The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Binary Hack Research & Development (https://www.pokecommunity.com/forumdisplay.php?f=195)
-   -   Quick Research & Development Thread (https://www.pokecommunity.com/showthread.php?t=205158)

sonic1 April 11th, 2012 10:46 AM

Ok, sorry, my bad, the script doesn't work, and i don't know why. In the past months i only worked with ASM, so i'm a but rusty with scripts. Here's a routine.
Try callingasm this routine:
Code:

.align 2
.thumb

main:
        push {r0-r4, lr}
        ldr r0, =0x3E8                        @flag base
        ldr r1, =0x0                        @counter
loop:
        cmp r1, #0xBE
        bhi end
        add r1, r1, #0x1
        bl clearflag
        add r0, r0, #0x0                @next flag
        b loop
end:
        pop {r0-r4, pc}

clearflag:
        ldr r4, =0x0806E6A8+1          @clearflag routine offset
        bx r4


Hope this helps.

Light_of_Aether April 20th, 2012 8:53 AM

I looked at the list of identified flags posted by DavidJCobb and it isn't very clear which ranges of flags can be used safely. It looks like the range between 0AE and 154 doesn't have any flags. Does anyone know if new flags can be created in that range?

Chaos Rush April 28th, 2012 9:59 PM

I figured out how to edit the Hoenn Dex order in Ruby, without editing the National Dex. The offset is at 0x1FC84C. It does not list by Pokemon index number, it lists by dex entry index number. Treecko's index number is 277, but Treecko's dex entry number is 252. Which is why the byte at the offset I listed is FC. Changing the bytes here will change the Hoenn Dex while keeping the National Dex intact.

I suspect the same table exists in Emerald, and the bytes should be exactly the same.

EDIT: Hacked the Hoenn Dex to something similar (but not exactly the same) to a listing I'm planning on using in a future hack:
http://i49.tinypic.com/262l4s9.png

sonic1 April 29th, 2012 8:09 AM

Quote:

Originally Posted by Chaos Rush (Post 7153621)
I figured out how to edit the Hoenn Dex order in Ruby, without editing the National Dex. The offset is at 0x1FC84C. It does not list by Pokemon index number, it lists by dex entry index number. Treecko's index number is 277, but Treecko's dex entry number is 252. Which is why the byte at the offset I listed is FC. Changing the bytes here will change the Hoenn Dex while keeping the National Dex intact.

I suspect the same table exists in Emerald, and the bytes should be exactly the same.

EDIT: Hacked the Hoenn Dex to something similar (but not exactly the same) to a listing I'm planning on using in a future hack:
http://i49.tinypic.com/262l4s9.png

Yup, that table exists in Emerald, it's located at 0x31DFB8
For any ruby/firered to emerald equivalents, you can ask me, as i'm a emerald hacker.

Chaos Rush April 29th, 2012 8:47 AM

Quote:

Originally Posted by sonic1 (Post 7154117)


Yup, that table exists in Emerald, it's located at 0x31DFB8
For any ruby/firered to emerald equivalents, you can ask me, as i'm a emerald hacker.

Do you know where the limiter that limits the Hoenn Dex to 202 entries is though? It would be nice if we could expand it. It shouldn't require any ram repointing because the maximum amount of entries that the ram allows is 386.

Jambo51 May 12th, 2012 5:56 AM

For anyone interested, in FR US 1.0 (aka BPRE 1.0), to change your Pokédex "mode" to the style which DPPt used (That is, to have the seen amount displayed in the continue screen and the save screen instead of the caught numbers), change:

0800CF56: 00 20
0800CF64: 00 20
080F803C: 00 20
080F8044: 00 20

It really is that simple. :)

Haru~ May 22nd, 2012 6:48 AM

Hello guys! :)

Does anyone know the RAM location for the player's current money, if any?
I've been messing with the memory viewer but I can't see it unless I access the trainer card, 0x02000490. But I want to know where the data is when you're not viewing the card.

EDIT: Oh, it's for BPRE. Silly me! ^^

Spherical Ice May 22nd, 2012 6:51 AM

Well the offset 0x054B80 contains bytes that can be edited to change the amount of money you start off with in FireRed, but I don't know which ROM you're referring to.

Chaos Rush May 31st, 2012 2:08 PM

Quote:

Originally Posted by Jambo51 (Post 7101031)
stuff

So glad I found this, thank you! I've been thinking of figuring out how to make my own callasm command for battle scripting, but you've just saved me some work!

aar2697 June 4th, 2012 2:35 PM

For the setmapfooter command/script in XSE, you're required to know the map footer for the map. Some people suggest subtracting the map footer table from the pointer to map footer offset, but there's a much easier way. I also think that method only works with Emerald, because since no one has posted the map footer table for Fire Red on these forums, I had to reverse find the "table," but using that number did not work with other maps than the map that I used to reverse find it. I probably checked my math, offsets, and pointers countless times, and I'm positive that method doesn't work with Fire Red.

