The PokéCommunity Forums  

Go Back   The PokéCommunity Forums > Fan Games > Binary ROM Hacking > Binary Hack Research & Development
Reload this Page Quick Research & Development Thread

Notices
For all updates, view the main page.

Binary Hack Research & Development Got a well-founded knack with your binary Pokémon hacks? Love reverse-engineering them? For the traditional Pokémon ROM hacker, this is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create!

Ad Content
Reply
 
Thread Tools
  #876   Link to this post, but load the entire thread.  
Old November 12th, 2016 (12:53 AM). Edited November 14th, 2016 by Froosty.
Froosty's Avatar
Froosty Froosty is offline
The_Learner
 
Join Date: Sep 2014
Location: Somewhere in this world.
Age: 25
Gender: Male
Nature: Brave
Posts: 535
gen 6 exp share system (FR)

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20

Quote:
In gen 6, the pokemon battling used to get 100% and rest on team 50%
but with this all the pokemon including the one that battled will get 50% exp
__________________
My works:
TOOL: TL's Quick Enhancer
TUTORIAL: Fire red habitat editing
TUTORIAL: Fire red Transparent text-box


| |
Reply With Quote
  #877   Link to this post, but load the entire thread.  
Old November 14th, 2016 (10:22 AM).
Skeli's Avatar
Skeli Skeli is offline
Lord of the Rings
 
Join Date: Apr 2014
Location: Canada
Age: 24
Gender: Male
Nature: Adamant
Posts: 300
If you decide to update your Pokemon Centers by extending the counter for instance, the animation for healing your Pokemon will be off. Use these offsets to fix it.
3CAF90 - The image for the Poke Balls and flashing screen. Open it in NSE with dimensions 32x72.
3CAFB0 - The palette for the Poke Balls and screens.
3CC014, 3CC01C, 3CC024 - A byte located at each of these controls the width between the two columns of Poke Balls on the healing machine.
83BB0 - A byte which controls the X coordinate proportional to the player sprite, of the Poke Balls on the healing machine. Fiddle around with it until you get the result you want.
83BB4 - A byte which controls the Y coordinate proportional to the player sprite, of the Poke Balls on the healing machine.
83BB9 - A byte which controls the X coordinate proportional to the player sprite, of the flashing screen.
83BBC - A byte which controls the Y coordinate proportional to the player sprite, of the flashing screen.
*NOTE: None of these bytes are coordinates in A-Map so don't go setting it to those.
__________________
Pokemon Unbound

Reply With Quote
  #878   Link to this post, but load the entire thread.  
Old November 14th, 2016 (5:36 PM).
LCCoolJ95's Avatar
LCCoolJ95 LCCoolJ95 is offline
Limited Capacity
 
Join Date: May 2009
Location: The World That Never Was
Age: 28
Gender: Male
Nature: Naive
Posts: 629
Quote:
Originally Posted by The_learner View Post
gen 6 exp share system:

Just make the byte changes
21C3A - 02 21
21CD0 - 01 22
21D70 - 01 20
Dude, is this for FR or EM?
__________________
"The greatest obstacle in life is Yourself. Overcome it, and you will achieve the greatest accomplishment of all." -Art Beins, 1982

Pokémon Theta Emerald EX: https://www.pokecommunity.com/showthread.php?t=386240
Reply With Quote
  #879   Link to this post, but load the entire thread.  
Old November 14th, 2016 (5:58 PM).
Froosty's Avatar
Froosty Froosty is offline
The_Learner
 
Join Date: Sep 2014
Location: Somewhere in this world.
Age: 25
Gender: Male
Nature: Brave
Posts: 535
Quote:
Originally Posted by LCCoolJ95 View Post
Dude, is this for FR or EM?
Sorry in the first place for not telling for which rom it is... actually its for FR
__________________
My works:
TOOL: TL's Quick Enhancer
TUTORIAL: Fire red habitat editing
TUTORIAL: Fire red Transparent text-box


| |
Reply With Quote
  #880   Link to this post, but load the entire thread.  
Old November 14th, 2016 (7:10 PM). Edited November 26th, 2016 by BluRose.
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by LCCoolJ95 View Post
Dude, is this for FR or EM?
gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20

ok this should be finalized
no more crap from me ahaha
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #881   Link to this post, but load the entire thread.  
Old November 16th, 2016 (11:53 AM).
Versekr Dark Versekr Dark is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 50
Quote:
Originally Posted by BluRose View Post
[UNTESTED. MIGHT NOT WORK BECAUSE OF FUNCTION DIFFERENCES (SPECIFICALLY THE FIRST ADDRESS, THE OTHER TWO LOOK FINE), BUT AT LEAST ADDRESSES FOR THE MODIFICATIONS ARE RIGHT.]
gen vi exp share system (em):

4A4BE - 02 21
4A594 - 01 22
4A634 - 01 20
Sorry for the ruby
Reply With Quote
  #882   Link to this post, but load the entire thread.  
Old November 16th, 2016 (7:39 PM).
destinedjagold's Avatar
destinedjagold destinedjagold is offline
You can contact me in PC's discord server...
 
