Hello, i'm a wannabe pokemon hacker, but I have no clue where to start. I downloaded the Emulator, Map editor, all that (at least I think). But I still dont understand what to do. None of the programs seem to work and I have no idea how to apply anything I did onto my Pokemon Sapphire. I really need help. Can you guys help me?

03:33, August 22, 2012 (UTC) Read more >

To disassemble Mario Paint, I use my own program, which is Foret, the Free Ordinary Rom Examination Tool. This program is not complete, and has not all features that I want to use.

Consider the current disassembly of jsr subroutine $0084af.

Foret has the ability insert the labels fill_7e2000_7e27ff and fill_7e2800_7e2fff into the disassembly, but Foret does not replace jsl $01e024 with jsl fill_7e2000_7e27ff, or replace jsl $01e033 with jsl fill_7e2800_7e2fff. Thus I can see the labels at starts of subroutines, but I cannot see labels in calls to subroutine.

I need to teach Foret to replace jsl $01e024 with jsl fill_7e2000_7e27ff. With such replacement, I would more easily read subroutine $0084af.

To add this feature, I need to program Foret to maintain a s…

Read more >

My USA instruction manual for Donkey Kong Country 2 says this about Animal Barrels:

"Barrels marked with an animal friend's picture will transform Diddy or Dixie into the animal if they jump in. If you jump into a Barrel that shows a picture of the animal that you are already transformed into, you will gain an extra hit as that animal."

The last sentence is not true. I have confirmed that the Animal Barrel does not extra hits.

I declared (in some SMWcentral forum thread) that I wanted to disassemble Donkey Kong Country 2, but I have not started, because I am too busy with my disassembly of Mario Paint. So, I have not found any 65816 machine code for Animal Barrels.

Instead, I played a clean copy of Donkey Kong Country 2 and entered an Animal B…

Read more >

http://smwhacking.wikia.com is the address of the "SMW Hacking Wiki", a recent attempt to create an entire wiki about hacking Super Mario World.

At the moment, the wiki contains practically no information about hacking SMW. However, there are a few pages, which might eventually contain information.

This is not the first attempt to create such a wiki. I know that SMWcentral (the web site with the SMW hack archive) previously hosted "SMWiki", a wiki about hacking SMW. However, SMWcentral chose to remove SMWiki from the internet. Now, we only have the SMWiki Backup, a downloadable backup copy of old SMWiki. This backup copy is not a place to edit wiki pages.

Because old SMWiki never used a free license, we are not free to copy anything from old S…

Read more >

Inside the SNES, the VRAM (for "video RAM") is one of several types of memory. VRAM holds the pixel data (or "character data") for the 8x8 tiles. The SNES uses these 8x8 tiles to draw all backgrounds and sprites. VRAM has its own separate address space, but DMA allows a SNES game to copy tiles from ROM to VRAM.

I have not learned DMA, but I also have not learned which VRAM addresses to use for my tiles. Today, as I explore Mario Paint (JU) for SNES, I might begin to learn. I found this code in Mario Paint:

/*008385 a9 02*/ lda #$02 /*008387 8d 01 21*/ sta.w $2101 /*00838a 8d 05 01*/ sta.w $0105

This puts the value $02 into hardware register $2101, and RAM mirror $000105.

Anomie's Register Doc has this description of register $2101:

To understand …

Read more >

Ruby, the programming language, has rational numbers and complex numbers. I did not know how to use them. The Ruby documentation did not explain how to use them.

I knew that Ruby had complex numbers, but I never knew that Ruby had rational numbers, until I saw a rational.c while source diving. The first C functions in rational.c manipulated integers, but I scrolled down, and saw functions to add and subtract rational numbers. So I learned that Ruby has rational numbers, but not how to use them.

I opened irb, and noticed that I had Rational and Complex classes.

irb(main):001:0> Rational => Rational irb(main):002:0> Complex => Complex irb(main):003:0> Rational.class => Class irb(main):004:0> Complex.class => Class

I tried to use ri Rational and ri Complex to read …

Read more >

BSNES and Snes9x use different methods to detect if the ROM image of some SNES game has an SMC header of 512 bytes ($200 bytes in hexadecimal).

For Snes9x, the crucial function is CMemory::LoadROM in memmap.cpp, which calls FileLoader to read the ROM image. FileLoader reads the file and calls HeaderRemove. For each file, HeaderRemove removes the header if the file size divided by $2000 has remainder $200.

uint32 CMemory::HeaderRemove (uint32 size, int32 &headerCount, uint8 *buf) { uint32 calc_size = (size / 0x2000) * 0x2000;
if ((size - calc_size == 512 && !Settings.ForceNoHeader) || Settings.ForceHeader) { ...
memmove(buf, buf + 512, calc_size); headerCount++; size -= 512; }
…



Read more >

I have verified two bugs in Mario Paint (JU). These bugs have no significant affect to the program.