This, however DOES work with Fire Red, along with Leaf Green, Ruby, Sapphire, and Emerald.
1. Go into Advance Map.
2. Choose a map you want the setmapfooter command to work with.
3. Go to header.
4. CTRL+H for professional settings.
5. Find the 19th byte in the Map Header (long strand of bytes under Map Settings)
6. That 19th byte is what you will use.

Haru~ June 7th, 2012 11:13 PM

After a long battle with cancer trying to find the RAM location of the player's money, I had a feeling that it is encrypted somewhere in the RAM and that's why I can't find it. So after going to my local POKeMART, I found a little routine that seems to decrypt something. After doing further testing, I made this routine to get the player's current money using the game's own code.

The routine:
Spoiler:

Code:

.align 2
.thumb

/*This routine does all the hard work in retrieving your current
money and stores it in vars 0x8000 and 0x8001.
        0x8000 - Lower half
        0x8001 - Upper half
*/

main:        push {r4-r6, lr}
        ldr r6, .DMA_MAP
        ldr r0, [r6, #0x0]
        mov r5, #0xA4
        lsl r5, r5, #0x2
        add r0, r0, r5
        ldr r1, .OTHER_RAMLOC
        ldr r1, [r1, #0x8]
        bl get_amount                /*Does the actual decrypting*/
        ldr r1, .VAR_8000
        str r0, [r1]
        pop {r4-r6, pc}

get_amount:        ldr r4, .DO_CALC
                bx r4

.hword 0x0000
.DMA_MAP:        .word 0x03005008
.OTHER_RAMLOC:        .word 0x02039934
.VAR_8000:        .word 0x020370B8 /*Var 0x8000-0x8001*/
.DO_CALC:        .word 0x0809FD59




I slept after that...

aar2697 June 9th, 2012 11:14 PM

What I've noticed is that when you insert a map, you are not able to ride the bicycle on that map even if you edit all of the header settings for the map. The solution to this lies in the string of bytes for the map header.

1. In Advance Map, go to the map header and enter the professional map header settings with CTRL+H.
2. In the string of bytes for the map header under "Map options:," find the first of the last four bytes (byte #25 if that confuses you).
3. Change that byte (byte #25) to 01.
4. You can now ride the bicycle on that map!

looper June 30th, 2012 2:57 PM

Did someone ever thought about more characters than the two genders in FR? For example 2 boys and 2 girls?
In my eyes it would need a change of the choice in the intro and a modification of the scripts that renders the trainerbattles (backsprite) and the maps (OW) as like some minor things.
My Question is: Would it be possible with a small amount of work? I don't know how the routines that differ the gender work, but thinking about the checkgender command gives me the feeling that the game only allows 2 Values.

Does anyone know sth. about it?

redriders180 July 1st, 2012 10:29 PM

Quote:

Originally Posted by looper (Post 7234389)
Did someone ever thought about more characters than the two genders in FR? For example 2 boys and 2 girls?
In my eyes it would need a change of the choice in the intro and a modification of the scripts that renders the trainerbattles (backsprite) and the maps (OW) as like some minor things.
My Question is: Would it be possible with a small amount of work? I don't know how the routines that differ the gender work, but thinking about the checkgender command gives me the feeling that the game only allows 2 Values.

Does anyone know sth. about it?

It definitely would be alot of work. You could use a small shortcut, however, and take a leaf out of JPANs book and make a backsprite-switching and OW switching command. This would get around the OW and backsprite problem, although there are many other things that aren't addressed in JPANs hack engine, such as the small sprite of the player's head that shows up on the World Map, the end credits script, and plenty of other things. You could always modify the ASM behind the main part of the ROM that holds the player's gender, which according to my notes is at 0x0300500C + 0x8, to hold other values. Currently, it only uses 0 for boy and 1 for girl, but I'm sure you could make it accept other values with some ingenuity. But you'd need to go to every single routine in-game that depends on gender, and change the routine to have more branches. Alot of things change color depending on the gender, in addition to other things. If you're experienced enough to take it on, by all means, go for it :D, otherwise, try pursuing a simpler path. For instance, after Oak's intro, ask the player, in a script, if they'd like to be Type A boy or Type B boy, or Type A girl or Type B girl, and adjust the variables accordingly.

