jiangzhengwenjzw

now working on pokefirered

Male
Seen 16 Hours Ago
Posted 2 Weeks Ago
173 posts
7.1 Years
Misc:

Evolution via Callasm in FR


Spoiler:
I will show you the GIF result of the hack:

Firstly, we just insert a function at 0xYYYYYY:
.thumb
push {r4, lr}
ldr r0, =0x300537C
ldr r1, =0x80568E1
str r1, [r0]
ldr r0, =0x020370C0
ldrh r1, [r0, #2]
mov r2, #1
ldrh r3, [r0, #0x10]
ldr r4, =0x80cdda9
bl bx_r4
pop {r4, pc}
bx_r4: bx r4
After that we should insert another function at 0xZZZZZZ:
.thumb
push {r4, lr}
mov r4, #0
loop:
ldr r0, =0x02024284
mov r1, #0x64
mul r1, r4
add r0, r0, r1
mov r1, #0xb
ldr r2, =0x803FBE9
bl bx_r2
ldr r1, =0x20370C0
ldrh r2, [r1]
cmp r0, r2
beq have_pre
add r4, #1
cmp r4, #6
bne loop

no_pokemon:
mov r4, #0xFF
b back

increment:
add r4, #1
cmp r4, #6
beq no_pokemon
b loop

have_pre:
ldr r0, =0x2024284
mov r1, #0x64
mul r1, r4
add r0, r0, r1
mov r1, #0x2d
ldr r2, =0x803FBE9
bl bx_r2
ldr r1, =0x20370C0
cmp r0, #1
beq increment

back:
strh r4, [r1, #0x10]
pop {r4, pc}
bx_r2:
bx r2
To use it via a script:
#org @start
lock
faceplayer
setvar 0x8004 0x4 //the species number of pokemon you want it to evolve(here's chamander)
setvar 0x8005 0x2 //the species number of pokemon after evolution(here's ivysaur)
callasm 0x8ZZZZZZ+1 //check the slot number of the pokemon
compare 0x800D 0xFF //check if the pokemon exists in the player's party
if1 1 @no_that_pokemon
callasm 0x8YYYYYY+1 //evolution
waitstate
//setweather 3 //you can define other events after waitstate
//doweather
release
end

//---------------
#org @no_that_pokemon
msgbox @message_string 6 //"You don't have that pokemon. "
release
end


//---------
// Strings
//---------
#org @message_string
= You don't have that pokemon.
Note: Only the first pokemon in your party with the species number in 0x8004 will evolve. I think that's better.

A EV-IV Display Screen


FIRERED:
Link Removed!
EMERALD:
Link Removed!
I'm surprised that this one was abused in this forum. These repos were written when I was a complete noob for the sake of practice and I really feel ashamed. Pls, don't use them. If you really need them, go ahead to my github account and they're still available.

Quick Preview:

OLD CONTENT (Outdated):
Spoiler:
Quick Preview:

Download:
LINK REMOVED
Usage:
1. Make sure that you have Devkitarm and GNU make/cygwin installed.
2. Download this repo and create a new folder called "build".
3. Assign the free space you want to use in linker.lsc.
4. Open your cmd prompt and type in make. Then press enter.
5. Now main.bin should be generated. Paste it to the offset specified in step3.
6. Write a script to test (You should callasm to the offset of insertion + 0x79).
Example:
lock
faceplayer
callasm 0x8800079 //I inserted the code at 0x8800000 
msgbox 0x8FD0013 0x2 //"It's nice, huh?"
releaseall
end

80x80 mugshots


Spoiler:
Intro:
In Ruby, many hackers uses the BG0 to make mugshots. However, the same way that simply writing tileset, tilemap and palette to the RAM won't work for FR & EM as it will be cleared by the MSGBOX.

However, there's still a way to do it, which requires the knowledge of "rboxes". I've figured out some simple usage of the related functions, so I will show you my work:


The most ****ing thing should be that only 1 BG palette for FR can be used, which is the palette for the money box (the box with thinner border). Therefore, it will only be able to launch 1 mugshot at a time and you can't use it with the money box!

How to use:
The routines are provided at the bottom.
1. Change 0x8900000 in mugshot_make.asm to free space, which is ended in 0,4,8,c. It will be the location of our custom table.
2. Compile the 2 routines and insert them to some free space (Not the table location in step 1)
3. Get/draw some 80x80 mugshots, here's 2 examples:

They should be indexed to 16 colors.
4. Open your UNLZ-GBA and insert your images and palettes.
Note: the image and the palette should all be LZ77 compressed, which means that you should insert them by using "export image" and "export palette" in UNLZ-GBA. Aparrently they should all be inserted at some free space.
5. Build the table at the offset in step 1, whose format should be [image0 pointer][image0 pal pointer][image1 pointer][image1 pal pointer][image2 pointer][image2 pal pointer]...................
It can load up to 65536 images in algorithm, which means that it's enough.
6. Test time! use
setvar 0x8004 [image index in the table]
setvar 0x8005 [0 or 1] // 0 = left, 1 = right
callasm 0x8[mugshot_make.asm+1]
to launch the mugshot and
callasm 0x8[mugshot_del.asm+1] to delete it.

