Binary Hack Research & DevelopmentGot a well-founded knack with your binary Pokémon hacks? Love reverse-engineering them? For the traditional Pokémon ROM hacker, this is the spot for polling and gathering your ideas, and then implementing them! Share your hypothesis, get ideas from others, and collaborate to create!
Hmm the pointer to the egg script lies at 0x6d71c, the only data string that is just before that pointed to a script with the line 'fadesong 0x9AOD' which as far as I know doesn't exist - so looks like egg hatching is controlled by ASM.
Does anyone know where Egg-Step information is stored?
//
Been looking for possibly Egg-Step info, can't seem to find it anywhere o_o nobody lists it with species/etc. data, and I have looked around the areas with it to no avail (For example, I'm assuming Pikachu will have a value of '15' somewhere in it's data to signify 21 cycles for hatching. If that value was momentarily set to 0, I wonder if the egg would insta-hatch.
I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?
As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:
0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience
Quote:
Originally Posted by redriders180
This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.
Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.
My main worry is how you're gonna convert the letters bytes into usable codes.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
I understand completely what you mean :) I had planned to make the script something with a maybe 4 or 5 inputs...I wanted complete control over species, IVs, moves, item held, and possibly nickname. How do you recommend I make this work, however? Would I have to make an ASM that just puts the ram offset into R1, then call the normal nicknaming special?
This brings up something else...If I just use the nickname keyboard, the text says "[pokemon's] Nickname?". If it's not hard, I'd like to make it say something else on it, otherwise I'm sure I could live with it.
Quote:
Originally Posted by redriders180
I think the egg to hatch is stored in a variable...I think it's 0x8004, but I don't know for sure. You wouldn't use special2, because that just specifies where the output goes, not what the input is. I believe the slot number of the egg is stored to 0x8004, and the egg hatch special is called.
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.
The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.
Ideally something like
Check (egg) species -> Locate species -> setvar 0x8004 to position
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
I don't know what you mean by "identify where the egg is", but every Party Pokémon is 100 bytes long, meaning you just take variable 0x8004 into a register and
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.
The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.
Ideally something like
Check (egg) species -> Locate species -> setvar 0x8004 to position
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
You actually don't need ASM for this one. I quote from the list of specials, courtesy of JPAN:
Quote:
Originally Posted by JPAN
[Special 0x]147 checks your pokemon in position referenced by 0x8004 and returns to the given variable its pokemon number. returns 0x19c if an egg.
So all you need to do is use set the variable 0x8004 to 0x0, special2 LASTRESULT 0x147, compare LASTRESULT 0x19C, if 0x1 goto @hatch, if 0x0, add 0x1 to 0x8004, and repeat. You also need to build in a failsafe for if they don't have an egg, so the script won't loop you forever.
Quote:
Originally Posted by sonic1
As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:
0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience
Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.
My main worry is how you're gonna convert the letters bytes into usable codes.
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!
Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.
My first problem is that the method you posted earlier is that it stores the value in only five variables, which basically means two letter per variable, and this is NOT what I want...I want one letter per variable. I'm sure I could whip up a seperation script, though. After doing this, the game applies a cipher, and applies my method of conversion, which I won't reveal right here, so I don't have someone who's playing my rom hack in the future stumble upon it, and suddenly find him or herself able to create a team of six level 100 Arceus. If you really want/need to know, feel free to PM me. And thanks for your help!
Well about the method, it isn't my fault, it's how the keyboard works, and i can't do anything about it without breaking compatibility to all other things that use it (at least me, i'm sure that there are many people out there who know a lot more ASM than me).
But yeah, a separation script is totally possible, just use copybyte to copy a byte to other variable while using writebytetooffset to clear the other 8bits (1-byte) of the variable.
The cipher... Well, i'm a student of asm for about 2 years from now, and i'm willing to try to learn everything about it. I'm not asking to see your cipher specifically, but an example of one would be nice for me to learn how to deal with those things.
Quote:
Originally Posted by redriders180
Oh yea...thanks for that routine...but after a quick glance, it seems to all be stuff I can already access.
Well, if you say so... But yeah, the things i posted are the only ones that i know what it does, that routine is actually able to change everything, but i don't know what to pass as arguments to actually change everything, just those.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
To anyone who is interested, callasm 0x09FC91 to name yourself in overworld.
FireRed Only.
~Sonic1
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
You are right, 0x8004 0x1 hatches an egg that is 2nd in the party, etc.
