Pages: 1
Posted on 05-03-15, 01:38 am (rev. 2 by TheKoopaKingdom on 05-03-15, 01:38 am)
Shyguy


Karma: 463
Posts: 1/83
Since: 02-12-15
Hello Everyone!

I love the idea of reprogramming games to improve features, or add completely new ones, so I have been learning how to code in ARM assembly. I can't really do anything besides perform operations and shifts on registers, but before I go more in-depth into coding, I want to make sure that I can compile, insert, etc. code into the game.

Anyways, I want to insert new code into Pokemon Platinum, English version (not sure if there are different PAL and NTSC versions), using the ASM Hacking template. However, the template requires a different arena offset for every region of every game, and I can't find it.

So far I have tried using ida pro demos, and looking for similarities in ram dumps (dump ram at NSMB's arenaoffs, copy a few bytes of what's there, dump Pokemon Platnium's full ram, and find something that is the same as the copied bytes), but both of those didn't work

If you're still here, thanks for reading, help appreciated!
Oh, and are nsmb.h and symbols.x necessary for writing code, or would I be able to erase their contents and continue?
_________________________
Website | Twitter
MK8 Modding Central
Posted on 05-03-15, 02:18 am
Super Mario
( ͡° ͜ʖ ͡°)

Karma: 9979
Posts: 4275/4456
Since: 06-08-11
nsmb.h and symbols.x are NSMB-specific, they aren't useful for other games. Maybe the build system requires a symbols.x to be present, in that case make it empty.

Let me explain a bit how DS games handle memory. The DS has 4MB of RAM, at addresses 0x02000000 to 0x023FFFFF.

The ARM9 binary is loaded at the start of the RAM. (0x02000000)
After it, the overlays are loaded.
Then, the rest of the free RAM is used for something called the "arena". It's memory used for dynamic allocations (malloc's).

Since all the RAM is used, there's no space to put our code!

What NSMB Editor does is modify the arena starting address: make it higher. This way, the arena becomes a bit smaller and we have some free space between the overlays and the arena. NSMBe then loads the custom code there.

So, how do we modify the arena starting address?

The ARM9 binary has some functions that create the arena. One of these functions is OS_GetArenaLo. This one returns the arena starting address. If you look at this code, it's loading the value for the main RAM arena from another location in RAM.

THIS location is what we need to modify.

arenaoffs.txt is simply a text file containing the address of this location, so NSMBe knows what address to modify.

In the case of NSMB U it's 02065F10. Open the NSMB ida db and go to 0x02065F10. The value you see there is the arena start address. Right above it you'll find the OS_GetArenaLo function.

The process for finding the arenaoffs value for another game is just finding this function. You can probably get the hex values of the OS_GetArenaLo function and search for it in the other game, and then compare the IDA Pro db's to see they "look similar" and then get the RAM address of that value

I hope this makes it clear, any questions just ask.
Posted on 05-03-15, 03:18 am
Shyguy


Karma: 463
Posts: 2/83
Since: 02-12-15
Thanks, I understand the arena much better!
I will try getting the hex of OS_GetArenaLo and searching for it tomorrow, I'll report here if I have any luck.
_________________________
Website | Twitter
MK8 Modding Central
Posted on 05-31-15, 04:04 am (rev. 1 by ImageBot on 11-21-16, 03:16 am)
Shyguy


Karma: 463
Posts: 5/83
Since: 02-12-15
Lately, I've been working on dumping the ram of every game that has an ASM Template. In IDA, I went to the arenaoffs for each game, and compared the function above it (OS_GetArenaLo).

I've found one thing that all games have in common.




Every game has this line of code:
CMP R0, #6 ; switch 7 cases ADDLS PC, PC, R0,LSL#2 ; switch jump

In theory, we could search for that, and that will give us the location of OS_GetInitArenaLo, and therefore the arena.

So, I started a text search in IDA for CMP R0, #6, and used these filters:

If a result doesn't contain sub, that means that it is not in a function, so it can't be in OS_GetInitArenaLo. We are looking for CMP R0, #6 ; switch 7 cases, so if it does not have a ;, then it is not what we are looking for.

BUT, that still won't give us one definite place. Fortunately, if you were to test this on one of the games before, you would see that OS_GetInitArenaLo is always the result at the top (the earliest).

I found a function in Pokemon Diamond that met all of the requirements, so I went under the function, and copied the offset directly below. Then, I changed the template, ran 'make' and insert aaaaaand *drumroll*

Welp.
Here's everything that I changed:
arenaoffs.txt - Changed to 020CC3EC
source - Everything but print.s deleted (until I write test code)
Rom - Clean, vanilla rom
symbols.x - Cleared out
Makefile - -lgcc deleted

I'll check out the error more tomorrow (which hopefully won't be 28 days again ).

Oh, and sorry about this breaking my layout. I never thought that I would make a post this long .
_________________________
Website | Twitter
MK8 Modding Central
Pages: 1