The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Binary Hack Research & Development (https://www.pokecommunity.com/forumdisplay.php?f=195)
-   -   Quick Research & Development Thread (https://www.pokecommunity.com/showthread.php?t=205158)

Froosty November 12th, 2016 12:53 AM

gen 6 exp share system (FR)

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20

Quote:

In gen 6, the pokemon battling used to get 100% and rest on team 50%
but with this all the pokemon including the one that battled will get 50% exp

Skeli November 14th, 2016 10:22 AM

If you decide to update your Pokemon Centers by extending the counter for instance, the animation for healing your Pokemon will be off. Use these offsets to fix it.
3CAF90 - The image for the Poke Balls and flashing screen. Open it in NSE with dimensions 32x72.
3CAFB0 - The palette for the Poke Balls and screens.
3CC014, 3CC01C, 3CC024 - A byte located at each of these controls the width between the two columns of Poke Balls on the healing machine.
83BB0 - A byte which controls the X coordinate proportional to the player sprite, of the Poke Balls on the healing machine. Fiddle around with it until you get the result you want.
83BB4 - A byte which controls the Y coordinate proportional to the player sprite, of the Poke Balls on the healing machine.
83BB9 - A byte which controls the X coordinate proportional to the player sprite, of the flashing screen.
83BBC - A byte which controls the Y coordinate proportional to the player sprite, of the flashing screen.
*NOTE: None of these bytes are coordinates in A-Map so don't go setting it to those.

LCCoolJ95 November 14th, 2016 5:36 PM

Quote:

Originally Posted by The_learner (Post 9484229)
gen 6 exp share system:

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20

Dude, is this for FR or EM?

Froosty November 14th, 2016 5:58 PM

Quote:

Originally Posted by LCCoolJ95 (Post 9487546)
Dude, is this for FR or EM?

Sorry in the first place for not telling for which rom it is... actually its for FR

BluRose November 14th, 2016 7:10 PM

Quote:

Originally Posted by LCCoolJ95 (Post 9487546)
Dude, is this for FR or EM?

gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

ok this should be finalized
no more crap from me ahaha

Versekr Dark November 16th, 2016 11:53 AM

Quote:

Originally Posted by BluRose (Post 9487628)
[UNTESTED. MIGHT NOT WORK BECAUSE OF FUNCTION DIFFERENCES (SPECIFICALLY THE FIRST ADDRESS, THE OTHER TWO LOOK FINE), BUT AT LEAST ADDRESSES FOR THE MODIFICATIONS ARE RIGHT.]
gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

Sorry for the ruby

destinedjagold November 16th, 2016 7:39 PM

Quote:

Originally Posted by Versekr Dark (Post 9489543)
Sorry for the ruby

Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Versekr Dark November 17th, 2016 7:27 AM

Quote:

Originally Posted by destinedjagold (Post 9489964)
Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Muchas gracias :), perdonen las molestias.


Thank you very much :), sorry for the inconvenience.

mbcn10ww November 17th, 2016 8:11 AM

Quote:

Originally Posted by Sagiri (Post 9240706)
Constant Base Power For Hidden Power [FR]

Starting with XY, Hidden Power's base power was fixed at 60. Prior to this, it varied between 30 and 70, based on the Pokemon's IVs. To force the game to read the base power from the move data table, null out the strh at 0x0802B722.

Basically, replace:
Code:

0x0802B722: 28 80


with:
Code:

0x0802B722: C0 46


After you've done that, HP will use the base power in the table as its base power. Unfortunately, in a vanilla FR it is listed as 0x01, so it will be very weak until you change it. Change the byte at 0x8251721 to 0x3C to give it a base power of 60 (as in XY).

This effects both the actual damage calculation and when you view the Known Moves screen.

(Not So) Hidden Power [FR]

By default, Hidden Power will always display as a Normal-type move. By modifying the routines for displaying the types of moves, we can force it to display as the actual type.

