The PokéCommunity Forums  

Go Back   The PokéCommunity Forums > Fan Games > Binary ROM Hacking > Binary Hack Research & Development
Reload this Page Quick Research & Development Thread

Notices
For all updates, view the main page.

Binary Hack Research & Development Got a well-founded knack with your binary Pokémon hacks? Love reverse-engineering them? For the traditional Pokémon ROM hacker, this is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create!

Ad Content
Reply
 
Thread Tools
  #201   Link to this post, but load the entire thread.  
Old March 15th, 2012 (5:51 PM).
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
Quote:
Originally Posted by SwiftSign View Post
Hmm the pointer to the egg script lies at 0x6d71c, the only data string that is just before that pointed to a script with the line 'fadesong 0x9AOD' which as far as I know doesn't exist - so looks like egg hatching is controlled by ASM.

Does anyone know where Egg-Step information is stored?

//

Been looking for possibly Egg-Step info, can't seem to find it anywhere o_o nobody lists it with species/etc. data, and I have looked around the areas with it to no avail (For example, I'm assuming Pikachu will have a value of '15' somewhere in it's data to signify 21 cycles for hatching. If that value was momentarily set to 0, I wonder if the egg would insta-hatch.
I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
  #202   Link to this post, but load the entire thread.  
Old March 15th, 2012 (6:27 PM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
Quote:
Originally Posted by redriders180 View Post
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?
As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:

0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience


Quote:
Originally Posted by redriders180 View Post
This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.
Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #203   Link to this post, but load the entire thread.  
Old March 15th, 2012 (6:54 PM).
Mana's Avatar
Mana Mana is offline
 
Join Date: Jan 2009
Location: UK
Age: 31
Gender: Male
Posts: 10,075
Quote:
Originally Posted by redriders180 View Post
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?

This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.
Quote:
Originally Posted by redriders180 View Post
I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
__________________
Reply With Quote
  #204   Link to this post, but load the entire thread.  
Old March 15th, 2012 (7:09 PM). Edited March 15th, 2012 by droomph.
droomph's Avatar
droomph droomph is offline
weeb
 
Join Date: Sep 2011
Location: nowhere spectacular
Age: 26
Gender: Male
Nature: Impish
Posts: 4,282
Quote:
Originally Posted by SwiftSign View Post
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
I don't know what you mean by "identify where the egg is", but every Party Pokémon is 100 bytes long, meaning you just take variable 0x8004 into a register and
Code:
ldr rd, #0x02024284
mul rm, #0x64
add rm, #0x20
add rd, rm
it, and so on.

Or maybe something like this, but with str instead of ldr: (it's far from finished)
Spoiler:
Code:
species
;select Pokemon slot (r0); zero-indexed
;return Species (r0); ROM number
	push {lr}
	bl pval
	mov r1, 0x18
	mov r2, r0
	bl mod
	mov r1, 0x5
	cmp r0, r1
	bls first
	mov r1, 0x7
	cmp r0, r1
	bls second
	mov r1, 0x8
	cmp r0, r1
	bls third
	mov r1, 0xA
	cmp r0, r1
	beq third
	mov r1, 0xB
	cmp r0, r1
	bls fourth
	mov r1, 0xD
	cmp r0, r1
	bls second
	mov r1, 0xE
	cmp r0, r1
	beq third
	mov r1, 0x10
	cmp r0, r1
	beq third
	mov r1, 0x11
	cmp r0, r1
	bls fourth
	mov r1, 0x13
	cmp r0, r1
	bls second
	mov r1, 0x14
	cmp r0, r1
	beq third
	mov r1, 0x16
	cmp r0, r1
	beq third
	mov r1, 0x17
	bls fourth	
first
	ldr r2, .PARTY
	mov r1, 0x64
	mul r0, r1
	add r2, r0
	ldr r0, [r2, 0x20]
	pop {pc}
second
	ldr r2, .PARTY
	mov r1, 0x64
	mul r0, r1
	add r2, r0
	ldr r0, [r2, 0x2C]
	pop {pc}
third
	ldr r2, .PARTY
	mov r1, 0x64
	mul r0, r1
	add r2, r0
	ldr r0, [r2, 0x38]
	pop {pc}
fourth
	ldr r2, .PARTY
	mov r1, 0x64
	mul r0, r1
	add r2, r0
	ldr r0, [r2, 0x44]
	pop {pc}
.PARTY
	= 0x20244EC
__________________
did u no there r 21 letters in the alphabet
o i forgot 5
uraqt


