...")
Part 7: 0x41C384 ("If your first POKé BALL fails...")


Offsets for TMs
Spoiler:

Part 1: 0x41C459 ("Hey, everyone! Do you all have...")
Part 2: 0x41C587 ("POKé DUDE: NORMAL, WATER...")
Part 3: 0x41C693 ("Don't just look at the type, read...")
Part 4: 0x41C7B4 ("Wow, I talked a lot today! All righty...")


Offsets for Item Registration
Spoiler:

Part 1: 0x41C82A ("A TRAINER's BAG has a bunch...")
Part 2: 0x41C994 ("And now, your TEACHY TV is...")

Sea Dragon April 2nd, 2016 5:16 PM

Haven't seen these on here so I thought I'd post what I've found.
These are both for Emerald.
Change moves called in the Nature Power table:
nature power table: 31c414 - 31c427 2 bytes per move in this order: tall grass, long grass, sand, underwater, sea water, pond water, rock, cave, building + plain terrain
limiter: 14ef4a Replace B1 20 40 00 81 42 with 00 00 00 00 00 00
callterrainattack(battle script command): 054bec

Fix Shedinja's evolution for expanded evolution table:
@13e3f6 change 80 to c0
@13e3fa change 4450 to 0000
Explanation:
Spoiler:
increasing the number of evolutions per pokemon may break Shedinja's ("spawn a second") evolution because of the way it searches the evolution table. The equation it uses must be modified to make sure it points to the right offset.

0813e3f4 4650 mov r0, r10 *evolving pokemons index in r0 (nincada = 12d)
0813e3f6 0080 lsl r0, r0, #0x02 *shifts r0 left by 0x02 (=4b4) - shift by 0x03 instead (=968)
0813e3f8 9002 str r0, [sp, #0x8]
0813e3fa 4450 add r0, r10 *adds pokemons index (4b4+12d=5e1) -remove this
0813e3fc 00c7 lsl r7, r0, #0x03 *shifts r0 by 0x03 and puts it in r7 (this should be the number of bytes from the beginning of the evolution table to nincadas evolution: default = 2f08, expanded =4b40)

0813e3fe 4956 ldr r1, [$0813e558] (=$08AAAAAA) *location of your evolution table
0813e400 19c9 add r1, r1, r7
0813e402 4688 mov r8, r1
0813e404 8808 ldrh r0, [r1, #0x0]
0813e406 280d cmp r0, #0xd
0813e408 d000 beq $0813e40c
0813e40a e09c b $0813e546

Bitwise calculator: http://www.miniwebtool.com/bitwise-calculator/bit-shift/

This change works for 8 evolutions. If you have more then it likely uses a similar pattern (shift bytes by a higher number and alternate whether or not you add the pokemon's index).

LCCoolJ95 April 4th, 2016 10:48 AM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9182559)
PokeDex Search Functions

In Fire Red, there are four "Search Modes" for the PokeDex. Alphabetical Mode, Type Mode, Lightest Mode and Smallest Mode.

The PokeDex determines the order of the Pokemon in these modes by looking at a table. There are four tables, one for each mode.

So let's say you change the heights and weights for any number of Pokemon, or you change the types. Maybe you have new Pokemon and the Alphabetical Order table is now out of date.

These tables can be edited and re pointed to accommodate new Pokemon. It may be a small thing, but the little things can go a long way into making a hack more professional.

The Alphabetical Mode Table starts at 0x443FC0.
The Lightest Mode Table starts at 0x4442F6.
The Smallest Mode Table starts at 0x4445FA.
The Type Mode Table starts at 0x4448FE.

The pointer to the Alphabetical Mode Table is at 0x103694.
The pointer to the Type Mode Table is at 0x103734.
The pointer to the Lightest Mode Table is at 0x1037CC.
The pointer to the Smallest Mode Table is at 0x103868.

Some Notes:

Each table consists of one entry per Pokemon, with two bytes per entry. These two bytes are the reverse index number of the Pokemon. For example, Bulbasaur's Index Number is 0001, which would be shown in the table as 0100.

The Alphabetical table truly begins at 0x443FF2. There are some entries that begin at 0x443FC0 that do not appear in the actual game. They are after the "PokeDex index numbers" for Deoxys, which I will explain later. Not sure why they are there, but unless you expanded the number of Pokemon in the PokeDex I would leave them alone. (Although if you expanded the number of Pokemon in the PokeDex you would have to repoint anyway.)

Also, the Type Mode table uses the "true index numbers", which are the ones given by programs such as Gen III Hacking Suite and are the ones used by nearly every other function of the game (Wild Battles, Trainer Parties, Give Pokemon Scripts, etc.)

HOWEVER

Every other table here uses the PokeDex numbers as the index numbers. For example, Abra is 63 in the PokeDex, and appears in the table as 3F 00.

This is really only important for the Hoenn Pokemon, as their internal order and PokeDex order are drastically different. The Type Mode Table includes the 25 Unused Slots between Celebi and Treecko in the table (though they are not shown in game), but the other three do not.

This is likely related to the entries in the Alphabetical Mode before the true table starts. The 25 entries before the table truly starts are after Deoxys (who is 0x182 in the PokeDex Order) and are not shown in the Vanilla game.

Below is a list of the Hoenn Pokemon and their co responding PokeDex Index Numbers. You could go onto Bulbapedia and translate the PokeDex Number there into hex, but that's really tedious.

Spoiler:
Treecko - FC 00
Grovyle - FD 00
Sceptile - FE 00
Torchic - FF 00
Combusken - 00 01
Blaziken - 01 01
Mudkip - 02 01
Marshtomp - 03 01
Swampert - 04 01
Poochyena - 05 01
Mightyena - 06 01
Zigzagoon - 07 01
Linoone - 08 01
Wurmple - 09 01
Silcoon - 0A 01
Beautifly - 0B 01
Cascoon - 0C 01
Dustox - 0D 01
Lotad - 0E 01
Lombre - 0F 01
Ludicolo - 10 01
Seedot - 11 01
Nuzleaf - 12 01
Shiftry - 13 01
Taillow - 14 01
Swellow - 15 01
Wingull - 16 01
Pelipper - 17 01
Ralts - 18 01
Kirlia - 19 01
Gardevoir - 1A 01
Surskit - 1B 01
Masquerain - 1C 01
Shroomish - 1D 01
Breloom - 1E 01
Slakoth - 1F 01
Vigoroth - 20 01
Slaking - 21 01
Nincada - 22 01
Ninjask - 23 01
Shedinja - 24 01
Whismur - 25 01
Loudred - 26 01
Exploud - 27 01
Makuhita - 28 01
Hariyama - 29 01
Azurill - 2A 01
Nosepass - 2B 01
Skitty - 2C 01
Delcatty - 2D 01
Sableye - 2E 01
Mawile - 2F 01
Aron - 30 01
Lairon - 31 01
Aggron - 32 01
Meditite - 33 01
Medicham - 34 01
Electrike - 35 01
Manectric - 36 01
Plusle - 37 01
Minun - 38 01
Volbeat - 39 01
Illumise - 3A 01
Roselia - 3B 01
Gulpin - 3C 01
Swalot - 3D 01
Carvanha - 3E 01
Sharpedo - 3F 01
Wailmer - 40 01
Wailord - 41 01
Numel - 42 01
Camerupt - 43 01
Torkoal - 44 01
Spoink - 45 01
Grumpig - 46 01
Spinda - 47 01
Trapinch - 48 01
Vibrava - 49 01
Flygon - 4A 01
Cacnea - 4B 01
Cacturne - 4C 01
Swablu - 4D 01
Altaria - 4E 01
Zangoose - 4F 01
Seviper - 50 01
Lunatone - 51 01
Solrock - 52 01
Barboach - 53 01
Whiscash - 54 01
Corphish - 55 01\
Crawdaunt - 56 01
Baltoy - 57 01
Claydol - 58 01
Lileep - 59 01
Cradily - 5A 01
Anorith - 5B 01
Armaldo - 5C 01
Feebas - 5D 01
Milotic - 5E 01
Castform - 5F 01
Kecleon - 60 01
Shuppet - 61 01
Banette - 62 01
Duskull - 63 01
Dusclops - 64 01
Tropius - 65 01
Chimecho - 66 01
Absol - 67 01
Wynaut - 68 01
Snorunt - 69 01
Glalie- 6A 01
Spheal - 6B 01
Sealeo - 6C 01
Walrein - 6D 01
Clamperl - 6E 01
Huntail - 6F 01
Gorebyss - 70 01
Relicanth - 71 01
Luvdisc - 72 01
Bagon - 73 01
Shelgon - 74 01
Salamence - 75 01
Beldum - 76 01
Metang - 77 01
Metagross - 78 01
Regirock - 79 01
Regice - 7A 01
Registeel - 7B 01
Latias - 7C 01
Latios - 7D 01
Kyogre - 7E 01
Groudon - 7F 01
Rayquaza - 80 01
Jirachi - 81 01
Deoxys - 81 01


The Lightest and Smallest Tables have a limiter of 386 (or 0x181), so if the tables are extended they will have to be changed. The Type Mode Table does not have a limiter and ends at FF followed by anything that's not 00 (as FF 00 is an index number for a Pokemon.) I haven't looked into the Alphabetical Table much, but it doesn't appear to have a limiter either. I don't know how it measures the size of the table but the unused entries at the beginning might have something to do with it.

Here are the Emerald equivalents:

The Alphabetical Mode Table starts at 0x55C6A4
The Lightest Mode Table starts at 0x55C9DA
The Smallest Mode Table starts at 0x55CCDE

The pointer to the Alphabetical Mode Table is at 0xBCB74
The pointers to the Lightest Mode Table are at 0xBCC00 AND 0xBCC9C
The pointers to the Smallest Mode Table are at 0xBCD28 AND 0xBCE24

I have been expanding Emerald for a while, and I can conclude that these tables MUST be expanded in order for an expanded Pokemon to be shown in the Pokedex. I didn't include the types because these isn't a function like that in Emerald. Plus, when looking for a certain type of Pokemon, any Pokemon can be found, regardless if expanded or not...

DizzyEgg April 5th, 2016 3:43 AM

Fun fact: STAB doesn't actually affect the move power. It affects the damage directly after the move power and attacker/defender stats, but before the type multipliers. Posting this, because everywhere on web you can read that stab multiplies the move base power by 1.5, it doesn't. At least, not in gen3. :P

64smashmaster3ds April 5th, 2016 2:59 PM

Quote:

Originally Posted by GoGoJJTech (Post 7699003)
I know a few of you were looking for this, but track 83 (53 in hex) plays the low HP sound. Hacking this could mean that we could have BW's low HP song playing as a fanfare.

The low HP sound for Emerald is located at track 90 (not sure what hex). Hoping to put together the BW's critical damage as well. But would the battle theme pause when the low HP song starts and the battle music resume at the same track before the low HP song?

