The PokéCommunity Forums  

Go Back   The PokéCommunity Forums > Fan Games > Binary ROM Hacking
Reload this Page Help Thread ASM & Disassembly

Notices
For all updates, view the main page.

Binary ROM Hacking Need a helping hand or just want to talk about binary ROM hacks? Get comments and answers to any ROM Hacking-related problems, questions or thoughts you have here.

Ad Content
Closed Thread
 
Thread Tools
  #351   Link to this post, but load the entire thread.  
Old June 13th, 2015 (8:08 AM).
Touched's Avatar
Touched Touched is offline
Resident ASMAGICIAN
 
Join Date: Jul 2014
Gender: Male
Posts: 625
Quote:
Originally Posted by MadHacker151 View Post
That was a pretty foolish question, the ram or rom question.. Wasn't thinking straight :/ But anyway I tried dereferencing 300500C (at least I think) and it still will not copy it to the offset stated. Well, this is what I have:

Spoiler:
.text
.align 2
.thumb
.thumb_func

main:
push {r0-r2, lr}
ldr r0, .Source
ldr r0, [r0]
ldmia r0!, {r1-r2}
ldr r0, .Dest
stmia r0!, {r1-r2}
pop {r0-r2, pc}


.align 2
.Source:
.word 0x300500C

.Dest:
.word 0x84EE00


As you can see I did what you said by loading r0 again with ldr r0, [r0]. I guess it should copy it to 0x84EE00 (just a test offset I used), do you spot anything thats wrong or anything I'm missing? Sorry for so many questions.. I hope I'm not sounding rude :/ )
Don't worry about asking questions, that's what this thread is for ;)

The problem your destination pointer 0x84EE00. It isn't a pointer at all; that address is invalid. You need some location in the RAM to write to.
__________________

A Pokemon that is discriminated!
Support squirtle and make it everyone's favourite.
  #352   Link to this post, but load the entire thread.  
Old June 13th, 2015 (3:08 PM).
MadHacker151 MadHacker151 is offline
 
Join Date: Jan 2015
Posts: 29
Quote:
Originally Posted by Touched View Post
Don't worry about asking questions, that's what this thread is for ;)

The problem your destination pointer 0x84EE00. It isn't a pointer at all; that address is invalid. You need some location in the RAM to write to.
Oh my god it worked, the data copied to my new location!! I can't you enough Touched, I REALLY appreciate the help!!
  #353   Link to this post, but load the entire thread.  
Old June 15th, 2015 (6:42 AM).
Squeetz's Avatar
Squeetz Squeetz is offline
ROM Hacker
 
Join Date: Jun 2013
Location: Norway
Age: 25
Gender: Male
Nature: Quiet
Posts: 236
Not sure if this is the correct thread to ask this, but it's ASM related either way.
So, I discovered this: http://assembly.ynh.io/
A C/C++ to ASM converter.
Would converting code from C lose out on anything? Is it safe to use? Would I have to edit some of the code after converting it, before inserting the routine?
  #354   Link to this post, but load the entire thread.  
Old June 15th, 2015 (9:43 AM).
Touched's Avatar
Touched Touched is offline
Resident ASMAGICIAN
 
Join Date: Jul 2014
Gender: Male
Posts: 625
Quote:
Originally Posted by Squeetz View Post
Not sure if this is the correct thread to ask this, but it's ASM related either way.
So, I discovered this: http://assembly.ynh.io/
A C/C++ to ASM converter.
Would converting code from C lose out on anything? Is it safe to use? Would I have to edit some of the code after converting it, before inserting the routine?
This "converter" is known as a compiler. GCC (GNU Compiler Collection) is packaged with devkitARM, so you don't need to use an online version. This means that there are a lot of languages that can be compiled to THUMB code. I have used C for a couple of hacking projects; there were a few kinks that needed to be worked out, but it is definitely possible (and often worthwhile). There is a thread somewhere in R&D that uses C. C++ is also possible: Jambo uses C++ for his engine. Again, there are limitations, but it can all be worked around. If you are interested in trying this, you might want to check out my Mega Evolution project on GitHub. It is a good, recent example of how to use C (and mix it with ASM) in FireRed.