Unlike the earlier parts of this post, this requires some free space. Here's the code:

Spoiler:
Code:

.text
.align 2
.thumb
.thumb_func

write_type_hook:                                        @ r1 := move_id
        push {r3-r7}
        mov r7, lr

        lsl r0, r1, #2
        lsl r1, r1, #3
        add r0, r1                                                @ r0 := 12 * move_id
        ldr r1, move_data
        add r1, r0                                                @ [r1] := data for current move
        ldrb r0, [r1, #2]                                @ r0 := recorded type

        ldrb r2, [r1, #0]                                @ r2 := move effect id
        cmp r2, #0x87                                        @ HIDDEN_POWER_EFFECT
        bne return0

        ldrb r0, [r5]                                        @ r0 := slot
        lsl r0, #1                                                @ r0 := slot << 1
        ldr r1, battle_slot_mapping
        add r0, r1
        ldrb r0, [r0]                                        @ r0 := index in party
        mov r1, #100
        mul r0, r1                                                @ r0 := offset from party_player
        ldr r1, party_player
        add r0, r1                                                @ [r0] := pokemon

        bl hp_type_decode

return0:
        mov lr, r7
        pop {r3-r7}
        ldr r1, write_type
        bx r1

@ return value on r1
display_type_hook:                                        @ r2, r5 := move_id, move_data
        push {r0, r3-r7}
        mov r7, lr

        lsl r0, r2, #2
        lsl r1, r2, #3
        add r0, r1                                                @ r0 := 12 * move_id
        add r0, r5                                                @ [r0] := data for current move

        ldrb r1, [r0, #2]                                @ r1 := type
        ldrb r2, [r0, #0]                                @ r2 := effect_id
        cmp r2, #0x87
        bne return1

        ldr r0, pkmn_status_data
        ldr r0, [r0]
        mov r1, #0x32
        lsl r1, r1, #8
        add r1, #0x90
        add r0, r1                                                @ [r0] := pokemon
        bl hp_type_decode
        mov r1, r0

return1:
        mov lr, r7
        pop {r0, r3-r7}
        ldr r2, display_type
        bx r2

@ uint8_t hp_type_decode(pokemon_t*)
hp_type_decode:
        push {r4-r7, lr}
        mov r6, r0                                                                        @ [r6] := pokemon
        mov r4, #0                                                                        @ r4 := type calculation
        mov r7, #0                                                                        @ r7 := iv index
        ldr r5, pokemon_getattr
        b test

loop:
        mov r0, r6                                                                        @ [r0] := pokemon
        mov r1, #0x27                                                                @ GET_HP_IV
        add r1, r7
        bl call
        mov r1, #1
        and r0, r1
        lsl r0, r7
        orr r4, r0
        add r7, #1

test:
        cmp r7, #6
        bne loop

floor:
        mov r0, #15
        mul r0, r4
        mov r1, #63
        swi #0x6

decode:                                                @ add 2 if below 8, 1 otherwise
        cmp r0, #8
        blo L1
        add r0, #1

L1:
        add r0, #1
        pop {r4-r7, pc}

call:
        bx r5

.align 2

write_type: .word 0x0803098E +1
battle_slot_mapping: .word 0x02023BCE
party_player: .word 0x02024284
move_data: .word 0x08250C04
pokemon_getattr: .word 0x0803FBE8 +1
display_type: .word 0x081368D6 +1
pkmn_status_data: .word 0x0203B140




And, this is what it looks like already assembled:
Code:

F8 B4 77 46 88 00 C9 00 40 18 27 49 09 18 88 78 0A 78 87 2A 0A D1 28 78 40 00 21 49 40 18 00 78 64 21 48 43 1F 49 40 18 00 F0 1B F8 BE 46 F8 BC 1A 49 08 47 F9 B4 77 46 90 00 D1 00 40 18 40 19 81 78 02 78 87 2A 08 D1 1A 48 00 68 32 21 09 02 90 31 40 18 00 F0 05 F8 01 1C BE 46 F9 BC 14 4A 10 47 F0 B5 06 1C 00 24 00 27 10 4D 09 E0 30 1C 27 21 C9 19 00 F0 10 F8 01 21 08 40 B8 40 04 43 01 37 06 2F F3 D1 0F 20 60 43 3F 21 06 DF 08 28 00 D3 01 30 01 30 F0 BD 28 47 C0 46 8F 09 03 08 CE 3B 02 02 84 42 02 02 04 0C 25 08 E9 FB 03 08 D7 68 13 08 40 B1 03 02


As usual, insert it at an offset ending in 0x0, 0x4, 0x8, or 0xC. For simplicity, I'll refer to this offset as A.