The only trouble now is identifying where the egg is. I've had a look at JPAN's Pokemon data decryption thread from years ago, in which he has a routine that can return a species, even in egg form - but that can't give a permission.
Ideally something like
Check (egg) species -> Locate species -> setvar 0x8004 to position
Especially if it's a one of pokemon, so there can't be more than one, so there is no trouble in accidentally hatching a normal pokemon instead. Anything to identify where the egg is would be a great start ><.
Well what you can do is have a series of checks that check each pokemon in the party's catch level (Which would be zero since it didn't hatch yet)that way you can tell where the egg is in the party, and if there is even one in said party.
Also isn't egg hacking based on the amount of steps the player takes. You can just add a certain amount of steps to the area where the amount of steps are stored, then start the routine for the egg check. Just my brain storming, I didn't actually try it myself, so tell me how it goes.
__________________
~There are those people who understand hex, F the rest
After a quick research, i discovered that in R/S/E, the scripting command 0x2E, Resetvars, doesn't reset vars.
In Firered does, but in those versions it sets 8000 to the current clock hours, 8001 to minutes and 8002 to seconds. The reason FIRERED resets those vars is because it doesn't have Real Time Clock.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
As I've been doing a Fakemon hack in Emerald, the Frontier was obviously a mess. Things weren't very well documented outside of the normal structures for the Tents and regular Pokemon (which is very well documented on Bulbapedia - for brevity they will not be discussed here, go to bulbapedia.bulbagarden.net/wiki/Battle_Frontier_data_structures_in_Generation_III if interested), but this still left things like the Brains and wild spawns in the Pyramid/Pike up in the air. After a bit of snooping around, I've found some stuff. I really doubt this warrants its own thread, so I'll put it here.
Frontier Brain info:
Spoiler:
The Frontier Brain teams are stored in a 20 Byte data structure, as shown:
41 00 | B3 00 | 18 | 0F | 6A/00/98/98/64/00 | 09 00/07 00/08 00/32 00
1) Species
2) Item (Normal indexing instead of Frontier indexing)
3) IVs (Apply to all stats)
4) Nature
5) EVs, in the order of HP/ATK/DEF/SPEED/SATK/SDEF
6) Movepool
Shown was Salon Maiden Anabel's Alakazam. It has a Modest nature, IVs of 24, an EV investment of 106 HP/152 DEF/152 SPD/100 SATK, and a movepool of Thunderpunch, Fire Punch, Ice Punch, and Disable. Its hold item is a Brightpowder.
Two things interesting to note is that Frontier Brains use normal item indexing instead of the Frontier's custom indexing, so they can hold whatever is wished for them to hold. Also, similarly to Steven's team in the Space Center event, they can have up to 255 EVs in each stat, and all EVs will be accounted for.
The teams themselves are located at the following offsets:
0x61156C, Salon Maiden Anabel
0x6115E4, Dome Ace Tucker
0x61165C, Palace Maven Spenser
0x6116D4, Arena Tycoon Greta
0x61174C, Metang, Skarmory, Aggron, Metang, Skarmory, Aggron*
0x6117C4, Pike Queen Lucy
0x61183C, Pyramid King Brandon
At each offset is six Pokemon. The first three Pokemon are used in the Silver symbol battle, and the next three Pokemon are used in the Gold symbol battle.
*This is two copies of Steven's team in the Space Center event - as Factory Head Noland uses random Pokemon from the Factory listing, he doesn't get a special team to use.
Battle Pyramid wild spawns:
Spoiler:
The format for the wild spawns is 12 bytes long:
61 01 | 23 | 02 | 56 00/D1 00/E3 00/00 00
1) Species
2) EVs, dictated by the normal Frontier EVing setup
3) ???
4) Movepool
I'm not quite sure what the ?? is, but it's 02 in every wild spawn entry.
Showcased here is a Pluslie with EV investment of HP/ATK/SDEF, and a movepool of Thunder Wave, Spark, and Encore.
As strange as it is to EV in Attack, it was most likely done to keep it from being too "bulky" as EVs in regular Frontier Pokemon are evenly distributed among each stat (in which case this is 170 in each stat, compared to 255 in both HP and SDEF)
The wild spawns themselves are located at 0x6126B0 for Level 50 and 0x612E80 for Open Level. At each offset is a master list of 160 Pokemon broken up into groups of eight, and then twenty pointers respective to which round it is pointing to. The list is virtually identical for Level 50 and Open Level, but the EVs are different in Open Level. A listing of the Pokemon in the Pyramid itself can be found at Bulbapedia, and it generally follows the order that the Pokemon are listed.