Be warned that this won't eliminate your need to understand ASM - you probably need more understanding to work this. You still need ASM to hook, and it is often necessary to be aware of how your C code compiles to ASM.
__________________

A Pokemon that is discriminated!
Support squirtle and make it everyone's favourite.
  #355   Link to this post, but load the entire thread.  
Old June 15th, 2015 (6:13 PM).
Exodrake's Avatar
Exodrake Exodrake is offline
The Manliest Chick that Ever Manlied
 
Join Date: May 2013
Age: 29
Gender: Female
Nature: Quirky
Posts: 163
I made some adjustments to KDS' Freeze-Dry code to make a move that is unnaturally supereffective against my Oil-type (index number is 0x18 in hex). The problem is, now I don't know how to actually implement this code in my game WITH the Freeze-Dry code along with it. I don't want one or the other, I want both.

The only changes I made to the Freeze-Dry codes is I changed cmp r4, #0xB to cmp r4, #0x18, and the move ID to 0x0068 so it will replace Minimize (which I find redundant as Double Team is all I need really). The move will be Water-type which Oil is normally immune to, but the plan is for this move, Soapy Water, to hit Oil supereffectively instead of failing against it. If there's other lines of code I need to change (note that I have the ASM skills of a grapefruit) I really need to know.
__________________

I'M A WITCH THAT'S HOW
  #356   Link to this post, but load the entire thread.  
Old June 16th, 2015 (4:13 AM).
Touched's Avatar
Touched Touched is offline
Resident ASMAGICIAN
 
Join Date: Jul 2014
Gender: Male
Posts: 625
Quote:
Originally Posted by Exodrake View Post
I made some adjustments to KDS' Freeze-Dry code to make a move that is unnaturally supereffective against my Oil-type (index number is 0x18 in hex). The problem is, now I don't know how to actually implement this code in my game WITH the Freeze-Dry code along with it. I don't want one or the other, I want both.

The only changes I made to the Freeze-Dry codes is I changed cmp r4, #0xB to cmp r4, #0x18, and the move ID to 0x0068 so it will replace Minimize (which I find redundant as Double Team is all I need really). The move will be Water-type which Oil is normally immune to, but the plan is for this move, Soapy Water, to hit Oil supereffectively instead of failing against it. If there's other lines of code I need to change (note that I have the ASM skills of a grapefruit) I really need to know.
Looks fine
__________________

A Pokemon that is discriminated!
Support squirtle and make it everyone's favourite.
  #357   Link to this post, but load the entire thread.  
Old June 18th, 2015 (7:37 PM).
Joexv's Avatar
Joexv Joexv is offline
ManMadeOfGouda
joexv.github.io
 
Join Date: Oct 2012
Location: Oregon
Age: 25
Gender: Male
Nature: Sassy
Posts: 1,035
Can someone help me out? This routine is Jpans special 0x64 translated to EM(hopefully). The routine just does nothing, no freeze or nothing.
Spoiler:
.thumb
.align 2


Special_64: push {r1-r4, lr}
ldr r1, var_8004
ldrh r0, [r1,#0x2]
ldrh r1, [r1]
cmp r1, #0xf
beq apply_all

cmp r1, #0x5
bgt end_64

mov r2, #0x64
mul r2, r1
ldr r1, party_status_address
add r1, r2, r1
strb r0, [r1, #0x0]
end_64: pop {r1-r4, pc}

apply_all: mov r2, #0x6
ldr r1, party_status_address
loop: strb r0, [r1, #0x0]
sub r2, #0x1
add r1, #0x64
cmp r2, #0x0
bne loop
pop {r1-r4, pc}
var_8004: .word 0x020270c0
party_status_address: .word 0x0202455C
__________________
New living flesh vessel who dis?
  #358   Link to this post, but load the entire thread.  
Old June 19th, 2015 (4:57 AM).
daniilS's Avatar
daniilS daniilS is offline
busy trying to do stuff not done yet
 
