The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Binary Hack Tutorials (https://www.pokecommunity.com/forumdisplay.php?f=66)
-   -   Using C language to hack Pokemon (3rd Gen) (https://www.pokecommunity.com/showthread.php?t=259502)

tinix August 7th, 2011 9:38 AM

Using C language to hack Pokemon (3rd Gen)
 
2 Attachment(s)
Hello everybody,

Today I'm going to share my knowledge about how to use C for hacking pokemon roms instead of ASM.
Ive been polishing this method for last few days.

EDIT 16.8.2011: Added updated useful.h with header guard #define, remove .txt extension to use it

Required Tools & Knowledge
----------------------------
Spoiler:
-Basic Knowledge of C (pointers,control statements,functions,structures) (If you don't know C I recommend this tutorial, you can skip ch9 for our purposes and all you need ends with ch10 http://einstein.drexel.edu/courses/Comp_Phys/General/C_basics/, only flaw is that tutorial is missing structures which I also use, see this one for them http://jan.newmarch.name/OS/l5_2.html)
-Basic Scripting Knowledge
-Know how to use command line (google helps here)
-devkitARM http://sourceforge.net/projects/devkitpro/files/devkitARM/ - install this
-CPKMN.zip file created by me, includes HackMews ASM Compiler package.

Zip file includes code samples used by this tutorial.


Compilation & Usage
------------------------------
EDIT 16.8.2011: Added Optimisation Switches

Spoiler:
To compile your C code into .bin files we will be using arm-eabi-gcc compiler which in default assembles code into GBA/NDS roms.
This is good if you want to make your own GBA/NDS game but not good for what we are doing.
So we will tell compiler to NOT assemble & link files but only do C->ASM conversion.
So instead of using :
arm-eabi-gcc -mthumb -mthumb-interwork -Os -std=c99 %oursource% // std=c99 sets compiler to newest C standard so we can use some C++ style code

we will use:
arm-eabi-gcc -S -mthumb -mthumb-interwork Os -std=c99 -o whatever.asm %oursource% //NOTE: Im not sure if -mthumb -mthumb-interwork is needed here, so I rather left it int, the o switch is there because it defaults to .s extension instead of asm = we would have to rename.

The S switch tells compiler only to change the code into Assembly.
This is where ASM (folder) comes in.

Drag ASM file onto thumb.bat.
Voilà, you have your function compiled into .bin file.

To use it open it in hex editor & copy into free space into your rom.
When using add 1 to offset (so CPU knows it is not ARM code but THUMB) ie. you pasted in into 0x720000, so when you are going to use ie. in script you would write 0x720001.
To use your function in script use callasm 0xyouroffset (DON'T FORGET +1).

That should be all Concerning compilation.

If don't yet understand, don't worry i will show you how to do it with images :)


Action Time 1: Compiling, Using and Explanation of GetPokemonLevel.c
--------------------------------------------------------------------
Spoiler:
NOTE 000: EXAMPLES ARE FOR FIRE RED US V1.0
NOTE 001: Im using LINUX on the images, they serve only for illustration
NOTE 002: Explanation at the end.

Step 1: Compile GetPokemonLevel.c using above command
NOTE 003: if it says unknown command use full path ie. C: \devkitARM\bin\arm-eabi-gcc.exe params


Step 2: Assemble GetPokemonLevel.asm //or whatever .s/asm file it generated
NOTE 004: If you DIDN'T put -o switch there you need to change file extension from .s to .asm

Step 3: Open GetPokemonLevel.bin & your FR rom with hex editor

Step 4: Copy Content of GetPokemonLevel.bin to free space on your FR rom (ie. at 0x720000)

Step 5: Insert this script into your rom & assign it to person
Code:

#dynamic 0x800000

    #org @start
    lock
    faceplayer
    callasm 0xyouroffset //ie. if you inserted at 0x720000 then this would be 0x720001
    buffernumber 0x0 lastresult
    msgbox @msg MSG_NORMAL
    release
    end

    #org @msg
    = Hey, that Pokemon's Level is [buffer1]!


