Can Action Replay codes write to VRAM and OAM on a DS?

S

SkicoNow

New Member
OP
Newbie
Level 1
Joined
Jun 27, 2018
Messages
3
Trophies
0
Age
20
XP
68
Country
United States
Hello, I recently wrote a quite lengthy Action Replay code for Super Mario 64 DS that displays different sprites based on what buttons are currently being pressed (I unfortunately can't paste a direct link to it in this post because I haven't made enough posts, but the Pastebin ID is 85Xg2ktD). I was able to do this by replacing the tile data for some of the top screen sprites with the tile data for other sprites (the 0640xxxx lines in my code, aka the top screen's OBJ VRAM) and using the OAM (the 07000xxx lines) to display them. While this code works perfectly fine for me and correctly displays the sprites on DeSmuME, it doesn't display any of my sprites when I put the code in my usrcheat.dat file to be used with TWiLightMenu++ on my 3DS. Are there other ways to have AR codes successfully write to the VRAM and OAM on an actual DS, or are AR codes on actual DSes simply unable to do so? Any advice would be appreciated, thanks!
Staff edit.
https://pastebin.com/85Xg2ktD
Video:

This only seems to work on emu for now. The issue where some of the other top screen sprites disappear in the video when I press buttons has since been fixed.
Code: 
94000130 FFDF0000
064038A0 00000000
064038A4 11100000
064038A8 12110000
064038AC 12211000
064038B0 12321100
064038B4 12332110
064038B8 12333211
064038BC 12333321
06403CA0 12333341
06403CA4 12333411
06403CA8 12334110
06403CAC 12341100
06403CB0 12311000
06403CB4 14110000
06403CB8 11100000
06403CBC 00000000
07000200 000000B0
07000204 0000F1C5
07000208 000000B8
0700020C 0000F1E5
D2000000 00000000
94000130 FFBF0000
064038C0 00000000
064038C4 00000000
064038C8 00000000
064038CC 00000000
064038D0 BB000000
064038D4 CB000000
064038D8 CBB00000
064038DC DCB00000
064038E0 00000000
064038E4 00000000
064038E8 00000000
064038EC 00000000
064038F0 000000BB
064038F4 000000BE
064038F8 00000BBE
064038FC 00000BED
06403CC0 DCBB0000
06403CC4 DDCB0000
06403CC8 DDCBB000
06403CCC DDDCB000
06403CD0 DDDCBB00
06403CD4 DDDDCB00
06403CD8 FFFFEB00
06403CDC BBBBBB00
06403CE0 0000BBED
06403CE4 0000BEDD
06403CE8 000BBEDD
06403CEC 000BEDDD
06403CF0 00BBEDDD
06403CF4 00BFDDDD
06403CF8 00BFFFFF
06403CFC 00BBBBBB
07000210 000800AE
07000214 000001C6
07000218 001000AE
0700021C 000001C7
07000220 000800B6
07000224 000001E6
07000228 001000B6
0700022C 000001E7
D2000000 00000000
94000130 FFEF0000
07000230 001800B0
07000234 0000F1C4
07000238 001800B8
0700023C 0000F1E4
D2000000 00000000
94000130 FF7F0000
06402180 BBBBBB00
06402184 FFFFEB00
06402188 DDDDCB00
0640218C DDDCBB00
06402190 DDDCB000
06402194 DDCBB000
06402198 DDCB0000
0640219C DCBB0000
064021A0 00BBBBBB
064021A4 00BFFFFF
064021A8 00BFDDDD
064021AC 00BBEDDD
064021B0 000BEDDD
064021B4 000BBEDD
064021B8 0000BEDD
064021BC 0000BBED
06402580 DCB00000
06402584 CBB00000
06402588 CB000000
0640258C BB000000
06402590 00000000
06402594 00000000
06402598 00000000
0640259C 00000000
064025A0 00000BED
064025A4 00000BBE
064025A8 000000BE
064025AC 000000BB
064025B0 00000000
064025B4 00000000
064025B8 00000000
064025BC 00000000
07000240 002000B2
07000244 0000010C
07000248 002800B2
0700024C 0000010D
07000250 002000BA
07000254 0000012C
07000258 002800BA
0700025C 0000012D
D2000000 00000000
94000130 FFFE0000
064021C0 00000000
064021C4 11100000
064021C8 22100000
064021CC 32110000
064021D0 33210000
064021D4 15311000
064021D8 11531000
064021DC 11531100
064021E0 00000000
064021E4 00000111
064021E8 00001122
064021EC 00011433
064021F0 00014333
064021F4 00015443
064021F8 00015431
064021FC 00015431
064025C0 11654100
064025C4 55554110
064025C8 55555410
064025CC 55555411
064025D0 11166651
064025D4 10166651
064025D8 10111111
064025DC 00000000
064025E0 00016541
064025E4 00016555
064025E8 00016555
064025EC 00016555
064025F0 00016665
064025F4 00016665
064025F8 00011111
064025FC 00000000
07000260 003000B0
07000264 0000810E
07000268 003800B0
0700026C 0000810F
07000270 003000B8
07000274 0000812E
07000278 003800B8
0700027C 0000812F
D2000000 00000000
94000130 FFFD0000
06402220 11111110
06402224 22222210
06402228 33333210
0640222C 33333210
06402230 44444310
06402234 31154311
06402238 31154431
0640223C 43154431
06402240 00000011
06402244 00000112
06402248 00001143
0640224C 00001433
06402250 00001544
06402254 00001544
06402258 00001544
0640225C 00001154
06402620 41165541
06402624 11165541
06402628 11165541
0640262C 41165541
06402630 66666651
06402634 66666651
06402638 11111111
0640263C 00000000