GoGoJJTech April 5th, 2016 3:35 PM

Quote:

Originally Posted by 64smashmaster3ds (Post 9192250)
The low HP sound for Emerald is located at track 90 (not sure what hex). Hoping to put together the BW's critical damage as well. But would the battle theme pause when the low HP song starts and the battle music resume at the same track before the low HP song?

No.

Spherical Ice April 8th, 2016 7:22 AM

Quote:

Originally Posted by DoesntKnowHowToPlay (Post 8498158)
Supposedly someone else documented this, but I couldn't find it in the thread index so I'm posting it again.

FR's Vs. Seeker table is at x45318C. Each entry is 16 (0x10) bytes, as follows:

0x0: half-word, denotes the trainer's ID in the first fight with them
0x2: up to five half-words denoting rematch IDs. FFFF is used as filler if more is coming, 0000 to terminate early.
0xC: half-word, seems to always be 3.
0xE: half-word, ranges from x15 to x41. Never seemed to be read in my tests. Appears to scale with trainer's levels in the base game (and by extension position).

The table has xDD entries and no terminator; the (a?) limiter is at x10d09c.

Looks like there's another limiter at x10CEE4, which is a part of special 0x3A.

Spherical Ice April 8th, 2016 11:35 AM

I haven't seen this documented anywhere: special 0x96 will set the flag named in var 0x8004.

For example, the following code:

setvar 0x8004 0x29D
special 0x96

Is equivalent to:

setflag 0x29D

Gamer2020 April 8th, 2016 11:43 AM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9182559)
The Lightest and Smallest Tables have a limiter of 386 (or 0x181), so if the tables are extended they will have to be changed. The Type Mode Table does not have a limiter and ends at FF followed by anything that's not 00 (as FF 00 is an index number for a Pokemon.) I haven't looked into the Alphabetical Table much, but it doesn't appear to have a limiter either. I don't know how it measures the size of the table but the unused entries at the beginning might have something to do with it.


Alphabet does seem to have a limiter?
Code:

ROM:08103682 loc_8103682:                            @ CODE XREF: sub_8103518+102j
ROM:08103682                                        @ sub_8103518+122j
ROM:08103682                MOVS    R0, #1
ROM:08103684                ADD    R8, R0
ROM:08103686                MOVS    R0, #0x19A
ROM:0810368A                CMP    R8, R0
ROM:0810368C                BLE    loc_810360C
ROM:0810368E                B      loc_8103906
ROM:0810368E @ ---------------------------------------------------------------------------
ROM:08103690 off_8103690:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+F0r
ROM:08103694 off_8103694:    .long Pokedex_Alphabetical_Mode
ROM:08103694                                        @ DATA XREF: sub_8103518:loc_810360Cr
ROM:08103698 off_8103698:    .long pokemon_names    @ DATA XREF: sub_8103518+13Er


So does Type mode?
Code:

ROM:08103722 loc_8103722:                            @ CODE XREF: sub_8103518+1A2j
ROM:08103722                                        @ sub_8103518+1C2j
ROM:08103722                MOVS    R0, #1
ROM:08103724                ADD    R8, R0
ROM:08103726                MOVS    R0, #0x19A
ROM:0810372A                CMP    R8, R0
ROM:0810372C                BLE    loc_81036A4
ROM:0810372E                B      loc_8103906
ROM:0810372E @ ---------------------------------------------------------------------------
ROM:08103730 off_8103730:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+188r
ROM:08103734 off_8103734:    .long Pokedex_Type_Mode @ DATA XREF: sub_8103518:loc_81036A4r
ROM:08103738 off_8103738:    .long pokemon_names    @ DATA XREF: sub_8103518+1DEr


I might as well post these as well.
Code:

ROM:08103856 loc_8103856:                            @ CODE XREF: sub_8103518+2D6j
ROM:08103856                                        @ sub_8103518+2F6j
ROM:08103856                MOVS    R0, #1
ROM:08103858                ADD    R8, R0
ROM:0810385A                LDR    R0, =0x181
ROM:0810385C                CMP    R8, R0
ROM:0810385E                BLE    loc_81037E0
ROM:08103860                B      loc_8103906
ROM:08103860 @ ---------------------------------------------------------------------------
ROM:08103862                .align 4
ROM:08103864 off_8103864:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+2C4r
ROM:08103868 off_8103868:    .long Pokedex_Smallest_Mode
ROM:08103868                                        @ DATA XREF: sub_8103518:loc_81037E0r
ROM:0810386C off_810386C:    .long pokemon_names    @ DATA XREF: sub_8103518+312r
ROM:08103870 dword_8103870:  .long 0x181            @ DATA XREF: sub_8103518+342r


Code:

ROM:081037BA loc_81037BA:                            @ CODE XREF: sub_8103518+23Aj
ROM:081037BA                                        @ sub_8103518+25Aj
ROM:081037BA                MOVS    R0, #1
ROM:081037BC                ADD    R8, R0
ROM:081037BE                LDR    R0, =0x181
ROM:081037C0                CMP    R8, R0
ROM:081037C2                BLE    loc_8103744
ROM:081037C4                B      loc_8103906
ROM:081037C4 @ ---------------------------------------------------------------------------
ROM:081037C6                .align 4
ROM:081037C8 off_81037C8:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+228r
ROM:081037CC off_81037CC:    .long Pokedex_Lightest_Mode
ROM:081037CC                                        @ DATA XREF: sub_8103518:loc_8103744r
ROM:081037D0 off_81037D0:    .long pokemon_names    @ DATA XREF: sub_8103518+276r
ROM:081037D4 dword_81037D4:  .long 0x181            @ DATA XREF: sub_8103518+2A6r



Spherical Ice April 8th, 2016 12:08 PM

Quote:

Originally Posted by Sea Dragon (Post 9188765)
Fix Shedinja's evolution for expanded evolution table:
@13e3f6 change 80 to c0
@13e3fa change 4450 to 0000
Explanation:
Spoiler:
increasing the number of evolutions per pokemon may break Shedinja's ("spawn a second") evolution because of the way it searches the evolution table. The equation it uses must be modified to make sure it points to the right offset.

0813e3f4 4650 mov r0, r10 *evolving pokemons index in r0 (nincada = 12d)
0813e3f6 0080 lsl r0, r0, #0x02 *shifts r0 left by 0x02 (=4b4) - shift by 0x03 instead (=968)
0813e3f8 9002 str r0, [sp, #0x8]
0813e3fa 4450 add r0, r10 *adds pokemons index (4b4+12d=5e1) -remove this
0813e3fc 00c7 lsl r7, r0, #0x03 *shifts r0 by 0x03 and puts it in r7 (this should be the number of bytes from the beginning of the evolution table to nincadas evolution: default = 2f08, expanded =4b40)

0813e3fe 4956 ldr r1, [$0813e558] (=$08AAAAAA) *location of your evolution table
0813e400 19c9 add r1, r1, r7
0813e402 4688 mov r8, r1
0813e404 8808 ldrh r0, [r1, #0x0]
0813e406 280d cmp r0, #0xd
0813e408 d000 beq $0813e40c
0813e40a e09c b $0813e546

Bitwise calculator: http://www.miniwebtool.com/bitwise-calculator/bit-shift/

This change works for 8 evolutions. If you have more then it likely uses a similar pattern (shift bytes by a higher number and alternate whether or not you add the pokemon's index).

Same principles apply for FireRed, but the offsets are as follows:

@ CE762 change 80 00 to C0 00 (00 01 if you expanded to 16 evolution methods, etc.)
@ CE766 change 44 50 to 00 00

esperance April 9th, 2016 12:31 PM

Braille Encoding
I didn't see it documented in the index, and I'm not sure if this has been posted before. In the Gen 3 games braille text uses a special encoding, which I've listed below:
Code:

00=
01=A
04=,
03=C
05=B
06=I
07=F
09=E
0B=D
0D=H
0E=J
0F=G
11=K
13=M
15=L
16=S
17=P
19=O
1B=N
1D=R
1E=T
1F=Q
2C=.
2E=W
31=U
33=X
35=V
39=Z
3B=Y

FF=\x


0xFF terminates a braille string, while 0x00 is a space character. I'm not sure what other values not listed will show (if anything).

Telinc1 April 9th, 2016 12:46 PM

Quote:

Originally Posted by Youmu (Post 9197061)
Braille Encoding
I didn't see it documented in the index, and I'm not sure if this has been posted before. In the Gen 3 games braille text uses a special encoding, which I've listed below:
-snip-
0xFF terminates a braille string, while 0x00 is a space character. I'm not sure what other values not listed will show (if anything).

This is probably common knowledge, but having it here doesn't hurt. Braille strings don't support the \p, \n and \l control codes, so to display multiline braille strings, the braille2 command together with special 0x1B2 is used. braille2 calculates the length of a braille string and sets 0x8006 to it. special 0x1B2 displays an arrow (you know, the one which is always used in messages) at the coordinates specified by 0x8005 and 0x8006 (0x8005 is set 0x82 = 130 at the beginning of braille scripts). To see how GameFreak used these, open up script 0x163BAB from FireRed.

DoesntKnowHowToPlay May 2nd, 2016 4:35 PM

To change the Zigzagoon you fight in Emerald immediately after picking your starter to a different mon, change the 0x90 at x32706 to half the index number of the mon you want. If you want a mon who index number isn't a multiple of two, simply put its (single-byte) index number there and replace the x49 at x32708 with an x00. To change the mon to a non-even index number that is greater than one byte, learn ASM and do your own stuff now that you have the relevant offset.

To change its level, change the x2 at x32714 to the desired value.

Zeturic May 13th, 2016 7:54 AM

No Healing Eggs [FR]

When healing at a Pokemon Center, the healing machine will light up with the number of Pokemon in your party. Starting in DP, eggs don't count - if you have two Pokemon and an egg, in RSEFRLG, you get three lights, in DP, you get two.

To get this behavior in FR, all you need to do is:

Code:

0x08083B8E: 08 F0 D5 FA


Spoiler:
0x08083B8C
is a function called as part of
doanimation 0x19
(the healing machine). At
0x08083B8E
, that function branch-links to call another function at
0x08083BD1
, which itself counts the number of Pokemon in the party.

0x0808C13C
is a built-in function to count Pokemon (and not eggs), so basically I just changed the target of the branch-link to this function.


Pokeblock Research [EM]

This may already be known, but I looked and couldn't find it. If this is known already, I apologize.

In Emerald, the contents of the Pokeblock Case are stored starting at
[0x03005D8C] + 0x848
. It is encrypted using the Security Key. Information on the Security Key, and how to disable it for Emerald can be found here.

