Reply to thread
GBAtemp.net - The Independent Video Game Community
Search
Search titles only
By:
Search titles only
By:
Reply to thread
GBAtemp.net - The Independent Video Game Community
Home
Log in
Terms & Rules
Donate
Forums
New posts
Search forums
Groups
Public Events
New
New posts
New resources
New blog entries
New profile posts
New blog entry comments
New threadmarks
Latest activity
Cheats
Cheat Codes Add and Request group
The Legend of Zelda: Tears of the Kingdom cheat codes
Pokémon Legends: Arceus cheat codes
Xenoblade Chronicles 3 cheat codes
Fire Emblem Engage cheat codes
Request a cheat...
Tutorials
Nintendo Switch tutorials
Nintendo 3DS tutorials
Nintendo Wii U tutorials
Reviews
Overview
Official reviews
User reviews
Downloads
Latest reviews
Search resources
Blogs
New entries
New comments
Blog list
Search blogs
Chat
Top chatters
Search
Search titles only
By:
Search titles only
By:
Log in
Register
New posts
Search forums
Log in
Register
Home
Forums
PC, Console & Handheld Discussions
Nintendo DS
DS Hooking Help
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="matthewn4444" data-source="post: 3827481" data-attributes="member: 85351"><p>@habababa: My code above shows that I push and pop the registers, again it works on emulator (if registers were overwritten and not saved, emulator would have crashed as well). I am using cracker's asm compiler (ARM ASM kit from <a href="http://crackerscrap.com/index.php?p=docs" target="_blank">http://crackerscrap.com/index.php?p=docs</a>)</p><p></p><p>@FAST6191</p><p>I am making a hack for 7th dragon. I implement the hack very similar to the tutorial, at 0x2380000 it branches (in arm7.bin) to my code at the end of the arm7.bin (so around 0x8FXXXXXX). I use 3 halfwords (12 bytes) to put "ldr r15,=0x8FXXXXXX" at 0x2380000, which when in the emulator it would run jump to my code. Then at my code, it would patch some arm9 code (2 bytes per instruction) and patch overwritten code (those 3 halfwords I had to overwrite to get here) and copy all my code to safe place in memory (which I tried 0x2C00000 that seems that the game doesn't overwrite this address). The arm9 places I overwrote early takes 5 lines of code to jump to 0x2C00000 and execute the hack and then comes back. </p><p></p><p>Overwriting thumb code (16 bit) in arm9</p><p>1. push {r0,r1} //r0 = address to jump to, r1 = the flag that tells my code what hack to run</p><p>2. mov r0,#0x2C </p><p>3. lsl r0,r0,#0x20 //r0 is now 0x2C00000</p><p>4. mov r1,#0x1 //r1, at my code it has a switch statement that branches to the part of my code that needs to handle the hack</p><p>5. bx r0 //branches to 0x2C00000 and swaps to arm mode I think (arm7 code?)</p><p>6. continue...</p><p></p><p>@0x2C00000 --- now running arm code (arm7, 32 bit instruction)</p><p>1. cmp r1,#0x1</p><p>2. b someplacetohandle</p><p></p><p>11. someplacetohandle:</p><p>12. pop {r0,r1}</p><p>13. //patch overwritten code for 5 lines</p><p>18. //Runs my hack for a few lines</p><p>28. bx r14 //goes back to where I left off and goes back to thumb mode (arm9 code), jumps back at 6 from above</p><p></p><p>I may have my arm and thumb mixed up but I know arm7, each instruction is a word long and arm9 is halfword for each instruction. That is how I hooked but it doesn't work on flash card (even with all the cheats, patches disabled). </p><p></p><p>I do not know but the emulator initially runs my code through arm, is it possible that the flash card is running at 0x2380000 with thumb code? There it is probably doing something stupid and crashing but this is my first time doing this so I am not sure if that is the case (I guess I can attempt it and see what happens). I also noticed that not affecting the arm7 code but just appending my code at the end causes the game to run on the flashcard (which is obvious).</p><p>If this doesn't answer your question I am sorry, I am kind of noob that just learned how to do this a couple of weeks ago and trying to "hack" at it.</p></blockquote><p></p>