Now, we need to modify the routines to call this new code. There are two places to modify.

Code:

0x08030984: 00 48 00 47 xx xx xx xx


Code:

0x081368CC: 00 49 08 47 yy yy yy yy


The x's are A + 0x01, in reverse hex, while the y's are A + 0x35, also in reverse hex.

This affects the type icons on the party menu (as well as when learning a new move), and the type listed when selecting an attack.

This does not affect the type displayed by the TM Case. As that's not associated with a particular Pokemon, it just reads the type from the move data table. I actually suggest changing Hidden Power's entry in the table to be ???-type (change the byte at 0x08251722 from 0x00 to 0x09), so it will show as that in the TM Case, and the actual type everywhere else.

I didn't bother to force it to calculate and display the base power for Hidden Power, as I prefer the constant base power anyway, but if this was any indication, it would be pretty easy to do.

I've found a problem, when I use this routine, the moves types in-battle shows 99999999... or nothing. For someone who found this problem, you probably have repointed the move data, simply change the offset of "move_data: .word 0x08250C04" to your move data offset.

robinjea November 18th, 2016 3:35 AM

Quote:

Originally Posted by destinedjagold (Post 9489964)
Here's one for Ruby.
Code:

08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20


XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11




It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.

Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

BluRose November 18th, 2016 5:18 AM

Quote:

Originally Posted by BlackWhiteRobin (Post 9491317)
Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;

port addresses
i can do it in like 7 hours when i get home

Sea Dragon November 18th, 2016 1:11 PM

Quote:

Originally Posted by mbcn10ww (Post 9479009)
The Shedinja's evolution was fixed but not registering on Pokédex.

Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.

mbcn10ww November 18th, 2016 5:14 PM

Quote:

Originally Posted by Sea Dragon (Post 9491701)
Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.

Thanks man, it worked fine. xD

Versekr Dark November 20th, 2016 1:15 PM

Quote:

Originally Posted by BluRose (Post 9491386)
port addresses
i can do it in like 7 hours when i get home

Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

BluRose November 20th, 2016 1:35 PM

Quote:

Originally Posted by Versekr Dark (Post 9493434)
Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)

check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco

Versekr Dark November 20th, 2016 2:27 PM

Quote:

Originally Posted by BluRose (Post 9493446)
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco

Thank you very much, I really thought I would not answer haha ​​xD, I'm looking forward to finishing your work and sorry if I can not help too much. I'm very new in hexadecimal and I do not know anything about asm.

DonaldTrumpIsAGod November 21st, 2016 8:18 AM

Quote:

Originally Posted by Lost Heart (Post 8388671)
Spoiler:

Check/Count a Specific Pokémon Species in the Party (FR/LG/Em)


So I'm not sure if there is a way to do this by scripting in these games, and I saw that trading-style thing post just a few above, but I wrote up a quick bit of ASM code to count the number of a specific species of Pokémon in the party, as a bit of practice for myself, and I thought I would share it.

The reason I wrote is so that it could be mainly used as a checkpartypokemon-like command in a script.

It works for FireRed and LeafGreen with no changes, works for Emerald by performing the changes given, and will probably work with any game as long as you find the matching offsets. ;)

Anyway, here's the ASM for FR/LG:
Code:

.text
.align 2
.thumb
.thumb_func
.global CountPartyPokemonSpecies

main:
        push {r0-r7, lr}
        mov r5, #0x0 @ This means fail
        ldr r6, var
        ldr r7, party_amount
        ldrb r4, [r7] @ Get Pokemon count from r7
        cmp r4, #0x0
        beq exit
        ldrh r3, [r6] @ Get the species to check
        cmp r3, #0x0
        beq exit @ Don't allow Missingno. This doesn't limit the species from going up, though.
        mov r7, #0x0
loop:
        ldr r0, first_pokemon @ Offset of first Pokemon
        mov r1, #0x64 @ Length of Pokemon RAM data
        mul r1, r1, r7 @ r7 holds current index
        add r0, r0, r1
        bl decrypt_poke_species @ Get this specific species.
        mov r9, r0
        pop {r0-r7}
        cmp r9, r3
        bne next
        add r5, r5, #0x1 @ Increase the counter
next:
        add r7, r7, #0x1 @ Increase party index
        cmp r7, r4 @ And compare against the number in the party
        blo loop @ I could use a bls here?
exit:
        str r5, [r6, #0x10] @ Store the result (r5) in r6 (the var -- 0x800D)
        pop {r0-r7, pc} @ Return

decrypt_poke_species:
        push {r0-r7}
        mov r1, #0xB @ This is the index for the Pokemon species.
        ldr r2, decrypt_poke @ Call the Pokemon decryption code
        bx r2

