I'm rather new to this.

Discussion in 'NDS - ROM Hacking and Translations' started by Random Seeker, Mar 22, 2007.

  1. Random Seeker

    Random Seeker Member

    Nov 3, 2006
    I'm using cracker's trainer making guide, there are a few things which I do not understand.
    I'm trying to make a YGO WC 2007 trainer.

    A message from cracker:

    The 'C0000000' code tells DipStar where to place the training function at -- 0x21b0000 in this case. The 'F' code tells DipStar where to patch a jump to the function at. This is many times at the end of a function dealing with button presses. So basically what you need to do is look for an area around 0x20A0004 in the disassembled source and see if there is a spot where you could inject your own code to manually load the value into the address:
    mov r0,#0x5f00000
    add r0,r0,#0x5e000
    add r0,r0,#0xff
    mov r1,#0x2100000
    add r1,r1,#0x10000
    add r1,r1,#0x3E0
    str r0,[r1,#+0x4]

    However, I cannot find these addresses in the TXT file, anyone could further elaborate on his message?
  2. Flavor

    Flavor GBAtemp Regular

    Jan 5, 2007
    United States
    Well, I don't want to get into specifics because I'd have to learn more about the NDS specifics, myself.

    Essentially, you'd need to read the document that describes what dipstar codes do, exactlly. It's out there. It may even come with dipstar, iirc.

    Then, to make a trainer, you would have to do what dipstar would have done (instead of requiring dipstar to do it). So, you'd probablly have to code a routine that would modify the same mem locations that the dipstar codes would have modded. Finally, you would have to call your routine from the code.

    It would probablly require you to write a function in ARM ASM, assemble it, disassemble the ROM enough to find a good place to call your code, hex edit in your assembled ASM, and then hack in a call to your function.

    That's very simplistic, though. It's not easy, and of course my quick writeup doesn't take into account how you would actually insert your code or call your code.

    Learning some ARM ASM would probablly be your first step.
  3. FAST6191

    FAST6191 Techromancer

    pip Reporter
    Nov 21, 2005
    United States
    You can probably dodge learning any hard ASM, learning basic opcodes (what they do and what their syntax is) is a must though (mov copies from one place to another, add adds whatever it sub subtracts it for example).
    You will also need to understand hexadecimal (the way computers store numbers), if you are unfamiliar with this then http://webster.cs.ucr.edu/AoA/Windows/index.html start reading.

    Cracker is better with the implementations of cheating than I am but what he is saying is that the code starting with C is the memory location you want as it controls whatever you are doing (say for example the number of bullets).

    You then take your disassembled source and find the section that deals with a memory location (it may be slightly before or after though depending on what you are dealing with: i.e. if I had the option for 600000000 bullets for one gun yet 15 for another I would need a number 8 hex digits long even though 15 only needs 1). If it is really important there may be a register donated instead of memory but that is practically unheard of, especially for the sort fo things this deals with.

    So firing a bullet would probably lead to the address that holds the number subtracting 1 so I would see a sub command somewhere.

    The code with F basically says where some blank space is for you to patch.
    In my example the place where number of bullets is I would replace to tell it to go elsewhere (the elsewhere is what the F code is telling us is a good spot for this). At where elsewhere might be I then do something to make the bullets either stay the same or add some more in there.

    I would then write a line saying ADD 1 to said memory location (maybe I would find life as well and refill my life when I am shooting but that is a different day), fire it through my assembler (devkitpro, ARMish or an emulator such as NO$GBA being the best options but that should have already have been covered, I do not suggest being brave and fearless and encoding by hand) to get a string of hex numbers.
    Whack these in wherever the F number told you and add a goto command at the place where the original do something to the memory section was telling it to go to the place the F number went to, add a command to go back at the end and you are done.