- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Elvarg said:how does 2CH do it.
I wish i relay new XD!, But how to contact him i wonder..., tyred with DSTT but no reply
All i every wanted to know was just how to get the card command for infolib.dat from ram are ROM maybe, maybe one day! and that would make me
------------------------
5499 - Kaiju Busters Powered (JPN)
GameCode: BYVJ Encrypted GameID: 136EA325 - for use with extinfo.dat/infilib.dat
CODEextinfo.dat
0x02091e20
00 0C A0 E1 21 04 80 E1 00 10 A0 E3
0x0233a1a8
04 4A BA 42 02 D1 80 22 92 00 BF 18 01 A2 17 60
4F 60 0D E1 FF FF FF FF FF FF FF FF
0x0233a3d4
0A 60 E7 E6
0x02339fa8
94 E8 3F 02
0x0233a2d8
85 42 3A E0
0x0233a228
B8 20 00 23 88 60 CB 60 01 4A 01 3B 13 60 01 E0
B8 E8 3F 02
0x023806b8
00 00 A0 E1
0xc2339e40
F8 B5 04 1C
0x02339e50
09 E0 55 4F
0x02339e70
4B 48 53 21
0x02339ed0
43 1C 03 E0
0x0233a50c
03 E0 00 21
0xd0000000
0x02000600
00 00 9F E5 1E FF 2F E1 CF B3 00 00 00 00 9F E5
1E FF 2F E1 DD A2 00 00 07 40 2D E9 1C 00 9F E5
1C 10 9F E5 00 20 91 E5 02 00 50 E1 14 00 9F 05
00 00 81 05 0C 00 80 02 3C 00 81 05 07 80 BD E8
C0 8D 0F 02 98 71 0F 02 00 27 00 02
0x020009f8
06 FF FF EA
infolib.dat
00 00 00 00 00 00 00 00 40 E3 00 00 00 00 00 00
00 00 00 00 00 00 00 00 98 E3 00 00 BC E4 00 00
04 E4 00 00 74 E5 00 00 00 00 00 00 FC E5 00 00
34 E7 00 00 28 E8 00 00 2C 1E 09 00 78 A3 0D 00
30 47 0A 00 FF FF FF FF FF FF FF FF FF FF FF FF
30 09 00 00 E0 FB 00 00 FF FF FF FF FF FF FF FF
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
I wish i realy new XD!, But how to contact him i wonder..., tryed with DSTT but no reply
All i every whated to know was just how to get the cardcommand for infolib.dat from ram are rom mabe, mabe one day! and that would make me
retro says he dosent use a tool to get the infolb.dat is that even possible.
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Elvarg said:I wish i realy new XD!, But how to contact him i wonder..., tryed with DSTT but no reply
All i every whated to know was just how to get the cardcommand for infolib.dat from ram are rom mabe, mabe one day! and that would make me
retro says he dosent use a tool to get the infolb.dat is that even possible.
Take the game
5500 - Zombie Daisuki (Jap)
infolib.dat cardcommand data i'm looking for - E8 79 05
ROM
---
0ffset's
001CD685
E8 79 05
00A88679
E8 79 05
No RAM find...
But each game will have it's own offset's in rom - making it hard to locate...
Are mabe this is not it..., as it may not exsist for one of each game
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
read pongs 2nd reply
http://gbatemp.net/t217999-converting-a-pa...o-dat?&st=0
can you really use a cheat code edditor to get the infolb.dat
and is there a .nds file that will load the infolb data for you?
http://gbatemp.net/t217999-converting-a-pa...o-dat?&st=0
can you really use a cheat code edditor to get the infolb.dat
and is there a .nds file that will load the infolb data for you?
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Elvarg said:
Dose sound like a tool ".nds file that will load the infolib data for you" and it's driving be bonkers lol!
Will try and think of a few things as i did not know back then, cheers Elvarg
If you could think of anythink ?, Be my guest! glad to hear of any thought's from anyone ?? !