.align 2
party_amount:
        .word 0x02024029
first_pokemon:
        .word 0x02024284
var: @ Got this beauty from HackMew.
        .word 0x020270B8 + (0x8004 * 2)
decrypt_poke:
        .word 0x0803FBE9


And to work for Emerald, you need only change the end stuff:
Code:

.align 2
party_amount:
        .word 0x020244E9
first_pokemon:
        .word 0x020244EC
var: @ Got this beauty from HackMew.
        .word 0x020275D8 + (0x8004 * 2)
decrypt_poke:
        .word 0x0806A519


Some of it is based off some stuff from HackMew's Pokemon take away code, so yeah.

And of course, here's a sample script explaining how to use it:
[code]
#dynamic 0x800000

#include stdpoke.rbh

#org @start
lock
faceplayer
bufferpokemon 0x0 PKMN_MAGIKARP
setvar 0x8004 PKMN_MAGIKARP // Change this to the species you want
callasm 0x08XXXXXX // This is the offset of the routine + 1
compare LASTRESULT 0x1 // The count is stored in 0x800D
if B_>= goto @some // It will be 0 if there is none, or 1-6 for the count
msgbox @m1 MSG_KEEPOPEN // It also counts eggs, so yeah...
release
end

#org @some
buffernumber 0x1 LASTRESULT
msgbox @m2 MSG_KEEPOPEN
release
end

#org @m1
= You don't have any [buffer1]!

I hope someone finds this useful, even if for just an example for beginners to learn from.
Enjoy~! ^_^

EDIT: I added Emerald, although I didn't test it. ;)
EDIT 2: I tested the Emerald code, and it works. ^_^

Could I use this to check for specific forms of Unown?

DizzyEgg November 21st, 2016 8:47 AM

Quote:

Originally Posted by DonaldTrumpIsAGod (Post 9494254)
Could I use this to check for specific forms of Unown?

Nope, it's a different thing.

BluRose November 21st, 2016 8:47 AM

Quote:

Originally Posted by DonaldTrumpIsAGod (Post 9494254)
Could I use this to check for specific forms of Unown?

no
unown formes are determined by their PIDs and do not count as seperate pokémon themselves

edit: damn it dizzy

LCCoolJ95 November 25th, 2016 7:11 AM

Quote:

Originally Posted by BluRose (Post 9493446)
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

Hello, just wondering how this is going!

BluRose November 25th, 2016 9:30 AM

Quote:

Originally Posted by LCCoolJ95 (Post 9498019)
Hello, just wondering how this is going!

research/small tangent about how this was originally going
Spoiler:
Spoiler:
Code:

.text
.thumb
.thumb_func
.align 2

201E0:
        add r0, r1, #0x0
        add r1, r5, #0x0
        bl 1E0868 @???
        mov r2, r10
        strh r0, [r2]
        lsl r0, r0 , #0x10
        cmp r0, @0x0
        bne 201F6
        mov r0, #0x1
        strh r0, [r2]
201F6:
        ldr r0, =(0x02024DEE) @20248
        strh r6, [r0]
        ldr r2, =(0x02000000) @2024C
        ldr r3, =(0x0001600F) @20250
        add r2, r1, r3
        ldrb r0, [r2]
        add r0, #0x1
        mov r3, #0x0
        strb r0, [r2]
        ldr r2, =(0x00016018) @20254
        add r0, r1, r2
        strb r3, [r0]
        ldr r3, =(0x0001605F) @20258
        add r1, r1, r3
        mov r0, r8
        strb r0, [r1]
        ldr r0, =(0x02025A64) @2025C
        ldr r0, [r0]
        cmp r0, #0x0
        beq 20220
        b 20996
20220:
        ldr r0, =(0x02000000) @2024C
        ldr r1, =(0x00016018) @20254
        add r0, r0, r1
        ldrb r1, [r0]
        mov r0, #0x64
        mul r0, r1
        ldr r1, =(0x02004360) @20260
        add r0, r0, r1
        mov r1, #0xC
        bl 3CB60
        lsl r0, r0, #0x10
        lsr r0, r0, #0x10
        cmp r0, #0xAF
        bne 2026C
        ldr r0, =(0x02025734) @20264
        ldr r2, =(0x00003688) @20268
        add r0, r0, r2
        ldrb r4, [r0]
        b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
        bl A993C
        lsl r0, r0, #0x18
        lsr r4, r0, #0x18