An example:
I insert the 2 images at 0xFA0000, 0xFA09CC and the 2 palettes at 0xFA09A4, 0xFA1484. Then the table should be:
00 00 FA 08 A4 09 FA 08 CC 09 FA 08 84 14 FA 08
The script:
//---------------
#org 0xF00000
lock
setvar 0x8004 0x0 //image0
setvar 0x8005 0x1 //right side
callasm 0x8800001 //mugshot_make.asm+1
msgbox 0x8F00030 0x6
callasm 0x8800089 //mugshot_del.asm+1
release
end

#org 0xF00030
= ABCD.
The routines:
mugshot_make.asm:
/*
Note: both image and palette should be LZ77 compressed!
Table format: [image pointer][pal pointer]..........
*/
.equiv table_location, 0x8900000
.thumb
push {r4-r5, lr}
sub sp, sp, #0x18
ldr r0, =0x20370C0
ldrh r0, [r0, #2]
mov r1, #0
mov r2, #0x14
mul r2, r0
mov r3, #4
mov r0, #10
str r0, [sp]
str r0, [sp, #4]
mov r0, #0xD
str r0, [sp, #8]
mov r0, #0x40
str r0, [sp, #0xC]
add r0, sp, #0x10
ldr r4, =0x810FE51
bl bx_r4
add r0, sp, #0x10
ldr r4, =0x8003CE5
bl bx_r4
ldr r4, =0x2039990
strb r0, [r4]
ldr r4, =0x8003FA1
bl bx_r4
ldr r0, =0x20370C0
ldrh r0, [r0]
ldr r1, =table_location
lsl r0, r0, #3
add r0, r0, r1
ldr r5, [r0, #4]
ldr r0, [r0]
ldr r1, =0x6008800
swi 0x12
mov r0, r5
mov r1, #0xd0
mov r2, #0x20
ldr r4, =0x80703A9
bl bx_r4
mov r0, #0
ldr r4, =0x80020BD
bl bx_r4
add sp, sp, #0x18
pop {r4-r5, pc}

bx_r4: bx r4
mugshot_del.asm:
.thumb
push {r4, lr}
ldr r4, =0x2039990
ldrb r4, [r4]
mov r1, #0
mov r0, r4
ldr r3, =0x810F4D9
bl bx_r3
mov r0, r4
mov r1, #2
ldr r3, =0x8003F21
bl bx_r3
mov r0, r4
ldr r3, =0x8003E3D
bl bx_r3
pop {r4, pc}

bx_r3: bx r3

Some new movement bytes (including a patch)


Spoiler:
The patch will write new data to the offset 0xF80000, so make sure that area of your hack has not been used yet. Here's the download link:
http://www.mediafire.com/download/hfb2s47jq3k4oow/movements.ips

I haven't tested much on this hack, so it may have some bugs but you can modify it on your own as I've released the source code at the bottom.

The new bytes are:
0xAA - move up backwards (very slow)
0xAB - move down backwards (very slow)
0xAC - move right backwards (very slow)
0xAD - move left backwards (very slow)
0xAE - move up backwards (slow)
0xAF - move down backwards (slow)
0xB0 - move right backwards (slow)
0xB1 - move left backwards (slow)
0xB2 - move up backwards (normal)
0xB3 - move down backwards (normal)
0xB4 - move right backwards (normal)
0xB5 - move left backwards (normal)
0xB6 - move up backwards (fast)
0xB7 - move down backwards (fast)
0xB8 - move right backwards (fast)
0xB9 - move left backwards (fast)
0xBA - jump up backwards (2 squares)
0xBB - jump down backwards (2 squares)
0xBC - jump right backwards (2 squares)
0xBD - jump left backwards (2 squares)
0xBE - jump up backwards (1 square)
0xBF - jump down backwards (1 square)
0xC0 - jump right backwards (1 square)
0xC1 - jump left backwards (1 square)
0xC2 - face down and move left-down (normal)
0xC3 - face up and move left-up (normal)
0xC4 - face left and move left-down (normal)
0xC5 - face right and move right-down (normal)
0xC6 - face down and move right-down (normal)
0xC7 - face up and move right-up (normal)
0xC8 - face left and move left-up (normal)
0xC9 - face right and move right-up (normal)
Here's a picture including all the bytes above in a script:


The diagonal ones (0xc2~0xc9) can be used in some kind of stairs, as [MENTION=26643]Invert[/MENTION] asked of me about that kind of stairs.