Join Date: Aug 2013
Age: 23
Gender: Male
Posts: 409
Quote:
Originally Posted by joexv View Post
Can someone help me out? This routine is Jpans special 0x64 translated to EM(hopefully). The routine just does nothing, no freeze or nothing.
Spoiler:
.thumb
.align 2


Special_64: push {r1-r4, lr}
ldr r1, var_8004
ldrh r0, [r1,#0x2]
ldrh r1, [r1]
cmp r1, #0xf
beq apply_all

cmp r1, #0x5
bgt end_64

mov r2, #0x64
mul r2, r1
ldr r1, party_status_address
add r1, r2, r1
strb r0, [r1, #0x0]
end_64: pop {r1-r4, pc}

apply_all: mov r2, #0x6
ldr r1, party_status_address
loop: strb r0, [r1, #0x0]
sub r2, #0x1
add r1, #0x64
cmp r2, #0x0
bne loop
pop {r1-r4, pc}
var_8004: .word 0x020270c0
party_status_address: .word 0x0202455C
Have you already tried debugging it?
__________________
  #359   Link to this post, but load the entire thread.  
Old June 19th, 2015 (9:47 AM). Edited June 19th, 2015 by Joexv.
Joexv's Avatar
Joexv Joexv is offline
ManMadeOfGouda
joexv.github.io
 
Join Date: Oct 2012
Location: Oregon
Age: 25
Gender: Male
Nature: Sassy
Posts: 1,035
Quote:
Originally Posted by daniilS View Post
Have you already tried debugging it?
Yea, turns out I just had the wrong variable offset.-.-
But it will only set the Pokemon to sleep, is there something I'm missing in order to no have to worry about the sleep bits? Cause the documentation on that area of the data structure is pretty vague.
Nevermind, I'm stupid.-.-
__________________
New living flesh vessel who dis?
  #360   Link to this post, but load the entire thread.  
Old June 24th, 2015 (2:41 PM).
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
An admittedly newbish question, but I suppose that's what the thread is for: Is it possible to edit the data contained in multichoice boxes dynamically in a script through ASM, or is all this information stored strictly in the ROM and therefore unalterable?
__________________
  #361   Link to this post, but load the entire thread.  
Old June 25th, 2015 (9:26 PM).
Touched's Avatar
Touched Touched is offline
Resident ASMAGICIAN
 
Join Date: Jul 2014
Gender: Male
Posts: 625
Quote:
Originally Posted by colonelsalt View Post
An admittedly newbish question, but I suppose that's what the thread is for: Is it possible to edit the data contained in multichoice boxes dynamically in a script through ASM, or is all this information stored strictly in the ROM and therefore unalterable?
The table for the multichoice boxes is stored in the ROM. However, it is a table of pointers, so you could just point it to a RAM location if you really wanted. Also, it's relatively easy to change the actual command to conditionally load from a RAM location.
__________________

A Pokemon that is discriminated!
Support squirtle and make it everyone's favourite.
  #362   Link to this post, but load the entire thread.  
Old June 26th, 2015 (1:46 AM).
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
Quote:
Originally Posted by Touched View Post
The table for the multichoice boxes is stored in the ROM. However, it is a table of pointers, so you could just point it to a RAM location if you really wanted. Also, it's relatively easy to change the actual command to conditionally load from a RAM location.
Oooh, that is terribly exciting; I figured (from my limited ASM exposure) it was a lost cause -- thanks for clarifying.
  #363   Link to this post, but load the entire thread.  
Old June 26th, 2015 (11:24 AM).
Navenatox's Avatar
Navenatox Navenatox is offline
 