20274:
        ldr r5, =(0x02000000) @20294
        cmp r4, #0x19
        beq 202A0
        ldr r3, =(0x0001605F) @20298
        add r1, r5, r3
        ldrb r0, [r1]
        mov r2, #0x1
        and r2, r0
        cmp r2, #0x0
        bne 202A0
        lsr r0, r0, #0x1
        strb r0, [r1]
        ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
        add r1, r5, r0
        b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:        @where andrea's return is going to
        ldr r1, =(0x00016018) @202D4
        add r0, r5, r1
        ldrb r1, [r0]
        mov r0, #0x64
        mul r0, r1
        ldr r1, =(0x03004360) @202D8
        add r0, r0, r1
        mov r1, #0x38
        bl 3CB60
        cmp r0, #0x64
        bne 202E8
        ldr r2, =(0x0001605F) @202DC
        add r1, r5, r2
        ldrb r0, [r1]
        lsr r0, r0, #0x1
        mov r1, #0x0
        strb r0, [r1]
        ldr r3, =(0x0001600F) @202E0
        add r1, r5, r3
202C8:
        mov r0, #0x5
        strb r0, [r1]
        ldr r0, =(0x02024BEC) @202E4
        str r2m [r0]
        b 20996

@[pointers/constants]
@202D4-202E7

202E8:
        @insert function here

20996:        @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
        @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
        pop {r3-r5}
        mov r8, r3
        mov r9, r4
        mov r10, r5
        pop {r4-r7}
        pop {r0}
        bx r0

@[more constants and shit]

3CB60

A993C

1E0868



it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm fucking dumb
Code:

branch point AXVE:
        20280
return point AXVE:
        2028C (notice how it's literally branch +0xC)

branch point BPRE:
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8


magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time


- - - - - - - - -
Andrea's Gen VI Exp. Share
- - - - - - - - -

Credits to Andrea~ and The_Learner

bpre:
Spoiler:
Code:

21CD0 - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20


routine at XXXXXXXX
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



bpee:
Spoiler:
Code:

4A594 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20


Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



have a nice day, this took way too long <3

robinjea November 26th, 2016 12:24 AM

Quote:

Originally Posted by BluRose (Post 9498116)
Spoiler:
Code:

.text
.thumb
.thumb_func
.align 2

201E0:
    add r0, r1, #0x0
    add r1, r5, #0x0
    bl 1E0868 @???
    mov r2, r10
    strh r0, [r2]
    lsl r0, r0 , #0x10
    cmp r0, @0x0
    bne 201F6
    mov r0, #0x1
    strh r0, [r2]
201F6:
    ldr r0, =(0x02024DEE) @20248
    strh r6, [r0]
    ldr r2, =(0x02000000) @2024C
    ldr r3, =(0x0001600F) @20250
    add r2, r1, r3
    ldrb r0, [r2]
    add r0, #0x1
    mov r3, #0x0
    strb r0, [r2]
    ldr r2, =(0x00016018) @20254
    add r0, r1, r2
    strb r3, [r0]
    ldr r3, =(0x0001605F) @20258
    add r1, r1, r3
    mov r0, r8
    strb r0, [r1]
    ldr r0, =(0x02025A64) @2025C
    ldr r0, [r0]
    cmp r0, #0x0
    beq 20220
    b 20996
20220:
    ldr r0, =(0x02000000) @2024C
    ldr r1, =(0x00016018) @20254
    add r0, r0, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x02004360) @20260
    add r0, r0, r1
    mov r1, #0xC
    bl 3CB60
    lsl r0, r0, #0x10
    lsr r0, r0, #0x10
    cmp r0, #0xAF
    bne 2026C
    ldr r0, =(0x02025734) @20264
    ldr r2, =(0x00003688) @20268
    add r0, r0, r2
    ldrb r4, [r0]
    b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
    bl A993C
    lsl r0, r0, #0x18
    lsr r4, r0, #0x18