EDIT: Sorry i know what he mean's - it will not bypass errcodes and will not produce the full infolib.dat data, only games that fully load it will
edit: this is the tool he ment for DSTT cards : http://www.mediafire.com/?j2mzxc6cr486sux
MAKEINFO.nds + make LIB folder in root of microsd , turn off DMA and reset , load game , restart ds run infolibmearge.nds to make a new infolib.dat with code added and data
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
drwhojan said:Elvarg said:
Dose sound like a tool ".nds file that will load the infolib data for you" and it's driving be bonkers lol!
Will try and think of a few things as i did not know back then, cheers Elvarg
If you could think of anythink ?, Be my guest! glad to hear of any thought's from anyone ?? !
EDIT: Sorry i know what he mean's - it will not bypass errcodes and will not produce the full infolib.dat data, only games that fully load it will
edit: this is the tool he ment for DSTT cards : http://www.mediafire.com/?j2mzxc6cr486sux
MAKEINFO.nds
do you know how the cheat tcode editor way works? and how do the tool work exactly.
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Elvarg said:edit: this is the tool he ment for DSTT cards : http://www.mediafire.com/?j2mzxc6cr486suxdrwhojan said:Elvarg said:read pongs 2nd reply
http://gbatemp.net/t217999-converting-a-pa...o-dat?&st=0
can you really use a cheat code editor to get the infolb.dat
and is there a .nds file that will load the infolb data for you?
Dose sound like a tool ".nds file that will load the infolib data for you" and it's driving be bonkers lol!
Will try and think of a few things as i did not know back then, cheers Elvarg
If you could think of anythink ?, Be my guest! glad to hear of any thought's from anyone ?? !
EDIT: Sorry i know what he mean's - it will not bypass errcodes and will not produce the full infolib.dat data, only games that fully load it will
edit: this is the tool he ment for DSTT cards : http://www.mediafire.com/?j2mzxc6cr486sux
MAKEINFO.nds
do you know how the cheat tcode editor way works? and how do the tool work exactly.
And the and of the day he meant the GameCode and ID - the GameID needs to be encrypted that's what extinfo.dat and infolib.dat uses , but you play with the original decrypted ROM
the r4cee cheat editor will only give you the decrypted gameID - but true gamecode
the r4patch.dat generator will do that as shown before - are use eNDryptS Advanced to encrypt a copy of your ROM then get the true encrypted gamecode and ID with r4cee
same thing basically
QUOTE
MAKEINFO.nds + make LIB folder in root of microsd , turn off DMA and reset , load game , restart ds run infolibmearge.nds to make a new infolib.dat with code added and data
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
drwhojan said:Elvarg said:I wish i realy new XD!, But how to contact him i wonder..., tryed with DSTT but no reply
All i every whated to know was just how to get the cardcommand for infolib.dat from ram are rom mabe, mabe one day! and that would make me
retro says he dosent use a tool to get the infolb.dat is that even possible.
Take the game
5500 - Zombie Daisuki (Jap)
infolib.dat cardcommand data i'm looking for - E8 79 05
ROM
---
0ffset's
001CD685
E8 79 05
00A88679
E8 79 05
No RAM find...
But each game will have it's own offset's in rom - making it hard to locate...
Are mabe this is not it..., as it may not exsist for one of each game
how would that your looking these?
001CD685
00A88679
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Elvarg said:
infolib.dat
00 00 00 00 00 00 00 00 44 E3 00 00 00 00 00 00
00 00 00 00 00 00 00 00 9C E3 00 00 C0 E4 00 00
08 E4 00 00 78 E5 00 00 00 00 00 00 00 E6 00 00
38 E7 00 00 2C E8 00 00 E8 79 05 00 FF FF FF FF
F0 74 06 00 FF FF FF FF FF FF FF FF FF FF FF FF
30 09 00 00 88 FB 00 00 FF FF FF FF FF FF FF FF
They are two locations in that ROM but not RAM - and dose it exstist as diffrent data for each game ? - and how to locate it in easer way ?, mabe finding PATCH[14] patchB card command works in a diffrent way then this ?
