(Link to AcmlmWiki) Offline: thank ||bass
Register | Login
Views: 13,040,846
Main | Memberlist | Active users | Calendar | Chat | Online users
Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album
06-16-24 06:26 PM
0 users currently in ROM Hacking.
Acmlm's Board - I3 Archive - ROM Hacking - Advance Wars - where does it get 'em from? New poll | |
Add to favorites | Next newer thread | Next older thread
User Post
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-26-05 04:01 PM Link | Quote
0x0201621A

That's a full copy of the currently shown map in Advance Wars 1. If you edit it in VBA's memory viewer, you'll notice the changes soon enough.

Took me long enough to find this. Decided to just export about 16 megs starting with 0x02000000. Then I found it, eventually, in TMV.

But this is only half the battle. It doesn't seem to be in the ROM as-is, and an SWI log shows no activity in that area of RAM.

Any suggestions?
Squash Monster

Bouncy


 





Since: 11-18-05
From: Right next to myself.

Last post: 6335 days
Last view: 6329 days
Posted on 12-26-05 06:15 PM Link | Quote
Since the two are so similar to eachother in other respects, do you think it could be using the same compression as Fire Emblem?

In FE, there was a flag byte every 8 tiles. It used the first bit of the byte on the first tile, the second on the second, and so on. If the bit was 0, it treated it normally. If the bit was 1, it was a compressed portion. The compressed portion consisted of a number of bytes backwards and a number of bytes to copy. I think it said that in three bytes, but I don't really remember it too well.

The aggrivating part, so I found, was that it started the compression in the header, not in the map.


If it's using that compression, you should be able to find where your level data is in the ROM by searching for the first few tiles of the memory version, before the compression could actually do something, just put a wildcard byte in once every eight tiles.

Of course, the flag byte could be in one of eight different places. I recomend starting with the place it ends up if there's two tiles before the flag, as I'm pretty sure that's where it worked out in FE.
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-26-05 06:24 PM Link | Quote
In searching for the ROM version of "Brace Range" I had about ~20 hits for 87 00 21 00, which is the tree in the top left corner and it's shadow. Any more bytes would give zero results. I too have noticed the similarities between AW and FE, so I'll study each of these hits more carefully, knowing that there's a strip of empty ground right after that tree.

In memory, the first few tiles of Brace Range are 87 00 21 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 02 00 02 00 21 00 01 00 01 00 01 00, where 87 is a tree, 21 is a shadow, 01 is the ground and 02 is a small mountain. Therefore, if your theory is correct, only that tree and it's shadow should indeed be findable as-is.

I need a more unique structure ;;
labmaster

Red Paragoomba


 





Since: 11-18-05
From: Away for exams, back mid-December.

Last post: 6403 days
Last view: 6333 days
Posted on 12-26-05 06:36 PM Link | Quote
Gah, why are we doing this the hard way?


Breakpoint (on write) address 0201621a old:0000 new:002a
R00=0201621a R04=0000002a R08=00000000 R12=03004228
R01=00000000 R05=00000000 R09=00000001 R13=03007b2c
R02=020157f8 R06=08282c28 R10=08282c28 R14=0801f1bb
R03=02019e7a R07=00000a22 R11=00000000 R15=0801f204
CPSR=0000003f (......T Mode: 1f)
0801f202 881b ldrh r3, [r3, #0x0]
debugger>