Platinum Lucario July 29th, 2012 3:21 PM

Hm... I've actually found the name input screen graphics in a/1/1/9 on a Pokémon Black 2/White 2 ROM. And then I found the name input screen graphics in a/1/1/8 on the first Pokémon Black/White ROMs. But when I try to insert the name input graphics from Black into Black 2... here's what happens, the graphics may be changed... but the characters and the cursor position haven't changed, so I'm actually wondering where the data for the name input screen and cursor position are... so then I can then replace the data from the first Black Version into Black Version 2.
http://img28.imageshack.us/img28/1042/inputscreenissue2.pnghttp://img836.imageshack.us/img836/622/inputscreenissue3.png

Keegsu August 7th, 2012 3:29 AM

I recently replaced the battery in my old Ruby Version cart, as it had run dry due to age. Some things have been working fine since the replacement (clock's running, Shoal Cave works like it's supposed to). Other things, however, are displaying symptoms very reminiscent of the old Berry Glitch that used to plague Ruby & Sapphire versions (berries won't grow, lotto tickets don't work). Now, I can't imagine the R/S/E programmers devoting much effort to elegantly restoring all the RTC related functionality after a dry battery has been replaced so finding these glitches after going through the effort to repair my cart are kind of disappointing but unsurprising.

I'm wondering about the feasibility of dumping my save using a tool like GBA_Backup_Tool and using some hacking tools to determine what's gone wrong with my save, perhaps comparing it with a healthy save, then fixing it and dumping it back to the original cart. Has fixing a bug like this ever been tried before?

Gamer2020 August 7th, 2012 5:26 PM

Quote:

Originally Posted by Keegsu (Post 7289727)
I recently replaced the battery in my old Ruby Version cart, as it had run dry due to age. Some things have been working fine since the replacement (clock's running, Shoal Cave works like it's supposed to). Other things, however, are displaying symptoms very reminiscent of the old Berry Glitch that used to plague Ruby & Sapphire versions (berries won't grow, lotto tickets don't work). Now, I can't imagine the R/S/E programmers devoting much effort to elegantly restoring all the RTC related functionality after a dry battery has been replaced so finding these glitches after going through the effort to repair my cart are kind of disappointing but unsurprising.

I'm wondering about the feasibility of dumping my save using a tool like GBA_Backup_Tool and using some hacking tools to determine what's gone wrong with my save, perhaps comparing it with a healthy save, then fixing it and dumping it back to the original cart. Has fixing a bug like this ever been tried before?

I think this is more of a question then actual research but I shall answer it anyway. I recall R/S had some problem making it so that time based events would stop work properly after a year. They did later on have ways to fix this. You can link it up to XD gale of darkness and it will fix it I believe. Also you can link it up to FR/LG and do something and it will also get fixed. I can't remember if Emerald does the same or if Colosseum had a fix. Google and research it, I can tell you there is definitely no need to dump your save.

Keegsu August 7th, 2012 9:06 PM

Quote:

Originally Posted by Gamer2020 (Post 7290730)

I think this is more of a question then actual research but I shall answer it anyway. I recall R/S had some problem making it so that time based events would stop work properly after a year. They did later on have ways to fix this. You can link it up to XD gale of darkness and it will fix it I believe. Also you can link it up to FR/LG and do something and it will also get fixed. I can't remember if Emerald does the same or if Colosseum had a fix. Google and research it, I can tell you there is definitely no need to dump your save.

Perhaps I should clarify- I did those patches ages ago, hence my referring to the "old Berry Glitch," as it's not a glitch that should be around any more. This is a copy of Ruby version that I've owned since 2003-2004 and it has done plenty of trading with FR/LG carts and with Colosseum on the same save that still exists. I even tried loading the patch program in my copy of FR and patching the game just in case I somehow managed to avoid getting the patch after all, and the Ruby cart comes up with an "Unable to update" message which I can't imagine is indicative of anything other than that it's already been updated.

The weird thing that's going on here, and the reason I gravitated towards the Research forum and started thinking about dumping my save (which I've done now, I'm just too inexperienced/stupid at hex-editing gba saves for the moment to actually do anything with the dumped save other than play it in VBA), is that I've somehow managed to replicate the effects of a glitch that should have been patched out of the game years ago. The obvious answer to "how" is that I'm experiencing continuing effects of the battery running dry despite putting in a new battery because the game doesn't know how to restart particular features after they've broken due to the battery (not due to the aforementioned glitch that Nintendo patched out themselves) and I want to research exactly what happened. There's one person in the Gen III Q&A thread who's mentioned experiencing the same issue under the exact same circumstances but overall it's not something that's been documented because the rare folks who actually change the dry lithium cells in their RSE carts mostly seem to just start new games once they do so.

What I want to do with the save file I've dumped is unpackage it and take a look at what's going on with the Loamy Soil data using a hex editor and see if there's anything insane going on with the minutes remaining variables for my berry bushes or if there's anything else amiss. Right now I lack the means to unpackage it though there's plenty of useful reference information on Ruby/Sapphire save file data structure on furlocks-forest (which I can't link yet since the board software won't let me until I've posted more).