Join Date: May 2007
Age: 32
Gender: Male
Nature: Careful
Posts: 8,579
Quote:
Originally Posted by Versekr Dark View Post
Sorry for the ruby
Here's one for Ruby.
Code:
08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20
XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11


It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.
__________________

Reply With Quote
  #883   Link to this post, but load the entire thread.  
Old November 17th, 2016 (7:27 AM).
Versekr Dark Versekr Dark is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 50
Quote:
Originally Posted by destinedjagold View Post
Here's one for Ruby.
Code:
08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20
XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11


It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.
Muchas gracias :), perdonen las molestias.


Thank you very much :), sorry for the inconvenience.
Reply With Quote
  #884   Link to this post, but load the entire thread.  
Old November 17th, 2016 (8:11 AM).
mbcn10ww mbcn10ww is offline
 
Join Date: Oct 2016
Posts: 352
Quote:
Originally Posted by Sagiri View Post
Constant Base Power For Hidden Power [FR]

Starting with XY, Hidden Power's base power was fixed at 60. Prior to this, it varied between 30 and 70, based on the Pokemon's IVs. To force the game to read the base power from the move data table, null out the strh at 0x0802B722.

Basically, replace:
Code:
0x0802B722: 28 80
with:
Code:
0x0802B722: C0 46
After you've done that, HP will use the base power in the table as its base power. Unfortunately, in a vanilla FR it is listed as 0x01, so it will be very weak until you change it. Change the byte at 0x8251721 to 0x3C to give it a base power of 60 (as in XY).

This effects both the actual damage calculation and when you view the Known Moves screen.

(Not So) Hidden Power [FR]

By default, Hidden Power will always display as a Normal-type move. By modifying the routines for displaying the types of moves, we can force it to display as the actual type.

Unlike the earlier parts of this post, this requires some free space. Here's the code:

Spoiler:
Code:
.text
.align 2
.thumb
.thumb_func

write_type_hook:					@ r1 := move_id
	push {r3-r7}
	mov r7, lr
	
	lsl r0, r1, #2
	lsl r1, r1, #3
	add r0, r1						@ r0 := 12 * move_id
	ldr r1, move_data
	add r1, r0						@ [r1] := data for current move
	ldrb r0, [r1, #2]				@ r0 := recorded type
	
	ldrb r2, [r1, #0]				@ r2 := move effect id
	cmp r2, #0x87					@ HIDDEN_POWER_EFFECT
	bne return0
	
	ldrb r0, [r5]					@ r0 := slot
	lsl r0, #1						@ r0 := slot << 1
	ldr r1, battle_slot_mapping
	add r0, r1
	ldrb r0, [r0]					@ r0 := index in party
	mov r1, #100
	mul r0, r1						@ r0 := offset from party_player
	ldr r1, party_player
	add r0, r1						@ [r0] := pokemon
	
	bl hp_type_decode
	
return0:
	mov lr, r7
	pop {r3-r7}
	ldr r1, write_type
	bx r1

@ return value on r1
display_type_hook:					@ r2, r5 := move_id, move_data
	push {r0, r3-r7}
	mov r7, lr
	
	lsl r0, r2, #2
	lsl r1, r2, #3
	add r0, r1						@ r0 := 12 * move_id
	add r0, r5						@ [r0] := data for current move
	
	ldrb r1, [r0, #2]				@ r1 := type
	ldrb r2, [r0, #0]				@ r2 := effect_id
	cmp r2, #0x87
	bne return1
	
	ldr r0, pkmn_status_data
	ldr r0, [r0]
	mov r1, #0x32
	lsl r1, r1, #8
	add r1, #0x90
	add r0, r1						@ [r0] := pokemon
	bl hp_type_decode
	mov r1, r0

return1:
	mov lr, r7
	pop {r0, r3-r7}
	ldr r2, display_type
	bx r2

@ uint8_t hp_type_decode(pokemon_t*)
hp_type_decode:
	push {r4-r7, lr}
	mov r6, r0									@ [r6] := pokemon
	mov r4, #0									@ r4 := type calculation
	mov r7, #0									@ r7 := iv index
	ldr r5, pokemon_getattr
	b test
	