Reply With Quote
  #205   Link to this post, but load the entire thread.  
Old March 15th, 2012 (8:18 PM). Edited March 16th, 2012 by redriders180.
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
Quote:
Originally Posted by SwiftSign View Post
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
You actually don't need ASM for this one. I quote from the list of specials, courtesy of JPAN:
Quote:
Originally Posted by JPAN
[Special 0x]147 checks your pokemon in position referenced by 0x8004 and returns to the given variable its pokemon number. returns 0x19c if an egg.
So all you need to do is use set the variable 0x8004 to 0x0, special2 LASTRESULT 0x147, compare LASTRESULT 0x19C, if 0x1 goto @hatch, if 0x0, add 0x1 to 0x8004, and repeat. You also need to build in a failsafe for if they don't have an egg, so the script won't loop you forever.

Quote:
Originally Posted by sonic1 View Post

As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:

0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience




Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!

Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
  #206   Link to this post, but load the entire thread.  
Old March 16th, 2012 (7:14 AM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
Quote:
Originally Posted by redriders180 View Post
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!

Well about the method, it isn't my fault, it's how the keyboard works, and i can't do anything about it without breaking compatibility to all other things that use it (at least me, i'm sure that there are many people out there who know a lot more ASM than me).

But yeah, a separation script is totally possible, just use copybyte to copy a byte to other variable while using writebytetooffset to clear the other 8bits (1-byte) of the variable.

The cipher... Well, i'm a student of asm for about 2 years from now, and i'm willing to try to learn everything about it. I'm not asking to see your cipher specifically, but an example of one would be nice for me to learn how to deal with those things.

Quote:
Originally Posted by redriders180 View Post
Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
Well, if you say so... But yeah, the things i posted are the only ones that i know what it does, that routine is actually able to change everything, but i don't know what to pass as arguments to actually change everything, just those.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #207   Link to this post, but load the entire thread.  
Old March 17th, 2012 (1:36 PM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
To anyone who is interested, callasm 0x09FC91 to name yourself in overworld.
FireRed Only.

~Sonic1
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #208   Link to this post, but load the entire thread.  
Old March 17th, 2012 (7:53 PM).
NarutoActor's Avatar
NarutoActor NarutoActor is offline
The rocks cry out to me
 
Join Date: Jan 2009
Location: Brooklyn/Marlboro
Age: 29
Gender: Female
Nature: Bashful
Posts: 1,974
Quote:
Originally Posted by SwiftSign View Post
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.

The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.

Ideally something like

Check (egg) species -> Locate species -> setvar 0x8004 to position

Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
Well what you can do is have a series of checks that check each pokemon in the party's catch level (Which would be zero since it didn't hatch yet)that way you can tell where the egg is in the party, and if there is even one in said party.


Also isn't egg hacking based on the amount of steps the player takes. You can just add a certain amount of steps to the area where the amount of steps are stored, then start the routine for the egg check. Just my brain storming, I didn't actually try it myself, so tell me how it goes.
__________________
~There are those people who understand hex, F the rest
Reply With Quote
  #209   Link to this post, but load the entire thread.  
Old March 18th, 2012 (6:57 AM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
After a quick research, i discovered that in R/S/E, the scripting command 0x2E, Resetvars, doesn't reset vars.
In Firered does, but in those versions it sets 8000 to the current clock hours, 8001 to minutes and 8002 to seconds. The reason FIRERED resets those vars is because it doesn't have Real Time Clock.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #210   Link to this post, but load the entire thread.  
Old March 20th, 2012 (9:58 PM). Edited March 20th, 2012 by Agastya.
Agastya's Avatar
Agastya Agastya is offline
Grinding failed. Item Grind level dropped by 3.
 