Some people may be interested in the source code, so I will put it here:
.equ ins_ofs, 0x8F802A8
.thumb
.align 2
table_expansion:
.word ins_ofs+walk_ldmu, ins_ofs+walk_lumd, ins_ofs+walk_llmr, ins_ofs+walk_lrml
.word ins_ofs+go_ldmu, ins_ofs+go_lumd, ins_ofs+go_llmr, ins_ofs+go_lrml
.word ins_ofs+pulse_ldmu, ins_ofs+pulse_lumd, ins_ofs+pulse_llmr, ins_ofs+pulse_lrml
.word ins_ofs+run_ldmu, ins_ofs+run_lumd, ins_ofs+run_llmr, ins_ofs+run_lrml
.word ins_ofs+jump_2sq_ldmu, ins_ofs+jump_2sq_lumd, ins_ofs+jump_2sq_llmr, ins_ofs+jump_2sq_lrml
.word ins_ofs+jump_1sq_ldmu, ins_ofs+jump_1sq_lumd, ins_ofs+jump_1sq_llmr, ins_ofs+jump_1sq_lrml
.word ins_ofs+pulse_15, ins_ofs+pulse_27, ins_ofs+pulse_35, ins_ofs+pulse_46
.word ins_ofs+pulse_16, ins_ofs+pulse_28, ins_ofs+pulse_37, ins_ofs+pulse_48

walk_ldmu: .word ins_ofs+walk_ldmu_func+1, ins_ofs+an_walk_dn_2+1, 0x8067935
walk_lumd: .word ins_ofs+walk_lumd_func+1, ins_ofs+an_walk_dn_2+1, 0x8067935
walk_llmr: .word ins_ofs+walk_llmr_func+1, ins_ofs+an_walk_dn_2+1, 0x8067935
walk_lrml: .word ins_ofs+walk_lrml_func+1, ins_ofs+an_walk_dn_2+1, 0x8067935

go_ldmu: .word ins_ofs+go_ldmu_func+1, ins_ofs+an_go_dn_2+1, 0x8067935
go_lumd: .word ins_ofs+go_lumd_func+1, ins_ofs+an_go_dn_2+1, 0x8067935
go_llmr: .word ins_ofs+go_llmr_func+1, ins_ofs+an_go_dn_2+1, 0x8067935
go_lrml: .word ins_ofs+go_lrml_func+1, ins_ofs+an_go_dn_2+1, 0x8067935

pulse_ldmu: .word ins_ofs+pulse_ldmu_func+1, ins_ofs+an_pulse_dn_2+1, 0x8067935
pulse_lumd: .word ins_ofs+pulse_lumd_func+1, ins_ofs+an_pulse_dn_2+1, 0x8067935
pulse_llmr: .word ins_ofs+pulse_llmr_func+1, ins_ofs+an_pulse_dn_2+1, 0x8067935
pulse_lrml: .word ins_ofs+pulse_lrml_func+1, ins_ofs+an_pulse_dn_2+1, 0x8067935

run_ldmu: .word ins_ofs+run_ldmu_func+1, ins_ofs+an_run_dn_2+1, 0x8067935
run_lumd: .word ins_ofs+run_lumd_func+1, ins_ofs+an_run_dn_2+1, 0x8067935
run_llmr: .word ins_ofs+run_llmr_func+1, ins_ofs+an_run_dn_2+1, 0x8067935
run_lrml: .word ins_ofs+run_lrml_func+1, ins_ofs+an_run_dn_2+1, 0x8067935

jump_2sq_ldmu: .word ins_ofs+jump_2sq_ldmu_func+1, ins_ofs+an_jump_2sq_dn_2+1, 0x8067935
jump_2sq_lumd: .word ins_ofs+jump_2sq_lumd_func+1, ins_ofs+an_jump_2sq_dn_2+1, 0x8067935
jump_2sq_llmr: .word ins_ofs+jump_2sq_llmr_func+1, ins_ofs+an_jump_2sq_dn_2+1, 0x8067935
jump_2sq_lrml: .word ins_ofs+jump_2sq_lrml_func+1, ins_ofs+an_jump_2sq_dn_2+1, 0x8067935

jump_1sq_ldmu: .word ins_ofs+jump_1sq_ldmu_func+1, ins_ofs+an_jump_1sq_dn_2+1, 0x8067935
jump_1sq_lumd: .word ins_ofs+jump_1sq_lumd_func+1, ins_ofs+an_jump_1sq_dn_2+1, 0x8067935
jump_1sq_llmr: .word ins_ofs+jump_1sq_llmr_func+1, ins_ofs+an_jump_1sq_dn_2+1, 0x8067935
jump_1sq_lrml: .word ins_ofs+jump_1sq_lrml_func+1, ins_ofs+an_jump_1sq_dn_2+1, 0x8067935