loop:
	mov r0, r6									@ [r0] := pokemon
	mov r1, #0x27								@ GET_HP_IV
	add r1, r7
	bl call
	mov r1, #1
	and r0, r1
	lsl r0, r7
	orr r4, r0
	add r7, #1
	
test:
	cmp r7, #6
	bne loop
	
floor:
	mov r0, #15
	mul r0, r4
	mov r1, #63
	swi #0x6
	
decode:						@ add 2 if below 8, 1 otherwise
	cmp r0, #8
	blo L1
	add r0, #1
	
L1:
	add r0, #1
	pop {r4-r7, pc}
	
call:
	bx r5

.align 2

write_type: .word 0x0803098E +1
battle_slot_mapping: .word 0x02023BCE
party_player: .word 0x02024284
move_data: .word 0x08250C04
pokemon_getattr: .word 0x0803FBE8 +1
display_type: .word 0x081368D6 +1
pkmn_status_data: .word 0x0203B140


And, this is what it looks like already assembled:
Code:
F8 B4 77 46 88 00 C9 00 40 18 27 49 09 18 88 78 0A 78 87 2A 0A D1 28 78 40 00 21 49 40 18 00 78 64 21 48 43 1F 49 40 18 00 F0 1B F8 BE 46 F8 BC 1A 49 08 47 F9 B4 77 46 90 00 D1 00 40 18 40 19 81 78 02 78 87 2A 08 D1 1A 48 00 68 32 21 09 02 90 31 40 18 00 F0 05 F8 01 1C BE 46 F9 BC 14 4A 10 47 F0 B5 06 1C 00 24 00 27 10 4D 09 E0 30 1C 27 21 C9 19 00 F0 10 F8 01 21 08 40 B8 40 04 43 01 37 06 2F F3 D1 0F 20 60 43 3F 21 06 DF 08 28 00 D3 01 30 01 30 F0 BD 28 47 C0 46 8F 09 03 08 CE 3B 02 02 84 42 02 02 04 0C 25 08 E9 FB 03 08 D7 68 13 08 40 B1 03 02
As usual, insert it at an offset ending in 0x0, 0x4, 0x8, or 0xC. For simplicity, I'll refer to this offset as A.

Now, we need to modify the routines to call this new code. There are two places to modify.

Code:
0x08030984: 00 48 00 47 xx xx xx xx
Code:
0x081368CC: 00 49 08 47 yy yy yy yy
The x's are A + 0x01, in reverse hex, while the y's are A + 0x35, also in reverse hex.

This affects the type icons on the party menu (as well as when learning a new move), and the type listed when selecting an attack.

This does not affect the type displayed by the TM Case. As that's not associated with a particular Pokemon, it just reads the type from the move data table. I actually suggest changing Hidden Power's entry in the table to be ???-type (change the byte at 0x08251722 from 0x00 to 0x09), so it will show as that in the TM Case, and the actual type everywhere else.

I didn't bother to force it to calculate and display the base power for Hidden Power, as I prefer the constant base power anyway, but if this was any indication, it would be pretty easy to do.
I've found a problem, when I use this routine, the moves types in-battle shows 99999999... or nothing. For someone who found this problem, you probably have repointed the move data, simply change the offset of "move_data: .word 0x08250C04" to your move data offset.
Reply With Quote
  #885   Link to this post, but load the entire thread.  
Old November 18th, 2016 (3:35 AM).
robinjea's Avatar
robinjea robinjea is offline
 
Join Date: Sep 2012
Age: 25
Gender: Male
Nature: Quirky
Posts: 534
Quote:
Originally Posted by destinedjagold View Post
Here's one for Ruby.
Code:
08020280 004A1047XXXXXX08
080201E2 02 21
08020336 01 20
XXXXXX should be the address +1 of this ASM routine...
Spoiler:
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0802028D
BX R1

RETURN:
POP {R0-R7}
RETURN_2:
LDR R1, = 0x080202A1
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080A92D5
MOV R11, R0
POP {R0}
BX R11


It checks your bag if you have the Exp. Share. If you do, then your team will each get 50% of the experience (I suggest you turn your Exp. Share into a Key Item if you want to apply this into your Ruby hack but I really suggest you either hack Emerald or FireRed instead...). The experience gain is reduced to 50%, regardless if you have the item and who's active during the battle. (It's why I decided to remove the feature in the next beta of my hack.)