Join Date: Feb 2010
Nature: Quiet
Posts: 73
As I've been doing a Fakemon hack in Emerald, the Frontier was obviously a mess. Things weren't very well documented outside of the normal structures for the Tents and regular Pokemon (which is very well documented on Bulbapedia - for brevity they will not be discussed here, go to bulbapedia.bulbagarden.net/wiki/Battle_Frontier_data_structures_in_Generation_III if interested), but this still left things like the Brains and wild spawns in the Pyramid/Pike up in the air. After a bit of snooping around, I've found some stuff. I really doubt this warrants its own thread, so I'll put it here.

Frontier Brain info:
Spoiler:
The Frontier Brain teams are stored in a 20 Byte data structure, as shown:
41 00 | B3 00 | 18 | 0F | 6A/00/98/98/64/00 | 09 00/07 00/08 00/32 00

1) Species
2) Item (Normal indexing instead of Frontier indexing)
3) IVs (Apply to all stats)
4) Nature
5) EVs, in the order of HP/ATK/DEF/SPEED/SATK/SDEF
6) Movepool

Shown was Salon Maiden Anabel's Alakazam. It has a Modest nature, IVs of 24, an EV investment of 106 HP/152 DEF/152 SPD/100 SATK, and a movepool of Thunderpunch, Fire Punch, Ice Punch, and Disable. Its hold item is a Brightpowder.
Two things interesting to note is that Frontier Brains use normal item indexing instead of the Frontier's custom indexing, so they can hold whatever is wished for them to hold. Also, similarly to Steven's team in the Space Center event, they can have up to 255 EVs in each stat, and all EVs will be accounted for.

The teams themselves are located at the following offsets:
0x61156C, Salon Maiden Anabel
0x6115E4, Dome Ace Tucker
0x61165C, Palace Maven Spenser
0x6116D4, Arena Tycoon Greta
0x61174C, Metang, Skarmory, Aggron, Metang, Skarmory, Aggron*
0x6117C4, Pike Queen Lucy
0x61183C, Pyramid King Brandon

At each offset is six Pokemon. The first three Pokemon are used in the Silver symbol battle, and the next three Pokemon are used in the Gold symbol battle.
*This is two copies of Steven's team in the Space Center event - as Factory Head Noland uses random Pokemon from the Factory listing, he doesn't get a special team to use.


Battle Pyramid wild spawns:
Spoiler:
The format for the wild spawns is 12 bytes long:
61 01 | 23 | 02 | 56 00/D1 00/E3 00/00 00

1) Species
2) EVs, dictated by the normal Frontier EVing setup
3) ???
4) Movepool

I'm not quite sure what the ?? is, but it's 02 in every wild spawn entry.
Showcased here is a Pluslie with EV investment of HP/ATK/SDEF, and a movepool of Thunder Wave, Spark, and Encore.

As strange as it is to EV in Attack, it was most likely done to keep it from being too "bulky" as EVs in regular Frontier Pokemon are evenly distributed among each stat (in which case this is 170 in each stat, compared to 255 in both HP and SDEF)


The wild spawns themselves are located at 0x6126B0 for Level 50 and 0x612E80 for Open Level. At each offset is a master list of 160 Pokemon broken up into groups of eight, and then twenty pointers respective to which round it is pointing to. The list is virtually identical for Level 50 and Open Level, but the EVs are different in Open Level. A listing of the Pokemon in the Pyramid itself can be found at Bulbapedia, and it generally follows the order that the Pokemon are listed.


I haven't looked at the wild spawns in the Pike yet, but they probably share a similar format to the wilds in the Pyramid. Hopefully this can help out with Frontier hacking.
Reply With Quote
  #211   Link to this post, but load the entire thread.  
Old March 24th, 2012 (2:45 AM). Edited March 24th, 2012 by knizz.
knizz's Avatar
knizz knizz is offline
 
Join Date: Aug 2007
Gender: Female
Posts: 192
Quote:
Originally Posted by sonic1 View Post

As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:

0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience




Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.

My main worry is how you're gonna convert the letters bytes into usable codes.
:O
Is this 0803FBE8?
Thanks!
__________________
Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
VBA-M with lua scripting support
incomplete firered decompilation
Reply With Quote
  #212   Link to this post, but load the entire thread.  
Old March 24th, 2012 (5:13 AM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
Quote:
Originally Posted by knizz View Post
:O
Is this 0803FBE8?
Thanks!
Well, actually that's the routine that retrieves the pokemon data.