The first bug involves the Mario Paint/random number generator. Every 55th call to the random number generator returns RAM $000524 instead of the random number.

The second bug occurs when uploading a Mario Paint/transmusical string to the SPC-700. If the transmusical string crosses a LoROM bank boundary, then the uploader corrupts the last byte before the boundary.

I made a hack in Ruby to examine some transmusical strings in the ROM image of Mario Paint, and to predict how the bug corrupts bytes in these strings.

$ ./dump-tms.rb mario-paint.sfc string $188000: $6e00..$6ebf: from $188004..$1880c4, download 192 bytes $6f00..$6f17: from $1880c8..$1…
Read more >

Who remembers Mario Paint for the SNES? I have brought the light of disassembly to a ROM image of Mario Paint. This light will show the way to program the SNES and to hack Mario Paint.

My first light only shines at a small part of the ROM. I found the random number generator, but I know almost nothing else about Mario Paint. I have no way to change the palette, replace the stamps, augment the coloring book, or add background music, because I never found those things in the ROM.

I am not the first hacker to shine light at Mario Paint. I can guess that the trade secrets of Nintendo include the original source code of Mario Paint; but I can also guess that hackers without connection to Nintendo, studied and hacked Mario Paint around 1993..1994. I…

Read more >

xkas, wla-65816 and snescom provide three ways for SNES hackers to assemble their 65816 code. My test case test1624.s encountered trouble with wla-65816 in my previous blog post, User blog:Kernigh/List file exposes bugs in wla-65816. I might avoid this trouble if I would use snescom or xkas. I now port my test case to snescom and to xkas, and I observe the result.

Using wla-65816, my test case generated a ROM image that starts at address $218000 and ends at address $2180ff, and I also generated a list file. This is possible not with xkas nor with snescom. This is how wla-65816 is better than xkas and better than snescom.

• xkas can only start at addresses $008000, $400000, $808000 or $c00000.
• snescom can only start at address $c00000.
• xkas and sn…

Read more >

Every hacker of Super Mario World needs to look at SMWcentral.

I might want to forget not about these forum threads, so here is a list of links.

• SMWDISC- Dissassembly + Commentary on SMW
• Underused and useless opcodes of the 65816
• Sonic-like health (Take damage, lose coins)
• A sprite that I need input on. (Luigi follows Mario)
• In the stickied "Official Hex/ASM/Etc. Help Thread"
  • About mvn
  • About ExecutePtr at $0086df
• Threads about Mode 7
  • Mode 7 Findings
  • Curious on Mode 7
  • Mode 7 Sprites, how to make them?

Read more >

When I use WLA DX for assembly hacking, one of my options is to generate a list file from each source file. A list file matches each line of my source with the hexadecimal output, so I can observe that lda $ca became $A5 $CA.

To create a list file, I must use the -i option of both wla-65816 and wlalink.

• wla-65816 -io test1624.s
  • This creates test1624.o with list-file data.
• wlalink -Sir test1624.link test1624.rom
  • This creates the list file test1624.lst.

Today, I learned two lessons about the creation of the list file. I am using WLA DX 9.5a.

1. If wlalink finds no list-file data, then it saves the ROM image, but it exits 1 without an error message.
2. The wla-* assemblers never generate any list-file data for anything outside a section.

My file test1624.s had no se…

Read more >

I continue from User blog:Kernigh/Extended division, part 3.

My continuing quest to divide 2_765_364_880 by 10 has approached the correct answer.

• 276_497_166 came from my first algorithm.

My fourth algorithm correctly divides 2_765_364_880 by 10, yielding 276_536_487 remainder 0. It correctly divides 2_765_364_880 by 255, yielding 10_844_568 remainder 40.

I hope to soon use my correct algorithm in my SPC-700 code. I now finish this sequence of blog posts.

Question: Division of 2765364880 by 10 needs how many blog posts?

Answer: FOUR.

• User blog:Kernigh/Extended division, part 1
• User blog:Kernigh/Extended division, part 2
• User blog:Kernigh/Extended division, part 3
• User blog:Kernigh/Extended division, part 4

Read more >

I continue from User blog:Kernigh/Extended division, part 2.

A PowerPC processor in 32-bit mode can divide 32-bit integers. I would be able to divide 2_765_364_880 by 10, because 2_765_364_880 fits in the range 0..4_294_967_295 of unsigned 32-bit integers.

An SPC-700 processor can only divide a 16-bit integer by an 8-bit integer. My current quest is to find an algorithm of extended division for the SPC-700 to divide 2_765_364_880 by 10, or more generally to divide any unsigned 32-bit integer by any unsigned 8-bit integer.

In my part 1, I used the distributive property of division under addition to split the operation into simpler operations.