I haven't looked at the wild spawns in the Pike yet, but they probably share a similar format to the wilds in the Pyramid. Hopefully this can help out with Frontier hacking.
As for this, now i'm outta time, but i'll try to do something to you. Thing is, there's a routine in the rom, a powerful one, that has ENTIRE access to a pokemon's data, and can change anything about it!
List of things discovered that the routine can change (don't mind the hex numbers):
Spoiler:
0x00 - Pokémon ID
0x01 - Trainer IDs
0x02 - Nickname Max Length 1 (r6 should be the nickname's address)
0x03 - Font / Language
0x04 - Sanity
0x05 - Sanity
0x06 - Sanity
0x07 - OT Name Max Length
0x08 - Marks
0x09 - Checksum
0x0A - Filler
0x0B - Species
0x0C - Held Item
0x0D - Attack 1
0x0E - Attack 2
0x0F - Attack 3
0x10 - Attack 4
0x11 - PP 1
0x12 - PP 2
0x13 - PP 3
0x14 - PP 4
0x15 - PP Bonuses
0x16 - Coolness
0x17 - Beauty
0x18 - Cuteness
0x19 - Exp. Points
0x1A - HP EV
0x1B - Attack EV
0x1C - Defense EV
0x1D - Speed EV
0x1E - Sp. Attack EV
0x1F - Sp. Defense EV
0x20 - Happiness
0x21 - Smartness
0x22 - Pokérus Status
0x23 - Catch Location
0x24 - Catch Level
0x25 -
0x26 - Hometown / Poké Ball / Trainer Gender
0x27 - HP IV
0x28 - Attack IV
0x29 - Defense IV
0x2A - Speed IV
0x2B - Sp. Attack IV
0x2C - Sp. Defense IV
0x2D - IsEgg
0x2E - Ability Bit
0x2F - Toughness
0x30 - Sheen
0x31 - OT Gender
0x32 -
0x33 -
0x34 -
0x35 -
0x36 -
0x37 - Status Ailment
0x38 - Level
0x39 - Current HP
0x3A - Total HP
0x3B - Attack
0x3C - Defense
0x3D - Speed
0x3E - Sp. Attack
0x3F - Sp. Defense
0x43 - Hall Of Fame ribbon
0x50 - Obedience
Well, i explained this in the last post. Its the naming type, which is gonna through r0. But that can be easily changed, i think, so this is the least of our worries.
My main worry is how you're gonna convert the letters bytes into usable codes.
Well, actually that's the routine that retrieves the pokemon data.
The one that i'm talking about is at 804037C, name's 'set_pokemon_data'
Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Well, actually that's the routine that retrieves the pokemon data.
The one that i'm talking about is at 804037C, name's 'set_pokemon_data'
Pass adress at r0, pass index number r1, and the address which is located the data to set at r2. Thats why i was asking you about the stack. Game usually passes SP to R2, and the game uses the data present at the stack.
I updated my DB to include this and an enumeration with all numbers get/set_pokemon_data uses and the pokemon-properties they represent.
I thought this question might just fit in this thread. I've recently
developed a map editor for Red/Blue (out of pure curiousity) and now I've turned my sight for FR/LG. the difference compared to my
previous project though, is that I seem to be unable to find an
in-depth guide/format description of the map structure that LG/FR
uses. Now correct me if I'm wrong but does it not resemble the
format used in ruby/sapphire? At least that's what I've read.
If this statement is true, how close does this format description
match the FR/LG one (since it describes ruby's):
pokecommunity.com/showthread.php?p=6646782
Any hint or help would be greatly appreciated!
(sorry for the feeble reply, written on my cellphone...)
Note: I have tried to search for answers but without succes.
I'm happy to be posting here something that might help someone, actually! But then again, someone probably already posted this somewhere else. v.v
Anyways, in Diego's tutorial, it discusses applymovement, and lists many commands that can be used. It lists from 0x0 up to 0x66, skipping 0x45 and everything from 0x5A to 0x5F. I decided to try every possible byte as an applymovement command, to see if there's anything else besides the listed commands...and there was! I found almost 67 unmentioned movements, and a fair majority of them actually work. Most of these are useful, because they access frames besides the first eight. I'll list the ones not mentioned in the tutorial here...These are for Firered/Leafgreen:
Spoiler:
#raw 0x45 = Walk in place. Direction of walking depends on which way you were facing at time of activation. Loops forever
#raw 0x5A = Look Down
#raw 0x5B = Run in place, downwards. Loops forever. Uses running frames, as opposed to walking frames.
