 Register - Login |
||
 |
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies |
|
Register - Login |
||
|
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies |
|
| Jul - Posts by Hectamatatortron |
| Pages: 1 2 3 4 5 6 7 8 9 10 11 12 |
| Hectamatatortron Member Level: 31     Posts: 122/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
It's using the loaded data differently based on whether or not it is the string "0DMB". If the tileset index is 0x70, then you just need to follow the code using F7 and summarize what's happening to yourself as you go. First you want to make sure that breakpoint is the one you want. Change R02 to other tileset values when it breaks there and see if the tileset used in the level changes as a result. Also, ARM isn't as scary as it looks (I was afraid of it too back when I learned Thumb). It should be easy to do something like
And then just do things like
to dump the routine. GBATEK can help with understanding the opcodes, as can watching them be executed (which is where most of my assembly knowledge came from - watching instructions being executed when stepping through code in VBA-SDL-H's console window). --------------------  
|
| Hectamatatortron Member Level: 31 Posts: 123/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
bx means branch exchange. It's an absolute branch with a register argument (the b instruction is a relative branch that takes an immediate argument, not a register) that is capable of switching between ARM/Thumb mode based on bit 0 of the target address. bx lr (r14 is called "lr", which means Link Return. bl means "branch long" and works like "b" does, but with a larger range; when an address is bl'd to, lr is updated with the address to return from the subroutine being called by the bl) is commonly used for returning from subroutines. Also, strh stores a halfword, so in your case, it was storing 0x0008, not 0x08. ldr loads a word (0xXXXXXXXX). It looks like you got everything commented correctly. Also, the correct way to say that something is at a specific address is to use the .org directive.
I recommend improving your whitespacing of assembly code. Edit: I've just confirmed that setting a breakpoint on reads of a ROM address is indeed possible with No$GBA if you follow the documentation I've quoted from GBATEK (written by the same person No$GBA was written by). Set a break on writes to 0x040001A8 and use No$GBA's conditional breakpoint feature to do it something like this: [040001A8]!!, r(some register number; you may have to try r0 through r2) == 0xB7aaaaaa Where aaaaaa is the upper 24 bits of the address you want to watch. After you get a hit, setting a break on reads of 0x04100010 and continuing until that breakpoint is hit will show you the data at or around your address being loaded serially (4 bytes at a time, usually in groups of 0x200 bytes). --------------------
|
| Hectamatatortron Member Level: 31 Posts: 124/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
r0 = [r0 + (r2 << 2)]
r1 = [sp (aka r13; sp means "stack pointer") + 4] This means (since it's a stack offset) that it's loading a variable from the parent function's scope that was pushed or more likely (as the former makes no sense), a local variable that there was no room for in the register list that was pushed into extra stack space also allocated at the beginning of the function, usually by way of add sp, #-0x8 str (some register), [sp] str (the register later loaded into r1 in your example), [sp, #0x4] Functions that do that will have add sp, #0x8 (or whatever the number was depending on the amount of extra space needed) before the ldmia/pop sp!, {rlist} (sp is implied for pop instructions) instructions that occur before the bx lr that functions end with. These functions will probably also use lots of other registers, which means intensive calculation and/or many arguments for that sub routine. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 125/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Yes, that format is generally used for accessing arrays of data that have 4 byte entries. Another common occurrence is: add r0, r0, r1, lsl #0x2 Where r0 is the base address of some array and r1 is the index to access it by. For some reason it's more common even though it could have included the load operation that is sure to follow by simply using the ldr instruction. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 126/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Did I mention that if a mirror address is used for the accessing instruction that the break won't hit? Oh, wait...yes, I did. That's probably your problem. It could take a while to try all the mirrors. Maybe try backtracing from the read until you get to the write? That could take a while too, but you've got to do one or the other, it seems. Pick your poison. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 127/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
I did say that was "probably" your problem. Try the other way (backtracing). Unless I have my hands on it, I won't know how to fuck with it to get what I want. That's what you have to do sometimes. Just keep picking at things remotely relevant until you either think of something you wish you had thought of earlier or find a hint. Edit: Try word aligned addresses (address & 0xFFFFFFFC); I was trying to emphasize before that word accesses of halfwords and similar situations are the leading cause of grief when it comes to the incapacity No$GBA has of breaking on mirrors, which is caused by the same problem (the access address has to match precisely). --------------------
