Using C language to hack Pokemon (3rd Gen)

[tinix]

Hello everybody,

Today I'm going to share my knowledge about how to use C for hacking pokemon roms instead of ASM.
Ive been polishing this method for last few days.

EDIT 16.8.2011: Added updated useful.h with header guard #define, remove .txt extension to use it

Required Tools & Knowledge
----------------------------

Spoiler:

-Basic Knowledge of C (pointers,control statements,functions,structures) (If you don't know C I recommend this tutorial, you can skip ch9 for our purposes and all you need ends with ch10 https://einstein.drexel.edu/courses/Comp_Phys/General/C_basics/, only flaw is that tutorial is missing structures which I also use, see this one for them https://jan.newmarch.name/OS/l5_2.html)
-Basic Scripting Knowledge
-Know how to use command line (google helps here)
-devkitARM https://sourceforge.net/projects/devkitpro/files/devkitARM/ - install this
-CPKMN.zip file created by me, includes HackMews ASM Compiler package.

Zip file includes code samples used by this tutorial.

Compilation & Usage
------------------------------
EDIT 16.8.2011: Added Optimisation Switches

Spoiler:

To compile your C code into .bin files we will be using arm-eabi-gcc compiler which in default assembles code into GBA/NDS roms.
This is good if you want to make your own GBA/NDS game but not good for what we are doing.
So we will tell compiler to NOT assemble & link files but only do C->ASM conversion.
So instead of using :
arm-eabi-gcc -mthumb -mthumb-interwork -Os -std=c99 %oursource% // std=c99 sets compiler to newest C standard so we can use some C++ style code

we will use:
arm-eabi-gcc -S -mthumb -mthumb-interwork Os -std=c99 -o whatever.asm %oursource% //NOTE: Im not sure if -mthumb -mthumb-interwork is needed here, so I rather left it int, the o switch is there because it defaults to .s extension instead of asm = we would have to rename.

The S switch tells compiler only to change the code into Assembly.
This is where ASM (folder) comes in.

Drag ASM file onto thumb.bat.
Voilà, you have your function compiled into .bin file.

To use it open it in hex editor & copy into free space into your rom.
When using add 1 to offset (so CPU knows it is not ARM code but THUMB) ie. you pasted in into 0x720000, so when you are going to use ie. in script you would write 0x720001.
To use your function in script use callasm 0xyouroffset (DON'T FORGET +1).

That should be all Concerning compilation.

If don't yet understand, don't worry i will show you how to do it with images :)

Action Time 1: Compiling, Using and Explanation of GetPokemonLevel.c
--------------------------------------------------------------------

Spoiler:

NOTE 000: EXAMPLES ARE FOR FIRE RED US V1.0
NOTE 001: Im using LINUX on the images, they serve only for illustration
NOTE 002: Explanation at the end.

Step 1: Compile GetPokemonLevel.c using above command
NOTE 003: if it says unknown command use full path ie. C: \devkitARM\bin\arm-eabi-gcc.exe params

Spoiler:

Step 2: Assemble GetPokemonLevel.asm //or whatever .s/asm file it generated
NOTE 004: If you DIDN'T put -o switch there you need to change file extension from .s to .asm

Step 3: Open GetPokemonLevel.bin & your FR rom with hex editor

Spoiler:

Step 4: Copy Content of GetPokemonLevel.bin to free space on your FR rom (ie. at 0x720000)

Step 5: Insert this script into your rom & assign it to person

#dynamic 0x800000

    #org @start
    lock
    faceplayer
    callasm 0xyouroffset //ie. if you inserted at 0x720000 then this would be 0x720001 
    buffernumber 0x0 lastresult
    msgbox @msg MSG_NORMAL
    release
    end

    #org @msg
    = Hey, that Pokemon's Level is [buffer1]!

Step 6: Talk to that person and see results!

Code Explanation
-------------------------------------

Spoiler:

#include "useful.h"
void GetMaxLvl()
{
   PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
   int* LRESULT = (int*) pLRESULT_FR;
   *LRESULT = pPKMN_DATA->Level;
}

Ok so what this junk does?