Credits go to Andrea.
Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;
Reply With Quote
  #886   Link to this post, but load the entire thread.  
Old November 18th, 2016 (5:18 AM).
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by BlackWhiteRobin View Post
Any idea on how to do this for FR? Because the one posted earlier does not check for Exp. Share when distributing Exp. Points. ;-;
port addresses
i can do it in like 7 hours when i get home
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #887   Link to this post, but load the entire thread.  
Old November 18th, 2016 (1:11 PM).
Sea Dragon Sea Dragon is offline
 
Join Date: Mar 2016
Location: Maine
Gender: Male
Nature: Quiet
Posts: 22
Quote:
Originally Posted by mbcn10ww View Post
The Shedinja's evolution was fixed but not registering on Pokédex.
Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.
Reply With Quote
  #888   Link to this post, but load the entire thread.  
Old November 18th, 2016 (5:14 PM).
mbcn10ww mbcn10ww is offline
 
Join Date: Oct 2016
Posts: 352
Quote:
Originally Posted by Sea Dragon View Post
Ok, I think I found the issue. At CE858 change 54 44 to 00 00

Spoiler:
ROM:080CE856 MOV R4, R8
ROM:080CE858 ADD R4, R10 - adds Nincada's index to 968 (remove this)
ROM:080CE85A LSLS R4, R4, #3 - 968 becomes 4b40
ROM:080CE85C ADDS R4, R4, R0 - finds offset of Shedinja's index in evolution table
ROM:080CE85E LDRH R0, [R4,#0xC] - R0 should now have Shedinja's index


Do the same thing for Emerald at 13E4EC.
Thanks man, it worked fine. xD
Reply With Quote
  #889   Link to this post, but load the entire thread.  
Old November 20th, 2016 (1:15 PM).
Versekr Dark Versekr Dark is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 50
Quote:
Originally Posted by BluRose View Post
port addresses
i can do it in like 7 hours when i get home
Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)
Reply With Quote
  #890   Link to this post, but load the entire thread.  
Old November 20th, 2016 (1:35 PM).
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by Versekr Dark View Post
Great, i imagine that you could also export a, still thanks for helping us with these routine :), and clearly I do not ask to be exported by an Em, so there is no confusion :)
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #891   Link to this post, but load the entire thread.  
Old November 20th, 2016 (2:27 PM).
Versekr Dark Versekr Dark is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 50
Quote:
Originally Posted by BluRose View Post
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think

en español (no porque no puedes leer el ingles, porque quiero practicar y mejorar mi español)
Spoiler:
chequea la conversación encima entre de blackwhiterobin y yo para chequear lo que hemos hecho. necesitamos dos direcciónes más, y están en la rutina. si no podemos encontrar las direcciónes en la rutina, podemos hacer las rutinas de rubí para rojo fuego... yo imaginaría que no sería tan dificil, ajaja... el desmontaje de visualboyadvance debe ayudarnos al menos un poco
Thank you very much, I really thought I would not answer haha ​​xD, I'm looking forward to finishing your work and sorry if I can not help too much. I'm very new in hexadecimal and I do not know anything about asm.
Reply With Quote
  #892   Link to this post, but load the entire thread.  
Old November 21st, 2016 (8:18 AM).
DonaldTrumpIsAGod DonaldTrumpIsAGod is offline
Banned
 
Join Date: Nov 2016
Posts: 1
Quote:
Originally Posted by Lost Heart View Post
Spoiler:

Check/Count a Specific Pokémon Species in the Party (FR/LG/Em)


So I'm not sure if there is a way to do this by scripting in these games, and I saw that trading-style thing post just a few above, but I wrote up a quick bit of ASM code to count the number of a specific species of Pokémon in the party, as a bit of practice for myself, and I thought I would share it.

The reason I wrote is so that it could be mainly used as a checkpartypokemon-like command in a script.

It works for FireRed and LeafGreen with no changes, works for Emerald by performing the changes given, and will probably work with any game as long as you find the matching offsets. ;)

Anyway, here's the ASM for FR/LG:
Code:
.text
.align 2
.thumb
.thumb_func
.global CountPartyPokemonSpecies

main:
	push {r0-r7, lr}
	mov r5, #0x0 @ This means fail
	ldr r6, var
	ldr r7, party_amount
	ldrb r4, [r7] @ Get Pokemon count from r7
	cmp r4, #0x0
	beq exit
	ldrh r3, [r6] @ Get the species to check
	cmp r3, #0x0
	beq exit @ Don't allow Missingno. This doesn't limit the species from going up, though.
	mov r7, #0x0
loop:
	ldr r0, first_pokemon @ Offset of first Pokemon
	mov r1, #0x64 @ Length of Pokemon RAM data
	mul r1, r1, r7 @ r7 holds current index
	add r0, r0, r1
	bl decrypt_poke_species @ Get this specific species.
	mov r9, r0
	pop {r0-r7}
	cmp r9, r3
	bne next
	add r5, r5, #0x1 @ Increase the counter
next:
	add r7, r7, #0x1 @ Increase party index
	cmp r7, r4 @ And compare against the number in the party
	blo loop @ I could use a bls here?
exit:
	str r5, [r6, #0x10] @ Store the result (r5) in r6 (the var -- 0x800D)
	pop {r0-r7, pc} @ Return