Join Date: Jan 2015
Location: Austria
Age: 28
Gender: Male
Posts: 76
Quote:
Originally Posted by colonelsalt View Post
An admittedly newbish question, but I suppose that's what the thread is for: Is it possible to edit the data contained in multichoice boxes dynamically in a script through ASM, or is all this information stored strictly in the ROM and therefore unalterable?
What may also be of interest to you is that JPAN's hacked engine already has built-in routines for that. The multichoices 0x20-0x25 now point to a free RAM area, all you need to do is pick the right multichoice ID based on how many options you want, and then add the different options by use of setvar, loadpointer and special. For more precise information, you can check out the instruction manual, which is in the same folder as the patch. So if you don't mind using his base, this should be the easiest way for you!
  #364   Link to this post, but load the entire thread.  
Old June 29th, 2015 (5:07 PM).
Lance32497's Avatar
Lance32497 Lance32497 is offline
LanceKoijer of Pokemon_Addicts
 
Join Date: Aug 2014
Location: Criscanto town-Ginoa Region xD
Gender: Male
Nature: Adamant
Posts: 792
Aaaaaahhhhhh!

I tried to make a basic routine that stores a byte in a RAM ADDRESS but I can't get it work,

Spoiler:

.align 2
.thumb
.thumb_func

main:
push {lr}
ldr r0, Ram @loads 0x2b50000 in r0
ldrb r0, [r0] @loads byte of 0x2b50000 in r0
mov r1, #0x1 @mov 0x1 in r1
strb r1, [r0] @stores r1 to r0
pop {pc}

.align 2

Ram
.word 0x2b50000


when I call it in a script, nothing happened, nothing changed in 0x2b50000, didn't freeze the game
__________________
This signature has been disabled.
Scrollbar appears
Please review and fix the issues by reading the signature rules.

You must edit it to meet the limits set by the rules before you may remove the [sig-reason] code from your signature. Removing this tag will re-enable it.

Do not remove the tag until you fix the issues in your signature. You may be infracted for removing this tag if you do not fix the specified issues. Do not use this tag for decoration purposes.
  #365   Link to this post, but load the entire thread.  
Old June 29th, 2015 (8:24 PM).
Q-orca Q-orca is offline
 
Join Date: Sep 2014
Gender: Male
Posts: 23
Quote:
Originally Posted by Lance32497 View Post
Aaaaaahhhhhh!

I tried to make a basic routine that stores a byte in a RAM ADDRESS but I can't get it work,

Spoiler:

.align 2
.thumb
.thumb_func

main:
push {lr}
ldr r0, Ram @loads 0x2b50000 in r0
ldrb r0, [r0] @loads byte of 0x2b50000 in r0 (get rid of this)
mov r1, #0x1 @mov 0x1 in r1
strb r1, [r0] @stores r1 to r0
pop {pc}

.align 2

Ram
.word 0x2b50000


when I call it in a script, nothing happened, nothing changed in 0x2b50000, didn't freeze the game
"ldrb r0, [r0]" overwrites the value in r0.
When storing a value, make sure that you have not set any value in the same register as the one you'll use as the address.
If you're not sure, simply write the address into the register before storing the value.
If you only want to store a byte without bothering the original value, it's useless to load it.
  #366   Link to this post, but load the entire thread.  
Old June 29th, 2015 (11:42 PM).
daniilS's Avatar
daniilS daniilS is offline
busy trying to do stuff not done yet
 
Join Date: Aug 2013
Age: 23
Gender: Male
Posts: 409
Exactly. You don't need the push and pop either because you can just use bx lr at the end.
__________________
  #367   Link to this post, but load the entire thread.  
Old June 30th, 2015 (2:00 AM).
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
So having through some means or another having gotten my hands on a copy of IDA v6.5 and Knizz's FIreRed database, I'm greeted with a prompt that reads: "Sorry, this database has been created by a pirate version of IDA".
What do I make of this? From what I understand, Knizz wrote the newest version of his database for v6.5, but would I be better off trying to load it into an older version to prevent this from happening?
__________________
  #368   Link to this post, but load the entire thread.  
Old June 30th, 2015 (2:02 AM).
daniilS's Avatar
daniilS daniilS is offline
busy trying to do stuff not done yet
 