Alternatively, there's the possibility I'm a complete idiot and it really is something simple I can patch using official Nintendo stuff and I just haven't done enough Google research. Somebody talk me down from my insane scheme if you think this is the case.

aar2697 August 11th, 2012 9:10 PM

Some fun music hacking info..
There are fanfares (I guess I'll call them that) and songs. The difference between them is that if you start a fanfare on one map and go to the next, the fanfare will overlap with the new music. It will sound like a blended mess. If you insert a music track that you want for a city or route over it, then it'll still keep the characteristics of the fanfare. This is not good because the music will blend if you go to another map. To fix this, you must find the track's pointer in the song table. This can easily be found by looking at the "Table" offset in Sappy. So, you have the pointer. There are four bytes after the pointer. 00 00 00 00 means it's a song. 02 00 02 00 means it's a fanfare. If you want to make a song a fanfare, vice versa, then you change the bytes to what you desire. Now, you can replace the futile "You Fail It" tracks with great route music, or some other fanfare you want to replace.

Also, make sure you do this for every song table you have. You only have one if you haven't made another, by the way. :D

redriders180 August 13th, 2012 8:18 AM

I didn't think this warranted an entire thread, mainly because I'm sure someone else has figured this out by now.

In Gen V games, the stat calculations system was overhauled, and stats are recalculated after every battle. This is all well and good, and I wouldn't touch it in any case, but one thing caught my eye...Deoxys's stats are calculated after every battle as well, even in Gen III. Only Deoxys. Why would they waste such a perfectly good system for ONLY Deoxys? I expect it's because of the forme-changing, but they could've expanded the system for everything!

Surely, since the system is already in place, it's a very simple matter to change it from affecting just one Pokemon to affecting all of them. Does anyone know anything about what someone might be able to do to fix this?

looper August 13th, 2012 10:16 AM

Quick Question:
Thanks to pichu2000's Tutorial I know that the data that links the data (maps, events, scripts and texts) is stored in the file a/0/1/3. Where is the data stored in DPP / HGSS?
And a second question: Are the commands used for scripting the same in DPP and HGSS?

tajaros August 18th, 2012 2:49 PM

Hey guys I have a question, do you guys now where the Trainer Card Sprite Table is?

I wan't to repoint the sprite being loaded when your male and change it to another number for example sprite #90...

I would appreciate if you guys can help me, and I know that there's a command in Jpan's Engine but I wan't to do it without applying the patch so can you guys help me?

NOTE: This is for the male sprite I don't need to repoint the Heroine sprite... :)

Artemis251 September 6th, 2012 1:49 PM

Hey, I'm not sure if this'll be noticed, but I'm givin' it a shot:

Does anyone know the location of either A) the code that makes Mew and Deoxys use/set the obedience bit, or B) the area that performs the check for the obedience bit in Pokemon Emerald? I'm planning on sprucing up my Pokemon Emerald Randomizer program, and I'd love to get that issue out of the way, as randomized wild pokemon imply possible legitimate Mew and Deoxys usage.

I've searched the forums and found a solution to fix wild Mews' obedience bit in FR/LG, but couldn't find Deoxys and additionally couldn't find anything similar in Emerald's code. Granted, I'm really lost in terms of ASM without a decent GBA debugger, but any help on this matter would be greatly appreciated. I've done ASM hacking on GBC before, so I'm not afraid to get my hands dirty. I figure that it's a simple replacement of a few bytes with NOOP, assuming the location of the check is known.

Lookin' forward to a response, I hope! Thanks for taking a peek. :)

NintendoBoyDX September 7th, 2012 9:46 AM

Quote:

Originally Posted by Artemis251 (Post 7330908)
Hey, I'm not sure if this'll be noticed, but I'm givin' it a shot:

Does anyone know the location of either A) the code that makes Mew and Deoxys use/set the obedience bit, or B) the area that performs the check for the obedience bit in Pokemon Emerald? I'm planning on sprucing up my Pokemon Emerald Randomizer program, and I'd love to get that issue out of the way, as randomized wild pokemon imply possible legitimate Mew and Deoxys usage.

I've searched the forums and found a solution to fix wild Mews' obedience bit in FR/LG, but couldn't find Deoxys and additionally couldn't find anything similar in Emerald's code. Granted, I'm really lost in terms of ASM without a decent GBA debugger, but any help on this matter would be greatly appreciated. I've done ASM hacking on GBC before, so I'm not afraid to get my hands dirty. I figure that it's a simple replacement of a few bytes with NOOP, assuming the location of the check is known.

Lookin' forward to a response, I hope! Thanks for taking a peek. :)

FR Obedience checks:
Deoxys: 0x0801D3EC
Mew: 0x0801D402

There ya go.

CriticalKYUC September 7th, 2012 12:56 PM

How hard/easy would it be to insert the Sevii Islands into HG/SS?

Seems like it'd be something someone has already done.


All times are GMT -8. The time now is 8:53 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.