Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
1 user currently in Super Mario World hacking: |
Acmlm's Board - I2 Archive - Super Mario World hacking - Now how's that RAT thing work again? | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 3962/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Coulda sworn I had this written down (or in LM's help file ) but I can't seem to remember the RAT tag format. How exactly did that go? [edit] Also how can I JSL to a subroutine that ends with RTS? I know I heard some way to do it by messing with the stack... Putting the code in RAM and using JSR doesn't work, because it just jumps to other parts of RAM. (edited by HyperHacker on 03-28-05 10:07 PM) |
|||
Escherial Shyguy Level: 17 Posts: 88/90 EXP: 20866 For next: 3877 Since: 03-15-04 From: Pasadena, CA Since last post: 202 days Last activity: 38 days |
| ||
Taken from LunarDLL.h, starting at line 1012:The format of a RAT tag is as follows:As far as I know, the only difference between RTS and RTL is that RTL pulls the program bank register value off the stack (that was pushed there by JSL) whereas RTS doesn't. With that in mind, I can't think of any way to have RTS jump back to the right section of code unless you somehow ensure that the PBR gets set to wherever the JSL came from originally, which would obviously require modifying the subroutine in question. Sorry if that's not very helpful, but I can't figure any other way to do it. EDIT: Actually, you'd already be screwed once you pulled the PBR, since you'd then be whisked off to some random point in the bank from which you JSLd. The beauty of RTL is that it changes the program counter and the program bank counter in one fell swoop. So yeah, *shrug*... (edited by Escherial on 03-28-05 11:27 PM) |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 3965/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Ah, so that's where I saw that. Thanks. As for the JSR problem, I found a way: Push the return address manually and jump. Since JMP supports indirect addressing, it fixed some other stuff too. (Has to be done in the same bank, of course, but this allowed small enough code to fit it there.) This is what I used, it won't work in 16-bit mode which I'd like to fix if possible (but probably not). (Put it at 0x3C80 in the ROM, write the address to $06FE, and JSL to it, and you can call code in bank 0 that's supposed to be JSRed to. ) STA $FF ;Unused except between levels LDA #$BA ;Store return address PHA LDA #$8C PHA LDA $FF JMP ($06FE) RTL Now is there a way to swap the bytes of the A register? I need to read a byte in 8-bit mode, make it the high byte of A, read another byte, go to 16-bit and modify them. (Damn fireball code storing low and high bytes at two different places. ) I think I know a way, but I need to sleep. (edited by HyperHacker on 03-28-05 11:51 PM) |
|||
Escherial Shyguy Level: 17 Posts: 89/90 EXP: 20866 For next: 3877 Since: 03-15-04 From: Pasadena, CA Since last post: 202 days Last activity: 38 days |
| ||
Ah, that one's easy: use the "XBA" opcode (hex value: EB). It swaps the bytes of the A register, as you desire. | |||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 289/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
Originally posted by Escherial Sorry if i'm being dumb, but I've missed something. Could you please PM me how to make this work, because I will need to use a RATS tag soon. |
|||
FuSoYa Defender of Relm Level: 26 Posts: 171/255 EXP: 99529 For next: 2746 Since: 03-15-04 From: Moon Since last post: 7 days Last activity: 7 hours |
| ||
Originally posted by HyperHacker There's a few lines of code I use all the time for this. You can run it from any bank, and it only requires finding a single existing 0x6B (RTL) byte within the same bank as the subroutine ending in RTS that you want to call. PHK ;current bank byte for RTL As for RATs, remember that LM uses a slightly older implementation of the RAT system. A tag will only protect data in the same LoROM bank, so it shouldn't be set larger than that. |
|||
Parasyte Bullet Bill Level: 35 Posts: 393/514 EXP: 267348 For next: 12588 Since: 05-25-04 Since last post: 104 days Last activity: 32 days |
| ||
You can also locate (or add) a small routine written specifically for calling subroutines from outside banks. These can usually be found directly before the subroutine they call. They look like this: JSR $subroutine RTL Just JSL to that first instruction. Simple. |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 3966/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
That was basically the idea, but I wanted it to be more universal. I may just use Fu's idea though. This should help a lot, thanks! [edit] Hmm, 'PER fb_return-1' is giving me illegal addressing mode errors. (fb_return is just a few bytes after that.) Also, anyone know an assembler like SNESASM that won't crash when I try to BNE/BEQ/BRA backward, or a way to avoid it? Proper inline hex support (db #$04) and a way to indicate to it that I'm using 16-bit instructions (like switching to 16-bit mode isn't enough ) would be a plus too. It's difficult to use a 16-bit add when it only writes 2 bytes and you can't manually add the third byte to make up for it. (edited by HyperHacker on 03-29-05 04:20 PM) (edited by HyperHacker on 03-29-05 04:31 PM) (edited by HyperHacker on 03-29-05 04:52 PM) |
|||
FuSoYa Defender of Relm Level: 26 Posts: 172/255 EXP: 99529 For next: 2746 Since: 03-15-04 From: Moon Since last post: 7 days Last activity: 7 hours |
| ||
Originally posted by HyperHacker *downloads SNESASM and plays with it a bit* As far as I can tell, this assembler doesn't properly handle using a label with that opcode. Even with values you have to be careful, as it apparently doesn't realize that PER is always a 3 byte instruction. Looks like you'd have to use PER.w #$0007-1, and adjust the value yourself if the number of bytes between PER and "Fake" changes. (edited by FuSoYa on 03-29-05 08:34 PM) |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 3970/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Bah, damn thing. What do you use anyway? | |||
FuSoYa Defender of Relm Level: 26 Posts: 173/255 EXP: 99529 For next: 2746 Since: 03-15-04 From: Moon Since last post: 7 days Last activity: 7 hours |
| ||
I use a 65816 cross assembler by Jeremy Gordon. I've used it since I first started SNES hacking, actually. Problem is, the only compiled version I found on the net back then refused to run in Win9x (had to exit windows entirely). The source is out there, so I recompiled it as a win32 console app. Also had to fix a few rarely used stack opcodes so they'd assemble correctly. Come to think of it, PER was probably one of them. I'd send you a copy to see if it's more to your liking, but the doc with the source seems to prohibit distributing modified binaries/source. *shrugs* |
|||
Juggling Joker Boomerang Brother SMW Hacking Moderator Yeah, JAMH is still being worked on. Level: 48 Posts: 686/1033 EXP: 811447 For next: 12096 Since: 03-15-04 From: Wyoming Since last post: 2 days Last activity: 3 hours |
| ||
Some of us (and obviously Fu is one of these people) actually respect the wishes of fellow programmers. | |||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 311/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
Sorry, I misunderstood what he was saying *deletes post* |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Super Mario World hacking - Now how's that RAT thing work again? | | | |