The Pokeblock Case has room for 40 Pokeblocks, each in the same 8-byte format:

Spoiler:
Code:

0x00: Color
0x01: Spicy
0x02: Dry
0x03: Sweet
0x04: Bitter
0x05: Soul
0x06: Feel
0x07: unk_0x07




I believe
unk_0x7
is either just padding or some sort of terminator. In my experimentation, it was always
0x03
. The available colors are:

Spoiler:
Code:

0x01 - Red
0x02 - Blue
0x03 - Pink
0x04 - Green
0x05 - Yellow
0x06 - Purple
0x07 - Indigo
0x08 - Brown
0x09 - Light Blue
0x0a - Olive
0x0b - Gray
0x0c - Black
0x0d - White
0x0e - Gold




How could you use this? Well, I guess you could use this to, say, make NPCs that give out Pokeblocks, but seeing as most hacks don't feature contests anyway, that seems unlikely.

It's actually more useful for Emerald hacks that don't use the Pokeblock Case at all. The space reserved for the Pokeblock Case is persistent; it will be saved and loaded. If you don't use the Pokeblock case, you have
(8 bytes/pokeblock) * (40 pokeblocks) = 320
bytes to persistently store whatever you want.

Constant Base Power For Hidden Power [FR]

Starting with XY, Hidden Power's base power was fixed at 60. Prior to this, it varied between 30 and 70, based on the Pokemon's IVs. To force the game to read the base power from the move data table, null out the strh at
0x0802B722
:

Code:

0x0802B722: C0 46


After you've done that, HP will use the base power in the table as its base power. Unfortunately, in a vanilla FR it is listed as
0x01
, so it will be very weak until you change it. Open your ROM in an attack editor (for example, the one bundled with PGE) and change the base power to 60 (as in XY).

For a final tweak, you may want to edit Hidden Power's description to remove the part that says its power varies, since that's no longer true.

Unhidden Power [FR]

Calculates the type (not power) of Hidden Power, so it displays as its actual type instead of always as a Normal-type move.

Disable "The Pokemon Stopped Evolving." [FR]

FR has a feature that if you attempt to evolve a Pokemon into something not in the Kanto Dex (and you don't have the National Dex), it will mysteriously stop evolving. You could just give the player the National Dex at the beginning of the game, but if you don't want to do that, you can easily disable this.

Basically, this will turn some conditional jumps into unconditional jumps, and remove some checks. No free space required.

Code:

0x08043156: 02 E0
0x080CE90C: 1C E0
0x080CF566: 17 E0
0x08126C26: C0 46 C0 46 C0 46 C0 46
0x08126C4C: 08 E0


Disable Item Removal During Trade With Held Item Evolutions [FR]

Trade With Held Item evolutions, such as Onix into Steelix, remove the required held item. As part of the above, I realized you could easily disable this entirely (and, yes, it is compatible with the above) by nulling out a call to
pokemon_setattr
. The held item will still be required, it just won't be removed. Why you would want to do this I don't really know, but if you do, I'm putting it here.

Code:

0x0804316A: C0 46 C0 46


Disable Trade Restrictions [FR]

FR has three distinct types of trade restrictions:
  • You can't trade or be traded an egg (even an egg of a Kanto Pokemon)
  • You can't trade in a Pokemon not in the Kanto Dex (even from another FRLG)
  • You can't trade with RSE

Normally, the first two restrictions are lifted after getting the National Dex, while trading with RSE is unlocked by the Sevii Island stuff in the post-game.

This removes all three of those restrictions.

Code:

0x08009754: C0 46 01 20
0x0800975C: C0 46 01 20
0x0804FA4E: C0 46 01 20



Reshiram white as snow May 18th, 2016 8:35 AM

Do anyone now how to make the Pokemon not lose HP in overworld when it is poisoned? How to disable electricity type Pokemon be paralyzed? And how to change the weather ability such as snow warning, drought from infinty turns to 5 turns? (Emerald)

Reshiram white as snow May 18th, 2016 8:57 AM

Quote:

Originally Posted by GoGoJJTech (Post 9092590)


I guess I'm just on a roll, huh?
I'll post the code to Github when I learn how to use it (and the code for follow me as well)

How to make double wild battle?

Le pug May 21st, 2016 4:34 AM

Quote:

Originally Posted by Touched (Post 8444386)
There is

Code:

.text
.align 2
.thumb_func

main:
        push {lr}
        ldr r0, player_data
        ldr r0, [r0]
        ldr r1, chosen_name
        bl strcpy
        pop {pc}

strcpy:
        ldr r2, =(0x08008BA0 + 1)
        bx r2

.align 2
player_data: .word 0x03005D90
chosen_name: .word 0xDEADBEEF


That's untested, but you can callasm that, set the pointer that says 0xDEADBEEF to the pointer to a name of your choice (in Emerald). It must be 7 characters long and end in FF.

anyone know the pointer to call that allows you to open up the name player feature? i dont want to name the player but if the intro is skipped, later on I want to have it to where the player sets his name

Epsilon May 26th, 2016 7:01 AM

Quote:

Originally Posted by Gamer2020 (Post 9195789)
Alphabet does seem to have a limiter?
Code:

ROM:08103682 loc_8103682:                            @ CODE XREF: sub_8103518+102j
ROM:08103682                                        @ sub_8103518+122j
ROM:08103682                MOVS    R0, #1
ROM:08103684                ADD    R8, R0
ROM:08103686                MOVS    R0, #0x19A
ROM:0810368A                CMP    R8, R0
ROM:0810368C                BLE    loc_810360C
ROM:0810368E                B      loc_8103906
ROM:0810368E @ ---------------------------------------------------------------------------
ROM:08103690 off_8103690:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+F0r
ROM:08103694 off_8103694:    .long Pokedex_Alphabetical_Mode
ROM:08103694                                        @ DATA XREF: sub_8103518:loc_810360Cr
ROM:08103698 off_8103698:    .long pokemon_names    @ DATA XREF: sub_8103518+13Er


So does Type mode?
Code:

ROM:08103722 loc_8103722:                            @ CODE XREF: sub_8103518+1A2j
ROM:08103722                                        @ sub_8103518+1C2j
ROM:08103722                MOVS    R0, #1
ROM:08103724                ADD    R8, R0
ROM:08103726                MOVS    R0, #0x19A
ROM:0810372A                CMP    R8, R0
ROM:0810372C                BLE    loc_81036A4
ROM:0810372E                B      loc_8103906
ROM:0810372E @ ---------------------------------------------------------------------------
ROM:08103730 off_8103730:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+188r
ROM:08103734 off_8103734:    .long Pokedex_Type_Mode @ DATA XREF: sub_8103518:loc_81036A4r
ROM:08103738 off_8103738:    .long pokemon_names    @ DATA XREF: sub_8103518+1DEr


I might as well post these as well.
Code:

ROM:08103856 loc_8103856:                            @ CODE XREF: sub_8103518+2D6j
ROM:08103856                                        @ sub_8103518+2F6j
ROM:08103856                MOVS    R0, #1
ROM:08103858                ADD    R8, R0
ROM:0810385A                LDR    R0, =0x181
ROM:0810385C                CMP    R8, R0
ROM:0810385E                BLE    loc_81037E0
ROM:08103860                B      loc_8103906
ROM:08103860 @ ---------------------------------------------------------------------------
ROM:08103862                .align 4
ROM:08103864 off_8103864:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+2C4r
ROM:08103868 off_8103868:    .long Pokedex_Smallest_Mode
ROM:08103868                                        @ DATA XREF: sub_8103518:loc_81037E0r
ROM:0810386C off_810386C:    .long pokemon_names    @ DATA XREF: sub_8103518+312r
ROM:08103870 dword_8103870:  .long 0x181            @ DATA XREF: sub_8103518+342r


Code:

ROM:081037BA loc_81037BA:                            @ CODE XREF: sub_8103518+23Aj
ROM:081037BA                                        @ sub_8103518+25Aj
ROM:081037BA                MOVS    R0, #1
ROM:081037BC                ADD    R8, R0
ROM:081037BE                LDR    R0, =0x181
ROM:081037C0                CMP    R8, R0
ROM:081037C2                BLE    loc_8103744
ROM:081037C4                B      loc_8103906
ROM:081037C4 @ ---------------------------------------------------------------------------
ROM:081037C6                .align 4
ROM:081037C8 off_81037C8:    .long pokedex_state_maybe @ DATA XREF: sub_8103518+228r
ROM:081037CC off_81037CC:    .long Pokedex_Lightest_Mode
ROM:081037CC                                        @ DATA XREF: sub_8103518:loc_8103744r
ROM:081037D0 off_81037D0:    .long pokemon_names    @ DATA XREF: sub_8103518+276r
ROM:081037D4 dword_81037D4:  .long 0x181            @ DATA XREF: sub_8103518+2A6r



So have you found the offsets of these limiters?

azurile13 May 26th, 2016 10:29 AM

Quote:

Originally Posted by Epsilon (Post 9258043)
So have you found the offsets of these limiters?

The cmp r8, r0.

r0 has the limit in all four screenshots.

GoGoJJTech May 26th, 2016 10:48 AM

Quote:

Originally Posted by azurile13 (Post 9258257)
The cmp r8, r0.

r0 has the limit in all four screenshots.

You keep beating me to the answer in each thread >.>

Anyway, the routines are right there, but they aren't actually "MOV r0, #0x19A" because 0x19A is over a byte. You wouldn't see that in the rom, you'd see an lsl operation that basically doubles a value to get 0x19A.
It'd look like:
MOV r0, #0xCD
LSL r0, r0, #1

~SAGE May 28th, 2016 12:51 PM

Quote:

Originally Posted by MrDollSteak (Post 7691854)
I've just got some very quick offsets for Pokedex hacking.

I'm not sure whether it's already been posted, I don't think so, as I had to discover these on my own.

I've found 2 limiters for the Kantodex that are quite useful, which when combined with Jambo51's already posted offsets, can allow for the Kantodex to act as a national dex.

Even though Jambo already found the limiter for the Kantodex itself, it would still not display the correct seen/caught numbers as they were still limited to 150 as were the habitats.

By changing the number 96 at the offset: 104BF2
You can extend the limit to the seen/caught text. Eg. changing 96 to FA will allow for a max of 250 seen/caught Pokemon.

By changing the number 97 at the offset: 106828
You can extend the number of Pokemon that will be correctly featured in the habitat pages. Eg. changing 97 to FA will allow for the first 250 Pokemon in your pokedex to be displayed in the habitat pages before receiving the national dex.

This can be helpful as it stops people from having to give the national dex at the start of the game.

I'll just repost Jambo's limiters from his thread here

0x10352C - mov r1, #0x97
0x1035F6 - cmp r0, #0x96

Just change those 2 bytes at that offset to the number of Pokemon you want in.




I have a question
I had expanded the pokedex of my rom
but i can't reach to view the habitat's pages correctly

what i should to do?