I need to modify my algorithm, to somehow involve these last four remainders with the extended division.

…
Read more >

I continue from User blog:Kernigh/Extended division, part 1.

The SPC-700 is the audio coprocessor of the SNES. To understand how a SNES program plays music, I must disassemble the SPC-700 machine code. The precondition is that I must learn to use SPC-700 assembly language. This learning is why I use the SPC-700 in my ROM hack, Find 40th Fibonacci Number. I intend that the SPC-700 will divide a 32-bit number by an 8-bit number, but I notice that the div instruction of the SPC-700 can only divide a 16-bit number by an 8-bit number.

I tried to divide 2765364880 by 10 in User blog:Kernigh/Extended division, part 1. The easy way is to drop one decimal digit to yield the correct answer of 276536488. The SPC-700 cannot drop one decimal digit because t…

Read more >

I am learning the SPC-700 assembly language. I intend that my ROM hack, Find 40th Fibonacci Number, will use the SPC-700 to divide an unsigned 32-bit number by 10 (ten). My problem is that the div instruction of the SPC-700 can only divide an unsigned 16-bit number by an unsigned 8-bit number. I know not how to use the div instruction to divide a 32-bit number by an 8-bit number such as 10 (ten). I wonder if I can find a way to do extended division.

I need an example. I will divide 2765364880 by 10. The answer is obviously 276536488, if I use decimal numbers, but the SPC-700 will use binary numbers. I will write the binary numbers in hexadecimal. I must convert the numbers.

• 2765364880 => $a4d41e90
• 10 => $a
• 276536488 => $107b9ca8

I used a calculator …

Read more >

I noted the quirks of labels in User blog:kernigh/Quirks in wla-65816, part 1. Here are some other quirks.

The README of WLA provides that wla-65816 accepts operand hints.

For example, .base $80 tells WLA that the 65816 bank number equals the WLA bank number plus $80.

RAM labels cause a complication. I might want to put RAM labels in bank $70 or bank $7e; but WLA only allows me to use ROM banks. So I put my RAM labels in WLA bank 0 and use .base $70 or .base $7e. If my project uses ROM banks $80..$87, then I must switch between .base $80 for ROM labels or .base $70 or .base $7e for RAM labels.

Sometimes, the .base directive and superfree sections become a useful combination.

Read more >

ROM Hack City has not any of the three wiki pages for xkas, wla-65816 or snescom. I would want to create these pages and to use these pages to introduce these three programs for assembly hacking of SNES programs. For now, I only have scattered pages like addition and 65816 mistakes.

I must learn more about some quirks of wla-65816, so that I can show the correct way to use the tool. I understand some quirks less than I would like.

WLA has two kinds of labels. These are definition labels and address labels. I can produce address labels with label: and definition labels with .define label. The difference is more apparent if I read the source code of WLA instead of the README.

An address label saves the current address (the org and the bank). The valu…

Read more >

Our new addition page has the most detail about adding integers. If you want to know how to add in binary, or you need to learn about "carry" or "overflow", then the addition page will help you.

Assembly hackers need to know how to add numbers using their processor. I added a section for 6502 and 65816 to the addition page, showing basic procedures like how to clc before adc, and how to add 16-bit integers. I forgot to mention the inc instruction, and I forgot to show how adc affects the 65816 processor flags, especially the carry flag and the overflow flag.

Though I forgot to include those things, the addition page remains very detailed. I might want to save time and not write so much detail when I create the subtraction and comparison pages.

… Read more >

The first rule of ROM hacking seems to be, "You will refrain from assembly hacking." Some hackers never understand assembly language. Some hackers avoid assembly but use assembly in small amounts. Some other hackers use assembly somewhat frequently.

One of the users of SMWcentral asked the community of hackers of Super Mario World if assembly would be "fun".

• SMWcentral, Would you consider ASM Hacking... Fun?, 3 July 2009

The context of this thread has that these hackers use 65816 assembly language, because SMW is a SNES hack. Many of these hackers have never applied assembly language to anything other than SMW. Here are some quotes from the thread.

• Quizler: "Or maybe somebody gets a kick out of doing things with.. letters, numbers, and.. mone…

Read more >

My name is Kernigh; I am learning to hack the SNES platform.

This is the very first "blog post" at ROM Hack City — unless someone rushes to post before me — and is the oldest post both in my blog and in the community blog. Wikia added the "blog" feature during last week.

• Help:Blog article explains the feature.
• Blog:Recent posts is "the community blog", with every blog post at ROM Hack City.
• The "blog" link from User:Kernigh is "my blog", with only my blog posts.

ROM Hack City is a wiki, so it has wiki pages, that anyone may improve over time. I today created a short wiki page for 65816 processor flags, useful to assembly hacking of the SNES; anyone may later add more information about those flags to that flag.

Now that ROM Hack City has an attac…

Read more >