Step 6: Talk to that person and see results!

Code Explanation
-------------------------------------
Spoiler:

Code:

#include "useful.h"
void GetMaxLvl()
{
  PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
  int* LRESULT = (int*) pLRESULT_FR;
  *LRESULT = pPKMN_DATA->Level;
}


Ok so what this junk does?

Lets go line by line:
----------------------------------------------------------------
PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
-----------------------------------------------------------------
PKMN_DATA is structure defined in useful.h which holds data about pokemon.

It is defined as follows
Code:

typedef char BYTE;

struct PKMN_DATA_S
{
    int  Personality;
    int  OT_ID;
    char Nickname[10];
    short Language;
    char OT_NAME[7];
    BYTE Mark;
    short Checksum;
    short unk1;
    BYTE Data[48];
    int status_aliment;
    BYTE Level;
    BYTE pokerus_rem;
    short CurHP;
    short TotalHP;
    short Att;
    short Def;
    short Speed;
    short SpAtt;
    short SpDef;
};

typedef struct PKMN_DATA_S PKMN_DATA;


Note, that this order CANNOT be changed because this is the order of data in WRAM (now you know why it is pointer).
So to get data about party I initialize pointer with address of first pokemon.
To get next pokemon add 0x64 (100dec) to the address.

----------------------------------------------------
int* LRESULT = (int*) pLRESULT_FR;
----------------------------------------------------
Pointer to LAST_RESULT variable.
TECHNICAL NOTE: Look into useful.h and on this #define, only if you like messing with offsets

----------------------------------------------------
*LRESULT = pPKMN_DATA->Level;
----------------------------------------------------
assign Level property to last result.

Compatibility note: To change addresses for your game change FR into your games name (LG/R/S/E/E_US in PKMN_DATA, RS/E in LRESULT).


Action Time 2: Calling Another Function (ASM or C)
-----------------------------------------------
Spoiler:
I wont explain whole source here only this important bit.

Source itself is well documented ;)

Code:

int (*pFunc) ();


This is function pointer. You can only assign functions with same return type and parameters to it.
Normal assignment: pFunc = Function; //this is ok if you are normally linking and compiling
our assignment: pFunc = 0x08ouroffset (+1 one ofc)
You need to change parameters and return type as needed(most ASM functions should have void return).

Compilation Notes: First Compile min_lvl.c then write down its offset and insert it into branch.c at specified place, modify script used in example one with offset of branch.c

Also please note this is only way to link functions together(except for having them in one file)


That should be all regarding C & pokemon games :)
If you have any questions post here.
Do not copy without permission.


Thanks to: HackMew for creating ASM compiler package and bat file

Appendix: Pros and cons (if you think you have more say so in comments)
Spoiler:
Pros:
- much easier than ASM
- no need to mess with registers
- more readable code
Cons:
- A bit larger than your usual ASM routine
- you need to guess types of original game data based on size

Full Metal August 10th, 2011 7:35 AM

Very nice, I guess I thought the size of the routine would have been much larger from past experience. But with your options it appears as though it does perfectly fine. Props to you, my man. :)

tinix August 10th, 2011 8:13 AM

Oh, I forgot to attach zip with examples and it was on HDD I reformated >.< . Dont worry i still have files but i need to repack them.

Full Metal August 10th, 2011 8:18 AM

That would be useful. hahaha. XD { Failolol }

tinix August 10th, 2011 8:21 AM

Updated, ive noticed that I have forgotten zip just after i clicked submit

ipatix August 11th, 2011 2:04 AM

I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

tinix August 11th, 2011 3:01 AM

I have tested it with two C routines(see example two), but i think it should be possible with any ASM routine in rom.