Zeturic June 1st, 2016 1:27 PM

Disable Trade Restrictions [EM]

Emerald has the same trade restrictions as FR.
  • You can't trade or be traded an egg (even of a Hoenn Pokemon)
  • You can't trade or be traded a Pokemon not in the Hoenn Dex (even from another RSE)
  • You can't trade with FRLG

All three of these are unlocked by enabling the National Dex. However, if you want to disable those restrictions without giving out the National Dex:

Code:

0x08009684: C0 46 01 20
0x0800968C: C0 46 01 20
0x08079138: C0 46 01 20
0x0807A62E: C0 46 01 20


Constant Base Power For Hidden Power [EM]

Just null out the relevant strh.

Code:

0x080544D0: C0 46


Just as in Fire Red, the move data table lists HP's base power as 0x01 (that's so the game displays hyphens for the power). To avoid excessively weak Hidden Powers, change its base power in an attack editor.

Telinc1 June 4th, 2016 6:45 AM

NOPing out the bl at 0x080BD614 (bl sub_8055F48) will disable the bicycle music (in layman terms, put C0 46 C0 46 at BD614).
A bl to the same location (sub_8055F48) also exists at 0x080CA650, which is part of sp157_activate_bike. I haven't tested nuking that, though.

GoGoJJTech July 7th, 2016 10:42 PM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9311854)
I figured out something while I was importing music from PMD Red Rescue Team into Fire Red. I found that the music I inserted would be far too soft, but I didn't know how to make it louder.

I learned that the beginning of each track starts with "bc 00" and somewhere, not too far after that is "bd" followed by another byte. This byte is the instrument the track uses (If the track uses multiple instruments during its loop there will be multiple "bd"s). "Be" changes the "force", which is how intensely the instruments play. There are usually many of these per track as well, depending on the type of song.

"BC 00 BB 40 BD 18 C2 2C BF 5E BE 3B"

This is an example of what it might look like. For me I just changed the value after "be" to whichever value I wanted (usually 70-80 or 46-50 in hex). This technically isn't the true volume of the track, but it gave me the desired result.

I didn't look into what BC and BF meant or the rest of the structure, but it was something that I thought might be useful for somebody who is importing songs from other games and can't find a better way to change the "volume".

Sorry to burst your bubble, but this isn't really research and it's certainly not development. If you look in MPlayDef.s it'll show you each of the command names and they're all very suggestive of what they do except for the library ones (but you don't need to know those since.. they're libraries and not present in all games)

i0Bjhansen0 July 8th, 2016 10:39 PM

Quote:

Originally Posted by kleenexfeu (Post 9001424)
For Emerald

The game displays the default sprite, icon and base stats for Deoxys




01 BC 00 47 at 0x8034C32 for the sprite.

C0 46 C0 46 C0 46 C0 46 at 0x8068A2C for the stats.

C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 at 0x80D3030 for the icon.

Not sure if I can ask this here, but can someone port this to Fire Red if it hasn't been done already? I would like Deoxys to be normal forme.

AkameTheBulbasaur July 9th, 2016 12:44 AM

Quote:

Originally Posted by i0Bjhansen0 (Post 9313122)
Not sure if I can ask this here, but can someone port this to Fire Red if it hasn't been done already? I would like Deoxys to be normal forme.

The base stats for Deoxys actually used by FireRed are at 0x25E086. You can edit them to be normal forme manually there.

The Front sprite is at 0xE3958C and the Back sprite is at 0xE39D70. They're both two frames, so if you want to edit the sprite you'll have to change both frames. Frame 1 is Normal Forme and Frame 2 is Attack Forme. So if you wanted Normal form you'd just have to change the second one to also be Normal Forme. If you wanted Defense or Speed Formes you'd have to change both frames to be those or it will just show up as Attack Forme by default. Deoxys is the only Pokemon that has two frames for their sprite by default in FireRed. If you change the sprite for one frame it won't really change it (or at the very least it won't if you only change the first one.)

The Normal Form icon is at 0xE3A388. Like the sprite, the Icon has twice as many frames as the rest (in this case four instead of two) although the game obviously only uses the last two frames. This is not too difficult to edit either. NSE will show you all four frames, and you can go from there. If you want other Formes you will need to edit all of the frames, same as the sprite.

BluRose July 9th, 2016 6:50 AM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9313212)
The base stats for Deoxys actually used by FireRed are at 0x25E086. You can edit them to be normal forme manually there.
Spoiler:


The Front sprite is at 0xE3958C and the Back sprite is at 0xE39D70. They're both two frames, so if you want to edit the sprite you'll have to change both frames. Frame 1 is Normal Forme and Frame 2 is Attack Forme. So if you wanted Normal form you'd just have to change the second one to also be Normal Forme. If you wanted Defense or Speed Formes you'd have to change both frames to be those or it will just show up as Attack Forme by default. Deoxys is the only Pokemon that has two frames for their sprite by default in FireRed. If you change the sprite for one frame it won't really change it (or at the very least it won't if you only change the first one.)

The Normal Form icon is at 0xE3A388. Like the sprite, the Icon has twice as many frames as the rest (in this case four instead of two) although the game obviously only uses the last two frames. This is not too difficult to edit either. NSE will show you all four frames, and you can go from there. If you want other Formes you will need to edit all of the frames, same as the sprite.

Code:

0x0825E086 (0x38 bytes; 0x1C x 2):
38 00 3E 00 44 00 4A 00 50 00 56 00 5C 00 61 00
67 00 6D 00 73 00 78 00 7E 00 83 00 88 00 8E 00
93 00 98 00 9D 00 A2 00 A7 00 AB 00 B0 00 B5 00
B9 00 BD 00 C1 00 C5 00

Decimal conversion of the first 12 bytes:
56 00 62 00 68 00 74 00 80 00 86 00


To assume that there is a 00 byte in between each actual stat, the base stats shown are:
HP: 56
Attack: 62
Defense: 68
Speed: 74
Sp. Attack: 80
Sp. Defense: 86

Actual:
HP: 50
Attack: 180
Defense: 20
Speed: 150
Sp. Attack: 180
Sp. Defense: 20

Point being, you sure that the base stats are located at 0x0825E086?
Unless if I'm totally off in understanding this...?

EDIT: Sprites and Icons are correct, though <3
EDIT2: Normal Doexys' Base Stats are at 0x0825745C, but this doesn't matter.
"32 B4 14 96 B4 14" doesn't exist in the ROM, however... Does the ROM use multipliers to change the base stats...?
EDIT3: "32 00 B4 00 14 00 96 00 B4 00 14 00" exists in the ROM at 0x0825E026 with a pointer located at 0x08044704. I don't have IDA or anything to check it out, though, so...

i0Bjhansen0 July 9th, 2016 9:44 AM

Quote:

Originally Posted by AkameTheBulbasaur (Post 9313212)
The base stats for Deoxys actually used by FireRed are at 0x25E086. You can edit them to be normal forme manually there.

The Front sprite is at 0xE3958C and the Back sprite is at 0xE39D70. They're both two frames, so if you want to edit the sprite you'll have to change both frames. Frame 1 is Normal Forme and Frame 2 is Attack Forme. So if you wanted Normal form you'd just have to change the second one to also be Normal Forme. If you wanted Defense or Speed Formes you'd have to change both frames to be those or it will just show up as Attack Forme by default. Deoxys is the only Pokemon that has two frames for their sprite by default in FireRed. If you change the sprite for one frame it won't really change it (or at the very least it won't if you only change the first one.)

The Normal Form icon is at 0xE3A388. Like the sprite, the Icon has twice as many frames as the rest (in this case four instead of two) although the game obviously only uses the last two frames. This is not too difficult to edit either. NSE will show you all four frames, and you can go from there. If you want other Formes you will need to edit all of the frames, same as the sprite.

So for the sprites, are they compressed or can I just put the normal forme over the attack forme and not have to worry about ruining code behind it?

Quote:

Originally Posted by BluRose (Post 9313489)
Code:

0x0825E086 (0x38 bytes; 0x1C x 2):
38 00 3E 00 44 00 4A 00 50 00 56 00 5C 00 61 00
67 00 6D 00 73 00 78 00 7E 00 83 00 88 00 8E 00
93 00 98 00 9D 00 A2 00 A7 00 AB 00 B0 00 B5 00
B9 00 BD 00 C1 00 C5 00

Decimal conversion of the first 12 bytes:
56 00 62 00 68 00 74 00 80 00 86 00


To assume that there is a 00 byte in between each actual stat, the base stats shown are:
HP: 56
Attack: 62
Defense: 68
Speed: 74
Sp. Attack: 80
Sp. Defense: 86

Actual:
HP: 50
Attack: 180
Defense: 20
Speed: 150
Sp. Attack: 180
Sp. Defense: 20

Point being, you sure that the base stats are located at 0x0825E086?
Unless if I'm totally off in understanding this...?

EDIT: Sprites and Icons are correct, though <3
EDIT2: Normal Doexys' Base Stats are at 0x0825745C, but this doesn't matter.
"32 B4 14 96 B4 14" doesn't exist in the ROM, however... Does the ROM use multipliers to change the base stats...?
EDIT3: "32 00 B4 00 14 00 96 00 B4 00 14 00" exists in the ROM at 0x0825E026 with a pointer located at 0x08044704. I don't have IDA or anything to check it out, though, so...

There's a lot of stuff here. I'm assuming that at 0x25e026 those are what you believe the stats to be? I'm going to check it out.

BluRose July 9th, 2016 10:11 AM

Quote:

Originally Posted by i0Bjhansen0 (Post 9313717)
So for the sprites, are they compressed or can I just put the normal forme over the attack forme and not have to worry about ruining code behind it?

There's a lot of stuff here. I'm assuming that at 0x25e026 those are what you believe the stats to be? I'm going to check it out.

it's basically like a normal sprite
you should be able to just paste normal forme onto attack forme without any repercussions

that's what i'm thinking, yes, but i have no way to check without going through a lot of hassle that i literally can't do right now lol~

EDIT: found time to do it, and yes, 0x0825E026 is the location of the stats (at least it seems so based off of knizz's idb), as 0x08044708-0x080447A4 is the routine for updating deoxys' stats and uses the data loaded at 0x08044704~

i0Bjhansen0 July 9th, 2016 3:45 PM

Quote:

Originally Posted by BluRose (Post 9313749)
it's basically like a normal sprite
you should be able to just paste normal forme onto attack forme without any repercussions

that's what i'm thinking, yes, but i have no way to check without going through a lot of hassle that i literally can't do right now lol~

EDIT: found time to do it, and yes, 0x0825E026 is the location of the stats (at least it seems so based off of knizz's idb), as 0x08044708-0x080447A4 is the routine for updating deoxys' stats and uses the data loaded at 0x08044704~

Ok. One more question. Is it possible to "remove" the part of the code to not have a need to do what I'm going to be doing?