Lets go line by line:
----------------------------------------------------------------
PKMN_DATA* pPKMN_DATA = (PKMN_DATA*) pPKMN_FR;
-----------------------------------------------------------------
PKMN_DATA is structure defined in useful.h which holds data about pokemon.

It is defined as follows

typedef char BYTE;

struct PKMN_DATA_S
{
    int  Personality;
    int  OT_ID;
    char Nickname[10];
    short Language;
    char OT_NAME[7];
    BYTE Mark;
    short Checksum;
    short unk1;
    BYTE Data[48];
    int status_aliment;
    BYTE Level;
    BYTE pokerus_rem;
    short CurHP;
    short TotalHP;
    short Att;
    short Def;
    short Speed;
    short SpAtt;
    short SpDef;
};

typedef struct PKMN_DATA_S PKMN_DATA;

Note, that this order CANNOT be changed because this is the order of data in WRAM (now you know why it is pointer).
So to get data about party I initialize pointer with address of first pokemon.
To get next pokemon add 0x64 (100dec) to the address.

----------------------------------------------------
int* LRESULT = (int*) pLRESULT_FR;
----------------------------------------------------
Pointer to LAST_RESULT variable.
TECHNICAL NOTE: Look into useful.h and on this #define, only if you like messing with offsets

----------------------------------------------------
*LRESULT = pPKMN_DATA->Level;
----------------------------------------------------
assign Level property to last result.

Compatibility note: To change addresses for your game change FR into your games name (LG/R/S/E/E_US in PKMN_DATA, RS/E in LRESULT).

Action Time 2: Calling Another Function (ASM or C)
-----------------------------------------------

Spoiler:

I wont explain whole source here only this important bit.

Source itself is well documented ;)

int (*pFunc) ();

This is function pointer. You can only assign functions with same return type and parameters to it.
Normal assignment: pFunc = Function; //this is ok if you are normally linking and compiling
our assignment: pFunc = 0x08ouroffset (+1 one ofc)
You need to change parameters and return type as needed(most ASM functions should have void return).

Compilation Notes: First Compile min_lvl.c then write down its offset and insert it into branch.c at specified place, modify script used in example one with offset of branch.c

Also please note this is only way to link functions together(except for having them in one file)

That should be all regarding C & pokemon games :)
If you have any questions post here.
Do not copy without permission.


Thanks to: HackMew for creating ASM compiler package and bat file

Appendix: Pros and cons (if you think you have more say so in comments)

Spoiler:

Pros:
- much easier than ASM
- no need to mess with registers
- more readable code
Cons:
- A bit larger than your usual ASM routine
- you need to guess types of original game data based on size

 

[Full Metal]

Very nice, I guess I thought the size of the routine would have been much larger from past experience. But with your options it appears as though it does perfectly fine. Props to you, my man. :)

 

[tinix]

Oh, I forgot to attach zip with examples and it was on HDD I reformated >.< . Dont worry i still have files but i need to repack them.

 

[Full Metal]

That would be useful. hahaha. XD { Failolol }

 

[tinix]

Updated, ive noticed that I have forgotten zip just after i clicked submit

 

[ipatix]

I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

 

[tinix]

I have tested it with two C routines(see example two), but i think it should be possible with any ASM routine in rom.

 

[Full Metal]

I''m not the best in C...

So is it possible to call a SWI function or other code from the ROM (for example the script handler)?

__asm{ "MOV r0,24" }
^ Or something to that effect.

 

[tinix]

__asm{ "MOV r0,24" }
^ Or something to that effect.

Why not use function pointer to call other code?
ie.

void (*func) ();
func = 0x8romoffset;
func();

 

[Full Metal]

SWI

SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

 

[Shiny Quagsire]

Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

 

[tinix]

SWI - Soft Ware Interrupt. It does things like force the screen to redraw, etc. There's not really a function for it.

hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.