The data may change for each game......I consider how can we find it!drwhojan said:
MR DSTT still update his dats,but never tells me something about it
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
freehacker said:DSTT - YSMENUdrwhojan said:Elvarg said:
The data dose change for each game!, but without knowing what that DATA is as we don't know it + finding it = a very hard combernation to locate
But it could be either exsist ROM are RAM to get it from ??....
Shame that he would not say on how he dose it XD!= As we are not asking for the full monty!, as we know how to bet 95% of most of the data for most games
Cabelas Dangerous Hunts 2011 (USA) - was a odd case for the arm7 data , although can be patched with FF's for now
The first offset for that game was for extinfo.dat
CODE
This will make the game load but with save problem
5502 - Cabela's Dangerous Hunts 2011 (U) - Original ROM
GameCode and Ecrypted GameID: BQGE B261936F
extinfo.dat
0x02010610
00 0C A0 E1 21 04 80 E1 00 10 A0 E3
infolib.dat
00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00
00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF
FF FF FF FF 00 00 00 00 1C 06 01 00 7C E6 10 00
A4 98 01 00 FF FF FF FF FF FF FF FF A4 02 00 00
30 09 00 00 0C 0F 01 00 FF FF FF FF FF FF FF FF
Patched arm7 with FF's - as can not be found
EDIT:
http://r4ds.uueasy.com/read.php?tid-15651.html
his DSTT upload of upto rom's 5508 - EDIT: DL it from hear
http://down.qiannao.com/space/file/deoxys/..._5508.rar/.page
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
Working with extinfo.dat and infolib.dat + Help if possible with your idears ?
How to locate offset's for extinfo.dat - as you see in the image you can work out from there!
Fist you need the correct GameCode and ID: encrypt a copy of your ROM with eNDryptS Advanced
http://www.no-intro.org/tools.htm , run with admin rights for vista and 7's users -
Then get the encrypted GameCode and ID using r4cee http://hp.vector.co.jp/authors/VA013928/bin/r4cce086.zip
Use the encrypted GameID and Code with all extinfo.dat / infolib.dat /savlib.dat
You might need DeSmuME http://desmume.org/
------------------------------------------------------------
First type data to search for
38 40 2D E9 00 0C A0 E1 21 24 80 E1
Extinfo.dat Patch data to apply
00 0C A0 E1 21 04 80 E1 00 10 A0 E3
1. Do a RAM search / Tick all shown on image
2. Reverse DATA to search in RAM: E1 80 24 21 - Need to search lest data 00 and 08 ->00
If still have errcode =-4 patch two of the greens 28 and 29 -> 00
Once the game has bypassed err codes it will boot into two white screens - OK not a problem
Once the game has loaded - Put your microSD chip into reader and Check the LIB folder you code has bean generated but garbled data abit
OK now to do a match - open the file in the lib folder with a hex-editor and your data between lines 180-1D0
Now open the original infolib.dat with TTdT.exe - and look thoughout infolib.dat - look for the bottom line in green 30 09 00 00 94 FB 00 00 - 94 FB will tell you to look out for a match that in the image - 44 EE in blue - then the match will give you all of the arm7 data
True data is marked in green this is what we need to mix! - the red was garbled this is patched in FF's for DSI enhanced games - but is data for DS games
Take a good look yourself - and the pick and mix data is!
A true 95% done!
xx xx - are the only part's that it will not produce - but looking for help on this issue ?
EDIT:
MAP
Green ARM7 Data - Red ARM9 Data
How to get 95% infolib.dat data.avi - video bypassing errcode=-4 and 6
http://www.mediafire.com/?vs2dc249ispo7vo
Any Idears are thought's are welcome ??
How to locate offset's for extinfo.dat - as you see in the image you can work out from there!