BluRose July 9th, 2016 4:53 PM

Quote:

Originally Posted by i0Bjhansen0 (Post 9314029)
Ok. One more question. Is it possible to "remove" the part of the code to not have a need to do what I'm going to be doing?

it's definitely possible! i just have barely an idea on how to do it; i don't know where the game states for it to change into the attack forme. if we just nop every reference to the stat update, then we thoeoretically don't (???????) have to do the easiest part of the attack forme changing: changing the attack forme's stats. we won't care about that, though, and we'll instead just try to cause no stat change to be made at all.

so we'll use emerald's idb and kleenexfeu's byte changes in emerald as a ref for a moment.

um, try 01 BC 00 47 at 0x0800EDAE. this theoretically causes no sprite change to be made...
also try C0 46 C0 46 C0 46 C0 46 at 0x08044690. this theoretically causes no stat change to be made...
lastly, try C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 at 0x08097038. this theoretically causes no icon change to be made...

if this works, please report back <3

i0Bjhansen0 July 9th, 2016 5:04 PM

Quote:

Originally Posted by BluRose (Post 9314126)
it's definitely possible! i just have barely an idea on how to do it; i don't know where the game states for it to change into the attack forme. if we just nop every reference to the stat update, then we thoeoretically don't (???????) have to do the easiest part of the attack forme changing: changing the attack forme's stats. we won't care about that, though, and we'll instead just try to cause no stat change to be made at all.

so we'll use emerald's idb and kleenexfeu's byte changes in emerald as a ref for a moment.

um, try 01 BC 00 47 at 0x0800EDAE. this theoretically causes no sprite change to be made...
also try C0 46 C0 46 C0 46 C0 46 at 0x08044690. this theoretically causes no stat change to be made...
lastly, try C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 at 0x08097038. this theoretically causes no icon change to be made...

if this works, please report back <3

I'm sorry to say this... but..........

IT TOTALLY WORKS. Great job! Not only did Deoxys look Normal, his minisprite was Normal, and his back sprite was Normal, his stats are Normal too. :D

GoGoJJTech July 17th, 2016 7:09 AM

Quote:

Originally Posted by GoGoJJTech (Post 8271873)
If you want a-map 1.92 to have support for new pokemon in the wild then follow these directions:
http://pastebin.com/13djBRnT
Originally found by Baitot :D

I have updated the link to the file now :)

mkarthick98 August 4th, 2016 9:37 PM

Quote:

Originally Posted by GoGoJJTech (Post 9325046)
I have updated the link to the file now :)

Still can't seem to download it. I keep getting a 404 error. Any idea why? I absolutely refuse to use A-Map 1.95.

GoGoJJTech August 4th, 2016 11:09 PM

Quote:

Originally Posted by mkarthick98 (Post 9352825)
Still can't seem to download it. I keep getting a 404 error. Any idea why? I absolutely refuse to use A-Map 1.95.

Fixed again.
Also, you wouldn't be able to edit expanded Pokémon with 1.95 in the first place, so it wasn't an option ;)

mkarthick98 August 5th, 2016 1:03 AM

Thanks. Didn't someone come up with a way to do it in A-Map 1.95? If they didn't, my bad..

Derlo August 14th, 2016 1:32 PM

I spotted a routine shortly after checking for DEOXYS and MEW obedience, I think it's related with badge obedience checks before attack, but could not confirm if this is it. It's in: 0801D438.
And anyone knows how to increase pokemon chance disobey without proper badge?

Quote:

EDIT: Answering to myself!
I don't know if everyone has the same problem, but the FR ROM that I'm using doesn't check the badges to control the obedience of the POKEMON according to the level that it is. The MON's just obeys, in any level and with no badges.
So, I removed the part that checks MEW/Deoxys and the part where the routine reads a memory bank of the RAM... and works perfectly.

So, to fix this, just fill with zeros (00's) from offset 0801d45a to 0801d484.

Making this, when you MON's level are above of limit obedience of your last badge, it will be starting to disobey. And the chance to disobey will increase, automatically, with the amount of levels above the badge limit.
This also will cause the MEW / Deoxys obey smoothly.

Mr.Pkmn August 15th, 2016 8:01 AM

In Gen 3, Protect/Detect/Endure are bugged. The game is supposed to read the probability from a table which has only 4 entries, thus reading garbage data after the 4th consecutive protect.

To get the correct behavior (like gen 5+, no cap) replace the bytes at 0x26FB6 with this (FR):
Code:

01 7A 14 88 CC 40 1D F0 84 FF 21 1C


If you ever manage to get off 16 consecutive protects, it will fail the next one because of precision .

AkameTheBulbasaur August 18th, 2016 8:33 PM

Quote:

Originally Posted by colcolstyles (Post 6210916)
If anyone's interested, here's a tiny little morsel of information that I found recently. At the address '0x3A72A0' in Fire Red, you will find two bytes: '0xCD' and '0xFF'. These two bytes are used whenever the player is given two or more of some item using the 'giveitem' construct. The '0xCD' corresponds to an uppercase 'S' while the '0xFF' is the terminator byte, signifying the end of the string. If you change the byte from '0xCD' to '0xE7', the 'S' will become a lowercase 's'. I figure this might come in handy for those de-capitalization patches because it's really annoying to see "Player received the Poké BallS!" every time the player receives more than one of an item.

Adding onto this, the location of the (S) when selling multiple items in the PokeMart is at 0x41696C. (Still in FireRed).

AkameTheBulbasaur August 20th, 2016 3:43 PM

Quote:

Originally Posted by Sea Dragon (Post 9188765)
Haven't seen these on here so I thought I'd post what I've found.
These are both for Emerald.
Change moves called in the Nature Power table:

The offset of the Nature Power table in FireRed is 0x25081C. The limiter is at 0xD75FC.

Also I found a couple of item checks:

At 0x1E496 is the Critical-Hit Ratio item checks. So this is for stuff like Lucky Punch, Stick and Scope Lens.
At 0x21CC2 is the Exp. Share check.

There appears to be more than one Exp. Share check. I foun two others: one at 0x21BBC and one at 0x21DAA.

The one at 0x21BBC appears to only be used by Pokemon who were sent out into battle. I'm not sure about the 0x21DAA one.

When I was messing around with them (I was trying to make some sort of Exp. All routine but gave up because I couldn't figure out how to get it not to give experience to eggs) the one at 0x21CC2 is the one that gave me the best results when I branched off of it.

AkameTheBulbasaur August 22nd, 2016 11:47 AM

The Great And Powerful Lucky Egg http://cdn.bulbagarden.net/upload/5/5c/Bag_Lucky_Egg_Sprite.png

The check for the Lucky Egg is at:

FireRed: 0x21DBA
Emerald: 0x4A67A

The byte that determines the experience multiplier is at:

FireRed: 0x21DC2
Emerald: 0x4A682

In the vanilla games, this byte has a value of 0x96, or 150 is decimal.

This gives a multiplier of 1.5.

So if you want to change the amount of experience the Lucky Egg gives you, just follow these three easy steps!

1. Choose a value that you want to multiply the gained experience by (It will have to be less than 2.5 without using ASM).

2. Take away the decimal point (so 1.5 would be 150, 2.0 would be 200).

3. Convert that value to hex (so 1.5 is 0x96, 2.5 is 0xFA) and put that value at the offset listed above.

Spherical Ice August 25th, 2016 1:51 AM

Quote:

Originally Posted by CrabInfestedPubes (Post 9381167)
Just to be clear, what does this actually do? Will making these hex changes allow me to get Shedinja by evolving Nincada in Firered? Or do I have to do more than that?

If you expanded the number of evolutions per Pokémon, the evolution method for spawning Shedinja will be broken until you make those hex changes. If you're simply using vanilla FireRed, you don't need to make these hex changes.

NewDenverCity September 1st, 2016 11:40 AM

So here's a little bonus thing on b_status3_bits_pbs, or 0x02023DFC in FR. Setting it to 0x8000 or 1000000000000000b, on the defender, then that Pokemon will not be hit by critical hits, like Shell Armor and Battle Armor. This applies to all Gen 3 games, but I don't know the exact offsets of the status bits.

C me September 1st, 2016 1:43 PM

Quote:

Originally Posted by NewDenverCity (Post 9390743)
So here's a little bonus thing on b_status3_bits_pbs, or 0x02023DFC in FR. Setting it to 0x8000 or 1000000000000000b, on the defender, then that Pokemon will not be hit by critical hits, like Shell Armor and Battle Armor. This applies to all Gen 3 games, but I don't know the exact offsets of the status bits.

Just to quickly add it's 0x020242AC for Emerald.

jirachiwishmaker September 5th, 2016 3:29 AM

For Emerald, to enable the catching areas in the pokedex to show the new catching areas of the new creating maps, just change the byte at 0x0813CE5C from D2 to FF.

Froosty October 5th, 2016 2:30 AM

Its so silly of me because i was totally unaware about this amazing thread upto few minutes back!

Froosty October 5th, 2016 3:06 AM

Quote:

Originally Posted by Chaos Rush (Post 8168936)
So lately I've been studying ASM a bit and gonna try and finally get it down. I've managed to locate parts of the START menu's code simply by finding their text pointer, and then the pointer to that table of pointers, and then looking at the surrounding code in VBA's disassembler. Whenever I saw something such "mov r2, #0x8", I wondered what would happen if I had a different value load into that register. As a result, I've figured this out so far:

0x0806EF94 = X positioning of [name] in the START menu.
Change it and you can reposition [name]:
http://i.imgur.com/HWEpZe8.png

0x0806EFD0 = the font used in the START menu.
00 gives you the smaller font. Any other value doesn't seem to do anything.
http://i.imgur.com/3vhCUhy.png

0x0806EFD4 = X positioning of the text in the START menu (except [name])
The default value is 08. This is what it looks like if you change it to 00:
http://i.imgur.com/VpItE5B.png
(Changing it to FF/giving longer text strings will NOT magically make the menu box's width longer unlike the multichoice boxes that the script engine uses)

0x0806F0DE = relative X positioning of cursor in START menu
0x0806F0E0 = relative Y positioning of cursor in START menu
By positioning, I don't mean the actual selection within the start menu, I mean the actual pixel coordinates of the cursor within the start menu.

None of this info is useful yet, but eventually I would like to port Emerald's START menu look onto FireRed because I find it more aesthetically pleasing.

But that's not all I found!

At 0x083A7344 is a table that basically controls the START menu itself. The format of the table goes like this:
[XX XX XX 08][YY YY YY 08]
XX XX XX 08 = pointer to text string within START menu (such as POKéDEX, POKéMON, BAG, etc.)
YY YY YY 08 = pointer to the routine of aforementioned function. Yes, I'm serious. You can literally switch around your START menu like this:
http://i.imgur.com/1ci5ayY.png
Notice how POKéMON is in the first slot like in B/W/B2/W2/X/Y, not POKéDEX like in Gens I-IV. And no, I did not just switch the text string pointer, I switched around the function pointers too. Don't believe me? Try it yourself! It's fun!