#raw 0x5C = Seemingly Absolutely nothing
#raw 0x5D = Also absolutely nothing
#raw 0x5E = Again, Nothing
#raw 0x5F = Nothing once more.
#raw 0x67 = Nothing.
#raw 0x68 = Face up, and locks movement.
#raw 0x69 = Face up, and locks movement. When used for cut trees and smash rocks, it plays the destruction animation.
#raw 0x6A = Nothing.
#raw 0x6B = Nothing.
#raw 0x6C = Causes person not to flip while moving right, aka Moonwalking.
#raw 0x6D = Nothing.
#raw 0x6E = Walks one tile down, but takes two steps.
#raw 0x6F = Walks one tile down, but takes two steps.
#raw 0x70 = Faces right, then down, very fast.
#raw 0x71 = Faces down, then up, very fast.
#raw 0x72 = Faces up, then left, very fast.
#raw 0x73 = Faces left, then right, very fast.
#raw 0x74 = Runs in place downward, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x75 = Runs in place upward, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x76 = Runs in place left, uses running frames, as opposed to normal
walking frames. Loops forever.
#raw 0x77 = Runs in place right, uses running frames, as opposed to normal walking frames. Loops forever.
#raw 0x78 = Player looks diagonally left and right, twice.
#raw 0x79 = Faces down, Locks movement.
#raw 0x7A = Faces up, and locks movement.
#raw 0x7B = Faces left, locks movement.
#raw 0x7C = Runs and jumps in place, facing down. Uses running frames.
#raw 0x7D = Runs and jumps in place, facing up. Uses running frames
#raw 0x7E = Runs and jumps in place, facing left. Uses running frames.
#raw 0x7F = Runs and jumps in place, facing right. Uses running frames.
#raw 0x80 = Runs and jumps down. Uses running frames.
#raw 0x81 = Runs and jumps up. Uses running frames.
#raw 0x82 = Runs and jumps left. Uses running frames.
#raw 0x83 = Runs and jumps right. Uses running frames.
#raw 0x84 = Runs and jumps down two tiles. Uses running frames.
#raw 0x85 = Runs and jumps up two tiles. Uses running frames.
#raw 0x86 = Runs and jumps left two tiles. Uses running frames.
#raw 0x87 = Runs and jumps right two tiles. uses running frames.
#raw 0x88 = Step on the spot right, then face down.
#raw 0x89 = Step on the spot down, then face up.
#raw 0x8A = Step on the spot up, then face left
#raw 0x8B = Step on the spot left, then face right
#raw 0x8C = Run down. Uses running frames
#raw 0x8D = Run up. Uses running frames
#raw 0x8E = Run left. Uses running frames
#raw 0x8F = Run right. Uses running frames
#raw 0x90 = Slide down, facing right, then faces down.
#raw 0x91 = Slide up, facing down, then faces up.
#raw 0x92 = Slides left, facing up, then faces left.
#raw 0x93 = Slides right, facing left, then faces right.
#raw 0x94 = Spins down. Faces down when completed.
#raw 0x95 = Spins up. Faces up when completed.
#raw 0x96 = Spins left. Faces left when completed.
#raw 0x97 = Spins right. Faces left when completed.
#raw 0x98 = Runs downward, using running frames. Loops forever.
#raw 0x99 = Runs downward in place, and jumps. Repeats once.
#raw 0x9A = Runs downward in place, swaying from side to side slighty. Uses running frames.
#raw 0x9B = Walks downward VERY slowly, taking ten steps to move one tile.
#raw 0x9C = Walks upward VERY slowly.
#raw 0x9D = Walks left VERY slowly.
#raw 0x9E = Walks right VERY slowly.
#raw 0x9F = Looks diagonaly left and right, twice, then faces the same way you started facing.
#raw 0xA0 = Slides down one tile.
#raw 0xA1 = Slides up one tile.
#raw 0xA2 = Slides left one tile.
#raw 0xA3 = Slides right one tile.
#raw 0xA4 = Flies up off the screen, and disappears.