Fist you need the correct GameCode and ID: encrypt a copy of your ROM with eNDryptS Advanced
http://www.no-intro.org/tools.htm , run with admin rights for vista and 7's users -
Then get the encrypted GameCode and ID using r4cee http://hp.vector.co.jp/authors/VA013928/bin/r4cce086.zip
Use the encrypted GameID and Code with all extinfo.dat / infolib.dat /savlib.dat
You might need DeSmuME http://desmume.org/
------------------------------------------------------------
First type data to search for
38 40 2D E9 00 0C A0 E1 21 24 80 E1
Extinfo.dat Patch data to apply
00 0C A0 E1 21 04 80 E1 00 10 A0 E3
1. Do a RAM search / Tick all shown on image
2. Reverse DATA to search in RAM: E1 80 24 21 - Need to search lest data 00 and 08 ->00
If still have errcode =-4 patch two of the greens 28 and 29 -> 00
Once the game has bypassed err codes it will boot into two white screens - OK not a problem
Once the game has loaded - Put your microSD chip into reader and Check the LIB folder you code has bean generated but garbled data abit
OK now to do a match - open the file in the lib folder with a hex-editor and your data between lines 180-1D0
Now open the original infolib.dat with TTdT.exe - and look thoughout infolib.dat - look for the bottom line in green 30 09 00 00 94 FB 00 00 - 94 FB will tell you to look out for a match that in the image - 44 EE in blue - then the match will give you all of the arm7 data
True data is marked in green this is what we need to mix! - the red was garbled this is patched in FF's for DSI enhanced games - but is data for DS games
Take a good look yourself - and the pick and mix data is!
A true 95% done!
Code:
00 00 00 00 00 00 00 00 44 E3 00 00 00 00 00 00
00 00 00 00 00 00 00 00 9C E3 00 00 C0 E4 00 00
08 E4 00 00 78 E5 00 00 00 00 00 00 00 E6 00 00
38 E7 00 00 2C E8 00 00 xx xx 01 00 FF FF FF FF
18 CF 01 00 FF FF FF FF FF FF FF FF FF FF FF FF
30 09 00 00 94 FB 00 00 FF FF FF FF FF FF FF FFxx xx - are the only part's that it will not produce - but looking for help on this issue ?
EDIT:
MAP
Green ARM7 Data - Red ARM9 Data
How to get 95% infolib.dat data.avi - video bypassing errcode=-4 and 6
http://www.mediafire.com/?vs2dc249ispo7vo
Any Idears are thought's are welcome ??
- Joined
- Jul 14, 2009
- Messages
- 4,196
- Reaction score
- 1,388
- Trophies
- 2
- Age
- 47
- Location
- Where I Am!
- XP
- 1,733
- Country
<!--sizeo:3--><span style="font-size:12pt;line-height:100%"><!--/sizeo--><!--coloro:#008000--><span style="color:#008000"><!--/coloro-->infolib.dat Structure, Re-map and cleanup , If anyone can make sense of how to use it, please let us and overs know ?<!--colorc--></span><!--/colorc--> <!--sizec--></span><!--/sizec-->
Big XX are data bytes - small xx could be a byte or 00
MAP of Sploiler data
<img src="http://i377.photobucket.com/albums/oo212/drwhojan/infolib-2.png" border="0" class="linked-image" />
EDIT:
Basicly I'm looking for someone who know's how to find this area ? - are what to do with it ?
PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
Thank you drwhojan
Big XX are data bytes - small xx could be a byte or 00
PATCH[0] : 00 00 00 00 ... reserve
PATCH[1] : 00 00 00 00 ... reserve
PATCH[2] : XX XX 00 00 ... [ARM7 RAM offset] Patch_A
PATCH[3] : 00 00 00 00 ... reserve
PATCH[4] : 00 00 00 00 ... resreve
PATCH[5] : 00 00 00 00 ... reserve
PATCH[6] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function1:MemoryRead)
PATCH[7] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)
PATCH[8] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)
PATCH[9] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function3:WaitDelay)
PATCH[10] : 00 00 00 00 ... [ARM7 RAM offset] Patch_B (function4:MemoryWrite256)
PATCH[11] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function5:MemoryWrite64K)
PATCH[12] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function6:MemoryWrite512K)
PATCH[13] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function7:CardCommand)
PATCH[14] : XX XX xx 00 ... [ARM9 RAM offset] Patch_B (function7:CardCommand)
PATCH[15] : XX XX XX 00 ... [ARM9 RAM offset] Patch_B (function8:CardInitialize)
PATCH[16] : XX XX xx 00 ... [ARM9 RAM offset] Patch_A
PATCH[17] : FF FF FF FF ... [ARM9 RAM offset] Patch_C (functuon7:CardCommand)
PATCH[18] : XX XX xx 00 ... [ARM9 RAM offset] Patch_D (DMA patch)
PATCH[19] : FF FF FF FF ... [ARM9 RAM offset] Patch_E
PATCH[20] : XX XX 00 00 ... [ARM9 RAM offset] Branch Address (Cheat & Reset)
PATCH[21] : XX XX xx 00 ... [ARM7 Execute RAM offset] Branch Address (Cheat & Reset)
PATCH[22] : FF FF FF FF ... reserve
PATCH[23] : FF FF FF FF ... reserve
infolib.dat is, ARM7, ARM9 offset addresses are recorded to be deployed patch program memory.
· ARM9: If the compression code, and the offset address after deployment.
· ARM7: offset address of the memory to be deployed early.
However, offset RAM Execute ARM7 is, ARM7 ?'re confusing offset address that contains the executable code
* These values, even if, ARM code, if odd, THUMB code is embedded.
(Odd case, the embedded address bit0 to 0 respectively)
Embed code, there are four patterns. For convenience, Patch_A, Patch_B, Patch_C, Patch_D call.
Patch_A will only return
Patch_B Patch_C and memory, the patch is deployed 0x023FE000 call each feature of the program.
The Patch_D, DMA code when processing embedded
Patch_E is Animal Crossing? Embed code
PATCH [20], PATCH [21] is, Cheat & Reset to store the memory address of the jump process.
PATCH [2]: Patch_A
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [2]) = E12FFF1E bx r14
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [2]) = 4770
PATCH [6]: Patch_B (function1)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [6] +8) = 023FE001
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [6] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E001
* (ARM7_RAM_ADDRESS + PATCH [6] +6) = 023F
u32 MemoryRead (u32 chip_address, (u8 *) read_buffer, u32 read_size)
entry
r0 = chip_address
r1 = * read_buffer
r2 = read_size
return
r0 = 0
PATCH [7]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [7] +8) = 023FE00B
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [7] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [7] +6) = 023F
void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size
PATCH [8]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [8] +8) = 023FE00B
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [8] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [8] +6) = 023F
void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size
PATCH [9]: Patch_B (function3)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [9] +8) = 023FE015
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [9] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E015
* (ARM7_RAM_ADDRESS + PATCH [9] +6) = 023F
void WaitDelay (void)
PATCH [10]: Patch_B (function4)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [10] +8) = 023FE01F
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [10] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E01F
* (ARM7_RAM_ADDRESS + PATCH [10] +6) = 023F
void MemoryWrite256 (u32 chip_address)
entry
r0 = chip_address
PATCH [11]: Patch_B (function5)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [11] +8) = 023FE029
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [11] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E029
* (ARM7_RAM_ADDRESS + PATCH [11] +6) = 023F
void MemoryWrite64K (u32 chip_address)
entry
r0 = chip_address
PATCH [12]: Patch_B (function6)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = E59F1000 ldr r1, [r15]
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E12FFF11 bx r1
* (ARM7_RAM_ADDRESS + PATCH [12] +8) = 023FE033
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = 4900
* (ARM7_RAM_ADDRESS + PATCH [12] +2) = 4704
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E033
* (ARM7_RAM_ADDRESS + PATCH [12] +6) = 023F
void MemoryWrite512K (void)
PATCH [13]: Patch_B (function7)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [13] +8) = 023FE03D
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [13] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E03D
* (ARM7_RAM_ADDRESS + PATCH [13] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [15]: Patch_B (function8)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = E59F1000 ldr r1, [r15]
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E12FFF11 bx r1
* (ARM9_RAM_ADDRESS + PATCH [15] +8) = 023FE047