[QUOTE="matthewn4444, post: 3827481, member: 85351"] @habababa: My code above shows that I push and pop the registers, again it works on emulator (if registers were overwritten and not saved, emulator would have crashed as well). I am using cracker's asm compiler (ARM ASM kit from [url=http://crackerscrap.com/index.php?p=docs]http://crackerscrap.com/index.php?p=docs[/url]) @FAST6191 I am making a hack for 7th dragon. I implement the hack very similar to the tutorial, at 0x2380000 it branches (in arm7.bin) to my code at the end of the arm7.bin (so around 0x8FXXXXXX). I use 3 halfwords (12 bytes) to put "ldr r15,=0x8FXXXXXX" at 0x2380000, which when in the emulator it would run jump to my code. Then at my code, it would patch some arm9 code (2 bytes per instruction) and patch overwritten code (those 3 halfwords I had to overwrite to get here) and copy all my code to safe place in memory (which I tried 0x2C00000 that seems that the game doesn't overwrite this address). The arm9 places I overwrote early takes 5 lines of code to jump to 0x2C00000 and execute the hack and then comes back. Overwriting thumb code (16 bit) in arm9 1. push {r0,r1} //r0 = address to jump to, r1 = the flag that tells my code what hack to run 2. mov r0,#0x2C 3. lsl r0,r0,#0x20 //r0 is now 0x2C00000 4. mov r1,#0x1 //r1, at my code it has a switch statement that branches to the part of my code that needs to handle the hack 5. bx r0 //branches to 0x2C00000 and swaps to arm mode I think (arm7 code?) 6. continue... @0x2C00000 --- now running arm code (arm7, 32 bit instruction) 1. cmp r1,#0x1 2. b someplacetohandle 11. someplacetohandle: 12. pop {r0,r1} 13. //patch overwritten code for 5 lines 18. //Runs my hack for a few lines 28. bx r14 //goes back to where I left off and goes back to thumb mode (arm9 code), jumps back at 6 from above I may have my arm and thumb mixed up but I know arm7, each instruction is a word long and arm9 is halfword for each instruction. That is how I hooked but it doesn't work on flash card (even with all the cheats, patches disabled). I do not know but the emulator initially runs my code through arm, is it possible that the flash card is running at 0x2380000 with thumb code? There it is probably doing something stupid and crashing but this is my first time doing this so I am not sure if that is the case (I guess I can attempt it and see what happens). I also noticed that not affecting the arm7 code but just appending my code at the end causes the game to run on the flashcard (which is obvious). If this doesn't answer your question I am sorry, I am kind of noob that just learned how to do this a couple of weeks ago and trying to "hack" at it. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
PC, Console & Handheld Discussions
Nintendo DS
DS Hooking Help
General chit-chat
Help
Users
Settings
Notifications
Miscellaneous
Inverse message direction
Display editor on top
Enable maximized mode
Display images as links
Hide bot messages
Hide statuses
Hide chatter list
Show messages from ignored users
Temporarily disable chat
Receive mention alerts
Sound notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Desktop notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Options
Options
View top chatters
No one is chatting at the moment.
@
Xdqwerty
:
@SylverReZ
, i meant as in sites and apps to watch anime
+1
Today at 3:04 AM
@
SylverReZ
:
@Xdqwerty
, Ah, yeah, those ones.
+1
Today at 3:04 AM
@
SylverReZ
:
*puts on my pirate hat* Go ahead.
+1
Today at 3:04 AM
@
Xdqwerty
:
@SylverReZ
, although maybe tommorrow bc it's already 10 pm here
+1
Today at 3:06 AM
@
SylverReZ
:
@Xdqwerty
, Good night Xdqwerty.
+1
Today at 3:07 AM
@
Xdqwerty
:
@SylverReZ
, same
+1
Today at 3:07 AM
@
K3Nv2
:
F u c Y to the k
Today at 3:14 AM
@
Xdqwerty
:
@K3Nv2
, F u c k to the Y
Today at 3:16 AM
@
K3Nv2
:
Y
Today at 3:16 AM
@
Xdqwerty
:
@K3Nv2
, Z
Today at 3:17 AM
@
K3Nv2
:
Zero
Today at 3:18 AM
@
Xdqwerty
:
@K3Nv2
, Dr Willy
Today at 3:18 AM
@
K3Nv2
:
https://abcnews.go.com/US/3-swimmers-attacked-sharks-off-florida-panhandle/story?id=110942862
Today at 3:26 AM
@
BakerMan
:
yo guys the sonic x shadow generations trailer dropped today, and shadow just straight up decided, and i hate (love) to bring this dead meme up, but, it's morbin time
50 minutes ago
@
BakerMan
:
also the game drops oct 25, so does call of duty black ops 6, i guess barbenheimer is happening again
49 minutes ago
@
SylverReZ
:
@K3Nv2
, Dang it, Psi.
39 minutes ago
@
K3Nv2
:
Shark tales
+1
38 minutes ago
@
BakerMan
:
where else but florida?
38 minutes ago
@
BakerMan
:
florida men just a different breed
+1
37 minutes ago
@
SylverReZ
:
https://www.foxnews.com/us/man-sexual-assault-olaf-target
37 minutes ago
@
BakerMan
:
are we talking the snowman from frozen? that olaf?
+1
36 minutes ago
@
SylverReZ
:
Yes lol
36 minutes ago
@
BakerMan
:
oh no bro
36 minutes ago
@
SylverReZ
:
>Florida man violates an Olaf plush.
He couldn't let it go with that one.
35 minutes ago
@
K3Nv2
:
Floridawoman is the only thing that can ruin Floridaman
+1
33 minutes ago
Submit
@
K3Nv2
:
Floridawoman is the only thing that can ruin Floridaman
+1
33 minutes ago
Chat
0