Tools, Tutorials & Resources Various tools to help you develop your hacks can be found here.

Thread Tools
Old January 28th, 2011 (12:07 PM). Edited January 29th, 2011 by miksy91.
miksy91's Avatar
miksy91 miksy91 is offline
Dark Energy is back in action! ;)
    Join Date: Oct 2008
    Location: A small country in the North
    Gender: Male
    Posts: 1,439
    The idea of this tutorial is to teach how to really hack a game which isn't that difficult when you first get the hang of it.
    At first, let's start with the basics.

    If you simply know nothing about roms or hex whatsoever, read this tutorial. Besides, while reading this, keep up with what I'm doing with the by using both the ROM and RAM Maps the Hacking Guide.

    What's a game like ?
    Each game consists of two parts: ROM and RAM data.
    Those two are abbreviations from these:
    ROM = Read-Only Memory
    RAM = Random Access Memory

    Read-only memory consists of permanent data and it won't change when the game is run.
    For example: Map data and item effects (how much HP does Potion give)

    Random access memory changes while the game is run.
    For example: How many badges do you have, which items are in your pack and their order, the location where you will start after a save is load etc.

    How to modify these ?
    Hex editors are used to change the ROM data.
    To find the data you wish to edit, you can practically do it by two ways:
    1) Find a documentation of it
    2) Search for the data itself

    1) By taking a look at Koolboyman's Pokemon Gold ROM Map, you can see that the Mart Data is stored between offsets $16342 and $16468.
    By going to offset $16342 with a hex editor, you can change the items sold in marts.

    2) Let's pretend you didn't know that the mart data starts at $16342.
    Now, take a look at this picture: it's of the items sold in Cherrygrove City in the beginning of the game in Pokemon Gold/Silver.

    Now, these three byte lists should come to your mind (maybe others as well).

    1) [WW] [XX] [YY] [ZZ]
    2) [WW] 01 2C [XX] 00 64 [YY] 00 C8 [ZZ] 00 FA
    3) [WW] 2C 01 [XX] 64 00 [YY] C8 00 [ZZ] FA 00, in which WW, XX, YY and ZZ are also bytes.

    These may not make much sense so let's explain it.
    0x12C is a number in hexadecimal system that stands for 300 in decimal,
    0x64 = 100, 0xC8 = 200 and 0xFA = 250.

    Numbers are always in bytes which contain two digits so it's impossible there would be something such as 12C written in the ROM, instead there could be 01 2C (or 2C 01 if the game makers made the game load them that way).

    WW, XX, YY, and ZZ stand for the items itself.
    Now, go to Google and search for Giegue's Master Hacking Guide.
    After you've found it, scroll downwards after you find explanation of the items in G/S/C and you'll find the item numbers for Potion, Antidote, Parlyz Heal and Awakening in there.

    You should come up with this:
    WW (Potion) = 12
    XX (Antidote) = 09
    YY (Parlyz Heal) = 0D
    ZZ (Awakening) = 0C

    Put those bytes in the places of WW, XX, YY and ZZ and you'll get three different possible results for the mart data of Cherrygrove City.
    *The mart data could still be something else from these three if the game makers programmed it so but normally when you get something simple in your mind, the game makers can have programmed it that way.

    1) 12 09 0D 0C
    2) 12 01 2C 09 00 64 0D 00 C8 0C 00 FA
    3) 12 2C 01 09 64 00 0D C8 00 0C FA 00

    Now, open the ROM with a hex editor (in this case, a pokemon gold/silver rom file) and search for those byte sets. If your hex editor doesn't have a "Search" command programmed in it, you should download a better one...

    Anyways, by searching for those byte lists, the first one gives a result and shows you that the offset where bytes 12 09 0D 0C are located, in that order, is at $16343 (the mart data starts at offset $16342).

    At offset $16342 you'll see this:
    04 12 09 0D 0C FF...

    04 and FF actually belong to the mart data of this mart as well.
    By experimenting (or thinking), you'll notice that:
    04 = Number of items sold in that mart
    FF = End of mart data

    So, if you wanted, you could for example change 04 to something else to make the salesman sell more/less items than usually. If done so, you'd also have to move the FF somewhere else though.

    We're still far from the top
    Now, you do understand what hacking is but there is still a lot more to learn. All games are programs. Programs won't work unless they're told what they're supposed to do. In the case above, the mart data was located between offsets $16342 and $16468. Why is the data in there ?

    In case a game has to read data from somewhere, it has to be pointed in there. Games from different game consoles use different kind of pointers.

    For example:
    -GameBoy and GameBoy Color games use "Gameboy Pointers"
    -GameBoyAdvance games use "GBA Pointers"
    -Super Nintendo games use two different kinds of pointers (for both LoROM and HiROM).