pulse_15: .word ins_ofs+pulse_15_func+1, ins_ofs+pulse15_func_2+1, 0x8067935
pulse_27: .word ins_ofs+pulse_27_func+1, ins_ofs+pulse15_func_2+1, 0x8067935
pulse_35: .word ins_ofs+pulse_35_func+1, ins_ofs+pulse15_func_2+1, 0x8067935
pulse_46: .word ins_ofs+pulse_46_func+1, ins_ofs+pulse15_func_2+1, 0x8067935
pulse_16: .word ins_ofs+pulse_16_func+1, ins_ofs+pulse16_func_2+1, 0x8067935
pulse_28: .word ins_ofs+pulse_28_func+1, ins_ofs+pulse16_func_2+1, 0x8067935
pulse_37: .word ins_ofs+pulse_37_func+1, ins_ofs+pulse16_func_2+1, 0x8067935
pulse_48: .word ins_ofs+pulse_48_func+1, ins_ofs+pulse16_func_2+1, 0x8067935

pulse_15_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
mov r3, #0
bl an_run_any_f
mov r0, r4
mov r1, r5
bl pulse15_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_27_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
mov r3, #0
bl an_run_any_f
mov r0, r4
mov r1, r5
bl pulse15_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_35_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
mov r3, #0
bl an_run_any_f
mov r0, r4
mov r1, r5
bl pulse15_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_46_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
mov r3, #0
bl an_run_any_f
mov r0, r4
mov r1, r5
bl pulse15_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_16_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
mov r3, #0
bl an_run_any_g
mov r0, r4
mov r1, r5
bl pulse16_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_28_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
mov r3, #0
bl an_run_any_g
mov r0, r4
mov r1, r5
bl pulse16_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_37_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
mov r3, #0
bl an_run_any_g
mov r0, r4
mov r1, r5
bl pulse16_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_48_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
mov r3, #0
bl an_run_any_g
mov r0, r4
mov r1, r5
bl pulse16_func_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse15_func_2:
push {r4, lr}
mov r4, r1
bl sub_8064788_f
ldr r1, =0x8064D65
bx r1
.ltorg

pulse16_func_2:
push {r4, lr}
mov r4, r1
bl sub_8064788_g
ldr r1, =0x8064D65
bx r1
.ltorg

sub_8064788_f:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r0, r5
bl obj_npc_ministep_f
ldr r1, =0x8064795
bx r1
.ltorg

sub_8064788_g:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r0, r5
bl obj_npc_ministep_g
ldr r1, =0x8064795
bx r1
.ltorg

obj_npc_ministep_f:
push {r4, r5, lr}
mov r4, r0
ldr r5, =0x83a71b0
mov r0, #0x36
ldrsh r2, [r4, r0]
lsl r0, r2, #1
add r0, r0, r5
mov r3, #0x38
ldrsh r1, [r4, r3]
mov r3, #0
ldrsh r0, [r0, r3]
cmp r1, r0
bge loc_8068BB4_f
ldr r1, =0x83A719C
lsl r0, r2, #2
add r0, r0, r1
mov r1, #0x38
ldrsh r2, [r4, r1]
ldr r0, [r0]
lsl r2, r2, #2
add r2, r2, r0
ldrh r1, [r4, #0x34]
lsl r1, r1, #0x18
lsr r1, r1, #0x18
ldr r0, =ins_ofs+custom_table
sub r1, #1
lsl r1, r1, #1
ldrsh r1, [r0, r1]
ldr r2, [r2]
mov r0, r4
bl bx_r2
ldr r0, =0x8068B8D
bx r0

loc_8068BB4_f:
mov r0, #0
pop {r4, r5, pc}
.ltorg

obj_npc_ministep_g:
push {r4, r5, lr}
mov r4, r0
ldr r5, =0x83a71b0
mov r0, #0x36
ldrsh r2, [r4, r0]
lsl r0, r2, #1
add r0, r0, r5
mov r3, #0x38
ldrsh r1, [r4, r3]
mov r3, #0
ldrsh r0, [r0, r3]
cmp r1, r0
bge loc_8068BB4_g
ldr r1, =0x83A719C
lsl r0, r2, #2
add r0, r0, r1
mov r1, #0x38
ldrsh r2, [r4, r1]
ldr r0, [r0]
lsl r2, r2, #2
add r2, r2, r0
ldrh r1, [r4, #0x34]
lsl r1, r1, #0x18
lsr r1, r1, #0x18
ldr r0, =ins_ofs+custom_table
add r1, #3
lsl r1, r1, #1
ldrsh r1, [r0, r1]
ldr r2, [r2]
mov r0, r4
bl bx_r2
ldr r0, =0x8068B8D
bx r0

loc_8068BB4_g:
mov r0, #0
pop {r4, r5, pc}
.ltorg

an_run_any_f:
push {r4-r7, lr}
mov r7, r8
push {r7}
sub sp, sp, #0x14
mov r5, r0
mov r8, r1
mov r4, r3
lsl r2, r2, #0x18
lsr r2, r2, #0x18
lsl r4, r4, #0x18
lsr r4, r4, #0x18
mov r1, sp
ldr r0, =0x83a6884
ldmia r0!, {r3, r6, r7}
stmia r1!, {r3, r6, r7}
ldmia r0!, {r3, r6}
stmia r1!, {r3, r6}
mov r0, r5
mov r1, r8
mov r3, r4
bl npc_apply_direction_f
ldr r7, =0x8064729
bx r7
.ltorg

npc_apply_direction_f:
push {r4-r6, lr}
mov r6, r9
mov r5, r8
push {r5, r6}
sub sp, sp, #4
mov r8, r0
mov r9, r1
mov r4, r2
mov r6, r3
lsl r4, r4, #0x18
lsr r4, r4, #0x18
lsl r6, r6, #0x18
lsr r6, r6, #0x18
ldrh r1, [r0, #0x10]
mov r0, sp
strh r1, [r0, #0]
mov r1, r8
ldrh r0, [r1, #0x12]
mov r5, sp
add r5, #2
strh r0, [r5]
mov r0, r8
mov r1, r4
ldr r3, =0x805FBDD
bl bx_r3
ldr r1, =ins_ofs+custom_table
sub r2, r4, #1
lsl r2, r2, #1
ldrsh r0, [r1, r2]
ldr r1, =0x80646AD
bx r1
.ltorg

an_run_any_g:
push {r4-r7, lr}
mov r7, r8
push {r7}
sub sp, sp, #0x14
mov r5, r0
mov r8, r1
mov r4, r3
lsl r2, r2, #0x18
lsr r2, r2, #0x18
lsl r4, r4, #0x18
lsr r4, r4, #0x18
mov r1, sp
ldr r0, =0x83a6884
ldmia r0!, {r3, r6, r7}
stmia r1!, {r3, r6, r7}
ldmia r0!, {r3, r6}
stmia r1!, {r3, r6}
mov r0, r5
mov r1, r8
mov r3, r4
bl npc_apply_direction_g
ldr r7, =0x8064729
bx r7
.ltorg

npc_apply_direction_g:
push {r4-r6, lr}
mov r6, r9
mov r5, r8
push {r5, r6}
sub sp, sp, #4
mov r8, r0
mov r9, r1
mov r4, r2
mov r6, r3
lsl r4, r4, #0x18
lsr r4, r4, #0x18
lsl r6, r6, #0x18
lsr r6, r6, #0x18
ldrh r1, [r0, #0x10]
mov r0, sp
strh r1, [r0, #0]
mov r1, r8
ldrh r0, [r1, #0x12]
mov r5, sp
add r5, #2
strh r0, [r5]
mov r0, r8
mov r1, r4
ldr r3, =0x805FBDD
bl bx_r3
ldr r1, =ins_ofs+custom_table
add r2, r4, #3
lsl r2, r2, #1
ldrsh r0, [r1, r2]
ldr r1, =0x80646AD
bx r1
.ltorg

.align 2
custom_table: .hword 5, 7, 5, 6, 6, 8, 7, 8

jump_1sq_ldmu_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #2
str r0, [sp]
mov r0, r4
mov r2, #1
mov r3, #1
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_1sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_1sq_lumd_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #2
str r0, [sp]
mov r0, r4
mov r2, #2
mov r3, #1
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_1sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_1sq_llmr_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #2
str r0, [sp]
mov r0, r4
mov r2, #3
mov r3, #1
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_1sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_1sq_lrml_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #2
str r0, [sp]
mov r0, r4
mov r2, #4
mov r3, #1
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_1sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

an_jump_1sq_dn_2:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
bl sub_8065028
ldr r1, =0x8066493
bx r1
.ltorg

jump_2sq_ldmu_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #0
str r0, [sp, #0]
mov r0, r4
mov r2, #1
mov r3, #2
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_2sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_2sq_lumd_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #0
str r0, [sp, #0]
mov r0, r4
mov r2, #2
mov r3, #2
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_2sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_2sq_llmr_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #0
str r0, [sp, #0]
mov r0, r4
mov r2, #3
mov r3, #2
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_2sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

jump_2sq_lrml_func:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
mov r0, #0
str r0, [sp, #0]
mov r0, r4
mov r2, #4
mov r3, #2
bl maybe_shadow_1
mov r0, r4
mov r1, r5
bl an_jump_2sq_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
add sp, sp, #4
pop {r4, r5, pc}
.ltorg

maybe_shadow_1:
push {r4, r5, lr}
sub sp, sp, #4
mov r4, r0
mov r5, r1
ldr r0, [sp, #0x10]
lsl r2, r2, #0x18
lsr r2, r2, #0x18
lsl r3, r3, #0x18
lsr r3, r3, #0x18
lsl r0, r0, #0x18
lsr r0, r0, #0x18
str r0, [sp]
mov r0, r4
bl sub_8064E3C
ldr r0, =0x8064f17
bx r0
.ltorg

sub_8064E3C:
push {r4-r7, lr}
mov r7, r10
mov r6, r9
mov r5, r8
push {r5-r7}
sub sp, sp, #0x10
mov r7, r0
mov r10, r1
mov r4, r2
mov r8, r3
ldr r0, [sp, #0x30]
lsl r4, r4, #0x18
lsr r4, r4, #0x18
mov r1, r8
lsl r1, r1, #0x18
lsr r1, r1, #0x18
mov r8, r1
lsl r0, r0, #0x18
lsr r0, r0, #0x18
mov r9, r0
ldr r1, =0x83a6958
add r0, sp, #4
mov r2, #6
ldr r3, =0x81E5E79
bl bx_r3
add r5, sp, #0xc
mov r0, #0
strh r0, [r5]
mov r6, r13
add r6, #0xe
strh r0, [r6]
mov r0, r7
mov r1, r4
ldr r3, =0x805FBDD
bl bx_r3
mov r1, r8
lsl r0, r1, #1
add r0, sp
add r0, #4
mov r1, #0
ldrsh r3, [r0, r1]
str r3, [sp, #0]
sub r0, r4, #1
mov r1, #1
eor r0, r1
add r0, #1
ldr r1, =0x8064E93
bx r1
.ltorg

an_jump_2sq_dn_2:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
bl sub_8065028
ldr r1, =0x80650DF
bx r1
.ltorg

sub_8065028:
push {lr}
bl sub_8065000
ldr r1, =0x806502F
bx r1
.ltorg

sub_8065000:
push {lr}
ldr r2, =ins_ofs+sub_8068D3C+1
bl sub_8064F3C
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {pc}
.ltorg

sub_8068D3C:
push {r4-r6, lr}
sub sp, sp, #0xc
mov r4, r0
ldr r1, =0x83a71f8
mov r0, sp
mov r2, #6
ldr r3, =0x81E5E79
bl bx_r3
add r5, sp, #8
ldr r1, =0x83a71fe
mov r0, r5
mov r2, #3
ldr r3, =0x81E5E79
bl bx_r3
mov r6, #0
mov r1, #0x36
ldrsh r0, [r4, r1]
cmp r0, #0
beq loc_8068D6E
ldrh r1, [r4, #0x34]
lsl r1, r1, #0x18
lsr r1, r1, #0x18
sub r1, #1
mov r0, #1
eor r1, r0
add r1, #1
ldr r0, =0x8068D69
bx r0
loc_8068D6E:
ldr r0, =0x8068D6F
bx r0
.ltorg

sub_8064F3C:
push {r4-r7, lr}
mov r7, r8
push {r7}
sub sp, sp, #0x10
mov r6, r0
mov r7, r1
mov r4, r2
ldr r1, =0x83a695e
add r0, sp, #4
mov r2, #6
ldr r3, =0x81E5E79
bl bx_r3
mov r0, r7
bl bx_r4
lsl r0, r0, #0x18
lsr r0, r0, #0x18
mov r8, r0
cmp r0, #1
bne loc_8064FCC
mov r1, #0x36
ldrsh r0, [r7, r1]
lsl r0, r0, #1
add r0, sp
add r0, #4
mov r2, #0
ldrsh r0, [r0, r2]
cmp r0, #0
beq loc_8064FCC
add r4, sp, #0xc
mov r0, #0
strh r0, [r4]
mov r5, r13
add r5, #0xe
strh r0, [r5]
ldrb r0, [r6, #0x18]
lsr r0, r0, #4
sub r0, #1
mov r1, #1
eor r0, r1
add r0, #1
ldr r1, =0x8064F87
bx r1

loc_8064FCC:
ldr r1, =0x8064fcd
bx r1
.ltorg

run_ldmu_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
mov r3, #1
bl an_run_any
mov r0, r4
mov r1, r5
bl an_run_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