Full Metal August 11th, 2011 7:01 AM

Quote:

Originally Posted by ipatix (Post 6797780)
I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

__asm{ "MOV r0,24" }
^ Or something to that effect.

tinix August 11th, 2011 8:22 AM

Quote:

Originally Posted by Full Metal (Post 6798058)


__asm{ "MOV r0,24" }
^ Or something to that effect.

Why not use function pointer to call other code?
ie.

void (*func) ();
func = 0x8romoffset;
func();

Full Metal August 11th, 2011 9:46 AM

Quote:

SWI
SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

Shiny Quagsire August 11th, 2011 10:27 AM

Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

tinix August 11th, 2011 10:36 AM

Quote:

Originally Posted by Full Metal (Post 6798314)

SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.

Quote:

Originally Posted by shiny quagsire (Post 6798388)
Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

Full Metal August 11th, 2011 1:11 PM

Quote:

Originally Posted by tinix (Post 6798407)
hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.



Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\

tinix August 12th, 2011 3:55 AM

Quote:

Originally Posted by Full Metal (Post 6798657)


I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\

I have also bee looking trought interwebz and didnt find any, maybe you could try trial and error with examples?

Full Metal August 12th, 2011 7:15 AM

I guess. haha. Not much else choice we have, eh? XD

Giga Universe August 15th, 2011 5:27 AM

-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O).

-O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)

For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.
Also, please use include guards on your header, it may help us if we use more than one C file...

tinix August 16th, 2011 2:03 AM

Quote:

Originally Posted by Giga Universe (Post 6805357)
-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

I know what they do, also assembler batch file uses these so I left them in, just for compatibilty with batch file.

Quote:

Originally Posted by Giga Universe (Post 6805357)

Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O).

-O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)

For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.

Well I was thinking about this too and looked into arm-eabi-gcc --help if they are present and I didn't saw them here so I thought they aren't supported.

Quote:

Originally Posted by Giga Universe (Post 6805357)

Also, please use include guards on your header, it may help us if we use more than one C file...

I forgot about this xP

Anyway thanks for noticing, I will edit tutorial accordingly.

EDIT: Updated first post.

Bonnox April 12th, 2016 1:42 AM

hey, nice tutorial!

I'm REALLY REALLY sorry for updating the thread after such HUGE amount of time, but, you know, bookmarks naturally age ; ) :3c

May I ask some questions, please?
I was wondering if I could use a library, so downloaded libtonc, but couldn't manage to get it working, because it has to be linked, something you definitely do only when compiling a game from scratch.
I tried all sort of things, but didn't work for me.
Do you know a good GBA library to just #include in my C file?
yes, I know that including everything in a single file is bad, but I'm allergic to makefiles and such things :p
If the C file remains short, everything works fine, but I remain limited to very poor things. If I begin to put toghether some H and C files made by me (to try to supply a library) in the main one, it is really probable that everything messes up and the ROM crashes upon calling the routine.
Moreover, the GCC and tge AS are tricking me in some strange ways. >:)

thanks in advance, goodbye ^^

PorygonY April 12th, 2016 1:02 PM

There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise. As long as you are using one source file only, you should also not be bothering with makefiles.

Code:

$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bin



Bonnox April 13th, 2016 11:38 PM

Quote:

Originally Posted by PorygonY (Post 9201063)
There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise.

so do you know how to link "professional" libraries in our simple C files?

Quote:

Code:

$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bin



i personally use

Code:

gcc -S -mthumb -mthumb-interwork -O1 -Wall


and then hackmew's thumb batch.
so, you enlighted me! could I "skip a step" compiling with gcc? it would save me a lot of time, because the assembly output is always really messy, in comparison to what an human would be, so I developed some tools in java to try to patch things up. and I should really try doing so, maybe I will not experiment some of the strange issues GCC and AS are giving me, and MAYBE my naive method of including everything will work! (I doubt, maybe it's my code wrong. may I upload it to ask you to look at it, please?)

thanks, now I will let this topic rest in peace and continue posting on another recent one wich I missed out.

really thankyou, good morning.

