(Link to AcmlmWiki) Offline: thank ||bass
Register | Login
Views: 13,040,846
 Main | Memberlist | Active users | Calendar | Chat | Online users
Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album 		06-16-24 06:26 PM
0 users currently in ROM Hacking.
Acmlm's Board - I3 Archive - ROM Hacking - Advance Wars - where does it get 'em from? New poll | |
Add to favorites | Next newer thread | Next older thread
User Post
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-26-05 04:01 PM Link | Quote
0x0201621A

That's a full copy of the currently shown map in Advance Wars 1. If you edit it in VBA's memory viewer, you'll notice the changes soon enough.

Took me long enough to find this. Decided to just export about 16 megs starting with 0x02000000. Then I found it, eventually, in TMV.

But this is only half the battle. It doesn't seem to be in the ROM as-is, and an SWI log shows no activity in that area of RAM.

Any suggestions?
Squash Monster

Bouncy


 





Since: 11-18-05
From: Right next to myself.

Last post: 6335 days
Last view: 6329 days
Posted on 12-26-05 06:15 PM Link | Quote
Since the two are so similar to eachother in other respects, do you think it could be using the same compression as Fire Emblem?

In FE, there was a flag byte every 8 tiles. It used the first bit of the byte on the first tile, the second on the second, and so on. If the bit was 0, it treated it normally. If the bit was 1, it was a compressed portion. The compressed portion consisted of a number of bytes backwards and a number of bytes to copy. I think it said that in three bytes, but I don't really remember it too well.

The aggrivating part, so I found, was that it started the compression in the header, not in the map.


If it's using that compression, you should be able to find where your level data is in the ROM by searching for the first few tiles of the memory version, before the compression could actually do something, just put a wildcard byte in once every eight tiles.

Of course, the flag byte could be in one of eight different places. I recomend starting with the place it ends up if there's two tiles before the flag, as I'm pretty sure that's where it worked out in FE.
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-26-05 06:24 PM Link | Quote
In searching for the ROM version of "Brace Range" I had about ~20 hits for 87 00 21 00, which is the tree in the top left corner and it's shadow. Any more bytes would give zero results. I too have noticed the similarities between AW and FE, so I'll study each of these hits more carefully, knowing that there's a strip of empty ground right after that tree.

In memory, the first few tiles of Brace Range are 87 00 21 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 02 00 02 00 21 00 01 00 01 00 01 00, where 87 is a tree, 21 is a shadow, 01 is the ground and 02 is a small mountain. Therefore, if your theory is correct, only that tree and it's shadow should indeed be findable as-is.

I need a more unique structure ;;
labmaster

Red Paragoomba


 





Since: 11-18-05
From: Away for exams, back mid-December.

Last post: 6403 days
Last view: 6333 days
Posted on 12-26-05 06:36 PM Link | Quote
Gah, why are we doing this the hard way? 


Breakpoint (on write) address 0201621a old:0000 new:002a

R00=0201621a R04=0000002a R08=00000000 R12=03004228

R01=00000000 R05=00000000 R09=00000001 R13=03007b2c

R02=020157f8 R06=08282c28 R10=08282c28 R14=0801f1bb

R03=02019e7a R07=00000a22 R11=00000000 R15=0801f204

CPSR=0000003f (......T Mode: 1f)

0801f202  881b ldrh r3, [r3, #0x0]

debugger>



0801f150  b5f0 push {r4-r7,lr}

0801f152  4657 mov r7, r10

0801f154  464e mov r6, r9

0801f156  4645 mov r5, r8

0801f158  b4e0 push {r5-r7}

0801f15a  b081 add sp, -#0x4

0801f15c  1c05 add r5, r0, #0x0

0801f15e  38a4 sub r0, #0xa4

0801f160  280b cmp r0, #0xb

0801f162  d803 bhi $0801f16c

0801f164  1c28 add r0, r5, #0x0

0801f166  f000 bl $0801f260

0801f16a  e061 b $0801f230

0801f16c  042d lsl r5, r5, #0x10

0801f16e  0c2d lsr r5, r5, #0x10

0801f170  1c28 add r0, r5, #0x0

0801f172  f003 bl $08022614

0801f176  4e32 ldr r6, [$0801f240] (=$08282c28)

0801f178  6834 ldr r4, [r6, #0x0]

0801f17a  4f32 ldr r7, [$0801f244] (=$03004228)

0801f17c  683a ldr r2, [r7, #0x0]

0801f17e  8811 ldrh r1, [r2, #0x0]

0801f180  2000 mov r0, #0x0

0801f182  8021 strh r1, [r4, #0x0]

0801f184  8851 ldrh r1, [r2, #0x2]

0801f186  8061 strh r1, [r4, #0x2]

0801f188  80a0 strh r0, [r4, #0x4]

0801f18a  80e0 strh r0, [r4, #0x6]

0801f18c  8120 strh r0, [r4, #0x8]

0801f18e  8160 strh r0, [r4, #0xa]

0801f190  81a0 strh r0, [r4, #0xc]

0801f192  81e0 strh r0, [r4, #0xe]

0801f194  8220 strh r0, [r4, #0x10]

