| azurile13 |
November 27th, 2015 1:42 PM |
o_O so many unnecessary pushes, pops, and moves. So if you plan on using that, the place it is comparing moves would be:
Code:
loop:
mov r1, #0xD
add r1, r1, r5
bl decrypt
mov r11, r0
pop {r0-r7}
mov r1, r11
cmp r1, r2
beq true
It goes through this loop four times, once for each move the mon knows, with the move result being in r0 after the “bl decrypt.” If you follow that move id further, you’ll see that it is eventually compared to the r2 that was awkwardly popped sometime after being awkwardly pushed right before the branch to the decryptpoke. If you backtrack on the content of that r2, you see it comes from ldrh r2, [r3, #0x2]. Presumably, this is the second halfword in an evolution entry of the pokemon and that each eight byte evolution entry is structured:
[halfword: evolution type]
[halfword: evolution argument]
[halfword: evolves into]
[halfword: padding]
Perhaps the first and third halfword are flipped; I don’t really remember.
So the location that you change the move is not in the routine; it is an argument in the evolution table, so you can probably control it with a tool such as G3HS with a modified ini.
|