Here's the table at 0x083A7344 in detail:
41627D = POKéDEX text string
06F411 = POKéDEX routine (+1)

415A66 = POKéMON text string
06F44D = POKéMON routine (+1)

416285 = BAG text string
06F481 = BAG routine (+1)

41628E = [name] text string
06F4B5 = Trainer Card routine (+1)

416291 = SAVE text string
06F4E9 = SAVE routine (+1)

416296 = OPTION text string
06F4FD = OPTION routine (+1)

41629D = EXIT text string
06F541 = EXIT routine (+1)

4162A2 = RETIRE text string (Safari Zone)
06F555 = RETIRE routine(+1)

41628E = [name] text string
06F56D = ??? (+1) (fadescreen then freezes the game, I'm assuming its for the alternate Trainer Card shown during Link Battles/Trades)

Unfortunately I haven't been able to find what dictates how many entries the START menu gets, but hopefully with this knowledge, it will be a lot easier to implement something like the a PokéGear onto FireRed. Not to mention that these offsets are the actual routines used for the Pokédex, party screen, bag, Trainer Card, Save menu, and Options. I'm not joking lol, if you literally put this in a script:
Code:

//---------------
#dynamic 0x800000
#org @main
callasm 0x806F411 //this is the Pokédex routine offset from the START menu table
end


It will open up the Pokédex. You can literally use callasm and use any of the offsets from the table and it will load up that function!

So say, you wrote a custom PokéGear code. You can edit one of the function pointers in the table to your new code and voila, you'll have a PokéGear within your START menu. Of course, what would be more ideal is if we could figure out how to expand the number of entries the START menu gets. I'm sure it wouldn't be that hard, the thing is that I have no idea how to find the routine that the game uses when you actually press the START button.

I am always amazed by your findings, do you think if there is any way we could add icons to the menu..... it would be more amazing then :)

Sea Dragon October 6th, 2016 9:58 AM

I've found a bunch of information on HM scripts and ported Ephraim225's HM check to Emerald so that you don't need to teach HM's to use them.

Emerald HM scripts:
Surf:271EA0
Waterfall:290A49
Dive:290B0F
Dive(return to surface):290b5a
Cut:2906BB
Rock Smash:2907A6
Strength:2908BA
Surf check(prescript asm):insert 0000 @9c80a to disable (go here for fire red offset)
use a level script for Flash.

Emerald offsets for HM check routine(http://www.pokecommunity.com/showpost.php?p=8927083&postcount=726):
Players party:0x20244EC
Decrypt:0x0806A519
TM compatibility table(default):0x831E898
Var 0x800D:0x20375F0
Players team size:0x20244E9
*Note that you'll need a separate slightly modified version of this asm to check for Waterfall and Dive because they are found on a different byte in the compatibility table.
Spoiler:
.align 2
.thumb

start:
push {r0-r5, lr}
mov r5, #0x0

loopback:
ldr r0, =(0x20244EC) /* Player's party in RAM */
mov r2, #0x64
mov r1, r5
mul r1, r1, r2
add r0, r0, r1
mov r1, #0xB
ldr r3, =(0x0806A519) /* Pokemon decrypter */
bl linker

ldr r3, =(0x831E898) /* TM Compatibility table */
lsl r0, r0, #0x3
add r3, r0, r3
add r3, r3, #0x6 <-----change this part to 0x7 for Dive/Waterfall
ldrb r2, [r3]
ldr r1, =(0x20375F0) /* Var 0x800D in RAM */
ldrb r0, [r1]
mov r3, r0
and r3, r2, r3
cmp r0, r3
beq end

ldr r3, =(0x20244E9) /* Player's team size */
ldrb r3, [r3]
add r5, r5, #0x1
cmp r5, r3
beq endfail
b loopback

end:
strb r5, [r1]
pop {r0-r5, pc}

endfail:
mov r5, #0x6
strb r5, [r1]
pop {r0-r5, pc}

linker:
bx r3


Call fly HM asm with an item:
Insert an XSE script with the item script routine(also in Complete Item Editor).
Fly asm appears to be @0x8124690, but to make it work I needed to use callasm 11 times in my script. It seems weird but it worked for me(maybe there's a loop somewhere?).
In your script use loadbytefrompointer with 0x20375F0(var 0x800D's ram location) and setfarbyte to write the result of your HM or move check to
0x203ced1 so that the right Pokemon will appear in the animation.
Look here for info on checking the map type(indoors, cave etc.)
EDIT: Fly map isn't showing location names unless you move the cursor over the Pokemon League.

Black bar HM animation offset:080B84F8
RAM where shown Pokemon's hex appears:2038C08

NewDenverCity October 9th, 2016 6:54 PM

MAKING A TRAINERBATTLE CONTINUE AFTER DEFEAT
36 at 0x804D0 in FR
So usually we use trainer battle 0x9 for this but you also have to include Oak's stupid dialogue, so I got rid of that. Use it like so; trainerbattle 0x9 (trainer id) 0x0 (pointer) (pointer). Yeah, don't use the 0x3. It'll still give out money from your pocket. Using this, all trainerbattles with that style will continue with the script regardless of whether you won or lost.

~EDIT~ Your pokemon sprite may not show up when switching. I'm not sure why, but be aware of it. It works fine with one Pokemon which was all I was testing it with at first.

Danny0317 October 18th, 2016 6:52 PM

I think I was looking into this like 2 years ago but wasn't able to find it. Anyone know how to change the badge that controls whether you can use Flash in the overworld? (EM)

Sea Dragon October 21st, 2016 12:23 PM

Something quick from the Emerald IDB for anyone replacing Pokemon:
The byte @7090C checks for Pichu when breeding for Volt Tackle. To change this to Pikachu(0x19) or any other Pokemon just replace 0xAC with the 'mons index.

mbcn10ww November 7th, 2016 10:56 AM

Quote:

Originally Posted by Spherical Ice (Post 9195813)
Same principles apply for FireRed, but the offsets are as follows:

@ CE762 change 80 00 to C0 00 (00 01 if you expanded to 16 evolution methods, etc.)
@ CE766 change 44 50 to 00 00

The Shedinja's evolution was fixed but not registering on Pokédex.

mbcn10ww November 7th, 2016 11:09 AM

Quote:

Originally Posted by FamiliaWerneck (Post 8896448)
Well, this is what I did, while learning how to do stuff like debugging and doing new mechanics changes in the game.
Thanks to Touched-sensei, who helped me through the entire process. Thanks to daniilS and kleenexfeu, who also helped in the very end. This is for Fire Red:

REUSABLE POKÉBALLS


- First, go to 0xA1E30. Change 01 21 to 00 21 (with this, Pokéballs won't be deleted when you select them in your bag);
- Now, find some free space and insert this routine there:
Spoiler:
Code:

.text
.align 2
.thumb

main:
        bl deleteball
        mov r9, r4
        pop {r4-r7}
        pop {r0}
        bx r0

deleteball:
        ldr r0, var_800E
        ldrh r0, [r0]
        mov r1, #1
        ldr r2, =(0x809A1D9)
        bx r2

.align 2
var_800E: .word 0x0203AD30



Here's a compiled version:
Spoiler:
00 F0 04 F8 A1 46 F0 BC 01 BC 00 47 02 48 00 88 01 21 02 4A 10 47 C0 46 30 AD 03 02 D9 A1 09 08

This is the code that deletes the Pokéball;
- Finally, go to 0x2D924 and paste write this "00 48 00 47 XX XX XX 08" there. It's a hook to the routine you just inserted. Change the XX XX XX for the pointer to the offset you placed the above routine. Remember to +1 the offset before changing it to a pointer.

With this hack, you won't spend Pokéballs if you don't capture a wild Pokémon. I wanted to do it inspired in the anime.
Again, simple, some people will think it's a broken functionality, but it will do well for that time when you encounter a shiny Pokémon with that one single Pokéball in your bag. =P
Thanks again, everybody. Hope it's helpful.

https://media.giphy.com/media/l0MYHPWZ3koKRCplC/giphy.gif

I'm using your routine but when I'm fishing when I catch the Pokémon my rod disappears, but it only happens at the Safari Zone. Do you know how to fix it?

EDIT: I think it's caused by your "deleteball" routine, because it removes the last item used from the Bag, but the Safari Balls isn't on the Bag and the reusable function isn't working on them.

Froosty November 12th, 2016 12:53 AM

gen 6 exp share system (FR)

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20

Quote:

In gen 6, the pokemon battling used to get 100% and rest on team 50%
but with this all the pokemon including the one that battled will get 50% exp

Skeli November 14th, 2016 10:22 AM

If you decide to update your Pokemon Centers by extending the counter for instance, the animation for healing your Pokemon will be off. Use these offsets to fix it.
3CAF90 - The image for the Poke Balls and flashing screen. Open it in NSE with dimensions 32x72.
3CAFB0 - The palette for the Poke Balls and screens.
3CC014, 3CC01C, 3CC024 - A byte located at each of these controls the width between the two columns of Poke Balls on the healing machine.
83BB0 - A byte which controls the X coordinate proportional to the player sprite, of the Poke Balls on the healing machine. Fiddle around with it until you get the result you want.
83BB4 - A byte which controls the Y coordinate proportional to the player sprite, of the Poke Balls on the healing machine.
83BB9 - A byte which controls the X coordinate proportional to the player sprite, of the flashing screen.
83BBC - A byte which controls the Y coordinate proportional to the player sprite, of the flashing screen.
*NOTE: None of these bytes are coordinates in A-Map so don't go setting it to those.

LCCoolJ95 November 14th, 2016 5:36 PM

Quote:

Originally Posted by The_learner (Post 9484229)
gen 6 exp share system:

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20

Dude, is this for FR or EM?

Froosty November 14th, 2016 5:58 PM

Quote:

Originally Posted by LCCoolJ95 (Post 9487546)
Dude, is this for FR or EM?

Sorry in the first place for not telling for which rom it is... actually its for FR

BluRose November 14th, 2016 7:10 PM

Quote:

Originally Posted by LCCoolJ95 (Post 9487546)
Dude, is this for FR or EM?

gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

ok this should be finalized
no more crap from me ahaha

Versekr Dark November 16th, 2016 11:53 AM

Quote:

Originally Posted by BluRose (Post 9487628)
[UNTESTED. MIGHT NOT WORK BECAUSE OF FUNCTION DIFFERENCES (SPECIFICALLY THE FIRST ADDRESS, THE OTHER TWO LOOK FINE), BUT AT LEAST ADDRESSES FOR THE MODIFICATIONS ARE RIGHT.]
gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

Sorry for the ruby

destinedjagold November 16th, 2016 7:39 PM

Quote:

Originally Posted by Versekr Dark (Post 9489543)
Sorry for the ruby

Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Versekr Dark November 17th, 2016 7:27 AM

Quote:

Originally Posted by destinedjagold (Post 9489964)
Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Muchas gracias :), perdonen las molestias.