The one that i'm talking about is at 804037C, name's 'set_pokemon_data'

Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #213   Link to this post, but load the entire thread.  
Old March 24th, 2012 (6:27 PM).
knizz's Avatar
knizz knizz is offline
 
Join Date: Aug 2007
Gender: Female
Posts: 192
Quote:
Originally Posted by sonic1 View Post


Well, actually that's the routine that retrieves the pokemon data.

The one that i'm talking about is at 804037C, name's 'set_pokemon_data'

Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.
I updated my DB to include this and an enumeration with all numbers get/set_pokemon_data uses and the pokemon-properties they represent.

Also smaller changes and fixes.

Download link in the signature.
__________________
Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
VBA-M with lua scripting support
incomplete firered decompilation
Reply With Quote
  #214   Link to this post, but load the entire thread.  
Old March 24th, 2012 (7:39 PM).
atomen atomen is offline
 
Join Date: Jul 2009
Gender: Male
Posts: 6
Hi!

I thought this question might just fit in this thread. I've recently
developed a map editor for Red/Blue (out of pure curiousity) and now I've turned my sight for FR/LG. the difference compared to my
previous project though, is that I seem to be unable to find an
in-depth guide/format description of the map structure that LG/FR
uses. Now correct me if I'm wrong but does it not resemble the
format used in ruby/sapphire? At least that's what I've read.

If this statement is true, how close does this format description
match the FR/LG one (since it describes ruby's):
pokecommunity.com/showthread.php?p=6646782

Any hint or help would be greatly appreciated!
(sorry for the feeble reply, written on my cellphone...)

Note: I have tried to search for answers but without succes.
Reply With Quote
  #215   Link to this post, but load the entire thread.  
Old March 26th, 2012 (5:27 PM). Edited March 30th, 2012 by redriders180.
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
I'm happy to be posting here something that might help someone, actually! But then again, someone probably already posted this somewhere else. v.v

Anyways, in Diego's tutorial, it discusses applymovement, and lists many commands that can be used. It lists from 0x0 up to 0x66, skipping 0x45 and everything from 0x5A to 0x5F. I decided to try every possible byte as an applymovement command, to see if there's anything else besides the listed commands...and there was! I found almost 67 unmentioned movements, and a fair majority of them actually work. Most of these are useful, because they access frames besides the first eight. I'll list the ones not mentioned in the tutorial here...These are for Firered/Leafgreen:

Spoiler:
#raw 0x45 = Walk in place. Direction of walking depends on which way you were facing at time of activation. Loops forever
#raw 0x5A = Look Down
#raw 0x5B = Run in place, downwards. Loops forever. Uses running frames, as opposed to walking frames.
#raw 0x5C = Seemingly Absolutely nothing
#raw 0x5D = Also absolutely nothing
#raw 0x5E = Again, Nothing
#raw 0x5F = Nothing once more.
#raw 0x67 = Nothing.
#raw 0x68 = Face up, and locks movement.
#raw 0x69 = Face up, and locks movement. When used for cut trees and smash rocks, it plays the destruction animation.
#raw 0x6A = Nothing.
#raw 0x6B = Nothing.
#raw 0x6C = Causes person not to flip while moving right, aka Moonwalking.
#raw 0x6D = Nothing.
#raw 0x6E = Walks one tile down, but takes two steps.
#raw 0x6F = Walks one tile down, but takes two steps.
#raw 0x70 = Faces right, then down, very fast.
#raw 0x71 = Faces down, then up, very fast.
#raw 0x72 = Faces up, then left, very fast.
#raw 0x73 = Faces left, then right, very fast.
#raw 0x74 = Runs in place downward, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x75 = Runs in place upward, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x76 = Runs in place left, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x77 = Runs in place right, uses running frames, as opposed to normal walking frames. Loops forever.
#raw 0x78 = Player looks diagonally left and right, twice.
#raw 0x79 = Faces down, Locks movement.
#raw 0x7A = Faces up, and locks movement.
#raw 0x7B = Faces left, locks movement.
#raw 0x7C = Runs and jumps in place, facing down. Uses running frames.
#raw 0x7D = Runs and jumps in place, facing up. Uses running frames
#raw 0x7E = Runs and jumps in place, facing left. Uses running frames.
#raw 0x7F = Runs and jumps in place, facing right. Uses running frames.
#raw 0x80 = Runs and jumps down. Uses running frames.
#raw 0x81 = Runs and jumps up. Uses running frames.
#raw 0x82 = Runs and jumps left. Uses running frames.
#raw 0x83 = Runs and jumps right. Uses running frames.
#raw 0x84 = Runs and jumps down two tiles. Uses running frames.
#raw 0x85 = Runs and jumps up two tiles. Uses running frames.
#raw 0x86 = Runs and jumps left two tiles. Uses running frames.
#raw 0x87 = Runs and jumps right two tiles. uses running frames.
#raw 0x88 = Step on the spot right, then face down.
#raw 0x89 = Step on the spot down, then face up.
#raw 0x8A = Step on the spot up, then face left
#raw 0x8B = Step on the spot left, then face right
#raw 0x8C = Run down. Uses running frames
#raw 0x8D = Run up. Uses running frames
#raw 0x8E = Run left. Uses running frames
#raw 0x8F = Run right. Uses running frames
#raw 0x90 = Slide down, facing right, then faces down.
#raw 0x91 = Slide up, facing down, then faces up.
#raw 0x92 = Slides left, facing up, then faces left.
#raw 0x93 = Slides right, facing left, then faces right.
#raw 0x94 = Spins down. Faces down when completed.
#raw 0x95 = Spins up. Faces up when completed.
#raw 0x96 = Spins left. Faces left when completed.
#raw 0x97 = Spins right. Faces left when completed.
#raw 0x98 = Runs downward, using running frames. Loops forever.
#raw 0x99 = Runs downward in place, and jumps. Repeats once.
#raw 0x9A = Runs downward in place, swaying from side to side slighty. Uses running frames.
#raw 0x9B = Walks downward VERY slowly, taking ten steps to move one tile.
#raw 0x9C = Walks upward VERY slowly.
#raw 0x9D = Walks left VERY slowly.
#raw 0x9E = Walks right VERY slowly.
#raw 0x9F = Looks diagonaly left and right, twice, then faces the same way you started facing.
#raw 0xA0 = Slides down one tile.
#raw 0xA1 = Slides up one tile.
#raw 0xA2 = Slides left one tile.
#raw 0xA3 = Slides right one tile.
#raw 0xA4 = Flies up off the screen, and disappears.
#raw 0xA5 = Flies down from top of screen, and reappears.
#raw 0xA6 = Runs very fast, and jumps down one tile
#raw 0xA7 = Runs very fast, and jumps up one tile
#raw 0xA8 = Runs very fast, and jumps left one tile
#raw 0xA9 = Runs very fast, and jumps right one tile
#raw 0xAA through #raw 0xFD either lock or crash the game.


A note: The ones that say "loop forever" can be un-looped, of course. The commands in question simply won't trigger the "waitmovement" command, so the script is waiting for a movement to end, causing the loop. I'll leave it up to you to figure it out ;)
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
  #216   Link to this post, but load the entire thread.  
Old March 27th, 2012 (3:56 AM).
Jambo51's Avatar
Jambo51 Jambo51 is offline
Glory To Arstotzka
 
Join Date: Jun 2009
Gender: Male
Nature: Quiet
Posts: 736
I've decided to post a couple of useful hacks on here today, both related to battle scripting.

First, here's my "callasm" scripting command. It does exactly what its namesake in overworld scripting does.

Spoiler:
.text
.align 2
.thumb
.thumb_func
.global battlescriptcallasm
main:
push {lr}
push {r1-r7}
ldr r0, scriptlocation
ldr r0, [r0, #0x0]
ldrb r1, [r0, #0x1]
ldrb r2, [r0, #0x2]
lsl r2, r2, #0x8
orr r1, r2
ldrb r2, [r0, #0x3]
lsl r2, r2, #0x10
orr r1, r2
ldrb r2, [r0, #0x4]
lsl r2, r2, #0x18
orr r1, r2
bl bx_r1
ldr r0, scriptlocation
ldr r1, [r0, #0x0]
add r1, #0x5
str r1, [r0, #0x0]
pop {r1-r7}
pop {r0}
bx r0
bx_r1: bx r1
.align
scriptlocation: .word 0x02023D74


In order to insert this command, you need to repoint and extend the battle script command table which is at 0x0825011C and add a new entry pointing to the routine I just gave you. If you insert it directly after the end of the table, it will become command 0xF8.