run_lumd_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
mov r3, #1
bl an_run_any
mov r0, r4
mov r1, r5
bl an_run_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

run_llmr_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
mov r3, #1
bl an_run_any
mov r0, r4
mov r1, r5
bl an_run_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

run_lrml_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
mov r3, #1
bl an_run_any
mov r0, r4
mov r1, r5
bl an_run_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

an_run_dn_2:
push {r4, lr}
mov r4, r1
bl sub_8064788
ldr r1, =0x80652F5
bx r1
.ltorg

pulse_ldmu_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
mov r3, #0
bl an_run_any
mov r0, r4
mov r1, r5
bl an_pulse_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_lumd_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
mov r3, #0
bl an_run_any
mov r0, r4
mov r1, r5
bl an_pulse_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_llmr_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
mov r3, #0
bl an_run_any
mov r0, r4
mov r1, r5
bl an_pulse_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

pulse_lrml_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
mov r3, #0
bl an_run_any
mov r0, r4
mov r1, r5
bl an_pulse_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

an_run_any:
push {r4-r7, lr}
mov r7, r8
push {r7}
sub sp, sp, #0x14
mov r5, r0
mov r8, r1
mov r4, r3
lsl r2, r2, #0x18
lsr r2, r2, #0x18
lsl r4, r4, #0x18
lsr r4, r4, #0x18
mov r1, sp
ldr r0, =0x83a6884
ldmia r0!, {r3, r6, r7}
stmia r1!, {r3, r6, r7}
ldmia r0!, {r3, r6}
stmia r1!, {r3, r6}
mov r0, r5
mov r1, r8
mov r3, r4
bl npc_apply_direction
ldr r7, =0x8064729
bx r7
.ltorg

npc_apply_direction:
push {r4-r6, lr}
mov r6, r9
mov r5, r8
push {r5, r6}
sub sp, sp, #4
mov r8, r0
mov r9, r1
mov r4, r2
mov r6, r3
lsl r4, r4, #0x18
lsr r4, r4, #0x18
lsl r6, r6, #0x18
lsr r6, r6, #0x18
ldrh r1, [r0, #0x10]
mov r0, sp
strh r1, [r0, #0]
mov r1, r8
ldrh r0, [r1, #0x12]
mov r5, sp
add r5, #2
strh r0, [r5]
mov r0, r8
mov r1, r4
ldr r3, =0x805FBDD
bl bx_r3
sub r0, r4, #1
mov r1, #1
eor r0, r1
add r0, #1
ldr r1, =0x80646AD
bx r1
.ltorg

an_pulse_dn_2:
push {r4, lr}
mov r4, r1
bl sub_8064788
ldr r1, =0x8064D65
bx r1
.ltorg

sub_8064788:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r0, r5
bl obj_npc_ministep
ldr r1, =0x8064795
bx r1
.ltorg

obj_npc_ministep:
push {r4, r5, lr}
mov r4, r0
ldr r5, =0x83a71b0
mov r0, #0x36
ldrsh r2, [r4, r0]
lsl r0, r2, #1
add r0, r0, r5
mov r3, #0x38
ldrsh r1, [r4, r3]
mov r3, #0
ldrsh r0, [r0, r3]
cmp r1, r0
bge loc_8068BB4
ldr r1, =0x83A719C
lsl r0, r2, #2
add r0, r0, r1
mov r1, #0x38
ldrsh r2, [r4, r1]
ldr r0, [r0]
lsl r2, r2, #2
add r2, r2, r0
ldrh r1, [r4, #0x34]
lsl r1, r1, #0x18
lsr r1, r1, #0x18
sub r1, #1
mov r0, #1
eor r1, r0
add r1, #1
ldr r2, [r2]
mov r0, r4
bl bx_r2
ldr r0, =0x8068B8D
bx r0

loc_8068BB4:
mov r0, #0
pop {r4, r5, pc}
.ltorg

go_ldmu_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
bl an_go_any_1
mov r0, r4
mov r1, r5
bl an_go_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

go_lumd_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
bl an_go_any_1
mov r0, r4
mov r1, r5
bl an_go_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

go_llmr_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
bl an_go_any_1
mov r0, r4
mov r1, r5
bl an_go_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

go_lrml_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
bl an_go_any_1
mov r0, r4
mov r1, r5
bl an_go_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

an_go_any_1:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
lsl r2, r2, #0x18
lsr r2, r2, #0x18
bl sub_8064B68
ldr r0, =0x8064be7
bx r0
.ltorg