PorygonY April 14th, 2016 5:25 AM

Quote:

so do you know how to link "professional" libraries in our simple C files?
Not sure if there are any static library files (*.lib, *.a) that you can link with the -mthumb specifier, but if there is, just add the following to your line above:
Code:

-l/path/to/library -Llibraryname


Then, of course, don't forget to include the header files for that library:
Code:

-I/path/to/headers



Bonnox April 14th, 2016 10:20 AM

Quote:

Originally Posted by PorygonY (Post 9203028)
Not sure if there are any static library files (*.lib, *.a) that you can link with the -mthumb specifier, but if there is, just add the following to your line above:
Code:

-l/path/to/library -Llibraryname


Then, of course, don't forget to include the header files for that library:
Code:

-I/path/to/headers



thanks a lot, will surely try sooner or later. I infact recall that libgba might exist in a compiled fashion (matter? substance?).

but... doesn't suffice to include the header in the source? do I really have to specify things via command line?

anyway, thank you for the support! sorry for having bothered you :)

Blah April 14th, 2016 10:32 AM

There's a library in C:\devkitPro\libgba by default if you have installed devkitarm. I dislike using a make file myself for this sort of thing, I'm pretty sure it doesn't even support things like extern.

You could try using the Python and DevkitARM dependent setup here: https://github.com/EternalCode/Empty-Template/tree/master/Sample%20Project

If I recall correctly, you need to execute scripts/build and scripts/insert for Linux, and windows required scripts/build2 and scripts/insert3. Sorry for the poor names. This setup is far superior for bigger projects as it also supports direct insertion and various other perks like hooking and address repointing. It works well for small single-file projects as well.

Bonnox April 14th, 2016 11:23 AM

Quote:

Originally Posted by FBI (Post 9203346)
You could try using the Python and DevkitARM dependent setup here: https://github.com/EternalCode/Empty-Template/tree/master/Sample%20Project

If I recall correctly, you need to execute scripts/build and scripts/insert for Linux, and windows required scripts/build2 and scripts/insert3. Sorry for the poor names. This setup is far superior for bigger projects as it also supports direct insertion and various other perks like hooking and address repointing. It works well for small single-file projects as well.

thanks also to you, FBI.
.woah, I just discovered that also libtonc comes with an A file...
so now how to compile properly? (sorry if I'm an hassle)
if I look at openpoke, he does

#include <libtonc>

and lets the makefile do the rest.
but you said me completely different things!

Code:

arm-none-eabi-gcc -I/path/to/headers -l/path/to/library -Llibraryname -mthumb -o file.o
arm-none-eabi-gcc file.o -o asm.bin


is that correct? and in the sources?
(i did a mistake, I don't have gcc but devkit, with arm-none-eabi-gcc)

excuse me, I don't understand very well the parameters "path to library" and "libraryname". dees the latter have to match something in particular or can it be anything? and in "path to library", what does "library" identify? the A file?

therefore, assuming I want to use libtonc and didn't change the folder directory, what are the steps neded to compile?

sorry if I'm demanding for such a great detail but as you can imagine I'm a total newbie in this kind of things.
I feel really bad for bothering a "god" and a recently signed-up user :p

well, I primarily use windows :p
what do your scripts do? I used to use a simple program developed in java by me to insert a routine in the ROM :p
and once compiled, what do I have to search to branch to?

I saw your template in the other post (have to reply yet), but don't have looked at it for now. I will do, but I use ruby, does anithing change (hope/think not) ?

PorygonY April 14th, 2016 11:33 AM

I also recommend FBI's method, unfortunately you have to modify their python scripts to link to external stuff.

Your lines above would be correct, just your source file is missing somewhere at the beginning. /path/to/library simply refers to the folder where the library file is located in. libraryname would be libtonc then. (as far as I know, GCC automatically appends .lib or .a)

So it would basically be (libtonc in the same directory as main.c):
Code:

arm-none-eabi-gcc main.c -Llibtonc -mthumb -o file.o
arm-none-eabi-gcc file.o -o asm.bin


Check out if it works and post again if you stumble upon any problems. :)


All times are GMT -8. The time now is 9:07 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.