decrypt_poke_species:
	push {r0-r7}
	mov r1, #0xB @ This is the index for the Pokemon species.
	ldr r2, decrypt_poke @ Call the Pokemon decryption code
	bx r2
	
.align 2
party_amount:
	.word 0x02024029
first_pokemon:
	.word 0x02024284
var: @ Got this beauty from HackMew.
	.word 0x020270B8 + (0x8004 * 2)
decrypt_poke:
	.word 0x0803FBE9
And to work for Emerald, you need only change the end stuff:
Code:
.align 2
party_amount:
	.word 0x020244E9
first_pokemon:
	.word 0x020244EC
var: @ Got this beauty from HackMew.
	.word 0x020275D8 + (0x8004 * 2)
decrypt_poke:
	.word 0x0806A519
Some of it is based off some stuff from HackMew's Pokemon take away code, so yeah.

And of course, here's a sample script explaining how to use it:
[code]
#dynamic 0x800000

#include stdpoke.rbh

#org @start
lock
faceplayer
bufferpokemon 0x0 PKMN_MAGIKARP
setvar 0x8004 PKMN_MAGIKARP // Change this to the species you want
callasm 0x08XXXXXX // This is the offset of the routine + 1
compare LASTRESULT 0x1 // The count is stored in 0x800D
if B_>= goto @some // It will be 0 if there is none, or 1-6 for the count
msgbox @m1 MSG_KEEPOPEN // It also counts eggs, so yeah...
release
end

#org @some
buffernumber 0x1 LASTRESULT
msgbox @m2 MSG_KEEPOPEN
release
end

#org @m1
= You don't have any [buffer1]!

I hope someone finds this useful, even if for just an example for beginners to learn from.
Enjoy~! ^_^

EDIT: I added Emerald, although I didn't test it. ;)
EDIT 2: I tested the Emerald code, and it works. ^_^
Could I use this to check for specific forms of Unown?
Reply With Quote
  #893   Link to this post, but load the entire thread.  
Old November 21st, 2016 (8:47 AM).
DizzyEgg's Avatar
DizzyEgg DizzyEgg is offline
 
Join Date: Feb 2014
Location: Poland
Age: 25
Gender: Male
Nature: Quiet
Posts: 794
Quote:
Originally Posted by DonaldTrumpIsAGod View Post
Could I use this to check for specific forms of Unown?
Nope, it's a different thing.
__________________
Support Pokeemerald!

Pokeemerald starter pack:
Emerald Expansion
Reply With Quote
  #894   Link to this post, but load the entire thread.  
Old November 21st, 2016 (8:47 AM).
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by DonaldTrumpIsAGod View Post
Could I use this to check for specific forms of Unown?
no
unown formes are determined by their PIDs and do not count as seperate pokémon themselves

edit: damn it dizzy
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #895   Link to this post, but load the entire thread.  
Old November 25th, 2016 (7:11 AM).
LCCoolJ95's Avatar
LCCoolJ95 LCCoolJ95 is offline
Limited Capacity
 
Join Date: May 2009
Location: The World That Never Was
Age: 28
Gender: Male
Nature: Naive
Posts: 629
Quote:
Originally Posted by BluRose View Post
check out this convo between blackwhiterobin and i to check progress. we just need two more addresses ported, and they are in the routine itself. if worst comes to worst, we can just port the ruby routines themselves, i'd imagine that that wouldn't be too difficult ahaha. vba's disassembly feature helps out a bit for getting a ruby version of things in fire red, this is not much to go off of

oh and if there's an idb of ruby then why the would i be saying this ahaha
someone might wanna check out the addresses in the routine that i already found because one of them was pretty sketchy i think
Hello, just wondering how this is going!
__________________
"The greatest obstacle in life is Yourself. Overcome it, and you will achieve the greatest accomplishment of all." -Art Beins, 1982

Pokémon Theta Emerald EX: https://www.pokecommunity.com/showthread.php?t=386240
Reply With Quote
  #896   Link to this post, but load the entire thread.  
Old November 25th, 2016 (9:30 AM). Edited November 26th, 2016 by BluRose.
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by LCCoolJ95 View Post
Hello, just wondering how this is going!
research/small tangent about how this was originally going
Spoiler:
Spoiler:
Code:
.text
.thumb
.thumb_func
.align 2

