0A000000h (SRAM) - 08000000h (ROM base) = 2000000h = 33554432 = 32MiB (aka 32MiB from base before you reach backup RAM area - meaning in DS mode it is quite pointless to go to addresses beyond that)NB. If you read past the first 32MB you'd see the ROM again. There are two mirrors of the ROM after the first copy with different waitstates.
From DS mode... really? From GBA mode what you say holds true... but we aren't creating a "to slot 1" dumper in GBA mode
http://nocash.emubase.de/gbatek.htm#dsmemorymaps
CODEARM9...
Â08000000h ÂGBA Slot ROM (max. 32MB)
Â0A000000h ÂGBA Slot RAM (max. 64KB)
ARM7...
Â08000000h ÂGBA Slot ROM (max. 32MB)
Â0A000000h ÂGBA Slot RAM (max. 64KB)
Ok, I have never been a huge fan of programming on GBA (aside from trying to reverse certain flash carts stuff), but I do know a couple things. Aren't non multiboot GBA files statically linked (meaning a patcher would have to basically reassemble the entire thing to make it work at a different address).
IIRC a lot of ARM code is relocatable and branches aren't direct but depend on the PC. A patcher wouldn't be too hard to make either... and if you had a decent cheat cart you could rewrite addresses as they are coming in and out. But that would be a lot of work for such an ugly contraption.
0A000000h (SRAM) - 08000000h (ROM base) = 2000000h = 33554432 = 32MiB (aka 32MiB from base before you reach backup RAM area - meaning in DS mode it is quite pointless to go to addresses beyond that)QUOTE said:
Eventually, there is still a lot I don't understand and I'd need to track down a couple of the "hard to dump" carts. Needless to say, it has been something I have been fiddling with off an on for the last 2 years... I do currently have code that can dump anything DS I want (worked with supercard and neo2, dumped R4 as well as all the DS games I have reliably), but it is basically just a modified version of fwnitro 1.3c (meaning it has to replace the DS' firmware).Ok... confirmed, there's screenie of the overdump directly from a GBA here.
You can see the output still coming out of the xboo software.. it takes a while to fully dump 256mbit on a gba :/
Funny thing being, in all of your examples so far I have seen a block of 0xFF or 0x00's right before the 16bit incrementing sequenceat the same time, in the past I have also seen my own dumps repeat the game header (sometime multiple times after ROM end) - though I could well be thinking of dumps I did from non-retail cards...
edit:/ OK, using my dumper I have now tested 6 of approximately 20 of my own games, and so far your mask has shown up in 100% of them. I'm thinking the games I had that gave different data are ones I passed on to a friend ages ago, which were as far as I know HK knockoffs.
Sebokie: http://nocash.emubase.de/gbatek.htm
AFAIK there is no "step-by-step" guide on how to dump unless you are using an already existing program.
QUOTEare you planning to code a ds dumper as well
- ASM? Why would you need that? It might be more efficient but... GBA is just memory on a 16 bit bus and DS ROM is a serial device with a control register and a data register.
gbaldr_b6_emu.zip (not actually beta 6, but it may as well be)I believe the phrase "hell yes" is appropriate in this particular situation.
If you flash something and it doesn't work as expected (and this has happened a couple times now, actually resulting in beta6 when heretic.ds.gba did not write correctly), taking a dump (har har) of the 3in1 will give you something to hex compare to see if it was written correctly (though, I also enabled internal error checking on every chunk written in beta6 and have had no reports of problems yet).QUOTE said:
BakerMan
@
Psionic Roshambo:
