How does SRAM patching work?

Discussion in 'GBA - Game Development, ROM Hacks and Translations' started by TrolleyDave, Jan 11, 2008.

Jan 11, 2008
  1. TrolleyDave
    OP

    Former Staff TrolleyDave Philosolosophising

    Joined:
    Jan 1, 2007
    Messages:
    7,762
    Location:
    Wales, UK
    Country:
    United Kingdom
    Does anybody know exactly what is done to patch a GBA rom to use SRAM? Is it just a case of changing a couple of bytes that determine the save type somewhere in the header/in the rom or do you actually have to patch code into it? If it' patching code into it is there a standard patch for all roms or does it depend on the game?
     
  2. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,719
    Country:
    United Kingdom
    I have a little project on the side that but I have no time lately to move on with it:
    http://gbatemp.net/index.php?showtopic=60168

    In short it is standard to a format (e.g. all EEPROMV124 use the same patching code wise but at locations able to be searched for, EEPROMv125 is different and so forth).

    If you want to move ahead with anything give me a shout.
     
  3. TrolleyDave
    OP

    Former Staff TrolleyDave Philosolosophising

    Joined:
    Jan 1, 2007
    Messages:
    7,762
    Location:
    Wales, UK
    Country:
    United Kingdom
    Nice one, I've been trying to find decent header info for GBA roms. I'm not sure how helpful I'd be in writing the tech docs as I'm really not that technically minded but if I can help with anything then let me know.

    I couldn't really find anything on what bytes to look for and what to replace them with, unless I just couldn't see it for looking. Can you recommend a good file viewer/comparer? I can patch clean roms using GBATA and compare the changes made then. If I do enough different roms I should be able to find the pattern that needs to be searched for and what it should be changed to (hopefully!).
     
  4. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,719
    Country:
    United Kingdom
    GBA headers are taken care of over at no$gba tech docs:
    http://nocash.emubase.de/gbatek.htm#gbacartridgeheader
    cowbite docs if you can find them were not bad either.

    As for what to change my second post in the thread has some more.

    I use hex workshop for comparing but you might want to try some of the other hex editors I use as that is payware:
    http://gbatemp.net/index.php?showtopic=695...ndpost&p=928455

    As for what you want to search for.
    Somewhere in the rom there is the save type in ASCII (I have yet to find a header reference and all the sourcecode for this sort of thing I have seen does the same).
    What this ASCII is determines the patch needed:
    SRAM

    EEPROM

    FLASH

    or none in the case of password and the like.

    immediately after these ASCII strings is the type of SRAM/EEPROM/FLASH and this determines the patch necessary. Note that VBA only searches for the initial strings which is why the autodetection for it is less than brilliant.

    Now from this you can determine what sort of patch is needed and do another search for a given string (I highlighted it in the pictures), I noted there that the same patching is used but a different length between the sections being patched is underwent. I have yet to confirm this for all the patching though.
     
  5. TrolleyDave
    OP

    Former Staff TrolleyDave Philosolosophising

    Joined:
    Jan 1, 2007
    Messages:
    7,762
    Location:
    Wales, UK
    Country:
    United Kingdom
    I've been messing around with this today and I think I'm on the right path but I'm not entirely sure. What I've been doing is patching 5 games and using the file comparer to compare the patched and the unpatched version. I haven't done all the different save types yet, do you know roughly how many there are (and maybe a few examples of games that use the save type)?

    So far what I've figured out (and I could be way off base which is why I'm posting my findings!) is when you patch it, depending on the save type, there's a couple of clusters of exact matches in each game, although a couple of save types have the odd few bytes that are different and don't even get me started on Eeprom_v11!

    I've calculated the patterns before patching to be :

    Estimated Save Pattern Block for Eeprom_v111
    0e 48 39 68 01 60 0e 48 (and also)
    27 e0 d0 20 00 05 (and also)
    (some unknown block, different between games?)

    I can't quite figure this one out, but I could only find 3 games that I had with this save type. The first two blocks were the same in each game but the last block has got me stumped. It looks like it appends a bunch of data to the empty space at the end of the rom but the changed data seemed to be different between each game.

    Estimated Save Pattern Block for Eeprom_v120
    a2 b0 0d 1c 00 04 03 0c 03 48 00 68 80 88 83 42 05 d3 01 48 48 e0 ?? ?? ?? ?? ff 80 00 00 24 48
    06 1c 00 68 01 7a (and also)
    30 b5 a9 b0 0d 1c 00 04 04 0c 03 48 00 68 80 88 84 42 05 d3 01 48 59 e0 ?? ?? ?? ?? ff 80 00 00 0f
    48 00 68 00 7a 40 00

    The first and second blocks were the same in each rom apart from the bytes tagged as ?? ?? ?? ?? which were different between roms. I'm guessing that they're the address of the Eeprom itself and have to be carried over in the patch?

    Save Pattern Block for Flash_v120 + Flash_v121
    Unpatched Block 1
    ($90,$b5,$93,$b0,$6f,$46,$39,$1d,$08,$1c,$00,$f0,$af,$f9);
    Patch with
    ($00,$b5,$3d,$20,$00,$02,$1f,$21,$08,$43,$02,$bc,$08,$47);

    Unpatched Block 2
    ($80,$b5,$94,$b0,$6f,$46,$39,$1c,$08,$80,$38,$1c,$01,$88,$0f,$29,$04,$d9,$01,$48,$56,$e0,$00,
    $00,$ff,$80,$00,$00,$23,$48,$23,$49,$0a,$88,$23,$4b)
    Patch with
    ($7c,$b5,$00,$07,$00,$0c,$e0,$21,$09,$05,$09,$18,$01,$23,$1b,$03,$ff,$20,$08,$70,$01,$3b,$01,
    $31,$00,$2b,$fa,$d1,$00,$20,$7c,$bc,$02,$bc,$08,$47)