201E0:
	add r0, r1, #0x0
	add r1, r5, #0x0
	bl 1E0868 @???
	mov r2, r10
	strh r0, [r2]
	lsl r0, r0 , #0x10
	cmp r0, @0x0
	bne 201F6
	mov r0, #0x1
	strh r0, [r2]
201F6:
	ldr r0, =(0x02024DEE) @20248
	strh r6, [r0]
	ldr r2, =(0x02000000) @2024C
	ldr r3, =(0x0001600F) @20250
	add r2, r1, r3
	ldrb r0, [r2]
	add r0, #0x1
	mov r3, #0x0
	strb r0, [r2]
	ldr r2, =(0x00016018) @20254
	add r0, r1, r2
	strb r3, [r0]
	ldr r3, =(0x0001605F) @20258
	add r1, r1, r3
	mov r0, r8
	strb r0, [r1]
	ldr r0, =(0x02025A64) @2025C
	ldr r0, [r0]
	cmp r0, #0x0
	beq 20220	
	b 20996
20220:
	ldr r0, =(0x02000000) @2024C
	ldr r1, =(0x00016018) @20254
	add r0, r0, r1
	ldrb r1, [r0]
	mov r0, #0x64
	mul r0, r1
	ldr r1, =(0x02004360) @20260
	add r0, r0, r1
	mov r1, #0xC
	bl 3CB60
	lsl r0, r0, #0x10
	lsr r0, r0, #0x10
	cmp r0, #0xAF
	bne 2026C
	ldr r0, =(0x02025734) @20264
	ldr r2, =(0x00003688) @20268
	add r0, r0, r2
	ldrb r4, [r0]
	b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
	bl A993C
	lsl r0, r0, #0x18
	lsr r4, r0, #0x18

20274:
	ldr r5, =(0x02000000) @20294
	cmp r4, #0x19
	beq 202A0
	ldr r3, =(0x0001605F) @20298
	add r1, r5, r3
	ldrb r0, [r1]
	mov r2, #0x1
	and r2, r0
	cmp r2, #0x0
	bne 202A0
	lsr r0, r0, #0x1
	strb r0, [r1]
	ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
	add r1, r5, r0
	b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:	@where andrea's return is going to
	ldr r1, =(0x00016018) @202D4
	add r0, r5, r1
	ldrb r1, [r0]
	mov r0, #0x64
	mul r0, r1
	ldr r1, =(0x03004360) @202D8
	add r0, r0, r1
	mov r1, #0x38
	bl 3CB60
	cmp r0, #0x64
	bne 202E8
	ldr r2, =(0x0001605F) @202DC
	add r1, r5, r2
	ldrb r0, [r1]
	lsr r0, r0, #0x1
	mov r1, #0x0
	strb r0, [r1]
	ldr r3, =(0x0001600F) @202E0
	add r1, r5, r3
202C8:
	mov r0, #0x5
	strb r0, [r1]
	ldr r0, =(0x02024BEC) @202E4
	str r2m [r0]
	b 20996

@[pointers/constants]
@202D4-202E7

202E8:
	@insert function here

20996:	@i felt that this was referenced a lot, so i decided to write it down like the rest i guess
	@NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
	pop {r3-r5}
	mov r8, r3
	mov r9, r4
	mov r10, r5
	pop {r4-r7}
	pop {r0}
	bx r0

@[more constants and muk]

3CB60

A993C

1E0868

it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm psyducking dumb
Code:
branch point AXVE:  
        20280
return point AXVE:  
        2028C (notice how it's literally branch +0xC)

branch point BPRE:  
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8
magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time


- - - - - - - - -
Andrea's Gen VI Exp. Share
- - - - - - - - -

Credits to Andrea~ and The_Learner

bpre:
Spoiler:
Code:
21CD0 - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20
routine at XXXXXXXX
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11

bpee:
Spoiler:
Code:
4A594 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11

have a nice day, this took way too long <3
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #897   Link to this post, but load the entire thread.  
Old November 26th, 2016 (12:24 AM).
robinjea's Avatar
robinjea robinjea is offline
 
Join Date: Sep 2012
Age: 25
Gender: Male
Nature: Quirky
Posts: 534
Quote:
Originally Posted by BluRose View Post
Spoiler:
Code:
.text
.thumb
.thumb_func
.align 2