#raw 0xA5 = Flies down from top of screen, and reappears.
#raw 0xA6 = Runs very fast, and jumps down one tile
#raw 0xA7 = Runs very fast, and jumps up one tile
#raw 0xA8 = Runs very fast, and jumps left one tile
#raw 0xA9 = Runs very fast, and jumps right one tile
#raw 0xAA through #raw 0xFD either lock or crash the game.
A note: The ones that say "loop forever" can be un-looped, of course. The commands in question simply won't trigger the "waitmovement" command, so the script is waiting for a movement to end, causing the loop. I'll leave it up to you to figure it out ;)
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.
In order to insert this command, you need to repoint and extend the battle script command table which is at 0x0825011C and add a new entry pointing to the routine I just gave you. If you insert it directly after the end of the table, it will become command 0xF8.
Usage is thus:
Code:
F8 XX XX XX 08
Where XX XX XX 08 is the pointer to the ASM to call + 1 for THUMB mode, or not incremented for ARM mode.
Second up, this is the battle string loader hack I made. It intercepts the "failed" part of the loader. That is, it branches out from what the loader would otherwise consider to be a bad number to load from and skip.
As you can see, it has checks to try and catch a "bad" location given in the RAM location I set aside for the new functionality. All it can catch, sadly, is if you leave the RAM location empty, or if you try to use an invalid ROM location. The rest, I have to leave to the user.
I've written the routine such that it supports 32MB ROMs as well, so you don't have to worry about that either.
To insert the actual routine, navigate to 0xD77BE and change the code to 03 49 08 47, then go to 0xD77CC and change the pointer to the insert location of the routine, plus 1 for THUMB mode of course.
Now, using it. It's as easy as this: Using the storebyte command of the battle script functionality (0x2E), store the bytes of the ROM pointer in little endian ordering, into the RAM address 0x0203C020. Then, you call the battle string printer as such:
Code:
10 84 01 39 40 00
The routines will take care of the rest!
__________________
Hey guys, please check out my recreations of the gen 1 and 2 music on my custom engine at my SoundCloud! - Here!
I think I've found the Battle Pike wilds. I say think, because despite the fact I have edited them in a hex editor (and multiple hex editors showing the changes), I personally can't get any changes to show up in-game. I'm only really posting these because they make sense compared to what's shown on the Bulbapedia page, and maybe somebody else can help out with this to say if they get results, if this is somehow completely wrong, or if it's just VBA getting tired of allowing me to have nice things.
Spoiler:
Pike wilds start at 0x6121D4 for (Level 50?) and 0x612274 for (Open Level?). There are twelve entries followed by four pointers on the first one splitting them into four blocks of three, and then twelve entries followed by six pointers on the second one, the first four pointers splitting the previous twelve entries into four blocks of three and the final two pointing towards the first and second sets of pointers. The format for the wilds itself is a 12 byte data structure:
Displayed is the generic Seviper entry. Its movepool is Toxic, Glare, Body Slam, and Sludge Bomb. I'm not sure what the ??? is, but it's either 04 00 or 05 00, and has been noted in the spawn listing alongside what Bulbapedia states is its spawn rate.
Set one (Rooms 0~280)
Seviper 04 00 26%
Milotic 04 00 26%
Dusclops 05 00 48%
Set two (Rooms 281~560)
Seviper 04 00 26%
Milotic 04 00 26%
Electrode 05 00 48%
Set three (Rooms 561~840)
Seviper 04 00 26%
Milotic 04 00 26%
Breloom 05 00 48%
Set four (Rooms 840+)
Seviper 04 00 26%
Milotic 04 00 26%
Wobbuffet 05 00 48%
Each instance of Seviper and Milotic is its own entry, so they should be customizable to the hacker's whims. The entries in Open Level are the same, but have slightly different movepools.
It'd be nice if these actually were the offsets though, because then after that it's figuring out what determines the Pokemon selected by each facility. Outside of the list being a in a "general sliding scale of difficulty" there's not really much other leads on selection.
Hi there! I was designing a berry tree system for my game (Firered), and while I figured out a way to make a tree give a berry a day, I realized that there was something else in the game that does pretty much the same thing; the regenerating berries in Berry Forest, and regenerating trinkets on treasure beach. Does anyone have any info on these regenerating items, and how I might be able to expand the list to cover all my berry trees? Additionally, does anyone know where I might find the offsets for the flags/variables for hidden items?