06402640 00011655
06402644 00016554
06402648 00016554
0640264C 00015565
06402650 00011666
06402654 00001116
06402658 00000011
0640265C 00000000
07000280 004000B0
07000284 0000E111
07000288 004800B0
0700028C 0000E112
07000290 004000B8
07000294 0000E131
07000298 004800B8
0700029C 0000E132
D2000000 00000000
927FFFA8 FBFF0000
064031C0 00011000
064031C4 00111100
064031C8 01122110
064031CC 11433211
064031D0 15444311
064031D4 44443110
064031D8 44431100
064031DC 44311000
064031E0 00001100
064031E4 00011110
064031E8 00112211
064031EC 01143321
064031F0 11544443
064031F4 01154444
064031F8 00115444
064031FC 00011544
064035C0 55541100
064035C4 55554110
064035C8 16555411
064035CC 11655411
064035D0 01165110
064035D4 00111100
064035D8 00011000
064035DC 00000000
064035E0 00001165
064035E4 00011655
064035E8 00116554
064035EC 01165541
064035F0 00116611
064035F4 00011110
064035F8 00001100
064035FC 00000000
070002A0 005000B0
070002A4 0000518E
070002A8 005800B0
070002AC 0000518F
070002B0 005000B8
070002B4 000051AE
070002B8 005800B8
070002BC 000051AF
D2000000 00000000
927FFFA8 F7FF0000
06403200 00111000
06403204 00121100
06403208 11142110
0640320C 11433211
06403210 31544431
06403214 44444311
06403218 44443110
0640321C 44431100
06403220 00001110
06403224 00011211
06403228 00114321
0640322C 00143332
06403230 00115444
06403234 00011544
06403238 00001154
0640323C 00000115
06403600 65411000
06403604 65410000
06403608 65411000
0640360C 55541000
06403610 66651000
06403614 66651000
06403618 11111000
0640361C 00000000
06403620 00000011
06403624 00000001
06403628 00000011
0640362C 00000016
06403630 00000016
06403634 00000016
06403638 00000011
0640363C 00000000
070002C0 006000B0
070002C4 00000190
070002C8 006800B0
070002CC 00000191
070002D0 006000B8
070002D4 000001B0
070002D8 006800B8
070002DC 000001B1
D2000000 00000000
94000130 FDFF0000
06402A40 11111000
06402A44 12221000
06402A48 14321000
06402A4C 14321100
06402A50 15443100
06402A54 15443100
06402A58 11543110
06402A5C 01544310
06402A60 00000000
06402A64 00000000
06402A68 00000000
06402A6C 00000000
06402A70 00000000
06402A74 00000000
06402A78 00000000
06402A7C 00000000
06402E40 01655410
06402E44 11655411
06402E48 55555541
06402E4C 55555541
06402E50 66666651
06402E54 51111111
06402E58 11000000
06402E5C 00000000
06402E60 00000000
06402E64 00011111
06402E68 00016555
06402E6C 00016555
06402E70 00011666
06402E74 00001666
06402E78 00001111
06402E7C 00000000
070002E0 007000B0
070002E4 00001152
070002E8 007800B0
070002EC 00001153
070002F0 007000B8
070002F4 00001172
070002F8 007800B8
070002FC 00001173
D2000000 00000000
94000130 FEFF0000
06402A80 11100000
06402A84 22111100
06402A88 33332111
06402A8C 33333321
06402A90 44444431
06402A94 11154431
06402A98 11154431
06402A9C 31154431
06402AA0 00000011
06402AA4 00000112
06402AA8 00001143
06402AAC 00011433
06402AB0 00015444
06402AB4 00015443
06402AB8 00015443
06402ABC 00011544
06402E80 55555541
06402E84 55555541
06402E88 65555541
06402E8C 54165411
06402E90 51166510
06402E94 11166510
06402E98 10111110
06402E9C 00000000
06402EA0 00001165
06402EA4 00000116
06402EA8 00000111
06402EAC 00011165
06402EB0 00016666
06402EB4 00016665
06402EB8 00011111
06402EBC 00000000
07000300 008000B0
07000304 00001154
07000308 008800B0
0700030C 00001155
07000310 008000B8
07000314 00001174
07000318 008800B8
0700031C 00001175
D2000000 00000000
94000130 FFF70000
07000320 008000B0
07000324 00001198
07000328 008800B0
0700032C 00001199
07000330 008000B8
07000334 000011B8
07000338 008800B8
0700033C 000011B9
D2000000 00000000
94000130 FFFB0000
06402A00 00000000
06402A04 00000000
06402A08 00000000
06402A0C 00000000
06402A10 11111100
06402A14 12222110
06402A18 54444211
06402A1C 43115431
06402A20 00000000
06402A24 00000000
06402A28 00000000
06402A2C 00000000
06402A30 00000000
06402A34 00000001
06402A38 00000011
06402A3C 00000015
06402E00 11155541
06402E04 15554111
06402E08 51411111
06402E0C 54116541
06402E10 66666511
06402E14 16665110
06402E18 11111100
06402E1C 00000000
06402E20 00000011
06402E24 00000011
06402E28 00000016
06402E2C 00000016
06402E30 00000011
06402E34 00000001
06402E38 00000000
06402E3C 00000000
07000340 009000B0
07000344 00001150
07000348 009800B0
0700034C 00001151
07000350 009000B8
07000354 00001170
07000358 009800B8
0700035C 00001171
D2000000 00000000[/quote]
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,321
Country
United Kingdom
VRAM can be a bit finicky to write and need proper timings, lengths, initialisations and whatever else (same applies to most systems) where emulators typically have no such concern hence the split.