201E0:
    add r0, r1, #0x0
    add r1, r5, #0x0
    bl 1E0868 @???
    mov r2, r10
    strh r0, [r2]
    lsl r0, r0 , #0x10
    cmp r0, @0x0
    bne 201F6
    mov r0, #0x1
    strh r0, [r2]
201F6:
    ldr r0, =(0x02024DEE) @20248
    strh r6, [r0]
    ldr r2, =(0x02000000) @2024C
    ldr r3, =(0x0001600F) @20250
    add r2, r1, r3
    ldrb r0, [r2]
    add r0, #0x1
    mov r3, #0x0
    strb r0, [r2]
    ldr r2, =(0x00016018) @20254
    add r0, r1, r2
    strb r3, [r0]
    ldr r3, =(0x0001605F) @20258
    add r1, r1, r3
    mov r0, r8
    strb r0, [r1]
    ldr r0, =(0x02025A64) @2025C
    ldr r0, [r0]
    cmp r0, #0x0
    beq 20220    
    b 20996
20220:
    ldr r0, =(0x02000000) @2024C
    ldr r1, =(0x00016018) @20254
    add r0, r0, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x02004360) @20260
    add r0, r0, r1
    mov r1, #0xC
    bl 3CB60
    lsl r0, r0, #0x10
    lsr r0, r0, #0x10
    cmp r0, #0xAF
    bne 2026C
    ldr r0, =(0x02025734) @20264
    ldr r2, =(0x00003688) @20268
    add r0, r0, r2
    ldrb r4, [r0]
    b 20274

@[pointers/constant words here. define as .equ's later or something]
@20248-2026B

2026C:
    bl A993C
    lsl r0, r0, #0x18
    lsr r4, r0, #0x18

20274:
    ldr r5, =(0x02000000) @20294
    cmp r4, #0x19
    beq 202A0
    ldr r3, =(0x0001605F) @20298
    add r1, r5, r3
    ldrb r0, [r1]
    mov r2, #0x1
    and r2, r0
    cmp r2, #0x0
    bne 202A0
    lsr r0, r0, #0x1
    strb r0, [r1]
    ldr r0, =(0x0001600F) @2029C @where andrea's function points to is right here, 2028C
    add r1, r5, r0
    b 202C8

@[more pointers/constants.  .equ's later, maybe not.]
@20294-2029F

202A0:    @where andrea's return is going to
    ldr r1, =(0x00016018) @202D4
    add r0, r5, r1
    ldrb r1, [r0]
    mov r0, #0x64
    mul r0, r1
    ldr r1, =(0x03004360) @202D8
    add r0, r0, r1
    mov r1, #0x38
    bl 3CB60
    cmp r0, #0x64
    bne 202E8
    ldr r2, =(0x0001605F) @202DC
    add r1, r5, r2
    ldrb r0, [r1]
    lsr r0, r0, #0x1
    mov r1, #0x0
    strb r0, [r1]
    ldr r3, =(0x0001600F) @202E0
    add r1, r5, r3
202C8:
    mov r0, #0x5
    strb r0, [r1]
    ldr r0, =(0x02024BEC) @202E4
    str r2m [r0]
    b 20996

@[pointers/constants]
@202D4-202E7

202E8:
    @insert function here

20996:    @i felt that this was referenced a lot, so i decided to write it down like the rest i guess
    @NOTE: this function as it is appears at least 37 times BEFORE it does here in the Ruby ROM.  It appears even more often in Fire Red.  PLEASE, don't come to me saying that you found an equivalent offset claiming 20996 in AXVE equals E8C in BPRE.
    pop {r3-r5}
    mov r8, r3
    mov r9, r4
    mov r10, r5
    pop {r4-r7}
    pop {r0}
    bx r0

@[more constants and ****]

3CB60

A993C

1E0868

it's just a matter of finding the rough same in fire red at the moment, specifically 20274. haven't even started on the other routine because all of this was really done this morning (shhhhhhh)

EDIT: accidentally disassembled the other routine referenced that we haven't found as well while disassembling what the first one references :P
coolio. meanwhile, i'm actually going to check out one of the other routines because really it doesn't seem equal ahaha

