Pages: 1
Luca91
Posted on 07-16-14, 12:45 pm in Some techinical asm hacking questions


Karma: 29
Posts: 1/4
Since: 07-16-14
Hi,
I've just read "How ASM hacks are setup" and it gave me a good idea how asm hacks works (thank you Dirbaio!!).
By the way since I like to understand those things in details, I'd like to ask some questions.
1) I'd like to know how the final .bin in injected on the rom file. I was thinking about: wouldn't replace or add some code to the game functions, messing up the functions pointers ? Also if my code is longer than the original function code, wouldn't the next function be overwritten by my custom code ?
2) Can someone describe the injection process in details ?

Thank you very much for the help, please add as much dettails as you can, I like low level stuff so much
Luca91
Posted on 07-16-14, 09:17 pm in Some techinical asm hacking questions (rev. 1 by Luca91 on 07-16-14, 09:18 pm)


Karma: 29
Posts: 2/4
Since: 07-16-14
These are pretty good questions.

Thank you Dirbaio Also thanks for your explanation, you were very clear!

For example, in NSMB USA ROM, 0x02000000-0x020986E0 is used for the ARM9 binary, 0x020986E0-0x021901E0 is used for overlays, and the rest is the arena.

Uhm mate are you sure that those addr are right ? I'm asking this because I saw that in your arenaoffs the address is 02065F10.

To make function replacements (nsub_02xx) work, it just replaces the first instruction of the original function with a jump (B instruction in ARM ASM) to our new function. The rest of the old function code stays there, but it will never get executed because all calls to that function will hit the jump and go to our new function

When the new function ends what happens ? is there a jump back to the end of the original function to continue the original code flow ?

Hooks are a bit more complicated. The editor takes the instruction at the hooked address and replaces it with a B instruction. That B instruction points to a small piece of code that contains the replaced instruction (so it doesn't get deleted so we don't break the code), saves all registers to stack, calls the hook function, pops all registers to stack, then jumps back to the next instruction of the original code.

Well, this is almost the same of injecting a PE32 executable using a code-cave (except for the stack pushing/popping), right ?

Still many thanks,
those rom hacking ideas are awesome, I always wanted to get into rom hacking :')
Pages: 1
 
Mobile view

Powered by AcmlmBoard XD
By Dirbaio, xfix, Kawa, StapleButter, Nina, et al
AcmlmBoard © Jean-François Lapointe
Page rendered in 0.047 seconds with 21 MySQL queries