0801f196  482c ldr r0, [$0801f248] (=$00004722)

0801f198  1824 add r4, r4, r0

0801f19a  1c28 add r0, r5, #0x0

0801f19c  f003 bl $08022824

0801f1a0  1c01 add r1, r0, #0x0

0801f1a2  1c20 add r0, r4, #0x0

0801f1a4  f01f bl $0803f094

0801f1a8  1c28 add r0, r5, #0x0

0801f1aa  f003 bl $080227e8

0801f1ae  6831 ldr r1, [r6, #0x0]

0801f1b0  4a26 ldr r2, [$0801f24c] (=$0000473b)

0801f1b2  1889 add r1, r1, r2

0801f1b4  7008 strb r0, [r1, #0x0]

0801f1b6  f7ff bl $0801f114

0801f1ba  2100 mov r1, #0x0

0801f1bc  6830 ldr r0, [r6, #0x0]

0801f1be  8840 ldrh r0, [r0, #0x2]

0801f1c0  4281 cmp r1, r0

0801f1c2  da33 bge $0801f22c

0801f1c4  46b2 mov r10, r6

0801f1c6  2500 mov r5, #0x0

0801f1c8  4654 mov r4, r10

0801f1ca  6820 ldr r0, [r4, #0x0]

0801f1cc  1c4f add r7, r1, #0x1

0801f1ce  46b9 mov r9, r7

0801f1d0  8800 ldrh r0, [r0, #0x0]

0801f1d2  4285 cmp r5, r0

0801f1d4  da24 bge $0801f220

0801f1d6  4e1a ldr r6, [$0801f240] (=$08282c28)

0801f1d8  0049 lsl r1, r1, #0x01

0801f1da  4688 mov r8, r1

0801f1dc  4819 ldr r0, [$0801f244] (=$03004228)

0801f1de  4684 mov r12, r0

0801f1e0  491b ldr r1, [$0801f250] (=$08282c34)

0801f1e2  9100 str r1, [sp, #0x0]

0801f1e4  4662 mov r2, r12

0801f1e6  6810 ldr r0, [r2, #0x0]

0801f1e8  6832 ldr r2, [r6, #0x0]

0801f1ea  4c1a ldr r4, [$0801f254] (=$00004682)

0801f1ec  1913 add r3, r2, r4

0801f1ee  4443 add r3, r8

0801f1f0  881f ldrh r7, [r3, #0x0]

0801f1f2  1979 add r1, r7, r5

0801f1f4  0049 lsl r1, r1, #0x01

0801f1f6  1840 add r0, r0, r1

0801f1f8  8884 ldrh r4, [r0, #0x4]

0801f1fa  4f17 ldr r7, [$0801f258] (=$00000a22)

0801f1fc  19d0 add r0, r2, r7

0801f1fe  1840 add r0, r0, r1

0801f200  8004 strh r4, [r0, #0x0]

0801f202  881b ldrh r3, [r3, #0x0]

0801f204  1958 add r0, r3, r5

0801f206  4915 ldr r1, [$0801f25c] (=$00001432)

0801f208  1852 add r2, r2, r1

0801f20a  1812 add r2, r2, r0

0801f20c  9f00 ldr r7, [sp, #0x0]

0801f20e  6838 ldr r0, [r7, #0x0]

0801f210  1900 add r0, r0, r4

0801f212  7800 ldrb r0, [r0, #0x0]

0801f214  7010 strb r0, [r2, #0x0]

0801f216  3501 add r5, #0x1

0801f218  6830 ldr r0, [r6, #0x0]

0801f21a  8800 ldrh r0, [r0, #0x0]

0801f21c  4285 cmp r5, r0

0801f21e  dbe1 blt $0801f1e4

0801f220  4649 mov r1, r9

0801f222  4652 mov r2, r10

0801f224  6810 ldr r0, [r2, #0x0]

0801f226  8840 ldrh r0, [r0, #0x2]

0801f228  4281 cmp r1, r0

0801f22a  dbcc blt $0801f1c6

0801f22c  f003 bl $08022678

0801f230  b001 add sp, #0x4

0801f232  bc38 pop {r3-r5}

0801f234  4698 mov r8, r3

0801f236  46a1 mov r9, r4

0801f238  46aa mov r10, r5

0801f23a  bcf0 pop {r4-r7}

0801f23c  bc01 pop {r0}

0801f23e  4700 bx r0


Might whip out IDA and take a closer look at this sucker later.


Edit: Okay, most of the stuff above is useless. Actually, all of it really.

The game does indeed use a BIOS Decompression function, LZ77UnCompWram to be precise. You probably didn't catch it because it gets decompressed to 02008012 first, before being copied over (part of the function above does this).

(edited by labmaster on 12-26-05 05:37 PM)
(edited by labmaster on 12-26-05 06:44 PM)
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-27-05 07:57 AM Link | Quote
A!

How interesting. I still have the SWI log...
Add to favorites | Next newer thread | Next older thread
Acmlm's Board - I3 Archive - ROM Hacking - Advance Wars - where does it get 'em from? |


ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.014 seconds; used 378.16 kB (max 458.40 kB)