    Unpatched Block 3
    ($80,$b5,$94,$b0,$6f,$46,$79,$60,$39,$1c,$08,$80,$38,$1c,$01,$88,$0f,$29,$03,$d9,$00,$48,$73,
    $e0,$ff,$80,$00,$00,$38,$1c,$01,$88,$08,$1c,$ff,$f7,$21,$fe,$39,$1c,$0c,$31)
    Patch with
    ($7c,$b5,$90,$b0,$00,$03,$0a,$1c,$e0,$21,$09,$05,$09,$18,$01,$23,$1b,$03,$10,$78,$08,$70,$01,
    $3b,$01,$32,$01,$31,$00,$2b,$f8,$d1,$00,$20,$10,$b0,$7c,$bc,$08,$bc,$08,$47)

    Standard blocks between each game, no variations from what I could tell. The blocks for Flash_v120 + v121 appear to be exactly the same.

    Save Pattern Block for Flash_v123 + Flash_v124
    Unpatched block 1
    ($ff,$f7,$aa,$ff,$00,$04,$03,$0c)
    Patch with
    ($1b,$23,$1b,$02,$32,$20,$03,$43)

    Unpatched block 2
    ($0a,$08,$70,$b5,$90,$b0,$15,$4d)
    Patch with
    ($0a,$08,$00,$20,$70,$47,$15,$4d)

    Unpatched block 3
    ($00,$03,$70,$b5,$46,$46,$40,$b4)
    Patch with
    ($00,$03,$00,$20,$70,$47,$40,$b4)

    Unpatched block 4
    ($f0,$b5,$90,$b0,$0f,$1c,$00,$04,$04,$0c,$0f,$2c,$04,$d9,$01,$48,$40,$e0,$00,$00,$ff,
    $80,$00,$00,$20,$1c,$ff,$f7,$d7,$fe,$00,$04,$05,$0c,$00,$2d,$35,$d1)
    Patch with
    ($70,$b5,$00,$03,$0a,$1c,$e0,$21,$09,$05,$41,$18,$01,$23,$1b,$03,$10,$78,$08,$70,$01,
    $3b,$01,$32,$01,$31,$00,$2b,$f8,$d1,$00,$20,$70,$bc,$02,$bc,$08,$47)

    Again, it appears to be the same few blocks between each rom. The blocks for v123 + v124 seem to be exactly the same.

    Save Pattern Block for Flash_v125 + Flash_v126
    Unpatched block 1
    ($ff,$f7,$aa,$ff,$00,$04,$03,$0c)
    Patch with
    ($1b,$23,$1b,$02,$32,$20,$03,$43);

    Unpatched block 2
    ($00,$03,$70,$b5,$90,$b0,$15,$4d)
    Patch with
    ($00,$03,$00,$20,$70,$47,$15,$4d)

    Unpatched block 3
    ($00,$03,$70,$b5,$46,$46,$40,$b4)
    Patch with
    ($00,$03,$00,$20,$70,$47,$40,$b4)

    Unpatched block 4
    ($f0,$b5,$90,$b0,$0f,$1c,$00,$04,$04,$0c,$0f,$2c,$04,$d9,$01,$48,$40,$e0,$00,$00,$ff,
    $80,$00,$00,$20,$1c,$ff,$f7,$d7,$fe,$00,$04,$05,$0c,$00,$2d,$35,$d1)
    Patch with
    ($70,$b5,$00,$03,$0a,$1c,$e0,$21,$09,$05,$41,$18,$01,$23,$1b,$03,$10,$78,$08,$70,$01,
    $3b,$01,$32,$01,$31,$00,$2b,$f8,$d1,$00,$20,$70,$bc,$02,$bc,$08,$47)

    Again, it appears to be the same few blocks between each rom. The blocks for v125 + v126 seem to be exactly the same.

    I haven't looked at all the patched data yet but I'm guessing that for the Flash_vxxx save types it's going to the exact same data patched each time. With the Eeprom_v120 save types I'm guessing it's going to be the same except the 4 bytes marked ?? in each block, which I'd hazard a guess have to be patched into the data somewhere, or I could be completely wrong and it's a standard patch applied to each block. Like I said I haven't really analyzed the data.

    I have looked into Eeprom_v111 though, and it's got me very confused! After patching it appears that the 2 blocks in the actual rom itself are patched with generic data, but it also adds a big block of data to what appears to be empty space in the rom file. It's not always offset in the same place at the end of data either from what I can tell, and the patched data definitely wasn't generic. I'm gonna have to look into that one last I think. You don't have any ideas do you?
     
  6. TrolleyDave
    OP

    Former Staff TrolleyDave Philosolosophising

    Joined:
    Jan 1, 2007
    Messages:
    7,762
    Location:
    Wales, UK
    Country:
    United Kingdom
    Some good news! I've managed to write patching routines for Flash_V120, V121, V123, V124 save types. I haven't had a chance to work on the others yet but I'll do that tomorrow.

    The Flash types were the easiest to do. I fixed a couple of the byte values that were wrong earlier on. Any array of values enclosed in parenthesis are verified as working.
     
  7. Destructobot

    Member Destructobot Crave the Hammer

    Joined:
    Oct 15, 2006
    Messages:
    5,005
    Location:
    Portland, OR
    Country:
    United States
    You can search the Pocketheaven release list by save type.

    http://releases.pocketheaven.com/?section=advsearch
     
  8. TrolleyDave
    OP

    Former Staff TrolleyDave Philosolosophising

    Joined:
    Jan 1, 2007
    Messages:
    7,762
    Location:
    Wales, UK
    Country:
    United Kingdom
    That's perfect, thanks mate.
     

Share This Page