How to modify a Rom? Edit stats.

Discussion in 'NDS - ROM Hacking and Translations' started by Bits, Oct 2, 2015.

  1. Bits
    OP

    Bits Newbie

    Newcomer
    6
    0
    Oct 1, 2015
    Cote d'Ivoire
    Hi,

    I want to edit: Castlevania Portrait of Ruin.
    I'm interested in changing stats for the enemies (Hp, str, defense, luck, int, ect...)
    (Weapon strengths & armor defense too)
    I have No$gba debugger.
    (I don't have experience)
    If you can help me, you are welcome.
     
  2. rastsan

    rastsan 8 baller, Death Wizard,

    Member
    996
    228
    May 28, 2008
    Canada
    toronto
    okay if you know how to make cheat codes then you are on your way there. If you don't know what the values are you may have more trouble. So first off when you make cheat codes one of the first things you do is you look for the value in memory that you are changing. If you don't have a specific number what you do is compare one memory dump against another. which means you are playing your game you make a memory dump just before you do whatever action that changes the value you want to be higher or lower. so you have a base. in rpg's you would be able to find your strength in the characters stats pretty easy and can actually see the value you need to look for. In your case its different. It doesn't have an onscreen stat page for your enemy that you can look at while you are fighting them. All you can do is take a memory dump from before you attack them (so that the enemy hp is at its highest). next damage them once then make another memory dump. if the game isn't paused it should be. use diff software to find any differences between the two memory dump files and note where those differences are. As the game may also change many other values in memory at the same time do not worry if you have a lot of differences between files. as you are going to make a third dump after you damage the enemy again. Yes you are going to compare the first dump to the third dump and the second dump to the third dump. any differences that are exactly the same between both of these are the area you would overwrite with the cheat code. Basically it would be a trial and error thing. did this value in memory make the enemy have more hp or less... did this next value do it.... and so on until you hit the one that is the right one. now from this you should be able to insert breakpoints in memory and log where those values are coming from in the game itself and not just in its memory dump. hopefully narrowing down where you actually need to look in game - say a file. if not you may be stuck editing programming of the game (asm). as these values could be generated by math and not some values in a file.
    so things to look up
    making cheat codes for the ds
    memory dumps]
    break points
    ds buff (to dump the games files)

    before you do this did you take a look through the games file structure to make sure that there isn't some easy to find folder marked enemy or enemies? just in case it actually has what you are looking for in easier to get to way.
    also you may want to read fast6191's guide at the top of this forum. As my explanation is not going to be good enough.
     
  3. Coto

    Coto GBAtemp Addict

    Member
    2,353
    403
    Jun 4, 2010
    Chile
    Or you could get the vram address where the font is being written, profile any write accesses to that address or breakpoint, so you can look at link register (your method/function that usually draws will come from a drawfont/sprite function), so you could restore at least 3 or 4 opcodes (depending on cpu mode thumb/arm will be either 2*3/4 bytes or 4*3/4 bytes) from stack (r13) right after you break point.

    You should at most fetch 3 to 4 opcodes:

    Code:
    BX reg
    or
    movs pc,lr
    
    opcode and briefly before, an opcode that writes your desired return address (method where the draw is coming from) to link register(r14).

    Repeat this once more and you will find the epilogue method, (the method that called drawfont function).
    Make sure you BX jump the PC (r15) using this address.

    Now look carefully this address, if you are using a disassembler, you will see (at least 4 -- 12) opcodes before, where usually arg0 and arg1 is being written to r0 or r1, the *SOURCE* address plus an index that is used from the LDR opcode, is the game static variable reserved that you want to modify.

    So if you breakpoint any write to that address, you can do the same what I described above and look where the game is taking the variable from. (either static or math generated)

    What gameshark/cheat codes do, is write a hook (handler) that constantly overwrite on vblank or vcount your desired new value to this source address, or at startup patch the static variable and stub any method that writes to this source address by modifying the game entrypoint.

    (games usually do arg0: source address/index/any , arg1: size in bytes/ array of font,music,data address/any).

    If you don't know low level programming, its time to get some books and learn, or do some C programming before. I know this is a messy explanation but thats how I am able to reverse engineer stuff, apologies if not understood fully.
     
    Last edited by Coto, Oct 9, 2015