20274:
    ldr r5, =(0x02000000) @20294
    cmp r4, #0x19
    beq 202A0
    ldr r3, =(0x0001605F) @20298
    add r1, r5, r3
    ldrb r0, [r1]
    mov r2, #0x1
    and r2, r0
    cmp r2, #0x0
    bne 202A0
    lsr r0, r0, #0x1
    strb r0, [r1]
    ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
    add r1, r5, r0
    b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:    @where andrea's return is going to
    ldr r1, =(0x00016018) @202D4
    add r0, r5, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x03004360) @202D8
    add r0, r0, r1
    mov r1, #0x38
    bl 3CB60
    cmp r0, #0x64
    bne 202E8
    ldr r2, =(0x0001605F) @202DC
    add r1, r5, r2
    ldrb r0, [r1]
    lsr r0, r0, #0x1
    mov r1, #0x0
    strb r0, [r1]
    ldr r3, =(0x0001600F) @202E0
    add r1, r5, r3
202C8:
    mov r0, #0x5
    strb r0, [r1]
    ldr r0, =(0x02024BEC) @202E4
    str r2m [r0]
    b 20996

@[pointers/constants]
@202D4-202E7

202E8:
    @insert function here

20996:    @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
    @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
    pop {r3-r5}
    mov r8, r3
    mov r9, r4
    mov r10, r5
    pop {r4-r7}
    pop {r0}
    bx r0

@[more constants and ****]

3CB60

A993C

1E0868



it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm ****ing dumb
Code:

branch point AXVE:
        20280
return point AXVE:
        2028C (notice how it's literally branch +0xC)

branch point BPRE:
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8


magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time
as usual, untested
Spoiler:
Code:

21CCE - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20


routine at XXXXXXXX
Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/ /*i was entirely off in my original searching for this ehehe*/
MOV R11, R0
POP {R0}
BX R11



and because lccoolj95's going to ask for it, bpee (still untested):
Spoiler:
Code:

4A592 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20


Code:

.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11



have a nice day, this took way too long <3

Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

BluRose November 26th, 2016 6:01 AM

Quote:

Originally Posted by BlackWhiteRobin (Post 9498612)
Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)

lol ok i'll have to adjust it. likely because different registers are (probably) used for the check-item routine across all three versions, and i honestly only found it because the checkitem script command references it in each version
report back with fr, please <3

EDIT: i'll do fr, but how done i was yesterday shines through in that i didn't even tell to make the pointer aligned. :P

EDIT2: works here after a few byte changes to my byte changes were made to made. updating post

EDIT3: works in em after doing the same byte changes.

happy hacking!

Zeturic December 18th, 2016 11:27 AM

Powder Jar [FR]

The amount of berry powder is stored in a byte at
[0x300500C] + 0xAF8
. It's referred to as field_af8. It is encrypted via the Security Key.

In finding this, I found a function at
0x0815EE3C
which takes a pointer and decrypts what it points to with the Security Key.

esperance December 20th, 2016 11:09 AM

Door Animation Format

Door animations follow a very simple 12-byte format, which I'm sharing for anyone that needs a reference.

Code:

| Offset  | Type          | Notes                            |
|------------------------------------------------------------|
| 0-1    | Tile index    |                                  |
| 2      | Sound flag    | 00 = door, other = sliding door  |
| 3      | Tile flag    | 00 = one tile, other = two tiles |
| 4-7    | Image        | pointer, uncompressed            |
| 8-11    | Palette      | pointer                          |


The data is stored in tables, and can be found at the following offsets:
Code:

AXVE: 30F9B4
AXPE: 30F944
BPRE: 35B5D8
BPGE: 35B5B8
BPEE: 497174




All times are GMT -8. The time now is 8:53 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.