Usage is thus:
Code:
F8 XX XX XX 08
Where XX XX XX 08 is the pointer to the ASM to call + 1 for THUMB mode, or not incremented for ARM mode.

Second up, this is the battle string loader hack I made. It intercepts the "failed" part of the loader. That is, it branches out from what the loader would otherwise consider to be a bad number to load from and skip.

Spoiler:
.text
.align 2
.thumb
.thumb_func
.global battlestringloaderhack
main:
mov r0, #0xC2
lsl r0, r0, #0x1
cmp r0, r6
bne normalcode
ldr r0, ramlocation
ldr r7, [r0, #0x0]
cmp r7, #0x0
beq alternative
mov r0, #0xA
lsl r0, r0, #0x18
cmp r7, r0
bge alternative
mov r0, #0x8
lsl r0, r0, #0x18
cmp r7, r0
blt alternative
b continue
alternative: mov r6, #0xC
ldr r1, returntwo
bx r1
continue: ldr r0, returnone
bx r0
normalcode: ldr r1, otherramloc
mov r0, #0xFF
strb r0, [r1, #0x0]
pop {r3-r5}
mov r8, r3
mov r9, r4
mov r10, r5
pop {r4-r7}
pop {r0}
bx r0
.align
ramlocation: .word 0x0203C020
returntwo: .word 0x080D77D1
returnone: .word 0x080D77DD
otherramloc: .word 0x0202298C


As you can see, it has checks to try and catch a "bad" location given in the RAM location I set aside for the new functionality. All it can catch, sadly, is if you leave the RAM location empty, or if you try to use an invalid ROM location. The rest, I have to leave to the user.

I've written the routine such that it supports 32MB ROMs as well, so you don't have to worry about that either.

To insert the actual routine, navigate to 0xD77BE and change the code to 03 49 08 47, then go to 0xD77CC and change the pointer to the insert location of the routine, plus 1 for THUMB mode of course.

Now, using it. It's as easy as this: Using the storebyte command of the battle script functionality (0x2E), store the bytes of the ROM pointer in little endian ordering, into the RAM address 0x0203C020. Then, you call the battle string printer as such:
Code:
10 84 01 39 40 00
The routines will take care of the rest!
__________________
Hey guys, please check out my recreations of the gen 1 and 2 music on my custom engine at my SoundCloud! - Here!
Reply With Quote
  #217   Link to this post, but load the entire thread.  
Old April 3rd, 2012 (12:12 PM).
knizz's Avatar
knizz knizz is offline
 
Join Date: Aug 2007
Gender: Female
Posts: 192
I wrote a bit about the scripting system at this new wiki http://pkmnhackersonline.com/wiki/index.php?title=Firered_Engine. Stuff that is in my DB already, but that isn't available online.
__________________
Firered IDA 6.6 DB: https://www.dropbox.com/s/d856o3pyndyr5sr/firered.idb
VBA-M with lua scripting support
incomplete firered decompilation
Reply With Quote
  #218   Link to this post, but load the entire thread.  
Old April 5th, 2012 (7:49 AM).
Agastya's Avatar
Agastya Agastya is offline
Grinding failed. Item Grind level dropped by 3.
 
Join Date: Feb 2010
Nature: Quiet
Posts: 73
I think I've found the Battle Pike wilds. I say think, because despite the fact I have edited them in a hex editor (and multiple hex editors showing the changes), I personally can't get any changes to show up in-game. I'm only really posting these because they make sense compared to what's shown on the Bulbapedia page, and maybe somebody else can help out with this to say if they get results, if this is somehow completely wrong, or if it's just VBA getting tired of allowing me to have nice things.

