Binary ROM HackingNeed a helping hand or just want to talk about binary ROM hacks? Get comments and answers to any ROM Hacking-related problems, questions or thoughts you have here.
Elow~
I've been reading that little tutorial that miksy91 has given me about reading the changes an IPS patch will do to a ROM. It's pretty helpful, yet I'm confused about something... =/
So basically, the instructions go like this...
Spoiler:
1. Open the .ips file with a hex editor.
2. Proceed to offset 0x5, since the first 5 bytes are just the word PATCH in ASCII.
3. The bytes on offsets 0x5 to 0x7 are the offset to which the data will write the new data to the ROM.
4. After offset 0x7, there are two bytes (offsets 0x8 to 0x9) that will tell us how many bytes the patch will write to the ROM.
5. After offset 0x9 is the data.
Is it safe to assume that after the "data" on number 5 is another offset where the data will once again be written? If that's the case, then I'm really confused about something...
Spoiler:
How in blazes will I know where to start searching next if the number of data that was given is zero? ~_~
Or am I probably doing it wrong? o_O
If you need a good document describing the format, I'd recomment this one. It lays it out quite well. Although in my opinion the format really needs to be expanded so that the offset size is a 32 bit word instead of a 24 bit one so that extended ROMs can be supported.
If you need a good document describing the format, I'd recomment this one. It lays it out quite well. Although in my opinion the format really needs to be expanded so that the offset size is a 32 bit word instead of a 24 bit one so that extended ROMs can be supported.
403 Forbidden on File: 139 =/
Quote:
Originally Posted by itari
You've got it basically right.
There are two ways data is stored in an IPS patch.
The usual:
[offset - 3 bytes] [data length - 2 bytes] [data - n bytes]
And the RLE way:
[offset - 3 bytes] [00 00] [rle length - 2 bytes] [data - 1 byte]
You got the first part right, but the second part is an RLE packet. ;)
Also, remember that all numbers are stored big-endian in an IPS patch.
I've never heard of the RLE way... So, from my screenshot, [13 BA C8] is the offset, some random [00 00], and the [01] meaning the number of bytes of the data to be written, and then [3A] which is the data.
...And after that? [00 6B 0A] is the new offset?
Yes, based on the data, [13 BA C8] is the offset, then [00 00] which means use RLE method, followed by [01 3A] which is the RLE length, and [00] is the data to copy.
So, this means copy the byte 00 0x13A (314) times to the ROM starting at 0x13BAC8.
Yes, based on the data, [13 BA C8] is the offset, then [00 00] which means use RLE method, followed by [01 3A] which is the RLE length, and [00] is the data to copy.
So, this means copy the byte 00 0x13A (314) times to the ROM starting at 0x13BAC8.
The next offset will be [6B 0A 00], etc.
So that's how it works!
Thanks :D
Now I can finally study which offsets a patch will make changes, to see if they'll overwrite some offset I've already used. ^^