Join Date: Aug 2013
Age: 23
Gender: Male
Posts: 409
Quote:
Originally Posted by colonelsalt View Post
So having through some means or another having gotten my hands on a copy of IDA v6.5 and Knizz's FIreRed database, I'm greeted with a prompt that reads: "Sorry, this database has been created by a pirate version of IDA".
What do I make of this? From what I understand, Knizz wrote the newest version of his database for v6.5, but would I be better off trying to load it into an older version to prevent this from happening?
Click the link in my sig to join the chat; I'll explain everything there.
__________________
  #369   Link to this post, but load the entire thread.  
Old July 1st, 2015 (2:56 AM).
FamiliaWerneck's Avatar
FamiliaWerneck FamiliaWerneck is offline
 
Join Date: May 2015
Location: São Paulo, Brasil
Gender: Male
Posts: 275
Do you guys use any specific decompiler?
How do you take hex values and make sense out of those?
And how do you debug something?
__________________
My Main Team:


  #370   Link to this post, but load the entire thread.  
Old July 1st, 2015 (3:03 AM).
daniilS's Avatar
daniilS daniilS is offline
busy trying to do stuff not done yet
 
Join Date: Aug 2013
Age: 23
Gender: Male
Posts: 409
ida for disassembling
vba-sdl-h or no$gba for debugging
__________________
  #371   Link to this post, but load the entire thread.  
Old July 1st, 2015 (6:16 AM).
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
How would I go about finding free space in RAM to store temporary values and buffer strings? FBI, for example, references offset 0x02021D18 (location of displayed strings) a number of times in his tutorials as a reliable place to store temporary data because of the "vast amount of free space" there. After poking around with VBA-SDL-H, though, I don't exactly see any strikingly obvious reason why this is the case. Is finding this free RAM space, then, largely a process of trial and error, or are there distinctive patterns one can look for in the code to find suitable locations?
__________________
  #372   Link to this post, but load the entire thread.  
Old July 1st, 2015 (9:39 AM).
daniilS's Avatar
daniilS daniilS is offline
busy trying to do stuff not done yet
 
Join Date: Aug 2013
Age: 23
Gender: Male
Posts: 409
Use malloc
__________________
  #373   Link to this post, but load the entire thread.  
Old July 1st, 2015 (10:14 AM).
Touched's Avatar
Touched Touched is offline
Resident ASMAGICIAN
 
Join Date: Jul 2014
Gender: Male
Posts: 625
Quote:
Originally Posted by colonelsalt View Post
How would I go about finding free space in RAM to store temporary values and buffer strings? FBI, for example, references offset 0x02021D18 (location of displayed strings) a number of times in his tutorials as a reliable place to store temporary data because of the "vast amount of free space" there. After poking around with VBA-SDL-H, though, I don't exactly see any strikingly obvious reason why this is the case. Is finding this free RAM space, then, largely a process of trial and error, or are there distinctive patterns one can look for in the code to find suitable locations?
To expand on daniilS's anwser: You have to be aware that much of the space in EWRAM (0x02000000) is reserved for malloc. If you need a lot of space, you can always just use malloc. You give the function a size and it returns a pointer to some free RAM of the specified size. Remember to use "free" on that pointer when you're done with that memory though!

Otherwise, if you need temporary RAM, just use the stack.
Code:
sub sp, #100
mov r0, sp

@ Have a pointer to 100 bytes of free RAM in r0 for the duration of this function

add sp, #100
If you need it to last a bit longer than that, you can use space that's just overwritten, like the text buffer FBI uses. That is only overwritten when a message is displayed. There are no real techniques for finding stuff like this. It's more of an educated guess, confirmed by debugging. We all knew that the text functions used some RAM to expand strings (when there is a buffer, it needs to change that buffer to actual text before changing each byte to a tile). We also guessed it didn't really matter what was there if the text renderer wasn't running. A quick check in IDA would've confirmed this.