Thank you very much :), sorry for the inconvenience.

mbcn10ww November 17th, 2016 8:11 AM

Quote:

Originally Posted by Sagiri (Post 9240706)
Constant Base Power For Hidden Power [FR]

Starting with XY, Hidden Power's base power was fixed at 60. Prior to this, it varied between 30 and 70, based on the Pokemon's IVs. To force the game to read the base power from the move data table, null out the strh at 0x0802B722.

Basically, replace:
Code:

0x0802B722: 28 80


with:
Code:

0x0802B722: C0 46


After you've done that, HP will use the base power in the table as its base power. Unfortunately, in a vanilla FR it is listed as 0x01, so it will be very weak until you change it. Change the byte at 0x8251721 to 0x3C to give it a base power of 60 (as in XY).

This effects both the actual damage calculation and when you view the Known Moves screen.

(Not So) Hidden Power [FR]

By default, Hidden Power will always display as a Normal-type move. By modifying the routines for displaying the types of moves, we can force it to display as the actual type.

Unlike the earlier parts of this post, this requires some free space. Here's the code:

Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func

write_type_hook:                                        @ r1 := move_id
        push {r3-r7}
        mov r7, lr

        lsl r0, r1, #2
        lsl r1, r1, #3
        add r0, r1                                                @ r0 := 12 * move_id
        ldr r1, move_data
        add r1, r0                                                @ [r1] := data for current move
        ldrb r0, [r1, #2]                                @ r0 := recorded type

        ldrb r2, [r1, #0]                                @ r2 := move effect id
        cmp r2, #0x87                                        @ HIDDEN_POWER_EFFECT
        bne return0

        ldrb r0, [r5]                                        @ r0 := slot
        lsl r0, #1                                                @ r0 := slot << 1
        ldr r1, battle_slot_mapping
        add r0, r1
        ldrb r0, [r0]                                        @ r0 := index in party
        mov r1, #100
        mul r0, r1                                                @ r0 := offset from party_player
        ldr r1, party_player
        add r0, r1                                                @ [r0] := pokemon

        bl hp_type_decode

return0:
        mov lr, r7
        pop {r3-r7}
        ldr r1, write_type
        bx r1

@ return value on r1
display_type_hook:                                        @ r2, r5 := move_id, move_data
        push {r0, r3-r7}
        mov r7, lr

        lsl r0, r2, #2
        lsl r1, r2, #3
        add r0, r1                                                @ r0 := 12 * move_id
        add r0, r5                                                @ [r0] := data for current move

        ldrb r1, [r0, #2]                                @ r1 := type
        ldrb r2, [r0, #0]                                @ r2 := effect_id
        cmp r2, #0x87
        bne return1

        ldr r0, pkmn_status_data
        ldr r0, [r0]
        mov r1, #0x32
        lsl r1, r1, #8
        add r1, #0x90
        add r0, r1                                                @ [r0] := pokemon
        bl hp_type_decode
        mov r1, r0

return1:
        mov lr, r7
        pop {r0, r3-r7}
        ldr r2, display_type
        bx r2

@ uint8_t hp_type_decode(pokemon_t*)
hp_type_decode:
        push {r4-r7, lr}
        mov r6, r0                                                                        @ [r6] := pokemon
        mov r4, #0                                                                        @ r4 := type calculation
        mov r7, #0                                                                        @ r7 := iv index
        ldr r5, pokemon_getattr
        b test

loop:
        mov r0, r6                                                                        @ [r0] := pokemon
        mov r1, #0x27                                                                @ GET_HP_IV
        add r1, r7
        bl call
        mov r1, #1
        and r0, r1
        lsl r0, r7
        orr r4, r0
        add r7, #1

test:
        cmp r7, #6
        bne loop

floor:
        mov r0, #15
        mul r0, r4
        mov r1, #63
        swi #0x6

decode:                                                @ add 2 if below 8, 1 otherwise
        cmp r0, #8
        blo L1
        add r0, #1

L1:
        add r0, #1
        pop {r4-r7, pc}

call:
        bx r5

.align 2

write_type: .word 0x0803098E +1
battle_slot_mapping: .word 0x02023BCE
party_player: .word 0x02024284
move_data: .word 0x08250C04
pokemon_getattr: .word 0x0803FBE8 +1
display_type: .word 0x081368D6 +1
pkmn_status_data: .word 0x0203B140




And, this is what it looks like already assembled:
Code:

F8 B4 77 46 88 00 C9 00 40 18 27 49 09 18 88 78 0A 78 87 2A 0A D1 28 78 40 00 21 49 40 18 00 78 64 21 48 43 1F 49 40 18 00 F0 1B F8 BE 46 F8 BC 1A 49 08 47 F9 B4 77 46 90 00 D1 00 40 18 40 19 81 78 02 78 87 2A 08 D1 1A 48 00 68 32 21 09 02 90 31 40 18 00 F0 05 F8 01 1C BE 46 F9 BC 14 4A 10 47 F0 B5 06 1C 00 24 00 27 10 4D 09 E0 30 1C 27 21 C9 19 00 F0 10 F8 01 21 08 40 B8 40 04 43 01 37 06 2F F3 D1 0F 20 60 43 3F 21 06 DF 08 28 00 D3 01 30 01 30 F0 BD 28 47 C0 46 8F 09 03 08 CE 3B 02 02 84 42 02 02 04 0C 25 08 E9 FB 03 08 D7 68 13 08 40 B1 03 02


As usual, insert it at an offset ending in 0x0, 0x4, 0x8, or 0xC. For simplicity, I'll refer to this offset as A.

Now, we need to modify the routines to call this new code. There are two places to modify.

Code:

0x08030984: 00 48 00 47 xx xx xx xx


Code:

0x081368CC: 00 49 08 47 yy yy yy yy


The x's are A + 0x01, in reverse hex, while the y's are A + 0x35, also in reverse hex.

This affects the type icons on the party menu (as well as when learning a new move), and the type listed when selecting an attack.

This does not affect the type displayed by the TM Case. As that's not associated with a particular Pokemon, it just reads the type from the move data table. I actually suggest changing Hidden Power's entry in the table to be ???-type (change the byte at 0x08251722 from 0x00 to 0x09), so it will show as that in the TM Case, and the actual type everywhere else.

I didn't bother to force it to calculate and display the base power for Hidden Power, as I prefer the constant base power anyway, but if this was any indication, it would be pretty easy to do.

I've found a problem, when I use this routine, the moves types in-battle shows 99999999... or nothing. For someone who found this problem, you probably have repointed the move data, simply change the offset of "move_data: .word 0x08250C04" to your move data offset.

robinjea November 18th, 2016 3:35 AM

Quote:

Originally Posted by destinedjagold (Post 9489964)
Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

BluRose November 18th, 2016 5:18 AM

Quote:

Originally Posted by BlackWhiteRobin (Post 9491317)
Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

port addresses
i can do it in like 7 hours when i get home

Sea Dragon November 18th, 2016 1:11 PM

Quote:

Originally Posted by mbcn10ww (Post 9479009)
The Shedinja's evolution was fixed but not registering on Pokédex.

Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.

mbcn10ww November 18th, 2016 5:14 PM

Quote:

Originally Posted by Sea Dragon (Post 9491701)
Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.

Thanks man, it worked fine. xD

Versekr Dark November 20th, 2016 1:15 PM

Quote:

Originally Posted by BluRose (Post 9491386)
port addresses
i can do it in like 7 hours when i get home

Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

BluRose November 20th, 2016 1:35 PM

Quote:

Originally Posted by Versekr Dark (Post 9493434)
Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco

Versekr Dark November 20th, 2016 2:27 PM

Quote:

Originally Posted by BluRose (Post 9493446)
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco

Thank you very much, I really thought I would not answer haha ​​xD, I'm looking forward to finishing your work and sorry if I can not help too much. I'm very new in hexadecimal and I do not know anything about asm.

DonaldTrumpIsAGod November 21st, 2016 8:18 AM

Quote:

Originally Posted by Lost Heart (Post 8388671)
Spoiler:

Check/Count a Specific Pokémon Species in the Party (FR/LG/Em)


So I'm not sure if there is a way to do this by scripting in these games, and I saw that trading-style thing post just a few above, but I wrote up a quick bit of ASM code to count the number of a specific species of Pokémon in the party, as a bit of practice for myself, and I thought I would share it.

The reason I wrote is so that it could be mainly used as a checkpartypokemon-like command in a script.

It works for FireRed and LeafGreen with no changes, works for Emerald by performing the changes given, and will probably work with any game as long as you find the matching offsets. ;)

Anyway, here's the ASM for FR/LG:
Code:

.text
.align 2
.thumb
.thumb_func
.global CountPartyPokemonSpecies

main:
        push {r0-r7, lr}
        mov r5, #0x0 @ This means fail
        ldr r6, var
        ldr r7, party_amount
        ldrb r4, [r7] @ Get Pokemon count from r7
        cmp r4, #0x0
        beq exit
        ldrh r3, [r6] @ Get the species to check
        cmp r3, #0x0
        beq exit @ Don't allow Missingno. This doesn't limit the species from going up, though.
        mov r7, #0x0
loop:
        ldr r0, first_pokemon @ Offset of first Pokemon
        mov r1, #0x64 @ Length of Pokemon RAM data
        mul r1, r1, r7 @ r7 holds current index
        add r0, r0, r1
        bl decrypt_poke_species @ Get this specific species.
        mov r9, r0
        pop {r0-r7}
        cmp r9, r3
        bne next
        add r5, r5, #0x1 @ Increase the counter
next:
        add r7, r7, #0x1 @ Increase party index
        cmp r7, r4 @ And compare against the number in the party
        blo loop @ I could use a bls here?
exit:
        str r5, [r6, #0x10] @ Store the result (r5) in r6 (the var -- 0x800D)
        pop {r0-r7, pc} @ Return

decrypt_poke_species:
        push {r0-r7}
        mov r1, #0xB @ This is the index for the Pokemon species.
        ldr r2, decrypt_poke @ Call the Pokemon decryption code
        bx r2

.align 2
party_amount:
        .word 0x02024029
first_pokemon:
        .word 0x02024284
var: @ Got this beauty from HackMew.
        .word 0x020270B8 + (0x8004 * 2)
decrypt_poke:
        .word 0x0803FBE9


And to work for Emerald, you need only change the end stuff:
Code:

.align 2
party_amount:
        .word 0x020244E9
first_pokemon:
        .word 0x020244EC
var: @ Got this beauty from HackMew.
        .word 0x020275D8 + (0x8004 * 2)
decrypt_poke:
        .word 0x0806A519


Some of it is based off some stuff from HackMew's Pokemon take away code, so yeah.