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = 4900
* (ARM9_RAM_ADDRESS + PATCH [15] +2) = 4704
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E047
* (ARM9_RAM_ADDRESS + PATCH [15] +6) = 023F
void CardInitialize (void)
PATCH [16]: Patch_A
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [16]) = E12FFF1E bx r14
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [16]) = 4770
PATCH [17]: Patch_C (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x0C) = E92D400F stmdb r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x10) = E1A0000C mov r0, r12
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x14) = E1A01005 mov r1, r5
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x18) = E28FE008 add r14, r15, # 0x8
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x1C) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x20) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x24) = 023FE03D
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x28) = E8BD400F ldmia r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x2C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x30) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x34) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x38) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x3C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x40) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x44) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x48) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x4C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x50) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x54) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x58) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x5C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x60) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x64) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x68) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x6C) = -------- skip
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x70) = E1A00000 nop (mov r0, r0)
If your code · THUMB
No
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [18]: Patch_D
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = E59F1010 ldr r1, [r15, # +0 x10]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = E5911000 ldr r1, [r1, # +0 x0]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = E38114A1 orr r1, r1, # 0xA1000000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = E5801004 str r1, [r0, # +0 x4]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = E3A00000 mov r0, # 0x0
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = E12FFF1E bx r14
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x18) = 027FFE60
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = 4903
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x02) = 6809
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = 4A03
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x06) = 4311
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = 6041
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0a) = 2000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = 4770
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0e) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = FE60
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x12) = 027F
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x16) = A100
PATCH [19]: Patch_E
pending
PATCH[1] : 00 00 00 00 ... reserve
PATCH[2] : XX XX 00 00 ... [ARM7 RAM offset] Patch_A
PATCH[3] : 00 00 00 00 ... reserve
PATCH[4] : 00 00 00 00 ... resreve
PATCH[5] : 00 00 00 00 ... reserve
PATCH[6] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function1:MemoryRead)
PATCH[7] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)
PATCH[8] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function2:MemoryWrite)
PATCH[9] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function3:WaitDelay)
PATCH[10] : 00 00 00 00 ... [ARM7 RAM offset] Patch_B (function4:MemoryWrite256)
PATCH[11] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function5:MemoryWrite64K)
PATCH[12] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function6:MemoryWrite512K)
PATCH[13] : XX XX 00 00 ... [ARM7 RAM offset] Patch_B (function7:CardCommand)
PATCH[14] : XX XX xx 00 ... [ARM9 RAM offset] Patch_B (function7:CardCommand)
PATCH[15] : XX XX XX 00 ... [ARM9 RAM offset] Patch_B (function8:CardInitialize)
PATCH[16] : XX XX xx 00 ... [ARM9 RAM offset] Patch_A
PATCH[17] : FF FF FF FF ... [ARM9 RAM offset] Patch_C (functuon7:CardCommand)
PATCH[18] : XX XX xx 00 ... [ARM9 RAM offset] Patch_D (DMA patch)
PATCH[19] : FF FF FF FF ... [ARM9 RAM offset] Patch_E
PATCH[20] : XX XX 00 00 ... [ARM9 RAM offset] Branch Address (Cheat & Reset)
PATCH[21] : XX XX xx 00 ... [ARM7 Execute RAM offset] Branch Address (Cheat & Reset)
PATCH[22] : FF FF FF FF ... reserve
PATCH[23] : FF FF FF FF ... reserve
infolib.dat is, ARM7, ARM9 offset addresses are recorded to be deployed patch program memory.
· ARM9: If the compression code, and the offset address after deployment.
· ARM7: offset address of the memory to be deployed early.
However, offset RAM Execute ARM7 is, ARM7 ?'re confusing offset address that contains the executable code
* These values, even if, ARM code, if odd, THUMB code is embedded.
(Odd case, the embedded address bit0 to 0 respectively)
Embed code, there are four patterns. For convenience, Patch_A, Patch_B, Patch_C, Patch_D call.