Spoiler:
Pike wilds start at 0x6121D4 for (Level 50?) and 0x612274 for (Open Level?). There are twelve entries followed by four pointers on the first one splitting them into four blocks of three, and then twelve entries followed by six pointers on the second one, the first four pointers splitting the previous twelve entries into four blocks of three and the final two pointing towards the first and second sets of pointers. The format for the wilds itself is a 12 byte data structure:

7B 01 | 04 00 | 5C 00 89 00 22 00 BC 00

1) Species, 2 bytes
2) ???, 2 bytes
3) Movepool, 8 bytes

Displayed is the generic Seviper entry. Its movepool is Toxic, Glare, Body Slam, and Sludge Bomb. I'm not sure what the ??? is, but it's either 04 00 or 05 00, and has been noted in the spawn listing alongside what Bulbapedia states is its spawn rate.


Set one (Rooms 0~280)
Seviper 04 00 26%
Milotic 04 00 26%
Dusclops 05 00 48%

Set two (Rooms 281~560)
Seviper 04 00 26%
Milotic 04 00 26%
Electrode 05 00 48%

Set three (Rooms 561~840)
Seviper 04 00 26%
Milotic 04 00 26%
Breloom 05 00 48%

Set four (Rooms 840+)
Seviper 04 00 26%
Milotic 04 00 26%
Wobbuffet 05 00 48%

Each instance of Seviper and Milotic is its own entry, so they should be customizable to the hacker's whims. The entries in Open Level are the same, but have slightly different movepools.


It'd be nice if these actually were the offsets though, because then after that it's figuring out what determines the Pokemon selected by each facility. Outside of the list being a in a "general sliding scale of difficulty" there's not really much other leads on selection.
__________________
Reply With Quote
  #219   Link to this post, but load the entire thread.  
Old April 5th, 2012 (5:23 PM).
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
Hi there! I was designing a berry tree system for my game (Firered), and while I figured out a way to make a tree give a berry a day, I realized that there was something else in the game that does pretty much the same thing; the regenerating berries in Berry Forest, and regenerating trinkets on treasure beach. Does anyone have any info on these regenerating items, and how I might be able to expand the list to cover all my berry trees? Additionally, does anyone know where I might find the offsets for the flags/variables for hidden items?
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
  #220   Link to this post, but load the entire thread.  
Old April 8th, 2012 (4:35 AM).
ipatix's Avatar
ipatix ipatix is offline
Sound Expert
 
Join Date: May 2008
Location: Germany
Gender: Male
Nature: Relaxed
Posts: 145
Hey guys,

I have some questions about the SSEQ file format:

I read in the SDAT specs of kiwi.ds that the delay and note length parameters are expressed with a variable anmount of bytes.
But these parameters aren't described and I want to know how these work.

What I noticed so far is that if you have more than one byte, the last byte is positive and the others are negative.
But what do I have to do with these values?
Do I have to read them out in Little Endian or do I have to add all these values?

Hope you can help me out with this ;-)
__________________
Visit my YouTube channel (music hacking and other stuff): http://www.youtube.com/user/theipatix
Reply With Quote
  #221   Link to this post, but load the entire thread.  
Old April 8th, 2012 (12:40 PM).
looper's Avatar
looper looper is offline
German Hacker
 
Join Date: Aug 2010
Location: Germany
Gender: Male
Nature: Lonely
Posts: 53
I guess here you find, what you're looking for: http://kiwi.ds.googlepages.com/sdat.html
__________________
I'm not a god. But Chuck Norris isn't, too.
Reply With Quote
  #222   Link to this post, but load the entire thread.  
Old April 8th, 2012 (4:21 PM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
Quote:
Originally Posted by redriders180 View Post
Hi there! I was designing a berry tree system for my game (Firered), and while I figured out a way to make a tree give a berry a day, I realized that there was something else in the game that does pretty much the same thing; the regenerating berries in Berry Forest, and regenerating trinkets on treasure beach. Does anyone have any info on these regenerating items, and how I might be able to expand the list to cover all my berry trees? Additionally, does anyone know where I might find the offsets for the flags/variables for hidden items?

Well, i only took a quick look into this issue (3 minutes) because i'm very busy now, and i don't want to discourage you, but there's a limit for those items.
The routine at 080CC44C is the one who gets the flag associated with the hidden item, based on Hidden ID + 0x3e8. This means no repoint+add items without overwriting other game flags.

Thats the only thing i found out by now.