0801f150 b5f0 push {r4-r7,lr}
0801f152 4657 mov r7, r10
0801f154 464e mov r6, r9
0801f156 4645 mov r5, r8
0801f158 b4e0 push {r5-r7}
0801f15a b081 add sp, -#0x4
0801f15c 1c05 add r5, r0, #0x0
0801f15e 38a4 sub r0, #0xa4
0801f160 280b cmp r0, #0xb
0801f162 d803 bhi $0801f16c
0801f164 1c28 add r0, r5, #0x0
0801f166 f000 bl $0801f260
0801f16a e061 b $0801f230
0801f16c 042d lsl r5, r5, #0x10
0801f16e 0c2d lsr r5, r5, #0x10
0801f170 1c28 add r0, r5, #0x0
0801f172 f003 bl $08022614
0801f176 4e32 ldr r6, [$0801f240] (=$08282c28)
0801f178 6834 ldr r4, [r6, #0x0]
0801f17a 4f32 ldr r7, [$0801f244] (=$03004228)
0801f17c 683a ldr r2, [r7, #0x0]
0801f17e 8811 ldrh r1, [r2, #0x0]
0801f180 2000 mov r0, #0x0
0801f182 8021 strh r1, [r4, #0x0]
0801f184 8851 ldrh r1, [r2, #0x2]
0801f186 8061 strh r1, [r4, #0x2]
0801f188 80a0 strh r0, [r4, #0x4]
0801f18a 80e0 strh r0, [r4, #0x6]
0801f18c 8120 strh r0, [r4, #0x8]
0801f18e 8160 strh r0, [r4, #0xa]
0801f190 81a0 strh r0, [r4, #0xc]
0801f192 81e0 strh r0, [r4, #0xe]
0801f194 8220 strh r0, [r4, #0x10]
0801f196 482c ldr r0, [$0801f248] (=$00004722)
0801f198 1824 add r4, r4, r0
0801f19a 1c28 add r0, r5, #0x0
0801f19c f003 bl $08022824
0801f1a0 1c01 add r1, r0, #0x0
0801f1a2 1c20 add r0, r4, #0x0
0801f1a4 f01f bl $0803f094
0801f1a8 1c28 add r0, r5, #0x0
0801f1aa f003 bl $080227e8
0801f1ae 6831 ldr r1, [r6, #0x0]
0801f1b0 4a26 ldr r2, [$0801f24c] (=$0000473b)
0801f1b2 1889 add r1, r1, r2
0801f1b4 7008 strb r0, [r1, #0x0]
0801f1b6 f7ff bl $0801f114
0801f1ba 2100 mov r1, #0x0
0801f1bc 6830 ldr r0, [r6, #0x0]
0801f1be 8840 ldrh r0, [r0, #0x2]
0801f1c0 4281 cmp r1, r0
0801f1c2 da33 bge $0801f22c
0801f1c4 46b2 mov r10, r6
0801f1c6 2500 mov r5, #0x0
0801f1c8 4654 mov r4, r10
0801f1ca 6820 ldr r0, [r4, #0x0]
0801f1cc 1c4f add r7, r1, #0x1
0801f1ce 46b9 mov r9, r7
0801f1d0 8800 ldrh r0, [r0, #0x0]
0801f1d2 4285 cmp r5, r0
0801f1d4 da24 bge $0801f220
0801f1d6 4e1a ldr r6, [$0801f240] (=$08282c28)
0801f1d8 0049 lsl r1, r1, #0x01
0801f1da 4688 mov r8, r1
0801f1dc 4819 ldr r0, [$0801f244] (=$03004228)
0801f1de 4684 mov r12, r0
0801f1e0 491b ldr r1, [$0801f250] (=$08282c34)
0801f1e2 9100 str r1, [sp, #0x0]
0801f1e4 4662 mov r2, r12
0801f1e6 6810 ldr r0, [r2, #0x0]
0801f1e8 6832 ldr r2, [r6, #0x0]
0801f1ea 4c1a ldr r4, [$0801f254] (=$00004682)
0801f1ec 1913 add r3, r2, r4
0801f1ee 4443 add r3, r8
0801f1f0 881f ldrh r7, [r3, #0x0]
0801f1f2 1979 add r1, r7, r5
0801f1f4 0049 lsl r1, r1, #0x01
0801f1f6 1840 add r0, r0, r1
0801f1f8 8884 ldrh r4, [r0, #0x4]
0801f1fa 4f17 ldr r7, [$0801f258] (=$00000a22)
0801f1fc 19d0 add r0, r2, r7
0801f1fe 1840 add r0, r0, r1
0801f200 8004 strh r4, [r0, #0x0]
0801f202 881b ldrh r3, [r3, #0x0]
0801f204 1958 add r0, r3, r5
0801f206 4915 ldr r1, [$0801f25c] (=$00001432)
0801f208 1852 add r2, r2, r1
0801f20a 1812 add r2, r2, r0
0801f20c 9f00 ldr r7, [sp, #0x0]
0801f20e 6838 ldr r0, [r7, #0x0]
0801f210 1900 add r0, r0, r4
0801f212 7800 ldrb r0, [r0, #0x0]
0801f214 7010 strb r0, [r2, #0x0]
0801f216 3501 add r5, #0x1
0801f218 6830 ldr r0, [r6, #0x0]
0801f21a 8800 ldrh r0, [r0, #0x0]
0801f21c 4285 cmp r5, r0
0801f21e dbe1 blt $0801f1e4
0801f220 4649 mov r1, r9
0801f222 4652 mov r2, r10
0801f224 6810 ldr r0, [r2, #0x0]
0801f226 8840 ldrh r0, [r0, #0x2]
0801f228 4281 cmp r1, r0
0801f22a dbcc blt $0801f1c6
0801f22c f003 bl $08022678
0801f230 b001 add sp, #0x4
0801f232 bc38 pop {r3-r5}
0801f234 4698 mov r8, r3
0801f236 46a1 mov r9, r4
0801f238 46aa mov r10, r5
0801f23a bcf0 pop {r4-r7}
0801f23c bc01 pop {r0}
0801f23e 4700 bx r0


Might whip out IDA and take a closer look at this sucker later.


Edit: Okay, most of the stuff above is useless. Actually, all of it really.

The game does indeed use a BIOS Decompression function, LZ77UnCompWram to be precise. You probably didn't catch it because it gets decompressed to 02008012 first, before being copied over (part of the function above does this).


(edited by labmaster on 12-26-05 05:37 PM)
(edited by labmaster on 12-26-05 06:44 PM)
Kyoufu Kawa
Intends to keep Rom Hacking in one piece until the end








Since: 11-18-05
From: Catgirl Central Station

Last post: 6327 days
Last view: 6327 days
Posted on 12-27-05 07:57 AM Link | Quote
A!

How interesting. I still have the SWI log...
Add to favorites | Next newer thread | Next older thread
Acmlm's Board - I3 Archive - ROM Hacking - Advance Wars - where does it get 'em from? |


ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.014 seconds; used 378.16 kB (max 458.40 kB)