• Just a reminder that providing specifics on, sharing links to, or naming websites where ROMs can be accessed is against the rules. If your post has any of this information it will be removed.
  • Ever thought it'd be cool to have your art, writing, or challenge runs featured on PokéCommunity? Click here for info - we'd love to spotlight your work!
  • Which Pokémon Masters protagonist do you like most? Let us know by casting a vote in our Masters favorite protagonist poll here!
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.
    Register

ASM Hackers...

Darthatron

巨大なトロール。
    • 1,152
    Posts
    19
    Years
    What method do you all use in order to locate images/tilemaps written to the VRAM in the ROM? I've tried everything I can think of, and each time it's just lead to rage-quits (but not really)... So... Help?

    I attempted setting a break point on any writes to the VRAM, but it didn't work.

    Discuss?
     
    Moving this to R&D...

    I have a general method that I use which works most of the time. I've considered writing a tutorial detailing it but ah, there's never enough free time. Anyway, first I open the ROM with VBA-H and use its logging capability to track calls of DMA3 and SWI and then search through the results for the address I'm looking for. The good thing about this is that it also catches the decompression of any data which comes in handy for a lot of graphics in particular. If I don't see the address in the log file, then I fire up VBA-SDL-H and put a breakpoint on the address of the image/tilemap in the VRAM. This allows me to see exactly what's going on when the game writes to the VRAM. If the game breaks on a SWI call, then I can check the registers (r0 usually has the source) to find where the data is located in the ROM. If the game breaks on something like "str r0, [r7, #0x00]" and r7 contains an I/O Register address ('0x0400:0XXX'), then it's probably utilizing one of the DMAs. And if it's just a "str/b/h" or "stmia" instruction, then you'll have to decompile some routines to trace where the data is being read from, which, admittedly, can be a very tedious process.

    Also, some of the time (I see this more with compressed data), the game copies the image into the WRAM and from there copies it to the VRAM. I'm assuming this has something to do with with buses and all that technical, hardware stuff that I don't understand.
     
    I'm shocked that I never thought of that... That's a very good way of doing it, kudos. :) I just followed your method and found exactly what I was looking for. :D

    Anyone else have different ways, for future reference??
     
    [uncompressed only]
    1.finf gfx memory [use oam/tile/sprite viewer]
    2. dump a few bytes and search w/ hexeditor.
    :]
     
    ZodiacDaGreat said:
    Add onto Full Metal's way. But can also work for Compressed ;) Look for the address using the viewers, dump like approximate size and then compressed it with a tool and then search XD
    Click to expand...

    Yeah, that's what I used to do. xD I just always assumed there was a better way.
     
    I set address=byte breakpoints and backtrace until I get a source address that's in the ROM. If the data is copied using DMA you can just peek at the DMA I/O ports and see what the source address is. Normal break-on-write breakpoints often don't work on VRAM because it's filled either through DMA or Cpu(Fast)Set.
     
    You must log in or register to reply here.
    Back
    Top