sub_8064B68:
push {r4-r6, lr}
mov r6, r8
push {r6}
sub sp, sp, #4
mov r6, r0
mov r8, r1
lsl r5, r2, #0x18
lsr r5, r5, #0x18
ldrh r1, [r6, #0x10]
mov r0, sp
strh r1, [r0, #0]
ldrh r0, [r6, #0x12]
mov r4, sp
add r4, #2
strh r0, [r4]
mov r0, r6
mov r1, r5
ldr r3, =0x805FBDD
bl bx_r3
sub r0, r5, #1
mov r1, #1
eor r0, r1
add r0, #1
mov r1, sp
ldr r2, =0x8064b93
bx r2
.ltorg

an_go_dn_2:
push {r4, lr}
mov r4, r1
bl sub_8064C04
ldr r1, =0x8064ca5
bx r1
.ltorg

sub_8064C04:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r0, r5
bl sub_8068C18
ldr r1, =0x8064c11
bx r1
.ltorg

sub_8068C18:
push {r4, lr}
mov r4, r0
ldrh r0, [r4, #0x36]
add r0, #1
strh r0, [r4, #0x36]
lsl r0, r0, #0x10
asr r0, r0, #0x10
cmp r0, #2
bgt loc_8068C3E
ldrh r1, [r4, #0x34]
lsl r1, r1, #0x18
lsr r1, r1, #0x18
sub r1, #1
mov r0, #1
eor r1, r0
add r1, #1
ldr r0, =0x8068c31
bx r0
loc_8068C3E:
ldr r0, =0x8068C3F
bx r0
.ltorg

walk_ldmu_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #1
bl an_walk_any_1
mov r0, r4
mov r1, r5
bl an_walk_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

walk_lumd_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #2
bl an_walk_any_1
mov r0, r4
mov r1, r5
bl an_walk_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

walk_llmr_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #3
bl an_walk_any_1
mov r0, r4
mov r1, r5
bl an_walk_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

walk_lrml_func:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r2, #4
bl an_walk_any_1
mov r0, r4
mov r1, r5
bl an_walk_dn_2
lsl r0, r0, #0x18
lsr r0, r0, #0x18
pop {r4, r5, pc}
.ltorg

an_walk_dn_2:
push {r4, lr}
mov r4, r1
bl an_walk_any_2
lsl r0, r0, #0x18
cmp r0, #0
beq loc_8064aa0
mov r0, #2
strh r0, [r4, #0x32]
mov r0, #1

loc_8064aa0:
pop {r4, pc}
.ltorg

an_walk_any_1:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
lsl r2, r2, #0x18
lsr r2, r2, #0x18
bl sub_80647C0
ldrb r0, [r4, #0x18]
lsl r0, r0, #0x1c
lsr r0, r0, #0x1c
ldr r3, =0x8063441
bl bx_r3
mov r2, r0
lsl r2, r2, #0x18
lsr r2, r2, #0x18
mov r0, r4
mov r1, r5
ldr r3, =0x8063555
bl bx_r3
pop {r4, r5, pc}
.ltorg

sub_80647C0:
push {r4-r6, lr}
mov r6, r8
push {r6}
sub sp, sp, #4
mov r6, r0
mov r8, r1
lsl r5, r2, #0x18
lsr r5, r5, #0x18
ldrh r1, [r6, #0x10]
mov r0, sp
strh r1, [r0, #0]
ldrh r0, [r6, #0x12]
mov r4, sp
add r4, #2
strh r0, [r4]
mov r0, r6
mov r1, r5
ldr r3, =0x805FBDD
bl bx_r3
sub r0, r5, #1
mov r1, #1
eor r0, r1
add r0, #1
mov r1, sp
mov r2, r4
ldr r3, =0x80647ED
bx r3
.ltorg

an_walk_any_2:
push {r4, r5, lr}
mov r4, r0
mov r5, r1
mov r0, r5
bl sub_8068BCC
ldr r1, =0x8064869
bx r1
.ltorg

sub_8068BCC:
push {r4, lr}
mov r4, r0
ldrh r1, [r4, #0x36]
mov r0, #1
and r0, r1
cmp r0, #0
bne loc_8068bec
ldrh r1, [r4, #0x34]
sub r1, #1
mov r0, #1
eor r1, r0
add r1, #1
mov r0, r4
ldr r3, =0x8068be3
bx r3

loc_8068bec:
ldr r0, =0x8068bed
bx r0
.ltorg

bx_r3: bx r3
bx_r2: bx r2
bx_r4: bx r4
How to insert if you don't like the offset 0xF80000 and don't want to use the patch:
1. Repoint the table at 0x3A65BC (3 pointers totally)
2. Change the 0x8F802A8 at the first line to the insert offset of the table + 0x2a8.
3. Compile it and insert it at the insert offset of the table + 0x2a8.
4. Write a script to test.


Credits:
Back~, Invert, Knizz