Yes!! Someone who uses Linux!

Uh, I mean, great tutorial. Seems a bit complicated though, I think I'll stick to ASM. Low-Level is kinda fun, because it poses more of a challenge. Plus you can't hack existing routines with C Code too easily, if at all.

Maybe once I up my C skills, I'll look back into this. :)

Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

 

[Full Metal]

hmmm I, think libgba had function for raising SWI so it could be possible with a bit of work, i might look in it.



Thank you :)
OT: I use linux and windows and my recent windows reinstalling screwed linux so I need to reinstall it >.<

I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\

 

[tinix]

I've actually been wondering -- do you know of any libgba documentation? I looked on devkitpro's site, and couldn't find any. :\

I have also bee looking trought interwebz and didnt find any, maybe you could try trial and error with examples?

 

[Full Metal]

I guess. haha. Not much else choice we have, eh? XD

 

[Giga Universe]

-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O).

-O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)​

For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.
Also, please use include guards on your header, it may help us if we use more than one C file...

 

[tinix]

-mthumb means create THUMB code, not ARM code, which is probably what you want
-mthumb-interwork allows you to create calls between ARM and THUMB code
Just sayin'

I know what they do, also assembler batch file uses these so I left them in, just for compatibilty with batch file.

Also, to account for the size of the assembled C code, that can be fixed with a simple optimisation switch (-O).

-O0 : no optimisation
-O1: optimise
-O2: optimise more
-O3: optimise even more
-Os: optimise for size (This is basically -O2 , but only optimises when it can do so without increasing the physical code size)​

For example, when I compiled and assembled your "GetPokemonLevel.c" the way you did, the output size was 44 bytes. With an optimisation switch the size is 20 bytes.

Well I was thinking about this too and looked into arm-eabi-gcc --help if they are present and I didn't saw them here so I thought they aren't supported.

Also, please use include guards on your header, it may help us if we use more than one C file...

I forgot about this xP

Anyway thanks for noticing, I will edit tutorial accordingly.

EDIT: Updated first post.

 

[Bonnox]

hey, nice tutorial!

I'm REALLY REALLY sorry for updating the thread after such HUGE amount of time, but, you know, bookmarks naturally age ; ) :3c

May I ask some questions, please?
I was wondering if I could use a library, so downloaded libtonc, but couldn't manage to get it working, because it has to be linked, something you definitely do only when compiling a game from scratch.
I tried all sort of things, but didn't work for me.
Do you know a good GBA library to just #include in my C file?
yes, I know that including everything in a single file is bad, but I'm allergic to makefiles and such things :p
If the C file remains short, everything works fine, but I remain limited to very poor things. If I begin to put toghether some H and C files made by me (to try to supply a library) in the main one, it is really probable that everything messes up and the ROM crashes upon calling the routine.
Moreover, the GCC and tge AS are tricking me in some strange ways. >:)

thanks in advance, goodbye ^^

 

[PorygonY]

There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise. As long as you are using one source file only, you should also not be bothering with makefiles.

$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bin

 

[Bonnox]

There unfortunately isn't (at least I assume so) a GBA library that will give you every definition in a single header file, because it's a huge mess design-wise.

so do you know how to link "professional" libraries in our simple C files?

$ gcc file.c -mthumb -Ipath/to/library/headers -o file.o
$ gcc file.o -o asm.bin

i personally use

gcc -S -mthumb -mthumb-interwork -O1 -Wall

and then hackmew's thumb batch.
so, you enlighted me! could I "skip a step" compiling with gcc? it would save me a lot of time, because the assembly output is always really messy, in comparison to what an human would be, so I developed some tools in java to try to patch things up. and I should really try doing so, maybe I will not experiment some of the strange issues GCC and AS are giving me, and MAYBE my naive method of including everything will work! (I doubt, maybe it's my code wrong. may I upload it to ask you to look at it, please?)

thanks, now I will let this topic rest in peace and continue posting on another recent one wich I missed out.

really thankyou, good morning.