|
| Hectamatatortron Member Level: 31 Posts: 128/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Here it is - version 20100116. Apparently the original Nightmare was released on ACMLM's board. That's cool, because as far as I can tell, this forum contains many members who have gone through board I and II, as well as the various other JULs (there were others, right? I think there was like 3 domains?). So to release Nightmare 2.0 here seems fitting, don't you think? Here, I'll quote the post I made at the other place I released it:
Sweet, neh? Enjoy! Oh, and by the way...this and FEditor Adv (there's a thread for FEditor around this forum somewhere!) are both released under the GPL v3. So, seriously, like I said - enjoy. Edit: 20090330 now has support for expanding the data. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 129/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Actually, it did take off. Before me, the primary rohm acking done to Fire Emblem games was done using Nightmare and modules that FE hackers had made. One particular FE hacker made most of them; she went by SpyroDi and now goes by Pukachi. She's basically the mother of FE hacking and having never seen her at ACMLM, I have to wonder how she ran into Nightmare. Either way, I ran into her shortly after she made most of the modules and got into hacking from that. Pretty much all my genius in computer science stemmed from inspiration from her. Kinda...scary. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 130/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Heh, "Tina" and I were just reminiscing about the old GBA Zeldas just...yesterday, I believe. This is uncanny. And excellent, but mostly uncanny. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 131/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
This is funny. I'm an excellent programmer. I'm an excellent Halo 3 player (I eat 50's for breakfast.  ).And yet, this project looks very unlikely to do well if they have people as apparently unacquainted with the very thing required to accomplish such a project running around searching for people to help. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 132/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
20090401 (and this is NOT an April Fool's joke) has speed and accessibility improvements that hopefully anyone actually using this application will prefer. Edit: 20090403 is better anyway. 20090401 may as well have been a joke. :/ Edit:
Basically you can now have components in a module that are entire other modules. Nested goodness. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 133/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
What if he wants to expand them? Surely there's some static reference (perhaps on a per-ROM basis) that can be followed to eventually locate the tables within the (what I imagine is an) accessible file system. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 134/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
How difficult it is (as well as whether code needs to be modified) should be viewed as trivial until efforts are made to practice theory. At least, that's how I do things; if I let realism stand in the way of idealism I'd never get anything done. If I pushed realism aside altogether I wouldn't get anything done, either, but... --------------------
|
| Hectamatatortron Member Level: 31 Posts: 135/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Sounds great. I probably won't use it much (actually, who knows...I DID hack VBA to help me debug Link's Awakening. If I ever have to do that again...) All I can really suggest is looking at IDA Pro for ideas. Hopefully you have it >.> It's quite an amazing disassembler. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 136/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Here's a permanent link to my personal repository of notes regarding hacking various games. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 137/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
Nice to see that pile of crap doing what it's meant to. Especially since I'm not sure how much I'll be adding to it anymore what with my loss of interest in...everything. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 138/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
Originally posted by Xkeeper On the contrary.
I hope HyperHacker doesn't run into this and see that I tried to scapegoat him >.> --------------------
|
| Hectamatatortron Member Level: 31 Posts: 139/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
|
What? You said outright stupidity was necessary to get banned. And yet all I was banned for was humorous observational comedy! This shouldn't be a surprise, but I was cleaning my IM logs the other day. I'm proud to say they're up to par, for now. --------------------
|
| Hectamatatortron Member Level: 31 Posts: 140/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
Originally posted by hydraphatphelinez TWELVE-SIDED DIE'D! IT'S OVER! --------------------
|
| Hectamatatortron Member Level: 31 Posts: 141/230 EXP: 177301 For next: 8062 Since: 09-19-07 Since last post: 709 days Last activity: 95 days |
|
||
Originally posted by Tyty Fad? You mean something that ends after a while? NO IT'S NOT FAIR CAT GIRLS ARE ETERNAL  --------------------
|
| Pages: 1 2 3 4 5 6 7 8 9 10 11 12 |
| Jul - Posts by Hectamatatortron |
 |
Acmlmboard - 07/23/2013 b378.03 ©2000-2013 Acmlm, Xkeeper, Inuyasha, et al. |
| Query execution time: | 0.031963 seconds |
| Script execution time: | 0.080986 seconds |
| Total render time: | 0.112949 seconds |