    As linking to other sites is not allowed in here (though it would be very helpful), use Google once again to find documentation about pointers.
    -If you're interested in learning how GameBoy Pointers work, look for something like "mew3 inc GB/C pointer".
    -Otherwise, search for "datacrystal pointer" to find data for each of these.

    Let's go back to the mart example again.
    Pointers to mart data are located between offsets $162FE and $16341.
    The pointer table is located in the same bank as the pointed offset, so the pointers are of two bytes.

    The pointers are usually stored in a logical way (first pointer leads to the first mart data and the second pointer to the second). The pointer to the first mart data is at $162FE (which is 42 63).
    42 63 leads to offset $16342 because:

    0x16342 / 0x4000 = 0x5
    0x5 * 4000 = 0x14000
    0x14000 + (42 63) MOD - 0x4000 = 0x14000 + 0x6342 - 0x4000 = 0x16342

    That seems a little complicated at first but if you're ever about to hack a gameboy or gameboy color game, you're going to have to learn it
    Besides, check the tutorial first to understand this way better !

    I think that's enough for the ROM data.
    All you need to know that everything is linked to each other through pointers. For example, the fat man being in Pallet Town is actually quite a complicated process - the game is told to read the event data of the map through a map header. In the event data, lies the information of the person. Then again, where did the map header come from...

    A word or two about RAM
    As explained above, RAM contains only temporary data which changes time after time. For example, money.
    In Gold/Silver, you'll get 3000 money for starting out.
    3000 = 0xBB8 --> 0B B8 (or B8 0B) in bytes.

    So, somewhere in the RAM you should be able to find those bytes.
    You can modify the RAM data with VBA's Memory Viewer.
    It doesn't let you search for anything which is too bad

    Anyways, again a document will help.
    This time, we're going to use Koolboyman's Pokemon Gold RAM Map.
    And according to it, money data is located in D573-D575 in RAM.

    Open Gold/Silver ROM with VBA's Memory Viewer, select 8-bit mode (because one byte consists of eight bits) and go to offset D573.
    It should be like this: 00 0B B8

    By modifying those bytes, the amount of money, you have, will change.
    Also, the maximum amount you can get is 0xFFFFFF = 16 777 215 although the game is programmed to show only up to 9 999 999.
    An ASM code is told to make you unable to get any more money (just like your pokemon can't level up over lv100 although 100 = 0x64 and maximum level is 0xFF = 255). Then again, if money was only a 2-byte value, you could only have 0xFFFF = 65535 money per time.

    I'm done !
    Now, you should know enough for starting out.
    Time to make your own ROM hack - you're more than capable of doing it
    Reply With Quote

    Relevant Advertising!

    Old February 5th, 2011 (12:34 AM).
    samhollick samhollick is offline
      Join Date: Aug 2007
      Posts: 1
      Thanks for the info on pointers :D
      Reply With Quote
      Old February 16th, 2011 (12:59 PM).
      Murdoch_dawn Murdoch_dawn is offline
        Join Date: Feb 2011
        Gender: Male
        Posts: 17
        how do you save hacks? i was messing with a pokemon blue ROM and it says there are errors so i can not save the file
        Reply With Quote
        Old February 18th, 2011 (5:36 PM).
        Civet's Avatar
        Civet Civet is offline
        Civet the Cat
          Join Date: Dec 2010
          Location: England
          Gender: Male
          Posts: 31
          Thanks, that helped a lot! Especially the information on pointers :D
          Reply With Quote
          Old February 23rd, 2011 (6:45 PM). Edited February 23rd, 2011 by flyf123.
          flyf123 flyf123 is offline
            Join Date: Feb 2011
            Gender: Male
            Posts: 2
            what's the offset the next mart? and the next.. and so on?

            i mean all the offsets of all marts in pokemon?

            and by the way.. how do you find the offsets/addresses of the pokemon in the grass patches?

            what's the offset the next mart? and the next.. and so on?

            i mean all the offsets of all marts in pokemon crystal?

            and by the way.. how do you find the offsets/addresses of the pokemon in the grass patches?
            Reply With Quote

            Quick Reply

            Join the conversation!

            Create an account to post a reply in this thread, participate in other discussions, and more!

            Create a PokéCommunity Account

            Sponsored Links
            Thread Tools

            Posting Rules
            You may not post new threads
            You may not post replies
            You may not post attachments
            You may not edit your posts

            BB code is On
            Smilies are On
            [IMG] code is On
            HTML code is Off

            Forum Jump

            All times are GMT -8. The time now is 7:08 AM.