Patch_A will only return
Patch_B Patch_C and memory, the patch is deployed 0x023FE000 call each feature of the program.
The Patch_D, DMA code when processing embedded
Patch_E is Animal Crossing? Embed code
PATCH [20], PATCH [21] is, Cheat & Reset to store the memory address of the jump process.
PATCH [2]: Patch_A
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [2]) = E12FFF1E bx r14
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [2]) = 4770
PATCH [6]: Patch_B (function1)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [6] +8) = 023FE001
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [6] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [6] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [6] +4) = E001
* (ARM7_RAM_ADDRESS + PATCH [6] +6) = 023F
u32 MemoryRead (u32 chip_address, (u8 *) read_buffer, u32 read_size)
entry
r0 = chip_address
r1 = * read_buffer
r2 = read_size
return
r0 = 0
PATCH [7]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [7] +8) = 023FE00B
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [7] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [7] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [7] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [7] +6) = 023F
void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size
PATCH [8]: Patch_B (function2)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [8] +8) = 023FE00B
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [8] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [8] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [8] +4) = E00B
* (ARM7_RAM_ADDRESS + PATCH [8] +6) = 023F
void MemoryWrite (u32 chip_address, (u8 *) write_buffer, u32 write_size)
entry
r0 = chip_address
r1 = * write_buffer
r2 = write_size
PATCH [9]: Patch_B (function3)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = E59F3000 ldr r3, [r15]
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E12FFF13 bx r3
* (ARM7_RAM_ADDRESS + PATCH [9] +8) = 023FE015
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [9] +0) = 4B00
* (ARM7_RAM_ADDRESS + PATCH [9] +2) = 470C
* (ARM7_RAM_ADDRESS + PATCH [9] +4) = E015
* (ARM7_RAM_ADDRESS + PATCH [9] +6) = 023F
void WaitDelay (void)
PATCH [10]: Patch_B (function4)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [10] +8) = 023FE01F
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [10] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [10] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [10] +4) = E01F
* (ARM7_RAM_ADDRESS + PATCH [10] +6) = 023F
void MemoryWrite256 (u32 chip_address)
entry
r0 = chip_address
PATCH [11]: Patch_B (function5)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [11] +8) = 023FE029
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [11] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [11] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [11] +4) = E029
* (ARM7_RAM_ADDRESS + PATCH [11] +6) = 023F
void MemoryWrite64K (u32 chip_address)
entry
r0 = chip_address
PATCH [12]: Patch_B (function6)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = E59F1000 ldr r1, [r15]
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E12FFF11 bx r1
* (ARM7_RAM_ADDRESS + PATCH [12] +8) = 023FE033
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [12] +0) = 4900
* (ARM7_RAM_ADDRESS + PATCH [12] +2) = 4704
* (ARM7_RAM_ADDRESS + PATCH [12] +4) = E033
* (ARM7_RAM_ADDRESS + PATCH [12] +6) = 023F
void MemoryWrite512K (void)
PATCH [13]: Patch_B (function7)
If your code · ARM
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = E59F2000 ldr r2, [r15]
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E12FFF12 bx r2
* (ARM7_RAM_ADDRESS + PATCH [13] +8) = 023FE03D
If your code · THUMB
* (ARM7_RAM_ADDRESS + PATCH [13] +0) = 4A00
* (ARM7_RAM_ADDRESS + PATCH [13] +2) = 4708
* (ARM7_RAM_ADDRESS + PATCH [13] +4) = E03D
* (ARM7_RAM_ADDRESS + PATCH [13] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [15]: Patch_B (function8)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = E59F1000 ldr r1, [r15]
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E12FFF11 bx r1
* (ARM9_RAM_ADDRESS + PATCH [15] +8) = 023FE047
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [15] +0) = 4900
* (ARM9_RAM_ADDRESS + PATCH [15] +2) = 4704
* (ARM9_RAM_ADDRESS + PATCH [15] +4) = E047
* (ARM9_RAM_ADDRESS + PATCH [15] +6) = 023F
void CardInitialize (void)
PATCH [16]: Patch_A
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [16]) = E12FFF1E bx r14
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [16]) = 4770
PATCH [17]: Patch_C (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x0C) = E92D400F stmdb r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x10) = E1A0000C mov r0, r12
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x14) = E1A01005 mov r1, r5
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x18) = E28FE008 add r14, r15, # 0x8
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x1C) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x20) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x24) = 023FE03D