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.
I read in the SDAT specs of kiwi.ds that the delay and note length parameters are expressed with a variable anmount of bytes.
But these parameters aren't described and I want to know how these work.
What I noticed so far is that if you have more than one byte, the last byte is positive and the others are negative.
But what do I have to do with these values?
Do I have to read them out in Little Endian or do I have to add all these values?
Hi there! I was designing a berry tree system for my game (Firered), and while I figured out a way to make a tree give a berry a day, I realized that there was something else in the game that does pretty much the same thing; the regenerating berries in Berry Forest, and regenerating trinkets on treasure beach. Does anyone have any info on these regenerating items, and how I might be able to expand the list to cover all my berry trees? Additionally, does anyone know where I might find the offsets for the flags/variables for hidden items?
Well, i only took a quick look into this issue (3 minutes) because i'm very busy now, and i don't want to discourage you, but there's a limit for those items.
The routine at 080CC44C is the one who gets the flag associated with the hidden item, based on Hidden ID + 0x3e8. This means no repoint+add items without overwriting other game flags.
Thats the only thing i found out by now.
Props
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Well, i only took a quick look into this issue (3 minutes) because i'm very busy now, and i don't want to discourage you, but there's a limit for those items.
The routine at 080CC44C is the one who gets the flag associated with the hidden item, based on Hidden ID + 0x3e8. This means no repoint+add items without overwriting other game flags.
Thats the only thing i found out by now.
Props
Well, plan B is to make a script that just clears all the hidden item flags to zero at midnight, which is simple enough. I assume the hidden item flags are stored somewhere in memory, so I'd just have to write 0 to all the bytes I need to clear it out. Does anyone have the offset for this location in the memory?
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.
Well, plan B is to make a script that just clears all the hidden item flags to zero at midnight, which is simple enough. I assume the hidden item flags are stored somewhere in memory, so I'd just have to write 0 to all the bytes I need to clear it out. Does anyone have the offset for this location in the memory?
Well, actually, they are normal flags, like 0x800 etc..., but are Hidden ID + Flag 0x3E8. (E.g: Hidden item 0x10 would be flag 0x3F8. Clear the flag to be able to get the item again)
The script is somewhat easy. There are 0xBE hidden items. Here's a script made now for the purpose:
Code:
#dynamic 0x800000
'----------------
#org @start
setvar 0x8000 0x3E8 'Base flag
setvar 0x8001 0x0 'Counter
goto @loop
#org @loop
compare 0x8001 0xBE
if B_> goto @end
addvar 0x8001 0x1
clearflag 0x8000 ' Clear flag in var 8000
addvar 0x8000 0x1
goto @loop
#org @end
setvar 0x8000 0
setvar 0x8001 0 'Reset vars
release
end
I made this in 5 minutes and didn't test it. Test it and please warn me if there's an inconvenience with this.
(to @redriders180: I saw your PM, i just hadn't the time to answer it because its a little complex for my current time available)
__________________
This signature has been disabled.
over 350px high
Please review and fix the issues by reading the signature rules.
You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.
Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
Well, actually, they are normal flags, like 0x800 etc..., but are Hidden ID + Flag 0x3E8. (E.g: Hidden item 0x10 would be flag 0x3F8. Clear the flag to be able to get the item again)
The script is somewhat easy. There are 0xBE hidden items. Here's a script made now for the purpose:
Code:
#dynamic 0x800000
'----------------
#org @start
setvar 0x8000 0x3E8 'Base flag
setvar 0x8001 0x0 'Counter
goto @loop
#org @loop
compare 0x8001 0xBE
if B_> goto @end
addvar 0x8001 0x1
clearflag 0x8000 ' Clear flag in var 8000
addvar 0x8000 0x1
goto @loop
#org @end
setvar 0x8000 0
setvar 0x8001 0 'Reset vars
release
end
I made this in 5 minutes and didn't test it. Test it and please warn me if there's an inconvenience with this.
(to @redriders180: I saw your PM, i just hadn't the time to answer it because its a little complex for my current time available)
I just tested this, and for some odd reason, it's not working. I activated a hidden item in the usual way, obtained it, and then ran this script via signpost, but I couldn't get the item again. I even expanded it to clear every flag from 0x1 to 0xFFF, but nothing. Am I doing something wrong?
__________________
I think I'm done with ROM hacking. I'll still pop in and visit, though.