Another technique I use is to find padding bytes. Most memory must be word aligned, so there is often a free hword or byte at the end of structures in the RAM. The IWRAM (0x03000000) isn't used by malloc, so you can just look in IDA for unused RAM there. Unused RAM has no XREFs and is therefore safe. I generally find a free word there, and malloc more space if I need it.

Things you can use (off the top of my head):
  • Banks in scripts (up to four free words until a new script is run)
  • Script variables (especially 0x8000 - 0x800F)
  • Text renderer space
  • Battle struct data (probably overwritten at the start of a battle anyway, up to 0x58 * 4 bytes if this is the case)
  • Other battle structures, see above

Be aware that most times, this memory is temporary. If you need the memory to persist over saves and continues, you'll need to find free save block space. Often, this needs JPANs save block hack. Larger amounts of contiguous space are substantially harder to find.
__________________

A Pokemon that is discriminated!
Support squirtle and make it everyone's favourite.
  #374   Link to this post, but load the entire thread.  
Old July 1st, 2015 (2:07 PM).
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
That's awesome. Thanks for the in-depth reply. Was about to type up a confused post about not getting malloc to work only to realize I derped and forgot to add 1 to the offset when calling the function. As it turns out it works like a charm; so does the stack pointer tip you mentioned-- sweet. I guess this stuff is just the kind of thing you get an intuitive feel for after a while.
__________________
  #375   Link to this post, but load the entire thread.  
Old July 4th, 2015 (1:10 PM). Edited July 4th, 2015 by colonelsalt.
colonelsalt's Avatar
colonelsalt colonelsalt is offline
Guaranteed to raise the smile
 
Join Date: Oct 2012
Location: London
Age: 25
Gender: Male
Nature: Jolly
Posts: 111
So I wrote a routine that hooks from the givepokemon function to allow for the level of the given Pokémon to be loaded from a variable. A quick check in VBA-SDL-H shows that it hooks alright and runs till the end just as it should. Upon trying to return to the givepokemon function again (through a pop {pc}), though, the game begins loading from the BIOS header and, naturally, crashes. JPAN actually mentions this problem as a common pitfall to avoid in his THUMB tutorial, but I can't seem to understand what's causing it to happen here. Something obvious, no doubt.

Here's what my code looks like:
hook @0x0806BFF0:
Spoiler:
Code:
.text
.align 2
.thumb
.thumb_func

main:
	ldr r2, =(0x0880322D)
	bx r2

.align 2

routine @0x0880322C:
Spoiler:
Code:
.text
.align 2
.thumb
.thumb_func
	@hooks from givepokemon function; if Pokémon's level is set to 0xFF in XSE, level is
	@loaded instead from var 0x8001, -3, -5, -7, -9 or -B, according to the player's
	@multichoice selection, and stores it in r1. Proceeds as normal otherwise.

main:
	ldrb r1, [r0, #0x0] @loads level of Pokémon to be given into r1
	cmp r1, #0xFF
	BNE end @jumps to end if Pokémon's level is not 255
	
	push {r0, r3}
	ldr r0, =(0x020370BA) @var 0x8001; contains level of Pkm1
	ldr r2, =(0x20370D0) @LASTRESULT; contains Player's multichoice selection
	ldrb r2, [r2]
	mov r3, #0x0 @initializes iterable
	
loop:
	cmp r2, r3
	BEQ loader
	add r0, #0x4 @moves to location of next variable (containing level of Pkm)
	add r3, #0x1
	b loop
	
loader:
	ldrb r0, [r0]
	mov r1, r0 @stores byte loaded from variable into r1
	pop {r0, r3}
	
end: 
	mov r2, r0 @restores r2 to its original value (pointer to script location)
	
	@original instructions from givepokemon removed for hook:
	mov r9, r1
	add r0, #0x1
	str r0, [r4, #0x8]
	add r0, r4, #0x0
	pop {pc}
.align 2
Closed Thread

Quick Reply

Join the conversation!

Create an account to post a reply in this thread, participate in other discussions, and more!

Create a PokéCommunity Account
Ad Content

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 9:25 AM.