Props
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #223   Link to this post, but load the entire thread.  
Old April 9th, 2012 (10:59 AM).
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
Quote:
Originally Posted by sonic1 View Post



Well, i only took a quick look into this issue (3 minutes) because i'm very busy now, and i don't want to discourage you, but there's a limit for those items.
The routine at 080CC44C is the one who gets the flag associated with the hidden item, based on Hidden ID + 0x3e8. This means no repoint+add items without overwriting other game flags.

Thats the only thing i found out by now.

Props
Well, plan B is to make a script that just clears all the hidden item flags to zero at midnight, which is simple enough. I assume the hidden item flags are stored somewhere in memory, so I'd just have to write 0 to all the bytes I need to clear it out. Does anyone have the offset for this location in the memory?
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
  #224   Link to this post, but load the entire thread.  
Old April 9th, 2012 (2:20 PM).
sonic1's Avatar
sonic1 sonic1 is offline
ASM is my life now...
 
Join Date: May 2008
Location: Portugal
Age: 28
Gender: Male
Nature: Timid
Posts: 77
Quote:
Originally Posted by redriders180 View Post
Well, plan B is to make a script that just clears all the hidden item flags to zero at midnight, which is simple enough. I assume the hidden item flags are stored somewhere in memory, so I'd just have to write 0 to all the bytes I need to clear it out. Does anyone have the offset for this location in the memory?
Well, actually, they are normal flags, like 0x800 etc..., but are Hidden ID + Flag 0x3E8. (E.g: Hidden item 0x10 would be flag 0x3F8. Clear the flag to be able to get the item again)

The script is somewhat easy. There are 0xBE hidden items. Here's a script made now for the purpose:
Code:
#dynamic 0x800000
'----------------
#org @start
setvar 0x8000 0x3E8 'Base flag
setvar 0x8001 0x0   'Counter
goto @loop

#org @loop
compare 0x8001 0xBE
if B_> goto @end
addvar 0x8001 0x1
clearflag 0x8000    ' Clear flag in var 8000
addvar 0x8000 0x1
goto @loop

#org @end
setvar 0x8000 0
setvar 0x8001 0     'Reset vars
release
end
I made this in 5 minutes and didn't test it. Test it and please warn me if there's an inconvenience with this.

(to @redriders180: I saw your PM, i just hadn't the time to answer it because its a little complex for my current time available)
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Reply With Quote
  #225   Link to this post, but load the entire thread.  
Old April 10th, 2012 (4:29 PM).
redriders180's Avatar
redriders180 redriders180 is offline
Mastermind of Pokemon Glazed
 
Join Date: Jun 2010
Location: Path of Victory, Tunod
Gender: Male
Nature: Quirky
Posts: 314
Quote:
Originally Posted by sonic1 View Post


Well, actually, they are normal flags, like 0x800 etc..., but are Hidden ID + Flag 0x3E8. (E.g: Hidden item 0x10 would be flag 0x3F8. Clear the flag to be able to get the item again)

The script is somewhat easy. There are 0xBE hidden items. Here's a script made now for the purpose:
Code:
#dynamic 0x800000
'----------------
#org @start
setvar 0x8000 0x3E8 'Base flag
setvar 0x8001 0x0   'Counter
goto @loop

#org @loop
compare 0x8001 0xBE
if B_> goto @end
addvar 0x8001 0x1
clearflag 0x8000    ' Clear flag in var 8000
addvar 0x8000 0x1
goto @loop

#org @end
setvar 0x8000 0
setvar 0x8001 0     'Reset vars
release
end
I made this in 5 minutes and didn't test it. Test it and please warn me if there's an inconvenience with this.

(to @redriders180: I saw your PM, i just hadn't the time to answer it because its a little complex for my current time available)
I just tested this, and for some odd reason, it's not working. I activated a hidden item in the usual way, obtained it, and then ran this script via signpost, but I couldn't get the item again. I even expanded it to clear every flag from 0x1 to 0xFFF, but nothing. Am I doing something wrong?
__________________


I think I'm done with ROM hacking. I'll still pop in and visit, though.


Reply With Quote
Reply

Quick Reply

Join the conversation!

Create an account to post a reply in this thread, participate in other discussions, and more!

Create a PokéCommunity Account
Ad Content
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 8:53 AM.