I do have to ask if you are wedded to cheats as a concept or more accurately do you care about running a modified ROM or is original cart an ideal you strive for? Sounds like it is not going to be an issue but some do have issues for whatever reason (might be banned by the speedrunning communities which is where I typically see input display options). It can also help dodge some issues here -- who cares about VRAM if you can edit some random texture/tile in the ROM and have the game do it for you naturally as it were, leaving you more to care about fiddling with OAM.

Various approaches.
That looks to be some kind of input display. If being fancy then the same things that people use to do automated, turbo and whatever else can have the arduino, teensy or whatever take it as inputs instead rather than spitting out the pre timed combo or turbo. Pipe that out of the onboard serial port/USB keyboard faker to a log file with timings (whether you do say millisecond level logs or event button pushed, event button held, event button released... being up to you) and you can recreate it easily enough in a video editor (I would probably use avisynth but that is because I have a workflow in mind), and would also work on any game, homebrew, hack or the like.
There might also be an option to pipe something over a network as well -- the control state is read every frame so you could happily dump that or its debounced version over network. There was a hack for pokemon teaches typing that eschewed the bluetooth inbuilt into the original cart for a network connection instead, and the reverse could be done for this. Other things were seen to use simple network devices to grab data (there was a save dumper that used netcat).

The best way would be to note the DS ARM9 binary (and ARM7 for that matter, might be better to attack that) is actually in normal RAM and thus can be edited happily enough by codes. Change your codes to do whatever they need to do to make the above ARM code* and inject that instead. That can then work within the DS and play to whatever limitations you might have.

If you handled sprites at ROM level you might be able to add in a little function yourself that works within the limitations of the ROM rather than hoping AR handlers can do it, and also reduce the code burden of it (I don't know how many the 3ds custom firmware or whatever you are using can handle offhand but that gigantic list above can tax even the best of them, a function properly written to decode the annoying split http://problemkaputt.de/gbatek.htm#dskeypad you are probably more immediately familiar with than I am right now is not so bad (try to avoid 13 IF commands**, likely CMP and B?? to expand data out to OAM packet to presumably move on screen to off or vice versa, in favour of something a bit more optimised). If it was just one or two things you wanted to check for (normally button press related activities in hacking are remapping controls or extra function, possibly one already in the game just easier to access) then you might be able to tack it onto the function that reads the button press (and probably release) in the first place.

*it is not unheard of for such things to be debug options in games for testers. I would not necessarily expect to find some commented out code on the DS though.

**for others playing along at home 4 direction, 4 buttons, 2 shoulder, start, select and touch screen being pressed actually counts as a button if you read the gbatek link hence 13, could be 14 if you want the hinge detection (magnet sensor above the select/start region) as well but as that normally just does standby in games (actually struggling to think of any examples other than warioware right now) and not even a fancy standby where it saves the game for you then eh.
 
  • Like
Reactions: AsPika2219 and SylverReZ

Site & Scene News

Go to forum More news

Popular threads in this forum

Testing the new EZ-Flash Parallel

Hardware Review  EZ Flash Parallel Warning - Power Strobe When DS Shut

Best DS flash Cart?

ROM Hack  Mario Kart DS - Custom Tracks Grand Prix NITRO (CTGP NITRO) v1.1.0 Release

Metroid Prime Pinball slowdown and audio stutter on EZ-FLASH Parallel

EZ-Flash Parallel Question (Sav files and where to put them)

Emulation  What are the emulation capability of a DSi? (2024)

EZ Flash Parallel / GBA ROMs

General chit-chat
Help Users
  • No one is chatting at the moment.
    S @ salazarcosplay: @BakerMan can one play cod from hen ps3?