Points of Required Attention™
Smaghetti, a new Super Mario Advance 4 editor, is currently in development! Check out the thread HERE!

Please chime in on a proposed restructuring of the ROM hacking sections.
Views: 88,316,932
Main | FAQ | Uploader | IRC chat | Radio | Memberlist | Active users | Latest posts | Calendar | Stats | Online users | Search 03-29-24 08:43 AM
Guest: Register | Login

0 users currently in ROM Hacking | 6 guests | 1 bot

Main - ROM Hacking - finding pointers New thread | New reply


cherrysa23
Posted on 07-30-11 09:38 PM Link | Quote | ID: 145583

Newcomer
Level: 5

Posts: 1/3
EXP: 353
Next: 176

Since: 07-30-11

Last post: 4624 days
Last view: 4622 days
hi!


I have a simple general question. I'm used to hack ASM, I know how to interpret them. However, I never knew how to find a data. Example : I'm hacking pokemon, and I know where is the pokedex data, and I want to know where is the pointer which points to the pokedex data. How do you find something like this? Or if anyone knows of a tutorial explaining it?

Another thing, I found the pokedex datas, but I don't know how to find datas in general, for example, if I'd like to find where are stored the attack of the pokemon, how could I find it? I already havep rograms ot edit it, but I want to learn more...

Kawa
Posted on 07-30-11 09:41 PM Link | Quote | ID: 145584


CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 4997/5344
EXP: 30875624
Next: 787357

Since: 02-20-07
From: The Netherlands

Last post: 4470 days
Last view: 2605 days
You say Pokémon, but which one?

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks — byuu

blackhole89
Posted on 07-30-11 09:50 PM Link | Quote | ID: 145585


The Guardian
Moloch whose eyes are a thousand blind windows!
Level: 124

Posts: 3763/4196
EXP: 21484771
Next: 351830

Since: 02-19-07
From: Ithaca, NY, US

Last post: 443 days
Last view: 56 days



There is nothing that says there must be one unique pointer to it. It's entirely plausible that several pieces of code access that data, each of them having their own hardcoded pointers to where the blocks begin.

Anyway, the generally correct way would be to find out what the starting location of the data you found in the actual ROM address space is and then scan the code for references to that address.

____________________



Kawa
Posted on 07-30-11 09:58 PM Link | Quote | ID: 145586


CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 4998/5344
EXP: 30875624
Next: 787357

Since: 02-20-07
From: The Netherlands

Last post: 4470 days
Last view: 2605 days
On the GBA, the above process is easy.

If the data you found is at, say, location 0x2B1CDC, you swap each two-digit pair: "2B,1C,DC" becomes "DC,1C,2B". Add a "08" in the back to get "DC1C2B08". That, you can look for.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks — byuu

cherrysa23
Posted on 07-31-11 01:31 AM Link | Quote | ID: 145587

Newcomer
Level: 5

Posts: 2/3
EXP: 353
Next: 176

Since: 07-30-11

Last post: 4624 days
Last view: 4622 days
thx to both for the answer!

may I ask what means 08? in the gba commands?

also, is there a way to know when a certain part of the rom data is read? for example if I know from 05A50 there is a data, is there a way to know when this section is read? I means from the ROM, not from the RAM (for which I would need a debugger breakpoint)

Kawa
Posted on 07-31-11 10:42 AM Link | Quote | ID: 145595


CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 5000/5344
EXP: 30875624
Next: 787357

Since: 02-20-07
From: The Netherlands

Last post: 4470 days
Last view: 2605 days
08 is the bank part of the pointer. It's not a command.

Your ROM file is mapped into the GBA's memory at 0x08000000, so to refer to file offset 0x123456, the game must refer to memory offset 0x08123456 instead. Since the GBA and PC are both in little endian byte order, the least significant byte (0x56) goes first. On a Motorola and other big endian systems, 0x08123456 would be stored literally as the byte sequence 08 12 34 56, but on the PC and GBA, it's stored as 56 34 12 08.

What usually happens is that the game will load some offset into a register (ldr r4, =0x8341520 for example), then use that register somehow. For example, to load the second 32-bit value from file offset 0x341520:
ldr r0, =0x8341520 ; Mind the bank offset!
ldrh r1, [r0, 1] ; Load the 2nd 16-bit value from there.
; r1 is now the value at 0x341522, perhaps... 0x00000100?

This is basically equivalent to r2 = r1[1]; in C, if you named your variables after registers. One way to get this effect in a practical example:
const short lut[] = { 0x0000, 0x0100, 0x1200 ...
short value = lut[1];

Just image lut[] ended up stored at file offset 0x341520.

TL;DR: look for ldr commands. I suggest you get a copy of IDA, get to know it, and use that.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks — byuu

cherrysa23
Posted on 07-31-11 06:42 PM Link | Quote | ID: 145601

Newcomer
Level: 5

Posts: 3/3
EXP: 353
Next: 176

Since: 07-30-11

Last post: 4624 days
Last view: 4622 days
thx a lot for the answer! I'm gonna look for it

Main - ROM Hacking - finding pointers New thread | New reply

Acmlmboard 2.1+4δ (2023-01-15)
© 2005-2023 Acmlm, blackhole89, Xkeeper et al.

Page rendered in 0.028 seconds. (339KB of memory used)
MySQL - queries: 47, rows: 74/74, time: 0.016 seconds.