And of course, here's a sample script explaining how to use it:
[code]
#dynamic 0x800000

#include stdpoke.rbh

#org @start
lock
faceplayer
bufferpokemon 0x0 PKMN_MAGIKARP
setvar 0x8004 PKMN_MAGIKARP // Change this to the species you want
callasm 0x08XXXXXX // This is the offset of the routine + 1
compare LASTRESULT 0x1 // The count is stored in 0x800D
if B_>= goto @some // It will be 0 if there is none, or 1-6 for the count
msgbox @m1 MSG_KEEPOPEN // It also counts eggs, so yeah...
release
end

#org @some
buffernumber 0x1 LASTRESULT
msgbox @m2 MSG_KEEPOPEN
release
end

#org @m1
= You don't have any [buffer1]!

I hope someone finds this useful, even if for just an example for beginners to learn from.
Enjoy~! ^_^

EDIT: I added Emerald, although I didn't test it. ;)
EDIT 2: I tested the Emerald code, and it works. ^_^

Could I use this to check for specific forms of Unown?

DizzyEgg November 21st, 2016 8:47 AM

Quote:

Originally Posted by DonaldTrumpIsAGod (Post 9494254)
Could I use this to check for specific forms of Unown?

Nope, it's a different thing.

BluRose November 21st, 2016 8:47 AM

Quote:

Originally Posted by DonaldTrumpIsAGod (Post 9494254)
Could I use this to check for specific forms of Unown?

no
unown formes are determined by their PIDs and do not count as seperate pokémon themselves

edit: damn it dizzy

LCCoolJ95 November 25th, 2016 7:11 AM

Quote:

Originally Posted by BluRose (Post 9493446)
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

Hello, just wondering how this is going!

BluRose November 25th, 2016 9:30 AM

Quote:

Originally Posted by LCCoolJ95 (Post 9498019)
Hello, just wondering how this is going!

research/small tangent about how this was originally going
Spoiler:
Spoiler:
Code:

.text
.thumb
.thumb_func
.align 2

201E0:
        add r0, r1, #0x0
        add r1, r5, #0x0
        bl 1E0868 @???
        mov r2, r10
        strh r0, [r2]
        lsl r0, r0 , #0x10
        cmp r0, @0x0
        bne 201F6
        mov r0, #0x1
        strh r0, [r2]
201F6:
        ldr r0, =(0x02024DEE) @20248
        strh r6, [r0]
        ldr r2, =(0x02000000) @2024C
        ldr r3, =(0x0001600F) @20250
        add r2, r1, r3
        ldrb r0, [r2]
        add r0, #0x1
        mov r3, #0x0
        strb r0, [r2]
        ldr r2, =(0x00016018) @20254
        add r0, r1, r2
        strb r3, [r0]
        ldr r3, =(0x0001605F) @20258
        add r1, r1, r3
        mov r0, r8
        strb r0, [r1]
        ldr r0, =(0x02025A64) @2025C
        ldr r0, [r0]
        cmp r0, #0x0
        beq 20220
        b 20996
20220:
        ldr r0, =(0x02000000) @2024C
        ldr r1, =(0x00016018) @20254
        add r0, r0, r1
        ldrb r1, [r0]
        mov r0, #0x64
        mul r0, r1
        ldr r1, =(0x02004360) @20260
        add r0, r0, r1
        mov r1, #0xC
        bl 3CB60
        lsl r0, r0, #0x10
        lsr r0, r0, #0x10
        cmp r0, #0xAF
        bne 2026C
        ldr r0, =(0x02025734) @20264
        ldr r2, =(0x00003688) @20268
        add r0, r0, r2
        ldrb r4, [r0]
        b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
        bl A993C
        lsl r0, r0, #0x18
        lsr r4, r0, #0x18

20274:
        ldr r5, =(0x02000000) @20294
        cmp r4, #0x19
        beq 202A0
        ldr r3, =(0x0001605F) @20298
        add r1, r5, r3
        ldrb r0, [r1]
        mov r2, #0x1
        and r2, r0
        cmp r2, #0x0
        bne 202A0
        lsr r0, r0, #0x1
        strb r0, [r1]
        ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
        add r1, r5, r0
        b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:        @where andrea's return is going to
        ldr r1, =(0x00016018) @202D4
        add r0, r5, r1
        ldrb r1, [r0]
        mov r0, #0x64
        mul r0, r1
        ldr r1, =(0x03004360) @202D8
        add r0, r0, r1
        mov r1, #0x38
        bl 3CB60
        cmp r0, #0x64
        bne 202E8
        ldr r2, =(0x0001605F) @202DC
        add r1, r5, r2
        ldrb r0, [r1]
        lsr r0, r0, #0x1
        mov r1, #0x0
        strb r0, [r1]
        ldr r3, =(0x0001600F) @202E0
        add r1, r5, r3
202C8:
        mov r0, #0x5
        strb r0, [r1]
        ldr r0, =(0x02024BEC) @202E4
        str r2m [r0]
        b 20996

@[pointers/constants]
@202D4-202E7

202E8:
        @insert function here

20996:        @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
        @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
        pop {r3-r5}
        mov r8, r3
        mov r9, r4
        mov r10, r5
        pop {r4-r7}
        pop {r0}
        bx r0

@[more constants and shit]

3CB60

A993C

1E0868



it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm fucking dumb
Code:

branch point AXVE:
        20280
return point AXVE:
        2028C (notice how it's literally branch +0xC)

branch point BPRE:
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8


magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time


- - - - - - - - -
Andrea's Gen VI Exp. Share
- - - - - - - - -

Credits to Andrea~ and The_Learner

bpre:
Spoiler:
Code:

21CD0 - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20


routine at XXXXXXXX
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



bpee:
Spoiler:
Code:

4A594 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20


Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



have a nice day, this took way too long <3

robinjea November 26th, 2016 12:24 AM

Quote:

Originally Posted by BluRose (Post 9498116)
Spoiler:
Code:

.text
.thumb
.thumb_func
.align 2

201E0:
    add r0, r1, #0x0
    add r1, r5, #0x0
    bl 1E0868 @???
    mov r2, r10
    strh r0, [r2]
    lsl r0, r0 , #0x10
    cmp r0, @0x0
    bne 201F6
    mov r0, #0x1
    strh r0, [r2]
201F6:
    ldr r0, =(0x02024DEE) @20248
    strh r6, [r0]
    ldr r2, =(0x02000000) @2024C
    ldr r3, =(0x0001600F) @20250
    add r2, r1, r3
    ldrb r0, [r2]
    add r0, #0x1
    mov r3, #0x0
    strb r0, [r2]
    ldr r2, =(0x00016018) @20254
    add r0, r1, r2
    strb r3, [r0]
    ldr r3, =(0x0001605F) @20258
    add r1, r1, r3
    mov r0, r8
    strb r0, [r1]
    ldr r0, =(0x02025A64) @2025C
    ldr r0, [r0]
    cmp r0, #0x0
    beq 20220
    b 20996
20220:
    ldr r0, =(0x02000000) @2024C
    ldr r1, =(0x00016018) @20254
    add r0, r0, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x02004360) @20260
    add r0, r0, r1
    mov r1, #0xC
    bl 3CB60
    lsl r0, r0, #0x10
    lsr r0, r0, #0x10
    cmp r0, #0xAF
    bne 2026C
    ldr r0, =(0x02025734) @20264
    ldr r2, =(0x00003688) @20268
    add r0, r0, r2
    ldrb r4, [r0]
    b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
    bl A993C
    lsl r0, r0, #0x18
    lsr r4, r0, #0x18

20274:
    ldr r5, =(0x02000000) @20294
    cmp r4, #0x19
    beq 202A0
    ldr r3, =(0x0001605F) @20298
    add r1, r5, r3
    ldrb r0, [r1]
    mov r2, #0x1
    and r2, r0
    cmp r2, #0x0
    bne 202A0
    lsr r0, r0, #0x1
    strb r0, [r1]
    ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
    add r1, r5, r0
    b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:    @where andrea's return is going to
    ldr r1, =(0x00016018) @202D4
    add r0, r5, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x03004360) @202D8
    add r0, r0, r1
    mov r1, #0x38
    bl 3CB60
    cmp r0, #0x64
    bne 202E8
    ldr r2, =(0x0001605F) @202DC
    add r1, r5, r2
    ldrb r0, [r1]
    lsr r0, r0, #0x1
    mov r1, #0x0
    strb r0, [r1]
    ldr r3, =(0x0001600F) @202E0
    add r1, r5, r3
202C8:
    mov r0, #0x5
    strb r0, [r1]
    ldr r0, =(0x02024BEC) @202E4
    str r2m [r0]
    b 20996

@[pointers/constants]
@202D4-202E7

202E8:
    @insert function here

20996:    @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
    @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
    pop {r3-r5}
    mov r8, r3
    mov r9, r4
    mov r10, r5
    pop {r4-r7}
    pop {r0}
    bx r0

@[more constants and ****]

3CB60

A993C

1E0868



it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm ****ing dumb
Code:

branch point AXVE:
        20280
return point AXVE:
        2028C (notice how it's literally branch +0xC)

branch point BPRE:
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8


magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time
as usual, untested
Spoiler:
Code:

21CCE - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20


routine at XXXXXXXX
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/ /*i was entirely off in my original searching for this ehehe*/
MOV R11, R0
POP {R0}
BX R11



and because lccoolj95's going to ask for it, bpee (still untested):
Spoiler:
Code:

4A592 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20


Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



have a nice day, this took way too long <3

Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

BluRose November 26th, 2016 6:01 AM

Quote:

Originally Posted by BlackWhiteRobin (Post 9498612)
Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

lol ok i'll have to adjust it. likely because different registers are (probably) used for the check-item routine across all three versions, and i honestly only found it because the checkitem script command references it in each version
report back with fr, please <3

EDIT: i'll do fr, but how done i was yesterday shines through in that i didn't even tell to make the pointer aligned. :P

EDIT2: works here after a few byte changes to my byte changes were made to made. updating post

EDIT3: works in em after doing the same byte changes.

happy hacking!

Zeturic December 18th, 2016 11:27 AM

Powder Jar [FR]

The amount of berry powder is stored in a byte at
[0x300500C] + 0xAF8
. It's referred to as field_af8. It is encrypted via the Security Key.

In finding this, I found a function at
0x0815EE3C
which takes a pointer and decrypts what it points to with the Security Key.

esperance December 20th, 2016 11:09 AM

Door Animation Format

Door animations follow a very simple 12-byte format, which I'm sharing for anyone that needs a reference.

Code:

| Offset  | Type          | Notes                            |
|------------------------------------------------------------|
| 0-1    | Tile index    |                                  |
| 2      | Sound flag    | 00 = door, other = sliding door  |
| 3      | Tile flag    | 00 = one tile, other = two tiles |
| 4-7    | Image        | pointer, uncompressed            |
| 8-11    | Palette      | pointer                          |


The data is stored in tables, and can be found at the following offsets:
Code:

AXVE: 30F9B4
AXPE: 30F944
BPRE: 35B5D8
BPGE: 35B5B8
BPEE: 497174




All times are GMT -8. The time now is 8:53 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.