EDIT: ok i'm ****ing dumb
Code:
branch point AXVE:  
        20280
return point AXVE:  
        2028C (notice how it's literally branch +0xC)

branch point BPRE:  
        21CCE
return point BPRE: (one of what we're looking for)
        21CDA

return point 2 AXVE:
        202A0
return point 2 BPRE: (other of what we're looking for)
        21CE8
magically, when looking it up in IDB, almost everything matches! imagine that :):):):):):):):):):):):):)
here's bpre's routine, credits to andrea~ and the_learner (for making it relatively easy to find two addresses; he already found them). i did practically nothing except be stupid and look for something that was literally right under my nose the whole time
as usual, untested
Spoiler:
Code:
21CCE - 00 4A 10 47 XX XX XX XX
21C3A - 02 21
21D70 - 01 20
routine at XXXXXXXX
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x08021CDB /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x08021CE9 /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x08099F41 /*axve: 0x080A92D5*/ /*i was entirely off in my original searching for this ehehe*/
MOV R11, R0
POP {R0}
BX R11

and because lccoolj95's going to ask for it, bpee (still untested):
Spoiler:
Code:
4A592 - 00 4A 10 47 XX XX XX XX
4A4BE - 02 21
4A634 - 01 20
Code:
.THUMB
.ALIGN 2

PUSH {R0-R7}
MOV R0, #0xB6
MOV R1, #1
BL CHECK_ITEM
CMP R0, #1
BEQ RETURN
POP {R0-R7}

MOV R2, #1
AND R2, R0
CMP R2, #0
BNE RETURN_2

LSR R0, R0, #1
STRB R0, [R1]
LDR R1, = 0x0804A59F /*axve: 0x0802028D*/
BX R1

RETURN:
POP {R0-R7}

RETURN_2:
LDR R1, = 0x0804A5AD /*axve: 0x080202A1*/
BX R1

CHECK_ITEM:
PUSH {R0}
LDR R0, = 0x080D6725 /*axve: 0x080A92D5*/
MOV R11, R0
POP {R0}
BX R11

have a nice day, this took way too long <3
Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)
Reply With Quote
  #898   Link to this post, but load the entire thread.  
Old November 26th, 2016 (6:01 AM). Edited November 26th, 2016 by BluRose.
BluRose BluRose is offline
blu rass
 
Join Date: Apr 2014
Location: michigan tech
Age: 22
Gender: Male
Nature: Timid
Posts: 812
Quote:
Originally Posted by BlackWhiteRobin View Post
Tested EM's. Game restarts right before receiving experience points with or without EXP. Share Item. I've yet to test FR's. (And this breaks my heart.)
lol ok i'll have to adjust it. likely because different registers are (probably) used for the check-item routine across all three versions, and i honestly only found it because the checkitem script command references it in each version
report back with fr, please <3

EDIT: i'll do fr, but how done i was yesterday shines through in that i didn't even tell to make the pointer aligned. :P

EDIT2: works here after a few byte changes to my byte changes were made to made. updating post

EDIT3: works in em after doing the same byte changes.

happy hacking!
__________________
heyo check out my github:

BluRosie
highlights:
battle engine for heartgold
various feature branches in heart gold (fairy type, odd egg, mud slopes)

i'm a big part of the development team of pokemon firegold! all the code that i develop for that hack is also on my github

also on discord: BluRose#0412
Reply With Quote
  #899   Link to this post, but load the entire thread.  
Old December 18th, 2016 (11:27 AM). Edited January 20th, 2020 by Zeturic.
Zeturic's Avatar
Zeturic Zeturic is offline
 
Join Date: Mar 2007
Posts: 787
Powder Jar [FR]

The amount of berry powder is stored in a byte at
[0x300500C] + 0xAF8
. It's referred to as field_af8. It is encrypted via the Security Key.

In finding this, I found a function at
0x0815EE3C
which takes a pointer and decrypts what it points to with the Security Key.
Reply With Quote
  #900   Link to this post, but load the entire thread.  
Old December 20th, 2016 (11:09 AM).
esperance's Avatar
esperance esperance is offline
 
Join Date: Mar 2010
Location: OH
Age: 26
Gender: Male
Nature: Relaxed
Posts: 3,830
Door Animation Format

Door animations follow a very simple 12-byte format, which I'm sharing for anyone that needs a reference.

Code:
| Offset  | Type          | Notes                            |
|------------------------------------------------------------|
| 0-1     | Tile index    |                                  |
| 2       | Sound flag    | 00 = door, other = sliding door  |
| 3       | Tile flag     | 00 = one tile, other = two tiles |
| 4-7     | Image         | pointer, uncompressed            |
| 8-11    | Palette       | pointer                          |
The data is stored in tables, and can be found at the following offsets:
Code:
AXVE: 30F9B4
AXPE: 30F944
BPRE: 35B5D8
BPGE: 35B5B8
BPEE: 497174
__________________
What are you so afraid of?
Reply With Quote
Reply

Quick Reply

Join the conversation!

Create an account to post a reply in this thread, participate in other discussions, and more!

Create a PokéCommunity Account
Ad Content
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 8:53 AM.