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x28) = E8BD400F ldmia r13!, (R0, r1, r2, r3, r14)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x2C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x30) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x34) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x38) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x3C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x40) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x44) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x48) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x4C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x50) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x54) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x58) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x5C) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x60) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x64) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x68) = E1A00000 nop (mov r0, r0)
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x6C) = -------- skip
* (ARM9_RAM_ADDRESS + PATCH [17] +0 x70) = E1A00000 nop (mov r0, r0)
If your code · THUMB
No
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
PATCH [18]: Patch_D
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = E59F1010 ldr r1, [r15, # +0 x10]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = E5911000 ldr r1, [r1, # +0 x0]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = E38114A1 orr r1, r1, # 0xA1000000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = E5801004 str r1, [r0, # +0 x4]
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = E3A00000 mov r0, # 0x0
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = E12FFF1E bx r14
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x18) = 027FFE60
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x00) = 4903
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x02) = 6809
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x04) = 4A03
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x06) = 4311
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x08) = 6041
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0a) = 2000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0c) = 4770
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x0e) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x10) = FE60
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x12) = 027F
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x14) = 0000
* (ARM9_RAM_ADDRESS + PATCH [18] +0 x16) = A100
PATCH [19]: Patch_E
pending
MAP of Sploiler data
<img src="http://i377.photobucket.com/albums/oo212/drwhojan/infolib-2.png" border="0" class="linked-image" />
EDIT:
Basicly I'm looking for someone who know's how to find this area ? - are what to do with it ?
PATCH [14]: Patch_B (function7)
If your code · ARM
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = E59F2000 ldr r2, [r15]
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E12FFF12 bx r2
* (ARM9_RAM_ADDRESS + PATCH [14] +8) = 023FE03D
If your code · THUMB
* (ARM9_RAM_ADDRESS + PATCH [14] +0) = 4A00
* (ARM9_RAM_ADDRESS + PATCH [14] +2) = 4708
* (ARM9_RAM_ADDRESS + PATCH [14] +4) = E03D
* (ARM9_RAM_ADDRESS + PATCH [14] +6) = 023F
void CardCommand (u32 command)
entry
r0 = command (Gamecard bus command)
Thank you drwhojan
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
- Joined
- Jan 19, 2011
- Messages
- 623
- Reaction score
- 0
- Trophies
- 0
- Location
- >>>>>>
- Website
- Visit site
- XP
- -38
- Country
Site & Scene News
New Hot Discussed
-
-
19K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
13K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
10K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
9K views
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
9K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
9K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
7K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its... -
6K views
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
5K views
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern... -
5K views
RAManimator adds animated graphics to emulated games with no ROM editing
Back in April we covered the ROM hacking efforts to add fifth-generation animated sprites to third generation Pokemon games. It remains a thoroughly impressive...
-
-
-
171 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
141 replies
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
103 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
91 replies
What do you want to see in the next Nintendo Direct?
With rumours circulating about a Nintendo Direct in the coming days and weeks, fans are left speculating and hoping as to what might be included. At the centre of all... -
78 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
71 replies
Nintendo Direct to air on the 9th of June, set to feature 50 minutes of Switch and Switch 2 games launching this year
After much speculation and rumour, the fabled Nintendo Direct is upon us. Set to go live tomorrow, the 9th of June, at 3pm in the UK, it'll feature 50 minutes of... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern... -
55 replies
Nintendo fined 35 million euros by the French government due to Switch 1 Joycon malfunctions
Following an investigation over misleading commercial practices, today Nintendo has been imposed a fine of 35 million euros related to the controller malfunctions...
-
